How do I import Okta resources to Terraform?

Terraport Cloud automates importing Okta resources to Terraform. Connect your GitHub repo and Okta org, select the resources you want to import (users, groups, apps, policies), and we generate production-ready Terraform HCL with import blocks. A pull request is created automatically.

What Okta resources can I import to Terraform?

You can import Okta users, groups, applications, sign-on policies, authorization servers, and policy rules. Terraport Cloud generates Terraform configuration that follows your existing repository conventions.

Does Terraport Cloud modify my Okta organization?

No. Terraport Cloud only reads data from your Okta organization using your API token. We never modify, create, or delete any resources in Okta. All changes go through your Terraform workflow via pull requests.

How does Terraport Cloud generate Terraform code?

We analyze your existing Terraform repository to understand your naming conventions, file organization, and coding style. Then we use AI to generate HCL that matches your conventions and follows Terraform best practices.

Built on the official okta/okta Terraform provider

Keep your Okta org audit-ready and under control.

Terraport puts your Okta configuration under version control in Git, catches drift and unauthorized changes the moment they happen, and gives you audit-ready evidence on demand. Every change is a reviewable pull request — Terraport never touches your Okta org directly.

Start free See how it works

Free to start · no credit card · read-only Okta access

Terraport Cloud

Okta Resource

{
  "id": "0oa1abc2def3ghi4j5k6",
  "name": "okta_app_saml",
  "label": "Salesforce",
  "status": "ACTIVE",
  "signOnMode": "SAML_2_0",
  "settings": {
    "app": {
      "siteURL": "https://acme.sf.com"
    }
  }
}

Terraform HCL

resource "okta_app_saml" "salesforce" {
  label             = "Salesforce"
  status            = "ACTIVE"
  sso_url           = "https://acme.sf.com"
  recipient         = "https://acme.sf.com"
  destination       = "https://acme.sf.com"
  audience          = "https://acme.sf.com"
  subject_name_format = "urn:oasis:names:tc:SAML:1.1"
}
import {
  to = okta_app_saml.salesforce
  id = "0oa1abc2def3ghi4j5k6"
}

✓Pull request openedterraport/import-apps → main#42 · 1 file changed

See drift the moment it happens

Scheduled scans compare your Okta org to Terraform and surface exactly what changed out-of-band — in plain, field-level diffs, not raw JSON.

app.terraportcloud.com

Drift

Real drift on your Terraform-managed Okta resources.

Last scan 4m ago

Terraform coverage87% · 152 of 175 managed

Drift (2)Unmanaged (23)History

EngineeringManaged · changed in Okta1 field changed

Group · okta_group.engineering

Acknowledge

What changed in Okta

profile.descriptionAll engineers→Engineering org (all)

Internal DashboardManaged · changed in Okta

App · okta_app_oauth.internal

Acknowledge

Manage Okta with the rigor of the rest of your infrastructure

Your identity layer, held to the same standard as the rest of your infrastructure: versioned in Git, continuously monitored for drift, and audit-ready — with every change a reviewable pull request.

Catch unauthorized changes

Scheduled scans compare your Okta org to Terraform and flag out-of-band changes — a group, app, or policy edited directly in Okta — the moment they happen, so nothing changes without a trace.

Audit-ready evidence

Export a date-ranged record tying every change to its pull request and scan — reproducible evidence for SOC 2, ISO, and internal audits, on demand.

Coverage you can measure

See exactly what share of your Okta org is under Terraform, with a trend that climbs as you codify and drops the moment something drifts out.

Every change is a reviewable PR

Changes land as pull requests with a clear summary — you review and merge. Terraport never touches your Okta org or your default branch directly.

Generated to your repo's standards

HCL and Terraform import blocks that follow your existing module structure, naming conventions, and file layout — production-ready code that fits your repository, not generic boilerplate to rewrite.

Create, not just import

Provision net-new Okta groups, users, apps (OIDC, SAML & SWA), and policies as Terraform — the same reviewable pull request, so new identity config is born in code.

From connection to continuous monitoring

Import what's in Okta today, create what isn't yet, then let Terraport keep it all in sync.

Connect

Link your GitHub repository and Okta organization with secure OAuth. One-time setup, minimal permissions.

Select or define

Browse and select existing Okta resources to import — or define net-new groups, users, apps, and policies to create. Either way, it becomes Terraform.

Ship

Review the generated Terraform HCL, then create a pull request. Merge when ready.

Monitor

Terraport keeps scanning on a schedule — coverage, new unmanaged resources, and drift — and alerts you so your Okta stays codified.

Simple, transparent pricing

Import your Okta org as code for free. Upgrade to Standard to create new resources and keep everything watched continuously.

Free

Codify your Okta org as code — on your own schedule

$0/month

No credit card required

Unlimited resource imports & PRs
Context-aware HCL generation
On-demand scans — coverage & drift
Blast-radius & pre-PR checks
Connect via Okta OAuth or API token
1 user

Start free

Continuous monitoring

Standard

Continuous monitoring for your whole team

$19.99per seat / month

billed monthly · add or remove seats anytime

Everything in Free, plus:

Create net-new Okta resources (groups, users, apps, policies)
Scheduled continuous scans (daily & weekly)
Slack drift alerts
Coverage trend history
Compliance evidence export
Invite teammates — billed per seat
Priority support

Start free

No long-term contracts. Cancel anytime.

Put your Okta org under version control

Reviewable pull requests, code that follows your repo's standards, and continuous drift detection. Connect Okta and GitHub and open your first import in minutes.

Start free Read the docs

No credit card required