bitcain docs
Infrastructure

entra-id

Requirements

The following requirements are needed by this module:

Providers

The following providers are used by this module:

Modules

No modules.

Resources

The following resources are used by this module:

Required Inputs

The following input variables are required:

environment

Description: Environment name

Type: string

Optional Inputs

The following input variables are optional (have default values):

admin_user_principal_name

Description: Primary admin UPN (must be @bitcain.net)

Type: string

Default: "cain@bitcain.net"

break_glass_upn

Description: Break-glass account UPN excluded from all CA policies

Type: string

Default: ""

device_compliance_enabled

Description: Enable device compliance CA policy (CA-06). Requires Intune.

Type: bool

Default: false

entra_p1_enabled

Description: Enable Conditional Access policies (requires Entra ID P1 license)

Type: bool

Default: false

entra_tenant_id

Description: Entra ID tenant ID. Leave empty to skip all Entra resources (skeleton mode).

Type: string

Default: ""

fido2_enabled

Description: Enable FIDO2 auth strength policy and CA-02 (phishing-resistant MFA for admins). Requires FIDO2 keys registered + Policy.ReadWrite.AuthenticationMethod permission.

Type: bool

Default: false

trusted_location_cidrs

Description: CIDR ranges for trusted network locations (CA-05). Leave empty to skip CA-05.

Type: list(string)

Default: []

Outputs

The following outputs are exported:

admins_group_id

Description: Bitcain admins group object ID

auth_strength_policy_id

Description: Phishing-resistant authentication strength policy ID (built-in)

break_glass_group_id

Description: Break-glass exclusion group object ID

cloudflare_access_app

Description: Cloudflare Access application registration details

conditional_access_policy_ids

Description: Conditional Access policy IDs (null when P1 not enabled)

gcp_workforce_app

Description: GCP Workforce Federation application registration details

github_saml_app

Description: GitHub SAML SSO application registration details

github_saml_metadata

Description: GitHub SAML SSO metadata for configuring GitHub Enterprise

google_workspace_app

Description: Google Workspace SAML application registration details

google_workspace_saml_metadata

Description: Google Workspace SAML metadata for configuring Google Admin Console

groups

Description: Entra ID security group IDs

On this page