I am totally new to Azure. Zero experience. But I have experience with AWS and GCP. I need to get our Azure account setup so we can start trying some things out in there.
We use google gsuite for email and such.
We use terraform to manage the other cloud providers... and intend to do so for azure.
For AWS we use their SSO to give our developers the level of access they need for the different environments. For GCP it's of course tied to their gmail accounts.
So what is best practice for Azure? I would like some sort of SSO I think. But the structure in Azure seems to be different. I don't "think" I will have separate accounts like AWS that have separate user pools. Seems like I have would some hierarchy of management groups. Currently thinking a top level one for the project in general, then one per environment (dev/test/prod) under that and then a subscription under each of those. Seems like users are managed at the management group level, so SSO like AWS's might not be necessary. I might just need to create the users via terraform at the top level and configure them to authenticate with their google login or something. Then of course give them only the permissions they need to the project and environments below.
Searching for this kind of stuff commonly gets me information about handling access to an application that is hosted in azure. Which of course isn't what I am trying to do. I have turned up some info on Entra. But that looks more like okta, which is not what I am trying to do either.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(124.80000000000001, 6%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
