From f793cf9fe5542795645f7eec1ef643f5e00ca825 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Piggy=20Park=20=28=EB=B0=95=EC=9A=A9=ED=83=9C=29?=
 <samuel.park@megazone.com>
Date: Mon, 7 Jul 2025 14:38:04 +0900
Subject: [PATCH 1/3] feat(trusted-account-auto-sync): apply new auto-sync
 mapping method for azure account (azure management group)

feat(trusted-account-auto-sync): apply new auto-sync mapping method for azure account (azure management group)
---
 .../schema/api-verbs/create.ts                |   1 +
 .../schema/api-verbs/update.ts                |   1 +
 .../identity/trusted-account/schema/model.ts  |   1 +
 .../components/info-tooltip/InfoTooltip.vue   |  35 ++++
 .../components/ServiceAccountAutoSync.vue     |   1 +
 .../ServiceAccountAutoSyncMappingMethod.vue   | 154 ++++++++----------
 .../constants/auto-sync-options-contant.ts    |  77 +++++++++
 .../pages/ServiceAccountAddPage.vue           |   1 +
 .../stores/service-account-page-store.ts      |  10 +-
 9 files changed, 193 insertions(+), 88 deletions(-)
 create mode 100644 apps/web/src/common/components/info-tooltip/InfoTooltip.vue
 create mode 100644 apps/web/src/services/service-account/constants/auto-sync-options-contant.ts

diff --git a/apps/web/src/api-clients/identity/trusted-account/schema/api-verbs/create.ts b/apps/web/src/api-clients/identity/trusted-account/schema/api-verbs/create.ts
index bedf702ac3..043f6a78cd 100644
--- a/apps/web/src/api-clients/identity/trusted-account/schema/api-verbs/create.ts
+++ b/apps/web/src/api-clients/identity/trusted-account/schema/api-verbs/create.ts
@@ -14,6 +14,7 @@ export interface TrustedAccountCreateParameters {
     sync_options?: {
         skip_project_group: boolean;
         single_workspace_id: string;
+        use_management_group_as_workspace?: boolean; // only for Azure
     };
     plugin_options?: Record<string, any>;
     tags?: Tags;
diff --git a/apps/web/src/api-clients/identity/trusted-account/schema/api-verbs/update.ts b/apps/web/src/api-clients/identity/trusted-account/schema/api-verbs/update.ts
index 3f6e252d51..0a72e9a2b5 100644
--- a/apps/web/src/api-clients/identity/trusted-account/schema/api-verbs/update.ts
+++ b/apps/web/src/api-clients/identity/trusted-account/schema/api-verbs/update.ts
@@ -11,6 +11,7 @@ export interface TrustedAccountUpdateParameters {
     sync_options?: {
         skip_project_group: boolean;
         single_workspace_id: string;
+        use_management_group_as_workspace?: boolean; // only for Azure
     };
     plugin_options?: Record<string, any>;
     tags?: Tags;
diff --git a/apps/web/src/api-clients/identity/trusted-account/schema/model.ts b/apps/web/src/api-clients/identity/trusted-account/schema/model.ts
index e01e0d73d5..e8cf6ae1e3 100644
--- a/apps/web/src/api-clients/identity/trusted-account/schema/model.ts
+++ b/apps/web/src/api-clients/identity/trusted-account/schema/model.ts
@@ -13,6 +13,7 @@ export interface TrustedAccountModel {
     sync_options?: {
         skip_project_group: boolean;
         single_workspace_id: string;
+        use_management_group_as_workspace?: boolean; // only for Azure
     };
     plugin_options?: Record<string, any>;
     tags: Tags;
diff --git a/apps/web/src/common/components/info-tooltip/InfoTooltip.vue b/apps/web/src/common/components/info-tooltip/InfoTooltip.vue
new file mode 100644
index 0000000000..5274de29c2
--- /dev/null
+++ b/apps/web/src/common/components/info-tooltip/InfoTooltip.vue
@@ -0,0 +1,35 @@
+<script setup lang="ts">
+import { PTooltip, PI } from '@cloudforet/mirinae';
+import type { TooltipPosition } from '@cloudforet/mirinae/types/data-display/tooltips/type';
+
+interface Props {
+    tooltipContents: string;
+    tooltipPosition?: TooltipPosition;
+    width?: string;
+    height?: string;
+    color?: string;
+    iconName?: string;
+}
+
+const props = withDefaults(defineProps<Props>(), {
+    tooltipPosition: 'bottom',
+    width: '0.75rem',
+    height: '0.75rem',
+    color: 'inherit',
+    iconName: 'ic_info-circle',
+});
+</script>
+
+<template>
+    <p-tooltip class="info-tooltip"
+               :contents="props.tooltipContents"
+               :position="props.tooltipPosition"
+    >
+        <p-i :name="props.iconName"
+             :height="props.height"
+             :width="props.width"
+             :color="props.color"
+             class="info-tooltip-icon"
+        />
+    </p-tooltip>
+</template>
diff --git a/apps/web/src/services/service-account/components/ServiceAccountAutoSync.vue b/apps/web/src/services/service-account/components/ServiceAccountAutoSync.vue
index f0bfb2dfcf..01bbb791be 100644
--- a/apps/web/src/services/service-account/components/ServiceAccountAutoSync.vue
+++ b/apps/web/src/services/service-account/components/ServiceAccountAutoSync.vue
@@ -77,6 +77,7 @@ const handleClickSaveButton = async () => {
             sync_options: {
                 skip_project_group: serviceAccountPageFormState.skipProjectGroup,
                 single_workspace_id: serviceAccountPageFormState.selectedSingleWorkspace ?? undefined,
+                use_management_group_as_workspace: serviceAccountPageFormState.useManagementGroupAsWorkspace ?? undefined,
             },
             plugin_options: serviceAccountPageFormState.additionalOptions,
         });
diff --git a/apps/web/src/services/service-account/components/ServiceAccountAutoSyncMappingMethod.vue b/apps/web/src/services/service-account/components/ServiceAccountAutoSyncMappingMethod.vue
index 7586074292..1e331e959c 100644
--- a/apps/web/src/services/service-account/components/ServiceAccountAutoSyncMappingMethod.vue
+++ b/apps/web/src/services/service-account/components/ServiceAccountAutoSyncMappingMethod.vue
@@ -4,73 +4,26 @@ import { computed, reactive, watch } from 'vue';
 
 import { PFieldTitle, PRadio } from '@cloudforet/mirinae';
 
+
+import { i18n } from '@/translations';
+
 import { useAppContextStore } from '@/store/app-context/app-context-store';
 import { useUserWorkspaceStore } from '@/store/app-context/workspace/user-workspace-store';
 
