SteveL.34873 (Customer) asked a question.
To prevent users from needing to have Org App Admin access, we are trying to create applications via Terraform. However we are running into the following issues:
- I do not see a way to configure provisioning features (IE SCIM) via Terraform, or even the API. Is there a way to do so that I am not seeing?
- When setting up an application from the Okta Integration Network (App Catalog), we are running into issues because not every required setting and value is known. For example, while Office365 works without any app settings, Zendesk fails with the error "failed to create SAML application: the API returned an error: Api validation failed: companySubDomain. Causes: errorSummary: companySubDomain: The field cannot be left blank". Is there a place where these required keys and potential values for OIN apps are listed?
-Some other settings also do not seem to be configurable in Terraform for random OIN apps. For example, in Splunk we do not see a way to configure "configuredAttributeStatements".
Is there something I am missing? Is there any other way to avoid users having Org App Admin Access while still being able to setup new apps, and then to terraform it needing to export the configuration via API calls? This is a really bad UX so I feel like I am missing something.
TY!
Hi @SteveL.34873 (Customer) , Thank you for reaching out to the Okta Community!
This question is more appropriate for our dedicated Okta Developer Forum.
My advice would be to reach out devforum.okta.com to take advantage of their expertise.
While we'll do our best to answer all of your questions here, this medium is more inclined towards Okta core products and features (non-developer work).
That being said, I'll try to answer your questions to the best of my abilities.
We don't have a step-by-step guide on how to use Terraform for your use case.
The closes one that I could find is:
https://developer.okta.com/blog/2020/02/03/managing-multiple-okta-instances-with-terraform-cloud
- I do not see a way to configure provisioning features (IE SCIM) via Terraform, or even the API. Is there a way to do so that I am not seeing?
Some of the provisioning settings should be manageable via the APPS API. - https://developer.okta.com/docs/reference/api/apps/#application-provisioning-connection-operations
- When setting up an application from the Okta Integration Network (App Catalog), we are running into...
Those would be values the should be provided by your SP and typically require manual input and ideally you'll need to review the setup guide for each OIN app.
-Some other settings also do not seem to be configurable in Terraform ...
I'm not sure if you are referring to the options present in Terraform or the Okta APPS AP, for this I'd have to defer to my DevForum colleagues.
If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you.
Hope my answer helps!
--------------------------------
💡 Community Moderator Tip: Join a group today and connect with other Okta customers by region or product.