Customer Tenant with no subscription #1567
Description
Is your feature request related to a problem? Please describe.
We are attempting workforce tenant vs customer tenant separation and so our idea was to create workload identities principal in customer tenant with federation to service account in cluster running in workforce tenant
of course the app reg would be multi tenant
The setup involves entra id and unless I am missing something, should not require subscription as such
at the moment the azwi requires subscription in the tenant as it is extracting tenant id by attempting to login to subscription id passed or issues dummy challenge and extracts tenant id from headers in a response - this is not possible when there is no subscription
Describe the solution you'd like
Service principal gets created and federated against OIDC url of the cluster and tool does not fail
Describe alternatives you've considered
Additional context