Open trodemaster opened 10 months ago
We use the vault terraform provider and OKTA extensively. Currently, there is no way to set the OKTA auth method as the default one that users see when they access vault via the web interface via the terraform provider.
resource "vault_okta_auth_backend" "bigcustomer" { depends_on = [vault_policy.namespace-management] description = "OKTA + LoginMFA" organization = var.okta_org base_url = var.okta_base_url token = var.okta_token max_ttl = var.okta_ttl ttl = var.okta_ttl bypass_okta_mfa = true # we use the LoginMFA instead tune = { listing_visibility = "unauth" } }
See this document for the description of what we need to do. https://support.hashicorp.com/hc/en-us/articles/360001922527-Configuring-a-Default-UI-Auth-Method
Other auth backend providers already have support for tune. https://registry.terraform.io/providers/hashicorp/vault/2.9.0/docs/resources/auth_backend
Somewhat related issue https://github.com/hashicorp/terraform-provider-vault/issues/1353
No
I just ran into this as well
Description
We use the vault terraform provider and OKTA extensively. Currently, there is no way to set the OKTA auth method as the default one that users see when they access vault via the web interface via the terraform provider.
Affected Resource(s) and/or Data Source(s)
Potential Terraform Configuration
References
See this document for the description of what we need to do. https://support.hashicorp.com/hc/en-us/articles/360001922527-Configuring-a-Default-UI-Auth-Method
Other auth backend providers already have support for tune. https://registry.terraform.io/providers/hashicorp/vault/2.9.0/docs/resources/auth_backend
Somewhat related issue https://github.com/hashicorp/terraform-provider-vault/issues/1353
Would you like to implement a fix?
No