+import InfoTooltip from '@/common/components/info-tooltip/InfoTooltip.vue';
 import MappingMethod from '@/common/components/mapping-method/MappingMethod.vue';
 import WorkspaceLogoIcon from '@/common/modules/navigations/top-bar/modules/top-bar-header/WorkspaceLogoIcon.vue';
 
 import WorkspaceDropdown from '@/services/service-account/components/WorkspaceDropdown.vue';
+import { CSP_AUTO_SYNC_OPTIONS_MAP, WORKSPACE_MAPPING_OPTIONS_MAP } from '@/services/service-account/constants/auto-sync-options-contant';
+import type { ServiceAccountStoreFormState } from '@/services/service-account/stores/service-account-page-store';
 import { useServiceAccountPageStore } from '@/services/service-account/stores/service-account-page-store';
 
-const cspAdditionalOptionMap = {
-    aws: {
-        name: 'AWS Organization',
-        workspaceMappingOptions: [
-            {
-                label: 'Top-level Organization Units',
-                value: 'multipleWorkspaces',
-            },
-            {
-                label: 'AWS Organization',
-                value: 'singleWorkspace',
-            },
-        ],
-        projectGroupMappingOptions: [
-            {
-                label: 'Nested Organization Units',
-                value: 'projectGroups',
-            },
-        ],
-    },
-    azure: {
-        name: 'Azure Tenant',
-        workspaceMappingOptions: [
-            {
-                label: 'Multitenant Organization',
-                value: 'multipleWorkspaces',
-            },
-            {
-                label: 'Azure Tenant',
-                value: 'singleWorkspace',
-            },
-        ],
-        projectGroupMappingOptions: [
-            {
-                label: 'Nested Management Groups',
-                value: 'projectGroups',
-            },
-        ],
-    },
-    google_cloud: {
-        name: 'Google Cloud Organization',
-        workspaceMappingOptions: [
-            {
-                label: 'Top-level Folders in Google Cloud Organization',
-                value: 'multipleWorkspaces',
-            },
-            {
-                label: 'Google Cloud Organization',
-                value: 'singleWorkspace',
-            },
-        ],
-        projectGroupMappingOptions: [
-            {
-                label: 'Folders in Google Cloud Organization',
-                value: 'projectGroups',
-            },
-        ],
-    },
+type FormData = Partial<Pick<ServiceAccountStoreFormState, 'selectedSingleWorkspace' | 'skipProjectGroup' | 'useManagementGroupAsWorkspace'>>;
+type MappingMethodOptionType = {
+    label: string;
+    value: any;
+    info?: string;
 };
 
 const props = withDefaults(defineProps<{mode:'UPDATE'|'READ'}>(), {
@@ -83,11 +36,29 @@ const serviceAccountPageFormState = serviceAccountPageStore.formState;
 const appContextStore = useAppContextStore();
 const userWorkspaceStore = useUserWorkspaceStore();
 
+
 const state = reactive({
-    selectedWorkspace: computed(() => serviceAccountPageStore.formState.selectedSingleWorkspace ?? ''),
-    additionalOptionUiByProvider: computed(() => cspAdditionalOptionMap[serviceAccountPageState.selectedProvider] ?? {}),
-    workspaceMapping: 'multipleWorkspaces',
-    projectGroupMapping: 'projectGroups',
+    selectedWorkspace: computed<string|undefined>(() => serviceAccountPageStore.formState.selectedSingleWorkspace ?? undefined),
+    mappingMethodProviderLabel: computed<string|undefined>(() => CSP_AUTO_SYNC_OPTIONS_MAP[serviceAccountPageState.selectedProvider]?.name ?? ''),
+    workspaceMappingOptions: computed<MappingMethodOptionType[]>(() => CSP_AUTO_SYNC_OPTIONS_MAP[serviceAccountPageState.selectedProvider].workspaceMappingOptions),
+    projectGroupMappingOptions: computed<MappingMethodOptionType[]>(() => [
+        ...CSP_AUTO_SYNC_OPTIONS_MAP[serviceAccountPageState.selectedProvider].projectGroupMappingOptions,
+        {
+            label: i18n.t('IDENTITY.SERVICE_ACCOUNT.AUTO_SYNC.SKIP_PROJECT_GROUP_MAPPING'),
+            value: false,
+        },
+    ]),
+    workspaceMapping: 'multi' as (typeof WORKSPACE_MAPPING_OPTIONS_MAP)[keyof typeof WORKSPACE_MAPPING_OPTIONS_MAP],
+    projectGroupMapping: true as boolean,
+
+    formData: computed<FormData>(() => (state.isDomainForm ? {
+        selectedSingleWorkspace: state.workspaceMapping === WORKSPACE_MAPPING_OPTIONS_MAP.SINGLE ? state.selectedWorkspace : undefined,
+        skipProjectGroup: !state.projectGroupMapping,
+        useManagementGroupAsWorkspace: state.workspaceMapping === WORKSPACE_MAPPING_OPTIONS_MAP.MULTI_MANAGEMENT_GROUP_FOR_AZURE ? true : undefined,
+    } : {
+        skipProjectGroup: !state.projectGroupMapping,
+    })),
+
     selectedWorkspaceItem: computed(() => userWorkspaceStore.getters.workspaceMap[state.selectedWorkspace] ?? {}),
     isAdminMode: computed(() => appContextStore.getters.isAdminMode),
     isResourceGroupDomain: computed(() => serviceAccountPageState.originServiceAccountItem.resource_group === 'DOMAIN'),
@@ -112,15 +83,9 @@ const state = reactive({
             name: 'project_group',
         },
     ])),
-    formData: computed(() => (state.isDomainForm ? {
-        selectedSingleWorkspace: state.workspaceMapping === 'singleWorkspace' ? state.selectedWorkspace : '',
-        skipProjectGroup: state.projectGroupMapping === 'skip',
-    } : {
-        skipProjectGroup: state.projectGroupMapping === 'skip',
-    })),
-    selectedWorkspaceMappingOptionLabel: computed(() => cspAdditionalOptionMap[serviceAccountPageState.selectedProvider].workspaceMappingOptions
-        .find((option) => (option.value === (state.selectedWorkspace ? 'singleWorkspace' : 'multipleWorkspaces')))?.label),
-    selectedProjectGroupMappingOptionLabel: computed(() => cspAdditionalOptionMap[serviceAccountPageState.selectedProvider].projectGroupMappingOptions[0].label),
+    selectedWorkspaceMappingOptionLabel: computed(() => CSP_AUTO_SYNC_OPTIONS_MAP[serviceAccountPageState.selectedProvider].workspaceMappingOptions
+        .find((option) => (option.value === state.workspaceMapping))?.label),
+    selectedProjectGroupMappingOptionLabel: computed(() => CSP_AUTO_SYNC_OPTIONS_MAP[serviceAccountPageState.selectedProvider].projectGroupMappingOptions[0].label),
 });
 
 const handleUpdateWorkspace = (workspaceId:string) => {
@@ -129,6 +94,14 @@ const handleUpdateWorkspace = (workspaceId:string) => {
     });
 };
 
