Learn how you can leverage the directory sync feature in Nightfall.
This document explains how to integrate Nightfall with your identity providers (IdPs) like Microsoft Entra ID, Google Workspace Directory, and Okta Service. This integration simplifies policy management in Nightfall allowing you to include or exclude users and user groups, by leveraging existing user information for easier administration within Nightfall and other SaaS products.
Simplified Policy Management: Nightfall automatically synchronises user and group information from your IDps, eliminating the need for manual user inclusions or exclusions in policies. This continuous sync ensures your policies always reflect the latest user directory information, streamlining management and reducing administrative overhead.
Tailored Policies with User Groups: Leverage existing user groups defined in your IdPs to easily create granular DLP policies within Nightfall. Assign specific access and permission levels to different user groups, ensuring data security and compliance across various SaaS applications like Microsoft Teams, OneDrive, and Google Drive.
Dynamic User Management: As users are added or removed from your IdP directory, Nightfall automatically reflects these changes, updating your DLP policies. This ensures your policies remain accurate and relevant, eliminating the need for manual updates.
The Directory Sync feature allows you to connect your user directories (Microsoft Entra ID and Google Workspace) with Nightfall. This sync is essential for enabling functionalities within Nightfall's SaaS apps like Microsoft 365 Teams, OneDrive for Business, Google Drive, and other apps.
Microsoft Teams Direct Message Monitoring (Azure Entra ID): To monitor direct messages in Microsoft Teams for potential data leaks, Nightfall requires access to your Microsoft Entra ID account. Syncing your Entra ID account grants Nightfall a list of active users and groups, facilitating the monitoring of user communication and data flow.
OneDrive for Business: To monitor user OneDrive for potentially sensitive data leaks Nightfall requires access to your Microsoft OneDrive for Business account. Syncing your Entra ID account grants Nightfall a list of active users and groups, facilitating the monitoring of user One Drives.
Supported Identity Providers
Nightfall currently integrates with the following IDps:
Learn how to sync your Google Workspace data to Nightfall.
This document explains the process of adding your Google Workspace tenant to Nightfall to enable Directory Sync. Once you add Google Workspace to Nightfall, you can sync users and user groups data from Google Workspace to Nightfall. To get an overview of the Directory Sync feature in Nightfall, you can read this article and then proceed with this document.
To install Google Directory:
Click the Settings button in Nightfall.
Click the Directory Sync tab.
Click Add directory.
Select Google Workspace as the identity provider.
Copy the Client ID and OAuth Scope ID. Store these values in a secure place. You require them in the further steps.
Login to your Google Workspace with an admin account.
Click the menu icon.
Select Admin.
In the Admin console left pane, expand Security and then expand Access and data control.
Click API controls.
Click MANAGE DOMAIN WIDE DELEGATION under Domain wide delegation.
Click Add New.
Paste the Client ID copied from the Nightfall app, in the Client ID field.
Paste the Scopes ID copied from the Nightfall app, under OAuth Scope field. Use comma to add multiple scope IDs.
Click AUTHORIZE.
Return to the Nightfall app and click Continue.
Click Connect.
Once the setup is completed, Nightfall displays the list of active and inactive users in your Google Workspace. Nightfall syncs with your Identity and Access Provider every four hours. Also, you can manually sync once every hour. To sync data manually, click the ellipsis menu and select Refresh.
Currently, once registered you cannot unregister an Identity and Access Provider from Nightfall. If you wish to unregister your Identity and Access Provider, please contact Nightfall support.
Learn how to sync your Okta data to Nightfall.
This document explains the process of adding your Okta tenant to Nightfall to enable Directory Sync. Once you add Okta to Nightfall, you can sync users and user groups data from your Okta account to Nightfall. To get an overview of the Directory Sync feature in Nightfall, you can read and then proceed with this document.
In this document you are basically authorizing the Nightfall application in Okta. The authorization process involves two steps. In the first step, you authorize the Nightfall app in the Okta console. This process generates an Okta domain, client ID and client secret. You must copy these values. In the second step, you must paste these values in the Nightfall console to complete the process.
You must have admin access to your Okta account.
Log in to your Okta account with admin credentials and navigate to the admin console.
In the left pane, expand Applications and select API Service Integrations.
Click Add Integration.
Select the Nightfall AI integration.
Click Install & Authorize.
The client secret is generated. Click Copy to clipboard and store this secret securely. You cannot view this secret again.
Click Done.
Copy the values in the Okta Domain and Client ID fields.
Log in to your Nightfall console.
In the left pane, click the Settings menu.
Click the Directory Sync tab.
Click Add directory.
If you have already created IdP with Google Workspace or Microsoft Entra, you can view the list of IdP(s). In this case, you must click the + Add Directory button.
Click Set up on the Okta widget.
Paste the Okta Domain, Client ID, and Client Secret values, obtained in the previous section.
Click Connect (This button is activated only after you enter the values as mentioned in the previous step).
A dialogue box with successful connection message is displayed. Click Finish to complete the process.
You can view the connection details as shown in the following image. Click + Add directory to authorize the Nightfall app on additional Okta domains.
Learn how to sync your Microsoft Entra ID's data to Nightfall.
This document explains the process of adding your Microsoft Entra ID to Nightfall to enable Directory Sync. Once you add the Microsoft tenant to Nightfall, you can sync users and user groups data from Microsoft to Nightfall. To get an overview of the Directory Sync feature in Nightfall, you can read this article and then proceed with this document.
You must have a Microsoft Entra ID (formerly known as Microsoft Azure Active Directory) account.
A Microsoft Entra user account for Nightfall with one of the following roles:
Global Administrator or Privileged Role Administrator, for granting consent for apps requesting any permission, for any API.
Cloud Application Administrator or Application Administrator, for granting consent for apps requesting any permission for any API, except Microsoft Graph app roles (application permissions).
A custom directory role that includes the permission to grant permissions to applications, for the permissions required by the application.
For more information, refer to the Microsoft documentation here.
Click the Settings button on the Nightfall console (bottom-left).
Click the Directory Sync tab.
Click Add Directory.
Select Azure Entra as the identity provider.
Click Connect.
Enter Email or phone number associated with your Microsoft Azure account.
Click Next.
Enter your password and click Sign In.
When you sign in as an Azure admin, you can consent the installation of Nightfall IDP yourself. You can view the following screen. You must click Accept.
Once you approve the request, the installation proceeds. Once the installation is completed, you can see the following screen. You must click Setup Complete.
After the setup is complete, the first sync may take 15 to 30 min to complete. While the first sync is in progress you would see "pending" under status. Once the sync is complete, the status would transition from "pending" to "synced" and you can view the number of active users, inactive users and groups discovered.
Active users in Azure are the users who actively log in to Azure and perform various tasks.
Inactive users are dormant users who have not logged in to their Azure account for a while. You can refer to this Microsoft document to learn more about managing inactive users.
Nightfall syncs with your Identity and Access Provider every four hours. Also, you can manually sync once every hour. To sync data manually, click the ellipsis menu and select Refresh.
Currently, once registered you cannot unregister an Identity and Access Provider from Nightfall. If you do wish to unregister your Identity and Access Provider, please contact Nightfall support.