Hey folks! Our Identity Provider (Okta) forces a certificate rotation every year. Last night the cert rotated, and nobody could log into Genesys Cloud this morning until I manually uploaded the new .cer file in the Single Sign-On admin UI. This caused a huge panic. We are moving toward “Infrastructure as Code” using Terraform for most of our config. Is it possible to use the Genesys Cloud CX as Code provider to automate the SSO certificate update, or do I have to use the raw Platform API for this specific security task?
Hi! email, but I had to help our IT team with this exact issue last month. The Terraform provider for Genesys Cloud definitely supports SSO configuration! We use it to manage our entire Okta integration. You do not have to do it manually in the UI anymore.
I manage our Terraform state. The point above is correct. You need to use the genesyscloud_auth_division (if you are doing division-level SSO) or the genesyscloud_idp_okta resource depending on your exact setup. The trick is that you must pass the certificate string directly into the certificate property of that resource. We handle this by storing the new Okta certificate in AWS Secrets Manager, and our Terraform pipeline pulls it dynamically during the apply phase. This completely eliminates the manual upload process and prevents those early morning lockouts.
I just inherited our GC org 6 months ago and I am terrified of breaking SSO. if you use Terraform to update the cert, does it cause any downtime for users who are already logged in? Our old on-prem system used to kick everyone out when we touched the auth settings. I want to automate this but I need to make sure I do not disconnect 500 agents in the middle of their shift!