Documentation ¶
Index ¶
- type GetMetadataSamlArgs
- type GetMetadataSamlOutputArgs
- type GetMetadataSamlResult
- type GetMetadataSamlResultOutput
- func (o GetMetadataSamlResultOutput) AssertionsSigned() pulumi.BoolOutput
- func (o GetMetadataSamlResultOutput) AuthnRequestSigned() pulumi.BoolOutput
- func (GetMetadataSamlResultOutput) ElementType() reflect.Type
- func (o GetMetadataSamlResultOutput) EncryptionCertificate() pulumi.StringOutput
- func (o GetMetadataSamlResultOutput) EntityId() pulumi.StringOutput
- func (o GetMetadataSamlResultOutput) HttpPostBinding() pulumi.StringOutput
- func (o GetMetadataSamlResultOutput) HttpRedirectBinding() pulumi.StringOutput
- func (o GetMetadataSamlResultOutput) Id() pulumi.StringOutput
- func (o GetMetadataSamlResultOutput) IdpId() pulumi.StringPtrOutput
- func (o GetMetadataSamlResultOutput) Metadata() pulumi.StringOutput
- func (o GetMetadataSamlResultOutput) SigningCertificate() pulumi.StringOutput
- func (o GetMetadataSamlResultOutput) ToGetMetadataSamlResultOutput() GetMetadataSamlResultOutput
- func (o GetMetadataSamlResultOutput) ToGetMetadataSamlResultOutputWithContext(ctx context.Context) GetMetadataSamlResultOutput
- type LookupOidcArgs
- type LookupOidcOutputArgs
- type LookupOidcResult
- type LookupOidcResultOutput
- func (o LookupOidcResultOutput) AuthorizationBinding() pulumi.StringOutput
- func (o LookupOidcResultOutput) AuthorizationUrl() pulumi.StringOutput
- func (o LookupOidcResultOutput) ClientId() pulumi.StringOutput
- func (o LookupOidcResultOutput) ClientSecret() pulumi.StringOutput
- func (LookupOidcResultOutput) ElementType() reflect.Type
- func (o LookupOidcResultOutput) Id() pulumi.StringPtrOutput
- func (o LookupOidcResultOutput) IssuerMode() pulumi.StringOutput
- func (o LookupOidcResultOutput) IssuerUrl() pulumi.StringOutput
- func (o LookupOidcResultOutput) JwksBinding() pulumi.StringOutput
- func (o LookupOidcResultOutput) JwksUrl() pulumi.StringOutput
- func (o LookupOidcResultOutput) MaxClockSkew() pulumi.IntOutput
- func (o LookupOidcResultOutput) Name() pulumi.StringPtrOutput
- func (o LookupOidcResultOutput) ProtocolType() pulumi.StringOutput
- func (o LookupOidcResultOutput) Scopes() pulumi.StringArrayOutput
- func (o LookupOidcResultOutput) ToLookupOidcResultOutput() LookupOidcResultOutput
- func (o LookupOidcResultOutput) ToLookupOidcResultOutputWithContext(ctx context.Context) LookupOidcResultOutput
- func (o LookupOidcResultOutput) TokenBinding() pulumi.StringOutput
- func (o LookupOidcResultOutput) TokenUrl() pulumi.StringOutput
- func (o LookupOidcResultOutput) Type() pulumi.StringOutput
- func (o LookupOidcResultOutput) UserInfoBinding() pulumi.StringOutput
- func (o LookupOidcResultOutput) UserInfoUrl() pulumi.StringOutput
- type LookupSamlArgs
- type LookupSamlOutputArgs
- type LookupSamlResult
- type LookupSamlResultOutput
- func (o LookupSamlResultOutput) AcsBinding() pulumi.StringOutput
- func (o LookupSamlResultOutput) AcsType() pulumi.StringOutput
- func (o LookupSamlResultOutput) Audience() pulumi.StringOutput
- func (LookupSamlResultOutput) ElementType() reflect.Type
- func (o LookupSamlResultOutput) Id() pulumi.StringPtrOutput
- func (o LookupSamlResultOutput) Issuer() pulumi.StringOutput
- func (o LookupSamlResultOutput) IssuerMode() pulumi.StringOutput
- func (o LookupSamlResultOutput) Kid() pulumi.StringOutput
- func (o LookupSamlResultOutput) Name() pulumi.StringPtrOutput
- func (o LookupSamlResultOutput) SsoBinding() pulumi.StringOutput
- func (o LookupSamlResultOutput) SsoDestination() pulumi.StringOutput
- func (o LookupSamlResultOutput) SsoUrl() pulumi.StringOutput
- func (o LookupSamlResultOutput) SubjectFilter() pulumi.StringOutput
- func (o LookupSamlResultOutput) SubjectFormats() pulumi.StringArrayOutput
- func (o LookupSamlResultOutput) ToLookupSamlResultOutput() LookupSamlResultOutput
