### Example Usage Source: https://github.com/okta/terraform-provider-okta/blob/master/docs/data-sources/user_profile_mapping_source.md Example of how to use the okta_user_profile_mapping_source data source in Terraform. ```terraform data "okta_user_profile_mapping_source" "example" {} ``` -------------------------------- ### Install Tools Source: https://github.com/okta/terraform-provider-okta/blob/master/README.md Installs the necessary tools for developing the Okta Terraform provider. ```sh $ make tools ``` -------------------------------- ### Basic CAPTCHA Configuration Example Source: https://github.com/okta/terraform-provider-okta/blob/master/examples/resources/okta_captcha/README.md An example Terraform configuration for setting up a basic CAPTCHA resource in Okta. ```terraform # Example of a CAPTCHA configuration # resource "okta_captcha" "example" { # status = "ACTIVE" # } ``` -------------------------------- ### Example Okta SAML App Settings Configuration Source: https://github.com/okta/terraform-provider-okta/blob/master/examples/resources/okta_app_saml_app_settings/README.md An example Terraform configuration for setting up Okta SAML Application settings. ```terraform # Example can be found here: ./preconfigured.tf ``` -------------------------------- ### Basic Secure Password Store Application Example Source: https://github.com/okta/terraform-provider-okta/blob/master/examples/resources/okta_app_secure_password_store/README.md A simple Terraform configuration example for creating a Secure Password Store Okta Application. ```terraform # This is a placeholder for the actual Terraform code. # Please refer to the project's examples for a complete configuration. # Example: https://github.com/okta/terraform-provider-okta/blob/master/examples/okta/resources/okta_app_secure_password_store/basic.tf ``` -------------------------------- ### Simple Sign-On Policy Example Source: https://github.com/okta/terraform-provider-okta/blob/master/examples/resources/okta_policy_signon/README.md An example demonstrating the creation of a basic Okta Sign On Policy using Terraform. This snippet illustrates how to define and apply a simple sign-on policy. ```terraform # Example of a simple sign-on policy can be found here: ./basic.tf ``` -------------------------------- ### Okta Organization Configuration Example Source: https://github.com/okta/terraform-provider-okta/blob/master/docs/resources/org_configuration.md This example demonstrates how to configure Okta organization settings using the `okta_org_configuration` resource. It sets the company name and website for the organization. ```terraform resource "okta_org_configuration" "example" { company_name = "Umbrella Corporation" website = "https://terraform.io" } ``` -------------------------------- ### Terraform Provider Block Example Source: https://github.com/okta/terraform-provider-okta/blob/master/templates/index.md Example of how to configure the Okta provider in a Terraform configuration. ```terraform provider "okta" { org_name = "your-okta-org-name" base_url = "your-okta-domain.oktapreview.com" api_token = "your-okta-api-token" # Or use OAuth 2.0 authentication: # client_id = "your-client-id" # private_key = "-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----" # scopes = "okta.users.manage,okta.groups.manage" # Rate limiting configuration (optional) # backoff = true # min_wait_seconds = 10 # max_wait_seconds = 60 # max_retries = 3 # request_timeout = 60 # max_api_capacity = 50 } ``` -------------------------------- ### Basic Okta Password Policy Example Source: https://github.com/okta/terraform-provider-okta/blob/master/examples/resources/okta_policy_password/README.md An example of how to configure a simple password policy using the okta_policy_password resource in Terraform. ```terraform resource "okta_policy_password" "example" { name = "example-password-policy" description = "Example password policy" priority = 1 status = "ACTIVE" # Password settings # ... other password settings ... # Profile enrollment settings # ... profile enrollment settings ... } ``` -------------------------------- ### Okta Behavior Data Source Example Source: https://github.com/okta/terraform-provider-okta/blob/master/docs/data-sources/behavior.md This example demonstrates how to use the `okta_behavior` data source to fetch an Okta behavior configuration using its label. ```terraform data "okta_behavior" "example" { label = "New City" } ``` -------------------------------- ### Okta Admin Role Targets Example Source: https://github.com/okta/terraform-provider-okta/blob/master/docs/resources/admin_role_targets.md Example of how to configure the