Okta API permission issue with terraform

jeevan · January 29, 2024, 12:40am

Hi guys, I was trying to follow Okta youtube video https://www.youtube.com/watch?v=5_x0VmvjXmg to connect Terraform with Okta to manage users and groups. But I am getting a small error Error: failed to create group: the API returned an error: You do not have permission to perform the requested action .

Does anyone have any idea on how I can solve this issue ? I tried creating API Token on Okta but I cannot use App Client ID when I include it in the code base.

Code :

terraform {
 required_providers {
 okta = {
 source = "okta/okta"
    }
  }
}

provider "okta" {
 org_name = "xxxxxxxx"
 base_url = "oktapreview.com"
 client_id = "xxxxxxxx"
 scopes = ["okta.groups.manage", "okta.users.manage", "okta.policies.manage"]
 private_key = file("rsa.pem")
}

# Creating a group
resource "okta_group" "demo" {
 name = "Example"
 description = "My Example Group"
}

vk-giri · January 29, 2024, 3:44pm

Hi, can you do the following

Can you test this endpoint in postman and check if this is a permission issue or terraform issue
Run it using “TF_LOG=DEBUG terraform apply” and then provide us the logs that you are receiving, so that we can understand better what is happening behind the scene.

jeevan · January 29, 2024, 11:06pm

Hi, I used postman to create a group with the same endpoint but I had to create API key from Admin UI to make the request successful.

Here is my log for the error

vk-giri · February 2, 2024, 11:40am

Are you calling any other resources before creating this group? You might need to use skip_rules if the API Token/Service app doesn’t have super admin level permissions.

github.com/okta/terraform-provider-okta

add skip_groups and skip_roles to okta_user

opened 11:19PM - 09 Mar 22 UTC

closed 05:56PM - 10 Mar 22 UTC

monde

enhancement

Customer ask: Add boolean a `skip_groups` and `skip_roles` to resource `okta_us…er` so that unnecessary API calls to `GET /api/v1/users/{userId}/roles` and `GET /api/v1/users/{userId}/groups` are not made. An example ```terraform terraform { required_providers { okta = { source = "okta/okta" } } } # in test org, there are 1000 users with login starting with "testprefix-" data "okta_users" "important_users" { search { name = "profile.login" value = "testprefix-" comparison = "sw" } } resource "okta_group" "very_important_group" { name = "very_important_group" skip_users = true } data "okta_user" "very_important_group" { for_each = toset([for user in data.okta_users.important_users.users: user.id]) user_id = each.key # The `okta_user` data source will make additional API calls to fill in group and role information. # If fields like `skip_groups` and `skip_roles` were added, these unnecessary API calls could be avoided. # skip_groups = true # skip_roles = true } resource "okta_group_memberships" "very_important_group" { group_id = okta_group.very_important_group.id users = [for user in data.okta_user.very_important_group : user.id] } ```

andrea · March 3, 2024, 11:41am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Post		Replies	Views
Terraform API integration permissions issue API terraform	3	590	May 22, 2024
Unknown error creating okta_app_oauth with Terraform API terraform	1	32	October 17, 2024
Administrator Roles API - List user roles Questions	2	4464	March 11, 2019
Okta JWT Verifier Questions	4	3811	August 19, 2019
How to create okta_app_oauth with public/private key Questions	3	2656	July 8, 2022

Okta API permission issue with terraform

Related topics