Skip to content

Legacy

This section only applies if you have an existing Azure AD client registered in the IaC repository.

Pre-authorization

Communication between legacy clients provisioned through aad-iac and clients provisioned through NAIS requires some additional configuration.

Scenario 1

Allowing a NAIS client to access an aad-iac client

Prerequisites:

  • You have a legacy client registered in the aad-iac repository.
  • You would like to pre-authorize client provisioned through NAIS.

Steps:

  • Refer to the NAIS client in aad-iac using its fully qualified name (see naming format):
<cluster>:<namespace>:<app-name>

Example:


Scenario 2

Allowing an aad-iac client to access a NAIS client

Prerequisites:

  • You have a client provisioned through NAIS.
  • You would like to pre-authorize a legacy client registered in the aad-iac repository.

Steps:

Example:

spec:
  accessPolicy:
    inbound:
      rules:
      - application: dkif
        namespace: team-rocket
        cluster: dev-fss

Migration

If you have an existing legacy client in aad-iac and wish to keep the current client ID and configuration when moving to NAIS, contact us on Slack for assistance.

If keeping the existing client ID and configuration is not important, it should be much easier to just provision new clients instead.


Last update: 2022-12-02
Created: 2021-07-08