# Access needed ## IAM Active Directory (AD) - we presume that AuthN is managed upstream for us but **we need to be able to create accounts for external users so they can authenticate to tools bound to AD like jira+confluence in order to collaborate with them on the same platform.** Role-Based Access Control - we need to be able to define what accounts defined in AD can do within the scope of our Healthworx Subscription. ### Healthworx Subscription Full admin access to our subscription Need to be able to create resource groups (including but not limited to virtual networks, virtual machines, databases, etc.) to bring up and tear down staging, production and development environments. ### Tenant-level access We need to be able to join servers to the domain. It's acceptable to limit this joining to a dedicated OU and subcontainers. In this way we can move away from local account authentication and the burden of managing local accounts. ## Azure Monitor We will need full visibility into our existing and future applications. This is critical to our developers to debug, troubleshoot and monitor what they're building. From this visibility, we will visualise dashboards, analyze metrics, respond to alerts and autoscale deployments. ### Logs We will be aggregating all logs to a central storage repository ### Metrics Need access to all available metrics under our subscription ## Region We need to be able to deploy to East US and East US 2 ## Services We will need to be able to deploy any and all Azure services. - All Core Services - App Service - Azure Managed Services - Networking - Storage - Database and Analytics -