We’re rolling out a multi-tenant setup where each BPO partner gets their own tenant, but we want a single internal API client that can manage resources across all of them. I’m trying to configure the OAuth client via the genesyscloud_oauth_client resource in the Terraform provider.
The docs mention a division attribute, but I’m not sure if setting that scopes the client’s access or just registers it in that division. Here’s what I’ve got so far:
resource "genesyscloud_oauth_client" "internal_admin" {
name = "Internal Multi-Tenant Admin"
description = "Used for cross-tenant resource provisioning"
division {
id = "00000000-0000-0000-0000-000000000000" # Global division
}
}
When I use the token from this client to call /api/v2/users, I get a 403 Forbidden for users in other divisions. I’ve tried adding specific division IDs to the client config, but the API rejects it with a 400 Bad Request saying the division isn’t valid for an OAuth client.
Is there a way to explicitly grant this client access to multiple divisions? Or do I need to create a separate OAuth client per division and manage them in a loop? I’m trying to avoid managing 50 different client secrets if possible.