Key features in Terraform Enterprise 2.0 include:
Stacks to manage multi-tier, multi-environment deployments as a single system, reducing coordination overhead and improving deployment consistency
Project-level notifications to enable monitoring-by-default across workspaces, reducing operational overhead and eliminating gaps that can lead to missed alerts in large-scale environments
SCIM 2.0 support with team membership mapping to automate user provisioning and access control, improving security and eliminating manual identity management
Site auditor role for secure, read‑only access to orgs, workspaces, runs, and policies
Improved operational visibility and diagnostics with built-in health checks and system insights, helping teams troubleshoot issues more efficiently
Pre-upgrade validation checks to proactively identify compatibility issues and reduce risk during upgrades
Enhanced API token management with required expiration for new tokens, helping reduce the risk of long-lived credentials
Cross-org workspace migration to migrate workspaces at scale, moving between organizations in the same environment with full traceability and compliance
»Orchestrate complex infrastructure across environments with Stacks
At the core of Terraform Enterprise 2.0 is support for Stacks, a new infrastructure orchestration capability that allows teams to manage collections of infrastructure as a single unit. Terraform Stacks are available on all plans based on resources under management.
As organizations scale, infrastructure evolves from isolated configurations into systems of interconnected components. Stacks reflect this shift by introducing a configuration layer that enables teams to define and manage infrastructure across environments, regions, and accounts in a consistent, repeatable way.
Stacks are designed to address a common challenge in large-scale Terraform usage: Once infrastructure is split across multiple configurations, teams must manually coordinate dependencies, manage deployment order, and replicate environments.
By bringing this orchestration into the platform, Stacks allow teams to define infrastructure as a system of components with coordination. Dependencies between components are managed automatically, and deployments can be easily repeated across environments.
This approach reduces the operational overhead of managing complex infrastructure and helps ensure consistent, reliable deployments at scale. For a deeper look at how Stacks work and the problems they solve, see the Terraform Stacks, explained blog and see the documentation for Stacks.
»Enabling self-service with greater control
As Terraform usage expands across organizations, maintaining consistency and governance is critical in enabling self-service.
Historically, configuring observability required defining notification settings on a workspace-by-workspace basis. At scale, this created significant operational overhead and introduced risk — particularly when new workspaces were deployed without operation teams receiving proper alerting, leading to gaps in visibility.
Terraform Enterprise 2.0 addresses this challenge with project-level notifications, allowing platform teams to define notification settings once at the project level and automatically apply them across all associated workspaces.
This inheritance model ensures that alerting is consistently applied, even as new workspaces are created or moved between projects. By establishing a centralized control plane for notifications, organizations can enforce a monitoring baseline across environments without requiring manual configuration.
The result is a more reliable and scalable operating model — one where infrastructure is monitored by default, operational overhead is reduced, and teams can standardize observability across environments.
To learn more about standardizing your observability workflows, you can check out the notifications settings in the Terraform Enterprise project notification documentation.
»Strengthening identity and access at scale
Operating Terraform in large environments requires identity and access controls that are both flexible and scalable. Terraform Enterprise 2.0 introduces enhancements that align with modern security practices while reducing administrative overhead.
Terraform Enterprise 2.0 now provides Service for Cross-domain Identity Management (SCIM) 2.0 for automated user lifecycle management. With team membership mapping, this enables automated, standards-based, timely provisioning, updating, and deprovisioning of users and their team memberships directly from an identity provider (IdP). Terraform Enterprise administrators can now map IdP groups to Terraform Enterprise teams, a change that eliminates manual user management while significantly enhancing security, compliance, and operational efficiency for large enterprises. Initial support covers Okta and Azure Entra ID. For more detail, see documentation.
New governance capabilities also provide more precise control over policy workflows. With granular policy delegation, teams can be granted the ability to apply workspace override policy within defined scopes, enabling flexibility without requiring broad administrative permissions. Organization managers can grant the “delegate policy override” permission, so teams can override failed soft mandatory policy checks only for the projects and workspaces they manage. This helps customers avoid broader organization-wide access while supporting policy override workflows where they are needed.
Terraform Enterprise 2.0 also introduces enhanced API token management, where newly created tokens require defined expiration or will automatically default to a two-year expiration from the date of creation. This reduces the risk associated with long-lived credentials.
Additionally, the introduction of the site auditor role enables read-only access across Terraform Enterprise. The site auditor role is designed for auditing and security workflows, providing visibility into organizations, workspaces, runs, policy sets, and related resources while blocking access to sensitive data such as state files.
»Improving operational efficiency and resilience
Terraform Enterprise 2.0 includes several enhancements designed to simplify operations and improve resilience.
With the enhanced readiness and diagnostics checks from the admin console, administrators can run on-demand health checks directly within the user interface. These checks provide clear, human-readable insights into system status and allow teams to collect diagnostics, streamlining troubleshooting and supporting workflows. This lowers support costs and improves service availability by empowering admins to resolve platform issues faster and with less manual effort.
Pre-upgrade validation checks further improve reliability by identifying potential issues before an upgrade begins. By surfacing compatibility concerns early and providing immediate feedback, these checks help teams plan upgrades more effectively and reduce the risk of disruption.
Terraform Enterprise 2.0 also introduces cross-organization workspace migration, enabling teams to move workspaces between organizations while preserving critical data and maintaining continuity.
This capability allows teams to natively utilize the new workspace transfer API to initiate asynchronous workspace transfers within the same Terraform Enterprise instance, moving infrastructure safely and at scale without disrupting existing workflows. During the migration process, Terraform Enterprise coordinates the transfer by locking your source workspace, creating an empty destination workspace in the new org or project, and copying key pieces of data (e.g., state versions). Built-in validation steps allow teams to verify the migrated workspace. Teams can run plans and applies in the destination environment before finalizing the transition where the source workspace is deleted, and original external IDs are remapped onto the new workspace to maintain continuity. This staged approach reduces risk and gives teams confidence that migrations can be completed without impacting production systems and infrastructure state while keeping history intact.
By providing a native, controlled way to migrate workspaces, Terraform Enterprise 2.0 helps organizations evolve their infrastructure at scale over time — without sacrificing auditability, compliance, or operational continuity.
Additional updates, including support for newer database versions, further strengthen the platform’s reliability and operational readiness.
»Adoption of a new versioning pattern and support model
Terraform Enterprise 2.0 adopts IBM versioning and lifecycle practices. This release and all future releases move toward the IBM Support Cycle-2 policy, which is designed to provide clearer lifecycle expectations. Under this model, each major (“V”) milestone release will receive at least two years of standard support, with extended support options available to ensure continuity for mission-critical workloads. Extended support includes an initial third year with critical bug fixes, usage support, and select security updates, followed by ongoing support (years four through six) for usage guidance and known issue assistance. This approach delivers a more predictable and durable support framework while aligning Terraform with the broader IBM product lifecycle strategy.
»A new foundation for operating Terraform at scale
Terraform Enterprise 2.0 continues the evolution of Terraform for infrastructure lifecycle management.
By introducing a new orchestration model with Stacks, strengthening identity and governance, and improving operational visibility, this release enables organizations to scale and manage infrastructure.
As infrastructure continues to grow in complexity, Terraform Enterprise 2.0 provides a foundation for operating with greater consistency, security, and efficiency.
To explore all features and updates in detail, see the Terraform Enterprise 2.0 release notes. To learn more about Terraform or start using Terraform visit the Terraform product page.
