Ctrlk
For the complete documentation index, see llms.txt. This page is also available as Markdown.

Enterprise deployment

GitHub Deployment

New SCEPman Instance

Deploy Azure Resources

Log in with an AAD administrator account and visit this site, choose and click one of the following deployment links:

Fill out the values in the form

  • Subscription: Select your subscription, where you have permissions to create app services, storage account, app service plan, and key vault

  • Resource group: Select an existing resource group or create a new one. The SCEPman resources will be deployed to this resource group

  • Region: Select the region according to your location

  • Org Name: Name of your company or organization for the CA certificate subject name (O RDN)

To maximize compatibility, for the Org Name we recommend omitting

  • language-specific special characters (e.g. ö, ø, é, ...)

  • a leading space (spaces between words can be used)

  • quotation marks

  • License: leave as "trial" to deploy a Community Edition or paste your license key for the Enterprise Edition of SCEPman.

  • Ca Key Type:

    • RSA-HSM (recommended, HSM-backed root CA)

    • RSA (software-backed root CA)

  • For the Storage Account Name, please notice that the name must be between 3 and 24 characters in length and may contain numbers and lowercase letters only

  • Define a globally unique name for the Key Vault Name, App Service Plan Name, Primary App Service Name, Log Analytics Workspace Name, Certificate Master App Service Name, Virtual Network Name, Private Endpoint for Key Vault Name and Private Endpoint for Table Storage. Replace UNIQUENAME with a value that hints at your organization name.

In case you have previously deployed SCEPman with the same Key Vault Name, and deleted all resources of the previous deployment, make sure to recover the previously deleted Key Vault. It will re-appear in the previous resource group. The ARM deployment - if pointed to the same resource group - will recognize the existing Key Vault and re-use it. A full deletion of the previous Key Vault is not feasible due to Purge Protection for 90 days.

  • Existing App Service Plan ID: Provide the App Service Plan ID of an existing App Service Plan or keep the default value 'none' if you want to create a new one

To find your existing App Service Plan ID: navigate to your existing App Service Plan > JSON View > copy the Resource ID (see screenshots)

  • Deploy on Linux:

    • true (deploys SCEPman on a Linux App Service Plan)

    • false (deploys to a Windows App Service Plan)

  • Deploy Private Network:

    • true (recommended, isolates the key vault and storage account behind private endpoints so that only SCEPman can access them from a networking perspective)

    • false (key vault and storage account can be accessed from any IP address)

  • Location: of all resources, the default value [resourceGroup().location] is Microsoft recommendation, you can just leave it as it is

  • Review + create, then Create

After a successful deployment of SCEPman please follow the Managed Identities article

Last updated

Was this helpful?