okta · bogdanprodan-okta · Mar 24, 2021 · Mar 20, 2021
diff --git a/okta/resource_okta_auth_server_policy_rule.go b/okta/resource_okta_auth_server_policy_rule.go
@@ -177,9 +177,33 @@ func resourceAuthServerPolicyRuleUpdate(ctx context.Context, d *schema.ResourceD
 	if err != nil {
 		return diag.Errorf("failed to update auth server policy rule: %v", err)
 	}
+	if d.HasChange("status") {
+		err := handleAuthServerPolicyRuleLifecycle(ctx, d, m)
+		if err != nil {
+			return err
+		}
+	}
 	return resourceAuthServerPolicyRuleRead(ctx, d, m)
 }
 
+func handleAuthServerPolicyRuleLifecycle(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
+	client := getSupplementFromMetadata(m)
+	if d.Get("status").(string) == statusActive {
+		_, err := client.ActivateAuthorizationServerPolicyRule(ctx, d.Get("auth_server_id").(string),
+			d.Get("policy_id").(string), d.Id())
+		if err != nil {
+			return diag.Errorf("failed to activate authorization server: %v", err)
+		}
+		return nil
+	}
+	_, err := client.DeactivateAuthorizationServerPolicyRule(ctx, d.Get("auth_server_id").(string),
+		d.Get("policy_id").(string), d.Id())
+	if err != nil {
+		return diag.Errorf("failed to deactivate authorization server: %v", err)
+	}
+	return nil
+}
+
 func resourceAuthServerPolicyRuleDelete(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
 	_, err := getSupplementFromMetadata(m).DeleteAuthorizationServerPolicyRule(
 		ctx,

diff --git a/sdk/authorization_server_policy_rules.go b/sdk/authorization_server_policy_rules.go
@@ -102,3 +102,24 @@ func (m *ApiSupplement) GetAuthorizationServerPolicyRule(ctx context.Context, au
 	}
 	return &authorizationServer, resp, nil
 }
+
+func (m *ApiSupplement) ActivateAuthorizationServerPolicyRule(ctx context.Context, authServerID, policyID, ruleID string) (*okta.Response, error) {
+	return m.changeAuthorizationServerPolicyRuleLifecycle(ctx, authServerID, policyID, ruleID, "activate")
+}
+
+func (m *ApiSupplement) DeactivateAuthorizationServerPolicyRule(ctx context.Context, authServerID, policyID, ruleID string) (*okta.Response, error) {
+	return m.changeAuthorizationServerPolicyRuleLifecycle(ctx, authServerID, policyID, ruleID, "deactivate")
+}
+
+func (m *ApiSupplement) changeAuthorizationServerPolicyRuleLifecycle(ctx context.Context, authServerID, policyID, ruleID, action string) (*okta.Response, error) {
+	url := fmt.Sprintf("/api/v1/authorizationServers/%s/policies/%s/rules/%s/lifecycle/%s", authServerID, policyID, ruleID, action)
+	req, err := m.RequestExecutor.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, nil)
+	if err != nil {
+		return nil, err
+	}
+	resp, err := m.RequestExecutor.Do(ctx, req, nil)
+	if err != nil {
+		return resp, err
+	}
+	return resp, nil
+}