Hi,
I’m using Terraform to structure Okta for my org. I need to create an authenticator, specifically ‘IdP Authenticator’ using Terraform. I checked API docs for creating Authenticator but it doesn’t seem to have a good example for IdP Authenticators, and I’m running into some issues.
I used the following code for Terraform.
resource "okta_authenticator" "dt_authenticator" {
name = "My IdP Authenticator"
key = "external_idp"
# okta_idp_saml.dt_idp.id references an IdP created earlier using Terraform
settings = jsonencode({
"provider" : {
"type" : "CLAIMS",
"configuration" : {
"idpId" : okta_idp_saml.dt_idp.id
}
}
})
depends_on = [okta_idp_saml.dt_idp]
}
resource "okta_policy_mfa" "dt_mfa" {
name = "IdP Authenticator Enrollment"
status = "ACTIVE"
priority = 1
is_oie = true
okta_password = {
enroll = "REQUIRED"
}
external_idps = [
{
"id" = okta_authenticator.dt_authenticator.id,
"enroll" = "REQUIRED",
}
]
groups_included = [
okta_group.dt_enabled_group.id,
]
}
Once I deploy this, it doesn’t give any error and says the authenticator is created.
However, the authenticator is not created when I check through my Admin Dashboard and the ‘IdP Authenticator Enrollment’ policy (okta_policy_mfa.dt_mfa) uses another IdP that already existed in our tenant.
Also, what’s the key and method for idp authenticators when creating an okta_app_signon_policy_rule > type AUTH_METHOD_CHAIN > chains.authenticationMethods?