# Terraform for Okta GitHub Repo: This is a sample project to showcase how Terraform can be leveraged to create Okta resources. This project will: * Create an Okta Application (native) * Create an Authorization Server * Access Policy * Claims * Scopes * Create a new Okta Group ### Prerequisites * Okta Tenant - Free Developer Tenant (). * Terraform Install Documentation () ### Steps #### Setup Setup a developer Okta Org and create an API Token. 1. Setup a developer Okta Org at [developer.okta.com](https://developer.okta.com/). 2. Activate your Okta Org and navigate to the Dashboard.

3. On the left side bar menu navigate `API` menu and select `Tokens`. 4. Click `Create Token` and name the API Token.

5. Copy and store the generated token so it can used for the `terraform.tfvars` file later.\ NOTE: You will only be able to view the token once. 6. Make note of the Okta Org url. (ie. `dev-123456.okta.com`) for the `terraform.tfvars` file. ### Terraform File Structure The file structure for this project has been developed using modules for organization, reuse, and consistency purposes. Each Okta resource has its own module and is called by the main module block.

### Init After cloning the [GitHub Repo](https://github.com/vangchar/okta_terraform), navigate to the tfvars file and update the okta\_org\_url, okta\_base\_url, and okta\_api\_token with your specific values. Ensure to save the file so it updates. Navigate to the terminal of your IDE and initialize the configuration. The init command initializes the working directory. It ensures that the necessary provider plugins are installed, the backend is initialized (state file), and modules are downloaded (.terraform directory). {% embed url="" %} ``` terraform init ```

### Plan Once Terraform is initialized, we need to create an execution plan and understand what changes will be made. It is important to understand the changes that will be made to the infrastructure. This is done using the plan command. {% embed url="" %} ``` terraform plan ``` Below is a snippet of the terraform plan output

### Apply If the output matches what you want, the apply command can be used to execute the actions. {% embed url="" %} ``` terraform apply ``` Note: When you run the apply command, it will also output the plan. Then you will have to enter "yes" to accept or approve the actions.

It looks like the resources were successfully created in Okta. Let's go to Okta and verify that it was done correctly. ### Result **Application** Okta Application was created "Terraform Test App"

**Authorization Server** Created a new auth server "terraform\_test\_auth\_server"

Two custom scopes

Custom claims tied to the new scopes

Access rules and assigned to Terraform Test App

**Group** Created a new group "terraform\_test\_group"

It looks like everything checked out and was created accordingly! ### Destroy The final step is to tear down the resources and clean up Okta. To do this, we use the destroy command. {% embed url="" %} ``` terraform destroy ```

Similar to the plan command, destroy will give you an output of the resources that will be destroyed. It will also prompt you to type in "yes" to confirm.

Just like that, Okta is all cleaned up! ### Conclusion In summary, using Terraform for Okta allows you to manage Okta configuration as code, enabling a more systematic, reliable, and secure approach to managing identities, access policies, and application integrations for organizations. The use of Terraform brings several benefits: 1. **Version Control**: Okta configurations can be stored in version control systems alongside application and infrastructure code, improving collaboration and change management. 2. **Automation**: Automate the provisioning and management of Okta resources, reducing manual errors and operational overhead. 3. **Consistency**: Ensure consistent configurations across different environments (development, staging, production), reducing configuration drift and promoting reliability. 4. **Auditability**: Track changes to Okta configurations over time, improving audit trails and compliance with security policies. 5. **Integration**: Integrate Okta configuration changes into broader CI/CD pipelines, aligning identity and access management (IAM) changes with application and infrastructure updates. ### Additional information * Okta * [Developer.okta.com](https://developer.okta.com) * [Okta + Terraform](https://www.okta.com/blog/2019/08/better-together-using-the-okta-integration-with-hashicorp-terraform) * Terraform * [Introduction to Terraform](https://www.terraform.io/intro/index.html) * [Terraform Tutorial](https://learn.hashicorp.com/terraform) * [Terraform Okta Provider](https://www.terraform.io/docs/providers/okta/index.html)