Getting an error when trying to create an authenticator enrollment policy with only email as required.
Error: failed to create MFA policy: the API returned an error: Api validation failed: mediationPolicy. Causes: errorSummary: At least one of Password or Email authenticator must be set to required.
Code
new okta.policy.Mfa('my-mfa-policy', {
name: 'MFA policy',
groupsIncludeds: [everyone],
status: 'ACTIVE',
oktaEmail: { enrol: 'REQUIRED' },
oktaPassword: { enroll: 'NOT_ALLOWED' }, // FIXME - this is not working
googleOtp: { enroll: 'NOT_ALLOWED' },
phoneNumber: { enroll: 'NOT_ALLOWED' },
});
Expected Behavior
Based on the doc Unless Org Feature FlagENG_ENABLE_OPTIONAL_PASSWORD_ENROLLMENTis ***disabled***oktaPasswordoroktaEmailmust be present and itsenrollvalue set toREQUIRED. Contact support to have this feature flag ***disabled***. I should be able to create the resource since the oktaEmail is required.
So the expected behavior is to have the authenticator enrollment policy created.
If I go to the UI and change manually, I do achieve the desired result.
Steps to reproduce
Install @pulumi/okta:3.22.0
Create an authenticator enrollment policy like described before
Run it and you will see the error described before
Output of pulumi about
failed to create MFA policy: the API returned an error: Api validation failed: mediationPolicy. Causes: errorSummary: At least one of Password or Email authenticator must be set to required.
Additional context
No response
Contributing
Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).
What happened?
@pulumi/okta
version: 3.22.0Getting an error when trying to create an authenticator enrollment policy with only email as required.
Error:
failed to create MFA policy: the API returned an error: Api validation failed: mediationPolicy. Causes: errorSummary: At least one of Password or Email authenticator must be set to required.
Code
Expected Behavior
Based on the doc
Unless Org Feature Flag
ENG_ENABLE_OPTIONAL_PASSWORD_ENROLLMENTis ***disabled***
oktaPasswordor
oktaEmailmust be present and its
enrollvalue set to
REQUIRED. Contact support to have this feature flag ***disabled***.
I should be able to create the resource since theoktaEmail
is required.So the expected behavior is to have the authenticator enrollment policy created.
If I go to the UI and change manually, I do achieve the desired result.
Steps to reproduce
@pulumi/okta:3.22.0
Output of
pulumi about
failed to create MFA policy: the API returned an error: Api validation failed: mediationPolicy. Causes: errorSummary: At least one of Password or Email authenticator must be set to required.
Additional context
No response
Contributing
Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).