The information mentioned in this article refers to Safetica 9.4 and older. If you are using Safetica 9.5 or higher, the steps described below are automated and you can follow a much-simplified configuration. You can learn more in this knowledge base article.
As of version 9.1, manual creation of the Safetica Azure application is required. This application requires the following sets of permissions:
Microsoft Graph: Read and write all users' full profiles
|Application||Required for identifying Azure Active Directory users and including them in the Safetica user tree|
Office 365 Management APIs: Read activity data for your organization
|Application||Required for monitoring Office 365 file activity|
1. Log in to your organization’s Azure Active Directory admin center: https://aad.portal.azure.com/
2. Go to All services → App registrations → New registration
3. Fill in the details for the new application and confirm by clicking on Register
|Name||SafeticaApplication (or choose your own)|
|Supported account types||Accounts in this organizational directory only|
|Redirect URI (Web)||https://safetica-management-server/WebSafetica/SaveOffice365ServiceAuthResult (replace the red text with your WebSafetica URL)
4. Your application's details will now open. Within the application's view go to Manage → API permissions → Add a permission and add the following permissions:
- Microsoft Graph → Application permissions → User.ReadWrite.All (Read and write all users' full profiles)
- Office 365 Management API → Application permissions → ActivityFeed.Read (Read activity data for your organization)
5. Confirm the new permissions by clicking on Grant admin consent for <your tenant name>
6. Within the application's view go to Manage → Certificates & secrets → New client secret and add a client secret:
|Description||SafeticaSecret (or choose your own)|
7. Copy the the new secret's value for later as you won't be able to retrieve it after your leave your current view
8. Go back to the application's Overview and copy the Application (client) ID for later
6. Applying your changes may take a while, bear this in mind before continuing with next steps.
Office 365 file monitoring - WebSafetica configuration
Once you have your Safetica Azure application created and configured, you may have to wait for a while until the changes are fully applied. If you run into problems with the steps below, repeat them again later.
1. Log in to your WebSafetica management console
2. Go to Management → General → Office 365 settings and click on the Edit icon
3. Fill in the form with the information prepared in previous steps:
your Azure tenant name (e.g. your-tenant.onmicrosoft.com)
You can confirm this at https://portal.office.com/adminportal/home#/Domains (Microsoft 365 admin center → Setup → Domains)
your application (client) ID
your application's client secret's value
4. Save the form and if the information have been filled in correctly, a green banner will confirm saving your changes.