NEW - RESOURCES, DATA SOURCES, PROPERTIES, ATTRIBUTES, ENV VARS:
- Add keys attribute to okta_app_saml resource #1206. Thanks, @ericnorrisl and @slichtenthal!
- Export the app embed url for saml apps #1215. Thanks, @felixcolaci!
- Ability to configure the provider with an access (Bearer) token #1222. Thanks, @ericnorrisl!
- Add
privateKeyId
private key signing support available in okta-sdk-golang client #1223. Thanks, @powellchristoph!
BUG FIXES:
- Fix "no default policy found" bug, includes ability for provider to discover if it is running against an OIE or Classic org #1224. Thanks, @monde!
NEW - RESOURCES, DATA SOURCES, PROPERTIES, ATTRIBUTES, ENV VARS:
- New resource
okta_app_signon_policy
#1193. Thanks, @felixcolaci! - Added property
inactivity_period
to resourceokta_app_signon_policy_rule
#1184. Thanks, @monde! - Property
issuer_mode
can be"CUSTOM_URL"
,"ORG_URL"
, or"DYNAMIC"
on resourceokta_auth_server_default
#1197. Thanks, @monde!
BUG FIXES:
- Correct API endpoint and call for resource
okta_policy_profile_enrollment_apps
#1191. Thanks, @felixcolaci! - Fix resources pagination in resource
okta_resource_set
for resource items greater than 100 #1196. Thanks, @monde!
ENHANCEMENTS:
- Update documentation on resource
okta_policy_mfa
andokta_policy_mfa_default
for required FFOKTA_MFA_POLICY
and when FFENG_ENABLE_OPTIONAL_PASSWORD_ENROLLMENT
is enabled #1176. Thanks, @monde!
BUG FIXES:
- Correct issuer mode value in embedded
groups_claim
of anokta_app_oauth
resource #1167. Thanks, @monde! - Resource
okta_app_oauth
propertyredirect_uris
is a list, not a set, and needs to maintain order. #1171. Thanks, @monde! - Fix JSON serialization errors that group and user schemas experience when
enum
andone_of
properties are utilized with atype
value other thanstring
#1178. Thanks, @monde!
ENHANCEMENTS:
ENHANCEMENTS:
- HTTP proxy feature with
OKTA_HTTP_PROXY
alternative toOKTA_ORG_NAME
+OKTA_BASE_URL
#1142. Thanks, @ido50! - Full support for Duo authenticator #1146. Thanks, @monde!
- Improve data source
okta_user
andokta_users
and a bug fix #1159. Thanks, @exitcode0, @monde! - Update latest list of Custom Role Permission properties on resource
okta_admin_role_custom
#1160. Thanks, @tim-fitzgerald!
BUG FIXES:
- Remove incorrect attributes
response_signature_algorithm
, andresponse_signature_scope
from resourceokta_idp_oidc
#1156. Thanks, @monde! - Reestablish old behavior of
okta_group_memberships
resource, add toggle to track all users #1161. Thanks, @monde!
PROJECT IMPROVEMENTS:
- Fix typo in data source
okta_email_template
documentation #1157. Thanks, @monde! - ACC tests maintenance #1158. Thanks, @monde!
NEW - RESOURCES, DATA SOURCES, PROPERTIES, ATTRIBUTES, ENV VARS:
- ENV VAR
OKTA_HTTP_PROXY
alternative toOKTA_ORG_NAME
+OKTA_BASE_URL
- Data Sources
okta_user
delay_read_seconds
property to assist dealing with data eventual consistency
okta_users
include_roles
property to signal admin roles for each user should also be gathereddelay_read_seconds
property to assist dealing with data eventual consistency
- Resources
okta_group_memberships
track_all_users
track all users of group, not just those when resource was initialized
ENHANCEMENTS:
- Add
system
attribute tookta_auth_server_scope
resource #1112. Thanks, @monde! - Refine search criteria precision in
okta_app
data source #1115. Thanks, @monde! okta_group
adds delay argument; Refineokta_group_memberships
resource and add tests. Update documentation #1120. Thanks, @monde!- Add
com.okta.telephony.provider
hook type tookta_inline_hooks
resource #1132. Thanks, @monde!
BUG FIXES:
- Fix type in custom role permissions for
okta_admin_role_custom
resource #1116. Thanks, @faurel! - Fix pagination bug in
okta_group_memberships
#1125. Thanks, @monde! - Reverted commit on
okta_policy_rule_sign_on
resource that adversely affectedSPECIFIC_IDP
#1133. Thanks, @monde! - Corrected signature defaults on
okta_idp_oidc
,okta_idp_saml
, andokta_idp_social
resources #1134. Thanks, @monde! - Fixed regression on
okta_group_memberships
resource with 0 users #1138. Thanks, @exitcode0!
PROJECT IMPROVEMENTS:
- Update
okta_template_email
documentation #1113. Thanks, @monde! - ACC Test for
okta_rate_limiting
resource and update documentation #1121. Thanks, @monde! - Note that
okta_group_membership
is deprecated in the documentation #1122. Thanks, @monde! - Update documentation on
okta_app_oauth
explaining how reset a client secret #1127. Thanks, @monde! - Update deprecation notice on
okta_template_email
resource documentation #1136. Thanks, @monde! - ACC Test on
okta_group_memberships
resource with 0 users #1139. Thanks, @monde!
ENHANCEMENTS:
- Data sources and resources for branded themes #1104. Thanks, @monde!
