I've noticed a lot of job listings that mention using Terraform to handle identity providers like Entra and Okta. I'm curious about the advantages of this approach. For instance, we already have automation tools like scripts or APIs, and change tracking is usually done with audit logs. So, do companies really maintain Git repositories with extensive lists of users, groups, and app registrations using Terraform?
2 Answers
It sounds like there might be some confusion between managing the initial setup of the identity provider (IDP) infrastructure and the ongoing state of the IDP. Generally, Terraform is used for integrating Entra or Okta and then it runs without needing to manage every single user or entity with it.
Regarding maintaining a Git repo with tons of user data, that's not quite what Terraform is about. It focuses more on application configuration rules rather than individual users. It's especially useful on the customer identity side, managing access and rules more efficiently. For example, if an Okta instance connects to various AD and LDAP instances, Terraform can manage complex access rules that are crucial for operations. I've never seen user objects represented in Terraform itself, but it shines with application rules, especially when you're continuously integrating an external app.
But how does using Terraform for these rules improve upon just setting up groups in Okta using membership rules?