I'm looking to set up two Entra ID tenants, one for non-production (tenant-nonprod) and one for production (tenant-prod), to support a consumer-facing portal. I want to know if this approach is appropriate or if there's a better way to manage these environments. Additionally, I'm currently using Terraform to manage resource groups, app services, and app service plans. Can I also manage these Entra ID tenants through Terraform, or do I have to create them manually via the Azure portal?
3 Answers
You're right about using Terraform for managing resources! The AzureAD provider lets you manage various Entra ID components like apps and service principals quite effectively. However, creating the tenants themselves typically isn't done through Terraform; most folks set up the tenants manually or through Azure CLI first, and then leverage Terraform for the resources within those tenants.
Separating non-prod and prod into different Entra tenants can work well, especially for consumer-facing apps, as it provides strong isolation and helps manage identities better. However, this setup does come with increased overhead since you have to handle cross-tenant management and may end up duplicating configurations. Alternatively, some teams prefer to keep everything in one tenant and differentiate environments using app registrations and resources instead. But if you need clear boundaries for identities, then using two tenants is a smart choice!
I think splitting tenants is a solid move, especially for security reasons. Just remember that tenant creation needs to happen in the Azure portal. If you're concerned about your consumer portal's security, look into tools like LayerX Security to help enforce policies effectively!
Related Questions
How To: Running Codex CLI on Windows with Azure OpenAI
Set Wordpress Featured Image Using Javascript
How To Fix PHP Random Being The Same
Why no WebP Support with Wordpress
Replace Wordpress Cron With Linux Cron
Customize Yoast Canonical URL Programmatically