Provides a resource for managing an Okta auth backend within Vault.
resource "vault_okta_auth_backend" "example" {
description = "Demonstration of the Terraform Okta auth backend"
organization = "example"
token = "something that should be kept secret"
group {
group_name = "foo"
policies = ["one", "two"]
}
user {
username = "bar"
groups = ["foo"]
}
}
The following arguments are supported:
namespace
- (Optional) The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The namespace
is always relative to the provider's configured namespace.
Available only for Vault Enterprise.
path
- (Optional) Path to mount the Okta auth backend. Default to path okta
.
disable_remount
- (Optional) If set, opts out of mount migration on path updates.
See here for more info on Mount Migration
description
- (Optional) The description of the auth backend
organization
- (Required) The Okta organization. This will be the first part of the url https://XXX.okta.com
token
- (Optional) The Okta API token. This is required to query Okta for user group membership.
If this is not supplied only locally configured groups will be enabled.
base_url
- (Optional) The Okta url. Examples: oktapreview.com, okta.com
bypass_okta_mfa
- (Optional) When true, requests by Okta for a MFA check will be bypassed. This also disallows certain status checks on the account, such as whether the password is expired.
ttl
- (Optional) Duration after which authentication will be expired.
See the documentation for info on valid duration formats.
max_ttl
- (Optional) Maximum duration after which authentication will be expired
See the documentation for info on valid duration formats.
group
- (Optional) Associate Okta groups with policies within Vault.
See below for more details.
user
- (Optional) Associate Okta users with groups or policies within Vault.
See below for more details.
group_name
- (Required) Name of the group within the Okta
policies
- (Optional) Vault policies to associate with this group
username
- (Required) Name of the user within Okta
groups
- (Optional) List of Okta groups to associate with this user
policies
- (Optional) List of Vault policies to associate with this user
In addition to all arguments above, the following attributes are exported:
accessor
- The mount accessor related to the auth mount. It is useful for integration with Identity Secrets Engine.Okta authentication backends can be imported using its path
, e.g.
$ terraform import vault_okta_auth_backend.example okta