Service Principal Login without subscription

I set up a Gitlab CI/CD pipeline for 2 Azure AD tenants (we can call them prod and dev). The remote state file backend is configured as azurerm with a subscription associated with the prod tenant. The azure ad tenants are using a service principal and secret for their provider config.

Using Gitlab environment variables, I configured ARM_CLIENT_ID, ARM_CLIENT_SECRET, and
ARM_TENANT_ID for the dev tenant. However, when the pipeline runs, I get a A Subscription ID must be configured when authenticating as a Service Principal using a Client Secret. error. The docs do not say this is required, and in fact our dev tenant has no subscriptions associated with it.

I suspect the only way around this is to create a subscription, storage account, and remote state associated with the development tenant. Is this correct?