Verified ID Advanced Setup

Hi All,

Almost a Year ago, i’ve blogged about Microsoft Entra Verified ID

Since August 2024 Microsoft Entra Verified ID now generally available

Setup Entra Verified ID - Advanced Setup

Recently i have been playing around with Entra Verified ID again. This time using Advanced setup.

You need to have the “Global Administrator” Role

You need to Prepare an Azure Keyvault

Step1: Configure organization settings

Now let’s dig into the Configuration

You need to set a Name for the Authority and a Domain that has added to the Domains on the Tenant

• Organization Name: Demo Icewolf
• Trusted Domain: https://icewolf.ch

Now you need to select the Azure Key Vault

Step2: Register decentralized ID (DID)

Register Decentralized DID - download the did.json and upload it to https://icewolf.ch/.well-known/did.json

{
	"id": "did:web:icewolf.ch",
	"@context": [
	  "https://www.w3.org/ns/did/v1",
	  {
		"@base": "did:web:icewolf.ch"
	  }
	],
	"service": [
	  {
		"id": "#linkeddomains",
		"type": "LinkedDomains",
		"serviceEndpoint": {
		  "origins": [
			"https://icewolf.ch/"
		  ]
		}
	  },
	  {
		"id": "#hub",
		"type": "IdentityHub",
		"serviceEndpoint": {
		  "instances": [
			"https://hub.did.msidentity.com/v1.0/46bbad84-29f0-4e03-8d34-f6841a5071ad"
		  ]
		}
	  }
	],
	"verificationMethod": [
	  {
		"id": "#4da7660a60254fd5ae995f76f9f36592vcSigningKey-07b3c",
		"controller": "did:web:icewolf.ch",
		"type": "JsonWebKey2020",
		"publicKeyJwk": {
		  "crv": "P-256",
		  "kty": "EC",
		  "x": "XWnIdLVIkblEgEdEAVSeF5aUWofN3las8671XSlM6lA",
		  "y": "eIpT97fbCmdn9hd2s0a9vCBpvlyaERGtU9TDQgdS9DM"
		}
	  }
	],
	"authentication": [
	  "#4da7660a60254fd5ae995f76f9f36592vcSigningKey-07b3c"
	],
	"assertionMethod": [
	  "#4da7660a60254fd5ae995f76f9f36592vcSigningKey-07b3c"
	]
  }

Step 3: Verify domain ownership

Now you can verify domain ownership

Download did-configuration.json and upload it to https://icewolf.ch/.well-known/did-configuration.json

{
	"@context": "https://identity.foundation/.well-known/contexts/did-configuration-v0.0.jsonld",
	"linked_dids": [
	  "eyJhbGciOiJFUzI1NiIsImtpZCI6ImRpZDp3ZWI6aWNld29sZi5jaCM0ZGE3NjYwYTYwMjU0ZmQ1YWU5OTVmNzZmOWYzNjU5MnZjU2lnbmluZ0tleS0wN2IzYyJ9.eyJzdWIiOiJkaWQ6d2ViOmljZXdvbGYuY2giLCJpc3MiOiJkaWQ6d2ViOmljZXdvbGYuY2giLCJuYmYiOjE3MzU5OTM4MzksImV4cCI6MjUyNDkxMjIzOSwidmMiOnsiQGNvbnRleHQiOlsiaHR0cHM6Ly93d3cudzMub3JnLzIwMTgvY3JlZGVudGlhbHMvdjEiLCJodHRwczovL2lkZW50aXR5LmZvdW5kYXRpb24vLndlbGwta25vd24vY29udGV4dHMvZGlkLWNvbmZpZ3VyYXRpb24tdjAuMC5qc29ubGQiXSwiaXNzdWVyIjoiZGlkOndlYjppY2V3b2xmLmNoIiwiaXNzdWFuY2VEYXRlIjoiMjAyNS0wMS0wNFQxMjozMDozOS40MjFaIiwiZXhwaXJhdGlvbkRhdGUiOiIyMDUwLTAxLTA0VDEyOjMwOjM5LjQyMVoiLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiRG9tYWluTGlua2FnZUNyZWRlbnRpYWwiXSwiY3JlZGVudGlhbFN1YmplY3QiOnsiaWQiOiJkaWQ6d2ViOmljZXdvbGYuY2giLCJvcmlnaW4iOiJodHRwczovL2ljZXdvbGYuY2gvIn19fQ.L7y4CCrM_jOefIFrjKWWt-2LN_IC-fl2TKk9NSXMoP5nSCLB8hLtgi6-d7X_3vL-6Uf8OKmkKIf1MseklFKfnA"
	]
  }

After a few Minutes you can “Refresh verification status” and the Configuration should be verified

Now the first part has been set up

Set up Credential - Verified Employee

Select Credential and click on “Create credential”

Select the Template “Verified employee”

You can configure the Card and below you can see the Claims that are included

Logo URL: https://icewolf.ch/images/icewolf_ch.png
Text color: #FFFFFF
Background color: #34ebeb

You need to select “Issue Credential”

And Activate “Issue credentials through My Account” and save it

Azure Key Vault

What’s in the Azure Key Vault you ask? The “vcSigningKey” is stored there

You need to add Permissions to the Azure KeyVault with “Key Vault Administrator”

• Verifiable Credential Service: “6848c460-8987-482a-81fa-3a19a9d10b65”
• Verifiable Credential Service Request: “8302d69e-81e2-482c-8923-29fc3f34b216”

Get Verified Id

Now you should be able to get your Verified ID

A QR code is presented

Now you open the Microsoft Authenticator App and select on the bottom right “Verified ID” and Scan the QR code

You can add Verified ID “Verified Employee”

You can see the Details of your verified ID

Demo usage

You can use this Demo Webiste - Click on “Access Discounts”

Select “Verify my Emplyee Credential”

Use the Microsoft Authenticator to Scan the QR Code

Allow the Infos to be shared with the Store

Now you can access the reduced prices

The Website is not very good, you just can browse to https://proseware.azurewebsites.net/apply-discount and see the same information 😂

Organization Settings

You can view all the Details in Organization Settings and also Delete the Verified ID Authority and all the Credentials

Regards
Andres Bohren