diff --git a/README.md b/README.md
index 2b43378..adf482a 100644
--- a/README.md
+++ b/README.md
@@ -38,8 +38,7 @@ No modules.
 | [vault_approle_auth_backend_role_secret_id.tenant_admin](https://registry.terraform.io/providers/hashicorp/vault/latest/docs/resources/approle_auth_backend_role_secret_id) | resource |
 | [vault_auth_backend.approle](https://registry.terraform.io/providers/hashicorp/vault/latest/docs/resources/auth_backend) | resource |
 | [vault_identity_entity.extra_roles](https://registry.terraform.io/providers/hashicorp/vault/latest/docs/resources/identity_entity) | resource |
-| [vault_identity_entity.tenant_admin](https://registry.terraform.io/providers/hashicorp/vault/latest/docs/resources/identity_entity) | resource |
-| [vault_identity_group.tenant_group](https://registry.terraform.io/providers/hashicorp/vault/latest/docs/resources/identity_group) | resource |
+| [vault_identity_group.this](https://registry.terraform.io/providers/hashicorp/vault/latest/docs/resources/identity_group) | resource |
 | [vault_identity_group_alias.this](https://registry.terraform.io/providers/hashicorp/vault/latest/docs/resources/identity_group_alias) | resource |
 | [vault_policy.extra_policies](https://registry.terraform.io/providers/hashicorp/vault/latest/docs/resources/policy) | resource |
 | [vault_policy.tenant_admin](https://registry.terraform.io/providers/hashicorp/vault/latest/docs/resources/policy) | resource |
diff --git a/admin_role.tf b/admin_role.tf
index cbbd489..95169e4 100644
--- a/admin_role.tf
+++ b/admin_role.tf
@@ -12,19 +12,6 @@ resource "vault_approle_auth_backend_role_secret_id" "tenant_admin" {
   secret_id = random_uuid.tenant_admin_secret_id.result
 }
 
-resource "vault_identity_group" "tenant_group" {
-  name = var.tenant_name
-  type = "internal"
-}
-
-resource "vault_identity_entity" "tenant_admin" {
-  name = "${var.tenant_prefix}-admin"
-  metadata = {
-    tenant = var.tenant_name
-    prefix = var.tenant_prefix
-  }
-}
-
 resource "vault_policy" "tenant_admin" {
   name   = "${var.tenant_name}-admin"
   policy = var.tenant_admin_policy_file == null ? templatefile("${path.module}/policies/tenant-admins.policy.hcl", { tenant_prefix = var.tenant_prefix }) : file(var.tenant_admin_policy_file)
diff --git a/approle_auth.tf b/approle_auth.tf
index 0ca47c9..cb28e2b 100644
--- a/approle_auth.tf
+++ b/approle_auth.tf
@@ -7,6 +7,15 @@ resource "vault_auth_backend" "approle" {
   }
 }
 
+resource "vault_identity_group" "this" {
+  name = var.tenant_name
+  type = "internal"
+  metadata = {
+    tenant = var.tenant_name
+    prefix = var.tenant_prefix
+  }
+}
+
 resource "vault_identity_group_alias" "this" {
   name           = var.tenant_name
   mount_accessor = vault_auth_backend.approle.accessor