How to configure SESAR with Azure Active Directory?
1. Creating an app:
Then, on the left bar click on “App registration” and click on “New registration”.
Enter a name and then, under "Supported account types", check the first option "Single tenant".
The application will allow Secure Exchanges to connect to your Active Directory to access its different groups.
2. Creation of secrets :
Once your app is created, go back to “App registration” and click on the new app that has the name you entered earlier.
Then click on the link to the right of “Add a certificate or secret” and click on “New client secret”.
Please note that you will need to renew the secret each time it expires, we recommend selecting 12 months.
Finally, take note of the "value" of this secret since it will no longer be accessible afterwards.
Don't worry, if you ever lose the value of this secret, you will be able to create another one.
3. Application's information recovery :
Thereafter, return to your application, there are two important pieces of information to retrieve, the client identifier (Application (client) ID) and the tenant identifier (Directory (tenant) ID). Take note of the value of these two pieces of information.
You now have all the information you need to let Secure Exchanges connect to your Azure Active Directory. (ClientId, tenantId and secret)
4. Azure Active Directory permissions :
On the left tab click on “Api permissions” and click on “Add a permission”.
In the right tab, select the first option “Microsoft Graph”.
Then click on the right button “Application permissions”.
Next, you need to add these four permissions: “Group.Read.All”, “GroupMember.Read.All”, “MailboxSettings.Read” and “User.Read.All”. You can easily search for them using the search tab.
Next, you need to add these four permissions: “Group.Read.All”, “GroupMember.Read.All”, “MailboxSettings.Read” and “User.Read.All”. You can easily search for them using the search tab.
Please note that you will need admin consent for all of the following permissions as they are application permissions.
You should have the following result:
5. Creation of groups :
On the left tab, click on “Groups” and then click on “New group”.
You must assign "SecureExchanges_Licences" as the group name.
You should have the following result in the “SecureExchanges_Licences” group:
6. Users' Management :
SESAR is now configured to use Azure AD. Synchronization with Azure will take place every 5 minutes.
Please note that for licenses to be assigned to users, they must be purchased and provisioned in Secure Exchanges before.
If you run out of licenses, an email will be sent to your account administrators notifying you that users have been created but no licenses have been assigned to them.
Also, if you want to remove a license from a user, you must absolutely place it in the "No_Licence" group.
If you delete it only from Azure, the user will no longer be managed so he will keep his license.
Please note that for licenses to be assigned to users, they must be purchased and provisioned in Secure Exchanges before.
If you run out of licenses, an email will be sent to your account administrators notifying you that users have been created but no licenses have been assigned to them.
Also, if you want to remove a license from a user, you must absolutely place it in the "No_Licence" group.
If you delete it only from Azure, the user will no longer be managed so he will keep his license.
Be careful, if you place a user in "No_License", his event logs will be permanently deleted.
In addition, user management is automatic, i.e. if you add a new user in Azure, it will be created automatically if you have a free license for it.
Related Articles
What is SESAR ?
Introduction to SESAR Service SESAR (Secure Exchanges Send And Receive) is a Windows service designed to integrate and secure your exchanges made via Secure Exchanges, whether they are stored locally or in the cloud. It acts as a true vault for your ...What are the SESAR configuration parameters?
As SESAR works by “tenant”, an organization could have several “tenants”. So the configuration file is built so that the service is installed only once, but can retrieve information from all tenants So each SESAR is an instance that must be ...How do I generate my SESAR private key?
SESAR asks you to configure your private key. To do this, Secure Exchanges has made available to its customers a tool called SECT.exe (Secure Exchanges Crypto Tool). Double click on the tool and go to the “Generate keys” section Select PKCS 4096. ...Migration to the new version of SESAR 2023-03-03
After gathering feedback from our clients, we agreed that updating SESAR could be a small challenge. Either replace the instance and modify the configuration file directly. This is why since the last update of SESAR (23.02.2023) the instance is now ...How to uninstall SESAR?
To uninstall SESAR, you need to run the setup.exe again, and select "Remove Secure Exchanges Send And Receive (SESAR)"