idp

package
v4.8.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 18, 2024 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type GetMetadataSamlArgs 

type GetMetadataSamlArgs struct {
	// The id of the IdP to retrieve metadata for.
	IdpId *string `pulumi:"idpId"`
}

A collection of arguments for invoking getMetadataSaml.

type GetMetadataSamlOutputArgs 

type GetMetadataSamlOutputArgs struct {
	// The id of the IdP to retrieve metadata for.
	IdpId pulumi.StringPtrInput `pulumi:"idpId"`
}

A collection of arguments for invoking getMetadataSaml.

func (GetMetadataSamlOutputArgs) ElementType 

func (GetMetadataSamlOutputArgs) ElementType() reflect.Type

type GetMetadataSamlResult 

type GetMetadataSamlResult struct {
	// whether assertions are signed.
	AssertionsSigned bool `pulumi:"assertionsSigned"`
	// whether authn requests are signed.
	AuthnRequestSigned bool `pulumi:"authnRequestSigned"`
	// SAML request encryption certificate.
	EncryptionCertificate string `pulumi:"encryptionCertificate"`
	// Entity URL for instance `https://www.okta.com/saml2/service-provider/sposcfdmlybtwkdcgtuf`.
	EntityId string `pulumi:"entityId"`
	// urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Post location from the SAML metadata.
	HttpPostBinding string `pulumi:"httpPostBinding"`
	// urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect location from the SAML metadata.
	HttpRedirectBinding string `pulumi:"httpRedirectBinding"`
	// The provider-assigned unique ID for this managed resource.
	Id    string  `pulumi:"id"`
	IdpId *string `pulumi:"idpId"`
	// raw IdP metadata.
	Metadata string `pulumi:"metadata"`
	// SAML request signing certificate.
	SigningCertificate string `pulumi:"signingCertificate"`
}

A collection of values returned by getMetadataSaml.

func GetMetadataSaml 

func GetMetadataSaml(ctx *pulumi.Context, args *GetMetadataSamlArgs, opts ...pulumi.InvokeOption) (*GetMetadataSamlResult, error)

Use this data source to retrieve SAML IdP metadata from Okta.

## Example Usage

<!--Start PulumiCodeChooser --> ```go package main

import ( 

"github.com/pulumi/pulumi-okta/sdk/v4/go/okta/idp"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := idp.GetMetadataSaml(ctx, &idp.GetMetadataSamlArgs{
			IdpId: pulumi.StringRef("<idp id>"),
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

``` <!--End PulumiCodeChooser -->

type GetMetadataSamlResultOutput 

type GetMetadataSamlResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getMetadataSaml.

func GetMetadataSamlOutput 

func GetMetadataSamlOutput(ctx *pulumi.Context, args GetMetadataSamlOutputArgs, opts ...pulumi.InvokeOption) GetMetadataSamlResultOutput

func (GetMetadataSamlResultOutput) AssertionsSigned 

func (o GetMetadataSamlResultOutput) AssertionsSigned() pulumi.BoolOutput

whether assertions are signed.

func (GetMetadataSamlResultOutput) AuthnRequestSigned 

func (o GetMetadataSamlResultOutput) AuthnRequestSigned() pulumi.BoolOutput

whether authn requests are signed.

func (GetMetadataSamlResultOutput) ElementType 

func (GetMetadataSamlResultOutput) ElementType() reflect.Type

func (GetMetadataSamlResultOutput) EncryptionCertificate 

func (o GetMetadataSamlResultOutput) EncryptionCertificate() pulumi.StringOutput

SAML request encryption certificate.

func (GetMetadataSamlResultOutput) EntityId 

func (o GetMetadataSamlResultOutput) EntityId() pulumi.StringOutput

Entity URL for instance `https://www.okta.com/saml2/service-provider/sposcfdmlybtwkdcgtuf`.

func (GetMetadataSamlResultOutput) HttpPostBinding 

func (o GetMetadataSamlResultOutput) HttpPostBinding() pulumi.StringOutput

urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Post location from the SAML metadata.

func (GetMetadataSamlResultOutput) HttpRedirectBinding 

func (o GetMetadataSamlResultOutput) HttpRedirectBinding() pulumi.StringOutput

urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect location from the SAML metadata.

func (GetMetadataSamlResultOutput) Id 

func (o GetMetadataSamlResultOutput) Id() pulumi.StringOutput

The provider-assigned unique ID for this managed resource.

func (GetMetadataSamlResultOutput) IdpId 

func (o GetMetadataSamlResultOutput) IdpId() pulumi.StringPtrOutput

func (GetMetadataSamlResultOutput) Metadata 

func (o GetMetadataSamlResultOutput) Metadata() pulumi.StringOutput

raw IdP metadata.

func (GetMetadataSamlResultOutput) SigningCertificate 

func (o GetMetadataSamlResultOutput) SigningCertificate() pulumi.StringOutput

SAML request signing certificate.

func (GetMetadataSamlResultOutput) ToGetMetadataSamlResultOutput 

func (o GetMetadataSamlResultOutput) ToGetMetadataSamlResultOutput() GetMetadataSamlResultOutput

func (GetMetadataSamlResultOutput) ToGetMetadataSamlResultOutputWithContext 

func (o GetMetadataSamlResultOutput) ToGetMetadataSamlResultOutputWithContext(ctx context.Context) GetMetadataSamlResultOutput

type LookupOidcArgs 

type LookupOidcArgs struct {
	// The id of the idp to retrieve, conflicts with `name`.
	Id *string `pulumi:"id"`
	// The name of the idp to retrieve, conflicts with `id`.
	Name *string `pulumi:"name"`
}

A collection of arguments for invoking getOidc.

type LookupOidcOutputArgs 

type LookupOidcOutputArgs struct {
	// The id of the idp to retrieve, conflicts with `name`.
	Id pulumi.StringPtrInput `pulumi:"id"`
	// The name of the idp to retrieve, conflicts with `id`.
	Name pulumi.StringPtrInput `pulumi:"name"`
}

A collection of arguments for invoking getOidc.

func (LookupOidcOutputArgs) ElementType 

func (LookupOidcOutputArgs) ElementType() reflect.Type

type LookupOidcResult 

type LookupOidcResult struct {
	// The method of making an authorization request.
	AuthorizationBinding string `pulumi:"authorizationBinding"`
	// IdP Authorization Server (AS) endpoint to request consent from the user and obtain an authorization code grant.
	AuthorizationUrl string `pulumi:"authorizationUrl"`
	// Unique identifier issued by AS for the Okta IdP instance.
	ClientId string `pulumi:"clientId"`
	// Client secret issued by AS for the Okta IdP instance.
	ClientSecret string `pulumi:"clientSecret"`
	// id of idp.
	Id *string `pulumi:"id"`
	// Indicates whether Okta uses the original Okta org domain URL, a custom domain URL, or dynamic.
	IssuerMode string `pulumi:"issuerMode"`
	// URI that identifies the issuer.
	IssuerUrl string `pulumi:"issuerUrl"`
	// The method of making a request for the OIDC JWKS.
	JwksBinding string `pulumi:"jwksBinding"`
	// Endpoint where the keys signer publishes its keys in a JWK Set.
	JwksUrl string `pulumi:"jwksUrl"`
	// Maximum allowable clock-skew when processing messages from the IdP.
	MaxClockSkew int `pulumi:"maxClockSkew"`
	// name of the idp.
	Name *string `pulumi:"name"`
	// The type of protocol to use.
	ProtocolType string `pulumi:"protocolType"`
	// The scopes of the IdP.
	Scopes []string `pulumi:"scopes"`
	// The method of making a token request.
	TokenBinding string `pulumi:"tokenBinding"`
	// IdP Authorization Server (AS) endpoint to exchange the authorization code grant for an access token.
	TokenUrl string `pulumi:"tokenUrl"`
	// type of idp.
	Type string `pulumi:"type"`
	// The method of making a user info request.
	UserInfoBinding string `pulumi:"userInfoBinding"`
	// Protected resource endpoint that returns claims about the authenticated user.
	UserInfoUrl string `pulumi:"userInfoUrl"`
}

A collection of values returned by getOidc.

func LookupOidc 

func LookupOidc(ctx *pulumi.Context, args *LookupOidcArgs, opts ...pulumi.InvokeOption) (*LookupOidcResult, error)

Use this data source to retrieve a OIDC IdP from Okta.

## Example Usage

<!--Start PulumiCodeChooser --> ```go package main

import ( 

"github.com/pulumi/pulumi-okta/sdk/v4/go/okta/idp"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := idp.LookupOidc(ctx, &idp.LookupOidcArgs{
			Name: pulumi.StringRef("Example Provider"),
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

``` <!--End PulumiCodeChooser -->

type LookupOidcResultOutput 

type LookupOidcResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getOidc.

func LookupOidcOutput 

func LookupOidcOutput(ctx *pulumi.Context, args LookupOidcOutputArgs, opts ...pulumi.InvokeOption) LookupOidcResultOutput

func (LookupOidcResultOutput) AuthorizationBinding 

func (o LookupOidcResultOutput) AuthorizationBinding() pulumi.StringOutput

The method of making an authorization request.

func (LookupOidcResultOutput) AuthorizationUrl 

func (o LookupOidcResultOutput) AuthorizationUrl() pulumi.StringOutput

IdP Authorization Server (AS) endpoint to request consent from the user and obtain an authorization code grant.

func (LookupOidcResultOutput) ClientId 

func (o LookupOidcResultOutput) ClientId() pulumi.StringOutput

Unique identifier issued by AS for the Okta IdP instance.

func (LookupOidcResultOutput) ClientSecret 

func (o LookupOidcResultOutput) ClientSecret() pulumi.StringOutput

Client secret issued by AS for the Okta IdP instance.

func (LookupOidcResultOutput) ElementType 

func (LookupOidcResultOutput) ElementType() reflect.Type

func (LookupOidcResultOutput) Id 

func (o LookupOidcResultOutput) Id() pulumi.StringPtrOutput

id of idp.

func (LookupOidcResultOutput) IssuerMode 

func (o LookupOidcResultOutput) IssuerMode() pulumi.StringOutput

Indicates whether Okta uses the original Okta org domain URL, a custom domain URL, or dynamic.

func (LookupOidcResultOutput) IssuerUrl 

func (o LookupOidcResultOutput) IssuerUrl() pulumi.StringOutput

URI that identifies the issuer.

func (LookupOidcResultOutput) JwksBinding 

func (o LookupOidcResultOutput) JwksBinding() pulumi.StringOutput

The method of making a request for the OIDC JWKS.

func (LookupOidcResultOutput) JwksUrl 

func (o LookupOidcResultOutput) JwksUrl() pulumi.StringOutput

Endpoint where the keys signer publishes its keys in a JWK Set.

func (LookupOidcResultOutput) MaxClockSkew 

func (o LookupOidcResultOutput) MaxClockSkew() pulumi.IntOutput

Maximum allowable clock-skew when processing messages from the IdP.

func (LookupOidcResultOutput) Name 

func (o LookupOidcResultOutput) Name() pulumi.StringPtrOutput

name of the idp.

func (LookupOidcResultOutput) ProtocolType 

func (o LookupOidcResultOutput) ProtocolType() pulumi.StringOutput

The type of protocol to use.

func (LookupOidcResultOutput) Scopes 

func (o LookupOidcResultOutput) Scopes() pulumi.StringArrayOutput

The scopes of the IdP.

func (LookupOidcResultOutput) ToLookupOidcResultOutput 

func (o LookupOidcResultOutput) ToLookupOidcResultOutput() LookupOidcResultOutput

func (LookupOidcResultOutput) ToLookupOidcResultOutputWithContext 

func (o LookupOidcResultOutput) ToLookupOidcResultOutputWithContext(ctx context.Context) LookupOidcResultOutput

func (LookupOidcResultOutput) TokenBinding 

func (o LookupOidcResultOutput) TokenBinding() pulumi.StringOutput

The method of making a token request.

func (LookupOidcResultOutput) TokenUrl 

func (o LookupOidcResultOutput) TokenUrl() pulumi.StringOutput

IdP Authorization Server (AS) endpoint to exchange the authorization code grant for an access token.

func (LookupOidcResultOutput) Type 

func (o LookupOidcResultOutput) Type() pulumi.StringOutput

type of idp.

func (LookupOidcResultOutput) UserInfoBinding 

func (o LookupOidcResultOutput) UserInfoBinding() pulumi.StringOutput

The method of making a user info request.

func (LookupOidcResultOutput) UserInfoUrl 

func (o LookupOidcResultOutput) UserInfoUrl() pulumi.StringOutput

Protected resource endpoint that returns claims about the authenticated user.

type LookupSamlArgs 

type LookupSamlArgs struct {
	// The id of the idp to retrieve, conflicts with `name`.
	Id *string `pulumi:"id"`
	// The name of the idp to retrieve, conflicts with `id`.
	Name *string `pulumi:"name"`
}

A collection of arguments for invoking getSaml.

type LookupSamlOutputArgs 

type LookupSamlOutputArgs struct {
	// The id of the idp to retrieve, conflicts with `name`.
	Id pulumi.StringPtrInput `pulumi:"id"`
	// The name of the idp to retrieve, conflicts with `id`.
	Name pulumi.StringPtrInput `pulumi:"name"`
}

A collection of arguments for invoking getSaml.

func (LookupSamlOutputArgs) ElementType 

func (LookupSamlOutputArgs) ElementType() reflect.Type

type LookupSamlResult 

type LookupSamlResult struct {
	AcsBinding string `pulumi:"acsBinding"`
	// Determines whether to publish an instance-specific (trust) or organization (shared) ACS endpoint in the SAML metadata.
	AcsType string `pulumi:"acsType"`
	// URI that identifies the target Okta IdP instance (SP)
	Audience string `pulumi:"audience"`
	// id of idp.
	Id *string `pulumi:"id"`
	// URI that identifies the issuer (IdP).
	Issuer string `pulumi:"issuer"`
	// indicates whether Okta uses the original Okta org domain URL, or a custom domain URL in the request to the IdP.
	IssuerMode string `pulumi:"issuerMode"`
	// Key ID reference to the IdP's X.509 signature certificate.
	Kid string `pulumi:"kid"`
	// name of the idp.
	Name *string `pulumi:"name"`
	// single sign-on binding.
	SsoBinding string `pulumi:"ssoBinding"`
	// SSO request binding, HTTP-POST or HTTP-REDIRECT.
	SsoDestination string `pulumi:"ssoDestination"`
	// single sign-on url.
	SsoUrl string `pulumi:"ssoUrl"`
	// regular expression pattern used to filter untrusted IdP usernames.
	SubjectFilter string `pulumi:"subjectFilter"`
	// Expression to generate or transform a unique username for the IdP user.
	SubjectFormats []string `pulumi:"subjectFormats"`
	// type of idp.
	Type string `pulumi:"type"`
}

A collection of values returned by getSaml.

func LookupSaml 

func LookupSaml(ctx *pulumi.Context, args *LookupSamlArgs, opts ...pulumi.InvokeOption) (*LookupSamlResult, error)

Use this data source to retrieve a SAML IdP from Okta.

