qwxu5 (qwxu5) asked a question.
Okta Terraform okta_policy_mfa API scopes required
Hey folks,
I'm currently using Terraform and OKTA provider to create an MFA access policy to attach to a SAML for an application.
However, when I try to create an MFA resource via okta_policy_mfa, it throws the following error "Failed to create MFA policy. the API returned an error. You do not have permission to perform the requested action".
My current scopes are:
okta.groups.manage
okta.apps.manage
okta.users.read
okta.appGrants.manage
okta.policies.manage
Does anyone know the required API scopes to create okta_policy_mfa resources?
Thanks.
Hello @qwxu5 (qwxu5) Thank you for posting on our Community page!
From the looks of it, the correct scopes are being used. Make sure that you are also at least and Org admin when doing these calls, in order to have the correct permissions.
There's an option in TF to tell it if you're on OIE or Classic, so the right endpoint is hit (is_oie): https://registry.terraform.io/providers/okta/okta/latest/docs/resources/policy_mfa#example-usage
So if you are an Okta Classic org, you should set is_oie to false in your Terraform plan to see if it resolves the issue.
Thank you for reaching out to our Community and have a great day!
--
Help others in the community by liking or hitting Select as Best if this response helped you.