okta_admin_role_targets resource to assign application administration permissions to a user. ```terraform resource "okta_admin_role_targets" "example" { user_id = "" role_type = "APP_ADMIN" apps = ["oidc_client.", "facebook"] } ``` -------------------------------- ### Basic Okta Org-wide CAPTCHA Settings Example Source: https://github.com/okta/terraform-provider-okta/blob/master/examples/resources/okta_captcha_org_wide_settings/README.md A basic Terraform configuration example for setting up organization-wide CAPTCHA settings in Okta. ```terraform resource "okta_captcha_org_wide_settings" "example" { status = "ENABLED" automation { enabled = true refresh_threshold = 5 } } ``` -------------------------------- ### Terraform Okta User Admin Roles Example Source: https://github.com/okta/terraform-provider-okta/blob/master/docs/resources/user_admin_roles.md Example Terraform configuration to create an Okta user and assign administrator roles to them. It demonstrates the usage of the `okta_user` and `okta_user_admin_roles` resources. ```terraform resource "okta_user" "test" { first_name = "TestAcc" last_name = "Smith" login = "testAcc-replace_with_uuid@example.com" email = "testAcc-replace_with_uuid@example.com" } resource "okta_user_admin_roles" "test" { user_id = okta_user.test.id admin_roles = [ "APP_ADMIN", ] } ``` -------------------------------- ### Simple Sign-On Policy Rule Example Source: https://github.com/okta/terraform-provider-okta/blob/master/examples/resources/okta_policy_rule_signon/README.md An example of how to define a basic Okta Sign On Policy Rule using Terraform. This snippet demonstrates the resource configuration and its essential arguments. ```terraform resource "okta_policy_rule_signon" "example" { name = "Example Rule" priority = 1 status = "ACTIVE" policy_id = okta_policy.example.id conditions { auth_type = "ANY" } actions { signon { success_action = "ALLOW" } } } ``` -------------------------------- ### Okta Terraform Configuration Example Source: https://github.com/okta/terraform-provider-okta/blob/master/examples/README.md Example of using Okta OIDC application with a Cognito ID Provider to provide serverless SPA access to AWS resources. ```terraform # Example Stacks # Okta and Cognito # Example of using Okta OIDC application with a Cognito ID Provider to # provide a serverless SPA access to AWS resources. # See: ./oidc-cognito-stack.tf ``` -------------------------------- ### Okta Behaviors Data Source Example Source: https://github.com/okta/terraform-provider-okta/blob/master/docs/data-sources/behaviors.md Example usage of the `okta_behaviors` data source in Terraform to fetch behaviors matching a search query. ```terraform data "okta_behaviors" "example" { q = "New" } ``` -------------------------------- ### Terraform Okta MFA Policy Examples Source: https://github.com/okta/terraform-provider-okta/blob/master/docs/resources/policy_mfa.md Demonstrates how to configure Okta MFA policies using Terraform, including examples for Okta Classic and OIE with different authenticator types and group assignments. ```terraform resource "okta_policy_mfa" "classic_example" { name = "MFA Policy Classic" status = "ACTIVE" description = "Example MFA policy using Okta Classic engine with factors." is_oie = false okta_password = { enroll = "REQUIRED" } okta_otp = { enroll = "REQUIRED" } groups_included = ["${data.okta_group.everyone.id}"] } resource "okta_policy_mfa" "oie_example" { name = "MFA Policy OIE" status = "ACTIVE" description = "Example MFA policy that uses Okta Identity Engine (OIE) with authenticators" is_oie = true okta_password = { enroll = "REQUIRED" } # The following authenticator can only be used when `is_oie` is set to true okta_verify = { enroll = "REQUIRED" } groups_included = ["${data.okta_group.everyone.id}"] } // policy_mfa that support multiple external_idps resource "okta_policy_mfa" "oie_example" { name = "MFA Policy OIE" status = "ACTIVE" description = "Example MFA policy that uses Okta Identity Engine (OIE) with authenticators" is_oie = true okta_email = { enroll = "REQUIRED" } google_otp = { enroll = "REQUIRED" } external_idps = [ { "enroll" : "OPTIONAL", "id" : "id1", }, { "enroll" : "NOT_ALLOWED", "id" : "id2", } ] groups_included = ["${data.okta_group.everyone.id}"] } ``` -------------------------------- ### Basic Okta Link Value Terraform Example Source: https://github.com/okta/terraform-provider-okta/blob/master/examples/resources/okta_link_value/README.md A simple Terraform configuration demonstrating how to define and manage an Okta link value resource. This example shows the basic structure for creating a user relationship. ```terraform resource "okta_link_value" "example" { link_name = "friend" user_id = okta_user.example.id linked_user_id = okta_user.another.id } resource "okta_user" "example" { first_name = "John" last_name = "Doe" email = "john.doe@example.com" login = "john.doe@example.com" } resource "okta_user" "another" { first_name = "Jane" last_name = "Doe" email = "jane.doe@example.com" login = "jane.doe@example.com" } ``` -------------------------------- ### Terraform okta_link_value Resource Example Source: https://github.com/okta/terraform-provider-okta/blob/master/docs/resources/link_value.md This example demonstrates how to define a link relationship between users using the okta_link_definition and okta_link_value resources in Terraform. It includes creating primary and associated users and then linking them. ```terraform resource "okta_link_definition" "padishah" { primary_name = "emperor" primary_title = "Emperor" primary_description = "Hereditary ruler of the Imperium and the Known Universe" associated_name = "sardaukar" associated_title = "Sardaukar" associated_description = "Elite military force member" } resource "okta_user" "emperor" { first_name = "Shaddam" last_name = "Corrino IV" login = "shaddam.corrino.iv@salusa-secundus.planet" email = "shaddam.corrino.iv@salusa-secundus.planet" } resource "okta_user" "sardaukars" { count = 5 first_name = "Amrit" last_name = "Sardaukar_${count.index}" login = "amritsardaukar_${count.index}@salusa-secundus.planet" email = "amritsardaukar_${count.index}@salusa-secundus.planet" } resource "okta_link_value" "example" { primary_name = okta_link_definition.padishah.primary_name primary_user_id = okta_user.emperor.id associated_user_ids = [ okta_user.sardaukars[0].id, okta_user.sardaukars[1].id, okta_user.sardaukars[2].id, okta_user.sardaukars[3].id, okta_user.sardaukars[4].id, ] } ``` -------------------------------- ### Basic Okta Custom Admin Role Example Source: https://github.com/okta/terraform-provider-okta/blob/master/examples/resources/okta_admin_role_custom/README.md A basic Terraform configuration example for setting up an Okta custom admin role. This snippet demonstrates the fundamental usage of the Okta provider for role management. ```terraform # Simple example can be found here: ./basic.tf ``` -------------------------------- ### okta_factor_totp Resource Example Source: https://github.com/okta/terraform-provider-okta/blob/master/docs/resources/factor_totp.md Example Terraform configuration for creating an Okta TOTP factor. This resource manages time-based one-time password factors, including settings like OTP length, HMAC algorithm, time step, and shared secret encoding. ```terraform resource "okta_factor_totp" "example" { name = "example" otp_length = 10 hmac_algorithm = "HMacSHA256" time_step = 30 clock_drift_interval = 10 shared_secret_encoding = "hexadecimal" } ``` -------------------------------- ### Okta Authorization Server Policy Rule Example Source: https://github.com/okta/terraform-provider-okta/blob/master/docs/resources/auth_server_policy_rule.md Example Terraform configuration for creating an Okta Authorization Server Policy Rule. This demonstrates setting essential parameters like auth server ID, policy ID, status, name, priority, and whitelisting options for groups and grant types. ```terraform resource "okta_auth_server_policy_rule" "example" { auth_server_id = "" policy_id = "" status = "ACTIVE" name = "example" priority = 1 group_whitelist = [""] grant_type_whitelist = ["implicit"] } ``` -------------------------------- ### Example Usage: okta_app_saml_app_settings Source: https://github.com/okta/terraform-provider-okta/blob/master/docs/resources/app_saml_app_settings.md Demonstrates how to create a SAML application and then manage its settings separately using the okta_app_saml_app_settings resource. It includes defining the application and then configuring its specific settings like login URL, role mapping, and session duration. ```terraform resource "okta_app_saml" "test" { preconfigured_app = "amazon_aws" label = "Amazon AWS" status = "ACTIVE" } resource "okta_app_saml_app_settings" "test" { app_id = okta_app_saml.test.id settings = jsonencode( { "appFilter" : "okta", "awsEnvironmentType" : "aws.amazon", "groupFilter" : "aws_(?{{accountid}}\\d+)_(?{{role}}[a-zA-Z0-9+=,.