## Example Usage

<!--Start PulumiCodeChooser --> ```go package main

import ( 

"github.com/pulumi/pulumi-okta/sdk/v4/go/okta/idp"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := idp.LookupSaml(ctx, &idp.LookupSamlArgs{
			Name: pulumi.StringRef("Example App"),
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

``` <!--End PulumiCodeChooser -->

type LookupSamlResultOutput 

type LookupSamlResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getSaml.

func LookupSamlOutput 

func LookupSamlOutput(ctx *pulumi.Context, args LookupSamlOutputArgs, opts ...pulumi.InvokeOption) LookupSamlResultOutput

func (LookupSamlResultOutput) AcsBinding 

func (o LookupSamlResultOutput) AcsBinding() pulumi.StringOutput

func (LookupSamlResultOutput) AcsType 

func (o LookupSamlResultOutput) AcsType() pulumi.StringOutput

Determines whether to publish an instance-specific (trust) or organization (shared) ACS endpoint in the SAML metadata.

func (LookupSamlResultOutput) Audience 

func (o LookupSamlResultOutput) Audience() pulumi.StringOutput

URI that identifies the target Okta IdP instance (SP)

func (LookupSamlResultOutput) ElementType 

func (LookupSamlResultOutput) ElementType() reflect.Type

func (LookupSamlResultOutput) Id 

func (o LookupSamlResultOutput) Id() pulumi.StringPtrOutput

id of idp.

func (LookupSamlResultOutput) Issuer 

func (o LookupSamlResultOutput) Issuer() pulumi.StringOutput

URI that identifies the issuer (IdP).

func (LookupSamlResultOutput) IssuerMode 

func (o LookupSamlResultOutput) IssuerMode() pulumi.StringOutput

indicates whether Okta uses the original Okta org domain URL, or a custom domain URL in the request to the IdP.

func (LookupSamlResultOutput) Kid 

func (o LookupSamlResultOutput) Kid() pulumi.StringOutput

Key ID reference to the IdP's X.509 signature certificate.

func (LookupSamlResultOutput) Name 

func (o LookupSamlResultOutput) Name() pulumi.StringPtrOutput

name of the idp.

func (LookupSamlResultOutput) SsoBinding 

func (o LookupSamlResultOutput) SsoBinding() pulumi.StringOutput

single sign-on binding.

func (LookupSamlResultOutput) SsoDestination 

func (o LookupSamlResultOutput) SsoDestination() pulumi.StringOutput

SSO request binding, HTTP-POST or HTTP-REDIRECT.

func (LookupSamlResultOutput) SsoUrl 

func (o LookupSamlResultOutput) SsoUrl() pulumi.StringOutput

single sign-on url.

func (LookupSamlResultOutput) SubjectFilter 

func (o LookupSamlResultOutput) SubjectFilter() pulumi.StringOutput

regular expression pattern used to filter untrusted IdP usernames.

func (LookupSamlResultOutput) SubjectFormats 

func (o LookupSamlResultOutput) SubjectFormats() pulumi.StringArrayOutput

Expression to generate or transform a unique username for the IdP user.

func (LookupSamlResultOutput) ToLookupSamlResultOutput 

func (o LookupSamlResultOutput) ToLookupSamlResultOutput() LookupSamlResultOutput

func (LookupSamlResultOutput) ToLookupSamlResultOutputWithContext 

func (o LookupSamlResultOutput) ToLookupSamlResultOutputWithContext(ctx context.Context) LookupSamlResultOutput

func (LookupSamlResultOutput) Type 

func (o LookupSamlResultOutput) Type() pulumi.StringOutput

type of idp.

type LookupSocialArgs 

type LookupSocialArgs struct {
	// The id of the social idp to retrieve, conflicts with `name`.
	Id *string `pulumi:"id"`
	// The name of the social idp to retrieve, conflicts with `id`.
	Name *string `pulumi:"name"`
}

A collection of arguments for invoking getSocial.

type LookupSocialOutputArgs 

type LookupSocialOutputArgs struct {
	// The id of the social idp to retrieve, conflicts with `name`.
	Id pulumi.StringPtrInput `pulumi:"id"`
	// The name of the social idp to retrieve, conflicts with `id`.
	Name pulumi.StringPtrInput `pulumi:"name"`
}

A collection of arguments for invoking getSocial.

func (LookupSocialOutputArgs) ElementType 

func (LookupSocialOutputArgs) ElementType() reflect.Type

type LookupSocialResult 

type LookupSocialResult struct {
	// Specifies the account linking action for an IdP user.
	AccountLinkAction string `pulumi:"accountLinkAction"`
	// Group memberships to determine link candidates.
	AccountLinkGroupIncludes []string `pulumi:"accountLinkGroupIncludes"`
	// The method of making an authorization request.
	AuthorizationBinding string `pulumi:"authorizationBinding"`
	// IdP Authorization Server (AS) endpoint to request consent from the user and obtain an authorization code grant.
	AuthorizationUrl string `pulumi:"authorizationUrl"`
	// Unique identifier issued by AS for the Okta IdP instance.
	ClientId string `pulumi:"clientId"`
	// Client secret issued by AS for the Okta IdP instance.
	ClientSecret string `pulumi:"clientSecret"`
	// Action for a previously deprovisioned IdP user during authentication.
	DeprovisionedAction string `pulumi:"deprovisionedAction"`
	// Provisioning action for IdP user's group memberships.
	GroupsAction string `pulumi:"groupsAction"`
	// List of Okta Group IDs.
	GroupsAssignments []string `pulumi:"groupsAssignments"`
	// IdP user profile attribute name for an array value that contains group memberships.
	GroupsAttribute string `pulumi:"groupsAttribute"`
	// Whitelist of Okta Group identifiers.
	GroupsFilters []string `pulumi:"groupsFilters"`
	Id            *string  `pulumi:"id"`
	// Indicates whether Okta uses the original Okta org domain URL, or a custom domain URL.
	IssuerMode string `pulumi:"issuerMode"`
	// Maximum allowable clock-skew when processing messages from the IdP.
	MaxClockSkew int     `pulumi:"maxClockSkew"`
	Name         *string `pulumi:"name"`
	// Determines if the IdP should act as a source of truth for user profile attributes.
	ProfileMaster bool `pulumi:"profileMaster"`
	// The type of protocol to use.
	ProtocolType string `pulumi:"protocolType"`
	// Provisioning action for an IdP user during authentication.
	ProvisioningAction string `pulumi:"provisioningAction"`
	// The scopes of the IdP.
	Scopes []string `pulumi:"scopes"`
	// Status of the IdP.
	Status string `pulumi:"status"`
	// Okta user profile attribute for matching transformed IdP username.
	SubjectMatchAttribute string `pulumi:"subjectMatchAttribute"`
	// Determines the Okta user profile attribute match conditions for account linking and authentication of the transformed IdP username.
	SubjectMatchType string `pulumi:"subjectMatchType"`
	// Action for a previously suspended IdP user during authentication.
	SuspendedAction string `pulumi:"suspendedAction"`
	// The method of making a token request.
	TokenBinding string `pulumi:"tokenBinding"`
	// IdP Authorization Server (AS) endpoint to exchange the authorization code grant for an access token.
	TokenUrl string `pulumi:"tokenUrl"`
	// The type of Social IdP. See API docs [Identity Provider Type](https://developer.okta.com/docs/reference/api/idps/#identity-provider-type)
	Type string `pulumi:"type"`
	// Okta EL Expression to generate or transform a unique username for the IdP user.
	UsernameTemplate string `pulumi:"usernameTemplate"`
}

A collection of values returned by getSocial.

func LookupSocial 

func LookupSocial(ctx *pulumi.Context, args *LookupSocialArgs, opts ...pulumi.InvokeOption) (*LookupSocialResult, error)

Use this data source to retrieve a social IdP from Okta, namely `APPLE`, `FACEBOOK`, `LINKEDIN`, `MICROSOFT`, or `GOOGLE`.

## Example Usage

<!--Start PulumiCodeChooser --> ```go package main

import ( 

"github.com/pulumi/pulumi-okta/sdk/v4/go/okta/idp"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := idp.LookupSocial(ctx, &idp.LookupSocialArgs{
			Name: pulumi.StringRef("My Facebook IdP"),
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

``` <!--End PulumiCodeChooser -->

type LookupSocialResultOutput 

type LookupSocialResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getSocial.

func LookupSocialOutput 

func LookupSocialOutput(ctx *pulumi.Context, args LookupSocialOutputArgs, opts ...pulumi.InvokeOption) LookupSocialResultOutput

func (LookupSocialResultOutput) AccountLinkAction 

func (o LookupSocialResultOutput) AccountLinkAction() pulumi.StringOutput

Specifies the account linking action for an IdP user.

func (LookupSocialResultOutput) AccountLinkGroupIncludes 

func (o LookupSocialResultOutput) AccountLinkGroupIncludes() pulumi.StringArrayOutput

Group memberships to determine link candidates.

func (LookupSocialResultOutput) AuthorizationBinding 

func (o LookupSocialResultOutput) AuthorizationBinding() pulumi.StringOutput

The method of making an authorization request.

func (LookupSocialResultOutput) AuthorizationUrl 

func (o LookupSocialResultOutput) AuthorizationUrl() pulumi.StringOutput

IdP Authorization Server (AS) endpoint to request consent from the user and obtain an authorization code grant.

func (LookupSocialResultOutput) ClientId 

func (o LookupSocialResultOutput) ClientId() pulumi.StringOutput

Unique identifier issued by AS for the Okta IdP instance.

func (LookupSocialResultOutput) ClientSecret 

func (o LookupSocialResultOutput) ClientSecret() pulumi.StringOutput

Client secret issued by AS for the Okta IdP instance.

func (LookupSocialResultOutput) DeprovisionedAction 

func (o LookupSocialResultOutput) DeprovisionedAction() pulumi.StringOutput

Action for a previously deprovisioned IdP user during authentication.

func (LookupSocialResultOutput) ElementType 

func (LookupSocialResultOutput) ElementType() reflect.Type

func (LookupSocialResultOutput) GroupsAction 

func (o LookupSocialResultOutput) GroupsAction() pulumi.StringOutput

Provisioning action for IdP user's group memberships.

func (LookupSocialResultOutput) GroupsAssignments 

func (o LookupSocialResultOutput) GroupsAssignments() pulumi.StringArrayOutput

List of Okta Group IDs.

func (LookupSocialResultOutput) GroupsAttribute 

func (o LookupSocialResultOutput) GroupsAttribute() pulumi.StringOutput

IdP user profile attribute name for an array value that contains group memberships.

func (LookupSocialResultOutput) GroupsFilters 

func (o LookupSocialResultOutput) GroupsFilters() pulumi.StringArrayOutput

Whitelist of Okta Group identifiers.

func (LookupSocialResultOutput) Id 

func (o LookupSocialResultOutput) Id() pulumi.StringPtrOutput

func (LookupSocialResultOutput) IssuerMode 

func (o LookupSocialResultOutput) IssuerMode() pulumi.StringOutput

Indicates whether Okta uses the original Okta org domain URL, or a custom domain URL.

func (LookupSocialResultOutput) MaxClockSkew 

func (o LookupSocialResultOutput) MaxClockSkew() pulumi.IntOutput

Maximum allowable clock-skew when processing messages from the IdP.

func (LookupSocialResultOutput) Name 

func (o LookupSocialResultOutput) Name() pulumi.StringPtrOutput

func (LookupSocialResultOutput) ProfileMaster 

func (o LookupSocialResultOutput) ProfileMaster() pulumi.BoolOutput

Determines if the IdP should act as a source of truth for user profile attributes.

func (LookupSocialResultOutput) ProtocolType 

func (o LookupSocialResultOutput) ProtocolType() pulumi.StringOutput

The type of protocol to use.

func (LookupSocialResultOutput) ProvisioningAction 

func (o LookupSocialResultOutput) ProvisioningAction() pulumi.StringOutput

Provisioning action for an IdP user during authentication.

func (LookupSocialResultOutput) Scopes 

func (o LookupSocialResultOutput) Scopes() pulumi.StringArrayOutput

The scopes of the IdP.

func (LookupSocialResultOutput) Status 

func (o LookupSocialResultOutput) Status() pulumi.StringOutput

Status of the IdP.

func (LookupSocialResultOutput) SubjectMatchAttribute 

func (o LookupSocialResultOutput) SubjectMatchAttribute() pulumi.StringOutput

Okta user profile attribute for matching transformed IdP username.

func (LookupSocialResultOutput) SubjectMatchType 

func (o LookupSocialResultOutput) SubjectMatchType() pulumi.StringOutput

Determines the Okta user profile attribute match conditions for account linking and authentication of the transformed IdP username.

func (LookupSocialResultOutput) SuspendedAction 

func (o LookupSocialResultOutput) SuspendedAction() pulumi.StringOutput

Action for a previously suspended IdP user during authentication.

func (LookupSocialResultOutput) ToLookupSocialResultOutput 

func (o LookupSocialResultOutput) ToLookupSocialResultOutput() LookupSocialResultOutput

func (LookupSocialResultOutput) ToLookupSocialResultOutputWithContext 

func (o LookupSocialResultOutput) ToLookupSocialResultOutputWithContext(ctx context.Context) LookupSocialResultOutput

func (LookupSocialResultOutput) TokenBinding 

func (o LookupSocialResultOutput) TokenBinding() pulumi.StringOutput

The method of making a token request.

func (LookupSocialResultOutput) TokenUrl 

func (o LookupSocialResultOutput) TokenUrl() pulumi.StringOutput

IdP Authorization Server (AS) endpoint to exchange the authorization code grant for an access token.

func (LookupSocialResultOutput) Type 

func (o LookupSocialResultOutput) Type() pulumi.StringOutput

The type of Social IdP. See API docs [Identity Provider Type](https://developer.okta.com/docs/reference/api/idps/#identity-provider-type)

func (LookupSocialResultOutput) UsernameTemplate 

func (o LookupSocialResultOutput) UsernameTemplate() pulumi.StringOutput

Okta EL Expression to generate or transform a unique username for the IdP user.

