Contents x
- 📑
Getting Started
- About senhasegura
- Use Cases
- Technical specification
- senhasegura Installation
- Architecture
- Virtual Appliances
- Crypto Appliance
- Deploy on cloud provider
- Firewall rules
- Administrative users
- How to activate the senhasegura license
- How to set up the network and change the hostname
- How to accept the End User License Agreement
- Backup
- Data Replication
- How to enable the application
- Update senhasegura
- Troubleshooting
- Basic Usage
- 📣 News
- ⚙️
Settings
- Explanation
- About Active Directory
- About Segregated Entities and Their Properties
- About User Groups
- About Related Users
- About the Access Control Layer
- About the Master Key
- About OpenID
- About LDAP/AD servers
- About senhasegura's ITSM integration
- About the Notifications
- About the authentication process with Active Directory
- About SAML
- How-to guides
- Information about settings
- User management
- Authentication
- Providers
- MFA
- How to manage a Multi-Factor Authentication (MFA) provider
- How to register a Radius multi-factor authentication provider
- How to register an AuthID multi-factor authentication provider
- How to register a RSA multi-factor authentication provider
- How to register the Duo Sec multi-factor authentication provider
- How to register Authenticators Apps for multi-factor authentication
- Notifications
- Backup
- SSH
- Integrations with ticket systems
- How to manage integrations with ticket systems
- How to configure a Freshdesk integration on senhasegura
- How to configure the integration with CA Service Desk Manager in senhasegura
- How to configure GLPi integration in senhasegura
- How to configure Zendesk integration in senhasegura
- How to configure Jira Service Desk integration in senhasegura
- How to configure ServiceNow integration in senhasegura
- Continuous identification
- How to manage approver users
- How to configure the logo in senhasegura
- Reference
- Explanation
- 📦
senhasegura 360
- PAM Core
- PAM Core - Home
- PAM Dashboard
- Devices
- Explanation
- How-to guides
- How to perform a batch import
- How to download the template file for batch import
- How to use the “Bulk Action” feature for devices
- How to approve bulk actions requests
- How to configure a device
- How to manage devices
- How to manage devices without credentials
- How to configure device categories
- How to download a local connection file for Putty and Remote Desktop
- How to check the device connectivity
- How to consult device logs
- Reference
- Credential Management
- Credentials
- Explanation
- How-to guides
- How to setup up a credential in senhasegura
- How to use domain credentials
- How to configure a JIT credential in senhasegura
- How to connect using a JIT credential
- How to use the bulk action feature for credentials
- How to verify the execution history of a credential
- How to configure a reconciliation credential
- How to reconcile a credential
- How to create a pool of credentials
- How to generate a TOTP authentication token
- How to use MFA authentication with YubiKey
- Reference
- SSH keys
- Credentials by web applications
- Policies
- Password
- Credentials
- Session Management
- Explanation
- Session Actions
- Remote Session
- Session text
- Transfered files
- PAM - Access Policies
- Access Request Worlfow
- Exceptional Access
- Session Configuration - System parameters
- Personal Credential
- Blocked users
- Audit
- Video Session
- senhasegura Proxy
- Proxy 2.0
- Database Proxy
- About Oracle wallet
- About compatibility with legacy MS SQL Server
- How-to guides
- How to configure senhasegura Database Proxy
- Database Proxy for Oracle - Setup guide
- Oracle Stand Alone Environment
- How to create the Oracle DB server Wallet
- How to generate the database credential’s certificate and key
- How to create a senhasegura user wallet
- How to configure the Oracle server to use wallet authentication
- How to configure a device in senhasegura to use the Database Proxy with Oracle
- How to configure a credential in senhasegura to use the Database Proxy with Oracle
- How to configure IDEs for the end user to connect to Oracle DB
- Oracle Cluster Environment with grid infrastructure
- How to configure the wallet for Oracle in a cluster with grid infrastructure
- How to create a senhasegura user wallet
- How to configure a device in senhasegura to use the Database Proxy with Oracle
- How to configure a credential in senhasegura to use the Database Proxy with Oracle
- How to configure IDEs for the end user to connect to Oracle DB
- How to collect the senhasegura user certificate
- Oracle Stand Alone Environment
- MS SQL Server sessions
- PostgreSQL sessions
- Oracle sessions
- How to start a Database Proxy Oracle session with DBeaver on Linux
- How to start a Database Proxy Oracle session with DBeaver on Windows
