Onboarding Wizard

Print Friendly, PDF & Email

When you log on for the first time, a wizard appears to help the user configure their organization setup in Seqrite HawkkProtect. The complete on-boarding of Users, Applications and Services can be done in the following 8 steps.

  1. Add Certificates.
  2. Add Identity Providers.
  3. Add Sites.
  4. Add App Connectors.
  5. Add Tags.
  6. Add Applications and Services.
  7. Add Zero Trust Policies.
  8. Add Default Hierarchy.

Click Proceed to start the on-boarding.

Wizard onboarding welcome screen

Adding Certificates

Step 1 - Add certificates

In this step, add a valid security certificate for your organization so that the connections between HawkkProtect and application servers are secure and authenticated.

Select the type of certificate as required. Depending on your selection, follow these steps.

Note:
To integrate ADFS IdP type with HawkkProtect, only custom certificate can be used.

Adding a custom certificate

If you select Import Custom Certificate, a new page appears.

Add custom certificate 1
Add custom certificate 2

Enter the following certificate details.

  1. Enter the certificate name.
  2. Enter the certificate description.
  3. Paste the certificate body file content.
  4. Upload the certificate chain file.
    The certificate chain file is used if there are multiple entries in a certificate file.
  5. Paste the private key file content.
  6. Enter the site domain name.
  7. Enter the passphrase.
    Passphrase is required for an encrypted private key file.

Adding an auto-generated certificate

Auto generated certificate 1.1

Enter the following certificate details.

  1. Enter the certificate name.
  2. Enter the certificate description.
  3. Enter the organization name.
  4. Enter the site domain name.
  • After this is done, click Add Certificate.
  • The Certificate Management page is displayed.

    Proceed to step 2

    Click Proceed to Step 2. The Add IdP dialog is displayed.

    Adding Identity Providers

    Step 2 - Add IdP

    Enter the details for your identity and access manager application that manages the access rights of all users in your organization.

    Ensure that you configure the following prerequisites before adding the identity providers.

    IdP Type Prerequisites
    Microsoft Azure Create an enterprise application on the organization’s azure ID and create a user sync app on Microsoft Azure. To know more, click https://docs.seqrite.com/docs/seqrite-hawkkprotect/settings/idp/prerequisites-for-microsoft-azure/
    Google IdP Create a gateway SAML app on Google Workspace and then create a user sync app on Google Cloud Console. To know more, click https://docs.seqrite.com/docs/seqrite-hawkkprotect/settings/idp/prerequisites-for-microsoft-azure/
    Active Directory Federation Services Configure relying part in ADFS server. To know more, click https://docs.seqrite.com/docs/seqrite-hawkkprotect/settings/idp/configuring-relying-party-trust-in-adfs-server/

    Depending on the type of IdP you have, click Proceed to add Identity Providers (IdP) or Proceed with Local User Management.

    The Add IdP page is displayed.

    Add IdP 1.1

    Enter the IdP details as follows.

    I. In the IdP Details dialog, enter the following information.

    Column Name Description
    IdP Name Name of the IdP.
    IdP Description Description of the IdP.

    II. In the IdP Type Details dialog, enter the following information.

    Column Name Description
    IdP Type Type of the IdP.
    Authentication Method Authentication method used to authenticate users.

    You need to enter the following details based on the selected IdP type.

    IdP Type Authentication Method Details To Be Entered
    Active Directory 2012 Custom Admin Username for AD, Admin Password for AD, Host, Port, Base DN, Bind DN.
    Active Directory 2016 Custom Admin Username for AD, Admin Password for AD, Host, Port, Base DN, Bind DN.
    Active Directory 2019 LDAP Admin Username for AD, Admin Password for AD, Host, Port, Base DN, Bind DN.
    Microsoft Azure SAML Select certificate. Enter Entity ID, Reply URL, XML URL, Application (client) ID, Client secrets, OAuth 2.0 token endpoint (v2).
    Google Workspace SAML Select certificate. Enter Entity ID, Reply URL, Federation Metadata Type, XML URL, Client ID, Client Secret, Project ID.
    ADFS SAML Select certificate. Enter Entity ID, Reply URL, Host, Federation Metadata Type, XML URL, Admin Username for AD, Admin Password for AD, Host, Port, Base DN, Bind DN.

