Add main.tf
This commit is contained in:
commit
4ddcfa5334
|
@ -0,0 +1,45 @@
|
||||||
|
# Okta AD Integration Resources
|
||||||
|
resource "okta_group" "ad_users" {
|
||||||
|
name = var.ad_group_name
|
||||||
|
description = var.ad_group_description
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "okta_group_rule" "ad_users_rule" {
|
||||||
|
name = "AD Users Rule"
|
||||||
|
expression = "isMemberOfAnyGroupName(\"${var.ad_group_name}\")"
|
||||||
|
status = "ACTIVE"
|
||||||
|
group_assignments = [okta_group.ad_users.id]
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "okta_profile_mapping" "ad_to_okta_mapping" {
|
||||||
|
source {
|
||||||
|
type = "ACTIVE_DIRECTORY"
|
||||||
|
}
|
||||||
|
target {
|
||||||
|
type = "OKTA"
|
||||||
|
}
|
||||||
|
|
||||||
|
attribute_mappings = var.ad_user_profile_mappings
|
||||||
|
}
|
||||||
|
|
||||||
|
# SailPoint Configuration for AD-Okta Identities
|
||||||
|
data "http" "sailpoint_identity_sources" {
|
||||||
|
url = "${var.sailpoint_api_url}/v3/identity-sources"
|
||||||
|
request_headers = {
|
||||||
|
Authorization = "Bearer ${var.sailpoint_api_token}"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
# Triggering Identity Sync
|
||||||
|
resource "http" "sailpoint_identity_sync" {
|
||||||
|
url = "${var.sailpoint_api_url}/v3/identity-sources/sync"
|
||||||
|
method = "POST"
|
||||||
|
request_headers = {
|
||||||
|
Authorization = "Bearer ${var.sailpoint_api_token}"
|
||||||
|
Content-Type = "application/json"
|
||||||
|
}
|
||||||
|
|
||||||
|
request_body = jsonencode({
|
||||||
|
sourceId = data.http.sailpoint_identity_sources.body # This assumes the ID is retrieved from the identity sources data
|
||||||
|
})
|
||||||
|
}
|
Loading…
Reference in New Issue