- func (o LookupSamlResultOutput) ToLookupSamlResultOutputWithContext(ctx context.Context) LookupSamlResultOutput
- func (o LookupSamlResultOutput) Type() pulumi.StringOutput
- type LookupSocialArgs
- type LookupSocialOutputArgs
- type LookupSocialResult
- type LookupSocialResultOutput
- func (o LookupSocialResultOutput) AccountLinkAction() pulumi.StringOutput
- func (o LookupSocialResultOutput) AccountLinkGroupIncludes() pulumi.StringArrayOutput
- func (o LookupSocialResultOutput) AuthorizationBinding() pulumi.StringOutput
- func (o LookupSocialResultOutput) AuthorizationUrl() pulumi.StringOutput
- func (o LookupSocialResultOutput) ClientId() pulumi.StringOutput
- func (o LookupSocialResultOutput) ClientSecret() pulumi.StringOutput
- func (o LookupSocialResultOutput) DeprovisionedAction() pulumi.StringOutput
- func (LookupSocialResultOutput) ElementType() reflect.Type
- func (o LookupSocialResultOutput) GroupsAction() pulumi.StringOutput
- func (o LookupSocialResultOutput) GroupsAssignments() pulumi.StringArrayOutput
- func (o LookupSocialResultOutput) GroupsAttribute() pulumi.StringOutput
- func (o LookupSocialResultOutput) GroupsFilters() pulumi.StringArrayOutput
- func (o LookupSocialResultOutput) Id() pulumi.StringPtrOutput
- func (o LookupSocialResultOutput) IssuerMode() pulumi.StringOutput
- func (o LookupSocialResultOutput) MaxClockSkew() pulumi.IntOutput
- func (o LookupSocialResultOutput) Name() pulumi.StringPtrOutput
- func (o LookupSocialResultOutput) ProfileMaster() pulumi.BoolOutput
- func (o LookupSocialResultOutput) ProtocolType() pulumi.StringOutput
- func (o LookupSocialResultOutput) ProvisioningAction() pulumi.StringOutput
- func (o LookupSocialResultOutput) Scopes() pulumi.StringArrayOutput
- func (o LookupSocialResultOutput) Status() pulumi.StringOutput
- func (o LookupSocialResultOutput) SubjectMatchAttribute() pulumi.StringOutput
- func (o LookupSocialResultOutput) SubjectMatchType() pulumi.StringOutput
- func (o LookupSocialResultOutput) SuspendedAction() pulumi.StringOutput
- func (o LookupSocialResultOutput) ToLookupSocialResultOutput() LookupSocialResultOutput
- func (o LookupSocialResultOutput) ToLookupSocialResultOutputWithContext(ctx context.Context) LookupSocialResultOutput
- func (o LookupSocialResultOutput) TokenBinding() pulumi.StringOutput
- func (o LookupSocialResultOutput) TokenUrl() pulumi.StringOutput
- func (o LookupSocialResultOutput) Type() pulumi.StringOutput
- func (o LookupSocialResultOutput) UsernameTemplate() pulumi.StringOutput
- type Oidc
- type OidcArgs
- type OidcArray
- type OidcArrayInput
- type OidcArrayOutput
- type OidcInput
- type OidcMap
- type OidcMapInput
- type OidcMapOutput
- type OidcOutput
- func (o OidcOutput) AccountLinkAction() pulumi.StringPtrOutput
- func (o OidcOutput) AccountLinkGroupIncludes() pulumi.StringArrayOutput
- func (o OidcOutput) AuthorizationBinding() pulumi.StringOutput
- func (o OidcOutput) AuthorizationUrl() pulumi.StringOutput
- func (o OidcOutput) ClientId() pulumi.StringOutput
- func (o OidcOutput) ClientSecret() pulumi.StringOutput
- func (o OidcOutput) DeprovisionedAction() pulumi.StringPtrOutput
- func (OidcOutput) ElementType() reflect.Type
- func (o OidcOutput) GroupsAction() pulumi.StringPtrOutput
- func (o OidcOutput) GroupsAssignments() pulumi.StringArrayOutput
- func (o OidcOutput) GroupsAttribute() pulumi.StringPtrOutput
- func (o OidcOutput) GroupsFilters() pulumi.StringArrayOutput
- func (o OidcOutput) IssuerMode() pulumi.StringPtrOutput
- func (o OidcOutput) IssuerUrl() pulumi.StringOutput
- func (o OidcOutput) JwksBinding() pulumi.StringOutput
- func (o OidcOutput) JwksUrl() pulumi.StringOutput
- func (o OidcOutput) MaxClockSkew() pulumi.IntPtrOutput
- func (o OidcOutput) Name() pulumi.StringOutput
- func (o OidcOutput) ProfileMaster() pulumi.BoolPtrOutput
- func (o OidcOutput) ProtocolType() pulumi.StringPtrOutput
- func (o OidcOutput) ProvisioningAction() pulumi.StringPtrOutput
