Introduction
This article will help teams who are using Azure Ad as their SSO provider for Terraform Cloud, and they want their groups/teams to be auto asserted in Terraform Cloud.
Use Case
After configuring Terraform Cloud SSO provider as Azure AD, sometimes user want their users or groups over azure to be auto assigned to Terraform cloud teams.
Hence, they need to first configure Azure AD SSO by following - Microsoft Azure SSO-Terraform Cloud setup.
Procedure
To create a group whose members have access to some specific team of SSO with specific privileges :-
Configuration (Azure Portal)
- In the Azure portal, create groups with any name and add members as per requirement.
- Go to Single Sign-On tab and, inside Attributes & Claims, add a Group Claim with name MemberOf.
- Go to Terraform Cloud application in azure and then select user and groups and then go inside required group, and copy the ObjectID from overview page. This will be used as SSO ID in the next section.
Configuration (Terraform Cloud)
- In Terraform Cloud portal, create a new team with required privileges, and paste the copied Object ID inside SSO ID tab inside team.
- Now login with one of the member user of azure group in TFC via SSO, that user will have specific privileges as mentioned in TFC organization-teams.
By the above example, the SSO user will be attached to a specific team by default with desired permissions on TFC.