diff --git a/examples/okta_idp_social/auto_provision_disabled.tf b/examples/okta_idp_social/auto_provision_disabled.tf
new file mode 100644
index 00000000..f415afcd
--- /dev/null
+++ b/examples/okta_idp_social/auto_provision_disabled.tf
@@ -0,0 +1,16 @@
+resource okta_idp_social google {
+  type                = "GOOGLE"
+  protocol_type       = "OAUTH2"
+  name                = "testAcc_google_replace_with_uuid"
+  provisioning_action = "DISABLED"
+
+  scopes = [
+    "profile",
+    "email",
+    "openid",
+  ]
+
+  client_id         = "abcd123"
+  client_secret     = "abcd123"
+  username_template = "idpuser.email"
+}
diff --git a/okta/idp.go b/okta/idp.go
index 75572bd6..900eb00b 100644
--- a/okta/idp.go
+++ b/okta/idp.go
@@ -36,7 +36,7 @@ var (
 		"provisioning_action": &schema.Schema{
 			Type:         schema.TypeString,
 			Optional:     true,
-			ValidateFunc: validation.StringInSlice([]string{"AUTO", ""}, false),
+			ValidateFunc: validation.StringInSlice([]string{"AUTO", "DISABLED", ""}, false),
 			Default:      "AUTO",
 		},
 		"deprovisioned_action": actionSchema,
diff --git a/okta/resource_idp_social_test.go b/okta/resource_idp_social_test.go
index 7f57e808..a5c907ee 100644
--- a/okta/resource_idp_social_test.go
+++ b/okta/resource_idp_social_test.go
@@ -12,6 +12,7 @@ func TestAccIdpSocial(t *testing.T) {
 	ri := acctest.RandInt()
 	mgr := newFixtureManager(idpSocial)
 	config := mgr.GetFixtures("basic.tf", ri, t)
+	disabledConf := mgr.GetFixtures("auto_provision_disabled.tf", ri, t)
 	fbName := fmt.Sprintf("%s.facebook", idpSocial)
 	microName := fmt.Sprintf("%s.microsoft", idpSocial)
 	googleName := fmt.Sprintf("%s.google", idpSocial)
@@ -49,6 +50,18 @@ func TestAccIdpSocial(t *testing.T) {
 					resource.TestCheckResourceAttr(googleName, "username_template", "idpuser.email"),
 				),
 			},
+			{
+				Config: disabledConf,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(googleName, "type", "GOOGLE"),
+					resource.TestCheckResourceAttr(googleName, "protocol_type", "OAUTH2"),
+					resource.TestCheckResourceAttr(googleName, "name", fmt.Sprintf("testAcc_google_%d", ri)),
+					resource.TestCheckResourceAttr(googleName, "client_id", "abcd123"),
+					resource.TestCheckResourceAttr(googleName, "client_secret", "abcd123"),
+					resource.TestCheckResourceAttr(googleName, "username_template", "idpuser.email"),
+					resource.TestCheckResourceAttr(googleName, "provisioning_action", "DISABLED"),
+				),
+			},
 		},
 	})
 }