# Entra VerifiedID Integration - Next Steps Summary

This document provides a high-level overview of all next steps required to complete the Entra VerifiedID integration for eCredential issuance.

## Quick Start

For automated setup, run:
```bash
./scripts/deploy/setup-entra-automated.sh
```

For detailed manual steps, see: [ENTRA_VERIFIEDID_DEPLOYMENT_CHECKLIST.md](./ENTRA_VERIFIEDID_DEPLOYMENT_CHECKLIST.md)

## Task Categories

### 🔵 Azure Configuration (8 tasks)
1. Create Azure AD App Registration
2. Configure API Permissions
3. Create Client Secret
4. Enable Verified ID Service
5. Create Default Credential Manifest
6. Create Diplomatic Credential Manifest (optional)
7. Create Judicial Credential Manifest (optional)
8. Create Financial Credential Manifest (optional)

**Estimated Time**: 2-4 hours
**Dependencies**: Azure subscription access

### 🟢 Environment Configuration (6 tasks)
1. Run Automated Setup Script (or manual secret storage)
2. Store Secrets in Azure Key Vault
3. Configure Development Environment
4. Configure Staging Environment
5. Configure Production Environment
6. Configure Multi-Manifest Support (if using multiple manifests)
7. Configure Rate Limits

**Estimated Time**: 1-2 hours
**Dependencies**: Azure configuration complete

### 🟡 Testing (8 tasks)
1. Run Unit Tests
2. Run Integration Tests
3. Test Credential Issuance
4. Test Credential Verification
5. Test Webhook Endpoint
6. Test Status Endpoint
7. Test Retry Logic
8. Test Rate Limiting
9. Test Multi-Manifest Support
10. Test eIDAS Bridge

**Estimated Time**: 2-3 hours
**Dependencies**: Environment configuration complete

### 🟠 Deployment (4 tasks)
1. Deploy to Staging
2. Configure Webhook URL in Staging
3. Verify Staging Integration
4. Deploy to Production
5. Configure Webhook URL in Production
6. Verify Production Integration

**Estimated Time**: 2-3 hours
**Dependencies**: Testing complete

### 🔴 Monitoring Setup (3 tasks)
1. Set Up Prometheus Scraping
2. Create Grafana Dashboard
3. Set Up Alerts

**Estimated Time**: 1-2 hours
**Dependencies**: Deployment complete

### 🟣 Documentation (3 tasks)
1. Update Deployment Documentation
2. Create Operational Runbook
3. Document Troubleshooting Guide
4. Train Team

**Estimated Time**: 2-3 hours
**Dependencies**: None (can be done in parallel)

## Total Estimated Time

- **Minimum** (automated setup, single manifest): 8-12 hours
- **Recommended** (automated setup, multiple manifests): 10-15 hours
- **Comprehensive** (manual setup, full testing, monitoring): 12-18 hours

## Critical Path

The critical path for deployment is:

1. Azure Configuration → 2. Environment Configuration → 3. Testing → 4. Staging Deployment → 5. Production Deployment

Monitoring and Documentation can be done in parallel.

## Priority Tasks

**Must Complete Before Production:**
- ✅ Azure App Registration and API Permissions
- ✅ Client Secret Creation
- ✅ At least one Credential Manifest
- ✅ Environment Configuration
- ✅ Basic Testing (issuance and verification)
- ✅ Staging Deployment and Verification

**Should Complete Before Production:**
- ✅ Webhook Configuration
- ✅ Monitoring Setup
- ✅ Rate Limit Configuration
- ✅ Integration Testing

**Can Complete After Production:**
- ⏳ Additional Credential Manifests
- ⏳ Advanced Monitoring Dashboards
- ⏳ Comprehensive Documentation
- ⏳ Team Training

## Resources

### Documentation
- **Deployment Checklist**: [ENTRA_VERIFIEDID_DEPLOYMENT_CHECKLIST.md](./ENTRA_VERIFIEDID_DEPLOYMENT_CHECKLIST.md)
- **Operational Runbook**: [../operations/ENTRA_VERIFIEDID_RUNBOOK.md](../operations/ENTRA_VERIFIEDID_RUNBOOK.md)
- **Integration Guide**: [../integrations/MICROSOFT_ENTRA_VERIFIEDID.md](../integrations/MICROSOFT_ENTRA_VERIFIEDID.md)

### Scripts
- **Automated Setup**: `./scripts/deploy/setup-entra-automated.sh`
- **Store Secrets**: `./scripts/deploy/store-entra-secrets.sh`

### External Resources
- [Microsoft Entra VerifiedID Documentation](https://learn.microsoft.com/en-us/azure/active-directory/verifiable-credentials/)
- [Azure Portal](https://portal.azure.com)
- [Azure CLI Documentation](https://docs.microsoft.com/cli/azure/)

## Getting Help

If you encounter issues:

1. Check the [Troubleshooting Guide](../operations/ENTRA_VERIFIEDID_RUNBOOK.md#troubleshooting)
2. Review logs: `kubectl logs -n the-order-prod deployment/identity-service`
3. Check metrics: `curl https://api.theorder.org/metrics | grep entra`
4. Consult the [Operational Runbook](../operations/ENTRA_VERIFIEDID_RUNBOOK.md)
5. Contact Azure Support for Entra-specific issues

## Status Tracking

Track your progress using the TODO list in your project management tool or the checklist in [ENTRA_VERIFIEDID_DEPLOYMENT_CHECKLIST.md](./ENTRA_VERIFIEDID_DEPLOYMENT_CHECKLIST.md).

---

**Last Updated**: [Current Date]
**Next Review**: After staging deployment