- How to start a Database Proxy Oracle session with SQL Developer on Linux
- How to start a Database Proxy Oracle session with SQL Developer on Windows
- How to start a Database Proxy Oracle session with SQL Plus
- How to modify Database Proxy port number
- Web Proxy
- About Customize settings - Web sessions parameters
- About HTTP web sessions
- How-to guides
- How to register a new web session parameter
- How to access a Web Proxy session
- How to transfer or download a file in HTTP Web Proxy sessions
- How to transfer files between Web HTTP/HTTPS sessions
- How to transfer a file over RDP Web Proxy sessions
- How to perform a PDF download in HTTP/HTTPS Web Proxy sessions
- Reference
- RDP Proxy
- Terminal Proxy
- About Encryption keys - Terminal Proxy
- About senhasegura Terminal
- How-to guides
- How to make an SSH connection via Terminal Proxy
- How to make an SSH Multihop connection via Terminal Proxy
- How to make a TELNET connection via Terminal Proxy
- How to transfer a file in Terminal Proxy sessions using SFTP
- How to transfer a file in Terminal Proxy sessions using SCP
- How to set up SSH SOCKS Tunnel for private browsing
- RemoteApp
- Troubleshooting
- Citrix Virtual Apps and Desktops
- How-to guides
- How to install Citrix Bridge Server using Docker container
- How to install Citrix Bridge Server using senhasegura Extended Services OVA
- How to add Citrix Bridge Server as a device
- How to add a RemoteApp to Citrix Bridge Server
- How to add Citrix Bridge Server credential
- How to access a Citrix desktop or application
- How-to guides
- Use cases
- DevOps Secret Manager
- Explanation
- About the Secrets management dashboard
- About access control
- About applications and authorizations per application
- About authenticators in DSM
- About CI/CD
- About dynamic provisioning
- About encryption keys
- About events in DSM
- About plugins in DSM
- About secrets in DSM
- About the CI/CD variables dashboard
- About profiles on dynamic provisioning
- About the Application dashboard
- How-to guides
- How to manage authorizations per application
- How to manage an application
- How to manage secrets
- How to manage dynamic provisioning in DSM
- How to use bulk actions for secrets
- How to create and manage encryption keys
- How to use a DSM automation to inject a secret
- How to manage DSM automations
- How to configure authenticators
- Hot to use DevOps Secret Manager CLI
- How to integrate DSM with Azure DevOps
- How to integrate DSM with GitHub Actions
- How to integrate DSM with GitLab CI/CD
- How to integrate DSM with Jenkins
- How to integrate DSM with Kubernetes
- How to manage access groups
- How to manage API settings
- How to manage lines of business
- How to manage application types
- How to manage environments
- How to manage systems
- Reference
- Reference for API Logs
- Reference for DSM Audit Tracking
- Reference for bulk actions
- Reference for dynamic provisioning profiles
- Reference for DSM executions
- Reference for secrets
- Reference for credentials
- Reference for application
- Reference for authorization by application
- Reference for Encryption Keys
- Reference for CI/CD variables
- Reference for CI/CD deploys
- Reference for executions
- Reference for DSM automations
- Reference for access groups
- Reference for My approvals
- Reference for My requests
- Reference for API settings
- Reference for lines of business
- Reference for application types
- Explanation
- Domum Remote Access
- Endpoint Privilege Manager (EPM)
- General EPM Reports
- EPM Windows
- Windows
- Introduction Windows
- Architecture
- GO for Windows Agent
- Installation
- Automation report
- About automation
- How to clone or edit an automation
- How to enable or turn off an automation
- How to create web authentication automation for general segregation
- How to create web authentication automation for workstation segregation
- How to create a RemoteApp type automation on GO Windows
- Automation use case
- Execute
- Control Panel
- Approval workflow
- Network Adapters
- Network Sharing
- Uninstall
- Segregated parameters
- System parameters
- Permission
- Application access lists
- Automation access lists
- Uninstaller access lists
- Privilege elevation block
- Directory and file control
- DLL blocking
- Trusted directories
- Impersonation
- GO Shell
- JIT Access
- Offline mode
- Token MFA OTP
- Application access lists
- Single Sign-On (SSO)
- Directory and file scan
- Network access blocking
- UAC integration
- Automatic update
- Session recording
- Malware analysis
- Reports
- About parent and child processes
- FAQ
- Troubleshooting
- Troubleshooting: API Authorization Error When Trying to Open the Agent
- How permissions management and application dependencies affect senhasegura.go
- Installation error messages
