This section only applies if you have an existing Azure AD client registered in the IaC repository.
Communication between legacy clients provisioned through aad-iac and clients provisioned through NAIS requires some additional configuration.
Allowing a NAIS client to access an aad-iac client¶
- You have a legacy client registered in the
- You would like to pre-authorize client provisioned through NAIS.
- Refer to the NAIS client in aad-iac using its fully qualified name (see naming format):
Allowing an aad-iac client to access a NAIS client¶
- You have a client provisioned through NAIS.
- You would like to pre-authorize a legacy client registered in the
- The legacy client must follow the expected naming format. Follow step 1 and step 2 in the migration guide.
- Refer to the legacy client analogously to a NAIS application
- See this example in aad-iac
- Pre-authorizing the legacy client in nais.yaml:
spec: accessPolicy: inbound: rules: - application: dkif namespace: team-rocket cluster: dev-fss
If keeping the existing client ID and configuration is not important, it should be much easier to just provision new clients instead.