Skip to main content
Skip table of contents

Deploying Hydra Manually

Introduction

Currently, a manual deployment must be done in the Azure Government Cloud. This manual deployment model also applies to organizations in Commercial Cloud, where marketplace restrictions exist, but you must ensure any references to azure.us are replaced with the typical azure.com or azurewebsites.com commercial URL.

Determining a Name for the Deployment

First, determine a unique name for your Hydra instance. It must be a lower-case, 4-22-character name, not starting or ending with a “-“, and must be globally unique. If the name is not valid, the configuration and the deployment must be redone.

Valid examples (up to 22 characters):

  • gov-avd-hydra-company

  • avd-hydra-gov-department

  • hydra-gov-facility

Configuring the Service Principal for Web Authentication

  1. Open the Azure Portal in the destination tenant, and go to Entra ID > App registrations.

  2. Click New Registration.

  3. Enter a name (e.g., svc-HydraWebAuthentication) and the Redirect URI.

  4. Redirect URI type: Web.

  5. Redirect URI (where my-unique-name is the name determined above): Enter the full URL, including .azurewebsites.us/signin-oidc: https://my-unique-name.azurewebsites.us/signin-oidc.

Frame 1338.png

  1. Click Register.

  2. Go to Certificates and Secrets and add a new secret with “New client secret”.

  3. Copy the secret value (not the ID) for later use.

Frame 1339 (1).png

  1. Go to the overview and copy the Application (client) ID. This is the ID of the service principal we need later.

Frame 1340.png

Deploying Hydra

  1. Go to the Azure Portal > Custom Deployment > Build your own template.

Frame 1341.png

  1. Copy the given deployment script (HydraDeploymentTemplate.json) into the editor and save:

Frame 1342 (1).png

  1. Fill out the Instance details, as follows:

  • Region: Your cloud region.

  • Site name: As defined before (lower-case, 4-22 characters, do not start or end with a “-“, globally unique).

  • Sp ID: The service principal ID we created before.

  • Sp Secret: The secret of the service principal we have created before.

  • Admins: You administrator UPN name to log in after the deployment.

  1. Click Review and create > Create.

Frame 1343 (1).png

Post Deployment

  1. Open the Hydra website: https://my-unique-name.azurewebsites.us and consent or request application access on behalf of your organization, if prompted.

  2. Continue configuring a Service Principal for resource access and add it to the tenant configuration in Hydra. For details, see Adding a Tenant.

  3. If Gov Cloud, ensure that you navigate to Advanced Settings and change the Azure Cloud type as needed.

Frame 1344.png

HydraDeploymentTemplate.json

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close