Support for Okta group owners in terraform provider

[64ne]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Hi All,

Is there a plan to implement a feature in okta_group resource to provide list of owners for Okta group? It is already available through Groups API, reference below. It would be helpful also for future reference with IGA API. Let me know what you think. 😃

New or Affected Resource(s)

• okta_group

Potential Terraform Configuration

resource "okta_group" "example" {
  name         = "Example"
  description  = "My Example Group"
  owners       = [ "example1@example.com", "example2@example.com" ]
}

References

Okta Groups API

[duytiennguyen-okta]

OKTA internal reference https://oktainc.atlassian.net/browse/OKTA-618786

[jefftaylor-okta]

Thanks for the question @64ne! We do have a plan to support this feature as part of the Groups API. We are working on revamping our process for releasing APIs and resources. In terms of helping with your understanding of the IGA, can you expand on how this resource in the Okta Terraform provider will help you with IGA? Thanks in advance!

[64ne]

hi @jefftaylor-okta ! thanks for reaching out! What I had in mind is that in future release of terraform provider, which will include IGA resources, list of group owners can be referenced as approvers of requests coming for specific requests(group access) made within IGA(Okta requests). Does this make sense to you?

Also from point of audit, regarding group owners, it is easy to show who are group owners from code and changes of ownership can be tracked.

[justinas-b]

Hey! I have similar use case - we are using group owners as an approvers in IGA, and wile we are provisioning groups, group members and app assignments in terraform, it is a pain to maintain group owners manually and be unable to define this in same code base

[github-actions[bot]]

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days

[64ne]

Commenting in order not to be closed

[hoeg]

Any news on this feature? Are anyone working on it at the moment or is it possible to submit a PR for this?

This would make the usage of Okta Access Requests app a lot more smooth as we would dynamically be able to route access requests to owners of the groups we want to add people to.

[hoeg]

As owners can be both groups and users, should the API enable both? Consider the following:

data "okta_group" "owner_group" {
  name = "Owner Group"
}

data "okta_user" "owner_user" {
  search {
    name  = "profile.firstName"
    value = "Owner"
  }

  search {
    name  = "profile.lastName"
    value = "McOwnface"
  }
}

resource "okta_group" "example" {
  name                 = "Example"
  description          = "My Example Group"
  owner_groups         = [ data.okta_group.owner_group.id ] //new argument
  owner_users          = [ data.okta_user.owner_user.id ]   //new argument
}

Or something in line with this?

[handyrandyrc]

We're another customer that needs this.

[zacharysfisher]

Also have a need for this.