enum

TL;DR

  • Backstage is an open-source developer portal that helps us manage software projects, tools, and APIs.
  • With Backstage, we can create a unified view of our software ecosystem, making it easier for developers to discover and use tools.
  • With Backstage, we can create custom plugins to integrate with our existing tools and services.
  • My post provides an example custom template for Entra ID, which allows us to build a process to enable SSO for the applications.

Introduction

Based on the Identity perspective for the organisation, we are facing the challenge of managing multiple software projects, tools, and APIs. Backstage is an open-source developer portal that helps us create a unified view of our software ecosystem, making it easier for developers to discover and use tools. In this post, I will guide us through setting up Backstage and creating a custom plugin for Entra ID.

Big Picture

backstage-diagram Via the Backstage template (YAML file), we can improve our operations and automate the enablement of SSO for a new application. The template can include the necessary steps to create an Entra ID application, configure SSO, and set up the required permissions. Via the Backstage template a pull request will be created. Accepted by the operations team, will trigger the automation process to create the Entra ID application via terraform. Based on the requirements expected details like client_id will be shared via dedicated channel.

This allows for a more streamlined and efficient process, reducing the time and effort required to set up SSO for new applications.

Workflow overview

Enter basic details: name and description. backstage-workflow

Expected permissions, secret? backstage-workflow

Summary and submit the request. backstage-workflow

Run the flow: read repository, update terraform file to enable SSO for the application. backstage-workflow

Operation team must review pull request - check expected permissions, approve or reject and merge. backstage-workflow

Run the pipeline with GitHub Actions or maybe with SpaceLift? backstage-workflow

Share the details with the application team.

Business Value

  • Developer Self-Service to enable SSO for new applications.
  • The operations team can focus on more important tasks instead of manual SSO configuration.
  • Approval process via pull request ensures that the operations team can review and approve the changes before they are applied.
  • Continuous improvement of the process by collecting feedback from developers and operations team - managed by Terraform Entra as Code can be improved by changes in the internal Terraform implementation.
  • Automated process for many environments (dev, test, prod) to ensure consistency and reduce errors, by one request internal process can be triggered to create the Entra ID applications for dev, test and prod.
  • A similar process can be used to build a process for Landing Zones.
  • Backstage can be used to manage other tools and services, like Azure DevOps, GitHub, or Jenkins, providing a unified view of the software ecosystem.

Technical Summary

  • Backstage is a powerful Developer Portal that helps us manage software projects, tools, and APIs.
  • Custom plugins can be created, like in my case to merge files. Nice documentation and examples plus javascript or typescript knowledge are required. There are no issues from my side.
  • Backstage templates via Nunjucks are easy to use.

Challenges

  • There is no built-in support to merge files in Backstage templates. We need to create a custom plugin to handle this.
  • The standard Backstage examples are provided to generate an Application Repository based on the scaffold template. We expect to create a pull request to the existing repository with the updated Terraform file.