terraform-provider-okta icon indicating copy to clipboard operation
terraform-provider-okta copied to clipboard

Published 20 hours ago verified publisher icon okta

New AWS Account Federation App resource

Open xiaoweiwu12701 opened this issue 2 years ago • 3 comments

I am trying to create an AWS Account Federation app and maintain it via terraform. I use the okta_app_saml with preconfigured_app = amazon_aws. Compared to the manual creating the app, I haven't been able to find the following configurations, and all are under the Sign-on tab.

  • "Identity Provider ARN (Required only for SAML SSO)"
  • "Application username format" under "Credentials Details" block

https://github.com/okta/terraform-provider-okta/blob/master/examples/okta_app_saml/user_groups.tf The above code example does show many configuration items. But it's unclear whether the two I am looking for are available.

xiaoweiwu12701 avatar Sep 13 '22 21:09 xiaoweiwu12701

@xiaoweiwu12701 we don't have an AWS Federation App yet, and as you point out, the generic okta_app_saml resource doesn't expose all of the properties of an AWS Federation App.

monde avatar Sep 13 '22 21:09 monde

Okta internal ref: https://oktainc.atlassian.net/browse/OKTA-534249

monde avatar Sep 20 '22 18:09 monde

Not seeing AWS Account Federation app listed in the public API at the present time https://developer.okta.com/docs/reference/api/apps/

monde avatar Sep 20 '22 18:09 monde

thanks @monde for looking into this, looking forward to have this implemented as we use this extensively but would really like to manage this via terraform from now

narapon avatar Nov 16 '22 08:11 narapon

@xiaoweiwu12701 we don't have an AWS Federation App yet, and as you point out, the generic okta_app_saml resource doesn't expose all of the properties of an AWS Federation App.

will be happy to just use the generic okta_app_saml as long as it exposes all the properties of an AWS Federation App when your public API supports it :)

narapon avatar Nov 16 '22 08:11 narapon

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days

github-actions[bot] avatar Jan 29 '23 00:01 github-actions[bot]

Was there any update on if the aws federation app created?

xiaoweiwu12701 avatar Jan 30 '23 14:01 xiaoweiwu12701

@xiaoweiwu12701 our team has a meeting tomorrow and I'll see if I can get some feedback then and report back here. The desire is to get Okta's API to have a generic interface for all of the OIN apps. But as it stands now each is a bit of a snowflake. That makes it tedious to onboard each new app into the API and in turn to downstream consumers like our language SDKs and this TF provider.

monde avatar Jan 30 '23 17:01 monde

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days

github-actions[bot] avatar Apr 01 '23 00:04 github-actions[bot]

@monde update from your last internal meeting?

xiaoweiwu12701 avatar Apr 01 '23 14:04 xiaoweiwu12701

Hi @xiaoweiwu12701 , @albertchen-okta is our PM leading getting full OIN support into the Okta API which we'll consume in the Terraform provider. I know his team has plans for that this year but I'll leave it to him to elaborate. cc/ @jefftaylor-okta

monde avatar Apr 01 '23 16:04 monde