API returns 400 Bad Request when updating office365 auto_login application

[stevem42]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

Terraform version 1.8.5 Provider version 4.8.1

Affected Resource(s)

okta_app_auto_login (office365)

Terraform Configuration Files

resource "okta_app_auto_login" "office365_uat" {
  label             = "Office 365 (UAT)"
  status            = "ACTIVE"
  preconfigured_app = "office365"
  app_links_json = jsonencode({
    calendar   = false,
    crm        = false,
    delve      = false,
    excel      = false,
    forms      = false,
    login      = true,
    mail       = false,
    newsfeed   = false,
    onedrive   = false,
    people     = false,
    planner    = false,
    powerbi    = false,
    powerpoint = false,
    sites      = false,
    sway       = false,
    tasks      = false,
    teams      = false,
    word       = false,
    yammer     = false
  })
  app_settings_json = jsonencode({
    domain                  = "xxxx",
    msftTenant              = "xxxx"
    domains                 = []
    requireAdminConsent     = false
    windowsTransportEnabled = false
    wsFedConfigureType      = "AUTO"
  })
  auto_submit_toolbar = true
  reveal_password     = false
}

Expected Behavior

Changing the label should successfully update the application label in Okta.

Can this be done in the Admin UI?

Yes

Can this be done in the actual API call?

Yes - BUT - only if the request body contains just "name" and "label" e.g

{
"name": "office365",
"label": "My updated label"
}

Actual Behavior

Error on Apply

Error: failed to update auto login application: the API returned an error: Api validation failed: customRuleSettings.customRule. Causes: errorSummary: customRuleSettings.customRule: The expression is invalid: Property 'source' not found, Status: 400 Bad Request with okta_app_auto_login.office365_uat on apps.tf line 1019, in resource "okta_app_auto_login" "office365_uat": resource "okta_app_auto_login" "office365_uat" {

Steps to Reproduce

1. Make a change to an office365 auto login application, for instance a label change
2. terraform apply

Important Factoids

I had opened up a support ticket with Okta. They advised sending only name + what was needed to be changed was required for the API call for this application. I was successfully able to update the label with this method. I can't verify all changes that could be made to an auto_login app work this way.

References

The following issue was solved for other auto_login applications, but office365 could not be updated after this change went through. Before the change they would fail with the same error

• 1934

[duytiennguyen-okta]

@stevem42: What you are doing is trying to configure Okta Integration Network (OIN) apps using Okta's integral apps, in this case okta_app_auto_login. It is currently not supported. We have created an issue that you can watch for when this functionality come online #1637

[duytiennguyen-okta]

Duplicate #1637