bcgov / Cloud-Pathfinder-Azure

Apache License 2.0
1 stars 0 forks source link

Entra ID Access Package in Entitlement Management During Landing Zone Provisioning #119

Open AErmie opened 3 months ago

AErmie commented 3 months ago

As part of deploying Azure Landing Zones (ie. "Project Sets"), we need to grant access to the Management Group / Subscriptions to the respective Product Owner (PO) and Technical Leads (TLs) as part of the automated provisioning.

Management of Azure Entra ID is the responsibility of the Access and Directory Management Services (ADMS) team. This presents a limitation in not being able to dynamically creating Security Groups to manage access.

As an alternative approach, the ADMS team has ask that we look into using Entra ID access package in entitlement management.

Research and investigation is require, to determine if this approach can fulfill the needs within the automated provisioning.

Acceptance Criteria

AErmie commented 3 months ago

As part of investigating this approach, automation will need to be explored. Here is a reference article that might be useful: Automating Access Package Creation for Entra ID roles with PowerShell