# Deployment Steps Summary - UPDATED ## Phase 3: Entra ID Configuration 🔐 - **ENHANCED** **Status**: ✅ Code Complete, ⏳ Configuration Pending **Duration**: 1-2 days (with automation: 2-4 hours) **Can Run In Parallel**: Yes (with Phase 2) **Dependencies**: Phase 1 ### Automated Setup (Recommended) **NEW**: Automated setup script available: ```bash ./scripts/deploy/setup-entra-automated.sh ``` This script automates: - ✅ Azure AD App Registration creation - ✅ Service principal creation - ✅ Client secret generation - ✅ Key Vault secret storage - ✅ Environment file generation ### 3.1 Azure AD App Registration **Option A: Automated (Recommended)** ```bash ./scripts/deploy/create-entra-app.sh ``` **Option B: Manual** 43. Create App Registration in Azure Portal 44. Note Application (client) ID 45. Note Directory (tenant) ID 46. Configure API permissions (Verifiable Credentials Service) 47. Grant admin consent for permissions 48. Create client secret 49. Save client secret securely (only shown once) 50. Configure redirect URIs for portals 51. Configure logout URLs ### 3.2 Microsoft Entra VerifiedID 52. Enable Verified ID service in Azure Portal 53. Wait for service activation 54. Create credential manifest 55. Define credential type 56. Define claims schema 57. Note Manifest ID 58. Verify Issuer DID format 59. Test DID resolution **NEW**: Support for multiple manifests: - Configure `ENTRA_MANIFESTS` environment variable - Use `manifestName` parameter in API calls - See: `docs/integrations/MICROSOFT_ENTRA_VERIFIEDID.md` ### 3.3 Enhanced Features (NEW) **Retry Logic**: ✅ Implemented - Automatic retry on transient failures (429, 500, 502, 503, 504) - Configurable exponential backoff - See: `packages/auth/src/entra-verifiedid-enhanced.ts` **Webhook Support**: ✅ Implemented - Automatic webhook processing at `/vc/entra/webhook` - Status updates and database synchronization - See: `services/identity/src/entra-webhooks.ts` **Rate Limiting**: ✅ Implemented - Entra-specific rate limits - Configurable via environment variables - See: `packages/shared/src/rate-limit-entra.ts` **Monitoring**: ✅ Implemented - Comprehensive Prometheus metrics - Grafana dashboard configuration - Alert rules - See: `packages/monitoring/src/entra-metrics.ts` ### 3.4 Environment Configuration **NEW**: Automated environment setup: ```bash ./scripts/deploy/configure-env-dev.sh ``` 60. Create databases (dev, stage, prod) 61. Create database users 62. Grant privileges 63. Configure firewall rules for AKS 64. Test database connection ### Testing **NEW**: Automated test script: ```bash ./scripts/test/test-entra-integration.sh ``` Tests include: - ✅ Unit tests - ✅ Integration tests - ✅ API endpoint tests - ✅ Feature tests (retry, rate limiting, multi-manifest) ### Monitoring Setup **NEW**: Pre-configured monitoring: - Prometheus config: `infra/monitoring/prometheus-entra-config.yml` - Grafana dashboard: `infra/monitoring/grafana-entra-dashboard.json` - Alert rules included ### Documentation **NEW**: Comprehensive documentation: - ✅ Deployment Checklist: `docs/deployment/ENTRA_VERIFIEDID_DEPLOYMENT_CHECKLIST.md` - ✅ Operational Runbook: `docs/operations/ENTRA_VERIFIEDID_RUNBOOK.md` - ✅ Next Steps: `docs/deployment/ENTRA_VERIFIEDID_NEXT_STEPS.md` - ✅ Integration Guide: `docs/integrations/MICROSOFT_ENTRA_VERIFIEDID.md` --- ## Quick Start for Entra VerifiedID 1. **Run automated setup**: ```bash ./scripts/deploy/setup-entra-automated.sh ``` 2. **Configure environment**: ```bash ./scripts/deploy/configure-env-dev.sh ``` 3. **Run tests**: ```bash ./scripts/test/test-entra-integration.sh ``` 4. **Deploy monitoring**: - Apply Prometheus config - Import Grafana dashboard 5. **Follow detailed checklist**: - See: `docs/deployment/ENTRA_VERIFIEDID_DEPLOYMENT_CHECKLIST.md` --- **Last Updated**: [Current Date] **Status**: ✅ Code Complete, Automation Ready, Documentation Complete