Installation Guide
This guide aims to detail the system prerequisites and requirements prior to the deployment of Apporetum - Identity & Access Management Service. This guide will detail the deployment information for the prerequisites which need to be in place for the successful deployment of Apporetum.
The installation from the marketplace will require you to select the correct plan for your organisation view the [Azure Marketplace Offer](https://portal.azure.com/#view/Microsoft_Azure_Marketplace/GalleryItemDetailsBladeNopdl/id/apporetumptyltd1673214728292.apporetum-byol/selectionMode~/false/resourceGroupId//resourceGroupLocation//dontDiscardJourney~/false/selectedMenuId/home/launchingContext~/%7B%22galleryItemId%22%3A%22apporetumptyltd1673214728292.apporetum-byolmanaged-app-monthly-payg-001%22%2C%22source%22%3A%5B%22GalleryFeaturedMenuItemPart%22%2C%22VirtualizedTileDetails%22%5D%2C%22menuItemId%22%3A%22home%22%2C%22subMenuItemId%22%3A%22Search%20results%22%2C%22telemetryId%22%3A%2241a9f8b3-1205-4612-a577-205459e61a2a%22%7D/searchTelemetryId/1f9fcd2b-e357-4ca4-a86c-84ed19dd730b)
Deployment Overview
At a minimum, the System Administrator will require contributor rights for deployment of the resource group and services within the targeted subscription. An enterprise application registration and client secret will be a requirement prior to deployment of Apporetum from the Azure Marketplace. Whilst the rest of the services will be deployed as part of the marketplace application install process. Further consideration may be required for networking between the resource group to the Entra ID, Entra External ID for Customers or to an alternative identity provider for on-premises Active Directory.
When Apporetum is deployed from the Azure marketplace several resources and services will be deployed into the new resource group. The following will be resources will appear in the subscription:
- App Service + App Service Plan (Access Manager SPA)
- App Service + App Service Plan (Access Manager Service API Server)
- User Assigned Managed Identity
- Azure Storage Blob
- Key Vault
- Azure SQL server
- Azure SQL DB (Apporetum and Scheduler DB)
- VNet
- Subnets (App Services, SQL and KeyVault)
- Private endpoint (SQL and KeyVault)
- Network Security Group
- Deployment scripts and associated storage blobs will be temporarily deployed and removed post deployment.