apps/docs/content/guides/integrate/identity-providers/migrate.mdx
You can migrate from a generic OIDC provider to the following supported templates:
To migrate, you either use the Migrate Generic OIDC Identity Provider (Instance) or Migrate Generic OIDC Identity Provider (Organization) API request. These calls change the type of the provider and don't delete any linked users.
<Callout title="Linked users will not notice the change and be able to login as usual."> </Callout>The available settings are described in Google Configuration.
The available settings are described in Entra ID Configuration.
Please note that you only have to perform this migration if you already have an existing IDP with linked users, that should not loose the connection to the provider. If that isn't your case please just add a new provider from scratch. To migrate to a specific provider, you need to follow a few essential steps:
# terraform state rm *address*
terraform state rm zitadel_idp_oidc.oidc_idp
After this command you can also remove the resource from the terraform files, as it is not managed anymore but also not deleted.
#resource "zitadel_idp_google" "google" {
# name = "Google"
# client_id = "182902..."
# client_secret = "GOCSPX-*****"
# scopes = ["openid", "profile", "email"]
# is_linking_allowed = false
# is_creation_allowed = true
# is_auto_creation = false
# is_auto_update = true
#}
# terraform import zitadel_idp_google.*resource_name* *id*:*client_secret*
terraform import zitadel_idp_google.google 222302827723096428:GOCSPX-*****
You have now migrated your provider and you should be able to apply the resource again. There should be no changes and the IDP is maintained by Terraform again.