Add support for mfa_show_factor_list_on_enrollment flag on tenant

auth0 · Apr 26, 2023 · 09d426c · 09d426c
1 parent f08e9d8
commit 09d426c
Show file tree

Hide file tree

Showing 7 changed files with 67 additions and 53 deletions.
diff --git a/docs/data-sources/tenant.md b/docs/data-sources/tenant.md
@@ -83,6 +83,7 @@ Read-Only:
 - `enable_legacy_profile` (Boolean)
 - `enable_pipeline2` (Boolean)
 - `enable_public_signup_user_exists_error` (Boolean)
+- `mfa_show_factor_list_on_enrollment` (Boolean)
 - `no_disclose_enterprise_connections` (Boolean)
 - `revoke_refresh_token_grant` (Boolean)
 - `universal_login` (Boolean)

diff --git a/docs/resources/tenant.md b/docs/resources/tenant.md
@@ -134,6 +134,7 @@ Optional:
 - `enable_legacy_profile` (Boolean) Whether ID tokens and the userinfo endpoint includes a complete user profile (true) or only OpenID Connect claims (false).
 - `enable_pipeline2` (Boolean) Indicates whether advanced API Authorization scenarios are enabled.
 - `enable_public_signup_user_exists_error` (Boolean) Indicates whether the public sign up process shows a `user_exists` error if the user already exists.
+- `mfa_show_factor_list_on_enrollment` (Boolean) Used to allow users to pick which factor to enroll with from the list of available MFA factors.
 - `no_disclose_enterprise_connections` (Boolean) Do not Publish Enterprise Connections Information with IdP domains on the lock configuration file.
 - `revoke_refresh_token_grant` (Boolean) Delete underlying grant when a refresh token is revoked via the Authentication API.
 - `universal_login` (Boolean, Deprecated) Indicates whether the New Universal Login Experience is enabled.

diff --git a/internal/auth0/tenant/expand.go b/internal/auth0/tenant/expand.go
@@ -117,6 +117,7 @@ func expandTenantFlags(config cty.Value) *management.TenantFlags {
 			DashboardLogStreams:                value.Bool(flags.GetAttr("dashboard_log_streams_next")),
 			DashboardInsightsView:              value.Bool(flags.GetAttr("dashboard_insights_view")),
 			DisableFieldsMapFix:                value.Bool(flags.GetAttr("disable_fields_map_fix")),
+			MFAShowFactorListOnEnrollment:      value.Bool(flags.GetAttr("mfa_show_factor_list_on_enrollment")),
 		}
 
 		return stop

diff --git a/internal/auth0/tenant/flatten.go b/internal/auth0/tenant/flatten.go
@@ -69,6 +69,7 @@ func flattenTenantFlags(flags *management.TenantFlags) []interface{} {
 	m["dashboard_log_streams_next"] = flags.DashboardLogStreams
 	m["dashboard_insights_view"] = flags.DashboardInsightsView
 	m["disable_fields_map_fix"] = flags.DisableFieldsMapFix
+	m["mfa_show_factor_list_on_enrollment"] = flags.MFAShowFactorListOnEnrollment
 
 	return []interface{}{m}
 }

diff --git a/internal/auth0/tenant/resource.go b/internal/auth0/tenant/resource.go
@@ -316,6 +316,12 @@ func NewResource() *schema.Resource {
 							Computed:    true,
 							Description: "Disables SAML fields map fix for bad mappings with repeated attributes.",
 						},
+						"mfa_show_factor_list_on_enrollment": {
+							Type:        schema.TypeBool,
+							Optional:    true,
+							Computed:    true,
+							Description: "Used to allow users to pick which factor to enroll with from the list of available MFA factors.",
+						},
 					},
 				},
 			},

diff --git a/internal/auth0/tenant/resource_test.go b/internal/auth0/tenant/resource_test.go
@@ -44,6 +44,7 @@ func TestAccTenant(t *testing.T) {
 					resource.TestCheckResourceAttr("auth0_tenant.my_tenant", "flags.0.disable_clickjack_protection_headers", "true"),
 					resource.TestCheckResourceAttr("auth0_tenant.my_tenant", "flags.0.enable_public_signup_user_exists_error", "true"),
 					resource.TestCheckResourceAttr("auth0_tenant.my_tenant", "flags.0.use_scope_descriptions_for_consent", "true"),
+					resource.TestCheckResourceAttr("auth0_tenant.my_tenant", "flags.0.mfa_show_factor_list_on_enrollment", "false"),
 					resource.TestCheckResourceAttr("auth0_tenant.my_tenant", "universal_login.0.colors.0.primary", "#0059d6"),
 					resource.TestCheckResourceAttr("auth0_tenant.my_tenant", "universal_login.0.colors.0.page_background", "#000000"),
 					resource.TestCheckResourceAttr("auth0_tenant.my_tenant", "default_redirection_uri", "https://example.com/login"),
@@ -59,6 +60,7 @@ func TestAccTenant(t *testing.T) {
 					resource.TestCheckResourceAttr("auth0_tenant.my_tenant", "flags.0.disable_clickjack_protection_headers", "false"),
 					resource.TestCheckResourceAttr("auth0_tenant.my_tenant", "flags.0.enable_public_signup_user_exists_error", "true"),
 					resource.TestCheckResourceAttr("auth0_tenant.my_tenant", "flags.0.use_scope_descriptions_for_consent", "false"),
+					resource.TestCheckResourceAttr("auth0_tenant.my_tenant", "flags.0.mfa_show_factor_list_on_enrollment", "true"),
 					resource.TestCheckResourceAttr("auth0_tenant.my_tenant", "allowed_logout_urls.#", "0"),
 					resource.TestCheckResourceAttr("auth0_tenant.my_tenant", "session_cookie.0.mode", "persistent"),
 					resource.TestCheckResourceAttr("auth0_tenant.my_tenant", "default_redirection_uri", ""),
@@ -109,6 +111,7 @@ resource "auth0_tenant" "my_tenant" {
 		no_disclose_enterprise_connections = false
 		disable_management_api_sms_obfuscation = false
 		disable_fields_map_fix = false
+		mfa_show_factor_list_on_enrollment = false
 	}
 	universal_login {
 		colors {
@@ -156,6 +159,7 @@ resource "auth0_tenant" "my_tenant" {
 		no_disclose_enterprise_connections = false
 		disable_management_api_sms_obfuscation = true
 		disable_fields_map_fix = true
+		mfa_show_factor_list_on_enrollment = true
 	}
 	universal_login {
 		colors {