Knowledge: Using Key Vault in AzureAD to store Sysero DataRoom Encryption Key for Text Fields
Back
    Knowledge
    Title*Using Key Vault in AzureAD to store Sysero DataRoom Encryption Key for Text Fields
    ManualAdministration
    Manual Level TwoIntegrations
    Manual Level ThreeOffice365
    Created15/10/2021
    DetailVault Key Secrets are used for encrypting Data Rooms. it is so that people can store their own encryption key, that only their users have access to.

    Note only TextField types in Sysero can be encrypted and this is on case by case basis in form field settings.

    Office365 (Azure Active Directory) App Registration Settings

    Pre-requisit to this setup is that Setting up OAuth Authentication from Office365 / AzureAD to Sysero has already been completed.
    1. Open the App Registration called something like Sysero (User Delegated).
    2. In Authentication check Access tokens (used for implicit flows).
    3. In Certificates and Secrets, add a secret and copy the value.
    4. Add the following API Permissions:
      1. Azure Key Vault > user_impersonation > User Delegated (Grant Admin Consent).
    Office365 (Azure Active Directory) Key Vault Settings

    Setup key vault:
    1. Go to Azure Key Vaults.
    2. Create Key Vault if required.
    3. Add secret to Key Vault.
    4. Copy Vault URI (Endpoint), Secret Name and Secret Version.
    Sysero OAuth Configuration

    Go to Sysero > System Admin > OAuth Settings:
    1. Set Token Mode Office365 to OpenID and User Access Token.
    2. Set OAuth Secret Office365 (User Delegated).
    Sysero Key Vault Settings

    These are set on a per Data Room basis and same key can be used.  Please note if this key is lost there is no way Sysero can help you decrypt the data, it is lost forever.  To configure:
    1. Go to Sysero > Admin > Data Rooms > Data Room > Advanced Settings > Encryption and set:
      1. Endpoint.
      2. Secret Name.
      3. Secret Version.
    2. Go to Feature Settings and enable OAuth: Validate Office365 token on access.
    3. For any fields that require vault key encryption, edit the field using forms editor and set in Text Field settings Encrypted to users with vault key access (no impersonation).
    If key is disabled or other users do not have access, data will not be shown.
    Henwood House
    Henwood
    Ashford
    Kent
    TN24 8DH

    +44 (0) 1233 225 350

    Workflows & Automation
    Document Production KYC/AML Workflows Knowledge Management Workflows Risk and Compliance Workflows Client Workflow Portals
    Features
    Visual Workflow Builder Digital Forms Designer Advanced Search Tools E-Signing Encryption and Security Office Integration
    Resources
    Portal Demo Blog Case Studies Press Releases White Papers
    ©2022 SYSERO.COM ALL RIGHTS RESERVED
    PRIVACY POLICY| IMAGE CREDITS
    Privacy Policy
    Cookies help us to improve your user experience. By using this site you consent to cookies being stored on your device. Read more...
    Accept
    Back to Top
    View or hide all system messages