type Oidc 

type Oidc struct {
	pulumi.CustomResourceState

	// Specifies the account linking action for an IdP user.
	AccountLinkAction pulumi.StringPtrOutput `pulumi:"accountLinkAction"`
	// Group memberships to determine link candidates.
	AccountLinkGroupIncludes pulumi.StringArrayOutput `pulumi:"accountLinkGroupIncludes"`
	// The method of making an authorization request. It can be set to `"HTTP-POST"` or `"HTTP-REDIRECT"`.
	AuthorizationBinding pulumi.StringOutput `pulumi:"authorizationBinding"`
	// IdP Authorization Server (AS) endpoint to request consent from the user and obtain an authorization code grant.
	AuthorizationUrl pulumi.StringOutput `pulumi:"authorizationUrl"`
	// Unique identifier issued by AS for the Okta IdP instance.
	ClientId pulumi.StringOutput `pulumi:"clientId"`
	// Client secret issued by AS for the Okta IdP instance.
	ClientSecret pulumi.StringOutput `pulumi:"clientSecret"`
	// Action for a previously deprovisioned IdP user during authentication. Can be `"NONE"` or `"REACTIVATE"`.
	DeprovisionedAction pulumi.StringPtrOutput `pulumi:"deprovisionedAction"`
	// Provisioning action for IdP user's group memberships. It can be `"NONE"`, `"SYNC"`, `"APPEND"`, or `"ASSIGN"`.
	GroupsAction pulumi.StringPtrOutput `pulumi:"groupsAction"`
	// List of Okta Group IDs to add an IdP user as a member with the `"ASSIGN"` `groupsAction`.
	GroupsAssignments pulumi.StringArrayOutput `pulumi:"groupsAssignments"`
	// IdP user profile attribute name (case-insensitive) for an array value that contains group memberships.
	GroupsAttribute pulumi.StringPtrOutput `pulumi:"groupsAttribute"`
	// Whitelist of Okta Group identifiers that are allowed for the `"APPEND"` or `"SYNC"` `groupsAction`.
	GroupsFilters pulumi.StringArrayOutput `pulumi:"groupsFilters"`
	// Indicates whether Okta uses the original Okta org domain URL, a custom domain URL, or dynamic. It can be `"ORG_URL"`, `"CUSTOM_URL"`, or `"DYNAMIC"`.
	IssuerMode pulumi.StringPtrOutput `pulumi:"issuerMode"`
	// URI that identifies the issuer.
	IssuerUrl pulumi.StringOutput `pulumi:"issuerUrl"`
	// The method of making a request for the OIDC JWKS. It can be set to `"HTTP-POST"` or `"HTTP-REDIRECT"`.
	JwksBinding pulumi.StringOutput `pulumi:"jwksBinding"`
	// Endpoint where the keys signer publishes its keys in a JWK Set.
	JwksUrl pulumi.StringOutput `pulumi:"jwksUrl"`
	// Maximum allowable clock-skew when processing messages from the IdP.
	MaxClockSkew pulumi.IntPtrOutput `pulumi:"maxClockSkew"`
	// The Application's display name.
	Name pulumi.StringOutput `pulumi:"name"`
	// Determines if the IdP should act as a source of truth for user profile attributes.
	ProfileMaster pulumi.BoolPtrOutput `pulumi:"profileMaster"`
	// The type of protocol to use. It can be `"OIDC"` or `"OAUTH2"`.
	ProtocolType pulumi.StringPtrOutput `pulumi:"protocolType"`
	// Provisioning action for an IdP user during authentication.
	ProvisioningAction pulumi.StringPtrOutput `pulumi:"provisioningAction"`
	// The HMAC Signature Algorithm used when signing an authorization request. Defaults to `"HS256"`. It can be `"HS256"`, `"HS384"`, `"HS512"`, `"SHA-256"`. `"RS256"`, `"RS384"`, or `"RS512"`. NOTE: `"SHA-256"` an undocumented legacy value and not continue to be valid. See API docs https://developer.okta.com/docs/reference/api/idps/#oidc-request-signature-algorithm-object
	RequestSignatureAlgorithm pulumi.StringPtrOutput `pulumi:"requestSignatureAlgorithm"`
	// Specifies whether to digitally sign an AuthnRequest messages to the IdP. Defaults to `"REQUEST"`. It can be `"REQUEST"` or `"NONE"`.
	RequestSignatureScope pulumi.StringPtrOutput `pulumi:"requestSignatureScope"`
	// The scopes of the IdP.
	Scopes pulumi.StringArrayOutput `pulumi:"scopes"`
	// Status of the IdP.
	Status pulumi.StringPtrOutput `pulumi:"status"`
	// Okta user profile attribute for matching transformed IdP username. Only for matchType `"CUSTOM_ATTRIBUTE"`.
	SubjectMatchAttribute pulumi.StringPtrOutput `pulumi:"subjectMatchAttribute"`
	// Determines the Okta user profile attribute match conditions for account linking and authentication of the transformed IdP username. By default, it is set to `"USERNAME"`. It can be set to `"USERNAME"`, `"EMAIL"`, `"USERNAME_OR_EMAIL"` or `"CUSTOM_ATTRIBUTE"`.
	SubjectMatchType pulumi.StringPtrOutput `pulumi:"subjectMatchType"`
	// Action for a previously suspended IdP user during authentication. Can be set to `"NONE"` or `"UNSUSPEND"`
	SuspendedAction pulumi.StringPtrOutput `pulumi:"suspendedAction"`
	// The method of making a token request. It can be set to `"HTTP-POST"` or `"HTTP-REDIRECT"`.
	TokenBinding pulumi.StringOutput `pulumi:"tokenBinding"`
	// IdP Authorization Server (AS) endpoint to exchange the authorization code grant for an access token.
	TokenUrl pulumi.StringOutput `pulumi:"tokenUrl"`
	// Type of OIDC IdP.
	Type            pulumi.StringOutput    `pulumi:"type"`
	UserInfoBinding pulumi.StringPtrOutput `pulumi:"userInfoBinding"`
	// Protected resource endpoint that returns claims about the authenticated user.
	UserInfoUrl pulumi.StringPtrOutput `pulumi:"userInfoUrl"`
	// User type ID. Can be used as `targetId` in the `profile.Mapping` resource.
	UserTypeId pulumi.StringOutput `pulumi:"userTypeId"`
	// Okta EL Expression to generate or transform a unique username for the IdP user.
	UsernameTemplate pulumi.StringPtrOutput `pulumi:"usernameTemplate"`
}

Creates an OIDC Identity Provider.

This resource allows you to create and configure an OIDC Identity Provider.

## Example Usage

<!--Start PulumiCodeChooser --> ```go package main

import ( 

"github.com/pulumi/pulumi-okta/sdk/v4/go/okta/idp"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := idp.NewOidc(ctx, "example", &idp.OidcArgs{
			AuthorizationBinding: pulumi.String("HTTP-REDIRECT"),
			AuthorizationUrl:     pulumi.String("https://idp.example.com/authorize"),
			ClientId:             pulumi.String("efg456"),
			ClientSecret:         pulumi.String("efg456"),
			IssuerUrl:            pulumi.String("https://id.example.com"),
			JwksBinding:          pulumi.String("HTTP-REDIRECT"),
			JwksUrl:              pulumi.String("https://idp.example.com/keys"),
			Scopes: pulumi.StringArray{
				pulumi.String("openid"),
			},
			TokenBinding:     pulumi.String("HTTP-POST"),
			TokenUrl:         pulumi.String("https://idp.example.com/token"),
			UserInfoBinding:  pulumi.String("HTTP-REDIRECT"),
			UserInfoUrl:      pulumi.String("https://idp.example.com/userinfo"),
			UsernameTemplate: pulumi.String("idpuser.email"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` <!--End PulumiCodeChooser -->