    Note:
    To integrate ADFS IdP type with HawkkProtect, only custom certificate can be used.

    If you click Proceed with Local User Management, you will be redirected to the User management page.

    User management onboarding wizard 1.1

    III. After entering and confirming these details, click Add IdP. The IdP Management page is displayed.

    Proceed to step 3

    Click Proceed to Step 3.

    Adding Sites

    The Tenant administrator must add the location/sites where the organizational applications/services are hosted or located.

    Step 3 - Add Sites

    Click Proceed to add Sites. The Add Site dialog is displayed.

    Add site details 1.1

  • Enter the following site details.
    1. Enter the site name.
    2. Enter site description, if any.
    3. Select the appropriate certificate from the drop-down menu.
    4. Select the appropriate IdP from the drop-down menu.
    5. Enter the sub domain in the Site Domain Name textbox and select the base domain from the drop-down menu.
    6. Click Deploy.
    7. Note:
      The site deployment may take up to 8 minutes.

    If verification is successful, the DNS Addition form dialog is enabled.

    Note:
    The DNS addition is required only in case of custom certificate and not in case of auto-generated certificate.

  • Enter the sub domain in the Site Domain Name textbox and select the base domain from the drop-down menu. Click Deploy.
  • If verification is successful, the DNS Addition form dialog is enabled.

  • In the DNS addition section, perform the following steps.

    DNS addition 1.1

    1. Copy the site domain name and site canonical name (CNAME)
    2. Add a CNAME type record in your DNS provider host.
    3. After the DNS is propagated globally, click Verify.
  • After this is done, click Finish.
  • The Site Management page appears.

    Proceed to step 4

    Click Proceed to Step 4 for adding the App Connectors.

    Adding App Connectors

    In this step, you must specify the connection details to connect HawkkProtect to your application servers.

    Skip to step 5

    If you want to configure app connector later, you can select Public Web Apps and click Skip to step 5.

    Step 4 - Add app connectors

    Click Add App Connectors. The Add App connector page is displayed.

    Add app connector 1.1

    On the Add App Connector page, enter the following information.

    I. In the App Connector Details dialog, enter the following information.

    Fields Description
    App Connector Name App connector name.
    App Connector Description Description of the app connector, if any.

    II. In the App Connector Other Details dialog, select the site from the drop-down list. This is the domain name where organizational applications/ services are hosted.
    III. After entering this information, click Add. The App Connector Management page is displayed with app connectors list and description.

    The App Connector Management page is displayed with app connectors list and description.

    App conenctor management with download option 1.1
    Proceed to step 5

    Click Proceed to Step 5 to start adding tags.

    Adding Tags

    In this step, you must add the dynamic tags that help you specify the parameters to create policies for allowing a connection.

    Step 5 - Add tags

    Click Proceed to add Dynamic Tags. The Add Dynamic Tag dialog is displayed.

    Add dynamic tag 1.1

    Enter the information as follows.

    Fields Description
    Tag Key Enter the suitable tag key.
    Tag Color Select the desired tag color.
    Data source Shows the data source from which the user data is fetched.
    Tag applied to Select the entity to which you need to apply the tag.
    Attribute Select the tag attribute.
    Criteria Select the appropriate criteria from the drop-down menu.
    Expression Enter the expression depending on the selected criteria. For Entire length, The ‘expression field will be disabled. For Nth Element and RegEx options, you can enter the expression as required.
    Description Enter the description for the tag.

    Add dynamic tag - application 1.1

    If you click the Application option under Tag Applied To, the following information needs to be entered.

    • Variable/ Parameter: The entity to which the tag will be applicable.
    • Description: Tag description, if any.

    After you have completed entering the required information, click Add.
    The Tag Management page is displayed and the added tags are listed in the display.

    Proceed to step 6

    Click Proceed to Step 6 to add Applications and Services. The corresponding dialog is displayed.

    Adding Applications and Services

    Here, the tenant administrator must add the applications and services to which you want to apply the Zero Trust paradigm.

    Add application and services

    Click Proceed to add Applications and Services. The Add applications dialog is displayed.

