I am using terraform to set up SAML Apps with my org. It’s really convenient to use the preconfigured_app option to set up, for example, OCI:
resource "okta_app_saml" "oci" {
label = "Oracle Cloud Infrastructure"
preconfigured_app = "oraclecloudinfrastructure"
...
}
With terraform it works particularly well to create the app manually, then import it into Terraform to get the name and settings.
However, I just hit a snag: I need to select groups to send over. In the Web UI there’s a “preconfigured SAML attribute for it”:
I tried adding an attribute statement:
attribute_statements {
type = "GROUP"
name = "https://auth.oraclecloud.com/saml/claims/groupName"
filter_type = "EQUALS"
filter_value = okta_group.oci_admins.name
}
But I get an error message:
Invalid attribute name: The SAML attribute 'https://auth.oraclecloud.com/saml/claims/groupName' matches an existing attribute name within this integration. View the SAML 2.0 setup instructions for a list of predefined SAML attributes. Choose a different name for the SAML attribute to prevent name collision.
Looking at the API response with TF_LOG=1, it seems like the setting in the Web UI isn’t anywhere on the Apps object. Since I can’t override it with a “custom” attribute, that means there’s no way to configure it, with the API or terraform.
Is there a way around this? Thanks in advance!