- Data Sources
okta_themes
okta_theme
- Resources
okta_theme
- Data Sources
BUG FIXES:
- Soft revert of diff suppress on
okta_policy_password
andokta_policy_password_default
resources #1108. Thanks, @monde!
PROJECT IMPROVEMENTS:
- Removed confusing and inaccurate information about Duo and Yubikey support in resource
okta_authenticator
#1103. Thanks, @monde! - Fixed formatting in docs for a markdown rendering quirk of the Terraform Registry #1096. Thanks, @monde!
ENHANCEMENTS:
- Data sources and resources for branded email customization #1089. Thanks, @monde!
- Data Sources
okta_brands
okta_brand
okta_email_customizations
okta_email_customization
okta_email_templates
okta_email_template
- Resources
okta_brand
okta_email_customization
- Data Sources
- Allow user lookup by group membership; data source
okta_users
getsgroup_id
property. #998. Thanks, @BrentSouza!
PROJECT IMPROVEMENTS:
- Note
browser
type for SPA apps in app_oauth.html.markdown documentation #580. Thanks, @monde! - Add docs to represent USER_ADMIN in group_role.html.markdown documentation #1075. Thanks, @naveen-vijay!
BUGS:
- Fix incomplete
compound_search_operator
on data sourceokta_users
. #1077. Thanks, @monde! - Fix default value regression on
okta_policy_rule_sign_on
foridentity_provider
attribute. #1079. Thanks, @monde!
ENHANCEMENTS:
- Upgrade okta-sdk-golang to v2.12.1. #1001. Thanks, @monde!
- Removing/Updating local sdk code
- Application.UploadApplicationLogo
- Authenticator
- EnrollFactor
- LinkedObjects
- PasswordPolicy
- ProfileMapping
- Subscription
- UserFactor
- Fixed ACC tests
- TestAccOktaAppSignOnPolicyRule
- TestAccOktaDataSourceIdpSocial_read
- TestAccOktaDefaultPasswordPolicy
- TestAccOktaIdpSocial_crud
- TestAccOktaPolicyPassword_crud
- TestAccOktaPolicySignOn_crud
- TestAccAppOAuthApplication_postLogoutRedirectCrud
- Backoff/retry on application delete
- Removing/Updating local sdk code
- Update okta_app_saml resource documentation. #1076. Thanks, @jphuynh!
ENHANCEMENTS:
BUGS:
- Correctly change password on Okta user resource #1060. Thanks, @BalaGanaparthi!
- Uses change password flow if old password is present
- Uses set password flow if only password is present
ENHANCEMENTS:
- Okta User and Okta Users search can use free form filter #1027. Thanks, @cbrgm!
- Uniqueness of logo file is by SHA only, not SHA and local file path #1039. Thanks, @bobtfish!
- Improve Okta Groups custom profile attributes for use in Terraform expressions #1041. Thanks, @exitcode0!
PROJECT IMPROVEMENTS:
- Add valid options for status field in user.html.markdown documentation #1040. Thanks, @exitcode0!
- Fix markdown typo in role_subscription.html.markdown documentation #1049. Thanks, @lucascantor!
- Fix markdown typo in role_subscription.html.markdown documentation #1050. Thanks, @lucascantor!
BUGS:
- Add missing valid custom role permissions #1023. Thanks, @lucascantor!
- Fix default auth server id when activate/deactivate it #1045. Thanks, @peijiinsg!
- Panic bumper on buildEnum helper used with schemas #1048. Thanks, @monde!
ENHANCEMENTS:
- Added
skip_groups
andskip_roles
parameters to data sourceokta_user
to suppress additional API calls when that data is not required. #1011. Thanks, @monde! - Update email temaplate names list on resource
okta_template_email
. #1012. Thanks, @monde!
ENHANCEMENTS:
- Added new
okta_policy_profile_enrollment_apps
resource #973. Thanks, @bogdanprodan-okta! - Added "DYNAMIC" option to the
issuer_mode
in theokta_auth_server
resource #977. Thanks, @bogdanprodan-okta! - Clean up provider argument conflicts documentation #987. Thanks, @monde!
- Update all App docs to match provider schema #995. Thanks, @virgofx!
BUGS:
ENHANCEMENTS:
- Added
okta_app_oauth_post_logout_redirect_uri
resource and improved request concurrency handling #931. Thanks, @jmaness, and @bogdanprodan-okta! - Added
LDAP
option to theauth_provider
field in theokta_policy_password
resource #961. Thanks, @bogdanprodan-okta! - Added new
priority
field to theokta_auth_server_policy
data source #965. Thanks, @bogdanprodan-okta! - Added new option to the
issuer_mode
field in theokta_app_oauth
resource #966. Thanks, @bogdanprodan-okta!
PROJECT IMPROVEMENTS:
- Updated docs regarding
okta_policy_rule_idp_discovery
#964. Thanks, @bogdanprodan-okta!
BUGS:
- Fixed import for the
okta_factor
resource #960. Thanks, @bogdanprodan-okta! - Fixed import for the
okta_policy_rule_mfa
resource #962. Thanks, @bogdanprodan-okta! - Fixed import for the
okta_group_schema_property
resource #963. Thanks, @bogdanprodan-okta!
ENHANCEMENTS:
- Removed default value for
identity_provider
field on theokta_policy_rule_sign_on
#955. Thanks, @bogdanprodan-okta! - Added new
expire_password_on_create
field to theokta_user
resource #956. Thanks, @bogdanprodan-okta! - Added new
user_type_id
field to theokta_idp_oidc
andokta_idp_saml
resources #957. Thanks, @bogdanprodan-okta!
