VERA Cloud Pre-Deployment Checklist
- HB Farris
Welcome to Tx3's VERA Cloud!
As you prepare to utilize VERA's centralized electronic approval repository, you can use the checklist below to guide you on your way.
VERA is capable of connecting to an unlimited number of endpoints and, as such, some of the steps below can be repeated to connect your VERA Cloud environment to as many endpoints as your need.
URLs and Ports
Open Outgoing TCP Port Access from your Environment to VERA Cloud
443
8443
Your environment will need to communicate with both the VERA Web Portal on port 443 and the VERA API Server on port 8443. VERA uses SSL communication for all incoming requests and requires ports that are different than the standard (non-SSL) web communication ports. If you cannot use 443 or 8443, please notify your Tx3 Account Manager and different ports can be provisioned. This may need to be repeated on each server that will connect to VERA.
Allow Outgoing Access to the VERA Cloud URL
If your environment restricts access to an approved list of URLs, you will need to add the VERA Cloud URL to that list. Typically the url will follow this pattern: https://[your-company-name]-vera.saas.tx3services.com. Your specific URL will be communicated to you by your Tx3 Account Manager. This may need to be repeated on each server that will connect to VERA.
Allow Incoming Access from VERA Cloud to your Environment
VERA will need to communicate back to your endpoint server and utilize your endpoint's API. The incoming traffic must be allowed from the VERA Cloud URL and using your endpoint's API port. This may need to be repeated on each server that VERA will connect to.
Provide Tx3 with your Endpoint URL and API Port Information
You must provide Tx3 with your endpoint's API port and URL information. VERA will use this information to communicate back to your endpoint as records are approved or rejected. This may need to be repeated on each server that VERA will connect to.
Service Accounts
Create a Service Account in your Endpoint System
You must create a Service Account for VERA to access your endpoint. The service account should have sufficient privileges to update records via API in all projects that will be connected to VERA. This will need to be repeated on all endpoints.
Provide the Service Account Credentials to Tx3
The credentials will be stored in VERA in order to access your endpoint system. The password will be encrypted before storing it in VERA. A screen share session can be setup if you wish to encrypt and enter the password yourself. This will need to be repeated for all endpoints.
Local Users
Provide Tx3 with a List of User Accounts
VERA Service Account
Local Admin Accounts
Local User Accounts
SAML User Accounts
JIRA endpoints will need to communicate with VERA using a VERA Service Account. This account will be created when your cloud environment is configured. You should provide the Service Account Name and expected password. This same account will be stored in the VERA for JIRA Add On configuration settings. Additional user accounts can be supplied at this time as well. Please provide a CSV file to import when your VERA Cloud environment is configured (see Import VERA users for more information on the CSV Import process).
SAML Setup
Provide Tx3 with SAML 2.0 Identity Provider Details
URL
Certificate
If you are using a SAML 2.0 SSO engine, please provide the Single Sign On Service URL for your IdP and the public certificate associated with that IdP.
Add VERA Cloud Service Provider Entity IDs to your SAML IdP
Tx3VERA
Tx3VERASignatures
On your SAML IdP, please configure the above entity ids that VERA will use to communicate with your IdP. The IdP endpoint for the Tx3VERASignatures entity ID must accept either the ForceAuthN parameter or the "urn:oasis:names:tc:SAML:1.0:am:password" Authentication Context to force re-authentication.
Policies
Provide Tx3 with Existing Policy Files
Approval Policy
Records Management Policy
If you have existing VERA Policy Files, please send these to Tx3 so that they can be included in your VERA Cloud Environment. These policy files may be different for each endpoint.
Table of Contents