Deploy FoxIDs in your Azure tenant.
The Azure deployment include:
- Two App Services one for FoxIDs and one for the FoxIDs Control (Client and API). Both App Services is hosted in the same App Service plan and the App Services has both a production and test slot.
- FoxIDs is deployed to the two App Services test slots from the
masterbranch with Kudu. When the branch is updated an automatically deployment update is initiated with webhooks. Deployment updates is automatically promoted from the test slots to the production slots. In a production environment It is recommended to chanting the production promotion to manually initiated.
- Key vault. Secrets are placed in Key vault.
- Cosmos DB.
- Redis cache.
- Application Insights.
Send emails with Sendgrid
FoxIDs relay on Sendgrid to send emails to the users for account verification and password reset.
You can optionally configure a Sendgrid from email address and Sendgrid API key in the Azure deployment configuration. You can either create Sendgrid in Azure or directly on Sendgrid, there are more free emails in an Azure manage Sendgrid.
Remember to setup up domain authentication in Sendgrid for the from email.
A Sendgrid from email address and API Key can at a later time be configure per track.
First login and admin users
After successfully deployment open FoxIDs Control Client on
https://foxidscontrolxxxxxxxxxx.azurewebsites.net (the app service starting with foxidscontrol...) which brings you to the master tenant.
The default admin user is:
[email protected]with password:
FirstAccess!(you are required to change the password on first login)
Create your one admin users with a valid email address and grant the users the admin role 'foxids:tenant.admin'.
Troubleshooting deployent errors
Key Vault soft deleted If you have deleted a previous deployment the Key Vault is only soft deleted and sill exist with the same name for some months. In this case you can experience getting a 'ConflictError' with the error message 'Exist soft deleted vault with the same name.'.
The solution is to delete (purge) the old Key Vault, which will release the name.
Upload risk passwords
You can upload risk passwrods in FoxIDs Control Client master tenant on the Risk Passwords tap.
SHA-1 pwned passwords
ordered by prevalence from haveibeenpwned.com/passwords.
Be aware that it takes some time to upload all risk passwords. This step can be omitted and postponed to later.
The risk passwords are uploaded as bulk which has a higher consumption. Please make sure to adjust the Cosmos DB provisioned throughput (e.g. to 20000 RU/s) temporarily.
Add sample configuration to a track
It is possible to run the sample applications after they are configured in a FoxIDs track. The sample configuration can be added with the sample seed tool.
The FoxIDs and FoxIDs Control domains can be customized.
Important: change the primary domain before adding tenants.
FoxIDs default domain is
https://foxidsxxxx.azurewebsites.net which can be changed to a custom a domain like e.g.,
FoxIDs Control default domain is
https://foxidscontrolxxxx.azurewebsites.net which can be changed to a domain like e.g.,
Custom domains are configured in Azure portal on the FoxIDs App Service and the FoxIDs Control App Service production slot under the
Custom domains tab and by clicking the
Add custom domain link. The FoxIDs site support one primary domain and multiple secondary domains, where the FoxIDs Control only support one primary domain.
Additionally primary custom domain configuration:
- First login to the FoxIDs Control client using the default/old primary domain. Select the
Partiesmenu and under
Down Partiesselect click
OpenID Connect - foxids_control_clientand click
Show advanced settings.
- Add the FoxIDs Control sites new primary custom domain to the
Allow CORS originslist without a trailing slash.
- Add the FoxIDs Control Client sites new primary custom domain login and logout redirect URIs to the
Redirect URIslist including the trailing
If you have added tenants before changing the primary domain, the
OpenID Connect - foxids_control_clientconfiguration have to be done in each tenant.
- Then configure the FoxIDs and FoxIDs Control sites new primary custom domains in the FoxIDs Control App Service under the
Applications settingssub tab:
- The setting
Settings:FoxIDsEndpointis changed to the FoxIDs sites primary custom domains.
- The setting
Settings:FoxIDsControlEndpointis changed to the FoxIDs Control sites primary custom domains.
Specify default page
An alternative default page can be configured for the FoxIDs site using the
Settings:WebsiteUrl setting. If configured a full URL is required like e.g.,