## Import

An OIDC IdP can be imported via the Okta ID.

```sh $ pulumi import okta:idp/oidc:Oidc example &#60;idp id&#62; ```

func GetOidc 

func GetOidc(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *OidcState, opts ...pulumi.ResourceOption) (*Oidc, error)

GetOidc gets an existing Oidc resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewOidc 

func NewOidc(ctx *pulumi.Context,
	name string, args *OidcArgs, opts ...pulumi.ResourceOption) (*Oidc, error)

NewOidc registers a new resource with the given unique name, arguments, and options.

func (*Oidc) ElementType 

func (*Oidc) ElementType() reflect.Type

func (*Oidc) ToOidcOutput 

func (i *Oidc) ToOidcOutput() OidcOutput

func (*Oidc) ToOidcOutputWithContext 

func (i *Oidc) ToOidcOutputWithContext(ctx context.Context) OidcOutput

type OidcArgs 

type OidcArgs struct {
	// Specifies the account linking action for an IdP user.
	AccountLinkAction pulumi.StringPtrInput
	// Group memberships to determine link candidates.
	AccountLinkGroupIncludes pulumi.StringArrayInput
	// The method of making an authorization request. It can be set to `"HTTP-POST"` or `"HTTP-REDIRECT"`.
	AuthorizationBinding pulumi.StringInput
	// IdP Authorization Server (AS) endpoint to request consent from the user and obtain an authorization code grant.
	AuthorizationUrl pulumi.StringInput
	// Unique identifier issued by AS for the Okta IdP instance.
	ClientId pulumi.StringInput
	// Client secret issued by AS for the Okta IdP instance.
	ClientSecret pulumi.StringInput
	// Action for a previously deprovisioned IdP user during authentication. Can be `"NONE"` or `"REACTIVATE"`.
	DeprovisionedAction pulumi.StringPtrInput
	// Provisioning action for IdP user's group memberships. It can be `"NONE"`, `"SYNC"`, `"APPEND"`, or `"ASSIGN"`.
	GroupsAction pulumi.StringPtrInput
	// List of Okta Group IDs to add an IdP user as a member with the `"ASSIGN"` `groupsAction`.
	GroupsAssignments pulumi.StringArrayInput
	// IdP user profile attribute name (case-insensitive) for an array value that contains group memberships.
	GroupsAttribute pulumi.StringPtrInput
	// Whitelist of Okta Group identifiers that are allowed for the `"APPEND"` or `"SYNC"` `groupsAction`.
	GroupsFilters pulumi.StringArrayInput
	// Indicates whether Okta uses the original Okta org domain URL, a custom domain URL, or dynamic. It can be `"ORG_URL"`, `"CUSTOM_URL"`, or `"DYNAMIC"`.
	IssuerMode pulumi.StringPtrInput
	// URI that identifies the issuer.
	IssuerUrl pulumi.StringInput
	// The method of making a request for the OIDC JWKS. It can be set to `"HTTP-POST"` or `"HTTP-REDIRECT"`.
	JwksBinding pulumi.StringInput
	// Endpoint where the keys signer publishes its keys in a JWK Set.
	JwksUrl pulumi.StringInput
	// Maximum allowable clock-skew when processing messages from the IdP.
	MaxClockSkew pulumi.IntPtrInput
	// The Application's display name.
	Name pulumi.StringPtrInput
	// Determines if the IdP should act as a source of truth for user profile attributes.
	ProfileMaster pulumi.BoolPtrInput
	// The type of protocol to use. It can be `"OIDC"` or `"OAUTH2"`.
	ProtocolType pulumi.StringPtrInput
	// Provisioning action for an IdP user during authentication.
	ProvisioningAction pulumi.StringPtrInput
	// The HMAC Signature Algorithm used when signing an authorization request. Defaults to `"HS256"`. It can be `"HS256"`, `"HS384"`, `"HS512"`, `"SHA-256"`. `"RS256"`, `"RS384"`, or `"RS512"`. NOTE: `"SHA-256"` an undocumented legacy value and not continue to be valid. See API docs https://developer.okta.com/docs/reference/api/idps/#oidc-request-signature-algorithm-object
	RequestSignatureAlgorithm pulumi.StringPtrInput
	// Specifies whether to digitally sign an AuthnRequest messages to the IdP. Defaults to `"REQUEST"`. It can be `"REQUEST"` or `"NONE"`.
	RequestSignatureScope pulumi.StringPtrInput
	// The scopes of the IdP.
	Scopes pulumi.StringArrayInput
	// Status of the IdP.
	Status pulumi.StringPtrInput
	// Okta user profile attribute for matching transformed IdP username. Only for matchType `"CUSTOM_ATTRIBUTE"`.
	SubjectMatchAttribute pulumi.StringPtrInput
	// Determines the Okta user profile attribute match conditions for account linking and authentication of the transformed IdP username. By default, it is set to `"USERNAME"`. It can be set to `"USERNAME"`, `"EMAIL"`, `"USERNAME_OR_EMAIL"` or `"CUSTOM_ATTRIBUTE"`.
	SubjectMatchType pulumi.StringPtrInput
	// Action for a previously suspended IdP user during authentication. Can be set to `"NONE"` or `"UNSUSPEND"`
	SuspendedAction pulumi.StringPtrInput
	// The method of making a token request. It can be set to `"HTTP-POST"` or `"HTTP-REDIRECT"`.
	TokenBinding pulumi.StringInput
	// IdP Authorization Server (AS) endpoint to exchange the authorization code grant for an access token.
	TokenUrl        pulumi.StringInput
	UserInfoBinding pulumi.StringPtrInput
	// Protected resource endpoint that returns claims about the authenticated user.
	UserInfoUrl pulumi.StringPtrInput
	// Okta EL Expression to generate or transform a unique username for the IdP user.
	UsernameTemplate pulumi.StringPtrInput
}

The set of arguments for constructing a Oidc resource.

func (OidcArgs) ElementType 

func (OidcArgs) ElementType() reflect.Type

type OidcArray 

type OidcArray []OidcInput

func (OidcArray) ElementType 

func (OidcArray) ElementType() reflect.Type

func (OidcArray) ToOidcArrayOutput 

func (i OidcArray) ToOidcArrayOutput() OidcArrayOutput

func (OidcArray) ToOidcArrayOutputWithContext 

func (i OidcArray) ToOidcArrayOutputWithContext(ctx context.Context) OidcArrayOutput

type OidcArrayInput 

type OidcArrayInput interface {
	pulumi.Input

	ToOidcArrayOutput() OidcArrayOutput
	ToOidcArrayOutputWithContext(context.Context) OidcArrayOutput
}

OidcArrayInput is an input type that accepts OidcArray and OidcArrayOutput values. You can construct a concrete instance of `OidcArrayInput` via: 

OidcArray{ OidcArgs{...} }

type OidcArrayOutput 

type OidcArrayOutput struct{ *pulumi.OutputState }

func (OidcArrayOutput) ElementType 

func (OidcArrayOutput) ElementType() reflect.Type

func (OidcArrayOutput) Index 

func (o OidcArrayOutput) Index(i pulumi.IntInput) OidcOutput

func (OidcArrayOutput) ToOidcArrayOutput 

func (o OidcArrayOutput) ToOidcArrayOutput() OidcArrayOutput

func (OidcArrayOutput) ToOidcArrayOutputWithContext 

func (o OidcArrayOutput) ToOidcArrayOutputWithContext(ctx context.Context) OidcArrayOutput

type OidcInput 

type OidcInput interface {
	pulumi.Input

	ToOidcOutput() OidcOutput
	ToOidcOutputWithContext(ctx context.Context) OidcOutput
}

type OidcMap 

type OidcMap map[string]OidcInput

func (OidcMap) ElementType 

func (OidcMap) ElementType() reflect.Type

func (OidcMap) ToOidcMapOutput 

func (i OidcMap) ToOidcMapOutput() OidcMapOutput

func (OidcMap) ToOidcMapOutputWithContext 

func (i OidcMap) ToOidcMapOutputWithContext(ctx context.Context) OidcMapOutput

type OidcMapInput 

type OidcMapInput interface {
	pulumi.Input

	ToOidcMapOutput() OidcMapOutput
	ToOidcMapOutputWithContext(context.Context) OidcMapOutput
}

OidcMapInput is an input type that accepts OidcMap and OidcMapOutput values. You can construct a concrete instance of `OidcMapInput` via: 

OidcMap{ "key": OidcArgs{...} }

type OidcMapOutput 

type OidcMapOutput struct{ *pulumi.OutputState }

func (OidcMapOutput) ElementType 

func (OidcMapOutput) ElementType() reflect.Type

func (OidcMapOutput) MapIndex 

func (o OidcMapOutput) MapIndex(k pulumi.StringInput) OidcOutput

func (OidcMapOutput) ToOidcMapOutput 

func (o OidcMapOutput) ToOidcMapOutput() OidcMapOutput

func (OidcMapOutput) ToOidcMapOutputWithContext 

func (o OidcMapOutput) ToOidcMapOutputWithContext(ctx context.Context) OidcMapOutput

type OidcOutput 

type OidcOutput struct{ *pulumi.OutputState }

func (OidcOutput) AccountLinkAction 

func (o OidcOutput) AccountLinkAction() pulumi.StringPtrOutput

Specifies the account linking action for an IdP user.

func (OidcOutput) AccountLinkGroupIncludes 

func (o OidcOutput) AccountLinkGroupIncludes() pulumi.StringArrayOutput

Group memberships to determine link candidates.

func (OidcOutput) AuthorizationBinding 

func (o OidcOutput) AuthorizationBinding() pulumi.StringOutput

The method of making an authorization request. It can be set to `"HTTP-POST"` or `"HTTP-REDIRECT"`.

func (OidcOutput) AuthorizationUrl 

func (o OidcOutput) AuthorizationUrl() pulumi.StringOutput

IdP Authorization Server (AS) endpoint to request consent from the user and obtain an authorization code grant.

func (OidcOutput) ClientId 

func (o OidcOutput) ClientId() pulumi.StringOutput

Unique identifier issued by AS for the Okta IdP instance.

func (OidcOutput) ClientSecret 

func (o OidcOutput) ClientSecret() pulumi.StringOutput

Client secret issued by AS for the Okta IdP instance.

func (OidcOutput) DeprovisionedAction 

func (o OidcOutput) DeprovisionedAction() pulumi.StringPtrOutput

Action for a previously deprovisioned IdP user during authentication. Can be `"NONE"` or `"REACTIVATE"`.

func (OidcOutput) ElementType 

func (OidcOutput) ElementType() reflect.Type

func (OidcOutput) GroupsAction 

func (o OidcOutput) GroupsAction() pulumi.StringPtrOutput

Provisioning action for IdP user's group memberships. It can be `"NONE"`, `"SYNC"`, `"APPEND"`, or `"ASSIGN"`.

func (OidcOutput) GroupsAssignments 

func (o OidcOutput) GroupsAssignments() pulumi.StringArrayOutput

List of Okta Group IDs to add an IdP user as a member with the `"ASSIGN"` `groupsAction`.

func (OidcOutput) GroupsAttribute 

func (o OidcOutput) GroupsAttribute() pulumi.StringPtrOutput

IdP user profile attribute name (case-insensitive) for an array value that contains group memberships.

func (OidcOutput) GroupsFilters 

func (o OidcOutput) GroupsFilters() pulumi.StringArrayOutput

Whitelist of Okta Group identifiers that are allowed for the `"APPEND"` or `"SYNC"` `groupsAction`.

func (OidcOutput) IssuerMode 

func (o OidcOutput) IssuerMode() pulumi.StringPtrOutput

Indicates whether Okta uses the original Okta org domain URL, a custom domain URL, or dynamic. It can be `"ORG_URL"`, `"CUSTOM_URL"`, or `"DYNAMIC"`.

func (OidcOutput) IssuerUrl 

func (o OidcOutput) IssuerUrl() pulumi.StringOutput

URI that identifies the issuer.

func (OidcOutput) JwksBinding 

func (o OidcOutput) JwksBinding() pulumi.StringOutput

The method of making a request for the OIDC JWKS. It can be set to `"HTTP-POST"` or `"HTTP-REDIRECT"`.

func (OidcOutput) JwksUrl 

func (o OidcOutput) JwksUrl() pulumi.StringOutput

Endpoint where the keys signer publishes its keys in a JWK Set.

func (OidcOutput) MaxClockSkew 

func (o OidcOutput) MaxClockSkew() pulumi.IntPtrOutput

Maximum allowable clock-skew when processing messages from the IdP.

func (OidcOutput) Name 

func (o OidcOutput) Name() pulumi.StringOutput

The Application's display name.

func (OidcOutput) ProfileMaster 

func (o OidcOutput) ProfileMaster() pulumi.BoolPtrOutput

Determines if the IdP should act as a source of truth for user profile attributes.

func (OidcOutput) ProtocolType 

func (o OidcOutput) ProtocolType() pulumi.StringPtrOutput

The type of protocol to use. It can be `"OIDC"` or `"OAUTH2"`.

func (OidcOutput) ProvisioningAction 

func (o OidcOutput) ProvisioningAction() pulumi.StringPtrOutput

Provisioning action for an IdP user during authentication.

func (OidcOutput) RequestSignatureAlgorithm 

func (o OidcOutput) RequestSignatureAlgorithm() pulumi.StringPtrOutput

The HMAC Signature Algorithm used when signing an authorization request. Defaults to `"HS256"`. It can be `"HS256"`, `"HS384"`, `"HS512"`, `"SHA-256"`. `"RS256"`, `"RS384"`, or `"RS512"`. NOTE: `"SHA-256"` an undocumented legacy value and not continue to be valid. See API docs https://developer.okta.com/docs/reference/api/idps/#oidc-request-signature-algorithm-object

func (OidcOutput) RequestSignatureScope 

func (o OidcOutput) RequestSignatureScope() pulumi.StringPtrOutput

Specifies whether to digitally sign an AuthnRequest messages to the IdP. Defaults to `"REQUEST"`. It can be `"REQUEST"` or `"NONE"`.

func (OidcOutput) Scopes 

func (o OidcOutput) Scopes() pulumi.StringArrayOutput

The scopes of the IdP.

func (OidcOutput) Status 

func (o OidcOutput) Status() pulumi.StringPtrOutput

Status of the IdP.

func (OidcOutput) SubjectMatchAttribute 

func (o OidcOutput) SubjectMatchAttribute() pulumi.StringPtrOutput

Okta user profile attribute for matching transformed IdP username. Only for matchType `"CUSTOM_ATTRIBUTE"`.

func (OidcOutput) SubjectMatchType 

func (o OidcOutput) SubjectMatchType() pulumi.StringPtrOutput

Determines the Okta user profile attribute match conditions for account linking and authentication of the transformed IdP username. By default, it is set to `"USERNAME"`. It can be set to `"USERNAME"`, `"EMAIL"`, `"USERNAME_OR_EMAIL"` or `"CUSTOM_ATTRIBUTE"`.

func (OidcOutput) SuspendedAction 

func (o OidcOutput) SuspendedAction() pulumi.StringPtrOutput

Action for a previously suspended IdP user during authentication. Can be set to `"NONE"` or `"UNSUSPEND"`

func (OidcOutput) ToOidcOutput 

func (o OidcOutput) ToOidcOutput() OidcOutput

func (OidcOutput) ToOidcOutputWithContext 

func (o OidcOutput) ToOidcOutputWithContext(ctx context.Context) OidcOutput

func (OidcOutput) TokenBinding 

func (o OidcOutput) TokenBinding() pulumi.StringOutput

The method of making a token request. It can be set to `"HTTP-POST"` or `"HTTP-REDIRECT"`.

func (OidcOutput) TokenUrl 

func (o OidcOutput) TokenUrl() pulumi.StringOutput

IdP Authorization Server (AS) endpoint to exchange the authorization code grant for an access token.

func (OidcOutput) Type 

func (o OidcOutput) Type() pulumi.StringOutput

Type of OIDC IdP.

func (OidcOutput) UserInfoBinding 

func (o OidcOutput) UserInfoBinding() pulumi.StringPtrOutput

func (OidcOutput) UserInfoUrl 

func (o OidcOutput) UserInfoUrl() pulumi.StringPtrOutput

Protected resource endpoint that returns claims about the authenticated user.

func (OidcOutput) UserTypeId 

func (o OidcOutput) UserTypeId() pulumi.StringOutput

User type ID. Can be used as `targetId` in the `profile.Mapping` resource.

func (OidcOutput) UsernameTemplate 

func (o OidcOutput) UsernameTemplate() pulumi.StringPtrOutput

Okta EL Expression to generate or transform a unique username for the IdP user.

type OidcState 

type OidcState struct {
	// Specifies the account linking action for an IdP user.
	AccountLinkAction pulumi.StringPtrInput
	// Group memberships to determine link candidates.
	AccountLinkGroupIncludes pulumi.StringArrayInput
	// The method of making an authorization request. It can be set to `"HTTP-POST"` or `"HTTP-REDIRECT"`.
	AuthorizationBinding pulumi.StringPtrInput
	// IdP Authorization Server (AS) endpoint to request consent from the user and obtain an authorization code grant.
	AuthorizationUrl pulumi.StringPtrInput
	// Unique identifier issued by AS for the Okta IdP instance.
	ClientId pulumi.StringPtrInput
	// Client secret issued by AS for the Okta IdP instance.
	ClientSecret pulumi.StringPtrInput
	// Action for a previously deprovisioned IdP user during authentication. Can be `"NONE"` or `"REACTIVATE"`.
	DeprovisionedAction pulumi.StringPtrInput
	// Provisioning action for IdP user's group memberships. It can be `"NONE"`, `"SYNC"`, `"APPEND"`, or `"ASSIGN"`.
	GroupsAction pulumi.StringPtrInput
	// List of Okta Group IDs to add an IdP user as a member with the `"ASSIGN"` `groupsAction`.
	GroupsAssignments pulumi.StringArrayInput
	// IdP user profile attribute name (case-insensitive) for an array value that contains group memberships.
	GroupsAttribute pulumi.StringPtrInput
	// Whitelist of Okta Group identifiers that are allowed for the `"APPEND"` or `"SYNC"` `groupsAction`.
	GroupsFilters pulumi.StringArrayInput
	// Indicates whether Okta uses the original Okta org domain URL, a custom domain URL, or dynamic. It can be `"ORG_URL"`, `"CUSTOM_URL"`, or `"DYNAMIC"`.
	IssuerMode pulumi.StringPtrInput
	// URI that identifies the issuer.
	IssuerUrl pulumi.StringPtrInput
	// The method of making a request for the OIDC JWKS. It can be set to `"HTTP-POST"` or `"HTTP-REDIRECT"`.
	JwksBinding pulumi.StringPtrInput
	// Endpoint where the keys signer publishes its keys in a JWK Set.
	JwksUrl pulumi.StringPtrInput
	// Maximum allowable clock-skew when processing messages from the IdP.
	MaxClockSkew pulumi.IntPtrInput
	// The Application's display name.
	Name pulumi.StringPtrInput
	// Determines if the IdP should act as a source of truth for user profile attributes.
	ProfileMaster pulumi.BoolPtrInput
	// The type of protocol to use. It can be `"OIDC"` or `"OAUTH2"`.
	ProtocolType pulumi.StringPtrInput
	// Provisioning action for an IdP user during authentication.
	ProvisioningAction pulumi.StringPtrInput
	// The HMAC Signature Algorithm used when signing an authorization request. Defaults to `"HS256"`. It can be `"HS256"`, `"HS384"`, `"HS512"`, `"SHA-256"`. `"RS256"`, `"RS384"`, or `"RS512"`. NOTE: `"SHA-256"` an undocumented legacy value and not continue to be valid. See API docs https://developer.okta.com/docs/reference/api/idps/#oidc-request-signature-algorithm-object
	RequestSignatureAlgorithm pulumi.StringPtrInput
	// Specifies whether to digitally sign an AuthnRequest messages to the IdP. Defaults to `"REQUEST"`. It can be `"REQUEST"` or `"NONE"`.
	RequestSignatureScope pulumi.StringPtrInput
	// The scopes of the IdP.
	Scopes pulumi.StringArrayInput
	// Status of the IdP.
	Status pulumi.StringPtrInput
	// Okta user profile attribute for matching transformed IdP username. Only for matchType `"CUSTOM_ATTRIBUTE"`.
	SubjectMatchAttribute pulumi.StringPtrInput
	// Determines the Okta user profile attribute match conditions for account linking and authentication of the transformed IdP username. By default, it is set to `"USERNAME"`. It can be set to `"USERNAME"`, `"EMAIL"`, `"USERNAME_OR_EMAIL"` or `"CUSTOM_ATTRIBUTE"`.
	SubjectMatchType pulumi.StringPtrInput
	// Action for a previously suspended IdP user during authentication. Can be set to `"NONE"` or `"UNSUSPEND"`
	SuspendedAction pulumi.StringPtrInput
	// The method of making a token request. It can be set to `"HTTP-POST"` or `"HTTP-REDIRECT"`.
	TokenBinding pulumi.StringPtrInput
	// IdP Authorization Server (AS) endpoint to exchange the authorization code grant for an access token.
	TokenUrl pulumi.StringPtrInput
	// Type of OIDC IdP.
	Type            pulumi.StringPtrInput
	UserInfoBinding pulumi.StringPtrInput
	// Protected resource endpoint that returns claims about the authenticated user.
	UserInfoUrl pulumi.StringPtrInput
	// User type ID. Can be used as `targetId` in the `profile.Mapping` resource.
	UserTypeId pulumi.StringPtrInput
	// Okta EL Expression to generate or transform a unique username for the IdP user.
	UsernameTemplate pulumi.StringPtrInput
}

func (OidcState) ElementType 

func (OidcState) ElementType() reflect.Type

type Saml 

type Saml struct {
	pulumi.CustomResourceState

	// Specifies the account linking action for an IdP user.
	AccountLinkAction pulumi.StringPtrOutput `pulumi:"accountLinkAction"`
	// Group memberships to determine link candidates.
	AccountLinkGroupIncludes pulumi.StringArrayOutput `pulumi:"accountLinkGroupIncludes"`
	AcsBinding               pulumi.StringOutput      `pulumi:"acsBinding"`
	// The type of ACS. It can be `"INSTANCE"` or `"ORG"`.
	AcsType pulumi.StringPtrOutput `pulumi:"acsType"`
	// The audience restriction for the IdP.
	Audience pulumi.StringOutput `pulumi:"audience"`
	// Action for a previously deprovisioned IdP user during authentication. Can be `"NONE"` or `"REACTIVATE"`.
	DeprovisionedAction pulumi.StringPtrOutput `pulumi:"deprovisionedAction"`
	// Provisioning action for IdP user's group memberships. It can be `"NONE"`, `"SYNC"`, `"APPEND"`, or `"ASSIGN"`.
	GroupsAction pulumi.StringPtrOutput `pulumi:"groupsAction"`
	// List of Okta Group IDs to add an IdP user as a member with the `"ASSIGN"` `groupsAction`.
	GroupsAssignments pulumi.StringArrayOutput `pulumi:"groupsAssignments"`
	// IdP user profile attribute name (case-insensitive) for an array value that contains group memberships.
	GroupsAttribute pulumi.StringPtrOutput `pulumi:"groupsAttribute"`
	// Whitelist of Okta Group identifiers that are allowed for the `"APPEND"` or `"SYNC"` `groupsAction`.
	GroupsFilters pulumi.StringArrayOutput `pulumi:"groupsFilters"`
	// URI that identifies the issuer.
	Issuer pulumi.StringOutput `pulumi:"issuer"`
	// Indicates whether Okta uses the original Okta org domain URL, or a custom domain URL. It can be `"ORG_URL"` or `"CUSTOM_URL"`.
	IssuerMode pulumi.StringPtrOutput `pulumi:"issuerMode"`
	// The ID of the signing key.
	Kid pulumi.StringOutput `pulumi:"kid"`
	// Maximum allowable clock-skew when processing messages from the IdP.
	MaxClockSkew pulumi.IntPtrOutput `pulumi:"maxClockSkew"`
	// The Application's display name.
	Name pulumi.StringOutput `pulumi:"name"`
	// The name identifier format to use. By default `"urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"`.
	NameFormat pulumi.StringPtrOutput `pulumi:"nameFormat"`
	// Determines if the IdP should act as a source of truth for user profile attributes.
	ProfileMaster pulumi.BoolPtrOutput `pulumi:"profileMaster"`
	// Provisioning action for an IdP user during authentication.
	ProvisioningAction pulumi.StringPtrOutput `pulumi:"provisioningAction"`
	// The XML digital signature algorithm used when signing an AuthnRequest message. It can be `"SHA-256"` or `"SHA-1"`.
	RequestSignatureAlgorithm pulumi.StringPtrOutput `pulumi:"requestSignatureAlgorithm"`
	// Specifies whether to digitally sign an AuthnRequest messages to the IdP. It can be `"REQUEST"` or `"NONE"`.
	RequestSignatureScope pulumi.StringPtrOutput `pulumi:"requestSignatureScope"`
	// The minimum XML digital signature algorithm allowed when verifying a SAMLResponse message or Assertion element. It can be `"SHA-256"` or `"SHA-1"`.
	ResponseSignatureAlgorithm pulumi.StringPtrOutput `pulumi:"responseSignatureAlgorithm"`
	// Specifies whether to verify a SAMLResponse message or Assertion element XML digital signature. It can be `"RESPONSE"`, `"ASSERTION"`, or `"ANY"`.
	ResponseSignatureScope pulumi.StringPtrOutput `pulumi:"responseSignatureScope"`
	// The method of making an SSO request. It can be set to `"HTTP-POST"` or `"HTTP-REDIRECT"`.
	SsoBinding pulumi.StringPtrOutput `pulumi:"ssoBinding"`
	// URI reference indicating the address to which the AuthnRequest message is sent.
	SsoDestination pulumi.StringPtrOutput `pulumi:"ssoDestination"`
	// URL of binding-specific endpoint to send an AuthnRequest message to IdP.
	SsoUrl pulumi.StringOutput `pulumi:"ssoUrl"`
	// Status of the IdP.
	Status pulumi.StringPtrOutput `pulumi:"status"`
	// Optional regular expression pattern used to filter untrusted IdP usernames.
	SubjectFilter pulumi.StringPtrOutput `pulumi:"subjectFilter"`
	// The name format. By default `"urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"`.
	SubjectFormats pulumi.StringArrayOutput `pulumi:"subjectFormats"`
	// Okta user profile attribute for matching transformed IdP username. Only for matchType `"CUSTOM_ATTRIBUTE"`.
	SubjectMatchAttribute pulumi.StringPtrOutput `pulumi:"subjectMatchAttribute"`
	// Determines the Okta user profile attribute match conditions for account linking and authentication of the transformed IdP username. By default, it is set to `"USERNAME"`. It can be set to `"USERNAME"`, `"EMAIL"`, `"USERNAME_OR_EMAIL"` or `"CUSTOM_ATTRIBUTE"`.
	SubjectMatchType pulumi.StringPtrOutput `pulumi:"subjectMatchType"`
	// Action for a previously suspended IdP user during authentication. Can be set to `"NONE"` or `"UNSUSPEND"`
	SuspendedAction pulumi.StringPtrOutput `pulumi:"suspendedAction"`
	// Type of the IdP.
	Type pulumi.StringOutput `pulumi:"type"`
	// User type ID. Can be used as `targetId` in the `profile.Mapping` resource.
	UserTypeId pulumi.StringOutput `pulumi:"userTypeId"`
	// Okta EL Expression to generate or transform a unique username for the IdP user.
	UsernameTemplate pulumi.StringPtrOutput `pulumi:"usernameTemplate"`
}

Creates a SAML Identity Provider.

This resource allows you to create and configure a SAML Identity Provider.

## Example Usage

<!--Start PulumiCodeChooser --> ```go package main

import ( 

"github.com/pulumi/pulumi-okta/sdk/v4/go/okta/idp"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := idp.NewSaml(ctx, "example", &idp.SamlArgs{
			AcsType:                pulumi.String("INSTANCE"),
			Issuer:                 pulumi.String("https://idp.example.com"),
			Kid:                    pulumi.Any(okta_idp_saml_key.Test.Id),
			RequestSignatureScope:  pulumi.String("REQUEST"),
			ResponseSignatureScope: pulumi.String("ANY"),
			SsoBinding:             pulumi.String("HTTP-POST"),
			SsoDestination:         pulumi.String("https://idp.example.com"),
			SsoUrl:                 pulumi.String("https://idp.example.com"),
			UsernameTemplate:       pulumi.String("idpuser.email"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` <!--End PulumiCodeChooser -->

## Import

An SAML IdP can be imported via the Okta ID.

