noinarisak/main.tf

## main.tf
# Simple example doing the following:
# a. Adding idp_saml
# b. Adding idp_saml discovery
# c. Adding mock x509 cert, idp_saml_key
# d. Adding profile_mapping

terraform {
  required_providers {
    okta = {
      source = "okta/okta"
      version = "~> 3.11.0"
    }
  }
}

# Using Environment Variables and not tfvars file.
provider "okta" {
}

data "okta_policy" "test" {
  name = "Idp Discovery Policy"
  type = "IDP_DISCOVERY"
}

resource "okta_policy_rule_idp_discovery" "test" {
  policyid             = data.okta_policy.test.id
  priority             = 1
  name                 = "keydata_policy_rule_idp_discovery"
  idp_type             = "SAML2"
  idp_id               = okta_idp_saml.test.id
  user_identifier_type = "ATTRIBUTE"

  // Don't have a company schema in this account, just chosing something always there
  user_identifier_attribute = "firstName"

  user_identifier_patterns {
    match_type = "EQUALS"
    value      = "KeyData"
  }
}

resource "okta_idp_saml" "test" {
  name                     = "test_keydata_idp_saml"
  acs_type                 = "INSTANCE"
  sso_url                  = "https://idp.example.com"
  sso_destination          = "https://idp.example.com"
  sso_binding              = "HTTP-POST"
  username_template        = "idpuser.email"
  issuer                   = "https://idp.example.com"
  request_signature_scope  = "REQUEST"
  response_signature_scope = "ANY"
  kid                      = okta_idp_saml_key.test.id
}

#  Auto generated from https://mkjwk.org/
resource "okta_idp_saml_key" "test" {
    x5c = [base64encode(<<EOT
-----BEGIN CERTIFICATE-----
MIIC6jCCAdKgAwIBAgIGAXmkffP1MA0GCSqGSIb3DQEBCwUAMDYxNDAyBgNVBAMM
K09nUEM1cU9aSi1pSW9JMV9pOVQ1aHg0LVBRYjN5ZnBGazZfSHBiQkVOOHcwHhcN
MjEwNTI1MTcwNjI4WhcNMjIwMzIxMTcwNjI4WjA2MTQwMgYDVQQDDCtPZ1BDNXFP
WkotaUlvSTFfaTlUNWh4NC1QUWIzeWZwRms2X0hwYkJFTjh3MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkm/Ok8UQG66pmZAOV34hsC8aWrOMKQknBjme
Oibww0gVoD/RElN2vyGUF2pihLLP0dL1Xz3Dz+ASY4H2YdstmEDVWHqHfehBMMWZ
22JUH7kEjOv/WBJ0Crjmi/LO8WZpdouKio/IjGDBENuXUvyMqkxZSKIcHiuUiwbw
zTrl2pQL2p857X2wxEGaRTOchrUArcnvE+UNb4wRHAnzKRgasUFMOKtFTG+wungL
iWfNP9oPvrHTpmqG7iFHdIuXHTvKZO654S3aivSUAhxBAE7HcHo2ZhuHUSgOOnLs
DbfDyackqD4hG/z0l/BnHzsu6OcVlGC0Vdc/Y8p/srPV+5B0ywIDAQABMA0GCSqG
SIb3DQEBCwUAA4IBAQCSYTeDWsjmuUQ9xEwpxEu8va9R2PXkvT3X2fqiXugktXGz
u+dD4y/TcfsAJE05ixi/w6LuWE4A5kjXvP3YZ1a2ETc9/mReQ5/MEACTqlwlOM2Z
ESj32pBLBYs2c8OHUc47F+p0IMTolY6Hk46TmaGWIGUhOHrGxlJ7TfdkxPzQEWt8
7tb4mpCID3WkRhRN5LX2gZvhECUBZRe4Go3yHrajO3WmQLqygWEDURtHV4RVW44f
1pl76QiCgSUrH1+qcYJP6teC0Yod2d+O3NRoCWenyn4UNi1WY194A4bRfUXaCgYz
zTCLt7OhyfvMuVPt3oQOkmD2T8/NdGIJ0SjR0D0w
-----END CERTIFICATE-----
EOT
)]
}

resource "okta_profile_mapping" "test" {
  source_id          = okta_idp_saml.test.id
  target_id          = data.okta_user_profile_mapping_source.user.id
  delete_when_absent = true

  mappings {
    id         = "firstName"
    expression = "appuser.firstName"
  }

  mappings {
    id         = "lastName"
    expression = "appuser.lastName"
  }

  mappings {
    id         = "email"
    expression = "appuser.email"
  }

  mappings {
    id         = "login"
    expression = "appuser.email"
  }

  mappings {
    id         = "displayName"
    expression = "appuser.lastName"
  }
}

data "okta_user_profile_mapping_source" "user" {
  depends_on = [okta_idp_saml.test]
}
	# Simple example doing the following:
	# a. Adding idp_saml
	# b. Adding idp_saml discovery
	# c. Adding mock x509 cert, idp_saml_key
	# d. Adding profile_mapping

	terraform {
	required_providers {
	okta = {
	source = "okta/okta"
	version = "~> 3.11.0"
	}
	}
	}