+const handleWorkspaceMappingChange = (value: (typeof WORKSPACE_MAPPING_OPTIONS_MAP)[keyof typeof WORKSPACE_MAPPING_OPTIONS_MAP]) => {
+    state.workspaceMapping = value;
+};
+
+const handleProjectGroupMappingChange = (value: boolean) => {
+    state.projectGroupMapping = value;
+};
+
 watch(() => state.formData, (formData) => {
     Object.entries(formData).forEach(([key, value]) => {
         serviceAccountPageStore.setFormState(key, value);
@@ -137,8 +110,14 @@ watch(() => state.formData, (formData) => {
 
 watch(() => serviceAccountPageState.originServiceAccountItem, (item) => {
     if (item) {
-        state.workspaceMapping = item.sync_options?.single_workspace_id ? 'singleWorkspace' : 'multipleWorkspaces';
-        state.projectGroupMapping = item.sync_options?.skip_project_group ? 'skip' : 'projectGroups';
+        if (!item.sync_options?.single_workspace_id && !item.sync_options?.use_management_group_as_workspace) { // normal multi workspace case
+            state.workspaceMapping = WORKSPACE_MAPPING_OPTIONS_MAP.MULTI;
+        } else if (item.sync_options?.use_management_group_as_workspace) { // Azure multi management group workspace case
+            state.workspaceMapping = WORKSPACE_MAPPING_OPTIONS_MAP.MULTI_MANAGEMENT_GROUP_FOR_AZURE;
+        } else { // normal single workspace case
+            state.workspaceMapping = WORKSPACE_MAPPING_OPTIONS_MAP.SINGLE;
+        }
+        state.projectGroupMapping = !item.sync_options?.skip_project_group;
     }
 }, { immediate: true });
 
@@ -154,7 +133,7 @@ watch(() => serviceAccountPageState.originServiceAccountItem, (item) => {
                         class="mb-6"
         >
             <template #provider>
-                <p>{{ state.additionalOptionUiByProvider.name }}</p>
+                <p>{{ state.mappingMethodProviderLabel }}</p>
             </template>
             <template #workspace>
                 <div>
@@ -165,16 +144,23 @@ watch(() => serviceAccountPageState.originServiceAccountItem, (item) => {
                         />
 
                         <div class="flex flex-col gap-1">
-                            <p-radio v-for="option in state.additionalOptionUiByProvider.workspaceMappingOptions"
+                            <p-radio v-for="option in state.workspaceMappingOptions"
                                      :key="option.value"
-                                     v-model="state.workspaceMapping"
                                      :value="option.value"
+                                     :selected="state.workspaceMapping"
+                                     @change="handleWorkspaceMappingChange"
                             >
-                                {{ `${option.label} ➔ ${option.value === 'multipleWorkspaces' ? 'Multiple workspaces' : 'Single Workspace'}` }}
+                                {{ `${option.label} ➔ ${(option.value === WORKSPACE_MAPPING_OPTIONS_MAP.SINGLE) ?
+                                    'Single Workspace' : 'Multiple Workspaces'}` }}
+                                <info-tooltip v-if="option.info"
+                                              :tooltip-contents="option.info"
+                                              width="0.875rem"
+                                              height="0.875rem"
+                                />
                             </p-radio>
                         </div>
                         <div>
-                            <workspace-dropdown :disabled="state.workspaceMapping !== 'singleWorkspace'"
+                            <workspace-dropdown v-if="state.workspaceMapping === WORKSPACE_MAPPING_OPTIONS_MAP.SINGLE"
                                                 :selected="state.selectedWorkspace"
                                                 class="mt-2"
                                                 @update="handleUpdateWorkspace"
@@ -207,17 +193,13 @@ watch(() => serviceAccountPageState.originServiceAccountItem, (item) => {
                                    class="mb-1"
                     />
                     <div class="flex flex-col gap-1">
-                        <p-radio v-for="option in state.additionalOptionUiByProvider.projectGroupMappingOptions"
+                        <p-radio v-for="option in state.projectGroupMappingOptions"
                                  :key="option.value"
-                                 v-model="state.projectGroupMapping"
                                  :value="option.value"
+                                 :selected="state.projectGroupMapping"
+                                 @change="handleProjectGroupMappingChange"
                         >
-                            {{ `${option.label} ➔ ${option.value === 'projectGroups' ? 'Project Groups' : 'Skip'}` }}
-                        </p-radio>
-                        <p-radio v-model="state.projectGroupMapping"
-                                 value="skip"
-                        >
-                            {{ $t('IDENTITY.SERVICE_ACCOUNT.AUTO_SYNC.SKIP_PROJECT_GROUP_MAPPING') }}
+                            {{ `${option.label} ➔ ${option.value === false ? 'Skip' : 'Project Groups'}` }}
                         </p-radio>
                     </div>
                 </div>
diff --git a/apps/web/src/services/service-account/constants/auto-sync-options-contant.ts b/apps/web/src/services/service-account/constants/auto-sync-options-contant.ts
new file mode 100644
index 0000000000..e534febdc6
--- /dev/null
+++ b/apps/web/src/services/service-account/constants/auto-sync-options-contant.ts
@@ -0,0 +1,77 @@
+
+export const WORKSPACE_MAPPING_OPTIONS_MAP = {
+    MULTI: 'multi',
+    SINGLE: 'single',
+    MULTI_MANAGEMENT_GROUP_FOR_AZURE: 'multi_management_group_for_azure', // only for Azure
+} as const;
+
+export const CSP_AUTO_SYNC_OPTIONS_MAP = {
+    aws: {
+        name: 'AWS Organization',
+        workspaceMappingOptions: [
+            {
+                label: 'Top-level Organization Units',
+                value: WORKSPACE_MAPPING_OPTIONS_MAP.MULTI,
+            },
+            {
+                label: 'AWS Organization',
+                value: WORKSPACE_MAPPING_OPTIONS_MAP.SINGLE,
+            },
+        ],
+        projectGroupMappingOptions: [
+            {
+                label: 'Nested Organization Units',
+                value: true,
+            },
+        ],
+    },
+    azure: {
+        name: 'Azure Tenant',
+        workspaceMappingOptions: [
+            {
+                label: 'Multitenant Organization',
+                value: WORKSPACE_MAPPING_OPTIONS_MAP.MULTI,
+            },
+            {
+                label: 'Azure Management Group',
+                value: WORKSPACE_MAPPING_OPTIONS_MAP.MULTI_MANAGEMENT_GROUP_FOR_AZURE,
+                info: 'This option is only available for Azure Management Group.',
+            },
+            {
+                label: 'Azure Tenant',
+                value: WORKSPACE_MAPPING_OPTIONS_MAP.SINGLE,
+            },
+        ],
+        projectGroupMappingOptions: [
+            {
+                label: 'Nested Management Groups',
+                value: true,
+            },
+        ],
+    },
+    google_cloud: {
+        name: 'Google Cloud Organization',
+        workspaceMappingOptions: [
+            {
+                label: 'Top-level Folders in Google Cloud Organization',
+                value: WORKSPACE_MAPPING_OPTIONS_MAP.MULTI,
+            },
+            {
+                label: 'Google Cloud Organization',
+                value: WORKSPACE_MAPPING_OPTIONS_MAP.SINGLE,
+            },
+        ],
+        projectGroupMappingOptions: [
+            {
+                label: 'Folders in Google Cloud Organization',
+                value: true,
+            },
+        ],
+    },
+} as const;
+
+
+export const PROJECT_GROUP_MAPPING_OPTIONS_MAP = {
+    NESTED: true,
+    SKIP: false,
+};
diff --git a/apps/web/src/services/service-account/pages/ServiceAccountAddPage.vue b/apps/web/src/services/service-account/pages/ServiceAccountAddPage.vue
index 74e86cb2f6..990c1e4c81 100644
--- a/apps/web/src/services/service-account/pages/ServiceAccountAddPage.vue
+++ b/apps/web/src/services/service-account/pages/ServiceAccountAddPage.vue
@@ -136,6 +136,7 @@ const createAccount = async (): Promise<string|undefined> => {
                 sync_options: {
                     skip_project_group: serviceAccountPageFormState.skipProjectGroup,
                     single_workspace_id: serviceAccountPageFormState.selectedSingleWorkspace ?? undefined,
+                    use_management_group_as_workspace: serviceAccountPageFormState.useManagementGroupAsWorkspace ?? undefined, // only for Azure
                 },
                 plugin_options: serviceAccountPageFormState.additionalOptions,
             });
diff --git a/apps/web/src/services/service-account/stores/service-account-page-store.ts b/apps/web/src/services/service-account/stores/service-account-page-store.ts
index 771d6d740b..a7a81a4525 100644
--- a/apps/web/src/services/service-account/stores/service-account-page-store.ts
+++ b/apps/web/src/services/service-account/stores/service-account-page-store.ts
@@ -53,7 +53,7 @@ interface State {
     costReportConfig: CostReportConfigModel|null|undefined,
 }
 
