{"id":21514885,"url":"https://github.com/getindata/terraform-azuread-group","last_synced_at":"2026-02-23T22:03:03.741Z","repository":{"id":99598793,"uuid":"532607148","full_name":"getindata/terraform-azuread-group","owner":"getindata","description":"Terraform module for managing Azure Active Directory Groups","archived":false,"fork":false,"pushed_at":"2023-10-20T12:47:58.000Z","size":34,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-01-24T02:30:33.743Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/getindata.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-09-04T17:19:15.000Z","updated_at":"2022-09-05T11:57:23.000Z","dependencies_parsed_at":null,"dependency_job_id":"b99d433c-7341-4a70-b92a-899b69015b4c","html_url":"https://github.com/getindata/terraform-azuread-group","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":"getindata/terraform-module-template","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/getindata%2Fterraform-azuread-group","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/getindata%2Fterraform-azuread-group/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/getindata%2Fterraform-azuread-group/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/getindata%2Fterraform-azuread-group/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/getindata","download_url":"https://codeload.github.com/getindata/terraform-azuread-group/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":244066191,"owners_count":20392407,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-23T23:53:26.535Z","updated_at":"2026-02-23T22:02:58.700Z","avatar_url":"https://github.com/getindata.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Azure Active Directory Group Terraform Module\n\n![Azure](https://img.shields.io/badge/azure-%230072C6.svg?style=for-the-badge\u0026logo=microsoftazure\u0026logoColor=white)\n![Terraform](https://img.shields.io/badge/terraform-%235835CC.svg?style=for-the-badge\u0026logo=terraform\u0026logoColor=white)\n\n![License](https://badgen.net/github/license/getindata/terraform-azuread-group/)\n![Release](https://badgen.net/github/release/getindata/terraform-azuread-group/)\n\n\u003cp align=\"center\"\u003e\n  \u003cimg height=\"150\" src=\"https://getindata.com/img/logo.svg\"\u003e\n  \u003ch3 align=\"center\"\u003eWe help companies turn their data into assets\u003c/h3\u003e\n\u003c/p\u003e\n\n---\n\nManages a group within Azure Active Directory.\n\n## API Permissions\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires one of the following application roles: \n`Group.ReadWrite.All` or `Directory.ReadWrite.All`\n\nIf using the assignable_to_role property, this resource additionally requires one of the following application roles: \n`RoleManagement.ReadWrite.Directory` or `Directory.ReadWrite.All`\n\nIf specifying owners for a group, which are user principals, this resource additionally requires one of the following application roles: \n`User.Read.All`, `User.ReadWrite.All`, `Directory.Read.All` or `Directory.ReadWrite.All`\n\nWhen authenticated with a user principal, this resource requires one of the following directory roles: `Groups Administrator`, `User Administrator` or `Global Administrator`\n\nThe `external_senders_allowed`, `auto_subscribe_new_members`, `hide_from_address_lists` and `hide_from_outlook_clients` properties \ncan only be configured when authenticating as a user and cannot be configured when authenticating as a service principal. \nAdditionally, the user being used for authentication must be a Member of the tenant where the group is being managed and not a Guest. \nThis is a known API issue; please see the Microsoft Graph Known Issues official documentation.\n\n## USAGE\n\n```terraform\nmodule \"this_ad_group\" {\n  source = \"github.com/getindata/terraform-azuread-group\"\n  \n  name = \"administrators\"\n}\n```\n\n## NOTES\n\nThis module only supports a creation of security groups.\n\n\n## Examples\n\n- [Basic AD Group](examples/basic)\n\n\u003c!-- BEGIN_TF_DOCS --\u003e\n\n\n\n\n## Inputs\n\n| Name | Description | Type | Default | Required |\n|------|-------------|------|---------|:--------:|\n| \u003ca name=\"input_additional_tag_map\"\u003e\u003c/a\u003e [additional\\_tag\\_map](#input\\_additional\\_tag\\_map) | Additional key-value pairs to add to each map in `tags_as_list_of_maps`. Not added to `tags` or `id`.\u003cbr\u003eThis is for some rare cases where resources want additional configuration of tags\u003cbr\u003eand therefore take a list of maps with tag key, value, and additional configuration. | `map(string)` | `{}` | no |\n| \u003ca name=\"input_attributes\"\u003e\u003c/a\u003e [attributes](#input\\_attributes) | ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`,\u003cbr\u003ein the order they appear in the list. New attributes are appended to the\u003cbr\u003eend of the list. The elements of the list are joined by the `delimiter`\u003cbr\u003eand treated as a single ID element. | `list(string)` | `[]` | no |\n| \u003ca name=\"input_context\"\u003e\u003c/a\u003e [context](#input\\_context) | Single object for setting entire context at once.