```sh $ pulumi import okta:idp/saml:Saml example &#60;idp id&#62; ```

func GetSaml 

func GetSaml(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *SamlState, opts ...pulumi.ResourceOption) (*Saml, error)

GetSaml gets an existing Saml resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewSaml 

func NewSaml(ctx *pulumi.Context,
	name string, args *SamlArgs, opts ...pulumi.ResourceOption) (*Saml, error)

NewSaml registers a new resource with the given unique name, arguments, and options.

func (*Saml) ElementType 

func (*Saml) ElementType() reflect.Type

func (*Saml) ToSamlOutput 

func (i *Saml) ToSamlOutput() SamlOutput

func (*Saml) ToSamlOutputWithContext 

func (i *Saml) ToSamlOutputWithContext(ctx context.Context) SamlOutput

type SamlArgs 

type SamlArgs struct {
	// Specifies the account linking action for an IdP user.
	AccountLinkAction pulumi.StringPtrInput
	// Group memberships to determine link candidates.
	AccountLinkGroupIncludes pulumi.StringArrayInput
	// The type of ACS. It can be `"INSTANCE"` or `"ORG"`.
	AcsType pulumi.StringPtrInput
	// Action for a previously deprovisioned IdP user during authentication. Can be `"NONE"` or `"REACTIVATE"`.
	DeprovisionedAction pulumi.StringPtrInput
	// Provisioning action for IdP user's group memberships. It can be `"NONE"`, `"SYNC"`, `"APPEND"`, or `"ASSIGN"`.
	GroupsAction pulumi.StringPtrInput
	// List of Okta Group IDs to add an IdP user as a member with the `"ASSIGN"` `groupsAction`.
	GroupsAssignments pulumi.StringArrayInput
	// IdP user profile attribute name (case-insensitive) for an array value that contains group memberships.
	GroupsAttribute pulumi.StringPtrInput
	// Whitelist of Okta Group identifiers that are allowed for the `"APPEND"` or `"SYNC"` `groupsAction`.
	GroupsFilters pulumi.StringArrayInput
	// URI that identifies the issuer.
	Issuer pulumi.StringInput
	// Indicates whether Okta uses the original Okta org domain URL, or a custom domain URL. It can be `"ORG_URL"` or `"CUSTOM_URL"`.
	IssuerMode pulumi.StringPtrInput
	// The ID of the signing key.
	Kid pulumi.StringInput
	// Maximum allowable clock-skew when processing messages from the IdP.
	MaxClockSkew pulumi.IntPtrInput
	// The Application's display name.
	Name pulumi.StringPtrInput
	// The name identifier format to use. By default `"urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"`.
	NameFormat pulumi.StringPtrInput
	// Determines if the IdP should act as a source of truth for user profile attributes.
	ProfileMaster pulumi.BoolPtrInput
	// Provisioning action for an IdP user during authentication.
	ProvisioningAction pulumi.StringPtrInput
	// The XML digital signature algorithm used when signing an AuthnRequest message. It can be `"SHA-256"` or `"SHA-1"`.
	RequestSignatureAlgorithm pulumi.StringPtrInput
	// Specifies whether to digitally sign an AuthnRequest messages to the IdP. It can be `"REQUEST"` or `"NONE"`.
	RequestSignatureScope pulumi.StringPtrInput
	// The minimum XML digital signature algorithm allowed when verifying a SAMLResponse message or Assertion element. It can be `"SHA-256"` or `"SHA-1"`.
	ResponseSignatureAlgorithm pulumi.StringPtrInput
	// Specifies whether to verify a SAMLResponse message or Assertion element XML digital signature. It can be `"RESPONSE"`, `"ASSERTION"`, or `"ANY"`.
	ResponseSignatureScope pulumi.StringPtrInput
	// The method of making an SSO request. It can be set to `"HTTP-POST"` or `"HTTP-REDIRECT"`.
	SsoBinding pulumi.StringPtrInput
	// URI reference indicating the address to which the AuthnRequest message is sent.
	SsoDestination pulumi.StringPtrInput
	// URL of binding-specific endpoint to send an AuthnRequest message to IdP.
	SsoUrl pulumi.StringInput
	// Status of the IdP.
	Status pulumi.StringPtrInput
	// Optional regular expression pattern used to filter untrusted IdP usernames.
	SubjectFilter pulumi.StringPtrInput
	// The name format. By default `"urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"`.
	SubjectFormats pulumi.StringArrayInput
	// Okta user profile attribute for matching transformed IdP username. Only for matchType `"CUSTOM_ATTRIBUTE"`.
	SubjectMatchAttribute pulumi.StringPtrInput
	// Determines the Okta user profile attribute match conditions for account linking and authentication of the transformed IdP username. By default, it is set to `"USERNAME"`. It can be set to `"USERNAME"`, `"EMAIL"`, `"USERNAME_OR_EMAIL"` or `"CUSTOM_ATTRIBUTE"`.
	SubjectMatchType pulumi.StringPtrInput
	// Action for a previously suspended IdP user during authentication. Can be set to `"NONE"` or `"UNSUSPEND"`
	SuspendedAction pulumi.StringPtrInput
	// Okta EL Expression to generate or transform a unique username for the IdP user.
	UsernameTemplate pulumi.StringPtrInput
}

The set of arguments for constructing a Saml resource.

func (SamlArgs) ElementType 

func (SamlArgs) ElementType() reflect.Type

type SamlArray 

type SamlArray []SamlInput

func (SamlArray) ElementType 

func (SamlArray) ElementType() reflect.Type

func (SamlArray) ToSamlArrayOutput 

func (i SamlArray) ToSamlArrayOutput() SamlArrayOutput

func (SamlArray) ToSamlArrayOutputWithContext 

func (i SamlArray) ToSamlArrayOutputWithContext(ctx context.Context) SamlArrayOutput

type SamlArrayInput 

type SamlArrayInput interface {
	pulumi.Input

	ToSamlArrayOutput() SamlArrayOutput
	ToSamlArrayOutputWithContext(context.Context) SamlArrayOutput
}

SamlArrayInput is an input type that accepts SamlArray and SamlArrayOutput values. You can construct a concrete instance of `SamlArrayInput` via: 

SamlArray{ SamlArgs{...} }

type SamlArrayOutput 

type SamlArrayOutput struct{ *pulumi.OutputState }

func (SamlArrayOutput) ElementType 

func (SamlArrayOutput) ElementType() reflect.Type

func (SamlArrayOutput) Index 

func (o SamlArrayOutput) Index(i pulumi.IntInput) SamlOutput

func (SamlArrayOutput) ToSamlArrayOutput 

func (o SamlArrayOutput) ToSamlArrayOutput() SamlArrayOutput

func (SamlArrayOutput) ToSamlArrayOutputWithContext 

func (o SamlArrayOutput) ToSamlArrayOutputWithContext(ctx context.Context) SamlArrayOutput

type SamlInput 

type SamlInput interface {
	pulumi.Input

	ToSamlOutput() SamlOutput
	ToSamlOutputWithContext(ctx context.Context) SamlOutput
}

type SamlKey 

type SamlKey struct {
	pulumi.CustomResourceState

	// Date created.
	Created pulumi.StringOutput `pulumi:"created"`
	// Date the cert expires.
	ExpiresAt pulumi.StringOutput `pulumi:"expiresAt"`
	// Key ID.
	Kid pulumi.StringOutput `pulumi:"kid"`
	// Identifies the cryptographic algorithm family used with the key.
	Kty pulumi.StringOutput `pulumi:"kty"`
	// Intended use of the public key.
	Use pulumi.StringOutput `pulumi:"use"`
	// base64-encoded X.509 certificate chain with DER encoding.
	X5cs pulumi.StringArrayOutput `pulumi:"x5cs"`
	// base64url-encoded SHA-256 thumbprint of the DER encoding of an X.509 certificate.
	X5tS256 pulumi.StringOutput `pulumi:"x5tS256"`
}

