I'm looking to set up two Entra ID tenants: one for non-production and another for production. The purpose is to support a consumer-facing portal with both environments. I have two main questions: First, is this the right way to structure my setup, or is there a better approach? Second, I'm currently managing resource groups, app services, and app service plans through Terraform. Can I also manage the Entra ID tenants with Terraform, or do I need to create these tenants through the Azure portal?
3 Answers
Using separate Entra tenants for production and non-production can be a smart move for consumer-facing applications. This setup allows for strong isolation, which is great for managing identities separately. Just keep in mind that this approach can lead to increased operational overhead like managing configurations across tenants. Another possible method is to keep a single tenant and manage environments through app registrations and resource isolation, but if identity separation is crucial, then your approach makes sense.
It’s definitely a solid choice to split tenants for your environments, but remember that the actual creation of Entra tenants has to be done through the Azure portal, not Terraform. For securing your consumer portal, you might want to check out LayerX Security to enforce strong policies. Terraform is great for managing the infrastructure once your tenants are set up.
I've just started with Azure too! Can you tell me more about why you chose to go with separate tenants? I thought apps could just be registered under the same tenant.
Related Questions
How To: Running Codex CLI on Windows with Azure OpenAI
Set Wordpress Featured Image Using Javascript
How To Fix PHP Random Being The Same
Why no WebP Support with Wordpress
Replace Wordpress Cron With Linux Cron
Customize Yoast Canonical URL Programmatically