A2P-managed-app

A2P is a production‑ready Application‑to‑Person (A2P) SMS gateway you deploy and operate in your own Azure tenant. It provides a web management UI, OIDC single sign‑on, partner onboarding, message routing and policy controls, plus observability and audit trails to run messaging at scale.

Key capabilities

• Partner and account management: onboard partners, manage credentials, IP allowlists, and quotas.

• Routing and policy: categories, sender IDs (alphanumeric), long/short numbers, bind modes, aliasing, and pattern‑based filtering to reduce spam and invalid content.

• Protocol support: SMPP and HTTP via the Jasmin SMS gateway.

• Security and access: OIDC SSO, RBAC in the admin UI, secrets in Key Vault, TLS by default.

• Monitoring and audit: real‑time stats, health checks, and comprehensive audit logging.

• Operability: designed for repeatable deployment, teardown, and reprovisioning in Azure.

What’s deployed

• Azure Kubernetes Service (AKS) hosting the web UI and SMS gateway components.

• PostgreSQL Flexible Server for durable data.

• Azure Key Vault for secret storage and bootstrap credentials.

• RabbitMQ (via operator) for messaging between components.

• TLS automation with cert‑manager (self‑signed by default; Let’s Encrypt optional).

• Ingress through Kubernetes; Application Gateway WAF integration is supported in typical enterprise deployments.

Typical use cases

• Marketing and service notifications, OTP/2FA, alerts, and customer engagement at scale.

• Enterprises and service providers needing an in‑tenant, policy‑controlled A2P stack on Azure.

What you bring

• Connectivity to your carriers/aggregators (SMPP/HTTP accounts, short codes/long numbers).

• Your compliance, content, and opt‑in policies.

• Optional external observability tooling, if desired.

What you get

• A secure, Azure‑native A2P platform with a web UI, OIDC SSO, and guardrails for operations.

• Fast time‑to‑value with automated bootstrap (TLS, secrets, base routing) and clear outputs (ingress URL, database connection secret).

Security and compliance posture

• OIDC SSO and role‑based access for administrators.

• Secrets stored in Azure Key Vault.

• HTTPS/TLS by default; Let’s Encrypt can be enabled when DNS is available.

• WAF‑backed ingress supported with Azure Application Gateway (enterprise option).

Pricing and licensing

• BYOL, non‑transactable in Marketplace. Azure infrastructure runs in your subscription and is billed by Azure. Any carrier fees are separate.

Getting started

• Select “Get it now,” choose your subscription and region, and provide minimal inputs (node size/count, OIDC if used).

• After deployment, open the output URL for the admin UI, sign in via OIDC (or local admin if configured), create partners, and configure routes and sender IDs.

• Connect your carrier/aggregator accounts and start sending.