I am trying to create users in a test environment using the okta_user resource. I do not see any way to force it to use a user_type other than the base type. Even if I set the user_type to a custom user_type it still seems to try and create it with the base type. The API seems to include a type attribute that will force it to create it under a specific type but the terraform provider does not seem to support it.
@pmdepr What is the API you referred? Are you following any docs?
For the okta_user I am referring to the terraform provider - https://registry.terraform.io/providers/okta/okta/latest/docs/resources/user
For the API I am referring to the Okta Users API - Users | Okta Developer.
As I mentioned I am able to use the API to set the user_type and have the data sent in validated against that type. With the Terraform provider it seems to use the default type and fails validation, specifically the format of the username, as a result.
hey @pmdepr
Here is an example below, where you use okta_user_type and then reference it in your okta_user resource. Hope that helps.
resource "okta_user_type" "example" {
name = "example"
display_name = "example"
description = "example"
}
resource "okta_user" "example" {
first_name = "John"
last_name = "Smith"
login = "john.smith@example.com"
email = "john.smith@example.com"
user_type = okta_user_type.example.name
}
So I am populating the user_type field in my terraform but it seems like the creation is not taking it into account as I get a validation error on the login. When I run this same call using that same user_type via the API it passes the validation.
resource "okta_user" "users" { email = "XYZ@cigna.com" first_name = "hellotester1" last_name = "iamtester1" login = "iamemail1" status = "ACTIVE" user_type = "evernorth_customer" }
Here is the error response:
Error: failed to create user: The API returned an error: Api validation failed: login. Causes: errorSummary: login: Username must be in the form of an email address
hey @pmdepr ,
Per the error message, unless I missing something, you either have to update the username schema in Profile Editor to change the requirements. ie Go to your admin dashboard, then hit Directory > Profile Editor, select User(default), edit Username by clicking on āiā icon.
Or update your HCL so the email format is login="iamemail1@cigna.com" so it matches the default username schema rules which is an email format.
I am not looking to change the default user type but rather be able to use the custom user type when creating a user. Again, this works fine with the API, I can tell it the user type to use and it validates the new user based upon that type but the Terraform provider does not seem to do the same thing.