![SurePassID_CMYK_600.png]](https://support.surepassid.com/hs-fs/hubfs/SurePassID_CMYK_600.png?height=40&name=SurePassID_CMYK_600.png){kind=small}
What are the prerequisites for installing and deploying SurePassID MFA-as-Code in Azure GCC/GCC High?
To install configure and deploy SurePassID Ultra MFA (MFA-as-Code), our revolutionary Infrastructure-as-Code MFA solution for Azure GGC/GCC High, you need to have the following set-up items.
You have the option to complete the installation yourself, or if you prefer, the SurePassID Customer Success team can handle the entire installation process within your subscription on your behalf. To proceed with our assistance, you will need to provide us with an Azure Subscription and an Entra ID account, SSL certificate for the authenticationhenitcaiton server as detailed below. Once the installation is complete, you can remove our Entra ID account.
1. Azure Subscription - The subscription must be set up in Azure Government Cloud (GCC) or GCC High. While it is possible to install in a commercial environment, this article will focus exclusively on the government cloud options.
2. Entra ID Account - This account will allow the cloud engineer to run the SurePassID MFA-as-Code scripts to build the required infrastructure, deploy SurePassID, and administer the system within the subscription. The account must have access to the subscription, and the Owner role is strongly recommended. While an Entra ID account with other roles can be used, this article assumes the Owner role for simplicity and clarity.
3. Authentication (MFA) Server Secure Access - The application gateway endpoints that control access to the server require all communications to use TLS 1.2 or higher. To satisfy this requirement, you must supply an SSL certificate, including its full intermediate certificate chain, which will be installed as part of the MFA-as-Code infrastructure deployment. The preferred format for the certificate is PKCS #12 (P12 or PFX), with intermediate certificates provided in PEM or DER format. This certificate must be trusted by all MFA applications. It may be issued by a public CA such as DigiCert or by your internal CA, as long as the corresponding root certificate is installed and trusted on every client machine that will connect to the Authentication Server.
4. Deployment Workstation - This workstation will allow the cloud engineer to execute the SurePassID scripts, facilitating the creation of the required infrastructure, the deployment of SurePassID, and the ongoing administration of the system.
This workstation will need to have access to the Azure government portal to be able to run the scripts and be equipped with the proper set-up to perform the installation.
5. Deployment Workstation Set-up - View set-up article here. This usually take about an hour.