Synergix SEVA, is a complete and free replacement of Microsoft LAPS. SEVA supports password rotation of multiple local accounts on Windows, Unix and MAC devices that are in Azure AD, OnPrem AD, Workgroup or hosted in AWS, GCP, etc.
This article provides step-by-step instructions on deploying and on testing Synergix SEVA software on Microsoft Windows computers. Similar steps may be followed in deploying the software on UNIX, MacOS and other supported operating systems.
All required serverless resources are deployed in customer’s Azure Subscription, letting customers have complete control of their data.
- Active Azure Account with membership in Azure AD Global Administrators security group.
Global Administrator privilege is required during initial setup only, to create a new Resource Group and to deploy required Azure Resources i.e. Web Apps, Key Vault, Table Storage and App Service Plan. Alternatively, the Global Administrator may delegate administration to other Azure AD Identity who can perform required actions.
- Local Administrator Account privileges on endpoints to manually install the pre-requisites, .NET Core 3.1.1+ Runtime and the Synergix SEVA MSI package or
- Intune Administrator privileges to distribute the pre-requisites.
Depending upon the scope of testing, you may need one of more of computers, physical or virtual, running supported Operating Systems
.NET Core 3.1.1+ Runtime must be installed on the endpoints
Windows 7.0 SP1
Windows Server 2008/R2
Windows Server 2012/R2
Windows Server 2016 or
Windows Server 2019
Unix. RHEL, Fedora, Debian, Ubuntu, Linux Mint, SUSE Enterprise Linux, Alpine and more …
Endpoints may be in any one of the following environments.
- On Prem Active Directory
- Azure AD
- Azure AD Domain Services
- GCP and other
Includes computers in DMZ
- Direct Internet Connection to your Azure Endpoints or
- Point-to-Site Connection to your Azure Endpoints or
- Indirect Connection through a Web Proxy to your Azure Endpoints
The back-end services, hosted in your Azure subscription, may be deployed using one of the two options
Azure Marketplace Offer
The Virtual Machine is a Microsoft Certified Virtual Machine that is based upon Windows Server 2016 or Windows Server 2019 Operating System. It contains required artifacts
- PowerShell Script to deploy Azure Resources
- PowerShell Script to deploy the binaries in Web Apps
This offer is appealing to customers, like the US Government and companies in the Banking, Financial and other industries that implement stricter Information Security policies. Deploying a Microsoft Certified Virtual Machine from Azure Marketplace provides the assurance that no binaries are transferred from external sources.
Once the Virtual Machine is deployed, the installer can RDP to the VM, review the content of the artifacts and run them in following order. The Installation Guide (PDF) provides further details.
Install required PowerShell modules
Create required Azure Resources
Deploy binaries in Azure Web Apps
- Deploy MSI
The VM may be used to deploy the MSI package as a trial run. Upon deployment and setting the configuration parameters for your Azure Resources, you should be able to retrieve new password for the Built-In Administrator account.
This offer is appealing to customers who wish to download the binaries from Synergix website and deploy the Azure Resources from an Internet connected Windows 10 computer. Review the Installation Guide (PDF) in the downloaded Zip file and use the software artifacts to setup the environment.
Please submit your request for free Synergix SEVA Community Edition license key by writing to email@example.com. Note that the license key is tied to your Azure Directory ID.
Please review End User License Agreement including with the artifacts, before proceeding with the activation of the product.
- Launch SEVA Portal specific to your Azure environment.
- Login using your Azure Account that is member of the newly created Azure AD Security Group(s) that allow access to the portal
- Search for device
- Under Security Actions, select “Built-In Administrator Account”
- Enter business justification for retrieving the password
- By default, the password is masked. Click on retrieve password to view the password
- Was the test successful?