» vault_okta_auth_backend
Provides a resource for managing an Okta auth backend within Vault.
» Example Usage
resource "vault_okta_auth_backend" "example" {
description = "Demonstration of the Terraform Okta auth backend"
organization = "example"
token = "something that should be kept secret"
group {
group_name = "foo"
policies = ["one", "two"]
}
user {
username = "bar"
groups = ["foo"]
}
}
» Argument Reference
The following arguments are supported:
-
path- (Required) Path to mount the Okta auth backend -
description- (Optional) The description of the auth backend -
organization- (Required) The Okta organization. This will be the first part of the urlhttps://XXX.okta.com -
token- (Optional) The Okta API token. This is required to query Okta for user group membership. If this is not supplied only locally configured groups will be enabled. -
base_url- (Optional) The Okta url. Examples: oktapreview.com, okta.com -
bypass_okta_mfa- (Optional) When true, requests by Okta for a MFA check will be bypassed. This also disallows certain status checks on the account, such as whether the password is expired. -
ttl- (Optional) Duration after which authentication will be expired. See the documentation for info on valid duration formats. -
max_ttl- (Optional) Maximum duration after which authentication will be expired See the documentation for info on valid duration formats. -
group- (Optional) Associate Okta groups with policies within Vault. See below for more details. -
user- (Optional) Associate Okta users with groups or policies within Vault. See below for more details.
» Okta Group
-
group_name- (Required) Name of the group within the Okta -
policies- (Optional) Vault policies to associate with this group
» Okta User
-
username- (Required Optional) Name of the user within Okta -
groups- (Optional) List of Okta groups to associate with this user -
policies- (Optional) List of Vault policies to associate with this user
» Attributes Reference
No additional attributes are exposed by this resource.