terraform-provider-okta
terraform-provider-okta copied to clipboard
okta
`otka_user / okta_user_type`: Ability to create a new user as the defined user type.
Community Note
- Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
Description
This appears to be a new feature or possibly some confusion regarding the profile metadata field user_id.
The impression from the included example is that assigning the user_id with the okta_user_type.<example>.id would trigger the custom non-default user creation process.
However, it uses the User (default) type, and assignes the user_type.id to the metadata of the user profile.
Example of the api call, in refs.
resource "okta_user_type" "custom_user_type" {
name = "testAcc_replace_with_uuid"
display_name = "testAcc_replace_with_uuid"
description = "Terraform Acceptance Test Schema User Type"
}
resource "okta_user_schema_property" "testAcc_replace_with_uuid" {
index = "testAcc_replace_with_uuid"
title = "terraform acceptance test"
type = "string"
description = "terraform acceptance test"
user_type = okta_user_type.custom_user_type.id
required = false
}
New or Affected Resource(s)
- okta_user
Potential Terraform Configuration
resource "okta_user_schema_property" "testAcc_replace_with_uuid" {
as_user_type {
id = okta_user_type.custom_user_type.id
}
index = "testAcc_replace_with_uuid"
title = "terraform acceptance test"
type = "string"
description = "terraform acceptance test"
user_type = okta_user_type.custom_user_type.id
required = false
}
References
https://developer.okta.com/docs/reference/api/users/#create-user-with-non-default-user-type
https://developer.okta.com/docs/reference/api/user-types/#example
Thought this was interesting
Creates a new User Type. A default User Type is automatically created with your org, and you can add another nine User Types for a maximum of 10.
Okta periodically updates the default schema template used for new orgs. New User Types are based on the most up-to-date template. This means the properties that a new User Type is initialized with aren't necessarily the same properties that your default type received.
Note: If you modified your default schema, those changes won't propagate into this new User Type.
Was about to submit a bug ticket, but found this.
Definitely confusing. My first impression was that I could pass an okta_user_type to the user_type field on an okta_user. Something like this:
resource "okta_user_type" "test" {
name = "test"
display_name = "test"
description = "Testing"
}
resource "okta_user" "test" {
first_name = "Test"
last_name = "Man"
login = "[email protected]"
email = "[email protected]"
user_type = okta_user_type.test.id
}
But that just updates the profile.userType attribute on the user w/ the okta_user_type's id string.
Would be great to be able to configure user type for an okta_user.
This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
@monde Do you have an okta internal reference ID for this issue? This seems to be open for almost a year now.
Did some triaging on this, and it looks like this needs a public api update
https://developer.okta.com/docs/reference/api/users/#update-user
Note: Currently, the User Type of a user can only be changed via a full replacement PUT operation. If the request parameters of a partial update include the type element from the [User object](https://developer.okta.com/docs/reference/api/users/#user-object), the value must match the existing type of the user. Only administrators are permitted to change the user type of a user; end users are not allowed to change their own user type.
Thanks for running down those details @pljeskavica Okta internal reference: https://oktainc.atlassian.net/browse/OKTA-549197
This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days
This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days
Right now, the type attribute is not implemented for the okta_user resource.
Likewise, I too made the mistake of trying the default field user_type.
Until this is implemented, the workaround is as follows:
- Create the new user account and profile using the
okta_userandokta_user_typeresources. - Using the Okta UI, press the
changebutton on the user's profile - Select the desired
custom user type
I have not tested if Terraform will error out if you try to add custom attributes to the okta_user resource after the type is changed.
This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days