  • Enter the following information in the Application Information section.

    Add application - Application information

    • Enter the Application Name.
    • Enter the Application Description.
    • Upload the application logo.
  • Enter the following details and select appropriate options (wherever applicable) in the Application Details section.
  • Select one of the application types.
    • Public Web Apps.
    • Private Web Apps and Services.

      Depending on the application type that you select, relevant parameters are displayed.

    Public Web Apps

    Application types public web apps

    Enter the following information for the public web apps.

    • Enter the IP Address / Domain Name of the application.
    • Select the appropriate protocol from the drop-down menu.
    • Select the appropriate port value from the drop-down menu whether HTTP or HTTPS.
    • Enter the relative URL path.
      For example: For the URL https://myapps.organization.com/careers/engineering , the relative URL path is /careers/engineering.
      The relative URL path must start with a forward slash ( / ).
    • Enter the external domain name by entering the sub domain and selecting the base domain.
    • Enter the tags applicable to the application.

    Private Web Apps and Services

    Application types private web apps

    Enter the following information for the public web apps and services.

    • Enter the IP Address / Domain Name of the application.
    • Select the appropriate protocol from the drop-down menu.
    • Select the appropriate port value from the drop-down menu.
      • If the selected port is either HTTP or HTTPS, enter the relative URL path.
        For example: for the URL https://myapps.organization.com/careers/engineering , the relative URL path is /careers/engineering.
        The relative URL path must start with a forward slash ( / ).
      • If the selected port is Web RDP, select the RDP access type.
        If the selected RDP access type is ‘Limited application type’, enter the Remote Application Name, Remote Application Directory, and Remote Application Argument.
  • Enter the external domain name for the application by entering the sub domain and selecting the base domain.
  • Enter the tags applicable to the application.
  • After this is done, click Add.

    The Application Catalog page is displayed with application details that you have configured.

    Proceed to step 7

    Click Proceed to Step 7.

    Adding Zero Trust Policies

    In this step, you must add the policies with necessary conditions to access or restrict access to the applications.

    Add zero trust policies

    Click Proceed to add Zero Trust Policies. The Add policy dialog is displayed.

    Add policy 1.1

    Enter the following details.
    I. In the Policy Information dialog, enter the following information.

    Column Name Description
    Identifier Suitable identifier for the policy.
    Name Name of the policy.
    Observe Shows whether connections allowed under this policy are being observed.
    Description Detailed description of the policy.

    II. In the Allow Rule dialog, enter the following information.

    Column Name Description
    Source Tags Tags applied on user from where the connection is established.
    Destination Tags Tags applied on applications where the connection is received.
    Exception Tags Based on connection requirement, these tags will exclude users to whom available source tags are applicable.

    III. Click Save as draft if you want to work on the policy later. Else, click Add Policy.
    The Policy Management page is displayed and the added policies are displayed in the list.

    WO Step 7.3 Policy mgmt

    Click Proceed to Step 8. The Add Default Hierarchy dialog is displayed.

    Adding Default Hierarchy

    You can create the default hierarchy for users and services based on location, department, role, etc.

    Create default hierarchy

    Click Proceed to create Default Hierarchy. The Default Hierarchy dialog is displayed.

    WO Step 8.2 Add hierarchy

    You can enter the User and Service Hierarchy details as required. These details help you view the status of the attempted connections of users to the grouped applications and services. Enter the details as follows.

    In the User Hierarchy dialog, enter the following details.

    1. User Hierarchy Name.
    2. Hierarchy Tags. You can add more tags by clicking the Add Hierarchy Tag button.

    In the Service Hierarchy dialog, enter the following details.

    1. Service Hierarchy Name.
    2. Hierarchy Tags. You can add more tags by clicking the Add Hierarchy Tag button.

    After entering this information, click Create.
    A success prompt is displayed for a successful configuration. You can now view the connections between the users to the applications and services on the dashboard.

    Note:

    You can add and use a maximum of 6 hierarchy tags for each hierarchy. A maximum of 6 hierarchies (1 Default and 5 Custom) can be created in one workspace.

    WO success message

    Click View Connections. This will open the Hierarchy view on Visibility page.

  • Was this page helpful?