A Terraform provider to manage Okta resources, enabling infrastructure-as-code provisioning and management of users, groups, applications, and other Okta objects.
Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment
Terraform Version
Terraform v1.5.1
on windows_386
provider registry.terraform.io/okta/okta v4.4.2
Affected Resource(s)
okta_app_saml
Terraform Configuration Files
# Copy-paste your Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key: https://keybase.io/hashicorp
Debug Output
Panic Output
Expected Behavior
Terraform should create an APP with user_name_template type == "NONE" and user_name_Template == null
Create an okta_app_saml resource with user_name_template_type as "NONE" and user_name_template as null or blank
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
~ update in-place
Community Note
Terraform Version
Terraform v1.5.1 on windows_386
Affected Resource(s)
okta_app_saml
Terraform Configuration Files
Debug Output
Panic Output
Expected Behavior
Terraform should create an APP with user_name_template type == "NONE" and user_name_Template == null
Can this be done in the Admin UI?
Can this be done in the actual API call?
curl --location 'https://dev-45062044.okta.com/api/v1/apps' \ --header 'Accept: application/json' \ --header 'Content-Type: application/json' \ --header 'Authorization: SSWS ' \ --data '{ "label": "ZIA Sample App", "accessibility": { "selfService": false, "errorRedirectUrl": null, "loginRedirectUrl": null }, "visibility": { "autoSubmitToolbar": false, "hide": { "iOS": false, "web": false } }, "features": [], "signOnMode": "SAML_2_0", "credentials": { "userNameTemplate": { "template": null, "type": "NONE" }, "signing": {} }, "settings": { "app": {}, "notifications": { "vpn": { "network": { "connection": "DISABLED" }, "message": null, "helpUrl": null } }, "signOn": { "defaultRelayState": "", "ssoAcsUrl": "http://example.okta.com", "idpIssuer": "http://www.okta.com/${org.externalKey}", "audience": "https://example.com/tenant/123", "recipient": "http://recipient.okta.com", "destination": "http://destination.okta.com", "subjectNameIdTemplate": "${user.userName}", "subjectNameIdFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", "responseSigned": true, "assertionSigned": true, "signatureAlgorithm": "RSA_SHA256", "digestAlgorithm": "SHA256", "honorForceAuthn": true, "authnContextClassRef": "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport", "spIssuer": null, "requestCompressed": false, "attributeStatements": [] } } }'
Actual Behavior
Steps to Reproduce
Create an okta_app_saml resource with user_name_template_type as "NONE" and user_name_template as null or blank
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: ~ update in-place
Terraform will perform the following actions:
okta_app_saml.ziaapp will be updated in-place
(imported from "0oada5gisznTlGora5d7")
~ resource "okta_app_saml" "ziaapp" { accessibility_self_service = false acs_endpoints = [] app_links_json = jsonencode( { dev-45062044_ziasampleapp_2_link = true } ) app_settings_json = jsonencode({}) assertion_signed = true audience = "https://example.com/tenant/123" authn_context_class_ref = "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport" auto_submit_toolbar = false destination = "http://destination.okta.com" digest_algorithm = "SHA256" embed_url = "https://dev-45062044.okta.com/home/dev-45062044_ziasampleapp_2/0oada5gisznTlGora5d7/alnda5qobvE3PfGeI5d7" entity_key = "exkda5gisyfYlE7rk5d7" entity_url = "http://www.okta.com/exkda5gisyfYlE7rk5d7" features = [] hide_ios = false hide_web = false honor_force_authn = true http_post_binding = "https://dev-45062044.okta.com/app/dev-45062044_ziasampleapp_2/exkda5gisyfYlE7rk5d7/sso/saml" http_redirect_binding = "https://dev-45062044.okta.com/app/dev-45062044_ziasampleapp_2/exkda5gisyfYlE7rk5d7/sso/saml" id = "0oada5gisznTlGora5d7" idp_issuer = "http://www.okta.com/${org.externalKey}" implicit_assignment = false label = "ZIA Sample App" logo_url = "https://ok12static.oktacdn.com/assets/img/logos/default.6770228fb0dab49a1695ef440a5279bb.png" metadata_url = "https://dev-45062044.okta.com/api/v1/apps/0oada5gisznTlGora5d7/sso/saml/metadata" name = "dev-45062044_ziasampleapp_2" preconfigured_app = "dev-45062044_ziasampleapp_2" recipient = "http://recipient.okta.com" response_signed = true saml_signed_request_enabled = false saml_version = "2.0" sign_on_mode = "SAML_2_0" signature_algorithm = "RSA_SHA256" sso_url = "http://example.okta.com" status = "ACTIVE" subject_name_id_format = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" subject_name_id_template = "${user.userName}"