Terraform Enterprise 2.0 Transforms How Teams Scale Infrastructure
HashiCorp has launched Terraform Enterprise 2.0, a major step forward in Terraform Enterprise infrastructure operations for large organisations. The release brings new tools to reduce operational overhead, tighten governance, and improve deployment consistency across complex environments.
At the core of this update is a new feature called Stacks. Stacks let teams manage collections of infrastructure as a single coordinated unit. Rather than manually tracking dependencies across multiple configurations, teams can define and deploy infrastructure across environments, regions, and accounts in a consistent, repeatable way. The platform automatically manages dependencies between components, and teams can reproduce environments with far less effort.
For a deeper look at how Stacks work, HashiCorp has published a Terraform Stacks explained blog post and the official Stacks documentation. Stacks are available on all plans based on resources under management.
Alongside Stacks, the release addresses a long-standing observability gap. Previously, teams had to configure notification settings workspace by workspace. At scale, that approach introduced risk, new workspaces could go live without alerting in place, creating dangerous blind spots. Terraform Enterprise 2.0 solves this with project-level notifications. Teams set notification rules once at the project level, and the platform applies them automatically to all associated workspaces, including new ones.
Identity and access management also gets a significant upgrade. Terraform Enterprise infrastructure operations now support SCIM 2.0, which automates user provisioning, updating, and deprovisioning directly from an identity provider (IdP). Administrators can map IdP groups to Terraform Enterprise teams, eliminating manual user management. Initial support covers Okta and Azure Entra ID. Full details are in the SCIM documentation.
API token management also tightens under this release. Newly created tokens now require a defined expiration, or the platform defaults to a two-year limit. This directly cuts the risk of long-lived credentials sitting unmanaged. Additionally, a new site auditor role gives security teams read-only access across organisations, workspaces, runs, and policy sets, without exposing sensitive data such as state files. The site auditor role documentation covers this in full.
On the operational side, administrators can now run on-demand health checks directly from the admin console. These checks deliver clear, human-readable system status insights and speed up troubleshooting. Pre-upgrade validation checks further cut risk by surfacing compatibility issues before an upgrade begins, giving teams time to act. Both features are in the admin console documentation.
One of the most practical additions is cross-organisation workspace migration. Teams can now move workspaces between organisations within the same Terraform Enterprise instance using the new workspace transfer API. The process locks the source workspace, creates a destination workspace, and copies key data including state versions. Teams can then run plans in the destination before they finalise the transfer. Throughout the process, history and external IDs stay intact, so production systems remain undisturbed.
Finally, Terraform Enterprise 2.0 adopts IBM’s versioning and support lifecycle model. Each major milestone release gets at least two years of standard support, with extended options available beyond that. Enterprise teams, therefore, get a more predictable and durable framework for mission-critical workloads.
To explore all changes, see the official Terraform Enterprise 2.0 release notes. To get started, visit the Terraform product page.
