When you log on for the first time, a wizard appears to help the user configure their organization setup in Seqrite HawkkProtect. The complete on-boarding of Users, Applications and Services can be done in the following 8 steps.
- Add Identity Providers.
- Add Certificates.
- Add Sites.
- Add App Connectors.
- Add Tags.
- Add Applications and Services.
- Add Zero Trust Policies.
- Add Default Hierarchy.
Click Proceed to start the on-boarding.
Adding Identity Providers
Enter the details for your identity and access manager application that manages the access rights of all users in your organization.
Ensure that you configure the following prerequisites before adding the identity providers.
| IdP Type | Prerequisites |
|---|---|
| Microsoft Azure | Create an enterprise application on the organization’s azure ID and create a user sync app on Microsoft Azure. To know more, click https://docs.seqrite.com/docs/seqrite-hawkkprotect/settings/idp/prerequisites-for-microsoft-azure/ |
| Google IdP | Create a gateway SAML app on Google Workspace and then create a user sync app on Google Cloud Console. To know more, click https://docs.seqrite.com/docs/seqrite-hawkkprotect/settings/idp/prerequisites-for-microsoft-azure/ |
| ADFS | Configure relying part in ADFS server. To know more, click https://docs.seqrite.com/docs/seqrite-hawkkprotect/settings/idp/configuring-relying-party-trust-in-adfs-server/ |
Click Proceed to add Identity Providers (IdP).
The Add IdP page is displayed.
Enter the IdP details as follows.
I. In the IdP Details dialog, enter the following information.
| Column Name | Description |
|---|---|
| IdP Name | Name of the IdP. |
| IdP Description | Description of the IdP. |
II. In the IdP Type Details dialog, enter the following information.
| Column Name | Description |
|---|---|
| IdP Type | Type of the IdP. |
| Authentication Method | Authentication method used to authenticate users. |
You need to enter the following details based on the selected IdP type.
| IdP Type | Authentication Method | Details To Be Entered |
|---|---|---|
| Active Directory 2012 | Custom | Admin Username for AD, Admin Password for AD, Host, Port, Base DN, Bind DN. |
| Active Directory 2016 | Custom | Admin Username for AD, Admin Password for AD, Host, Port, Base DN, Bind DN. |
| Microsoft Azure | SAML | Entity ID, Reply URL, XML URL, Application (client) ID, Client secrets, OAuth 2.0 token endpoint (v2). |
| Google Workspace A.K.A. G Suite | SAML | Entity ID, Reply URL, Federation Metadata Type, XML URL, Client ID, Client Secret, Project ID. |
| ADFS | SAML | Entity ID, Reply URL, Host, Federation Metadata Type, XML URL, Admin Username for AD, Admin Password for AD, Host, Port, Base DN, Bind DN. |
III. After entering these details, click Add IdP. The IdP Management page is displayed.
Click Proceed to Step 2.
Adding Certificates
In this step, add a valid security certificate for your organization so that the connections between HawkkProtect and application servers are secure and authenticated.
Click Proceed to add Certificates. The Import Certificate page is displayed.
In the Certificate Details dialog, enter the following details.
| Field | Description |
|---|---|
| Certificate Name | Certificate name. |
| Certificate Description | Certificate description, if any. |
| Private Key File | Browse and upload the key file available in the certificate. |
| Certificate File | Browse and upload the certificate file available with the administrator. |
| Certificate Chain | The certificate chain file in case of multiple entries in a certificate file. |
| Passphrase | If the private key file is encrypted, enter the passphrase. |
After you have entered the details, click Import Certificate.
The Certificate Management page is displayed.
Click Proceed to Step 3. The Add Sites dialog is displayed.
Adding Sites
The Tenant administrator must add the location/sites where the organizational applications/services are hosted or located.
Click Proceed to add Sites. The Add Site dialog is displayed.
On the Add Site dialog, you are required to verify the site domain. To verify the site domain, follow these steps.
I. Copy the TXT record by clicking the copy icon.
II. Log on to the Domain Host Control Panel.
III. Select your domain to access the domain settings.
IV. Click Manage DNS. DNS records table appears.
V. Add the TXT record in this table and enter required details.
The above steps may vary according to the DNS provider. Please refer the documentation provided by the DNS provider for the same.
Note:
It may take up to 48 hours to update this TXT record in the domain.
Now, return to the Add Site dialog.
Enter the domain name in the Site Domain Name textbox. Click Verify Site Domain.
If verification is successful, the Site Details form dialog is enabled.
In the Site Details section, enter the following details.
I. Enter the site name and site description.
II. Choose the appropriate certificate and IdP from the drop-down list boxes.
III. After this is done, click Add. The Site Management page is displayed.
Click Proceed to Step 4 for adding the App Connectors.
Adding App Connectors
In this step, you must specify the connection details to connect HawkkProtect to your application servers.
Click Proceed to add App Connectors. The Add App connector page is displayed.
On the Add App Connector page, enter the following information.
