diff --git a/mmv1/products/iambeta/WorkloadIdentityPoolProvider.yaml b/mmv1/products/iambeta/WorkloadIdentityPoolProvider.yaml
index 4ba65906982a..e96a05bbe000 100644
--- a/mmv1/products/iambeta/WorkloadIdentityPoolProvider.yaml
+++ b/mmv1/products/iambeta/WorkloadIdentityPoolProvider.yaml
@@ -313,7 +313,7 @@ properties:
           }
           ```
         required: false
-        state_func: 'func(v interface{}) string { s, _ := structure.NormalizeJsonString(v); return s }'
+        diff_suppress_func: 'jwksJsonDiffSuppress'
         is_missing_in_cai: true
   - name: 'saml'
     type: NestedObject
diff --git a/mmv1/templates/terraform/constants/iam_workload_identity_pool_provider.go.tmpl b/mmv1/templates/terraform/constants/iam_workload_identity_pool_provider.go.tmpl
index d9362d079287..ebd39947c1a1 100644
--- a/mmv1/templates/terraform/constants/iam_workload_identity_pool_provider.go.tmpl
+++ b/mmv1/templates/terraform/constants/iam_workload_identity_pool_provider.go.tmpl
@@ -25,3 +25,21 @@ func ValidateWorkloadIdentityPoolProviderId(v interface{}, k string) (ws []strin
 
     return
 }
+
+func jwksJsonDiffSuppress(k, old, new string, d *schema.ResourceData) bool {
+	if old == "" || new == "" {
+		return old == new
+	}
+
+	var oldJson, newJson interface{}
+
+	if err := json.Unmarshal([]byte(old), &oldJson); err != nil {
+		return false
+	}
+
+	if err := json.Unmarshal([]byte(new), &newJson); err != nil {
+		return false
+	}
+
+	return reflect.DeepEqual(oldJson, newJson)
+}