-interface FormState {
+export interface ServiceAccountStoreFormState {
     isBaseInformationFormValid: boolean;
     baseInformation: Partial<BaseInformationForm>;
     isCredentialFormValid: boolean;
@@ -62,6 +62,7 @@ interface FormState {
     isAutoSyncEnabled: boolean;
     additionalOptions: { [key: string]: any };
     selectedSingleWorkspace: string;
+    useManagementGroupAsWorkspace: boolean|undefined; // only for Azure
     skipProjectGroup: boolean;
     scheduleHours: number[];
 }
@@ -86,7 +87,7 @@ export const useServiceAccountPageStore = defineStore('page-service-account', ()
         costReportConfig: null,
     });
 
-    const formState = reactive<FormState>({
+    const formState = reactive<ServiceAccountStoreFormState>({
         // baseInformation
         isBaseInformationFormValid: true,
         baseInformation: {},
@@ -98,6 +99,7 @@ export const useServiceAccountPageStore = defineStore('page-service-account', ()
         isAutoSyncEnabled: false,
         additionalOptions: {},
         selectedSingleWorkspace: '',
+        useManagementGroupAsWorkspace: undefined, // only for Azure
         skipProjectGroup: false,
         scheduleHours: [] as number[],
     });
@@ -134,6 +136,7 @@ export const useServiceAccountPageStore = defineStore('page-service-account', ()
             formState.isAutoSyncEnabled = false;
             formState.additionalOptions = {};
             formState.selectedSingleWorkspace = '';
+            formState.useManagementGroupAsWorkspace = undefined;
             formState.skipProjectGroup = false;
             formState.scheduleHours = [];
             state.syncJobList = [];
@@ -143,6 +146,7 @@ export const useServiceAccountPageStore = defineStore('page-service-account', ()
             formState.isAutoSyncEnabled = state.originServiceAccountItem?.schedule?.state === 'ENABLED';
             formState.scheduleHours = state.originServiceAccountItem?.schedule?.hours ?? [];
             formState.selectedSingleWorkspace = state.originServiceAccountItem?.sync_options?.single_workspace_id ?? '';
+            formState.useManagementGroupAsWorkspace = state.originServiceAccountItem?.sync_options?.use_management_group_as_workspace ?? undefined;
             formState.skipProjectGroup = state.originServiceAccountItem?.sync_options?.skip_project_group ?? false;
             formState.additionalOptions = state.originServiceAccountItem?.plugin_options ?? {};
         },
@@ -184,12 +188,14 @@ export const useServiceAccountPageStore = defineStore('page-service-account', ()
             formState.scheduleHours = item?.schedule?.hours ?? [];
             formState.selectedSingleWorkspace = item?.sync_options?.single_workspace_id ?? '';
             formState.skipProjectGroup = item?.sync_options?.skip_project_group ?? false;
+            formState.useManagementGroupAsWorkspace = item?.sync_options?.use_management_group_as_workspace ?? undefined;
             formState.additionalOptions = item?.plugin_options ?? {};
         } else {
             formState.isAutoSyncEnabled = false;
             formState.scheduleHours = [];
             formState.selectedSingleWorkspace = '';
             formState.skipProjectGroup = false;
+            formState.useManagementGroupAsWorkspace = undefined;
             formState.additionalOptions = {};
         }
     });

From e46a31a4408757fad16e55bda74a5ee65b37b3f2 Mon Sep 17 00:00:00 2001
From: sulmo <sulmo@megazone.com>
Date: Thu, 10 Jul 2025 11:21:44 +0900
Subject: [PATCH 2/3] fix: fix the wrong import (#6004)

Signed-off-by: sulmo <sulmo@megazone.com>
---
 .../services/ops-flow/components/TaskCategoryDeleteModal.vue    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/web/src/services/ops-flow/components/TaskCategoryDeleteModal.vue b/apps/web/src/services/ops-flow/components/TaskCategoryDeleteModal.vue
index 8052c17270..bb9f120973 100644
--- a/apps/web/src/services/ops-flow/components/TaskCategoryDeleteModal.vue
+++ b/apps/web/src/services/ops-flow/components/TaskCategoryDeleteModal.vue
@@ -3,7 +3,7 @@ import { computed } from 'vue';
 
 import { useMutation, useQueryClient } from '@tanstack/vue-query';
 
-import { PButtonModal } from '@cloudforet/mirinae/';
+import { PButtonModal } from '@cloudforet/mirinae';
 
 import { useTaskCategoryApi } from '@/api-clients/opsflow/task-category/composables/use-task-category-api';
 import type { TaskModel } from '@/api-clients/opsflow/task/schema/model';

