terraform-provider-okta icon indicating copy to clipboard operation
terraform-provider-okta copied to clipboard

Published 20 hours ago verified publisher icon okta

Support for Identity Engine (authenitcation policies and rules)

Open mcrobbj-SilverBullet opened this issue 2 years ago • 5 comments

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

https://developer.okta.com/docs/reference/api/policy/#profile-enrollment-policy this is required to support the example https://developer.okta.com/docs/guides/telephony-inline-hook/nodejs/main/#create-a-group-and-add-a-user where Twilio is used to send SMS using an inline hook

New or Affected Resource(s)

  • okta_XXXXX

Potential Terraform Configuration

# Copy-paste your Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key.

References

  • #0000

mcrobbj-SilverBullet avatar May 23 '22 21:05 mcrobbj-SilverBullet

#1025 exists for updating the app signon policies to support assiciation with apps policy_profile_enrollment and policy_profile_enrollment_apps might be what you're after for your related links

exitcode0 avatar May 23 '22 22:05 exitcode0

We have policy_profile_enrollment "This resource allows you to create and configure a Profile Enrollment Policy." https://registry.terraform.io/providers/okta/okta/latest/docs/resources/policy_profile_enrollment and policy_profile_enrollment_apps "This resource allows you to manage the apps in the Profile Enrollment Policy. " https://registry.terraform.io/providers/okta/okta/latest/docs/resources/policy_profile_enrollment_apps

And the missing support for com.okta.telephony.provider hook #1132 is going to be released tomorrow.

monde avatar May 23 '22 22:05 monde

I think what you suggested covers the policy but not the rule, here are some of the details in the rule that I dont see covered:

rulename usertype ( with conditional list is selected ["user"] groupMemberships (inclusion and exclusion groups) Users ( list of users) devicePlatform ( with conditional list is selected ["ios","android", "windows", "macos"] UsersIP Risk CustomExpression Access is (( denied, allowed) Authenticatewith PossessionFactorConstraint (Phising, Hardware, Device) PasswordReauthFrequency OtherFactorReauthFrequency

On Mon, 23 May 2022 at 23:58, Mike Mondragon @.***> wrote:

We have policy_profile_enrollment "This resource allows you to create and configure a Profile Enrollment Policy." https://registry.terraform.io/providers/okta/okta/latest/docs/resources/policy_profile_enrollment and policy_profile_enrollment_apps "This resource allows you to manage the apps in the Profile Enrollment Policy. " https://registry.terraform.io/providers/okta/okta/latest/docs/resources/policy_profile_enrollment_apps

And the missing support for com.okta.telephony.provider hook #1132 https://github.com/okta/terraform-provider-okta/pull/1132 is going to be released tomorrow.

— Reply to this email directly, view it on GitHub https://github.com/okta/terraform-provider-okta/issues/1135#issuecomment-1135215399, or unsubscribe https://github.com/notifications/unsubscribe-auth/APESDQZBZHIWYVBNSMORVTDVLQEQ5ANCNFSM5WXFYOXA . You are receiving this because you authored the thread.Message ID: @.***>

mcrobbj-SilverBullet avatar May 24 '22 07:05 mcrobbj-SilverBullet

got it @mcrobbj-SilverBullet , I'll keep this open and come back around to it

monde avatar May 24 '22 18:05 monde

Reviving that but for a request to add the "Assign an application to a specific policy" https://developer.okta.com/docs/reference/api/apps/#update-application-policy

Should be quite straight-forward with that function: https://github.com/okta/okta-sdk-golang/blob/master/okta/application.go#L849-L865

Available since okta-sdk-golang 2.12

procule avatar Jul 04 '22 16:07 procule

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days

github-actions[bot] avatar Oct 24 '22 00:10 github-actions[bot]

Grouping this with the "policy" related work we'd like to address in a sprint.

monde avatar Oct 24 '22 18:10 monde

Grouping this with the "policy" related work we'd like to address in a sprint.

@monde Wasn't it added here ? https://github.com/okta/terraform-provider-okta/commit/ab97160e85a95c00582edd61a9c757089f7f3c6a

procule avatar Oct 24 '22 18:10 procule

Okta internal reference: https://oktainc.atlassian.net/browse/OKTA-544438

monde avatar Oct 25 '22 16:10 monde

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days

github-actions[bot] avatar Jan 06 '23 00:01 github-actions[bot]