• Permissions required for your user to install resources
• Other prerequisites
  • Azure Key Vault
  • Custom Domains
  • SSL Certificate
  • DNS
• Create certificate key vault and upload certificate
  • Task-1: Create resource Group
  • Task-2: Create key vault
  • Task-3: Provide key vault access to user
  • Task-4: Provide key vault access to application
  • Task-5: Upload SSL certificate

Prerequisites for installing at customers Azure

Permissions required for your user to install resources

To be able to install azure resources and register required applications, the following permissions are required:

1. Contributor role to Azure Subscription (preferred) or to existing Azure Resource Group where all resources will be installed
2. Application Developer in Azure AD for registering and maintaining App registrations and Enterprise applications in Azure AD, this is required to set up authentication and application identities

Other prerequisites

Azure Key Vault

An Azure Key Vault with a certificate (SSL) for your domain that can be accessed by your account and azure applications. See how to create key vault, add access policy and upload certificate.

Custom Domains

We recommend using custom domain for the Azure resources to avoid using azurewebsites.net as it is frequently blocked in corporate firewalls.

SSL Certificate

To enable custom domain, a SSL certificate is required, and this should be stored as a keyvault certificate.

DNS

To make use of custom domains, CNAME- records need to be added for the web applications.

Create certificate key vault and upload certificate

To upload SSL certificate, we need to complete the following tasks.

Task-1: Create resource Group

If you want to use existing RG, then please ignore this task.

1. Go to resource groups from Azure portal . Click on Create.

2. Choose your subscription name. Provide a resource group name.

Choose location, please choose same location where you will deploy your apps later. Then hit Review + create. Please take note of this resource group name.

Task-2: Create key vault

If you want to use existing key vault, then please ignore this task.

1. Go to key vaults from azure portal . Hit create.

2. Choose the resource group you've created above (or use existing one). Give it a name according to the guideline shown in image (in red). Choose same region as your resource group.

Task-3: Provide key vault access to user

1. First go to your key vault, click on Access policies. Hit create.

2. Select all permissions, then click next.

3. Search and select your user, click next.

4. Don't select anything, click next again. Then click create.

Task-4: Provide key vault access to application

1. Again go to Access policies from your key vault. Then hit create.

2. Provide read access only, select get for secret and certificate. Click next.

3. Select azure app service. Hit next. Skip optional part, hit next. Then hit create.

Task-5: Upload SSL certificate

1. Go to the key vault. From left menu go to Certificates. Then click on Generate/Import.

2. Choose Import as method of certificate creation.

3. Fill up the required fields and select your SSL certificate. Then hit create. Please take note of the certificate name.