92cc41d26d
- Add Legal Office of the Master seal (SVG design with Maltese Cross, scales of justice, legal scroll) - Create legal-office-manifest-template.json for Legal Office credentials - Update SEAL_MAPPING.md and DESIGN_GUIDE.md with Legal Office seal documentation - Complete Azure CDN infrastructure deployment: - Resource group, storage account, and container created - 17 PNG seal files uploaded to Azure Blob Storage - All manifest templates updated with Azure URLs - Configuration files generated (azure-cdn-config.env) - Add comprehensive Azure CDN setup scripts and documentation - Fix manifest URL generation to prevent double slashes - Verify all seals accessible via HTTPS
6.1 KiB
6.1 KiB
Entra VerifiedID Integration - Team Training Guide
Training Overview
This guide provides training materials for the operations and development teams on the Entra VerifiedID integration.
Training Objectives
By the end of this training, team members should be able to:
- Understand Entra VerifiedID integration architecture
- Deploy and configure the integration
- Monitor and troubleshoot issues
- Perform common operations
- Handle emergencies
Training Modules
Module 1: Architecture Overview (30 minutes)
What is Entra VerifiedID?
- Microsoft's managed service for verifiable credentials
- Issues W3C-compliant verifiable credentials
- Provides QR codes for mobile wallet integration
- Handles credential lifecycle management
Integration Architecture
Client → Identity Service → Entra VerifiedID API
↓
Database (tracking)
↓
Event Bus (notifications)
↓
Monitoring (metrics)
Key Components
- EntraVerifiedIDClient: Base client for API communication
- EnhancedEntraVerifiedIDClient: Enhanced with retry and multi-manifest
- Webhook Handler: Processes status updates
- Metrics: Prometheus metrics for monitoring
Module 2: Deployment (45 minutes)
Prerequisites
- Azure subscription access
- Kubernetes cluster access
- Key Vault access
Deployment Steps
-
Azure Configuration
./scripts/deploy/setup-entra-automated.sh -
Environment Setup
./scripts/deploy/configure-env-dev.sh -
Staging Deployment
./scripts/deploy/deploy-staging.sh -
Production Deployment
./scripts/deploy/deploy-production.sh
Hands-On Exercise
- Deploy to staging environment
- Verify deployment
- Test credential issuance
Module 3: Operations (45 minutes)
Daily Operations
- Health checks
- Monitoring dashboards
- Log review
Common Operations
- Issue credential manually
- Check credential status
- Verify credential
- View metrics
Hands-On Exercise
- Issue a test credential
- Monitor metrics
- Check logs
Module 4: Monitoring & Troubleshooting (60 minutes)
Key Metrics
- Issuance success rate
- API latency
- Error rates
- Webhook processing
Common Issues
-
Credential Issuance Failing
- Check Entra credentials
- Verify API permissions
- Check network connectivity
-
Webhooks Not Received
- Verify webhook URL configuration
- Check firewall rules
- Review webhook logs
-
High Latency
- Check network connectivity
- Review retry configuration
- Check Entra API status
Troubleshooting Workflow
- Check service health
- Review logs
- Check metrics
- Verify configuration
- Test connectivity
Hands-On Exercise
- Simulate common issues
- Practice troubleshooting
- Use diagnostic commands
Module 5: Emergency Procedures (30 minutes)
When to Disable Integration
- Critical security issue
- Entra API outage
- Data corruption
Disable Procedure
# Scale down service
kubectl scale deployment identity-service -n the-order-prod --replicas=0
# Or disable routes
kubectl set env deployment/identity-service ENTRA_TENANT_ID="" -n the-order-prod
Rollback Procedure
kubectl rollout undo deployment/identity-service -n the-order-prod
Hands-On Exercise
- Practice disable procedure
- Practice rollback
- Verify service recovery
Training Materials
Documentation
Scripts
scripts/deploy/setup-entra-automated.shscripts/deploy/deploy-staging.shscripts/test/test-all-entra-features.shscripts/validation/validate-entra-config.sh
Test Environment
- Staging environment for hands-on practice
- Test credentials for safe experimentation
Assessment
Knowledge Check
- What are the required environment variables?
- How do you check if Entra integration is working?
- What metrics indicate a problem?
- How do you disable the integration in an emergency?
Practical Assessment
- Deploy to staging
- Issue a test credential
- Troubleshoot a simulated issue
- Perform a rollback
Resources
Internal
- Runbook:
docs/operations/ENTRA_VERIFIEDID_RUNBOOK.md - Troubleshooting: See runbook troubleshooting section
- On-call procedures: [Contact Information]
External
Training Schedule
Recommended Training Plan
- Week 1: Architecture and Deployment (2 hours)
- Week 2: Operations and Monitoring (2 hours)
- Week 3: Troubleshooting and Emergencies (2 hours)
- Week 4: Assessment and Certification (1 hour)
Follow-Up
- Monthly review sessions
- Quarterly updates on new features
- Annual recertification
Questions & Answers
Common Questions
Q: What happens if Entra API is down? A: The integration will retry automatically. If all retries fail, errors are logged and metrics are updated. Consider disabling integration if outage is prolonged.
Q: How do we rotate client secrets? A: Create new secret in Azure Portal, update in Key Vault, restart service. See runbook for detailed steps.
Q: Can we use multiple credential types?
A: Yes! Configure ENTRA_MANIFESTS environment variable with JSON mapping. Use manifestName parameter in API calls.
Q: How do we monitor success rates? A: Use Grafana dashboard or Prometheus queries. Alert on success rate < 95%.
Certification
To be certified on Entra VerifiedID operations, team members must:
- Complete all training modules
- Pass knowledge check (80% or higher)
- Successfully complete practical assessment
- Demonstrate ability to troubleshoot common issues
Training Version: 1.0 Last Updated: [Current Date] Next Review: [Date + 3 months]