From f7aafbbe82526bab2f2ae4810a4b86e410fa519e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Piggy=20Park=20=28=EB=B0=95=EC=9A=A9=ED=83=9C=29?=
 <samuel.park@megazone.com>
Date: Thu, 17 Jul 2025 11:12:44 +0900
Subject: [PATCH 3/3] feat(azure-account): apply changed azure account
 workspace mapping method (#6017)

* feat(azure-account): apply changed azure account workspace mapping method

Signed-off-by: samuel.park <samuel.park@megazone.com>

* chore: apply review

Signed-off-by: samuel.park <samuel.park@megazone.com>

---------

Signed-off-by: samuel.park <samuel.park@megazone.com>
---
 .../schema/api-verbs/create.ts                |   3 +-
 .../schema/api-verbs/update.ts                |   3 +-
 .../trusted-account/schema/constant.ts        |   4 +
 .../identity/trusted-account/schema/model.ts  |   2 +
 .../identity/trusted-account/schema/type.ts   |   3 +
 .../components/ServiceAccountAutoSync.vue     |   2 +-
 .../ServiceAccountAutoSyncMappingMethod.vue   | 158 +++++++++++++-----
 .../constants/auto-sync-options-contant.ts    |  12 +-
 .../pages/ServiceAccountAddPage.vue           |   2 +-
 .../stores/service-account-page-store.ts      |  13 +-
 10 files changed, 151 insertions(+), 51 deletions(-)
 create mode 100644 apps/web/src/api-clients/identity/trusted-account/schema/constant.ts
 create mode 100644 apps/web/src/api-clients/identity/trusted-account/schema/type.ts

diff --git a/apps/web/src/api-clients/identity/trusted-account/schema/api-verbs/create.ts b/apps/web/src/api-clients/identity/trusted-account/schema/api-verbs/create.ts
index 043f6a78cd..f36dfb2066 100644
--- a/apps/web/src/api-clients/identity/trusted-account/schema/api-verbs/create.ts
+++ b/apps/web/src/api-clients/identity/trusted-account/schema/api-verbs/create.ts
@@ -1,5 +1,6 @@
 import type { Tags } from '@/api-clients/_common/schema/model';
 import type { ResourceGroupType } from '@/api-clients/_common/schema/type';
+import type { AzureManagementGroupMappingType } from '@/api-clients/identity/trusted-account/schema/type';
 
 export interface TrustedAccountCreateParameters {
     name: string;
@@ -14,7 +15,7 @@ export interface TrustedAccountCreateParameters {
     sync_options?: {
         skip_project_group: boolean;
         single_workspace_id: string;
-        use_management_group_as_workspace?: boolean; // only for Azure
+        azure_management_group_mapping_type?: AzureManagementGroupMappingType; // only for Azure
     };
     plugin_options?: Record<string, any>;
     tags?: Tags;
diff --git a/apps/web/src/api-clients/identity/trusted-account/schema/api-verbs/update.ts b/apps/web/src/api-clients/identity/trusted-account/schema/api-verbs/update.ts
index 0a72e9a2b5..42c2972d74 100644
--- a/apps/web/src/api-clients/identity/trusted-account/schema/api-verbs/update.ts
+++ b/apps/web/src/api-clients/identity/trusted-account/schema/api-verbs/update.ts
@@ -1,4 +1,5 @@
 import type { Tags } from '@/api-clients/_common/schema/model';
+import type { AzureManagementGroupMappingType } from '@/api-clients/identity/trusted-account/schema/type';
 
 export interface TrustedAccountUpdateParameters {
     trusted_account_id: string;
@@ -11,7 +12,7 @@ export interface TrustedAccountUpdateParameters {
     sync_options?: {
         skip_project_group: boolean;
         single_workspace_id: string;
-        use_management_group_as_workspace?: boolean; // only for Azure
+        azure_management_group_mapping_type?: AzureManagementGroupMappingType; // only for Azure
     };
     plugin_options?: Record<string, any>;
     tags?: Tags;
diff --git a/apps/web/src/api-clients/identity/trusted-account/schema/constant.ts b/apps/web/src/api-clients/identity/trusted-account/schema/constant.ts
new file mode 100644
index 0000000000..f4871efe58
--- /dev/null
+++ b/apps/web/src/api-clients/identity/trusted-account/schema/constant.ts
@@ -0,0 +1,4 @@
+export const AZURE_MANAGEMENT_GROUP_MAPPING_TYPE = {
+    TOP_MANAGEMENT_GROUP: 'Top Management Group',
+    LEAF_MANAGEMENT_GROUP: 'Leaf Management Group',
+} as const;
diff --git a/apps/web/src/api-clients/identity/trusted-account/schema/model.ts b/apps/web/src/api-clients/identity/trusted-account/schema/model.ts
index e8cf6ae1e3..fb312466eb 100644
--- a/apps/web/src/api-clients/identity/trusted-account/schema/model.ts
+++ b/apps/web/src/api-clients/identity/trusted-account/schema/model.ts
@@ -1,5 +1,6 @@
 import type { Tags } from '@/api-clients/_common/schema/model';
 import type { ResourceGroupType } from '@/api-clients/_common/schema/type';
+import type { AzureManagementGroupMappingType } from '@/api-clients/identity/trusted-account/schema/type';
 
 export interface TrustedAccountModel {
     trusted_account_id: string;
@@ -14,6 +15,7 @@ export interface TrustedAccountModel {
         skip_project_group: boolean;
         single_workspace_id: string;
         use_management_group_as_workspace?: boolean; // only for Azure
+        azure_management_group_mapping_type?: AzureManagementGroupMappingType; // only for Azure
     };
     plugin_options?: Record<string, any>;
     tags: Tags;
diff --git a/apps/web/src/api-clients/identity/trusted-account/schema/type.ts b/apps/web/src/api-clients/identity/trusted-account/schema/type.ts
new file mode 100644
index 0000000000..979cf9cf3b
--- /dev/null
+++ b/apps/web/src/api-clients/identity/trusted-account/schema/type.ts
@@ -0,0 +1,3 @@
+import type { AZURE_MANAGEMENT_GROUP_MAPPING_TYPE } from '@/api-clients/identity/trusted-account/schema/constant';
+
+export type AzureManagementGroupMappingType = (typeof AZURE_MANAGEMENT_GROUP_MAPPING_TYPE)[keyof typeof AZURE_MANAGEMENT_GROUP_MAPPING_TYPE];
diff --git a/apps/web/src/services/service-account/components/ServiceAccountAutoSync.vue b/apps/web/src/services/service-account/components/ServiceAccountAutoSync.vue
index 01bbb791be..b8def26780 100644
--- a/apps/web/src/services/service-account/components/ServiceAccountAutoSync.vue
+++ b/apps/web/src/services/service-account/components/ServiceAccountAutoSync.vue
@@ -77,7 +77,7 @@ const handleClickSaveButton = async () => {
             sync_options: {
                 skip_project_group: serviceAccountPageFormState.skipProjectGroup,
                 single_workspace_id: serviceAccountPageFormState.selectedSingleWorkspace ?? undefined,
-                use_management_group_as_workspace: serviceAccountPageFormState.useManagementGroupAsWorkspace ?? undefined,
+                azure_management_group_mapping_type: serviceAccountPageFormState.azureManagementGroupMappingType ?? undefined,
             },
             plugin_options: serviceAccountPageFormState.additionalOptions,
         });
diff --git a/apps/web/src/services/service-account/components/ServiceAccountAutoSyncMappingMethod.vue b/apps/web/src/services/service-account/components/ServiceAccountAutoSyncMappingMethod.vue
index 1e331e959c..6a417a3f04 100644
--- a/apps/web/src/services/service-account/components/ServiceAccountAutoSyncMappingMethod.vue
+++ b/apps/web/src/services/service-account/components/ServiceAccountAutoSyncMappingMethod.vue
@@ -5,6 +5,7 @@ import { computed, reactive, watch } from 'vue';
 import { PFieldTitle, PRadio } from '@cloudforet/mirinae';
 
