Hey Team, This is our Organization ID k3jqtvbgbk I'm unable to change the configured Identity provider and I get { "detail": "Can't proceed, OAuth configuration is protected against alteration in the organization.", "status": 409, "title": "Conflict", "traceId": "708a73f7024730524aee64a0750835f5" } Would someone be able to unblock this org? so that I can make modifications to it. Thanks in advance

Hi Vikraman, Should we do it for your both environments (DEV as well)?

Hi Julius, Thanks. As of now I just need for production environment! If required for DEV will let you know!

Hi Vikraman, our apologies for the continued troubles. We've escalated this issue internally to our Technical team and will get back to you with an update soon.

Okay Moises!

Hi @Vikraman, I’ve checked the error on our logs (thank you for sharing it, by the way), and I see that you were attempting to make changes to the

api/v1/entities/admin/organizations/k3jqtvbgbk

endpoint. That particular endpoint, while correct for normal OIDC use-cases, cannot be changed when Federated Identity Management (MOIDC) feature is enabled on the org - which is the case here. If you’d like to change an identity provider on the MOIDC use-case, you should use these endpoints instead. Could you kindly provide some more details about what you’d like to achieve here?

Hi @Francisco Antunes, We would like to replace the current Identity provider, which is a Keycloak client, with a different Keycloak client from the same realm. Previously, we were using this endpoint

api/v1/entities/admin/organizations/k3jqtvbgbk

, and it worked fine until about a month ago for our dev environment even with MOIDC enabled. Since then, this endpoint has stopped working, and we have been unable to make any changes and throws the above provided error message. Also, I'm aware that MOIDC configuration was done for our dev instance which is

k3jqtvbgbk-dev

I didn't know that it has been enabled for our prod environment as well. Please let me know if there is any other information you might need. Thanks

Thanks for the details! You are right, I checked your org’s previous tickets and can see that in September last year it was requested that MOIDC be turned off for

k3jqtvbgbk

. It looks as though the entitlement wasn’t removed properly from the org. I’ll double-check about the OIDC endpoint being blocked by Federated Identity Management, but I believe this is somewhat of a recent development. But regarding the current situation: would you like me to disable the MOIDC on the domain

k3jqtvbgbk

so you can change the OIDC settings? Also, can you confirm which IdP is currently in use there? From our records, the domain appears to be linked to GD’s Auth0.

Yes @Francisco Antunes. Previously it was one of our Keycloak client. I believe yesterday after Julius made the configuration looks like it has been changed to GD’s Auth0. I'll use this https://www.gooddata.com/docs/cloud/api-and-sdk/api/api_reference_all/#operation/getAllEntities@IdentityProviders to change the IdP. MOIDC need not be disabled if I can use the above Endpoint. Anyways I'll try these endpoints and let you know. Thanks

Hi Vikraman, I went ahead and disabled Federated Identity Management on the Org, please try making the change on the regular OIDC endpoint and let me know if it works out!

Hi @Francisco Antunes. It worked and I have modified the Identity provider. Thanks a ton 🙏🏼