Provide ability to set the default sign-on policy for an environment

[freddo256]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

There is currently no possibility to set default sign-on policies or themes from terraform. This is only possible from the UI.

New or Affected Resource(s)

• pingone_environment
• pingone_branding_theme
• pingone_sign_on_policy
• pingone_sign_on_policy_action

Potential Terraform Configuration

resource "pingone_sign_on_policy" "my_policy" {
  environment_id = pingone_environment.my_environment.id

  name = "My Policy"
  default = true
}

resource "pingone_branding_theme" {
  environment_id = data.pingone_environment.general_test.id

  name     = "My Awesome Theme"
  template = "split"

  logo {
    id   = pingone_image.company_logo.id
    href = pingone_image.company_logo.uploaded_image[0].href
  }

  background_image {
    id   = pingone_image.theme_background.id
    href = pingone_image.theme_background.uploaded_image[0].href
  }

  button_text_color  = "#FFFFFF"
  heading_text_color = "#686F77"
  card_color         = "#FCFCFC"
  body_text_color    = "#263956"
  link_text_color    = "#263956"
  button_color       = "#263956"

  default = true
}

References

https://registry.terraform.io/providers/pingidentity/pingone/latest/docs/resources/environment
https://registry.terraform.io/providers/pingidentity/pingone/latest/docs/resources/branding_theme
https://registry.terraform.io/providers/pingidentity/pingone/latest/docs/resources/sign_on_policy
https://registry.terraform.io/providers/pingidentity/pingone/latest/docs/resources/sign_on_policy_action

[patrickcping]

Hey @freddo256 thanks for raising! Today v0.15.0 was released that has support for setting the default branding theme (link).

But as you say there is still no ability to set the default sign-on policy for an environment. Unfortunately the issue is a bit more complicated due to the way the API behaves when setting defaults, which I've tried to explain in this conversation. I'll look to create a pinned issue with the full list of resources this applies to soon.

For now we'll use this issue to track the enhancement to set a sign-on policy as a default.

[freddo256]

Thanks! The sign-on policy isn't really a problem for most apps since we can just use pingone_application_sign_on_policy_assignment, but we would like to enable a custom sign-on policy for the PingOne Application Portal. So maybe it would be easier to add support for a pingone_application data source instead?

[patrickcping]

You're in luck! v0.15.0 also delivered pingone_system_application (link) that allows you to define settings for the PingOne App Portal, but leaving everything default will also provide you the ID that can be used for the pingone_application_sign_on_policy_assignment resource.

The pingone_application and pingone_applications data source are upcoming but no eta as yet.

There is still a limitation though that a Terraform provider defined Sign-on policy cannot be used for the PingOne Admin Console application for admin sign-on - that system application relies on the environment default sign-on policy.