I. In the App Connector Details dialog, enter the following information.
| Fields | Description |
|---|---|
| App Connector Name | App connector name. |
| App Connector Description | Description of the app connector, if any. |
II. In the App Connector Other Details dialog, select the site from the drop-down list. This is the domain name where organizational applications/ services are hosted.
III. After entering this information, click Add. The App Connector Management page is displayed with app connectors list and description.
The App Connector Management page is displayed with app connectors list and description.
Click Proceed to Step 5 to start adding tags.
Adding Tags
In this step, you must add the dynamic tags that help you specify the parameters to create policies for allowing a connection.
Click Proceed to add Dynamic Tags. The Add Dynamic Tag dialog is displayed.
Enter the information as follows.
| Fields | Description |
|---|---|
| Tag Key | Enter the suitable tag key. |
| Tag Color | Select the desired tag color. |
| Data source | Shows the data source from which the user data is fetched. |
| Tag applied to | Select the entity to which you need to apply the tag. |
| Attribute | Select the tag attribute. |
| Criteria | Select the appropriate criteria from the drop-down menu. |
| Expression | Enter the expression depending on the selected criteria. For Entire length, The ‘expression field will be disabled. For Nth Element and RegEx options, you can enter the expression as required. |
| Description | Enter the description for the tag. |
If you click the Application option under Tag Applied To, the following information needs to be entered.
- Variable/ Parameter: The entity to which the tag will be applicable.
- Description: Tag description, if any.
After you have completed entering the required information, click Add.
The Tag Management page is displayed and the added tags are listed in the display.
Click Proceed to Step 6 to add Applications and Services. The corresponding dialog is displayed.
Adding Applications and Services
Here, the tenant administrator must add the applications and services to which you want to apply the Zero Trust paradigm.
Click Proceed to add Applications and Services. The Add applications dialog is displayed.
On the Add Application page, enter the details as follows.
I. In the Application Information dialog, enter the following details.
| Field Name | Description |
|---|---|
| Application Name | Name of the application. |
| Application Description | Additional details about the application, if any. |
| Application Logo | Upload the application logo according to specifications mentioned. |
II. In the Application Details dialog, enter the following details and select appropriate options (wherever applicable).
| Field Name | Description |
|---|---|
| IP Address / URL | Enter the IP Address / URL of the application. |
| Protocol | Select the appropriate protocol from the drop-down menu. |
| Port/ Port Range | Select the appropriate option from the drop-down menu. |
| Port Value | Enter the appropriate port number. |
| Enter Port Number | Enter the appropriate port number for the connection. |
| Tags | Tags applicable to the application. |
| External Web Address | External web address for the application. |
For the following application types, you also need to select the appropriate app connector from a drop-down menu.
- Private Web Apps & Services.
III. After entering this information, Click Add.
The Application Catalog page is displayed with application details that you have configured.
Click Proceed to Step 7.
Adding Zero Trust Policies
In this step, you must add the policies with necessary conditions to access or restrict access to the applications.
Click Proceed to add Zero Trust Policies. The Add policy dialog is displayed.
Enter the following details.
I. In the Policy Information dialog, enter the following information.
| Column Name | Description |
|---|---|
| Identifier | Suitable identifier for the policy. |
| Name | Name of the policy. |
| Observe | Shows whether connections allowed under this policy are being observed. |
| Description | Detailed description of the policy. |
II. In the Allow Rule dialog, enter the following information.
| Column Name | Description |
|---|---|
| Source Tags | Tags applied on user from where the connection is established. |
| Destination Tags | Tags applied on applications where the connection is received. |
| Exception Tags | Based on connection requirement, these tags will exclude users to whom available source tags are applicable. |
III. Click Save as draft if you want to work on the policy later. Else, click Add Policy.
The Policy Management page is displayed and the added policies are displayed in the list.
Click Proceed to Step 8. The Add Default Hierarchy dialog is displayed.
Adding Default Hierarchy
You can create the default hierarchy for users and services based on location, department, role, etc.
Click Proceed to create Default Hierarchy. The Default Hierarchy dialog is displayed.
You can enter the User and Service Hierarchy details as required. These details help you view the status of the attempted connections of users to the grouped applications and services. Enter the details as follows.
In the User Hierarchy dialog, enter the following details.
- User Hierarchy Name.
- Hierarchy Tags. You can add more tags by clicking the Add Hierarchy Tag button.
In the Service Hierarchy dialog, enter the following details.
- Service Hierarchy Name.
- Hierarchy Tags. You can add more tags by clicking the Add Hierarchy Tag button.
After entering this information, click Create.
A success prompt is displayed for a successful configuration. You can now view the connections between the users to the applications and services on the dashboard.
Note:
You can add and use a maximum of 6 hierarchy tags for each hierarchy. A maximum of 6 hierarchies (1 Default and 5 Custom) can be created in one workspace.
Click View Connections. This will open the Hierarchy view on Visibility page.