terraform-provider-okta icon indicating copy to clipboard operation
terraform-provider-okta copied to clipboard

Published 20 hours ago verified publisher icon okta

Support for enabling oAuth provisioning for org2org

Open slichtenthal opened this issue 2 years ago • 2 comments

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

As documented on the following page: https://developer.okta.com/docs/guides/secure-oauth-between-orgs/main/#enable-provisioning-in-the-org2org-app, it is possible to enabling provisioning across two okta instances via oauth instead of an api key by making the following API call: POST /api/v1/apps/${Org2OrgAppId}/connections/default?activate=TRUE. Ideally this feature could be added into terraform as well so not a manual step.

New or Affected Resource(s)

  • okta_app_provisioning_oauth

or

  • okta_app_*

Potential Terraform Configuration

resource "okta_app_provisioning_oauth" "oauth_provisioning_of_org2org" {
   application_id: ${okta_app_saml.org2org}.id
   client_id: "[client id from service app]"
}

or

resource "okta_app_saml" "hub_to_spoke_org2org" {
  label = "Org2Org from TF"
  preconfigured_app = "okta_org2org"
  status = "ACTIVE"
  oauth_provisioning_client_id: "[client id from service app]"
}
  • #0000

slichtenthal avatar Jun 22 '22 19:06 slichtenthal

Thanks @slichtenthal . We need to finish the or2org funtionality and your config suggestions look good to me.

monde avatar Jun 22 '22 21:06 monde

Thanks! FWIW I’m not sure if this is specific to org2org as the API call makes it look like it could work for any generic app where okta can provision users.

slichtenthal avatar Jun 22 '22 21:06 slichtenthal

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days

github-actions[bot] avatar Oct 21 '22 00:10 github-actions[bot]

Peeling off the stale lable.

monde avatar Oct 24 '22 18:10 monde

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days

github-actions[bot] avatar Jan 03 '23 00:01 github-actions[bot]

@monde any chance of reviving this? I didn't realise this feature even existed, but the ability to configure Org2Org provisioning with OAuth via Terraform would be super useful, and much more robust than just scripting up something against the API

GraemeMeyerGT avatar Feb 06 '24 18:02 GraemeMeyerGT