When creating an application using the Terraform Provider, the following error is returned when applying the plan:
failed to set authentication policy for a <<application type>> application: error finding default ACCESS_POLICY the API returned an unknown error
- Okta Terraform Provider
- Okta Identity Engine (OIE)
After the Terraform Provider creates the application, it will attempt to assign this new application to either the provided Authentication Policy (based on the authentication_policy option for the resource) or to the default authentication policy in the org, which involves making a request to the /api/v1/policies endpoint.
This API call will fail if the token used to authorize the provider does not have permission to read the Authentication Policies.
While the application will be created successfully, to prevent an error from being logged when running the plan, the provider will need to be able to make requests to the policies endpoint.
- If the provider is using OAuth to authorize these requests ensure that:
- The Admin Role(s) assigned to the API Service application has sufficient permissions to read policies.
- The
okta.policies.readscope is enabled for the API Service application. - The provider is configured to request the
okta.policies.readscope.
- If the provider is using an API Token to authorize these requests, ensure that:
- The Admin Role(s) assigned to the user issued the API Token has sufficient permissions to read policies.