@\\-_]+)", "joinAllRoles" : false, "loginURL" : "https://console.aws.amazon.com/ec2/home", "roleValuePattern" : "arn:aws:iam::$${accountid}:saml-provider/OKTA,arn:aws:iam::$${accountid}:role/$${role}", "sessionDuration" : 3200, "useGroupMapping" : false } ) } ``` -------------------------------- ### Okta Brand Data Source Example Source: https://github.com/okta/terraform-provider-okta/blob/master/docs/data-sources/brand.md Demonstrates how to use the `okta_brand` data source to retrieve a single Brand from Okta. It shows fetching all brands first to get an ID, then fetching a specific brand by its ID, and also fetching the default brand. ```terraform data "okta_brands" "test" { } data "okta_brand" "test" { brand_id = tolist(data.okta_brands.test.brands)[0].id } data "okta_brand" "default" { brand_id = "default" } ``` -------------------------------- ### Terraform Configuration for Default MFA Policy Source: https://github.com/okta/terraform-provider-okta/blob/master/docs/resources/policy_mfa_default.md This snippet demonstrates how to configure the default MFA policy using Terraform. It shows examples for both classic Okta and Okta Identity Engine (OIE) setups, including required authenticators like Okta Password, Okta OTP, and Okta Verify. ```terraform resource "okta_policy_mfa_default" "classic_example" { is_oie = false okta_password = { enroll = "REQUIRED" } okta_otp = { enroll = "REQUIRED" } } resource "okta_policy_mfa_default" "oie_example" { is_oie = true okta_password = { enroll = "REQUIRED" } # The following authenticator can only be used when `is_oie` is set to true okta_verify = { enroll = "REQUIRED" } } ### -> If the `okta_policy_mfa_default` is used in conjunction with `okta_policy_mfa` resources, ensure to use a `depends_on` attribute for the default policy to ensure that all other policies are created/updated first such that the `priority` field can be appropriately computed on the first plan/apply. ``` -------------------------------- ### Terraform Development Recommendations Source: https://github.com/okta/terraform-provider-okta/blob/master/sdk/README.md Provides guidance on implementing new resources and data sources within the Okta Terraform provider. It emphasizes the use of the Terraform Plugin Framework over the older SDKv2. ```markdown NOTE: Any new resources or data sources contributed to this project should be implemented with the [Terraform Plugin Framework](https://developer.hashicorp.com/terraform/plugin/framework) and not the [Terraform Plugin SDKv2](https://developer.hashicorp.com/terraform/plugin/sdkv2). ``` -------------------------------- ### Terraform Usage Example Source: https://github.com/okta/terraform-provider-okta/blob/master/docs/data-sources/policy.md Example of how to use the okta_policy data source in Terraform to retrieve a policy named 'Password Policy Example' of type 'PASSWORD'. ```terraform data "okta_policy" "example" { name = "Password Policy Example" type = "PASSWORD" } ``` -------------------------------- ### Terraform Provider Okta Block Example Source: https://github.com/okta/terraform-provider-okta/blob/master/docs/index.md Example of how to configure the Okta provider in a Terraform configuration. ```terraform provider "okta" { org_name = "your_org_name" base_url = "your_okta_domain.oktapreview.com" api_token = "your_api_token" # Or use OAuth 2.0 client authentication: # client_id = "your_client_id" # private_key = "file.pem" # private_key_id = "your_private_key_id" # scopes = "okta.users.manage,okta.groups.manage" # Rate limiting configuration (optional) # backoff = true # min_wait_seconds = 10 # max_wait_seconds = 60 # max_retries = 3 # request_timeout = 60 # max_api_capacity = 50 } ``` -------------------------------- ### Basic Resource Set Creation (Terraform) Source: https://github.com/okta/terraform-provider-okta/blob/master/examples/resources/okta_resource_set/README.md This example demonstrates the basic creation of an Okta Resource Set using the Terraform Okta provider. It shows how to define the resource set's name and description. ```terraform resource "okta_resource_set" "example" { name = "My Example Resource Set" description = "A custom collection of resources for testing." } ``` -------------------------------- ### Terraform Usage Example Source: https://github.com/okta/terraform-provider-okta/blob/master/docs/data-sources/group_rule.md Example of how to use the okta_group_rule data source in Terraform to retrieve a group rule by its ID. ```terraform data "okta_group_rule" "test" { id = okta_group_rule.example.id } ``` -------------------------------- ### Simple Realm Assignment Example Source: https://github.com/okta/terraform-provider-okta/blob/master/examples/resources/okta_realm_assignment/README.md A basic Terraform configuration demonstrating how to create an Okta Realm Assignment resource. ```terraform # Example of a simple realm assignment # resource "okta_realm_assignment" "example" { # realm_id = "your_realm_id" # user_id = "your_user_id" # } ``` -------------------------------- ### Simple