.. integration-procedure.rst ======================== Integration Procedure ======================== The following provides an overview of the steps to get started using Yubico FIDO Pre-reg with Microsoft Azure components and Entra ID to create a first shipment of a pre-registered YubiKey. .. _prerequisites: Prerequisites =============== Ensure you have the following before starting the implementation procedure: * `Enterprise Plus plan `_ subscription. For questions about Yubico subscription services, contact `Yubico Support `_. * `YubiEnterprise Console `_ access with FIDO Pre-reg enabled. This is provided by Yubico during onboarding of your organization. * `Customization IDs (CID) `_, Product IDs, and Subscription IDs for the YubiKey models you will be shipping to end users. Provided by Yubico. * A YubiEnterprise API token, see `Generating API Tokens `_. * An ARM Template JSON file, provided by Yubico. * A Docker Image for the Yubico FIDO Connector app, provided by Yubico. * An Azure Resource Group permissions template provided by Yubico. * The following administrative roles are required for the implementation: * *Application Administrator* - when registering apps (Microsoft Entra ID). * *Authentication Policy Administrator* - when enabling passkey authentication (Microsoft Entra ID). * *Global Administrator* - when registering apps and granting admin consent for tenant (Microsoft Entra ID). * *Privileged Role Administrator* - when granting Logic App permissions (Azure deployment). Integration Steps ==================== The following steps lets you set up the Yubico FIDO Pre-reg integration and create a first shipment of a pre-registered YubiKey: 1. :ref:`Configure required Azure permissions ` 2. :ref:`Configure authentication and register apps in Microsoft Entra ID ` 3. :ref:`Deploy apps and infrastructure components in Azure ` 4. :ref:`Test and verify the Azure deployment ` 5. :ref:`Create your first pre-registered YubiKey shipment request ` The sections in the following describe each step in detail.