## Example Usage

## Import

A SAML IdP Signing Key can be imported via the key id.

```sh $ pulumi import okta:idp/samlKey:SamlKey example &#60;key id&#62; ```

func GetSamlKey 

func GetSamlKey(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *SamlKeyState, opts ...pulumi.ResourceOption) (*SamlKey, error)

GetSamlKey gets an existing SamlKey resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewSamlKey 

func NewSamlKey(ctx *pulumi.Context,
	name string, args *SamlKeyArgs, opts ...pulumi.ResourceOption) (*SamlKey, error)

NewSamlKey registers a new resource with the given unique name, arguments, and options.

func (*SamlKey) ElementType 

func (*SamlKey) ElementType() reflect.Type

func (*SamlKey) ToSamlKeyOutput 

func (i *SamlKey) ToSamlKeyOutput() SamlKeyOutput

func (*SamlKey) ToSamlKeyOutputWithContext 

func (i *SamlKey) ToSamlKeyOutputWithContext(ctx context.Context) SamlKeyOutput

type SamlKeyArgs 

type SamlKeyArgs struct {
	// base64-encoded X.509 certificate chain with DER encoding.
	X5cs pulumi.StringArrayInput
}

The set of arguments for constructing a SamlKey resource.

func (SamlKeyArgs) ElementType 

func (SamlKeyArgs) ElementType() reflect.Type

type SamlKeyArray 

type SamlKeyArray []SamlKeyInput

func (SamlKeyArray) ElementType 

func (SamlKeyArray) ElementType() reflect.Type

func (SamlKeyArray) ToSamlKeyArrayOutput 

func (i SamlKeyArray) ToSamlKeyArrayOutput() SamlKeyArrayOutput

func (SamlKeyArray) ToSamlKeyArrayOutputWithContext 

func (i SamlKeyArray) ToSamlKeyArrayOutputWithContext(ctx context.Context) SamlKeyArrayOutput

type SamlKeyArrayInput 

type SamlKeyArrayInput interface {
	pulumi.Input

	ToSamlKeyArrayOutput() SamlKeyArrayOutput
	ToSamlKeyArrayOutputWithContext(context.Context) SamlKeyArrayOutput
}

SamlKeyArrayInput is an input type that accepts SamlKeyArray and SamlKeyArrayOutput values. You can construct a concrete instance of `SamlKeyArrayInput` via: 

SamlKeyArray{ SamlKeyArgs{...} }

type SamlKeyArrayOutput 

type SamlKeyArrayOutput struct{ *pulumi.OutputState }

func (SamlKeyArrayOutput) ElementType 

func (SamlKeyArrayOutput) ElementType() reflect.Type

func (SamlKeyArrayOutput) Index 

func (o SamlKeyArrayOutput) Index(i pulumi.IntInput) SamlKeyOutput

func (SamlKeyArrayOutput) ToSamlKeyArrayOutput 

func (o SamlKeyArrayOutput) ToSamlKeyArrayOutput() SamlKeyArrayOutput

func (SamlKeyArrayOutput) ToSamlKeyArrayOutputWithContext 

func (o SamlKeyArrayOutput) ToSamlKeyArrayOutputWithContext(ctx context.Context) SamlKeyArrayOutput

type SamlKeyInput 

type SamlKeyInput interface {
	pulumi.Input

	ToSamlKeyOutput() SamlKeyOutput
	ToSamlKeyOutputWithContext(ctx context.Context) SamlKeyOutput
}

type SamlKeyMap 

type SamlKeyMap map[string]SamlKeyInput

func (SamlKeyMap) ElementType 

func (SamlKeyMap) ElementType() reflect.Type

func (SamlKeyMap) ToSamlKeyMapOutput 

func (i SamlKeyMap) ToSamlKeyMapOutput() SamlKeyMapOutput

func (SamlKeyMap) ToSamlKeyMapOutputWithContext 

func (i SamlKeyMap) ToSamlKeyMapOutputWithContext(ctx context.Context) SamlKeyMapOutput

type SamlKeyMapInput 

type SamlKeyMapInput interface {
	pulumi.Input

	ToSamlKeyMapOutput() SamlKeyMapOutput
	ToSamlKeyMapOutputWithContext(context.Context) SamlKeyMapOutput
}

SamlKeyMapInput is an input type that accepts SamlKeyMap and SamlKeyMapOutput values. You can construct a concrete instance of `SamlKeyMapInput` via: 

SamlKeyMap{ "key": SamlKeyArgs{...} }

type SamlKeyMapOutput 

type SamlKeyMapOutput struct{ *pulumi.OutputState }

func (SamlKeyMapOutput) ElementType 

func (SamlKeyMapOutput) ElementType() reflect.Type

func (SamlKeyMapOutput) MapIndex 

func (o SamlKeyMapOutput) MapIndex(k pulumi.StringInput) SamlKeyOutput

func (SamlKeyMapOutput) ToSamlKeyMapOutput 

func (o SamlKeyMapOutput) ToSamlKeyMapOutput() SamlKeyMapOutput

func (SamlKeyMapOutput) ToSamlKeyMapOutputWithContext 

func (o SamlKeyMapOutput) ToSamlKeyMapOutputWithContext(ctx context.Context) SamlKeyMapOutput

type SamlKeyOutput 

type SamlKeyOutput struct{ *pulumi.OutputState }

func (SamlKeyOutput) Created 

func (o SamlKeyOutput) Created() pulumi.StringOutput

Date created.

func (SamlKeyOutput) ElementType 

func (SamlKeyOutput) ElementType() reflect.Type

func (SamlKeyOutput) ExpiresAt 

func (o SamlKeyOutput) ExpiresAt() pulumi.StringOutput

Date the cert expires.

func (SamlKeyOutput) Kid 

func (o SamlKeyOutput) Kid() pulumi.StringOutput

Key ID.

func (SamlKeyOutput) Kty 

func (o SamlKeyOutput) Kty() pulumi.StringOutput

Identifies the cryptographic algorithm family used with the key.

func (SamlKeyOutput) ToSamlKeyOutput 

func (o SamlKeyOutput) ToSamlKeyOutput() SamlKeyOutput

func (SamlKeyOutput) ToSamlKeyOutputWithContext 

func (o SamlKeyOutput) ToSamlKeyOutputWithContext(ctx context.Context) SamlKeyOutput

func (SamlKeyOutput) Use 

func (o SamlKeyOutput) Use() pulumi.StringOutput

Intended use of the public key.

func (SamlKeyOutput) X5cs 

func (o SamlKeyOutput) X5cs() pulumi.StringArrayOutput

base64-encoded X.509 certificate chain with DER encoding.

func (SamlKeyOutput) X5tS256 

func (o SamlKeyOutput) X5tS256() pulumi.StringOutput

base64url-encoded SHA-256 thumbprint of the DER encoding of an X.509 certificate.

type SamlKeyState 

type SamlKeyState struct {
	// Date created.
	Created pulumi.StringPtrInput
	// Date the cert expires.
	ExpiresAt pulumi.StringPtrInput
	// Key ID.
	Kid pulumi.StringPtrInput
	// Identifies the cryptographic algorithm family used with the key.
	Kty pulumi.StringPtrInput
	// Intended use of the public key.
	Use pulumi.StringPtrInput
	// base64-encoded X.509 certificate chain with DER encoding.
	X5cs pulumi.StringArrayInput
	// base64url-encoded SHA-256 thumbprint of the DER encoding of an X.509 certificate.
	X5tS256 pulumi.StringPtrInput
}

func (SamlKeyState) ElementType 

func (SamlKeyState) ElementType() reflect.Type

type SamlMap 

type SamlMap map[string]SamlInput

func (SamlMap) ElementType 

func (SamlMap) ElementType() reflect.Type

func (SamlMap) ToSamlMapOutput 

func (i SamlMap) ToSamlMapOutput() SamlMapOutput

func (SamlMap) ToSamlMapOutputWithContext 

func (i SamlMap) ToSamlMapOutputWithContext(ctx context.Context) SamlMapOutput

type SamlMapInput 

type SamlMapInput interface {
	pulumi.Input

	ToSamlMapOutput() SamlMapOutput
	ToSamlMapOutputWithContext(context.Context) SamlMapOutput
}

SamlMapInput is an input type that accepts SamlMap and SamlMapOutput values. You can construct a concrete instance of `SamlMapInput` via: 

SamlMap{ "key": SamlArgs{...} }

type SamlMapOutput 

type SamlMapOutput struct{ *pulumi.OutputState }

func (SamlMapOutput) ElementType 

func (SamlMapOutput) ElementType() reflect.Type

func (SamlMapOutput) MapIndex 

func (o SamlMapOutput) MapIndex(k pulumi.StringInput) SamlOutput

func (SamlMapOutput) ToSamlMapOutput 

func (o SamlMapOutput) ToSamlMapOutput() SamlMapOutput

func (SamlMapOutput) ToSamlMapOutputWithContext 

func (o SamlMapOutput) ToSamlMapOutputWithContext(ctx context.Context) SamlMapOutput

type SamlOutput 

type SamlOutput struct{ *pulumi.OutputState }

func (SamlOutput) AccountLinkAction 

func (o SamlOutput) AccountLinkAction() pulumi.StringPtrOutput

Specifies the account linking action for an IdP user.

func (SamlOutput) AccountLinkGroupIncludes 

func (o SamlOutput) AccountLinkGroupIncludes() pulumi.StringArrayOutput

Group memberships to determine link candidates.

func (SamlOutput) AcsBinding 

func (o SamlOutput) AcsBinding() pulumi.StringOutput

func (SamlOutput) AcsType 

func (o SamlOutput) AcsType() pulumi.StringPtrOutput

The type of ACS. It can be `"INSTANCE"` or `"ORG"`.

func (SamlOutput) Audience 

func (o SamlOutput) Audience() pulumi.StringOutput

The audience restriction for the IdP.

func (SamlOutput) DeprovisionedAction 

func (o SamlOutput) DeprovisionedAction() pulumi.StringPtrOutput

Action for a previously deprovisioned IdP user during authentication. Can be `"NONE"` or `"REACTIVATE"`.

func (SamlOutput) ElementType 

func (SamlOutput) ElementType() reflect.Type

func (SamlOutput) GroupsAction 

func (o SamlOutput) GroupsAction() pulumi.StringPtrOutput

Provisioning action for IdP user's group memberships. It can be `"NONE"`, `"SYNC"`, `"APPEND"`, or `"ASSIGN"`.

func (SamlOutput) GroupsAssignments 

func (o SamlOutput) GroupsAssignments() pulumi.StringArrayOutput

List of Okta Group IDs to add an IdP user as a member with the `"ASSIGN"` `groupsAction`.

func (SamlOutput) GroupsAttribute 

func (o SamlOutput) GroupsAttribute() pulumi.StringPtrOutput

IdP user profile attribute name (case-insensitive) for an array value that contains group memberships.

func (SamlOutput) GroupsFilters 

func (o SamlOutput) GroupsFilters() pulumi.StringArrayOutput

Whitelist of Okta Group identifiers that are allowed for the `"APPEND"` or `"SYNC"` `groupsAction`.

func (SamlOutput) Issuer 

func (o SamlOutput) Issuer() pulumi.StringOutput

URI that identifies the issuer.

func (SamlOutput) IssuerMode 

func (o SamlOutput) IssuerMode() pulumi.StringPtrOutput

Indicates whether Okta uses the original Okta org domain URL, or a custom domain URL. It can be `"ORG_URL"` or `"CUSTOM_URL"`.

func (SamlOutput) Kid 

func (o SamlOutput) Kid() pulumi.StringOutput

The ID of the signing key.

func (SamlOutput) MaxClockSkew 

func (o SamlOutput) MaxClockSkew() pulumi.IntPtrOutput

Maximum allowable clock-skew when processing messages from the IdP.

func (SamlOutput) Name 

func (o SamlOutput) Name() pulumi.StringOutput

The Application's display name.

func (SamlOutput) NameFormat 

func (o SamlOutput) NameFormat() pulumi.StringPtrOutput

The name identifier format to use. By default `"urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"`.

func (SamlOutput) ProfileMaster 

func (o SamlOutput) ProfileMaster() pulumi.BoolPtrOutput

Determines if the IdP should act as a source of truth for user profile attributes.

func (SamlOutput) ProvisioningAction 

func (o SamlOutput) ProvisioningAction() pulumi.StringPtrOutput

Provisioning action for an IdP user during authentication.

func (SamlOutput) RequestSignatureAlgorithm 

func (o SamlOutput) RequestSignatureAlgorithm() pulumi.StringPtrOutput

The XML digital signature algorithm used when signing an AuthnRequest message. It can be `"SHA-256"` or `"SHA-1"`.

func (SamlOutput) RequestSignatureScope 

func (o SamlOutput) RequestSignatureScope() pulumi.StringPtrOutput

Specifies whether to digitally sign an AuthnRequest messages to the IdP. It can be `"REQUEST"` or `"NONE"`.

func (SamlOutput) ResponseSignatureAlgorithm 

func (o SamlOutput) ResponseSignatureAlgorithm() pulumi.StringPtrOutput

The minimum XML digital signature algorithm allowed when verifying a SAMLResponse message or Assertion element. It can be `"SHA-256"` or `"SHA-1"`.

func (SamlOutput) ResponseSignatureScope 

func (o SamlOutput) ResponseSignatureScope() pulumi.StringPtrOutput

Specifies whether to verify a SAMLResponse message or Assertion element XML digital signature. It can be `"RESPONSE"`, `"ASSERTION"`, or `"ANY"`.

func (SamlOutput) SsoBinding 

func (o SamlOutput) SsoBinding() pulumi.StringPtrOutput

The method of making an SSO request. It can be set to `"HTTP-POST"` or `"HTTP-REDIRECT"`.

func (SamlOutput) SsoDestination 

func (o SamlOutput) SsoDestination() pulumi.StringPtrOutput

URI reference indicating the address to which the AuthnRequest message is sent.

func (SamlOutput) SsoUrl 

func (o SamlOutput) SsoUrl() pulumi.StringOutput

URL of binding-specific endpoint to send an AuthnRequest message to IdP.

func (SamlOutput) Status 

func (o SamlOutput) Status() pulumi.StringPtrOutput

Status of the IdP.

func (SamlOutput) SubjectFilter 

func (o SamlOutput) SubjectFilter() pulumi.StringPtrOutput

Optional regular expression pattern used to filter untrusted IdP usernames.

func (SamlOutput) SubjectFormats 

func (o SamlOutput) SubjectFormats() pulumi.StringArrayOutput

The name format. By default `"urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"`.

func (SamlOutput) SubjectMatchAttribute 

func (o SamlOutput) SubjectMatchAttribute() pulumi.StringPtrOutput

Okta user profile attribute for matching transformed IdP username. Only for matchType `"CUSTOM_ATTRIBUTE"`.

func (SamlOutput) SubjectMatchType 

func (o SamlOutput) SubjectMatchType() pulumi.StringPtrOutput

Determines the Okta user profile attribute match conditions for account linking and authentication of the transformed IdP username. By default, it is set to `"USERNAME"`. It can be set to `"USERNAME"`, `"EMAIL"`, `"USERNAME_OR_EMAIL"` or `"CUSTOM_ATTRIBUTE"`.

func (SamlOutput) SuspendedAction 

func (o SamlOutput) SuspendedAction() pulumi.StringPtrOutput

Action for a previously suspended IdP user during authentication. Can be set to `"NONE"` or `"UNSUSPEND"`

func (SamlOutput) ToSamlOutput 

func (o SamlOutput) ToSamlOutput() SamlOutput

func (SamlOutput) ToSamlOutputWithContext 

func (o SamlOutput) ToSamlOutputWithContext(ctx context.Context) SamlOutput

func (SamlOutput) Type 

func (o SamlOutput) Type() pulumi.StringOutput

Type of the IdP.

func (SamlOutput) UserTypeId 

func (o SamlOutput) UserTypeId() pulumi.StringOutput

User type ID. Can be used as `targetId` in the `profile.Mapping` resource.

func (SamlOutput) UsernameTemplate 

func (o SamlOutput) UsernameTemplate() pulumi.StringPtrOutput

Okta EL Expression to generate or transform a unique username for the IdP user.

type SamlState 

type SamlState struct {
	// Specifies the account linking action for an IdP user.
	AccountLinkAction pulumi.StringPtrInput
	// Group memberships to determine link candidates.
	AccountLinkGroupIncludes pulumi.StringArrayInput
	AcsBinding               pulumi.StringPtrInput
	// The type of ACS. It can be `"INSTANCE"` or `"ORG"`.
	AcsType pulumi.StringPtrInput
	// The audience restriction for the IdP.
	Audience pulumi.StringPtrInput
	// Action for a previously deprovisioned IdP user during authentication. Can be `"NONE"` or `"REACTIVATE"`.
	DeprovisionedAction pulumi.StringPtrInput
	// Provisioning action for IdP user's group memberships. It can be `"NONE"`, `"SYNC"`, `"APPEND"`, or `"ASSIGN"`.
	GroupsAction pulumi.StringPtrInput
	// List of Okta Group IDs to add an IdP user as a member with the `"ASSIGN"` `groupsAction`.
	GroupsAssignments pulumi.StringArrayInput
	// IdP user profile attribute name (case-insensitive) for an array value that contains group memberships.
	GroupsAttribute pulumi.StringPtrInput
	// Whitelist of Okta Group identifiers that are allowed for the `"APPEND"` or `"SYNC"` `groupsAction`.
	GroupsFilters pulumi.StringArrayInput
	// URI that identifies the issuer.
	Issuer pulumi.StringPtrInput
	// Indicates whether Okta uses the original Okta org domain URL, or a custom domain URL. It can be `"ORG_URL"` or `"CUSTOM_URL"`.
	IssuerMode pulumi.StringPtrInput
	// The ID of the signing key.
	Kid pulumi.StringPtrInput
	// Maximum allowable clock-skew when processing messages from the IdP.
	MaxClockSkew pulumi.IntPtrInput
	// The Application's display name.
	Name pulumi.StringPtrInput
	// The name identifier format to use. By default `"urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"`.
	NameFormat pulumi.StringPtrInput
	// Determines if the IdP should act as a source of truth for user profile attributes.
	ProfileMaster pulumi.BoolPtrInput
	// Provisioning action for an IdP user during authentication.
	ProvisioningAction pulumi.StringPtrInput
	// The XML digital signature algorithm used when signing an AuthnRequest message. It can be `"SHA-256"` or `"SHA-1"`.
	RequestSignatureAlgorithm pulumi.StringPtrInput
	// Specifies whether to digitally sign an AuthnRequest messages to the IdP. It can be `"REQUEST"` or `"NONE"`.
	RequestSignatureScope pulumi.StringPtrInput
	// The minimum XML digital signature algorithm allowed when verifying a SAMLResponse message or Assertion element. It can be `"SHA-256"` or `"SHA-1"`.
	ResponseSignatureAlgorithm pulumi.StringPtrInput
	// Specifies whether to verify a SAMLResponse message or Assertion element XML digital signature. It can be `"RESPONSE"`, `"ASSERTION"`, or `"ANY"`.
	ResponseSignatureScope pulumi.StringPtrInput
	// The method of making an SSO request. It can be set to `"HTTP-POST"` or `"HTTP-REDIRECT"`.
	SsoBinding pulumi.StringPtrInput
	// URI reference indicating the address to which the AuthnRequest message is sent.
	SsoDestination pulumi.StringPtrInput
	// URL of binding-specific endpoint to send an AuthnRequest message to IdP.
	SsoUrl pulumi.StringPtrInput
	// Status of the IdP.
	Status pulumi.StringPtrInput
	// Optional regular expression pattern used to filter untrusted IdP usernames.
	SubjectFilter pulumi.StringPtrInput
	// The name format. By default `"urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"`.
	SubjectFormats pulumi.StringArrayInput
	// Okta user profile attribute for matching transformed IdP username. Only for matchType `"CUSTOM_ATTRIBUTE"`.
	SubjectMatchAttribute pulumi.StringPtrInput
	// Determines the Okta user profile attribute match conditions for account linking and authentication of the transformed IdP username. By default, it is set to `"USERNAME"`. It can be set to `"USERNAME"`, `"EMAIL"`, `"USERNAME_OR_EMAIL"` or `"CUSTOM_ATTRIBUTE"`.
	SubjectMatchType pulumi.StringPtrInput
	// Action for a previously suspended IdP user during authentication. Can be set to `"NONE"` or `"UNSUSPEND"`
	SuspendedAction pulumi.StringPtrInput
	// Type of the IdP.
	Type pulumi.StringPtrInput
	// User type ID. Can be used as `targetId` in the `profile.Mapping` resource.
	UserTypeId pulumi.StringPtrInput
	// Okta EL Expression to generate or transform a unique username for the IdP user.
	UsernameTemplate pulumi.StringPtrInput
}

func (SamlState) ElementType 

func (SamlState) ElementType() reflect.Type

type Social 

type Social struct {
	pulumi.CustomResourceState

	// Specifies the account linking action for an IdP user.
	AccountLinkAction pulumi.StringPtrOutput `pulumi:"accountLinkAction"`
	// Group memberships to determine link candidates.
	AccountLinkGroupIncludes pulumi.StringArrayOutput `pulumi:"accountLinkGroupIncludes"`
	// The Key ID that you obtained from Apple when you created the private key for the client.
	AppleKid pulumi.StringPtrOutput `pulumi:"appleKid"`
	// The Key ID that you obtained from Apple when you created the private
	// key for the client. PrivateKey is required when resource is first created. For all consecutive updates, it can be empty/omitted
	// and keeps the existing value if it is empty/omitted. PrivateKey isn't returned when importing this resource.
	ApplePrivateKey pulumi.StringPtrOutput `pulumi:"applePrivateKey"`
	// The Team ID associated with your Apple developer account.
	AppleTeamId pulumi.StringPtrOutput `pulumi:"appleTeamId"`
	// The method of making an authorization request. It can be set to `"HTTP-POST"` or `"HTTP-REDIRECT"`.
	AuthorizationBinding pulumi.StringOutput `pulumi:"authorizationBinding"`
	// IdP Authorization Server (AS) endpoint to request consent from the user and obtain an authorization code grant.
	AuthorizationUrl pulumi.StringOutput `pulumi:"authorizationUrl"`
	// Unique identifier issued by AS for the Okta IdP instance.
	ClientId pulumi.StringPtrOutput `pulumi:"clientId"`
	// Client secret issued by AS for the Okta IdP instance.
	ClientSecret pulumi.StringPtrOutput `pulumi:"clientSecret"`
	// Action for a previously deprovisioned IdP user during authentication. Can be `"NONE"` or `"REACTIVATE"`.
	DeprovisionedAction pulumi.StringPtrOutput `pulumi:"deprovisionedAction"`
	// Provisioning action for IdP user's group memberships. It can be `"NONE"`, `"SYNC"`, `"APPEND"`, or `"ASSIGN"`.
	GroupsAction pulumi.StringPtrOutput `pulumi:"groupsAction"`
	// List of Okta Group IDs to add an IdP user as a member with the `"ASSIGN"` `groupsAction`.
	GroupsAssignments pulumi.StringArrayOutput `pulumi:"groupsAssignments"`
	// IdP user profile attribute name (case-insensitive) for an array value that contains group memberships.
	GroupsAttribute pulumi.StringPtrOutput `pulumi:"groupsAttribute"`
	// Whitelist of Okta Group identifiers that are allowed for the `"APPEND"` or `"SYNC"` `groupsAction`.
	GroupsFilters pulumi.StringArrayOutput `pulumi:"groupsFilters"`
	// Indicates whether Okta uses the original Okta org domain URL, or a custom domain URL. It can be `"ORG_URL"` or `"CUSTOM_URL"`.
	IssuerMode pulumi.StringPtrOutput `pulumi:"issuerMode"`
	// Maximum allowable clock-skew when processing messages from the IdP.
	MaxClockSkew pulumi.IntPtrOutput `pulumi:"maxClockSkew"`
	// The Application's display name.
	Name pulumi.StringOutput `pulumi:"name"`
	// Determines if the IdP should act as a source of truth for user profile attributes.
	ProfileMaster pulumi.BoolPtrOutput `pulumi:"profileMaster"`
	// The type of protocol to use. It can be `"OIDC"` or `"OAUTH2"`.
	ProtocolType pulumi.StringPtrOutput `pulumi:"protocolType"`
	// Provisioning action for an IdP user during authentication.
	ProvisioningAction pulumi.StringPtrOutput `pulumi:"provisioningAction"`
	// The scopes of the IdP.
	Scopes pulumi.StringArrayOutput `pulumi:"scopes"`
	// Status of the IdP.
	Status pulumi.StringPtrOutput `pulumi:"status"`
	// Okta user profile attribute for matching transformed IdP username. Only for matchType `"CUSTOM_ATTRIBUTE"`.
	SubjectMatchAttribute pulumi.StringPtrOutput `pulumi:"subjectMatchAttribute"`
	// Determines the Okta user profile attribute match conditions for account linking and authentication of the transformed IdP username. By default, it is set to `"USERNAME"`. It can be set to `"USERNAME"`, `"EMAIL"`, `"USERNAME_OR_EMAIL"` or `"CUSTOM_ATTRIBUTE"`.
	SubjectMatchType pulumi.StringPtrOutput `pulumi:"subjectMatchType"`
	// Action for a previously suspended IdP user during authentication. Can be set to `"NONE"` or `"UNSUSPEND"`
	SuspendedAction pulumi.StringPtrOutput `pulumi:"suspendedAction"`
	// The method of making a token request. It can be set to `"HTTP-POST"` or `"HTTP-REDIRECT"`.
	TokenBinding pulumi.StringOutput `pulumi:"tokenBinding"`
	// IdP Authorization Server (AS) endpoint to exchange the authorization code grant for an access token.
	TokenUrl pulumi.StringOutput `pulumi:"tokenUrl"`
	// The type of Social IdP. See API docs [Identity Provider Type](https://developer.okta.com/docs/reference/api/idps/#identity-provider-type)
	Type pulumi.StringOutput `pulumi:"type"`
	// Okta EL Expression to generate or transform a unique username for the IdP user.
	UsernameTemplate pulumi.StringPtrOutput `pulumi:"usernameTemplate"`
}

Creates a Social Identity Provider.

This resource allows you to create and configure a Social Identity Provider.

## Example Usage

<!--Start PulumiCodeChooser --> ```go package main

import ( 

"github.com/pulumi/pulumi-okta/sdk/v4/go/okta/idp"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := idp.NewSocial(ctx, "example", &idp.SocialArgs{
			ClientId:     pulumi.String("abcd123"),
			ClientSecret: pulumi.String("abcd123"),
			ProtocolType: pulumi.String("OAUTH2"),
			Scopes: pulumi.StringArray{
				pulumi.String("public_profile"),
				pulumi.String("email"),
			},
			Type:             pulumi.String("FACEBOOK"),
			UsernameTemplate: pulumi.String("idpuser.email"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` <!--End PulumiCodeChooser -->

## Import

A Social IdP can be imported via the Okta ID.