 
+import type { TrustedAccountModel } from '@/api-clients/identity/trusted-account/schema/model';
 import { i18n } from '@/translations';
 
 import { useAppContextStore } from '@/store/app-context/app-context-store';
@@ -12,6 +13,7 @@ import { useUserWorkspaceStore } from '@/store/app-context/workspace/user-worksp
 
 import InfoTooltip from '@/common/components/info-tooltip/InfoTooltip.vue';
 import MappingMethod from '@/common/components/mapping-method/MappingMethod.vue';
+import type { MappingItem } from '@/common/components/mapping-method/type';
 import WorkspaceLogoIcon from '@/common/modules/navigations/top-bar/modules/top-bar-header/WorkspaceLogoIcon.vue';
 
 import WorkspaceDropdown from '@/services/service-account/components/WorkspaceDropdown.vue';
@@ -19,13 +21,15 @@ import { CSP_AUTO_SYNC_OPTIONS_MAP, WORKSPACE_MAPPING_OPTIONS_MAP } from '@/serv
 import type { ServiceAccountStoreFormState } from '@/services/service-account/stores/service-account-page-store';
 import { useServiceAccountPageStore } from '@/services/service-account/stores/service-account-page-store';
 
-type FormData = Partial<Pick<ServiceAccountStoreFormState, 'selectedSingleWorkspace' | 'skipProjectGroup' | 'useManagementGroupAsWorkspace'>>;
+type FormData = Partial<Pick<ServiceAccountStoreFormState, 'selectedSingleWorkspace' | 'skipProjectGroup' | 'azureManagementGroupMappingType'>>;
 type MappingMethodOptionType = {
     label: string;
     value: any;
     info?: string;
 };
 
+type WorkspaceMapping = (typeof WORKSPACE_MAPPING_OPTIONS_MAP)[keyof typeof WORKSPACE_MAPPING_OPTIONS_MAP];
+
 const props = withDefaults(defineProps<{mode:'UPDATE'|'READ'}>(), {
     mode: 'UPDATE',
 });
@@ -48,54 +52,138 @@ const state = reactive({
             value: false,
         },
     ]),
-    workspaceMapping: 'multi' as (typeof WORKSPACE_MAPPING_OPTIONS_MAP)[keyof typeof WORKSPACE_MAPPING_OPTIONS_MAP],
+    workspaceMapping: 'multi' as WorkspaceMapping,
+    projectGroupMappingDisabled: computed<boolean>(() => serviceAccountPageState.selectedProvider === 'azure'
+    && state.workspaceMapping === WORKSPACE_MAPPING_OPTIONS_MAP.LEAF_AZURE_MANAGEMENT_GROUP_MAPPING),
     projectGroupMapping: true as boolean,
 
-    formData: computed<FormData>(() => (state.isDomainForm ? {
-        selectedSingleWorkspace: state.workspaceMapping === WORKSPACE_MAPPING_OPTIONS_MAP.SINGLE ? state.selectedWorkspace : undefined,
-        skipProjectGroup: !state.projectGroupMapping,
-        useManagementGroupAsWorkspace: state.workspaceMapping === WORKSPACE_MAPPING_OPTIONS_MAP.MULTI_MANAGEMENT_GROUP_FOR_AZURE ? true : undefined,
-    } : {
-        skipProjectGroup: !state.projectGroupMapping,
-    })),
-
+    formData: computed<FormData>(() => convertToMappingMethodDTO(state.isDomainForm, state.workspaceMapping, state.projectGroupMapping, state.selectedWorkspace)),
     selectedWorkspaceItem: computed(() => userWorkspaceStore.getters.workspaceMap[state.selectedWorkspace] ?? {}),
     isAdminMode: computed(() => appContextStore.getters.isAdminMode),
     isResourceGroupDomain: computed(() => serviceAccountPageState.originServiceAccountItem.resource_group === 'DOMAIN'),
     isCreatePage: computed(() => serviceAccountPageState.originServiceAccountItem?.resource_group === undefined),
     isDomainForm: computed(() => (state.isCreatePage ? state.isAdminMode : state.isResourceGroupDomain)),
-    mappingItems: computed(() => (state.isDomainForm ? [
-        {
-            imageUrl: serviceAccountPageStore.getters.selectedProviderItem?.icon,
-            name: 'provider',
-        },
-        {
-            icon: 'ic_workspaces',
-            name: 'workspace',
-        },
-        {
-            icon: 'ic_document-filled',
-            name: 'project_group',
-        },
-    ] : [
-        {
-            icon: 'ic_document-filled',
-            name: 'project_group',
-        },
-    ])),
+    mappingItems: computed<MappingItem[]>(() => {
+        if (state.isDomainForm) {
+            return [
+                {
+                    imageUrl: serviceAccountPageStore.getters.selectedProviderItem?.icon,
+                    name: 'provider',
+                },
+                {
+                    icon: 'ic_workspaces',
+                    name: 'workspace',
+                },
+                {
+                    icon: 'ic_document-filled',
+                    name: 'project_group',
+                },
+            ].filter((item) => (state.projectGroupMappingDisabled ? item.name !== 'project_group' : true));
+        }
+        return [
+            {
+                icon: 'ic_document-filled',
+                name: 'project_group',
+            },
+        ];
+    }),
     selectedWorkspaceMappingOptionLabel: computed(() => CSP_AUTO_SYNC_OPTIONS_MAP[serviceAccountPageState.selectedProvider].workspaceMappingOptions
         .find((option) => (option.value === state.workspaceMapping))?.label),
     selectedProjectGroupMappingOptionLabel: computed(() => CSP_AUTO_SYNC_OPTIONS_MAP[serviceAccountPageState.selectedProvider].projectGroupMappingOptions[0].label),
 });
 
