Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support Dynamic OS Version Compliance for Device Assurance Policies #1917

Open
lucascantor opened this issue Feb 28, 2024 · 2 comments
Open

Support Dynamic OS Version Compliance for Device Assurance Policies #1917

lucascantor opened this issue Feb 28, 2024 · 2 comments
Labels
enhancement Asking for new behavior or feature OKTA-705818 triaged Triaged into internal Jira

Comments

@lucascantor
Copy link
Contributor

lucascantor commented Feb 28, 2024
edited
Loading

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Feature request to support the new Dynamic OS version compliance feature for Device Assurance

Here is an example Device Assurance policy, with settings NOT configurable via Terraform:

  • OS version must be at least the second latest supported major version of Android
  • OS must be up-to-date with security patches
Screenshot 2024-02-28 at 10 52 42 AM

New or Affected Resource(s)

  • okta_device_assurance_policy_android
  • okta_device_assurance_policy_ios
  • okta_device_assurance_policy_macos
  • okta_device_assurance_policy_windows

Potential Terraform Configuration

resource "okta_policy_device_assurance_android" "example" {
  name                        = "Example"
  os_version_dynamic_minimum  = "LATEST_SUPPORTED"
  os_patches_required         = true
}

resource "okta_policy_device_assurance_ios" "example" {
  name                        = "Example"
  os_version_dynamic_minimum  = "SECOND_LATEST_SUPPORTED"
  os_patches_required         = true
}

resource "okta_policy_device_assurance_macos" "example" {
  name                 = "Example"
  os_version_dynamic   = "ANY_SUPPORTED"
  os_patches_required  = true
}

resource "okta_policy_device_assurance_windows" "example" {
  name                   = "Example"
  os_version_dynamic_11  = "ANY_SUPPORTED"
  os_patches_required_11 = true
  os_version_dynamic_10  = "NOT_ALLOWED"
}

References
@lucascantor lucascantor added the enhancement Asking for new behavior or feature label Feb 28, 2024
@duytiennguyen-okta duytiennguyen-okta added the triaged Triaged into internal Jira label Mar 12, 2024
@duytiennguyen-okta
Copy link
Contributor

OKTA internal reference https://oktainc.atlassian.net/browse/OKTA-705818

@lucascantor lucascantor mentioned this issue Aug 5, 2024
Open
@lucascantor
Copy link
Contributor Author

lucascantor commented Sep 30, 2024
edited
Loading

Okta's Terraform provider should also support the new grace period functionality, which is part of the Configure Remediation section: https://help.okta.com/oie/en-us/content/topics/identity-engine/devices/device-assurance-add.htm?cshid=csh-device-assurance-add#Configur

Relates to #2097

@lucascantor lucascantor mentioned this issue Sep 30, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement Asking for new behavior or feature OKTA-705818 triaged Triaged into internal Jira
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@lucascantor @arvindkrishnakumar-okta @duytiennguyen-okta