```sh $ pulumi import okta:idp/social:Social example &#60;idp id&#62; ```

func GetSocial 

func GetSocial(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *SocialState, opts ...pulumi.ResourceOption) (*Social, error)

GetSocial gets an existing Social resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewSocial 

func NewSocial(ctx *pulumi.Context,
	name string, args *SocialArgs, opts ...pulumi.ResourceOption) (*Social, error)

NewSocial registers a new resource with the given unique name, arguments, and options.

func (*Social) ElementType 

func (*Social) ElementType() reflect.Type

func (*Social) ToSocialOutput 

func (i *Social) ToSocialOutput() SocialOutput

func (*Social) ToSocialOutputWithContext 

func (i *Social) ToSocialOutputWithContext(ctx context.Context) SocialOutput

type SocialArgs 

type SocialArgs struct {
	// Specifies the account linking action for an IdP user.
	AccountLinkAction pulumi.StringPtrInput
	// Group memberships to determine link candidates.
	AccountLinkGroupIncludes pulumi.StringArrayInput
	// The Key ID that you obtained from Apple when you created the private key for the client.
	AppleKid pulumi.StringPtrInput
	// The Key ID that you obtained from Apple when you created the private
	// key for the client. PrivateKey is required when resource is first created. For all consecutive updates, it can be empty/omitted
	// and keeps the existing value if it is empty/omitted. PrivateKey isn't returned when importing this resource.
	ApplePrivateKey pulumi.StringPtrInput
	// The Team ID associated with your Apple developer account.
	AppleTeamId pulumi.StringPtrInput
	// Unique identifier issued by AS for the Okta IdP instance.
	ClientId pulumi.StringPtrInput
	// Client secret issued by AS for the Okta IdP instance.
	ClientSecret pulumi.StringPtrInput
	// Action for a previously deprovisioned IdP user during authentication. Can be `"NONE"` or `"REACTIVATE"`.
	DeprovisionedAction pulumi.StringPtrInput
	// Provisioning action for IdP user's group memberships. It can be `"NONE"`, `"SYNC"`, `"APPEND"`, or `"ASSIGN"`.
	GroupsAction pulumi.StringPtrInput
	// List of Okta Group IDs to add an IdP user as a member with the `"ASSIGN"` `groupsAction`.
	GroupsAssignments pulumi.StringArrayInput
	// IdP user profile attribute name (case-insensitive) for an array value that contains group memberships.
	GroupsAttribute pulumi.StringPtrInput
	// Whitelist of Okta Group identifiers that are allowed for the `"APPEND"` or `"SYNC"` `groupsAction`.
	GroupsFilters pulumi.StringArrayInput
	// Indicates whether Okta uses the original Okta org domain URL, or a custom domain URL. It can be `"ORG_URL"` or `"CUSTOM_URL"`.
	IssuerMode pulumi.StringPtrInput
	// Maximum allowable clock-skew when processing messages from the IdP.
	MaxClockSkew pulumi.IntPtrInput
	// The Application's display name.
	Name pulumi.StringPtrInput
	// Determines if the IdP should act as a source of truth for user profile attributes.
	ProfileMaster pulumi.BoolPtrInput
	// The type of protocol to use. It can be `"OIDC"` or `"OAUTH2"`.
	ProtocolType pulumi.StringPtrInput
	// Provisioning action for an IdP user during authentication.
	ProvisioningAction pulumi.StringPtrInput
	// The scopes of the IdP.
	Scopes pulumi.StringArrayInput
	// Status of the IdP.
	Status pulumi.StringPtrInput
	// Okta user profile attribute for matching transformed IdP username. Only for matchType `"CUSTOM_ATTRIBUTE"`.
	SubjectMatchAttribute pulumi.StringPtrInput
	// Determines the Okta user profile attribute match conditions for account linking and authentication of the transformed IdP username. By default, it is set to `"USERNAME"`. It can be set to `"USERNAME"`, `"EMAIL"`, `"USERNAME_OR_EMAIL"` or `"CUSTOM_ATTRIBUTE"`.
	SubjectMatchType pulumi.StringPtrInput
	// Action for a previously suspended IdP user during authentication. Can be set to `"NONE"` or `"UNSUSPEND"`
	SuspendedAction pulumi.StringPtrInput
	// The type of Social IdP. See API docs [Identity Provider Type](https://developer.okta.com/docs/reference/api/idps/#identity-provider-type)
	Type pulumi.StringInput
	// Okta EL Expression to generate or transform a unique username for the IdP user.
	UsernameTemplate pulumi.StringPtrInput
}

