No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

image.png

Hello everyone!

Just whether I understand it correctly. Is there any way how to create an *Entra ID Tenant* from Pulumi?

I see possibility to create a B2C or CIAM Tenant, but no Entra ID (Workforce) Tenant: <https://www.pulumi.com/registry/packages/azure-native/api-docs/azureactivedirectory/>

Since `pulumi-azure-native` only interacts with the Azure API (and not he Entra API) the only resources in there are CIAM and B2C as they are "Azure Cloud services" — child tenants essentially.

There's another Pulumi package – `pulumi-azuread` for managing Entra, but I've never seen a scriptable way of initially creating a new tenant as Microsoft probably doesn't publish an API for that.

Thank you for your response <@U03TDBDDBCH>! You're probably right. :+1: I can also imagine why - as there's no subscription needed for Entra it could probably be exploited.

What caught my attention was that CIAM, if I understand it correctly, is part of Entra (being the second option to choose from on my screenshot) and this one being part of `pulumi-azure-native`.

Yes, CIAM (customer identity &amp; access management) is "Entra ID for customers".
<https://learn.microsoft.com/en-us/entra/external-id/customers/overview-customers-ciam>

I strongly discourage the use of Entra B2C after CIAM came about and Microsoft seems to be pushing that instead.

I've always felt like Entra B2C is a half-assed fork of Entra with terrible developer experience.