Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

okta_policy_mfa is ignoring yubikey_token #2139

Open
rajnadimpalli opened this issue Nov 16, 2024 · 1 comment
Open

okta_policy_mfa is ignoring yubikey_token #2139

rajnadimpalli opened this issue Nov 16, 2024 · 1 comment
Labels
api-issue enhancement Asking for new behavior or feature

Comments

@rajnadimpalli
Copy link
Contributor

rajnadimpalli commented Nov 16, 2024
edited
Loading

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

image

Affected Resource(s)

  • okta_policy_mfa

Terraform Configuration Files

# Copy-paste your Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key: https://keybase.io/hashicorp
resource "okta_policy_mfa" "testmfa_policy2" {
    is_oie          = true
    name            = "testmfa_policy2"
    description     = null
    google_otp      = {
        "enroll" = "NOT_ALLOWED"
    }
    groups_included = [
        "00ga23w8kfUVpHmUb1d7",
    ]

    okta_email      = {
        "enroll" = "NOT_ALLOWED"
    }
    okta_password   = {
        "enroll" = "REQUIRED"
    }
    yubikey_token   = {
        "enroll" = "OPTIONAL"
    }
    okta_verify     = {
        "enroll" = "NOT_ALLOWED"
    }
    phone_number    = {
        "enroll" = "NOT_ALLOWED"
    }
    priority        = 17
    status          = "ACTIVE"
    webauthn        = {
        "constraints" = "ANY"
        "enroll"      = "OPTIONAL"
    }
}

Debug Output

Panic Output

Expected Behavior

Yubikey should be enabled on the policy

Can this be done in the Admin UI? Yes

Can this be done in the actual API call? Yes

Actual Behavior

Yubikey is not enable on the policy

Steps to Reproduce

  1. Create a terraform resource. Sample policy below:
    `resource "okta_policy_mfa" "testmfa_policy2" {
    is_oie = true
    name = "testmfa_policy2"
    description = null
    google_otp = {
    "enroll" = "NOT_ALLOWED"
    }
    groups_included = [
    "00ga23w8kfUVpHmUb1d7",
    ]

    okta_email = {
    "enroll" = "NOT_ALLOWED"
    }
    okta_password = {
    "enroll" = "REQUIRED"
    }
    yubikey_token = {
    "enroll" = "OPTIONAL"
    }
    okta_verify = {
    "enroll" = "NOT_ALLOWED"
    }
    phone_number = {
    "enroll" = "NOT_ALLOWED"
    }
    priority = 17
    status = "ACTIVE"
    webauthn = {
    "constraints" = "ANY"
    "enroll" = "OPTIONAL"
    }
    }`

  2. Run terraform apply

  3. Notice that yubikey is not enabled on the policy on Okta

Important Factoids

References

  • #0000
@duytiennguyen-okta duytiennguyen-okta added api-issue enhancement Asking for new behavior or feature labels Nov 19, 2024
@duytiennguyen-okta
Copy link
Contributor

OKTA internal reference https://oktainc.atlassian.net/browse/OKTA-832972

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
api-issue enhancement Asking for new behavior or feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rajnadimpalli @duytiennguyen-okta