PROJECT IMPROVEMENTS:
BUGS:
ENHANCEMENTS:
- Added new
identity_provider
andidentity_provider_ids
fields to theokta_policy_rule_signon
resource #942. Thanks, @bogdanprodan-okta!
BUGS:
- Whiffed setting the user agent correctly, fixed for release.
ENHANCEMENTS:
BUGS:
- SAML SLO Cert Fix #923. Thanks, @ymylei!
- Nil bumper on
*sdk.ClientRateLimitMode
returned from rate limiting #929. Thanks, @monde! - API Mutex Fix For
apps/{id}
endpoint #933. Thanks, @ymylei! - Ensure okta_authenticator settings are ordered to prevent whitespace #936. Thanks, @virgofx!
- Ensure VERIFIED domains return true #937. Thanks, @virgofx!
- Fixed group search in the
okta_groups
data source #938. Thanks, @bogdanprodan-okta!
PROJECT IMPROVEMENTS:
- Updated dev and build tools #912. Thanks, @ymylei!
- Fixed TF logo #918. Thanks, @exitcode0!
- Update profile mapping docs with OAuth2 scopes #928. Thanks, @virgofx!
ENHANCEMENTS:
- Added new
custom_profile_attributes
field to theokta_group
resource #851. Thanks, @ymylei! - Updated list of valid Okta OAuth scopes #897. Thanks, @virgofx!
- Added missing role type to the
okta_role_subscription
resource #863. Thanks, @bogdanprodan-okta! - Added new
certificate_source_type
field to theokta_domain
resource #899. Thanks, @virgofx! - Made
okta_authenticator
importable #907. Thanks, @virgofx!
BUGS:
ENHANCEMENTS:
- Added new
password_inline_hook
field to theokta_user
resource #849. Thanks, @bogdanprodan-okta!
BUGS:
- Fixed
okta_domain
import #845. Thanks, quantumew! - Fixed documentation #848. Thanks, @bogdanprodan-okta!
ENHANCEMENTS:
- Added new
apple_kid
,apple_private_key
andapple_team_id
fields to theokta_idp_social
resource #842. Thanks, @bogdanprodan-okta! - Fixed docs for
okta_rate_limiting
resource #827. Thanks, @bogdanprodan-okta! - Fixed example in docs for
okta_idp_saml_key
resource #824. Thanks, @bogdanprodan-okta!
ENHANCEMENTS:
- Added new
okta_rate_limiting
resource #803. Thanks, @bogdanprodan-okta! - Added new
okta_captcha
andokta_captcha_org_wide_settings
resources #821. Thanks, @bogdanprodan-okta! - Fixed example in docs for
okta_group
resource #814. Thanks, @tim-fitzgerald!
BUGS:
- Fixed pagination bug in
okta_group_memberships
resource #810. Thanks, @bogdanprodan-okta! - Added missing fields to
okta_app_oauth
resource #817. Thanks, @bogdanprodan-okta!
ENHANCEMENTS:
- Added new
okta_admin_role_custom
,okta_admin_role_custom_assignments
andokta_resource_set
resources #789. Thanks, @bogdanprodan-okta! - Field
always_include_in_token
is now editable for all the default claims exceptsub
#790. Thanks, @bogdanprodan-okta! - Added new
okta_link_definition
andokta_link_value
resources #794. Thanks, @bogdanprodan-okta! - Added new
primary_factor
field to theokta_policy_rule_signon
resource #796. IMPORTANT NOTE: Available only for the organizations with Identity Engine. Thanks, @bogdanprodan-okta!
BUGS:
- Change authenticator status in case it's different from the state's one during resource creation #782. Thanks, @bogdanprodan-okta!
- Numerus documentation fixes #783, #785 and #792. Thanks, @bogdanprodan-okta and @deepu105!
- Fixed provider crash #795. Thanks, @bogdanprodan-okta!
ENHANCEMENTS:
- Added new
okta_event_hook_verification
resource #752. Thanks, @bogdanprodan-okta! - Added new
app_include
andapp_exclude
fields to theokta_policy_rule_mfa
resource #762, #771. Thanks, @bogdanprodan-okta! - Added new
okta_trusted_origins
data source #766. Thanks, @bogdanprodan-okta! - Added
redirect_url
andcheckbox
fields to theokta_app_swa
resource #767. Thanks, @bogdanprodan-okta! - Added new
user_name_template_push_status
field to some of theokta_app_*
related resources #769. Thanks, @bogdanprodan-okta! - Added new
old_password
field to theokta_user
resource #765 and check for ability to change or set a password. Thanks, @bogdanprodan-okta!
BUGS:
- Fixed name matching for
okta_auth_server
data source #764. Thanks, @bogdanprodan-okta!
IMPORTANT NOTE: This release contains resources that are only available as a part of the Identity Engine. Contact support for further information.
ENHANCEMENTS:
- Added new
okta_authenticator
resource and datasource #708. Thanks, @monde and @bogdanprodan-okta! - Added new
okta_role_subscription
resource and datasource #746. Thanks, @bogdanprodan-okta! - Added new
okta_org_support
andokta_org_configuration
resources #749. Thanks, @bogdanprodan-okta! - Added new
always_apply
field to theokta_profile_mapping
resource #750. Thanks, @bogdanprodan-okta!
IMPORTANT NOTE: This release contains resources that are only available as a part of the Identity Engine. Contact support for further information.
ENHANCEMENTS:
- Updated the list of supported scopes #712. Thanks, @boekkooi-lengoo!