- Go Endpoint Manager for Windows flagged as a threat in antivirus scanners
- Applications in the control panel don't elevate privilege
- Windows
- EPM Linux
- Introduction Linux
- First steps
- How to install the senhasegura EPM Linux agent
- How to perform a batch installation of EPM Linux
- Access policies
- Rules for sudo
- DAC permission
- Reports
- System parameters
- Session recording
- Troubleshooting
- Certificate Manager
- Getting started
- Certificates workflow
- Cloud certificates workflow
- Additional settings
- How to make action requests
- How to manage your approvals
- How to download the CSR and key
- How to download the certificate and key
- How to retrieve the certificate passwords
- How to link devices to a certificate
- How to set up a certificate pool
- How to automate the lifecycle of a certificate
- How to configure receiving notifications
- How to generate random certificates
- Reference
- Use case
- Cloud IAM
- Orbit Server Manager
- Monitoring
- Orbit CLI
- Explanation
- How-to guides
- How to change default passwords
- How to configure backup
- How to perform disk management
- How to check the senhasegura version
- How to configure network interfaces
- How to manage the firewall
- How to manage proxy settings
- How to set the hostname
- How to check the instance's health
- How to manage the application
- How to configure instance location
- How to manage the cluster
- How to configure NTP servers
- How to configure Domum Gateway
- How to manage operating system services
- How to configure DNS servers
- How to enable proxy or loadbalancer IPs
- How to configure remote partitions
- How to perform manual execution of senhasegura services
- How to shutdown or restart the server
- How to configure SNMP monitoring
- How to reinstall repository certificates
- How to manage repositories with Orbit CLI
- How to login with certificates
- How to manage web application SSL certificate
- How to update the solution
- How to run the Discovery cleaning procedure
- How to configure Zabbix via Orbit CLI
- How to tuning the environment
- Reference
- Orbit Web
- Executions
- Introduction Executions
- Executors
- Templates
- Operations
- Attempt Parameters and triggers
- Profiles
- Chained operation automation
- Password change
- How to configure a password change
- Password change example
- How to change a domain user's permission in AD
- How to change a domain user's password in AD
- How to change a password with Kerberos authentication for Windows RM
- How to change a password with NTLM authentication for Windows RM
- SSH Keys rotation
- How to change SSH keys
- How to setup SAP password change
- Credentials execution profiles
- How to create a credential profile
- How to change passwords using Tk Expect for Oracle databases
- Examples
- Discovery
- MySafe
- FAQ - Frequently asked questions about MySafe
- First steps with MySafe web
- How to genereate safe passwords with MySafe
- Reference
- Passwords
- Files
- Notes
- API secrets
- Batch actions
- Batch import
- Audit
- Sharing center
- Integrations
- Global administration
- MySafe extension
- senhasegura mobile app
- A2A
- Network Connector
- Explanation
- How-to guides
- How to install Network Connector
- How to configure devices on Network Connector
- How to configure Network Connector agents
- How to update the Network Connector agent
- How to use the Network Connector dashboard
- How to install the Network Connector agent on Google Cloud
- How to install the Network Connector agent on Microsoft Azure
- Reference
- User Behavior
- Task Manager
- Load Balancer
- Arbitrator
- Protected Information
- Reports
- Dashboards
- PAM Core
- ☁️
Cloud Products
- Changelogs
- Cloud Security
- Cloud Entitlements
- Explanation
- Reference
- How-to
- How to access auditing details
- How to connect an AWS account
- How to connect an Oracle Cloud account
- How to connect an AWS organization
- How to connect a Google Cloud Platform organization
- How to connect a Google Cloud Platform project
- How to connect an Azure tenant
- How to set temporary policies for AWS identities
- How to set temporary policies for Azure identities
- How to customize Security policies
- How to remove roles from Azure
- How to remove policies from AWS identities
- How to view recommendations
- senhasegura SaaS
- 💻 senhasegura APIs
- Other information
- Other versions
How to Set Up Azure AD Provisioning
Article summary
Did you find this summary helpful?
Thank you for your feedback
This article will guide you through the process of creating an authenticator provider in senhasegura using Azure Provisioning.
Prerequisites
- Have access to the user management settings in the senhasegura platform
- An Azure AD account with permission to create applications and configure Provisioning
- Use a tool application (such as the Postman app) to obtain authorization tokens.
