diff --git a/pkg/services/iambeta/iambeta_workload_identity_pool_provider.go b/pkg/services/iambeta/iambeta_workload_identity_pool_provider.go
index 04b721a233..73da52e6d6 100644
--- a/pkg/services/iambeta/iambeta_workload_identity_pool_provider.go
+++ b/pkg/services/iambeta/iambeta_workload_identity_pool_provider.go
@@ -65,6 +65,24 @@ func ValidateWorkloadIdentityPoolProviderId(v interface{}, k string) (ws []strin
 	return
 }
 
+func jwksJsonDiffSuppress(k, old, new string, d *schema.ResourceData) bool {
+	if old == "" || new == "" {
+		return old == new
+	}
+
+	var oldJson, newJson interface{}
+
+	if err := json.Unmarshal([]byte(old), &oldJson); err != nil {
+		return false
+	}
+
+	if err := json.Unmarshal([]byte(new), &newJson); err != nil {
+		return false
+	}
+
+	return reflect.DeepEqual(oldJson, newJson)
+}
+
 var (
 	_ = bytes.Clone
 	_ = context.WithCancel
@@ -260,9 +278,9 @@ https://iam.googleapis.com/projects/<project-number>/locations/<location>/worklo
 							},
 						},
 						"jwks_json": {
-							Type:      schema.TypeString,
-							Optional:  true,
-							StateFunc: func(v interface{}) string { s, _ := structure.NormalizeJsonString(v); return s },
+							Type:             schema.TypeString,
+							Optional:         true,
+							DiffSuppressFunc: jwksJsonDiffSuppress,
 							Description: `OIDC JWKs in JSON String format. For details on definition of a
 JWK, see https:tools.ietf.org/html/rfc7517. If not set, then we
 use the 'jwks_uri' from the discovery document fetched from the
diff --git a/tfplan2cai/converters/google/resources/services/iambeta/iambeta_workload_identity_pool_provider.go b/tfplan2cai/converters/google/resources/services/iambeta/iambeta_workload_identity_pool_provider.go
index 25aada7cbe..c53fa41b91 100644
--- a/tfplan2cai/converters/google/resources/services/iambeta/iambeta_workload_identity_pool_provider.go
+++ b/tfplan2cai/converters/google/resources/services/iambeta/iambeta_workload_identity_pool_provider.go
@@ -77,6 +77,24 @@ func ValidateWorkloadIdentityPoolProviderId(v interface{}, k string) (ws []strin
 	return
 }
 
+func jwksJsonDiffSuppress(k, old, new string, d *schema.ResourceData) bool {
+	if old == "" || new == "" {
+		return old == new
+	}
+
+	var oldJson, newJson interface{}
+
+	if err := json.Unmarshal([]byte(old), &oldJson); err != nil {
+		return false
+	}
+
+	if err := json.Unmarshal([]byte(new), &newJson); err != nil {
+		return false
+	}
+
+	return reflect.DeepEqual(oldJson, newJson)
+}
+
 var (
 	_ = bytes.Clone
 	_ = context.WithCancel