I've been using Terraform for a while, and I'm considering applying it to manage user onboarding and offboarding. I envision Terraform creating users in Active Directory (AD), adding them to our GitHub organization, and assigning licenses for tools like Adobe Suite, M365, and others that might need some custom Terraform providers. When someone leaves, I'd want Terraform to handle disabling users and freeing up licenses. However, I seldom see discussions about Terraform used this way. Has anyone tried this approach for user management? What pitfalls or challenges have you encountered?
4 Answers
In my opinion, trying to use Terraform this way might be a bit of a stretch. Terraform is primarily designed for managing cloud resources, not user processes. Instead, consider using Ansible or Python for automation, which can be more effective for these kinds of tasks. Plus, integrating a good SSO solution can centralize your user management much better.
I've actually implemented something similar! If you're using Terraform with a CI/CD system like Atlantis, onboarding can be as simple as the new user submitting their first PR to add themselves to various resources. SSO is definitely part of the solution, but it's important to remember it’s mainly for sign-on, not permissions provisioning. Think about how onboarding works at your company—will Terraform fit into that process?
I agree! Terraform can manage the user creation part, but SSO is essential for a smooth experience. I think combining both methods is the way to go!
Honestly, Terraform isn't really set up for user management tasks. You’d likely be better off with scripts in PowerShell or Bash to handle user tasks effectively.
Using Terraform for user management sounds interesting, but the suggestion to utilize SSO might be more streamlined. Typically, managing users can be simplified by placing them into groups, which handles permissions and access without the overhead.
You’re right! SSO often has features for automatic provisioning. Adding users to groups in AD can trigger profile creation in GitHub when they first log in. When you disable a user in AD, they can't access other services, which is a key advantage of using SSO alongside Terraform.