\u003cbr\u003eSee description of individual variables for details.\u003cbr\u003eLeave string and numeric variables as `null` to use default value.\u003cbr\u003eIndividual variable settings (non-null) override settings in context object,\u003cbr\u003eexcept for attributes, tags, and additional\\_tag\\_map, which are merged. | `any` | \u003cpre\u003e{\u003cbr\u003e  \"additional_tag_map\": {},\u003cbr\u003e  \"attributes\": [],\u003cbr\u003e  \"delimiter\": null,\u003cbr\u003e  \"descriptor_formats\": {},\u003cbr\u003e  \"enabled\": true,\u003cbr\u003e  \"environment\": null,\u003cbr\u003e  \"id_length_limit\": null,\u003cbr\u003e  \"label_key_case\": null,\u003cbr\u003e  \"label_order\": [],\u003cbr\u003e  \"label_value_case\": null,\u003cbr\u003e  \"labels_as_tags\": [\u003cbr\u003e    \"unset\"\u003cbr\u003e  ],\u003cbr\u003e  \"name\": null,\u003cbr\u003e  \"namespace\": null,\u003cbr\u003e  \"regex_replace_chars\": null,\u003cbr\u003e  \"stage\": null,\u003cbr\u003e  \"tags\": {},\u003cbr\u003e  \"tenant\": null\u003cbr\u003e}\u003c/pre\u003e | no |\n| \u003ca name=\"input_delimiter\"\u003e\u003c/a\u003e [delimiter](#input\\_delimiter) | Delimiter to be used between ID elements.\u003cbr\u003eDefaults to `-` (hyphen). Set to `\"\"` to use no delimiter at all. | `string` | `null` | no |\n| \u003ca name=\"input_descriptor_formats\"\u003e\u003c/a\u003e [descriptor\\_formats](#input\\_descriptor\\_formats) | Describe additional descriptors to be output in the `descriptors` output map.\u003cbr\u003eMap of maps. Keys are names of descriptors. Values are maps of the form\u003cbr\u003e`{\u003cbr\u003e   format = string\u003cbr\u003e   labels = list(string)\u003cbr\u003e}`\u003cbr\u003e(Type is `any` so the map values can later be enhanced to provide additional options.)\u003cbr\u003e`format` is a Terraform format string to be passed to the `format()` function.\u003cbr\u003e`labels` is a list of labels, in order, to pass to `format()` function.\u003cbr\u003eLabel values will be normalized before being passed to `format()` so they will be\u003cbr\u003eidentical to how they appear in `id`.\u003cbr\u003eDefault is `{}` (`descriptors` output will be empty). | `any` | `{}` | no |\n| \u003ca name=\"input_enabled\"\u003e\u003c/a\u003e [enabled](#input\\_enabled) | Set to false to prevent the module from creating any resources | `bool` | `null` | no |\n| \u003ca name=\"input_environment\"\u003e\u003c/a\u003e [environment](#input\\_environment) | ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no |\n| \u003ca name=\"input_id_length_limit\"\u003e\u003c/a\u003e [id\\_length\\_limit](#input\\_id\\_length\\_limit) | Limit `id` to this many characters (minimum 6).\u003cbr\u003eSet to `0` for unlimited length.\u003cbr\u003eSet to `null` for keep the existing setting, which defaults to `0`.\u003cbr\u003eDoes not affect `id_full`. | `number` | `null` | no |\n| \u003ca name=\"input_label_key_case\"\u003e\u003c/a\u003e [label\\_key\\_case](#input\\_label\\_key\\_case) | Controls the letter case of the `tags` keys (label names) for tags generated by this module.\u003cbr\u003eDoes not affect keys of tags passed in via the `tags` input.\u003cbr\u003ePossible values: `lower`, `title`, `upper`.\u003cbr\u003eDefault value: `title`. | `string` | `null` | no |\n| \u003ca name=\"input_label_order\"\u003e\u003c/a\u003e [label\\_order](#input\\_label\\_order) | The order in which the labels (ID elements) appear in the `id`.\u003cbr\u003eDefaults to [\"namespace\", \"environment\", \"stage\", \"name\", \"attributes\"].\u003cbr\u003eYou can omit any of the 6 labels (\"tenant\" is the 6th), but at least one must be present. | `list(string)` | `null` | no |\n| \u003ca name=\"input_label_value_case\"\u003e\u003c/a\u003e [label\\_value\\_case](#input\\_label\\_value\\_case) | Controls the letter case of ID elements (labels) as included in `id`,\u003cbr\u003eset as tag values, and output by this module individually.\u003cbr\u003eDoes not affect values of tags passed in via the `tags` input.\u003cbr\u003ePossible values: `lower`, `title`, `upper` and `none` (no transformation).\u003cbr\u003eSet this to `title` and set `delimiter` to `\"\"` to yield Pascal Case IDs.\u003cbr\u003eDefault value: `lower`. | `string` | `null` | no |\n| \u003ca name=\"input_labels_as_tags\"\u003e\u003c/a\u003e [labels\\_as\\_tags](#input\\_labels\\_as\\_tags) | Set of labels (ID elements) to include as tags in the `tags` output.