Missing smart_card_idp in the Policy Factor Config object for the okta_policy_mfa resource

[theDabca]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Currently finding a large gap in the okta_policy_mfa resource when it comes to enrollment policies which need to include Smart Card IdPs. As smart_card_idp does not exist in the Policy Factor Config object, any new policy created leaves the Smart Card IdP as disabled.

A GET to an enrollment policy which contains the smart_card_idp will contain the status of that factor in the response, however this does not seem configurable via the public API. It would be useful to add this to the API and then to the okta_policy_mfa.

"key": "smart_card_idp",
"enroll": {
    "self": "NOT_ALLOWED"
}

New or Affected Resource(s)

• okta_policy_mfa resource

Potential Terraform Configuration

adding in smart_card_idp to the okta_policy_mfa resource

smart_card_idp = {
    enroll = "REQUIRED"
}

References

[duytiennguyen-okta]

OKTA internal reference https://oktainc.atlassian.net/browse/OKTA-717449

[theDabca]

Hello, @duytiennguyen-okta any update on this? Thanks!

[xiaoweiwu12701]

I thought smart_card_idp was not an object available now. It would be ideal to have it.
Someone suggested to use okta_idp_saml to build the smartcard IdP functionalities. I am not sure how it would work. Any pointer is appreciated!