- Added new
okta_app_signon_policy
andokta_app_sign_on_policy_rule
resources #714. Thanks, @bogdanprodan-okta! - Added
preconfigured_app
field to theokta_app_shared_credentials
resource #723. Thanks, @bogdanprodan-okta! - Added new
okta_network_zone
datasource #726. Thanks, @bogdanprodan-okta! - Added new
okta_security_notification_emails
andokta_threat_insight_settings
resources #728. Thanks, @bogdanprodan-okta! - Added new
okta_policy_rule_profile_enrollment
andokta_policy_profile_enrollment
resources #731. Thanks, @bogdanprodan-okta! - Added new
okta_auth_server_claims
andokta_auth_server_claim
data sources #734. Thanks, @bogdanprodan-okta! - Added
disable_notifications
field to theokta_user_admin_roles
andokta_group_role
resources #735. Thanks, @bogdanprodan-okta!
BUGS:
- Fixed concurrent app logo upload #716. Thanks, @bogdanprodan-okta!
- Fixed scopes diff bug #737. Thanks, @bogdanprodan-okta!
- Minor tweaks to the provider's rate limiter #719. Thanks, @monde and @phi1ipp!
- Made
priority
an optional parameter ofokta_app_group_assignment
#741. Thanks, @bogdanprodan-okta!
ENHANCEMENTS:
- Added new
okta_app_saml_app_settings
resource #692. Thanks, @bogdanprodan-okta! - Added new
okta_email_sender
andokta_email_sender_verification
resources #697. Thanks, @bogdanprodan-okta! - Resource
okta_idp_saml_key
is now updatable #698. Thanks, @bogdanprodan-okta! - Added
implicit_assignment
field to theokta_app_saml
resource #703. Thanks, @ashwini-desai!
BUGS:
- Fixed delete operation for
okta_profile_mapping
resource #693. Thanks, @bogdanprodan-okta! - Included
404
check forokta_app_user
resource in case app no longer exists #695. Thanks, @ymylei! - Minor fix for API rate limiting #700. Thanks, @monde and @phi1ipp!
- Fixed schema-related resources to handle numeric arrays properly #702. Thanks, @bogdanprodan-okta!
ENHANCEMENTS:
- Added new
okta_domain_verification
andokta_domain_certificate
resources #687. Thanks, @bogdanprodan-okta! - Added new
okta_group_schema_property
resource #688. Thanks, @bogdanprodan-okta! - Added
skip_users
andskip_groups
fields to the app-related data sources #677. Thanks, @bogdanprodan-okta and @Philipp! - Added new grant type values to the
okta_app_oauth
andokta_auth_server_policy_rule
resources #691. Thanks, @bogdanprodan-okta!
BUGS:
okta_app_oauth.groups_claim
field won't be requested if it's not set in the config #668. Thanks, @bogdanprodan-okta!- Fixed panic in
okta_auth_server
data source #679. Thanks, @bogdanprodan-okta! - Fixed false positive
profile
field set inokta_app_group_assignments
resource #689. Thanks, @bogdanprodan-okta!
BUGS:
- Another attempt to fix constant change-loops in the
okta_app_group_assignments
resource #664. Thanks, @bogdanprodan-okta!
BUGS:
- Fixed false users sync for
okta_group
resource #661. Thanks, @bogdanprodan-okta!
ENHANCEMENTS:
- Added
skip_users
to theokta_group
resource (check latest documentation for the usage of these fields) #646. Thanks, @bogdanprodan-okta! - Added new
users_excluded
field to theokta_group_rule
resource #651. Thanks, @bogdanprodan-okta!
BUGS:
- Fixed constant change-loops in the
okta_app_group_assignments
resource #644. Thanks, @bogdanprodan-okta! - Fixed typo and deprecation warning in the documentation for
okta_app_user
resource #645. Thanks, @SaffatHasan! - Fixed
okta_group_role
resource update in case of several roles are being updated #646. Thanks, @bogdanprodan-okta! - Terraform will attempt to remove
okta_user_schema_property
resource several times in case the resource still exists in the organization #656. Thanks, @bogdanprodan-okta!
BUGS:
- Fixed the way
okta_policy_mfa
resource store its factors in the state #641. Thanks, @bogdanprodan-okta! - Fixed provider crash when using policy rules resources #641. Thanks, @bogdanprodan-okta!
ENHANCEMENTS:
- Added
app_settings_json
to theokta_app_oauth
resource #627. Thanks, @bogdanprodan-okta! - Added
skip_users
andskip_groups
to theokta_app_*
resources (check latest documentation for the usage of these fields) #633. Thanks, @bogdanprodan-okta!
BUGS:
- Fixed resource import of the
okta_app_group_assignments
#630. Thanks, @Philipp! - Fixed creation of multiple app user schema properties for new (recently created) apps. #634. Thanks, @bogdanprodan-okta!
- Fixed description for the app logo field #639. Thanks, @sklarsa!
ENHANCEMENTS:
- Add
credentials_scheme
,reveal_password
,shared_username
andshared_password
to theokta_app_three_field
resource #619. Thanks, @bogdanprodan-okta! - Add
password_hash
to theokta_user
resource #622. Thanks, @bogdanprodan-okta!
BUGS:
- Fix import of
accessibility_login_redirect_url
field in theokta_app_saml
resource #613. Thanks, @Philipp! - Fix create/update operations for the
okta_app_user_custom_schema_property
resource #606. Thanks, @Philipp! - Fix provider crash when importing
okta_app_oauth
resource #616. Thanks, @bogdanprodan-okta! - Fix
group_memberships
field setup forokta_user
data source #615. Thanks, @BrentSouza! - Fix provider crash when
okta_policy_rule_idp_discovery
does not exist #622. Thanks, @bogdanprodan-okta!
