Feature Req: Add support for dynamic IdP routing rules

[sgal-dm]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Add support for dynamic IdP routing rules. The existing behavior is the provider can only manage specific IdP routing rules, it doesn't appear to monitor the API attributes involved in specifying specific vs dynamic, as a rule can be manually changed to dynamic in the admin console without those changes showing up on plan/apply operations.

New or Affected Resource(s)

• okta_policy_rule_idp_discovery
  • Potential New Attributes:
  • selection_type
    • string with a default value of SPECIFIC so existing code for specific rules is unaffected.
    • Maps to actions.idp.idpSelectionType in the API data structure.
  • provider_expression
    • string with a default value of null.
    • Maps to actions.idp.matchCriteria.providerExpression in the API data structure.

Potential Terraform Configuration

data "okta_policy" "idp_discovery_policy" {
  name = "Idp Discovery Policy"
  type = "IDP_DISCOVERY"
}

resource "okta_policy_rule_idp_discovery" "example" {
  policy_id                 = data.okta_policy.idp_discovery_policy.id
  name                      = "Select IdP by login domain"
  selection_type            = "DYNAMIC"
  provider_expression       = "login.identifier.substringAfter('@')" 
  network_connection        = "ANYWHERE"
  priority                  = 1
  status                    = "ACTIVE"
  user_identifier_type      = "ATTRIBUTE"
  user_identifier_attribute = "company"
  user_identifier_patterns {
    match_type = "EQUALS"
    value      = "ACME"
  }

References

• Relevant API documentation on dynamic IdP rules.

[monde]

Thanks @sgal-dm . We'll have to investigate and prioritize this onto our 4.1 and/or 5.0 release plans. Okta internal reference: https://oktainc.atlassian.net/browse/OKTA-601942

[github-actions[bot]]

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days

[sgal-dm]

Not stale.

[github-actions[bot]]

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days

[sgal-dm]

Not stale

[duytiennguyen-okta]

@sgal-dm I have the PR ready but it will be a breaking change so it will have to wait for v5

[sgal-dm]

Awesome thanks for the update and the work @duytiennguyen-okta!