\u003cbr\u003eDefault is to include all labels.\u003cbr\u003eTags with empty values will not be included in the `tags` output.\u003cbr\u003eSet to `[]` to suppress all generated tags.\u003cbr\u003e**Notes:**\u003cbr\u003e  The value of the `name` tag, if included, will be the `id`, not the `name`.\u003cbr\u003e  Unlike other `null-label` inputs, the initial setting of `labels_as_tags` cannot be\u003cbr\u003e  changed in later chained modules. Attempts to change it will be silently ignored. | `set(string)` | \u003cpre\u003e[\u003cbr\u003e  \"default\"\u003cbr\u003e]\u003c/pre\u003e | no |\n| \u003ca name=\"input_name\"\u003e\u003c/a\u003e [name](#input\\_name) | ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'.\u003cbr\u003eThis is the only ID element not also included as a `tag`.\u003cbr\u003eThe \"name\" tag is set to the full `id` string. There is no tag with the value of the `name` input. | `string` | `null` | no |\n| \u003ca name=\"input_namespace\"\u003e\u003c/a\u003e [namespace](#input\\_namespace) | ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique | `string` | `null` | no |\n| \u003ca name=\"input_regex_replace_chars\"\u003e\u003c/a\u003e [regex\\_replace\\_chars](#input\\_regex\\_replace\\_chars) | Terraform regular expression (regex) string.\u003cbr\u003eCharacters matching the regex will be removed from the ID elements.\u003cbr\u003eIf not set, `\"/[^a-zA-Z0-9-]/\"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no |\n| \u003ca name=\"input_role_assignments\"\u003e\u003c/a\u003e [role\\_assignments](#input\\_role\\_assignments) | List of role assignments (role name and a scope) | \u003cpre\u003elist(object({\u003cbr\u003e    scope : string\u003cbr\u003e    role_name : string\u003cbr\u003e  }))\u003c/pre\u003e | `[]` | no |\n| \u003ca name=\"input_stage\"\u003e\u003c/a\u003e [stage](#input\\_stage) | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no |\n| \u003ca name=\"input_tags\"\u003e\u003c/a\u003e [tags](#input\\_tags) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).\u003cbr\u003eNeither the tag keys nor the tag values will be modified by this module. | `map(string)` | `{}` | no |\n| \u003ca name=\"input_tenant\"\u003e\u003c/a\u003e [tenant](#input\\_tenant) | ID element \\_(Rarely used, not included by default)\\_. A customer identifier, indicating who this instance of a resource is for | `string` | `null` | no |\n\n## Modules\n\n| Name | Source | Version |\n|------|--------|---------|\n| \u003ca name=\"module_this\"\u003e\u003c/a\u003e [this](#module\\_this) | cloudposse/label/null | 0.25.0 |\n\n## Outputs\n\n| Name | Description |\n|------|-------------|\n| \u003ca name=\"output_group_id\"\u003e\u003c/a\u003e [group\\_id](#output\\_group\\_id) | ID of the group |\n| \u003ca name=\"output_group_name\"\u003e\u003c/a\u003e [group\\_name](#output\\_group\\_name) | Name of the group |\n\n## Providers\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"provider_azuread\"\u003e\u003c/a\u003e [azuread](#provider\\_azuread) | \u003e= 2.0 |\n| \u003ca name=\"provider_azurerm\"\u003e\u003c/a\u003e [azurerm](#provider\\_azurerm) | \u003e= 3.0 |\n\n## Requirements\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"requirement_terraform\"\u003e\u003c/a\u003e [terraform](#requirement\\_terraform) | \u003e= 1.3.0 |\n| \u003ca name=\"requirement_azuread\"\u003e\u003c/a\u003e [azuread](#requirement\\_azuread) | \u003e= 2.0 |\n| \u003ca name=\"requirement_azurerm\"\u003e\u003c/a\u003e [azurerm](#requirement\\_azurerm) | \u003e= 3.0 |\n\n## Resources\n\n| Name | Type |\n|------|------|\n| [azuread_group.this](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/resources/group) | resource |\n| [azurerm_role_assignment.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |\n\u003c!-- END_TF_DOCS --\u003e\n\n## CONTRIBUTING\n\nContributions are very welcomed!\n\nStart by reviewing [contribution guide](CONTRIBUTING.md) and our [code of conduct](CODE_OF_CONDUCT.md). After that, start coding and ship your changes by creating a new PR.\n\n## LICENSE\n\nApache 2 Licensed. See [LICENSE](LICENSE) for full details.\n\n## AUTHORS\n\n\u003c!--- Replace repository name --\u003e\n\u003ca href=\"https://github.com/getindata/terraform-azuread-group/graphs/contributors\"\u003e\n  \u003cimg src=\"https://contrib.rocks/image?repo=getindata/terraform-azuread-group\" /\u003e\n\u003c/a\u003e\n\nMade with [contrib.rocks](https://contrib.rocks).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgetindata%2Fterraform-azuread-group","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgetindata%2Fterraform-azuread-group","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgetindata%2Fterraform-azuread-group/lists"}