Automated identity and access management for microservices in Azure : Entra application registrations with roles and permissions with Bicep
Tastula, Niko (2025)
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2025051311137
https://urn.fi/URN:NBN:fi:amk-2025051311137
Tiivistelmä
This thesis studies the possibilities and challenges of automating authorization configurations in Azure cloud environment, with a focus on preview-version Microsoft Entra Bicep template -based deployments. As cloud-native architectures are adopted increasingly, manual configuration of identity and access management (IAM) resources has proven to be error-prone, time consuming, costly, and most importantly difficult to scale. The primary aim of this thesis was to develop and evaluate an automated solution for deploying Azure Entra resources using Bicep, and afterwards comparing its efficiency, security, and cost-effectiveness against manual approaches. Technical implementation is available at URL https://github.com/koni123/MicroServiceAuthorization
The research consisted of a theoretical analysis of manual versus automated cloud configurations, followed by the implementation of a Bicep template -based microservice architecture. The methodology was a project-based approach, consisting of development of Bicep templates and PowerShell automation scripts to manage Entra applications, roles, and permissions. In addition to that three simple microservices were developed and deployed to test the developed IAM-solution.
The results demonstrated that automated deployments reduced deployment times considerably compared to manual processes. On the other hand, the initial invested time required to develop the Bicep-based solution is also a big factor due, for example the learning curve for Bicep language. The findings align with prior studies on Infrastructure as Code efficiency while revealing some constraints caused by preview version of Entra Bicep templates.
In conclusion, the study validates that Bicep automation significantly improves consistency and scalability in Entra ID management, though it requires initial time investment for example in Bicep language training. Future work should address the automation of deployments and possible enhancements made in release version of the Entra Bicep templates. This research contributes practical insights for organizations transitioning from manual to automated IAM workflows in Azure environments with Bicep.
The research consisted of a theoretical analysis of manual versus automated cloud configurations, followed by the implementation of a Bicep template -based microservice architecture. The methodology was a project-based approach, consisting of development of Bicep templates and PowerShell automation scripts to manage Entra applications, roles, and permissions. In addition to that three simple microservices were developed and deployed to test the developed IAM-solution.
The results demonstrated that automated deployments reduced deployment times considerably compared to manual processes. On the other hand, the initial invested time required to develop the Bicep-based solution is also a big factor due, for example the learning curve for Bicep language. The findings align with prior studies on Infrastructure as Code efficiency while revealing some constraints caused by preview version of Entra Bicep templates.
In conclusion, the study validates that Bicep automation significantly improves consistency and scalability in Entra ID management, though it requires initial time investment for example in Bicep language training. Future work should address the automation of deployments and possible enhancements made in release version of the Entra Bicep templates. This research contributes practical insights for organizations transitioning from manual to automated IAM workflows in Azure environments with Bicep.