When managing Users in Terraform, a permissions error is thrown when the plan is applied that reads:

Error: failed to set user's roles: failed to get roles: the API returned an error: The access token provided does not contain the required scopes.

• Okta Terraform Provider
• Admin Roles
• User management

The token used by Terraform to authorize API calls to Okta lacks sufficient permissions/scopes to interact with the targeted resource.

Based on the error message returned to Terraform, the token being used does not have permission to manage admin roles for the user. Two different options can be used to resolve this error:

• Enable skip_roles in the Terraform config to prevent Okta from requesting admin role information when interacting with Users
• Grant the OAuth client (if using OAuth to authorize Terraform) or the admin user (if using an API Token to authorize Terraform) sufficient permissions to view/manage admin roles and ensure the right list of scopes is being requested
  • For a Custom Admin Role, the Permission is part of Identity and Access Management Resources