Skip to main content

Install on Azure


Please view the Prerequisites and ensure you have met all requirements before proceeding with the installation.

Install Wayfinder

The terraform-azurerm-wayfinder Terraform Module can be used to provision and manage a licensed edition of Appvia Wayfinder on Azure.

Follow the steps below to get up and running quickly, using the predefined quickstart example.


  1. Within your Azure Subscription, create a Public DNS Zone which can be used for the Wayfinder Portal and API DNS Records.
  2. Clone down the terraform-azurerm-wayfinder repository and navigate to examples/quickstart, or copy the contents of this directory to your local machine.
  3. Copy the terraform.tfvars.example file to terraform.tfvars and populate the variables with your own values.


  1. Authenticate using the Azure CLI.
  2. Run terraform init to initialise the Terraform modules.
  3. Run terraform plan -out=wayfinder.tfplan to view the resources that will be created.
  4. Run terraform apply wayfinder.tfplan

Wayfinder Azure Installation via Terraform

Advanced Configuration

Configure an Identity Provider (IDP)

If you have an existing IDP, you can configure it during installation by providing the Client ID, Client Secret and Server URL (or Azure Tenant ID) as variables to the module. The Terraform code below shows an example of how to do this, disabling the creation of the local administrator user in the process:

module "wayfinder" {
create_localadmin_user = false
wayfinder_idp_details = {
type = var.idp_provider
clientId = "idp-client-id"
clientSecret = "idp-client-secret"
serverUrl = var.idp_provider == "generic" ? "idp-server-url" : ""
azureTenantId = var.idp_provider == "aad" ? "idp-azure-tenant-id" : ""

Use an existing Virtual Network

If you have an existing Virtual Network and Subnet (e.g. one already connected to your corporate VPN), you can deploy Wayfinder into your own network by providing the Subnet ID as a variable to the main module:

module "wayfinder" {
aks_vnet_subnet_id =

Additionally, you can set disable_internet_access = true to make the AKS API, Wayfinder API and Portal only accessible from within your corporate network (not exposed via public load balancers).

Access Wayfinder AKS Management Cluster

If you need to access the Wayfinder AKS Management Cluster (e.g. for debugging purposes, providing logs to Appvia Support), you can do so by running the following command:

az aks get-credentials --subscription <SUBSCRIPTION_ID> --resource-group <RESOURCE_GROUP> --name <AKS_MANAGEMENT_CLUSTER_NAME> --public-fqdn