	# Using Environment Variables and not tfvars file.
	provider "okta" {
	}

	data "okta_policy" "test" {
	name = "Idp Discovery Policy"
	type = "IDP_DISCOVERY"
	}

	resource "okta_policy_rule_idp_discovery" "test" {
	policyid = data.okta_policy.test.id
	priority = 1
	name = "keydata_policy_rule_idp_discovery"
	idp_type = "SAML2"
	idp_id = okta_idp_saml.test.id
	user_identifier_type = "ATTRIBUTE"

	// Don't have a company schema in this account, just chosing something always there
	user_identifier_attribute = "firstName"

	user_identifier_patterns {
	match_type = "EQUALS"
	value = "KeyData"
	}
	}

	resource "okta_idp_saml" "test" {
	name = "test_keydata_idp_saml"
	acs_type = "INSTANCE"
	sso_url = "https://idp.example.com"
	sso_destination = "https://idp.example.com"
	sso_binding = "HTTP-POST"
	username_template = "idpuser.email"
	issuer = "https://idp.example.com"
	request_signature_scope = "REQUEST"
	response_signature_scope = "ANY"
	kid = okta_idp_saml_key.test.id
	}

	# Auto generated from https://mkjwk.org/
	resource "okta_idp_saml_key" "test" {
	x5c = [base64encode(<<EOT
	-----BEGIN CERTIFICATE-----
	MIIC6jCCAdKgAwIBAgIGAXmkffP1MA0GCSqGSIb3DQEBCwUAMDYxNDAyBgNVBAMM
	K09nUEM1cU9aSi1pSW9JMV9pOVQ1aHg0LVBRYjN5ZnBGazZfSHBiQkVOOHcwHhcN
	MjEwNTI1MTcwNjI4WhcNMjIwMzIxMTcwNjI4WjA2MTQwMgYDVQQDDCtPZ1BDNXFP
	WkotaUlvSTFfaTlUNWh4NC1QUWIzeWZwRms2X0hwYkJFTjh3MIIBIjANBgkqhkiG
	9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkm/Ok8UQG66pmZAOV34hsC8aWrOMKQknBjme
	Oibww0gVoD/RElN2vyGUF2pihLLP0dL1Xz3Dz+ASY4H2YdstmEDVWHqHfehBMMWZ
	22JUH7kEjOv/WBJ0Crjmi/LO8WZpdouKio/IjGDBENuXUvyMqkxZSKIcHiuUiwbw
	zTrl2pQL2p857X2wxEGaRTOchrUArcnvE+UNb4wRHAnzKRgasUFMOKtFTG+wungL
	iWfNP9oPvrHTpmqG7iFHdIuXHTvKZO654S3aivSUAhxBAE7HcHo2ZhuHUSgOOnLs
	DbfDyackqD4hG/z0l/BnHzsu6OcVlGC0Vdc/Y8p/srPV+5B0ywIDAQABMA0GCSqG
	SIb3DQEBCwUAA4IBAQCSYTeDWsjmuUQ9xEwpxEu8va9R2PXkvT3X2fqiXugktXGz
	u+dD4y/TcfsAJE05ixi/w6LuWE4A5kjXvP3YZ1a2ETc9/mReQ5/MEACTqlwlOM2Z
	ESj32pBLBYs2c8OHUc47F+p0IMTolY6Hk46TmaGWIGUhOHrGxlJ7TfdkxPzQEWt8
	7tb4mpCID3WkRhRN5LX2gZvhECUBZRe4Go3yHrajO3WmQLqygWEDURtHV4RVW44f
	1pl76QiCgSUrH1+qcYJP6teC0Yod2d+O3NRoCWenyn4UNi1WY194A4bRfUXaCgYz
	zTCLt7OhyfvMuVPt3oQOkmD2T8/NdGIJ0SjR0D0w
	-----END CERTIFICATE-----
	EOT
	)]
	}

	resource "okta_profile_mapping" "test" {
	source_id = okta_idp_saml.test.id
	target_id = data.okta_user_profile_mapping_source.user.id
	delete_when_absent = true

	mappings {
	id = "firstName"
	expression = "appuser.firstName"
	}

	mappings {
	id = "lastName"
	expression = "appuser.lastName"
	}

	mappings {
	id = "email"
	expression = "appuser.email"
	}

	mappings {
	id = "login"
	expression = "appuser.email"
	}

	mappings {
	id = "displayName"
	expression = "appuser.lastName"
	}
	}

	data "okta_user_profile_mapping_source" "user" {
	depends_on = [okta_idp_saml.test]
	}