Terraform provider for managing WorkOS resources including organizations, SSO connections, directory sync, webhooks, and user management.
terraform {
required_providers {
workos = {
source = "osodevops/workos"
version = "~> 1.0"
}
}
}
provider "workos" {
api_key = var.workos_api_key
}# Clone the repository
git clone https://github.com/osodevops/terraform-provider-workos.git
cd terraform-provider-workos
# Build the provider
make build
# Install locally
make installprovider "workos" {
api_key = var.workos_api_key # Or set WORKOS_API_KEY env var
client_id = var.workos_client_id # Or set WORKOS_CLIENT_ID env var (optional)
base_url = "https://api.workos.com" # Optional, defaults to production API
}resource "workos_organization" "example" {
name = "Acme Corporation"
domains = ["acme.com", "acmecorp.com"]
allow_profiles_outside_organization = false
}resource "workos_connection" "okta" {
organization_id = workos_organization.example.id
name = "Okta SSO"
connection_type = "OktaSAML"
}
resource "workos_connection" "google" {
organization_id = workos_organization.example.id
name = "Google OAuth"
connection_type = "GoogleOAuth"
}resource "workos_directory" "okta" {
organization_id = workos_organization.example.id
name = "Okta Directory"
type = "okta scimv2.0"
}resource "workos_webhook" "main" {
url = "https://api.example.com/webhooks/workos"
secret = var.webhook_secret
enabled = true
events = [
"user.created",
"user.updated",
"dsync.user.created",
"connection.activated",
]
}resource "workos_user" "admin" {
email = "admin@example.com"
first_name = "Admin"
last_name = "User"
email_verified = true
}
resource "workos_organization_membership" "admin" {
user_id = workos_user.admin.id
organization_id = workos_organization.example.id
role_slug = "admin"
}# Look up organization by ID
data "workos_organization" "by_id" {
id = "org_01HXYZ..."
}
# Look up organization by domain
data "workos_organization" "by_domain" {
domain = "acme.com"
}
# Look up user by email
data "workos_user" "john" {
email = "john@example.com"
}
# Look up directory user
data "workos_directory_user" "synced" {
directory_id = workos_directory.okta.id
email = "employee@acme.com"
}| Resource | Description |
|---|---|
workos_organization |
Manages WorkOS organizations |
workos_connection |
Manages SSO connections (SAML, OAuth, OIDC) |
workos_directory |
Manages Directory Sync directories |
workos_webhook |
Manages webhook endpoints |
workos_user |
Manages AuthKit users |
workos_organization_membership |
Manages user-organization memberships |
| Data Source | Description |
|---|---|
workos_organization |
Retrieves organization by ID or domain |
workos_connection |
Retrieves SSO connection by ID or org/type |
workos_directory |
Retrieves directory by ID or organization |
workos_directory_user |
Retrieves directory-synced user |
workos_directory_group |
Retrieves directory-synced group |
workos_user |
Retrieves AuthKit user by ID or email |
make build# Unit tests
make test
# Acceptance tests (requires WorkOS API credentials)
export WORKOS_API_KEY="sk_test_..."
export WORKOS_CLIENT_ID="client_..."
make testaccmake docsmake lint- Fork the repository
- Create a feature branch (
git checkout -b feature/my-feature) - Commit your changes (
git commit -am 'Add new feature') - Push to the branch (
git push origin feature/my-feature) - Open a Pull Request
feat(resource): add new attribute support
fix(organization): handle domain validation
docs(readme): update installation instructions
test(connection): add acceptance tests
MPL-2.0 - See LICENSE for details.