The set of arguments for constructing a Social resource.

func (SocialArgs) ElementType 

func (SocialArgs) ElementType() reflect.Type

type SocialArray 

type SocialArray []SocialInput

func (SocialArray) ElementType 

func (SocialArray) ElementType() reflect.Type

func (SocialArray) ToSocialArrayOutput 

func (i SocialArray) ToSocialArrayOutput() SocialArrayOutput

func (SocialArray) ToSocialArrayOutputWithContext 

func (i SocialArray) ToSocialArrayOutputWithContext(ctx context.Context) SocialArrayOutput

type SocialArrayInput 

type SocialArrayInput interface {
	pulumi.Input

	ToSocialArrayOutput() SocialArrayOutput
	ToSocialArrayOutputWithContext(context.Context) SocialArrayOutput
}

SocialArrayInput is an input type that accepts SocialArray and SocialArrayOutput values. You can construct a concrete instance of `SocialArrayInput` via: 

SocialArray{ SocialArgs{...} }

type SocialArrayOutput 

type SocialArrayOutput struct{ *pulumi.OutputState }

func (SocialArrayOutput) ElementType 

func (SocialArrayOutput) ElementType() reflect.Type

func (SocialArrayOutput) Index 

func (o SocialArrayOutput) Index(i pulumi.IntInput) SocialOutput

func (SocialArrayOutput) ToSocialArrayOutput 

func (o SocialArrayOutput) ToSocialArrayOutput() SocialArrayOutput

func (SocialArrayOutput) ToSocialArrayOutputWithContext 

func (o SocialArrayOutput) ToSocialArrayOutputWithContext(ctx context.Context) SocialArrayOutput

type SocialInput 

type SocialInput interface {
	pulumi.Input

	ToSocialOutput() SocialOutput
	ToSocialOutputWithContext(ctx context.Context) SocialOutput
}

type SocialMap 

type SocialMap map[string]SocialInput

func (SocialMap) ElementType 

func (SocialMap) ElementType() reflect.Type

func (SocialMap) ToSocialMapOutput 

func (i SocialMap) ToSocialMapOutput() SocialMapOutput

func (SocialMap) ToSocialMapOutputWithContext 

func (i SocialMap) ToSocialMapOutputWithContext(ctx context.Context) SocialMapOutput

type SocialMapInput 

type SocialMapInput interface {
	pulumi.Input

	ToSocialMapOutput() SocialMapOutput
	ToSocialMapOutputWithContext(context.Context) SocialMapOutput
}

SocialMapInput is an input type that accepts SocialMap and SocialMapOutput values. You can construct a concrete instance of `SocialMapInput` via: 

SocialMap{ "key": SocialArgs{...} }

type SocialMapOutput 

type SocialMapOutput struct{ *pulumi.OutputState }

func (SocialMapOutput) ElementType 

func (SocialMapOutput) ElementType() reflect.Type

func (SocialMapOutput) MapIndex 

func (o SocialMapOutput) MapIndex(k pulumi.StringInput) SocialOutput

func (SocialMapOutput) ToSocialMapOutput 

func (o SocialMapOutput) ToSocialMapOutput() SocialMapOutput

func (SocialMapOutput) ToSocialMapOutputWithContext 

func (o SocialMapOutput) ToSocialMapOutputWithContext(ctx context.Context) SocialMapOutput

type SocialOutput 

type SocialOutput struct{ *pulumi.OutputState }

func (SocialOutput) AccountLinkAction 

func (o SocialOutput) AccountLinkAction() pulumi.StringPtrOutput

Specifies the account linking action for an IdP user.

func (SocialOutput) AccountLinkGroupIncludes 

func (o SocialOutput) AccountLinkGroupIncludes() pulumi.StringArrayOutput

Group memberships to determine link candidates.

func (SocialOutput) AppleKid 

func (o SocialOutput) AppleKid() pulumi.StringPtrOutput

The Key ID that you obtained from Apple when you created the private key for the client.

func (SocialOutput) ApplePrivateKey 

func (o SocialOutput) ApplePrivateKey() pulumi.StringPtrOutput

The Key ID that you obtained from Apple when you created the private key for the client. PrivateKey is required when resource is first created. For all consecutive updates, it can be empty/omitted and keeps the existing value if it is empty/omitted. PrivateKey isn't returned when importing this resource.

func (SocialOutput) AppleTeamId 

func (o SocialOutput) AppleTeamId() pulumi.StringPtrOutput

The Team ID associated with your Apple developer account.

func (SocialOutput) AuthorizationBinding 

func (o SocialOutput) AuthorizationBinding() pulumi.StringOutput

The method of making an authorization request. It can be set to `"HTTP-POST"` or `"HTTP-REDIRECT"`.

func (SocialOutput) AuthorizationUrl 

func (o SocialOutput) AuthorizationUrl() pulumi.StringOutput

IdP Authorization Server (AS) endpoint to request consent from the user and obtain an authorization code grant.

func (SocialOutput) ClientId 

func (o SocialOutput) ClientId() pulumi.StringPtrOutput

Unique identifier issued by AS for the Okta IdP instance.

func (SocialOutput) ClientSecret 

func (o SocialOutput) ClientSecret() pulumi.StringPtrOutput

Client secret issued by AS for the Okta IdP instance.

func (SocialOutput) DeprovisionedAction 

func (o SocialOutput) DeprovisionedAction() pulumi.StringPtrOutput

Action for a previously deprovisioned IdP user during authentication. Can be `"NONE"` or `"REACTIVATE"`.

func (SocialOutput) ElementType 

func (SocialOutput) ElementType() reflect.Type

func (SocialOutput) GroupsAction 

func (o SocialOutput) GroupsAction() pulumi.StringPtrOutput

Provisioning action for IdP user's group memberships. It can be `"NONE"`, `"SYNC"`, `"APPEND"`, or `"ASSIGN"`.

func (SocialOutput) GroupsAssignments 

func (o SocialOutput) GroupsAssignments() pulumi.StringArrayOutput

List of Okta Group IDs to add an IdP user as a member with the `"ASSIGN"` `groupsAction`.

func (SocialOutput) GroupsAttribute 

func (o SocialOutput) GroupsAttribute() pulumi.StringPtrOutput

IdP user profile attribute name (case-insensitive) for an array value that contains group memberships.

func (SocialOutput) GroupsFilters 

func (o SocialOutput) GroupsFilters() pulumi.StringArrayOutput

Whitelist of Okta Group identifiers that are allowed for the `"APPEND"` or `"SYNC"` `groupsAction`.

func (SocialOutput) IssuerMode 

func (o SocialOutput) IssuerMode() pulumi.StringPtrOutput

Indicates whether Okta uses the original Okta org domain URL, or a custom domain URL. It can be `"ORG_URL"` or `"CUSTOM_URL"`.

func (SocialOutput) MaxClockSkew 

func (o SocialOutput) MaxClockSkew() pulumi.IntPtrOutput

Maximum allowable clock-skew when processing messages from the IdP.

func (SocialOutput) Name 

func (o SocialOutput) Name() pulumi.StringOutput

The Application's display name.

func (SocialOutput) ProfileMaster 

func (o SocialOutput) ProfileMaster() pulumi.BoolPtrOutput

Determines if the IdP should act as a source of truth for user profile attributes.

func (SocialOutput) ProtocolType 

func (o SocialOutput) ProtocolType() pulumi.StringPtrOutput

The type of protocol to use. It can be `"OIDC"` or `"OAUTH2"`.

func (SocialOutput) ProvisioningAction 

func (o SocialOutput) ProvisioningAction() pulumi.StringPtrOutput

Provisioning action for an IdP user during authentication.

func (SocialOutput) Scopes 

func (o SocialOutput) Scopes() pulumi.StringArrayOutput

The scopes of the IdP.

func (SocialOutput) Status 

func (o SocialOutput) Status() pulumi.StringPtrOutput

Status of the IdP.

func (SocialOutput) SubjectMatchAttribute 

func (o SocialOutput) SubjectMatchAttribute() pulumi.StringPtrOutput

Okta user profile attribute for matching transformed IdP username. Only for matchType `"CUSTOM_ATTRIBUTE"`.

func (SocialOutput) SubjectMatchType 

func (o SocialOutput) SubjectMatchType() pulumi.StringPtrOutput

Determines the Okta user profile attribute match conditions for account linking and authentication of the transformed IdP username. By default, it is set to `"USERNAME"`. It can be set to `"USERNAME"`, `"EMAIL"`, `"USERNAME_OR_EMAIL"` or `"CUSTOM_ATTRIBUTE"`.

func (SocialOutput) SuspendedAction 

func (o SocialOutput) SuspendedAction() pulumi.StringPtrOutput

Action for a previously suspended IdP user during authentication. Can be set to `"NONE"` or `"UNSUSPEND"`

func (SocialOutput) ToSocialOutput 

func (o SocialOutput) ToSocialOutput() SocialOutput

func (SocialOutput) ToSocialOutputWithContext 

func (o SocialOutput) ToSocialOutputWithContext(ctx context.Context) SocialOutput

func (SocialOutput) TokenBinding 

func (o SocialOutput) TokenBinding() pulumi.StringOutput

The method of making a token request. It can be set to `"HTTP-POST"` or `"HTTP-REDIRECT"`.

func (SocialOutput) TokenUrl 

func (o SocialOutput) TokenUrl() pulumi.StringOutput

IdP Authorization Server (AS) endpoint to exchange the authorization code grant for an access token.

func (SocialOutput) Type 

func (o SocialOutput) Type() pulumi.StringOutput

The type of Social IdP. See API docs [Identity Provider Type](https://developer.okta.com/docs/reference/api/idps/#identity-provider-type)

func (SocialOutput) UsernameTemplate 

func (o SocialOutput) UsernameTemplate() pulumi.StringPtrOutput

Okta EL Expression to generate or transform a unique username for the IdP user.

type SocialState 

type SocialState struct {
	// Specifies the account linking action for an IdP user.
	AccountLinkAction pulumi.StringPtrInput
	// Group memberships to determine link candidates.
	AccountLinkGroupIncludes pulumi.StringArrayInput
	// The Key ID that you obtained from Apple when you created the private key for the client.
	AppleKid pulumi.StringPtrInput
	// The Key ID that you obtained from Apple when you created the private
	// key for the client. PrivateKey is required when resource is first created. For all consecutive updates, it can be empty/omitted
	// and keeps the existing value if it is empty/omitted. PrivateKey isn't returned when importing this resource.
	ApplePrivateKey pulumi.StringPtrInput
	// The Team ID associated with your Apple developer account.
	AppleTeamId pulumi.StringPtrInput
	// The method of making an authorization request. It can be set to `"HTTP-POST"` or `"HTTP-REDIRECT"`.
	AuthorizationBinding pulumi.StringPtrInput
	// IdP Authorization Server (AS) endpoint to request consent from the user and obtain an authorization code grant.
	AuthorizationUrl pulumi.StringPtrInput
	// Unique identifier issued by AS for the Okta IdP instance.
	ClientId pulumi.StringPtrInput
	// Client secret issued by AS for the Okta IdP instance.
	ClientSecret pulumi.StringPtrInput
	// Action for a previously deprovisioned IdP user during authentication. Can be `"NONE"` or `"REACTIVATE"`.
	DeprovisionedAction pulumi.StringPtrInput
	// Provisioning action for IdP user's group memberships. It can be `"NONE"`, `"SYNC"`, `"APPEND"`, or `"ASSIGN"`.
	GroupsAction pulumi.StringPtrInput
	// List of Okta Group IDs to add an IdP user as a member with the `"ASSIGN"` `groupsAction`.
	GroupsAssignments pulumi.StringArrayInput
	// IdP user profile attribute name (case-insensitive) for an array value that contains group memberships.
	GroupsAttribute pulumi.StringPtrInput
	// Whitelist of Okta Group identifiers that are allowed for the `"APPEND"` or `"SYNC"` `groupsAction`.
	GroupsFilters pulumi.StringArrayInput
	// Indicates whether Okta uses the original Okta org domain URL, or a custom domain URL. It can be `"ORG_URL"` or `"CUSTOM_URL"`.
	IssuerMode pulumi.StringPtrInput
	// Maximum allowable clock-skew when processing messages from the IdP.
	MaxClockSkew pulumi.IntPtrInput
	// The Application's display name.
	Name pulumi.StringPtrInput
	// Determines if the IdP should act as a source of truth for user profile attributes.
	ProfileMaster pulumi.BoolPtrInput
	// The type of protocol to use. It can be `"OIDC"` or `"OAUTH2"`.
	ProtocolType pulumi.StringPtrInput
	// Provisioning action for an IdP user during authentication.
	ProvisioningAction pulumi.StringPtrInput
	// The scopes of the IdP.
	Scopes pulumi.StringArrayInput
	// Status of the IdP.
	Status pulumi.StringPtrInput
	// Okta user profile attribute for matching transformed IdP username. Only for matchType `"CUSTOM_ATTRIBUTE"`.
	SubjectMatchAttribute pulumi.StringPtrInput
	// Determines the Okta user profile attribute match conditions for account linking and authentication of the transformed IdP username. By default, it is set to `"USERNAME"`. It can be set to `"USERNAME"`, `"EMAIL"`, `"USERNAME_OR_EMAIL"` or `"CUSTOM_ATTRIBUTE"`.
	SubjectMatchType pulumi.StringPtrInput
	// Action for a previously suspended IdP user during authentication. Can be set to `"NONE"` or `"UNSUSPEND"`
	SuspendedAction pulumi.StringPtrInput
	// The method of making a token request. It can be set to `"HTTP-POST"` or `"HTTP-REDIRECT"`.
	TokenBinding pulumi.StringPtrInput
	// IdP Authorization Server (AS) endpoint to exchange the authorization code grant for an access token.
	TokenUrl pulumi.StringPtrInput
	// The type of Social IdP. See API docs [Identity Provider Type](https://developer.okta.com/docs/reference/api/idps/#identity-provider-type)
	Type pulumi.StringPtrInput
	// Okta EL Expression to generate or transform a unique username for the IdP user.
	UsernameTemplate pulumi.StringPtrInput
}

func (SocialState) ElementType 

func (SocialState) ElementType() reflect.Type

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.