Usage of okta_app_signon_policy_rule Source: https://github.com/okta/terraform-provider-okta/blob/master/docs/resources/app_signon_policy_rule.md This example demonstrates the basic creation of an Okta application sign-on policy rule, linking it to an existing sign-on policy. ```terraform resource "okta_app_saml" "test" { label = "My App" sso_url = "https://google.com" recipient = "https://here.com" destination = "https://its-about-the-journey.com" audience = "https://audience.com" status = "ACTIVE" subject_name_id_template = "$${user.userName}" subject_name_id_format = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" signature_algorithm = "RSA_SHA256" response_signed = true digest_algorithm = "SHA256" honor_force_authn = false authn_context_class_ref = "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport" } data "okta_app_signon_policy" "test" { app_id = okta_app_saml.test.id } resource "okta_app_signon_policy_rule" "test" { policy_id = data.okta_app_signon_policy.test.id name = "testAcc_replace_with_uuid" } ``` -------------------------------- ### Example: Assigning READ_ONLY_ADMIN Role to a Group Source: https://github.com/okta/terraform-provider-okta/blob/master/examples/resources/okta_group_role/README.md Terraform configuration example demonstrating how to assign the 'READ_ONLY_ADMIN' role to an Okta group. ```terraform resource "okta_group_role" "readonly" { group_id = okta_group.readonly_group.id role_type = "READ_ONLY_ADMIN" } resource "okta_group" "readonly_group" { name = "readonly_group" } ``` -------------------------------- ### Accessing Okta SDK v3 with Terraform Plugin Framework Source: https://github.com/okta/terraform-provider-okta/blob/master/sdk/README.md Illustrates how to access the Okta SDK v3 client when working with the Terraform Plugin Framework. This is the recommended approach for new development. ```go r.oktaSDKClientV3 ``` -------------------------------- ### Terraform Okta Resource Set Example Source: https://github.com/okta/terraform-provider-okta/blob/master/docs/resources/resource_set.md Demonstrates how to create an Okta Resource Set using Terraform, including defining resources by API endpoints and using local variables for organization URL. It showcases different ways to specify resources, including specific groups and groups via ORN. ```terraform locals { org_url = "https://mycompany.okta.com" } resource "okta_resource_set" "test" { label = "UsersAppsAndGroups" description = "All the users, app and groups" resources = [ format("%s/api/v1/users", local.org_url), format("%s/api/v1/apps", local.org_url), format("%s/api/v1/groups", local.org_url) ] } data "okta_org_metadata" "_" {} locals { org_url = try( data.okta_org_metadata._.alternate, data.okta_org_metadata._.organization ) } resource "okta_resource_set" "example" { label = "UsersAppsAndGroups" description = "All the users, app and groups" resources = [ "${local.org_url}/api/v1/users", "${local.org_url}/api/v1/apps", "${local.org_url}/api/v1/groups" ] } ### To Provide permissions to specific Groups locals { org_url = "https://mycompany.okta.com" } resource "okta_resource_set" "test" { label = "Specific Groups" description = "Only Specific Group" resources = [ format("%s/api/v1/groups/groupid1", local.org_url), format("%s/api/v1/groups/groupid2", local.org_url) ] } ### To Provide permissions to specific Groups via ORN locals { org_id = "00onr127891saSQS" } resource "okta_resource_set" "test" { label = "Specific Groups" description = "Only Specific Group" resources = [ format("orn:okta:directory:%s:groups", local.org_id), ] } ``` -------------------------------- ### Accessing Okta SDK v3 with Terraform SDK v2 Source: https://github.com/okta/terraform-provider-okta/blob/master/sdk/README.md Demonstrates how to obtain the Okta SDK v3 client when using the Terraform SDK v2. This is relevant for existing resources and data sources. ```go getOktaV3ClientFromMetadata(m) ``` -------------------------------- ### Let's Encrypt Certbot Usage Source: https://github.com/okta/terraform-provider-okta/blob/master/docs/resources/domain_certificate.md Provides instructions and an example command for generating a domain certificate using Let's Encrypt Certbot in manual mode with DNS challenge. It maps the generated certificate files (`cert.pem`, `chain.pem`, `privkey.pem`) to the corresponding fields in the `okta_domain_certificate` resource. ```shell $ certbot certonly --manual --preferred-challenges dns --key-type rsa -d [DOMAIN] Okta Field | Certbot file --------------------|-------------- `certificate` | `cert.pem` `certificate_chain` | `chain.pem` `private_key` | `privkey.pem` ```