ENHANCEMENTS:
- Add
asns
field to theokta_network_zone
resource #599. Thanks, @bogdanprodan-okta! - Add
app_links_json
to theokta_app_saml
resource #601. Thanks, @bogdanprodan-okta! - Add
app_settings_json
to theokta_app_auto_login
resource #602. Thanks, @bogdanprodan-okta!
BUGS:
- Fix
*_token_*
fields setup when importingokta_auth_server_policy_rule
resource #600. Thanks, @Philipp! - Governed Transport is now handling nil response in
postRequestHook
func #603. Thanks, @Mike!
ENHANCEMENTS:
- Add
saml_version
field to theokta_app_saml
resource #593. Thanks, @bogdanprodan-okta!
BUGS:
- Fixed provider crash when using
okta_template_sms
withouttranslations
#592. Thanks, @bogdanprodan-okta!
ENHANCEMENTS:
- Add
admin_note
andenduser_note
to allokta_app_*
resources #589. Thanks, @bogdanprodan-okta!
BUGS:
- Fixed bug in config validator #589. Thanks, @bogdanprodan-okta!
ENHANCEMENTS:
- Add auth config validator #567. Thanks, @bendrucker!
BUGS:
- Fix unmarshalling error for
okta_network_zone
resource #586. Thanks, @bogdanprodan-okta! - Fix
pattern
property setup inokta_user_schema_property
#583. Thanks, @bogdanprodan-okta!
BUGS:
- Fix
OKTA_API_SCOPES
not being set via env variable #574. Thanks, @bogdanprodan-okta!
ENHANCEMENTS:
- Minor tweaks for the API governor #569. Thanks, @monde!
- Use more methods from official Okta Golang SDK #567. Thanks, @bogdanprodan-okta!
- Provider will now terminate in case of invalid credentials #571. Thanks, @bogdanprodan-okta!
BUGS:
- Fix
OKTA_API_SCOPES
env var parsing #570. Thanks, @bogdanprodan-okta! - Fix
target_app_list
andtarget_group_list
fields behavior inokta_group_role
resource #570. Thanks, @bogdanprodan-okta!
ENHANCEMENTS:
- Add
inline_hook_id
field to theokta_app_saml
resource #561. Thanks, @noinarisak! - Add experimental
max_api_capacity
configuration field to the provider. Thanks, @monde!
BUGS:
- Fixed users and groups assignment for the application resources #565. Thanks, @bogdanprodan-okta!
ENHANCEMENTS:
- Add new
user_factor_question
resource #551. Thanks, @pengyuwang-okta! - Add new
okta_behavior
resource #552. Thanks, @bogdanprodan-okta! - Add new
okta_user_security_questions
data source #552. Thanks, @bogdanprodan-okta!
BUGS:
- Fix provider crash caused by the
okta_policy_rule_signon
resource #543. Thanks, @bogdanprodan-okta! - Fix permissions field set behaviour in o
kta_app_user_schema_property
resource #543. Thanks, @bogdanprodan-okta! - Reverted the changes regarding the users field in the
okta_group
resource that was introducing breaking change #543. Thanks, @bogdanprodan-okta!
ENHANCEMENTS:
- Add new
okta_app_group_assignments
resource #401. Thanks, @edulop91! - Add new
okta_user_group_memberships
resource #416. Thanks, @ymylei! - Add
logo
andlogo_url
fields to all theokta_app_*
related resources #423 and #514. Thanks, @bogdanprodan-okta and @gavinbunney for the fix! - Add new
okta_group_memberships
resource #427. Thanks, @ymylei! - Add
display_name
field to theokta_auth_server_scope
resource #433. Thanks, @bogdanprodan-okta! - Add new
okta_app_shared_credentials
resource #446. Thanks, @bogdanprodan-okta! - Add
groups_claim
field to theokta_app_oauth
resource #468. Thanks, @bogdanprodan-okta! - Add
wildcard_redirect
field to theokta_app_oauth
resource #474. Thanks, @bogdanprodan-okta! - Add new
okta_app_group_assignments
data source #498. Thanks, @ymylei! - Add new
okta_app_user_assignments
data source #501. Thanks, @ymylei! - Add new
okta_user_admin_roles
resource #518. Thanks, @gavinbunney! - Add new
okta_factor_totp
resource #519. Thanks, @bogdanprodan-okta! - Add
dynamic_proxy_type
field to theokta_network_zone
resource #522. @gavinbunney! - Add
issuer_mode
field to theokta_auth_server_default
resource #524. @gavinbunney! - Add
risc_level
,behaviors
andfactor_sequence
fields to theokta_policy_rule_signon
resource #526. Thanks, @bogdanprodan-okta! - Add new
okta_behavior
data source #526. Thanks, @bogdanprodan-okta! - Add new
okta_domain
resource #530. Thanks, @bogdanprodan-okta!
BUGS:
- Suppress 404 in case group role was removed outside of the terraform #417. Thanks, @ymylei!
- Don't recreate
okta_user
resource in caselogin
field is changed #435. Thanks, @ymylei! - Fixed attribute statements setup for preconfigured apps #439. Thanks, @bogdanprodan-okta!
- Don't recreate schema related resources in case
array_enum
,array_one_of
,enum
orone_of
have changed @531. Thanks, @bogdanprodan-okta!