- Familiarity with the Azure AD portal and protocols
Step 1: Set up Azure Provisioning with the senhasegura
- Access the senhasegura and go to Settings > Provisioning > Identity Management (IGA) > Providers and click the Add button.
- Configure with any name and description, but it must be in the SCIM Protocol and with Third-party users with NO.
- In the Authentication section, enter the API access configuration where the Token for SCIM use will be obtained. The Authentication method needs to be OAuth 2.0.
- After saving the item, it will appear in the Providers menu list. Click the Actions button and select Provider details. The Register Identity Management Provider screen will be displayed.
- The base URL on the screen is used for configuration in Azure Provisioning. The Token URL on the screen is for obtaining the authorization token, as well as the Client ID and Client Secret. To obtain the authorization token, the Postman app can be used or the following CURL:
curl --insecure -d "grant_type=client_credentials&client_id=<CLIENT_ID>&client_secret=<CLIENT_SECRET>&ttl=60" "https://<DNS_senhasegura>/iso/oauth2/token" -s --show-error -X POSTShell
Short time token
As senhasegura uses OAuth and is not yet in the gallery apps that are supported by Microsoft, your token is valid only for one hour. Please repeat the process after the designated time.
Step 2: Create an Application in Azure AD
- To use Azure Provisioning, it is necessary to create an application in Azure AD in Enterprise Application. When creating it, select "Create your own application" in the Azure AD Gallery;
- And then select "Integrate any other application you don't find in the gallery (Non-gallery)". An application will be created and shown on the list.
- Then just access the application and go to "Provisioning" in the menu.
Step 3: Configure Provisioning in Azure AD
- To configure Provisioning, the URL obtained in the SCIM Provider created in the senhasegura and also the authorization token generated by Postman will be used.
- After entering the information, test the connection. Mappings will then be released, where the fields of Groups and Users passed by Azure to the senhasegura will be defined. Currently, Azure cannot map the schemas used by SCIM on the senhasegura side, so it is necessary to manually configure it.
- In Provision Azure Active Directory Groups, it will be configured as follows;
- Enabled - yes
- Target Object Actions
- Create - checked
- Update - checked
- Delete - checked
- Azure Active Directory Attribute
- displayName
- objectld
- members
- displayName
- The "accessGroup" attribute in the customappsso column does not exist in Azure AD, so it is necessary to create it by going to "Show advanced options" in the section below in "Edit attribute list for customappsso". Inside "Edit Attribute List," define it with the rules below:
Name Primary Key? Required? Multi-Value Exact case? id yes yes no no externalld no no no no displayName no yes no no members no no yes no accessGroup no no no no - After editing the attributes, go back to the associated attributes screen and click Add New Mapping and, inside "Edit Attribute," add according to the configuration below:
- Mapping type: Direct
- Source attribute: displayName
- Target attribute: accessGroup
- Match objects using this attribute: No
- Apply this mapping: Always
- After that, just save the settings and go back to the Provisioning configuration screen (where the connection was tested).
- Now the user fields must be defined by accessing "Provision Azure Active Directory Users". The same process of associating new fields will be performed here.
- After adding all the fields, save and go back to the Provisioning configuration screen, where the connection is tested.
- A last option will be enabled, which can be configured as desired.
- After that, toggle to use "ON" in "Provisioning Status."
- To Provision users and groups, they must be associated with the provisioning, on the main screen in "User and groups" of Azure.
- Click on Add user/group and select the desired Group/User.
- In this window, there is also the "Role." This Role will be associated in senhasegura as the user's permission. The premise is that both have the same name.
- After that, just save the settings and go back to the Provisioning configuration screen (where the connection was tested).
- A last option will be enabled, which can be configured as desired.
- After that, toggle to use "ON" in "Provisioning Status."
- To Provision users and groups, they must be associated with the provisioning, on the main screen in "User and groups" of Azure.
- Click on Add user/group and select the desired Group/User.
- In this window, there is also the "Role." This Role will be associated in senhasegura as the user's permission. The premise is that both have the same name.
- After configuring everything correctly, the authenticator provider in senhasegura using Azure Provisioning will be ready to use.
Was this article helpful?
Thank you for your feedback! Our team will get back to you
How can we improve this article?
Your feedback
Comment
Comment (Optional)
Character limit : 500
Please enter your comment
Email (Optional)
Email
Please enter a valid email