+
+/* Utils */
+/*
+* This functions are used to convert the mapping method form data to the service account form data.
+* And also, convert the service account form data to the mapping method form data.
+*
+* 1. convertToMappingMethodDTO
+* 2. convertToMappingMethodClientEntity
+*
+* Azure Account has additional mapping method options (Top Node Management Group, Leaf Node Management Group).
+*/
+const convertToMappingMethodDTO = (isDomainForm: boolean, workspaceMapping: WorkspaceMapping, projectGroupMapping: boolean, selectedWorkspace: string) => {
+    // In Workspace Tenant
+    if (!isDomainForm) {
+        return {
+            skipProjectGroup: !projectGroupMapping,
+        };
+    }
+    // In Admin Mode : Multi Workspace
+    if (workspaceMapping === WORKSPACE_MAPPING_OPTIONS_MAP.MULTI) {
+        return {
+            azureManagementGroupMappingType: undefined,
+            skipProjectGroup: !projectGroupMapping,
+            selectedSingleWorkspace: undefined,
+        };
+    }
+    // In Admin Mode : Single Workspace
+    if (workspaceMapping === WORKSPACE_MAPPING_OPTIONS_MAP.SINGLE) {
+        return {
+            skipProjectGroup: !projectGroupMapping,
+            azureManagementGroupMappingType: undefined,
+            selectedSingleWorkspace: selectedWorkspace,
+        };
+    }
+    // In Admin Mode : (Only Azure) Top Node Management Group
+    if (workspaceMapping === WORKSPACE_MAPPING_OPTIONS_MAP.TOP_AZURE_MANAGEMENT_GROUP_MAPPING) {
+        return {
+            skipProjectGroup: !projectGroupMapping,
+            azureManagementGroupMappingType: workspaceMapping,
+            selectedSingleWorkspace: undefined,
+        };
+    }
+    // In Admin Mode : (Only Azure) Leaf Node Management Group
+    if (workspaceMapping === WORKSPACE_MAPPING_OPTIONS_MAP.LEAF_AZURE_MANAGEMENT_GROUP_MAPPING) {
+        return {
+            skipProjectGroup: !projectGroupMapping,
+            azureManagementGroupMappingType: workspaceMapping,
+            selectedSingleWorkspace: undefined,
+        };
+    }
+    // default
+    return {
+        skipProjectGroup: !projectGroupMapping,
+        selectedSingleWorkspace: undefined,
+        azureManagementGroupMappingType: undefined,
+    };
+};
+const convertToMappingMethodClientEntity = (originServiceAccountItem: TrustedAccountModel) => {
+    const skipProjectGroup = originServiceAccountItem.sync_options?.skip_project_group;
+    const singleWorkspaceId = originServiceAccountItem.sync_options?.single_workspace_id;
+    const azureManagementGroupMappingType = originServiceAccountItem.sync_options?.azure_management_group_mapping_type;
+
+    // Multi Workspace
+    if (!singleWorkspaceId && !azureManagementGroupMappingType) {
+        state.workspaceMapping = WORKSPACE_MAPPING_OPTIONS_MAP.MULTI;
+        state.projectGroupMapping = !skipProjectGroup;
+    // Azure Multi Management Group Workspace
+    } else if (azureManagementGroupMappingType) {
+        state.workspaceMapping = azureManagementGroupMappingType;
+        state.projectGroupMapping = azureManagementGroupMappingType === WORKSPACE_MAPPING_OPTIONS_MAP.LEAF_AZURE_MANAGEMENT_GROUP_MAPPING ? true : !skipProjectGroup;
+    // Single Workspace
+    } else if (singleWorkspaceId) {
+        state.workspaceMapping = WORKSPACE_MAPPING_OPTIONS_MAP.SINGLE;
+        state.projectGroupMapping = !skipProjectGroup;
+    // Default (Workspace Tenant)
+    } else {
+        state.projectGroupMapping = !skipProjectGroup;
+    }
+};
+
+
+
+/* Event */
 const handleUpdateWorkspace = (workspaceId:string) => {
     serviceAccountPageStore.$patch((_state) => {
         _state.formState.selectedSingleWorkspace = workspaceId;
     });
 };
 
-const handleWorkspaceMappingChange = (value: (typeof WORKSPACE_MAPPING_OPTIONS_MAP)[keyof typeof WORKSPACE_MAPPING_OPTIONS_MAP]) => {
+const handleWorkspaceMappingChange = (value: WorkspaceMapping) => {
     state.workspaceMapping = value;
+    if (value === WORKSPACE_MAPPING_OPTIONS_MAP.LEAF_AZURE_MANAGEMENT_GROUP_MAPPING) state.projectGroupMapping = false;
 };
 
 const handleProjectGroupMappingChange = (value: boolean) => {
@@ -110,14 +198,8 @@ watch(() => state.formData, (formData) => {
 
 watch(() => serviceAccountPageState.originServiceAccountItem, (item) => {
     if (item) {
-        if (!item.sync_options?.single_workspace_id && !item.sync_options?.use_management_group_as_workspace) { // normal multi workspace case
-            state.workspaceMapping = WORKSPACE_MAPPING_OPTIONS_MAP.MULTI;
-        } else if (item.sync_options?.use_management_group_as_workspace) { // Azure multi management group workspace case
-            state.workspaceMapping = WORKSPACE_MAPPING_OPTIONS_MAP.MULTI_MANAGEMENT_GROUP_FOR_AZURE;
-        } else { // normal single workspace case
-            state.workspaceMapping = WORKSPACE_MAPPING_OPTIONS_MAP.SINGLE;
-        }
-        state.projectGroupMapping = !item.sync_options?.skip_project_group;
+        const _item = item as TrustedAccountModel;
+        convertToMappingMethodClientEntity(_item);
     }
 }, { immediate: true });
 
diff --git a/apps/web/src/services/service-account/constants/auto-sync-options-contant.ts b/apps/web/src/services/service-account/constants/auto-sync-options-contant.ts
index e534febdc6..10af18b305 100644
--- a/apps/web/src/services/service-account/constants/auto-sync-options-contant.ts
+++ b/apps/web/src/services/service-account/constants/auto-sync-options-contant.ts
@@ -1,8 +1,11 @@
+import { AZURE_MANAGEMENT_GROUP_MAPPING_TYPE } from '@/api-clients/identity/trusted-account/schema/constant';
 
