terraform-provider-okta icon indicating copy to clipboard operation
terraform-provider-okta copied to clipboard

Published 20 hours ago verified publisher icon okta

Feature Req: Add support for dynamic IdP routing rules

Open sgal-dm opened this issue 1 year ago • 7 comments

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Add support for dynamic IdP routing rules. The existing behavior is the provider can only manage specific IdP routing rules, it doesn't appear to monitor the API attributes involved in specifying specific vs dynamic, as a rule can be manually changed to dynamic in the admin console without those changes showing up on plan/apply operations.

New or Affected Resource(s)

  • okta_policy_rule_idp_discovery
    • Potential New Attributes:
      • selection_type
        • string with a default value of SPECIFIC so existing code for specific rules is unaffected.
        • Maps to actions.idp.idpSelectionType in the API data structure.
      • provider_expression
        • string with a default value of null.
        • Maps to actions.idp.matchCriteria.providerExpression in the API data structure.

Potential Terraform Configuration

data "okta_policy" "idp_discovery_policy" {
  name = "Idp Discovery Policy"
  type = "IDP_DISCOVERY"
}

resource "okta_policy_rule_idp_discovery" "example" {
  policy_id                 = data.okta_policy.idp_discovery_policy.id
  name                      = "Select IdP by login domain"
  selection_type            = "DYNAMIC"
  provider_expression       = "login.identifier.substringAfter('@')" 
  network_connection        = "ANYWHERE"
  priority                  = 1
  status                    = "ACTIVE"
  user_identifier_type      = "ATTRIBUTE"
  user_identifier_attribute = "company"
  user_identifier_patterns {
    match_type = "EQUALS"
    value      = "ACME"
  }

References

sgal-dm avatar Apr 18 '23 13:04 sgal-dm

Thanks @sgal-dm . We'll have to investigate and prioritize this onto our 4.1 and/or 5.0 release plans. Okta internal reference: https://oktainc.atlassian.net/browse/OKTA-601942

monde avatar Apr 18 '23 15:04 monde

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days

github-actions[bot] avatar Jun 18 '23 00:06 github-actions[bot]

Not stale.

sgal-dm avatar Jun 20 '23 17:06 sgal-dm

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days

github-actions[bot] avatar Aug 21 '23 00:08 github-actions[bot]

Not stale

sgal-dm avatar Aug 21 '23 12:08 sgal-dm

@sgal-dm I have the PR ready but it will be a breaking change so it will have to wait for v5

duytiennguyen-okta avatar Nov 22 '23 17:11 duytiennguyen-okta

Awesome thanks for the update and the work @duytiennguyen-okta!

sgal-dm avatar Nov 22 '23 20:11 sgal-dm