resource "okta_authenticator" "okta_email" does honor 'allowedFor' upon creation

[antonmos]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

Terraform v1.6.6

• provider registry.terraform.io/okta/okta v4.6.3

Affected Resource(s)

• okta_authenticator

Terraform Configuration Files

resource "okta_authenticator" "email" {
  name = "email"
  key  = "okta_email"
  settings = jsonencode(
    {
      "allowedFor" : "any",
      "tokenLifetimeInMinutes": 5
    }
  )
}

Debug Output

okta_authenticator.email: Creation complete after 2s 

Panic Output

Expected Behavior

Okta email autheticator should have been updated to allow use for authentication.

Can this be done in the Admin UI?

yes

Can this be done in the actual API call?

Actual Behavior

Terraform apply created the resource but the authenticator was not updated to allow use for authentication.

Steps to Reproduce

1. terraform apply

Important Factoids

running terraform plan again, produced

  ~ resource "okta_authenticator" "email" {
        id                          = "aut5qskmjsdq7w4bm1d7"
        name                        = "Email"
      ~ settings                    = jsonencode(
          ~ {
              ~ allowedFor             = "recovery" -> "any"
                # (1 unchanged attribute hidden)
            }
        )
        # (5 unchanged attributes hidden)
    }

Running terraform apply correctly updated the authenticator to allow use for authentication and recovery.

[duytiennguyen-okta]

OKTA internal reference https://oktainc.atlassian.net/browse/OKTA-678557