How to configure SESAR with Azure Active Directory?

1. Creating an app:

Head to Azure Active Directory.

Then, on the left bar click on “App registration” and click on “New registration”.

Enter a name and then, under "Supported account types", check the first option "Single tenant".

Finally, click on the “Register” button located at the bottom left of the screen.

The application will allow Secure Exchanges to connect to your Active Directory to access its different groups.

2. Creation of secrets :

Once your app is created, go back to “App registration” and click on the new app that has the name you entered earlier.
Then click on the link to the right of “Add a certificate or secret” and click on “New client secret”.

Enter a short description of the secret, for example: "Secret for Secure Exchanges", and select the expiration date that suits you.
Please note that you will need to renew the secret each time it expires, we recommend selecting 12 months.

Then click on the “Add” button to create the secret.
Finally, take note of the "value" of this secret since it will no longer be accessible afterwards.

Don't worry, if you ever lose the value of this secret, you will be able to create another one.

3. Application's information recovery :

Thereafter, return to your application, there are two important pieces of information to retrieve, the client identifier (Application (client) ID) and the tenant identifier (Directory (tenant) ID). Take note of the value of these two pieces of information.

You now have all the information you need to let Secure Exchanges connect to your Azure Active Directory. (ClientId, tenantId and secret)

4. Azure Active Directory permissions :

To authorize Secure Exchanges to connect to your Azure Active Directory, you must change the permissions.
On the left tab click on “Api permissions” and click on “Add a permission”.
In the right tab, select the first option “Microsoft Graph”.

Then click on the right button “Application permissions”.
Next, you need to add these four permissions: “Group.Read.All”, “GroupMember.Read.All”, “MailboxSettings.Read” and “User.Read.All”. You can easily search for them using the search tab.

Once you have selected all the permissions, click on "Add permissions" in the bottom left.
Please note that you will need admin consent for all of the following permissions as they are application permissions.

You should have the following result:

5. Creation of groups :

The last thing you have to do is create groups to manage users.
On the left tab, click on “Groups” and then click on “New group”.
You must assign "SecureExchanges_Licences" as the group name.

Then you can create the following 4 subgroups inside the last group: “Advanced”, “Eco”, “No_Licence” and “Pro” and add them in the “SecureExchanges_Licences” group as a member.

You should have the following result in the “SecureExchanges_Licences” group:

6. Users' Management :

SESAR is now configured to use Azure AD. Synchronization with Azure will take place every 5 minutes.

Please note that for licenses to be assigned to users, they must be purchased and provisioned in Secure Exchanges before.
If you run out of licenses, an email will be sent to your account administrators notifying you that users have been created but no licenses have been assigned to them.

Also, if you want to remove a license from a user, you must absolutely place it in the "No_Licence" group.
If you delete it only from Azure, the user will no longer be managed so he will keep his license.

Be careful, if you place a user in "No_License", his event logs will be permanently deleted.

In addition, user management is automatic, i.e. if you add a new user in Azure, it will be created automatically if you have a free license for it.

• Related Articles

• What is SESAR ?

  Introduction to SESAR Service SESAR (Secure Exchanges Send And Receive) is a Windows service designed to integrate and secure your exchanges made via Secure Exchanges, whether they are stored locally or in the cloud. It acts as a true vault for your ...

• What are the SESAR configuration parameters?

  As SESAR works by “tenant”, an organization could have several “tenants”. So the configuration file is built so that the service is installed only once, but can retrieve information from all tenants So each SESAR is an instance that must be ...

• How do I generate my SESAR private key?

  SESAR asks you to configure your private key. To do this, Secure Exchanges has made available to its customers a tool called SECT.exe (Secure Exchanges Crypto Tool). Double click on the tool and go to the “Generate keys” section Select PKCS 4096. ...

• Migration to the new version of SESAR 2023-03-03

  After gathering feedback from our clients, we agreed that updating SESAR could be a small challenge. Either replace the instance and modify the configuration file directly. This is why since the last update of SESAR (23.02.2023) the instance is now ...

• Guide to assist you in configuring and installing SESAR.

  Here is a simple and detailed guide to assist you in the configuration and installation of SESAR. 1. Creation of the SESAR user Start by installing the latest version of SESAR, available on our website. Once the installation is complete, log in to ...