add support for enroll_authenticator_types for okta_policy_rule_profi…

docs/resources/policy_rule_profile_enrollment.md

@@ -82,6 +82,7 @@ resource "okta_policy_rule_profile_enrollment" "example" {
 
 - `access` (String) Allow or deny access based on the rule conditions. Valid values are: `ALLOW`, `DENY`. Default: `ALLOW`.
 - `email_verification` (Boolean) Indicates whether email verification should occur before access is granted. Default: `true`.
+- `enroll_authenticator_types` (Set of String) Enrolls authenticator types
 - `inline_hook_id` (String) ID of a Registration Inline Hook
 - `profile_attributes` (Block List) A list of attributes to prompt the user during registration or progressive profiling. Where defined on the User schema, these attributes are persisted in the User profile. Non-schema attributes may also be added, which aren't persisted to the User's profile, but are included in requests to the registration inline hook. A maximum of 10 Profile properties is supported.
 	- 'label' - (Required) A display-friendly label for this property

examples/resources/okta_policy_rule_profile_enrollment/basic.tf

@@ -12,6 +12,7 @@ resource "okta_policy_rule_profile_enrollment" "test" {
     label    = "Email"
     required = true
   }
+  enroll_authenticator_types = ["password"]
 }
 
 

okta/resource_okta_policy_rule_profile_enrollment.go

@@ -106,6 +106,12 @@ enrollment policy, it allows the default policy rule to be updated.`,
 				Description: "Enabled or disabled progressive profiling action rule conditions: `ENABLED` or `DISABLED`. Default: `DISABLED`",
 				Default:     "DISABLED",
 			},
+			"enroll_authenticator_types": {
+				Type:        schema.TypeSet,
+				Optional:    true,
+				Description: "Enrolls authenticator types",
+				Elem:        &schema.Schema{Type: schema.TypeString},
+			},
 		},
 	}
 }
@@ -181,6 +187,7 @@ func resourcePolicyProfileEnrollmentRuleRead(ctx context.Context, d *schema.Reso
 		}
 	}
 	_ = d.Set("profile_attributes", arr)
+	_ = d.Set("enroll_authenticator_types", convertStringSliceToSetNullable(rule.Actions.ProfileEnrollment.EnrollAuthenticatorTypes))
 	return nil
 }
 
@@ -273,6 +280,10 @@ func buildPolicyRuleProfileEnrollment(ctx context.Context, m interface{}, d *sch
 		ruleAction.UiSchemaId = usi.(string)
 	}
 
+	if eat, ok := d.GetOk("enroll_authenticator_types"); ok {
+		ruleAction.EnrollAuthenticatorTypes = convertInterfaceToStringSetNullable(eat)
+	}
+
 	updateRule.Actions = sdk.SdkPolicyRuleActions{
 		ProfileEnrollment: ruleAction,
 	}

okta/resource_okta_policy_rule_profile_enrollment_test.go

@@ -53,6 +53,8 @@ resource "okta_group" "test" {
 					resource.TestCheckResourceAttr(resourceName, "unknown_user_action", "REGISTER"),
 					resource.TestCheckResourceAttr(resourceName, "email_verification", "true"),
 					resource.TestCheckResourceAttr(resourceName, "access", "ALLOW"),
+					resource.TestCheckResourceAttr(resourceName, "enroll_authenticator_types.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "enroll_authenticator_types.0", "password"),
 					resource.TestCheckResourceAttr(resourceName, "profile_attributes.#", "1"),
 					resource.TestCheckResourceAttr(resourceName, "profile_attributes.0.name", "email"),
 				),

sdk/v2_profileEnrollmentPolicyRuleAction.go

@@ -10,6 +10,7 @@ type ProfileEnrollmentPolicyRuleAction struct {
 	TargetGroupIds             []string                                          `json:"targetGroupIds,omitempty"`
 	UiSchemaId                 string                                            `json:"uiSchemaId,omitempty"`
 	UnknownUserAction          string                                            `json:"unknownUserAction,omitempty"`
+	EnrollAuthenticatorTypes   []string                                          `json:"enrollAuthenticatorTypes,omitempty"`
 }
 
 func NewProfileEnrollmentPolicyRuleAction() *ProfileEnrollmentPolicyRuleAction {