# Getting Started

# Installation

The CMS is deployed as a containerized service. Deployment involves preparing the database, configuring application settings, and validating connectivity to Azure Stack Hub.

#### Prerequisites

- A Linux or Windows host with Docker or Kubernetes support
- Access to a MySQL 8.0 or later database instance
- Administrative access to Azure Stack Hub endpoints
- A valid TLS certificate for the portal and API endpoints

#### Installation Steps

1. **Database Setup**
    
    
    - Create a dedicated MySQL database (e.g., `cms`).
    - Apply the schema migrations provided with the installation package.
2. **Application Deployment**
    
    
    - Pull the container image from the registry or build it from source.
    - Run the container with environment variables specifying database connection strings, identity provider configuration, and API settings.
    - If deploying on Kubernetes, apply the provided YAML manifests to the cluster.
3. **Initial Configuration**
    
    
    - Access the CMS portal at `https://<hostname>`.
    - Log in with the default administrator account created during setup.
    - Update branding, system settings, and identity provider integration through the Administration menu.
4. **Connectivity Validation**
    
    
    - Confirm that the CMS can reach Azure Stack Hub endpoints.
    - Test authentication through Microsoft Entra ID or the configured identity provider.
    - Verify database connectivity and confirm that initial tenants and subscriptions can be created.

#### Post-Installation Tasks

- Replace default credentials with secure administrator accounts.
- Configure backup routines for the MySQL database.
- Set up monitoring and logging integration (see Operations → Monitoring &amp; Alerts).

# First Login

Once the CMS has been deployed and initial configuration is complete, administrators and users can access the portal and API. The first login process establishes identity integration and sets the foundation for role-based access control (RBAC).

[![image.png](https://docs.cloudaxis.cloud/uploads/images/gallery/2025-09/scaled-1680-/3KMimage.png)](https://docs.cloudaxis.cloud/uploads/images/gallery/2025-09/3KMimage.png)

#### Accessing the Portal

- Navigate to the portal URL: `https://<hostname>`
- Enter the credentials created during installation.
- If Microsoft Entra ID or another identity provider is configured, you will be redirected to the provider’s login page.

#### Default Roles

The CMS uses a role-based access model to control permissions. The following roles are provided by default:

- **Platform Administrator**  
    Full system access, including tenant onboarding, subscription management, billing, pricing, and system configuration.
- **Tenant Administrator**  
    Scoped access to manage subscriptions, resources, and users within a single tenant.
- **Partner Administrator**  
    Scoped Access to commission and billing data for a partner’s downstream tenants.
- **Distributor Administrator**  
    Scoped Access to commission and billing data for a distributors' downstream partners and tenants.
- **Platform User**  
    Access to read all system data but cannot make any changes.
- ****Tenant U**ser**  
    Scoped access to read subscriptions, resources, and users within a single tenant.
- ****Partner U**ser**  
    Scoped Access to read commission and billing data for a partner’s downstream tenants.
- ****Distributor U**ser**  
    Scoped Access to read commission and billing data for a distributors' downstream partners and tenants.

#### First-Time Setup

On first login, the administrator should:

1. Change the default password or confirm federated login is enforced.
2. Configure additional administrators or delegated roles.
3. Verify role mappings if using federated identity providers.

# Quick Start Tutorial

#### Introduction

This page is intended to guide new operators through the steps required to onboard tenants.

#### Step 1: Add a Region

<table border="1" id="bkmrk-note%3A-only-platform-" style="border-collapse: collapse; width: 100%;"><colgroup><col style="width: 99.881%;"></col></colgroup><tbody><tr><td><span style="color: rgb(0, 0, 0);">**Note**: Only Platform Administrators can onboard regions.</span>  
</td></tr></tbody></table>

- From the **Dashboard** or under **Settings** and **Regions.**
- Select **Add Region** and complete the wizard to onboard a region

#### Step 2: Add a Distributor

<table border="1" id="bkmrk-note%3A-only-platform--1" style="border-collapse: collapse; width: 100%;"><colgroup><col style="width: 99.881%;"></col></colgroup><tbody><tr><td><span style="color: rgb(0, 0, 0);">**Note**: Only Platform Administrators can onboard distributors.</span>  
</td></tr></tbody></table>

- Under **Relationships** select **Distributors.**
- Select **Add **Distributor**** and complete the wizard to onboard a distributor.

#### Step 3: Add a Partner

<table border="1" id="bkmrk-note%3A-only-platform--2" style="border-collapse: collapse; width: 100%;"><colgroup><col style="width: 99.881%;"></col></colgroup><tbody><tr><td><span style="color: rgb(0, 0, 0);">**Note**: Only Platform and Distributor Administrators can onboard partners.</span>  
</td></tr></tbody></table>

- Under **Relationships** select **Partners.**
- Select **Add** <span data-end="1794" data-start="1780">**Partner** </span>and complete the wizard to onboard a partner.

#### Step 4: Add a Tenant

<table border="1" id="bkmrk-note%3A-only-platform%2C" style="border-collapse: collapse; width: 100%;"><colgroup><col style="width: 99.881%;"></col></colgroup><tbody><tr><td><span style="color: rgb(0, 0, 0);">**Note**: Only Platform, Distributor and Partner Administrators can onboard tenants.</span></td></tr></tbody></table>

- From the **Dashboard** or under **Relationships** and **Tenants**.
- Select **Add Tenant** and complete the wizard to onboard a tenant.

#### Step 5: Create a Subscription

<table border="1" id="bkmrk-note%3A-any-administra" style="border-collapse: collapse; width: 100%;"><colgroup><col style="width: 99.881%;"></col></colgroup><tbody><tr><td>**Note**: Any Administrator role can onboard a new subscription.</td></tr></tbody></table>

- From the **Dashboard** or under **Subscriptions.**
- Select **Add Subscription** and complete the wizard to onboard a new subscription.

#### Step 6: Configure Users

<table border="1" id="bkmrk-note%3A-create-and-sco" style="border-collapse: collapse; width: 100%;"><colgroup><col style="width: 99.881%;"></col></colgroup><tbody><tr><td>**Note**: Create and scope users accordingly noting that at each level of the model (Distributors, Partners and Tenants) can manage their respective scoped users.</td></tr></tbody></table>

- From the **Dashboard** or under **Settings** and **Users**.
- Select **Add User** and complete the wizard to onboard a new user.

#### Step 7: Configure Pricing

- Under **Pricing**.
- While in the Meters or SKUs view.
- Select A**dd Pricing**. Configure the price lists as required.

#### Step 8: Generate Billing Records

- Under **Settings**. Select **Regions**.
- Select **Update Usage**.
- Under **Billing**. Ensure the billing records have been created as required.