Install Salem Azure Application
This Quickstart guide was developed for Salem users who leverage Azure, Entra ID and MS Teams. If your use case deviates from this requirement please contact Salem Support at [email protected] for install instructions.
Prerequisites
An active Azure subscription, including Microsoft Entra ID
An active Microsoft 365 license that includes Microsoft Teams
Part 1: Create an App Registration in Microsoft Entra ID
Create App Registration
From a web browser, go to the Azure Portal and sign in.
From the Azure portal, search for and select "Microsoft Entra ID".
In the top left, select 'Add' and then 'App registration'
From the Register an application page:
Enter a name
Select account type (Note: Single tenant is typically the best option)
Enter Redirect URI. Platform type 'Web' with a value of
https://token.botframework.com/.auth/web/redirect
Select 'Register'
Record the Application ID, Object ID, and Directory ID for future use.
Create App Secret
In the newly created App registration resource, select 'Certificates & secrets' in the menu on the left.
Create 'New client secret'
Select a reasonable expiry time, if the secret expires, users will no longer be able to login to Salem
Note down the secret value
Create App User Roles
Select "App Roles"
Create Application Roles
There are three Salem roles (salem.user, salem.analyst, salem.admin) and you an create AD roles that contain any combination of these roles. For now, create a new role:
Display Name: Salem_Admins
Allowed Member Types: Users/Groups
Value: salem.analyst,salem.admin
Description: Users with this role will have both analyst and admin permissions
NOTE: For information on available user roles see: Role Based Access Control (RBAC)
Add API Permissions
Select "API permissions" from the left-side menu
Add Offline Access permission by
Select "Add a permission"
Select "Microsoft Graph"
Select "Delegated permission"
Search for and select "offline_access"
Select Add permission
(Optional) Grant Admin consent for these permissions. This can only be done by a user with the Global Administrator role. This is REQUIRED if any of the permissions listed indicate that admin consent is required
Add Users
Return to Microsoft Entra ID in the Azure portal
Select "Enterprise applications"
Search for and select the name of the app registration you just created
Select "Users and groups"
Add user/group
Select a user or group
Select the role created above
Continue adding individual users as needed.
Require Users to be Assigned to Salem (Optional but Recommended)
If this setting is left as its default, users who aren't assigned roles to use Salem can authenticate successfully with default access. Users with default access will be able to authenticate to Salem but receive a message that they have no application-level role. To simplify the experience for everyone, requiring assignment will prevent unassigned users from being able to authenticate at any level to the Salem application.
Select "Properties" from the left side menu
Toggle "Assignment required?" to Yes
Part 2: Deploy Salem Application
From the Azure portal, search for and select 'Marketplace'.
Use the search feature to find "Salem the AI Cyber Analyst for SOC Automation".
Select and Create
App configuration details should have been noted when creating the app registration
Under 'Network Configuration', provide a non-overlapping class C IP address (meaning an IP address block not in use in any network that may connect to Salem).
These IP addresses will be used if you peer the Salem Vnet to other Vnets in your Azure subscription. Network peering will allow you to send and receive information from Salem without needing to connect to the Internet. Some communication between Azure services will continue to use Azure network routing. It may take 30 minutes or more to fully provision Salem
Last updated