 export const WORKSPACE_MAPPING_OPTIONS_MAP = {
     MULTI: 'multi',
     SINGLE: 'single',
     MULTI_MANAGEMENT_GROUP_FOR_AZURE: 'multi_management_group_for_azure', // only for Azure
+    TOP_AZURE_MANAGEMENT_GROUP_MAPPING: AZURE_MANAGEMENT_GROUP_MAPPING_TYPE.TOP_MANAGEMENT_GROUP, // only for Azure
+    LEAF_AZURE_MANAGEMENT_GROUP_MAPPING: AZURE_MANAGEMENT_GROUP_MAPPING_TYPE.LEAF_MANAGEMENT_GROUP, // only for Azure
 } as const;
 
 export const CSP_AUTO_SYNC_OPTIONS_MAP = {
@@ -33,9 +36,12 @@ export const CSP_AUTO_SYNC_OPTIONS_MAP = {
                 value: WORKSPACE_MAPPING_OPTIONS_MAP.MULTI,
             },
             {
-                label: 'Azure Management Group',
-                value: WORKSPACE_MAPPING_OPTIONS_MAP.MULTI_MANAGEMENT_GROUP_FOR_AZURE,
-                info: 'This option is only available for Azure Management Group.',
+                label: 'Azure Management Group (Top-level)',
+                value: WORKSPACE_MAPPING_OPTIONS_MAP.TOP_AZURE_MANAGEMENT_GROUP_MAPPING,
+            },
+            {
+                label: 'Azure Management Group (Leaf-level)',
+                value: WORKSPACE_MAPPING_OPTIONS_MAP.LEAF_AZURE_MANAGEMENT_GROUP_MAPPING,
             },
             {
                 label: 'Azure Tenant',
diff --git a/apps/web/src/services/service-account/pages/ServiceAccountAddPage.vue b/apps/web/src/services/service-account/pages/ServiceAccountAddPage.vue
index 990c1e4c81..ca60fedb66 100644
--- a/apps/web/src/services/service-account/pages/ServiceAccountAddPage.vue
+++ b/apps/web/src/services/service-account/pages/ServiceAccountAddPage.vue
@@ -136,7 +136,7 @@ const createAccount = async (): Promise<string|undefined> => {
                 sync_options: {
                     skip_project_group: serviceAccountPageFormState.skipProjectGroup,
                     single_workspace_id: serviceAccountPageFormState.selectedSingleWorkspace ?? undefined,
-                    use_management_group_as_workspace: serviceAccountPageFormState.useManagementGroupAsWorkspace ?? undefined, // only for Azure
+                    azure_management_group_mapping_type: serviceAccountPageFormState.azureManagementGroupMappingType ?? undefined, // only for Azure
                 },
                 plugin_options: serviceAccountPageFormState.additionalOptions,
             });
diff --git a/apps/web/src/services/service-account/stores/service-account-page-store.ts b/apps/web/src/services/service-account/stores/service-account-page-store.ts
index a7a81a4525..c49b29a6b4 100644
--- a/apps/web/src/services/service-account/stores/service-account-page-store.ts
+++ b/apps/web/src/services/service-account/stores/service-account-page-store.ts
@@ -16,6 +16,7 @@ import { ACCOUNT_TYPE } from '@/api-clients/identity/service-account/schema/cons
 import type { ServiceAccountModel } from '@/api-clients/identity/service-account/schema/model';
 import type { AccountType } from '@/api-clients/identity/service-account/schema/type';
 import type { TrustedAccountModel } from '@/api-clients/identity/trusted-account/schema/model';
+import type { AzureManagementGroupMappingType } from '@/api-clients/identity/trusted-account/schema/type';
 
 import { useAppContextStore } from '@/store/app-context/app-context-store';
 import type { Currency } from '@/store/display/type';
@@ -62,7 +63,7 @@ export interface ServiceAccountStoreFormState {
     isAutoSyncEnabled: boolean;
     additionalOptions: { [key: string]: any };
     selectedSingleWorkspace: string;
-    useManagementGroupAsWorkspace: boolean|undefined; // only for Azure
+    azureManagementGroupMappingType: AzureManagementGroupMappingType|undefined; // only for Azure
     skipProjectGroup: boolean;
     scheduleHours: number[];
 }
@@ -99,7 +100,7 @@ export const useServiceAccountPageStore = defineStore('page-service-account', ()
         isAutoSyncEnabled: false,
         additionalOptions: {},
         selectedSingleWorkspace: '',
-        useManagementGroupAsWorkspace: undefined, // only for Azure
+        azureManagementGroupMappingType: undefined, // only for Azure
         skipProjectGroup: false,
         scheduleHours: [] as number[],
     });
@@ -136,7 +137,7 @@ export const useServiceAccountPageStore = defineStore('page-service-account', ()
             formState.isAutoSyncEnabled = false;
             formState.additionalOptions = {};
             formState.selectedSingleWorkspace = '';
-            formState.useManagementGroupAsWorkspace = undefined;
+            formState.azureManagementGroupMappingType = undefined;
             formState.skipProjectGroup = false;
             formState.scheduleHours = [];
             state.syncJobList = [];
@@ -146,7 +147,7 @@ export const useServiceAccountPageStore = defineStore('page-service-account', ()
             formState.isAutoSyncEnabled = state.originServiceAccountItem?.schedule?.state === 'ENABLED';
             formState.scheduleHours = state.originServiceAccountItem?.schedule?.hours ?? [];
             formState.selectedSingleWorkspace = state.originServiceAccountItem?.sync_options?.single_workspace_id ?? '';
-            formState.useManagementGroupAsWorkspace = state.originServiceAccountItem?.sync_options?.use_management_group_as_workspace ?? undefined;
+            formState.azureManagementGroupMappingType = state.originServiceAccountItem?.sync_options?.azure_management_group_mapping_type ?? undefined;
             formState.skipProjectGroup = state.originServiceAccountItem?.sync_options?.skip_project_group ?? false;
             formState.additionalOptions = state.originServiceAccountItem?.plugin_options ?? {};
         },
@@ -188,14 +189,14 @@ export const useServiceAccountPageStore = defineStore('page-service-account', ()
             formState.scheduleHours = item?.schedule?.hours ?? [];
             formState.selectedSingleWorkspace = item?.sync_options?.single_workspace_id ?? '';
             formState.skipProjectGroup = item?.sync_options?.skip_project_group ?? false;
-            formState.useManagementGroupAsWorkspace = item?.sync_options?.use_management_group_as_workspace ?? undefined;
+            formState.azureManagementGroupMappingType = item?.sync_options?.azure_management_group_mapping_type ?? undefined;
             formState.additionalOptions = item?.plugin_options ?? {};
         } else {
             formState.isAutoSyncEnabled = false;
             formState.scheduleHours = [];
             formState.selectedSingleWorkspace = '';
             formState.skipProjectGroup = false;
-            formState.useManagementGroupAsWorkspace = undefined;
+            formState.azureManagementGroupMappingType = undefined;
             formState.additionalOptions = {};
         }
     });