demo-terraform/main.tf

45 lines
1.2 KiB
HCL

# Okta AD Integration Resources
resource "okta_group" "ad_users" {
name = var.ad_group_name
description = var.ad_group_description
}
resource "okta_group_rule" "ad_users_rule" {
name = "AD Users Rule"
expression = "isMemberOfAnyGroupName(\"${var.ad_group_name}\")"
status = "ACTIVE"
group_assignments = [okta_group.ad_users.id]
}
resource "okta_profile_mapping" "ad_to_okta_mapping" {
source {
type = "ACTIVE_DIRECTORY"
}
target {
type = "OKTA"
}
attribute_mappings = var.ad_user_profile_mappings
}
# SailPoint Configuration for AD-Okta Identities
data "http" "sailpoint_identity_sources" {
url = "${var.sailpoint_api_url}/v3/identity-sources"
request_headers = {
Authorization = "Bearer ${var.sailpoint_api_token}"
}
}
# Triggering Identity Sync
resource "http" "sailpoint_identity_sync" {
url = "${var.sailpoint_api_url}/v3/identity-sources/sync"
method = "POST"
request_headers = {
Authorization = "Bearer ${var.sailpoint_api_token}"
Content-Type = "application/json"
}
request_body = jsonencode({
sourceId = data.http.sailpoint_identity_sources.body # This assumes the ID is retrieved from the identity sources data
})
}