By default, the template automatically creates an Entra ID app registration. This requires the bootstrap managed identity to have Microsoft Graph Application.ReadWrite.All permission (requires tenant admin consent).
Alternatively, set createAppRegistration to false and provide an existing app registration's client ID and client secret.
The deployment also requires:
- An Entra security group that will serve as the SQL Server administrator (provide the group's Object ID and display name)
Note: All deployment infrastructure uses Entra-only authentication — no shared keys or storage account keys are used anywhere.
OnRamp is an AI-powered web application that guides Azure customers through designing and deploying Cloud Adoption Framework (CAF) aligned landing zones. Answer questions about your organization, get an AI-generated architecture recommendation, review it visually, and deploy it to Azure with a single click.
- 🧭 Guided Questionnaire — Adaptive wizard covering all 8 CAF design areas
- 🤖 AI Architecture Generation — Azure AI Foundry powered architecture recommendations
- 🏗️ Interactive Visualizer — Explore your landing zone hierarchy and network topology
- 📋 Compliance Scoring — Evaluate against SOC 2, HIPAA, PCI-DSS, FedRAMP, NIST 800-53, ISO 27001
- 📝 Bicep Generation — Auto-generated, deployable Infrastructure as Code
- 🚀 One-Click Deploy — Deploy your entire landing zone to Azure subscriptions
- 📊 Deployment Tracking — Real-time progress, audit logging, and rollback support
The application includes a guided questionnaire, an interactive architecture visualizer, compliance scoring dashboards, and one-click Azure deployment. See docs/screenshots/README.md for instructions on capturing screenshots of each page.
flowchart LR
Wizard[🧭 Questionnaire] --> Arch[🏗️ Architecture Visualizer]
Arch --> Compliance[📋 Compliance Scoring]
Compliance --> Bicep[📝 Bicep Preview]
Bicep --> Deploy[🚀 One-Click Deploy]
flowchart LR
subgraph Frontend
React[React + Fluent UI v9]
end
subgraph Backend
FastAPI[FastAPI — Python]
end
subgraph Services
DB[(Azure SQL)]
AI[Azure AI Foundry]
ARM[Azure Resource Manager]
end
React -- REST API --> FastAPI
React -- MSAL --> EntraID[Entra ID]
EntraID -- Token --> FastAPI
FastAPI --> DB
FastAPI --> AI
FastAPI -- Bicep --> ARM
Hosted on Azure Container Apps with Entra ID authentication.
For the full architecture breakdown, see
docs/architecture.md.
- Docker Desktop
./dev.shThat's it. This builds and starts everything in containers:
- Frontend at
http://localhost:5173(hot reload) - Backend at
http://localhost:8000(auto-restart) - API Docs at
http://localhost:8000/docs
Other commands:
./dev.sh logs # Tail logs
./dev.sh test # Run backend tests
./dev.sh shell # Backend shell
./dev.sh down # Stop everything
./dev.sh reset # Wipe DB and rebuildcd backend
python -m venv .venv && source .venv/bin/activate
pip install -e ".[dev]"
uvicorn app.main:app --reloadcd frontend
npm install && npm run devVisit http://localhost:5173 — the app runs in development mode with mock data.
cd backend && source .venv/bin/activate
pytest tests/ -vonramp/
├── frontend/ # React + TypeScript + Fluent UI v9
├── backend/ # Python FastAPI
├── infra/ # Bicep templates (OnRamp infrastructure)
├── docs/ # Architecture, API, and dev docs
└── .github/ # CI/CD workflows
| Size | Employees | Subscriptions | Use Case |
|---|---|---|---|
| Small | 1-50 | 2-3 | Startups, small teams |
| Medium | 51-500 | 4-6 | Growing businesses |
| Enterprise | 500+ | 8+ | Large organizations |
- Microsoft Entra ID (Azure AD) authentication
- Role-based access control (Admin, Architect, Viewer)
- Azure Key Vault for secrets
- All deployments audited
MIT