You can install CIPP two different ways, click-to-deploy and manual. When you use a hosted setup, this is all performed for you.
A click-to-deploy install is the preferred way to install CIPP using a GitHub fork of the CIPP UI and API repositories. It utilises Azure deployment templates to automate the deployment of the CIPP UI and API.
A manual install is an advanced method of installing CIPP, requiring more knowledge of Git and Azure but providing wider choice of Git hosting services and greater flexibility around deployment.
Detailed information about each of these installation methods is in the tabs below:
You must replace the preset "Github Repository" and "Github API Repository" fields with the URL's of your own Github forks of the CIPP and CIPP-API repositories.
If your installation fails, you must delete the resource group and try again.
Unless you know what you're doing manual installation isn't advised, there's a lot of moving parts where one could make a mistake. You must use the manual installation instructions if you wish to host your repository in Azure DevOps or GitLab.
- Click to Deploy
Please read all of the instructions below before proceeding to click the "Deploy to Azure" button, to determine which option you should select.
After you have completed the prerequisites in the Prerequisites section, select the button below to run the automated setup. This does most of the work for you. If you don't want to use the automated installer, use the manual installation instructions.
Deploy to an another region
Azure Static Web Apps (SWA) is global by default (it picks the data center closest to you) however some regions don't support deployment. Regions that support SWA deployment at the moment are:
- Central US
- East US 2
- East Asia
- West Europe
- West US 2
To work around this use the alternative installation button below. This deploys the Static Web App in the Central US region however the SWA gets served from your nearest data center anyway. The other parts of CIPP get installed in the region you choose so you shouldn't experience any latency.
If you don't want to, or can't, install CIPP automatically you can use the following steps to create the required Azure services manually. We do not offer community support for any environment deployed in this manner.
Note that this shouldn't be done unless you understand each required aspect.
Create an Azure Function host
Create an Azure Function App and upload the data from the CIPP-API to the Azure Function, or attach it to your fork. Each time the team pushes updates to the central repository you must also update your fork to keep current.
After creating the Azure function, Enable system managed identity for the Azure Function. Microsoft Docs - How to use managed identities for App Service and Azure Functions
Give the managed identity "Reader" access on the Azure Subscription. Microsoft Docs - Assign Azure Roles to a managed identity
Create an Azure Key Vault
Create an Azure Key Vault and give the system managed identity access to update, read, and create Secrets. This Key Vault stores credentials and tokens for the application. Microsoft Docs - Assign a Key Vault access policy
Create an Azure Static Web App
Create a premium Azure Static Web App in the Azure portal and use the CIPP repository fork you've made as the source. When CIPP updates release you must pull the latest changes into your fork and push (deploy) these to the Static Web App. It's possible to automate deployment using GitHub Actions, Azure DevOps Pipelines or GitLab CI/CD (or other CI/CD tools).
After creation, perform the following changes:
- Attach the Function App to the Static Web App. Microsoft Docs - Bring your own functions to Azure Static Web Apps