How to configure SESAR with Azure Active Directory?
1. Creating an application:
Next, on the left bar click on "App registration" and click on "New registration".
Enter a name and then, under "Supported account types", check the first option "Single tenant".
Finally, click on the "Register" button located in the bottom left corner of the screen.
The application will allow Secure Exchanges to connect to your Active Directory to access its various groups.
2. Creating a secret:
Once your application is created, return to "App registration" and click on the new application that has the name you entered previously.
Next, click the link to the right of "Add a certificate or secret" and click on "New client secret".
Enter a short description of the secret, for example: "Secret for Secure Exchanges", and select the expiration date that suits you.
Please note that you will need to renew the secret each time it expires; we recommend selecting 12 months.
Next, click the "Add" button to create the secret.
Finally, take note of the "value" of this secret since it will no longer be accessible afterwards.
Don't worry, if you ever lose the value of this secret, you will be able to create another one.
3. Retrieving application information:
Next, return to your application. There are two important pieces of information to retrieve: the client ID (Application (client) ID) and the tenant ID (Directory (tenant) ID). Note down the values of both.
You now have all the necessary information to allow Secure Exchanges to connect to your Azure Active Directory. (ClientId, tenantId, and secret)
4. Azure Active Directory permissions:
To allow Secure Exchanges to connect to your Azure Active Directory, you need to change the permissions.
On the left tab, click on "API permissions" and then click on "Add a permission".
In the right-hand tab, select the first option, "Microsoft Graph".
Next, click the "Application permissions" button on the right.
Next, you need to add these four permissions: "Group.Read.All", "GroupMember.Read.All", "MailboxSettings.Read", and "User.Read.All". You can easily search for them using the search tab.
Once you have selected all the permissions, click on "Add permissions" in the bottom left corner.
Please note that you will need admin consent for all of the following permissions as they are application permissions.
You should get the following result:
5. Creating groups:
The last thing you need to do is create the groups to manage the users.
On the left tab, click on "Groups" and then click on "New group".
We suggest you assign "SecureExchanges_Licences" as the group name.
You can use any group name you want, you just need to use the same group name in the SESAR configuration.
Next, you can create the following 7 subgroups within the parent group ( SecureExchanges_Licences) : “ Advanced”, “Eco”, “No_Licence” and “Pro”, “ DEBASE-P ”, “ COMPLET-P ” , “ COMPLET2100-P ”.
It is important that the 4 subgroups have exactly these names.
You should see the following result in the "SecureExchanges_Licences" group:
6. SESAR Configuration:
With the information noted later, Application (client) ID, Directory (tenant) ID and Secret , you can now modify your SESAR configuration to support ADD (Azure Active Directory).
Add the following three new fields to your SESAR instance: AzureAD_Client, AzureAD_Tenant and AzureAD_Secret and associate the values with the correct fields (AzureAD_Client="Your Application (client) ID", etc.).
If you need to update SESAR (delete your existing SESAR.config file), this means you will need to re-enter your API keys, Serial, User and all other instance information. To define the parent group, you must add the AzureAD_GroupName key in the AppSettings section and enter the parent group name that you entered in step 5.
Note that the name you enter must be exactly the name you gave your parent group in AzureAD
You have now configured your SESAR to support ADD.
7. User Management:
Once your SESAR is configured, you can now manage your organization's users in Azure.
To do this, you simply need to place the users into one of the four different subgroups:
- Eco
- Advanced
- Pro
- No_Licence
For shared licenses, you must create the following groups:
- DEBASE-P (Shared Eco)
- COMPLETE-P (Shared Advanced)
- COMPLETE2100-P (Shared Pro)
Example: If you place a user in the Pro group, they will be assigned a Pro license upon synchronization, the same applies to the Eco and Advanced groups.
Example 2: A user with a Pro license who is moved to the Eco group will have their license modified.
Synchronization with Azure will occur every 5 minutes.
Note that in order for licenses to be assigned to users, they must be purchased and provisioned in Secure Exchanges beforehand.
If you wish to remove a license from a user, you must place them in the No_licence group.
Warning: If you place a user in "No_Licence", their event logs will be permanently deleted.
If an error occurs with SESAR synchronization, an email will be sent to your organization's administrator.
Example: If you do not have enough licenses or if a user has a domain name that is not validated in your organization, you will receive an email to that effect.
Note that if you wish to permanently delete a user, you must delete them directly in the Secure Exchanges web portal.
8. Grant user management rights to SESAR
As a final step, you need to grant a user the rights to add and edit users.
In Options / Role and Permission
You will add a role group and name it Azure-AD
Next, you will tap on the group name and then tap "Edit".
You will now select the "User Management" option, which is orange, and press "Save".
Related Articles
What is SESAR?
Presentation of the SESAR Service SESAR ( Secure Exchanges Send and Receive ) is a Windows service designed to integrate and secure your communications sent via Secure Exchanges , whether stored locally or in the cloud. It acts as a true vault for ...What are the configuration parameters for SESAR?
Because SESAR operates on a tenant basis, an organization could have multiple tenants. Therefore, the configuration file is structured so that the service is installed only once, but can retrieve information from all tenants. Therefore, each SESAR is ...SESAR (Secure Exchanges Send And Received) Installation Guide
Here is a simple and detailed guide to help you configure and install SESAR. 1. Creating the SESAR user Start by installing the latest version of SESAR, available on our website. The machine on which SESAR will be installed must have the following ...How do I uninstall SESAR?
1. Uninstall SESAR Open the control panel Click the Windows "Start" button, then search for and select Control Panel. Access program management In the control panel, select "Programs", then "Uninstall a program". Search Secure Exchanges In the list ...How do I perform IP Sync with SESAR?
To allow a particular IP address to connect and retrieve your SESAR messages, you must contact your liaison agent at Secure Exchanges, your partner, to provide them with your IP address. Our support team will then add your IP address to your SESAR ...