d-bis/the_order
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
the_order/docs/deployment/ENTRA_VERIFIEDID_NEXT_STEPS.md
defiQUG 92cc41d26d Add Legal Office seal and complete Azure CDN deployment 
- Add Legal Office of the Master seal (SVG design with Maltese Cross, scales of justice, legal scroll)
- Create legal-office-manifest-template.json for Legal Office credentials
- Update SEAL_MAPPING.md and DESIGN_GUIDE.md with Legal Office seal documentation
- Complete Azure CDN infrastructure deployment:
  - Resource group, storage account, and container created
  - 17 PNG seal files uploaded to Azure Blob Storage
  - All manifest templates updated with Azure URLs
  - Configuration files generated (azure-cdn-config.env)
- Add comprehensive Azure CDN setup scripts and documentation
- Fix manifest URL generation to prevent double slashes
- Verify all seals accessible via HTTPS
2025-11-12 22:03:42 -08:00

4.8 KiB
Raw Permalink Blame History

Entra VerifiedID Integration - Next Steps Summary

This document provides a high-level overview of all next steps required to complete the Entra VerifiedID integration for eCredential issuance.

Quick Start

For automated setup, run:

./scripts/deploy/setup-entra-automated.sh

For detailed manual steps, see: ENTRA_VERIFIEDID_DEPLOYMENT_CHECKLIST.md

Task Categories

🔵 Azure Configuration (8 tasks)

  1. Create Azure AD App Registration
  2. Configure API Permissions
  3. Create Client Secret
  4. Enable Verified ID Service
  5. Create Default Credential Manifest
  6. Create Diplomatic Credential Manifest (optional)
  7. Create Judicial Credential Manifest (optional)
  8. Create Financial Credential Manifest (optional)

Estimated Time: 2-4 hours Dependencies: Azure subscription access

🟢 Environment Configuration (6 tasks)

  1. Run Automated Setup Script (or manual secret storage)
  2. Store Secrets in Azure Key Vault
  3. Configure Development Environment
  4. Configure Staging Environment
  5. Configure Production Environment
  6. Configure Multi-Manifest Support (if using multiple manifests)
  7. Configure Rate Limits

Estimated Time: 1-2 hours Dependencies: Azure configuration complete

🟡 Testing (8 tasks)

  1. Run Unit Tests
  2. Run Integration Tests
  3. Test Credential Issuance
  4. Test Credential Verification
  5. Test Webhook Endpoint
  6. Test Status Endpoint
  7. Test Retry Logic
  8. Test Rate Limiting
  9. Test Multi-Manifest Support
  10. Test eIDAS Bridge

Estimated Time: 2-3 hours Dependencies: Environment configuration complete

🟠 Deployment (4 tasks)

  1. Deploy to Staging
  2. Configure Webhook URL in Staging
  3. Verify Staging Integration
  4. Deploy to Production
  5. Configure Webhook URL in Production
  6. Verify Production Integration

Estimated Time: 2-3 hours Dependencies: Testing complete

🔴 Monitoring Setup (3 tasks)

  1. Set Up Prometheus Scraping
  2. Create Grafana Dashboard
  3. Set Up Alerts

Estimated Time: 1-2 hours Dependencies: Deployment complete

🟣 Documentation (3 tasks)

  1. Update Deployment Documentation
  2. Create Operational Runbook
  3. Document Troubleshooting Guide
  4. Train Team

Estimated Time: 2-3 hours Dependencies: None (can be done in parallel)

Total Estimated Time

  • Minimum (automated setup, single manifest): 8-12 hours
  • Recommended (automated setup, multiple manifests): 10-15 hours
  • Comprehensive (manual setup, full testing, monitoring): 12-18 hours

Critical Path

The critical path for deployment is:

  1. Azure Configuration → 2. Environment Configuration → 3. Testing → 4. Staging Deployment → 5. Production Deployment

Monitoring and Documentation can be done in parallel.

Priority Tasks

Must Complete Before Production:

  • Azure App Registration and API Permissions
  • Client Secret Creation
  • At least one Credential Manifest
  • Environment Configuration
  • Basic Testing (issuance and verification)
  • Staging Deployment and Verification

Should Complete Before Production:

  • Webhook Configuration
  • Monitoring Setup
  • Rate Limit Configuration
  • Integration Testing

Can Complete After Production:

  • Additional Credential Manifests
  • Advanced Monitoring Dashboards
  • Comprehensive Documentation
  • Team Training

Resources

Documentation

Scripts

  • Automated Setup: ./scripts/deploy/setup-entra-automated.sh
  • Store Secrets: ./scripts/deploy/store-entra-secrets.sh

External Resources

Getting Help

If you encounter issues:

  1. Check the Troubleshooting Guide
  2. Review logs: kubectl logs -n the-order-prod deployment/identity-service
  3. Check metrics: curl https://api.theorder.org/metrics | grep entra
  4. Consult the Operational Runbook
  5. Contact Azure Support for Entra-specific issues

Status Tracking

Track your progress using the TODO list in your project management tool or the checklist in ENTRA_VERIFIEDID_DEPLOYMENT_CHECKLIST.md.

Last Updated: [Current Date] Next Review: After staging deployment

Reference in New Issue View Git Blame Copy Permalink