Special thanks to @JeffAshton, @jeffg-hpe, @jtdoepke, @thatguysimon, @ymylei, @joshowen, @AlexanderProschek, @gavinbunney for a lot of various documentation fixes and code improvements!!!
ENHANCEMENTS:
- Add new
okta_app_oauth_api_scope
resource #356. Thanks, @mariussturm! - Remove
ForceNew
in case policy name changes to avoid policy resources recreation #362. Thanks, @me! - Add hotp factor to the
okta_policy_mfa
resource #363. Thanks, @me! - Remove unnecessary validations from the
okta_app_oauth
resource #372. Thanks, @me! - Add
links
field tookta_app
,okta_app_saml
andokta_app_oauth
data sources #374. Thanks, @me! - Add new
okta_auth_server_default
resource #375. Thanks, @me! - Add new
okta_policy_mfa_default
andokta_policy_password_default
resources #378. Thanks, @me! - Add
remove_assigned_users
field to theokta_group_rule
resource #388. Thanks, @me! - Add new
auth_server_claim_default
resource #392. Thanks, @me! - Add
groups
andusers
fields to theokta_app
,okta_app_oauth
andokta_app_saml
data sources #395. Thanks, @me! - Add
id
field to theokta_group
data source #395. Thanks, @me! - Add new
auth_server_claim_default
resource #392. Thanks, @me! - Add new
okta_groups
data source #103. Thanks, @bendrucker and @me! - Several minor bug fixes and enhancements.
BUGS:
- Add group existence check to
okta_group_membership
resource #380. Thanks, @ymylei! - Fix group assignment priority in the
okta_app_group_assignment
resource #381. Thanks, @me! - Fixed status change in the
okta_auth_server_policy_rule
resource . Thanks, @me! - Add operation retry to the
okta_group_role
resource #390. Thanks, @me!
ENHANCEMENTS:
- Add
retain_assignment
field tookta_app_user
andokta_app_group_assignment
resource #330. Thanks, @Omicron7! - Add
target_app_list
field to theokta_group_role
resource #349. Thanks, @me! - Add support for
OVERRIDE
value inmaster
field and newmaster_override_priority
field to theokta_user_schema
resource #351. Thanks, @me!
BUGS:
- Added wait to
okta_group_membership
resource #335. Thanks, @ymylei! - Fix set of
subject_match_attribute
value forokta_idp_oidc
resource #344. Thanks, @me! - Fix resource validation #348. Thanks, @me!
- Fix setup of empty
login_scopes
forokta_app_oauth
resource #352. Thanks, @me! - Fix
okta_group_role
when removing all the items fromtarget_group_list
#341. Thanks, @me!
ENHANCEMENTS:
- Add new
okta_auth_server_scopes
datasource #336. Thanks, @me! - Add new
okta_idp_social
datasource #337. Thanks, @me! - Several minor bug fixes and enhancements.
BUGS:
- Fix preconfigured
okta_app_swa
creation in case it has more that one sign-on modes #328. Thanks, @me! - Add force recreate in case
okta_app_user_schema
changes thescope
value since it's a read-only attribute #331. Thanks, @me! - Fix false positive output when runnning
terraform plan
for theokta_profile_mapping
resource in casedelete_when_absent
is set tofalse
#332. Thanks, @me! - Fix
okta_app_oauth
validation #333 and #340. Thanks, @me!
ENHANCEMENTS:
- Add new
okta_admin_role_targets
resource #325. Thanks, @me! - Add
target_group_list
field to theokta_group_role
resource #256. Thanks, @ymylei!
BUGS:
- Fixed
subject_match_attribute
setup in theokta_idp_saml
resource #320. Thanks, @me! - Fixed
users
setup when importingokta_group
resource #323. Thanks, @me!
ENHANCEMENTS:
- Add support for OAuth Authorization for Okta API #290. Thanks, @me!
- Make
key_id
optional forokta_app_saml_metadata
#128. Thanks, @cludden! - Add new
okta_group_membership
resource #252. Thanks, @ymylei! - Add new
okta_group_role
resource #255. Thanks, @ymylei! - Add new
okta_idp_oidc
data source #286. Thanks, @me! - Add new
okta_app_oauth
data source #293. Thanks, @me! - Add new
okta_auth_server_policy
data source #298. Thanks, @me! - Add
usage
field to theokta_network_zone
resource #271. Thanks, @me! - Add
okta_email
factor to theokta_policy_mfa
resource #269. Thanks, @me! - Add
id
field to theokta_users
data source #288. Thanks, @me! - Add
union
field to theapp_user_schema
resource #291. Thanks, @me! - Add
implicit_assignment
field to theokta_app_oauth
resource 120. Thanks, Justin Lewis! - Add
issuer
andissuer_mode
fields to theokta_auth_server
data resource #301. Thanks, @me! - Add
login_mode
andlogin_scopes
to theokta_app_oauth
resource #311. Thanks, @me! - Add
single_logout_issuer
,single_logout_url
andsingle_logout_certificate
fields to theokta_app_saml
resource #307. Thanks, @me! - Add
metadata_url
field to theokta_app_saml
resource #316. Thanks, @me! - Remove
acs_binding
andacs_type
fromokta_idp_oidc
as (they are not supported)[(https://developer.okta.com/docs/reference/api/idps/#oauth-2-0-and-openid-connect-endpoints-object)] by this resource #286. Thanks, @me! - Deprecate
acs_binding
argument forokta_idp_saml
resource, as it can only be set toHTTP-POST
#286. Thanks, @me! - Add a retry on
404
error in case Okta lagging during resource creation. Thanks, @me! - Add validation for all URL-type fields.
