Knowledgebase
User Provisioning Options

When a subscribing organization is using the Proofpoint Essentials service the minimum configuration is that one single domain is filtered by the Proofpoint Essentials service and adding users to the Proofpoint Essentials interface is an essential part of configuring a domain belonging to a subscribing organization.

NOTE: It is important to note that only registered users benefit from all the Proofpoint Essentials features and email addresses that remain unregistered or are marked as invalid will not have inbound or outbound email processed by Proofpoint Essentials.

 

Registered users benefit from many of the standard features of Proofpoint Essentials including:

  • Quarantine access
  • Quarantine summary digest email report
  • Ability to Release content from the quarantine
  • Processing of outbound email delivery
  • Processing of inbound email delivery without a “Non-registered email address disclaimer”
  • Allow Rules
  • Block Rules
  • Emergency Inbox

 

In order to meet the needs of our subscribers, User Provisioning can be handled in a number of ways:

  • LDAP Discovery
  • SMTP Discovery
  • CSV Import
  • Manual Creation

 

LDAP Discovery

LDAP Discovery is the recommended method of adding user to the platform. This allows admins to import their users email addresses and security groups directly from a client’s Microsoft Active Directory. LDAP Discovery is a one way synchronization for your protection and requires read only permission of an Active Directory server.

Please contact Microsoft support for any questions regarding your Active Directory settings.

Configuration of LDAP discovery requires a basic understanding of Active Directory and requires some minor firewall modifications: see LDAP Discovery

Adding Users by Active Directory

  1. While logged into the user interface, navigate to Company Settings 
  2. Go to Import tab.
  3. Click on the Active Directory tab.
  4. Select the initial profile of the users you are loading.

    End Users receive a welcome letter once added to the system. The welcome letter will include details about the quarantine email as well as login information to access the user interface.
    Silent Users do not receive a welcome letter when loaded into the system. Their profile can be changed (i.e. to an end user) at a later stage.

  5. Specify the URL or IP Address to access the organization’s Active Directory. Port 389 (LDAP) will need to be accessible to Proofpoint Essentials IPs in order for this method to be used.
  6. Enter an Active Directory username and password that can be used to import email-enabled objects such as users, Security Groups and Distribution Lists.
  7. Enter the Base DN
    1. This is the LDAP query that Proofpoint Essentials will execute to capture all mail-enabled object information.
    2. If you do not know what your base DN is please consult your network administrator.
  8. Choose what items you would like to sync.
  9. Choose additional sync options (e.g. updated synchronized accounts, etc.).
  10. Choose if you would like to enable a daily sync between Proofpoint Essentials and the organization’s Active Directory.
  11. Click Save.
  12. The Active Directory connection information will be validated and, if successful, a result set will be displayed for review. If the data is accurate, click Proceed to import the users. The Active Directory sync will overwrite previously created accounts along with their permissions. Therefore, you will need to update the organization admin account. Refer to the Manually Adding Users section in order to update user settings.

 

SMTP Discovery

Default method enabled, SMTP discovery will accept email traffic for non-registered users based on predefined settings (e.g. number of times where the SMTP address has been identified). It will also send out a weekly report to the organization administrator so that they can set the address as either invalid or active. SMTP Discovery will be disabled if LDAP 24 hour sync is enabled.

Adding Users by SMTP Discovery

  1. While logged into the user interface, navigate to the Company Settings.
  2. Click on the SMTP Discovery tab.
  3. Select the initial profile of the users you are loading.
    1. End Users receive a welcome letter once loaded into the system. The welcome letter will include details about the quarantine email as well as login information to access the user interface. Silent Users do not receive a welcome letter when loaded into the system. Their profiled can be changed (i.e. to an end user) at a later stage.
  4. Update SMTP Discovery settings based on preferences.
    1. Inbound Detection Threshold: The number of times Proofpoint Essentials should see this email address before including it in the SMTP Discovery weekly digest.
    2. How many times would you like to be notified about an address before it expires?: The number of times the address should appear in the SMTP Discovery weekly digest before expiring.
    3. Expired Addresses Default to New User: When enabled will automatically make an address a licensed user once inbound detection and expiration settings have been met.
    4. Auto-add Detected Alias Addresses: Will automatically add an address as an alias when identified.
    5. Auto-add New Users Detected via Outbound: If the organization is filtering outbound email through Proofpoint Essentials, than this setting will automatically create licensed users for non-registered accounts.
    6. Report on New Users: Will deliver a report to the organization administrator identifying new users that have been automatically created.
    7. Report on New Aliases: Will deliver a report to the organization administrator identifying new aliases that have been automatically added.
    8. Include Admin Contact: Will include an admin contact in the report.
  5. Click Save.

 

CSV Import

Due to the complexity of CSV Import it is only currently available to resellers. The current issue is with the possibility of overriding current list of users.

CSV text must be pasted into the dialog box under Management > CSV Import. And should be formatted First Name, Last Name, Primary Email address, followed by other address separated by commas.

To load a CSV File:

  1. Click on the Company Settings tab.
  2. Click on the Import tab.
  3. Click on the CSV tab.
  4. Choose the type of CSV file you will be loading.
    Standard CSV: A basic file format that includes first name, last name, primary email addresses and aliases.
    Postini User CSV: A Postini user export file that contains user details first name, last name, primary STMP address) as well as user allow and block lists.
    Postini Alias CSV: A Postini alias export file that contains the alias address, domain, user_id and user_address. This file can be imported after you have loaded a Postini User CSV.
  5. Choose the default privileges type for new users.
    End User: Receive the quarantined digest and can login to the Proofpoint Essentials user interface.
    Silent User: Receive the quarantine digest and are not granted access to login to the Proofpoint Essentials user interface.
  6. Click Choose File.
    Locate file you wish to import.
  7. Click Upload.
    You can view an example of the file format you selected to import by clicking on the CSV File Format
    Instructions.

Manual Creation

Manual creation allows for the individual creation of user accounts and assignment of aliases as well as the elevation of user privileges.

  1. While logged into the user interface, navigate to the Users & Groups > Users tab.
  2. Click on Add a User.
  3. Enter the user’s first name.
  4. Enter the user’s surname.
  5. Enter the user’s primary email address.
  6. Select the user’s privileges.
    1. End Users receive a welcome letter once loaded into the system. The welcome letter will include details about the quarantine email as well as login information to access the user interface.
    2. Silent Users do not receive a welcome letter when loaded into the system. Their profile can be changed (i.e. to an end user) at a later stage.
  7. Enter a password for the user (Optional).
  8. Click Save

NOTE: New users are registered every half-hour. Therefore mail will not flow to the new user until the change is made. If SMTP Discovery is enabled, users will be able to receive email immediately.

(6 vote(s))
This article was helpful
This article was not helpful