Introduction
This guide explains how to configure team synchronization between Azure AD and HCP Terraform. This allows you to automatically manage team membership in HCP Terraform based on your Azure AD group assignments.
Prerequisites
Before you begin, you must have already configured Azure AD as your Single Sign-On (SSO) provider for HCP Terraform. For instructions, refer to the Microsoft Azure AD SSO setup documentation.
Procedure
Follow these steps to enable team assertions from Azure AD to HCP Terraform.
Part 1: Configure Azure AD
First, you need to configure a group claim in your Azure AD application.
- In the Azure portal, create the user groups you intend to sync and add the required members.
- Navigate to your HCP Terraform enterprise application in Azure AD.
- Select the Single Sign-On tab and edit the Attributes & Claims section.
-
Add a new group claim with the name
MemberOf. - Navigate to the desired group within your HCP Terraform application in Azure AD and copy its Object ID from the overview page. You will use this ID in the next section.
Part 2: Configure HCP Terraform
Next, you will use the Azure AD group's Object ID to link it to a team in HCP Terraform.
- In the HCP Terraform portal, navigate to your organization's settings and create a new team with the desired permissions.
-
In the team's settings, paste the Object ID you copied from Azure AD into the SSO Team ID field.
- Save the team settings.
Outcome
After you complete the configuration, when a member of the configured Azure AD group logs into HCP Terraform via SSO, HCP Terraform automatically adds them to the corresponding team and grants them the associated permissions.