- Various code improvements and documentation updates. Thanks, @me!
BUGS:
- Ignore special groups (
BUILT_IN
andAPP_GROUP
) in thegroup_memberships
field #118. Thanks, @rasta-rocket! - Fix
inline_hooks
delete operation if the hooks were removed outside the provider #288. Thanks, @me! - Fix
group_memberships
populating in theokta_user
data source #284. Thanks, @me! - Fix terraform import for the
app_user_schema
resource #291. Thanks, @me! - Fix delete operation for
auth_server_claim
resource in case claim has typeSYSTEM
#283. Thanks, @me! - Remove redundant
description
field from theokta_app_saml
resource #278. Thanks, @me! - Add suppress function for the
features
field in theokta_app_saml
resource since it's not currently possible to create/update provisioning features via the API 296. Thanks, @me! - Remove
OAUTH_AUTHORIZATION_POLICY
fromokta_default_policy
andokta_policy
since it's not supported by Okta API #298. Useokta_auth_server_policy
instead. Thanks, @me! - Fix status change in the
okta_auth_server_policy
resource #299. Thanks, @me! - Fix
user_name_template_*
fields setup for the apps resource #309. Thanks, @me! - Fix
refresh_token_window_minutes
minimum value in theokta_auth_server_policy_rule
resource #314. Thanks, @me! - Fix
attribute_statements
field validation in theokta_app_saml
resource #313. Thanks, @me!
ENHANCEMENTS:
- Add
dependabot
to automate dependency updates #259. Thanks @jlosito! - Add
max_clock_skew
property to IdP SAML resource #263. Thanks @me!
BUGS:
- Fix panic caused by a null pointer in
okta_policy_password
resource. #262. Thanks @me! - Add retries for creating/updating
okta_user_schema
resource. #262. Thanks @me!
ENHANCEMENTS:
- Add call recovery for Okta password policy #248. Thanks @me!
- Update data okta_group docs #251. Thanks @ymylei!
- Adds
pattern
property forokta_*_schema
resources #159. Thanks @fitzoh and @me! - Add retries on connection timeouts errors #246. Thanks @me!
BUGS:
ENHANCEMENTS:
- Add logs to group data source for different cases #150. Thanks @nathanbartlett!
- Added missing documentation #245. Thanks @me!
BUGS:
- Fix default name for idp_discovery #244. Thanks @nickerzb!
- Fix okta auth server policy rule resource causing panic #245. Thanks @SBerda for submitting the issue and @me for fixing it!
- Fix
key_years_valid
defaulting to2
during resource import #245. Thanks @btsteve for submitting the issue and @me for fixing it!
ENHANCEMENTS:
- Add validation for user type #242.
BUGS:
- Fix state refresh for
okta_user_base_schema
andokta_user_schema
#242.
ENHANCEMENTS:
- Add user types support #183. Thanks, @rajnadimpalli and @bogdanprodan-okta!
- Add type to data okta group #217. Thanks, @dangoslen!
- Add
acs_endpoints
to SAML app (okta_app_saml) definition #226. Thanks, @pranjalranjan! - Update terraform-plugin-sdk libraries, added possibility to set provider's log level #220. Thanks, @bryantbiggs and @bogdanprodan-okta!
- Overhaul idp_discovery_rule documentation #228. Thanks @eatplaysleep!
- General documentation updates #224. Thanks, @bryantbiggs!
BUGS:
- Changed
okta_app_basic_auth
optional fields to required issue 223. Thanks, @bryantbiggs! - Add idp discovery to allowed list of default policies #233. Thanks, @nickerzb!
ENHANCEMENTS:
- Remove 3rd party Okta SDK #215. Thanks, @bogdanprodan-okta
- Enhance
okta_app_auto_login
resource #164. Thanks, @isometry! - Add group name to the error for group data call #156. Thanks, @ymylei!
BUGS:
ENHANCEMENTS:
- Upgrade to Okta SDK 2.0.0 #203. Thanks a ton! @bogdanprodan-okta
- Fix validation false positive when api_token is set via environment variable. #147. Thanks, @jgeurts
- Update required to optional and more #208, Thanks, me! 😄
BUGS:
- Update config.go #207, Thanks, me! 😄
ENHANCEMENTS:
- Update config.go #192, Thanks, @bretterer!
BUGS:
- Documentation: Update okta_idp_metadata_saml correct example #173, Thanks, @gaurdro and @netflash!
- Documentation: Update warning in app_group_assignment.html.markdown #172, Thanks, @ssttgg!
- Renaming Go module as per the organization move #195, Thanks, @stack72!
ENHANCEMENTS:
- Add password import inline hook type. #168, Thanks, @noinarisak aka me! 🎉
- Add external_namespace property for app_user_schema and user_schema. #102, Thanks, @thehunt33r!
BUGS:
- Fix inline hook example code to match version that is supported. #175, Thanks, @noinarisak me again! 😃
- Update app_group_assignment.html.markdown. #165, Thanks, snolan-amount!
RELEASE:
- First release under oktadeveloper organization with binary published to registry.hashicorp.com.
ENHANCEMENTS:
- Add resource definition for Okta Event Hooks. #14, Thanks, @mbudnek!
- Adding support for GROUP_MEMBERSHIP_ADMIN & REPORT_ADMIN. #138 Thanks, ymylei!
BUG FIXES:
- Documentation corrections. Thanks, to these fine individuals!
ENHANCEMENTS:
- Add user lockout notification channels. #15, Thanks, @thehunt33r!
- Adding support for SMS template changes. #18 Thanks, @gusChan!
BUG FIXES:
- Documentation,
id
is an output ofapp_oauth
. #98 Thanks, beyondbill!
ENHANCEMENTS:
ENHANCEMENTS:
RELEASE:
- First release under terraform-providers organization with binary published to releases.hashicorp.com
FEATURES:
- Updated provider to support Terraform v0.12.0
FEATURES:
- New Resource:
okta_inline_hook
ENHANCEMENTS:
- Add missing okta_idp_saml settings
ENHANCEMENTS:
- Use backoff/retries functionality for XML API calls
FEATURES:
- New Data Source: okta_idp_saml
ENHANCEMENTS:
- Support import user by email
FEATURES:
- New Data Source: Add okta_app_saml data source
- New Data Source: Add okta_app_metadata_saml data source
- New Data Source: Add okta_idp_metadata_saml data source
ENHANCEMENTS:
- Change type of custom_profile_attributes from map to JSON string to support all types
BUG FIXES:
- Fix group filter bug, filter_type and filter_value were not being sync'd
BUG FIXES:
- Fix bug introduced in v3.0.4. User data source was not updated to the new caustom_profile_attribute type
- Added test to cover this scenario, tests were passiing
ENHANCEMENTS:
- Allow client_id to be set on OIDC application, while also maintaining the computed version. With some auth methods, such as basic auth, this is possible.
ENHANCEMENTS:
- Add group_assignments for SAML and social IdPs
ENHANCEMENTS:
- Add issuer_mode to social IdP. Our test org does not have a custom domain setup, thus it was working there but not in other orgs. Hard to test both scenarios in one org.
FEATURES:
- New Resource:
okta_template_email
- New Resource:
okta_group_roles
FEATURES:
- New Resource:
okta_network_zone
BUG FIXES:
- Fix occasional panic when creating a user schema see issue 144
- Users in LOCKED_OUT state are unlocked when config is ACTIVE issue 225
BUG FIXES:
- Ensure schema does not panic after retry
FEATURES:
- New Resource:
okta_user_base_schema
ENHANCEMENTS:
- Add missing attribute, match_type and match_attribute, on social idp resource
BUG FIXES:
- Fix logic around including/excluding networks on policy rules
ENHANCEMENTS:
- Update Okta SDK
- Filter out GROUP based admin roles when processing user
admin_roles
attribute
- Fix issues around
okta_policy_rule_idp_discovery
app_include
andapp_exlcude
were missing required propertiesuser_identifier_type
was being added even when not defined, causing API errors
- Fix integer array type
FEATURES:
- New Resource:
okta_app_user_schema
- New Resource:
okta_app_user_base_schema
- New Resource:
okta_app_user
resource - New Resource:
okta_app_group
resource
ENHANCEMENTS:
- Add
required
field to base schema
ENHANCEMENTS:
- Support SHA-1 signing algorithm on IdPs
BUG FIXES:
- Fix bug where audience is reset on IdP update because it is omitted from the payload
BUG FIXES:
- Fix diff issues around
okta_policy_rule_idp_discovery
- Allow
provisioning_action
for IdPs to be set toDISABLED
BUG FIXES:
- Fix
okta_auth_server_claim
,group_filter_type
could not be set toSTARTS_WITH
due to a typo
ENHANCEMENTS:
- Expose scope property on
okta_user_schema
- Allow setting of OAuth application visibility settings
BUG FIXES:
- Send
profileMaster
along with IdP, so the config is recognized by Okta API - Fix bug in SDK related to retries and the request body being empty on subsequent requests.
ENHANCEMENTS:
- Add
external_name
property to theokta_app_user_schema
andokta_user_schema
ENHANCEMENTS:
- Support
profile
onokta_oauth_app
resource
ENHANCEMENTS:
- Support setting an auth server scope as the default
- Support
profile
andpriority
onokta_app_group_assignment
- Support
profile
onokta_app_user
BUG FIXES:
- Fix bug with supporting
profile
onokta_oauth_app
resource
ENHANCEMENTS:
- Support array enums in
okta_user_schema
andokta_app_user_schema
asarray_enum
andarray_one_of
ENHANCEMENTS:
- Update refresh token window validation to account for new upper limit of 5 years
BUG FIXES:
- Remove resource from state on 404. (#269)
BUG FIXES:
- Ensure we safely sync auth server properties. (#299)
- MANUAL rotation mode can only be set on an auth server on update. Ensure we run update after create for that scenario. (#287)
ENHANCEMENT:
- Update to new separate Terraform SDK (#307)
BUG FIXES:
- Ensure
okta_app_group_assignment
resource syncs using the right read function. (#307)
BUG FIXES:
- Ensure
okta_app_group_assignment
andokta_app_user
resources properly take multiple ids on the import functions. (#307) - Ensure
okta_user
does not error on 404 (#313)
FEATURES:
BUG FIXES:
- Policy values could not be set to 0. Doing so resulted in the SDK omitting them, resulting in Okta resetting the values to default.
ENHANCEMENT:
- Require target_id on
okta_profile_mapping
to avoid ambiguity
FEATURES:
- New Data Source:
okta_user_profile_mapping_source
(#340)
BUG FIXES
- Schema merging helper function was mutating input schema causing side effects when used in a particular way. Used shallow copying to avoid this side effect. (#338)
- Ensure response is not nil when checking status code (#307)
BUG FIXES
- Ensure
index
is sync'd on import to avoid recreation.
ENHANCEMENT:
- Support
password
,recovery_answer
, andrecovery_question
as attributes on theokta_user
resource.