- func (o OidcOutput) RequestSignatureAlgorithm() pulumi.StringPtrOutput
- func (o OidcOutput) RequestSignatureScope() pulumi.StringPtrOutput
- func (o OidcOutput) Scopes() pulumi.StringArrayOutput
- func (o OidcOutput) Status() pulumi.StringPtrOutput
- func (o OidcOutput) SubjectMatchAttribute() pulumi.StringPtrOutput
- func (o OidcOutput) SubjectMatchType() pulumi.StringPtrOutput
- func (o OidcOutput) SuspendedAction() pulumi.StringPtrOutput
- func (o OidcOutput) ToOidcOutput() OidcOutput
- func (o OidcOutput) ToOidcOutputWithContext(ctx context.Context) OidcOutput
- func (o OidcOutput) TokenBinding() pulumi.StringOutput
- func (o OidcOutput) TokenUrl() pulumi.StringOutput
- func (o OidcOutput) Type() pulumi.StringOutput
- func (o OidcOutput) UserInfoBinding() pulumi.StringPtrOutput
- func (o OidcOutput) UserInfoUrl() pulumi.StringPtrOutput
- func (o OidcOutput) UserTypeId() pulumi.StringOutput
- func (o OidcOutput) UsernameTemplate() pulumi.StringPtrOutput
- type OidcState
- type Saml
- type SamlArgs
- type SamlArray
- type SamlArrayInput
- type SamlArrayOutput
- type SamlInput
- type SamlKey
- type SamlKeyArgs
- type SamlKeyArray
- type SamlKeyArrayInput
- type SamlKeyArrayOutput
- type SamlKeyInput
- type SamlKeyMap
- type SamlKeyMapInput
- type SamlKeyMapOutput
- type SamlKeyOutput
- func (o SamlKeyOutput) Created() pulumi.StringOutput
- func (SamlKeyOutput) ElementType() reflect.Type
- func (o SamlKeyOutput) ExpiresAt() pulumi.StringOutput
- func (o SamlKeyOutput) Kid() pulumi.StringOutput
- func (o SamlKeyOutput) Kty() pulumi.StringOutput
- func (o SamlKeyOutput) ToSamlKeyOutput() SamlKeyOutput
- func (o SamlKeyOutput) ToSamlKeyOutputWithContext(ctx context.Context) SamlKeyOutput
- func (o SamlKeyOutput) Use() pulumi.StringOutput
- func (o SamlKeyOutput) X5cs() pulumi.StringArrayOutput
- func (o SamlKeyOutput) X5tS256() pulumi.StringOutput
- type SamlKeyState
- type SamlMap
- type SamlMapInput
- type SamlMapOutput
- type SamlOutput
- func (o SamlOutput) AccountLinkAction() pulumi.StringPtrOutput
- func (o SamlOutput) AccountLinkGroupIncludes() pulumi.StringArrayOutput
- func (o SamlOutput) AcsBinding() pulumi.StringOutput
- func (o SamlOutput) AcsType() pulumi.StringPtrOutput
- func (o SamlOutput) Audience() pulumi.StringOutput
- func (o SamlOutput) DeprovisionedAction() pulumi.StringPtrOutput
- func (SamlOutput) ElementType() reflect.Type
- func (o SamlOutput) GroupsAction() pulumi.StringPtrOutput
- func (o SamlOutput) GroupsAssignments() pulumi.StringArrayOutput
- func (o SamlOutput) GroupsAttribute() pulumi.StringPtrOutput
- func (o SamlOutput) GroupsFilters() pulumi.StringArrayOutput
- func (o SamlOutput) Issuer() pulumi.StringOutput
- func (o SamlOutput) IssuerMode() pulumi.StringPtrOutput
- func (o SamlOutput) Kid() pulumi.StringOutput
- func (o SamlOutput) MaxClockSkew() pulumi.IntPtrOutput
- func (o SamlOutput) Name() pulumi.StringOutput
- func (o SamlOutput) NameFormat() pulumi.StringPtrOutput
- func (o SamlOutput) ProfileMaster() pulumi.BoolPtrOutput
- func (o SamlOutput) ProvisioningAction() pulumi.StringPtrOutput
- func (o SamlOutput) RequestSignatureAlgorithm() pulumi.StringPtrOutput
- func (o SamlOutput) RequestSignatureScope() pulumi.StringPtrOutput
- func (o SamlOutput) ResponseSignatureAlgorithm() pulumi.StringPtrOutput
- func (o SamlOutput) ResponseSignatureScope() pulumi.StringPtrOutput
- func (o SamlOutput) SsoBinding() pulumi.StringPtrOutput
- func (o SamlOutput) SsoDestination() pulumi.StringPtrOutput
- func (o SamlOutput) SsoUrl() pulumi.StringOutput
- func (o SamlOutput) Status() pulumi.StringPtrOutput
- func (o SamlOutput) SubjectFilter() pulumi.StringPtrOutput
- func (o SamlOutput) SubjectFormats() pulumi.StringArrayOutput
- func (o SamlOutput) SubjectMatchAttribute() pulumi.StringPtrOutput
- func (o SamlOutput) SubjectMatchType() pulumi.StringPtrOutput
- func (o SamlOutput) SuspendedAction() pulumi.StringPtrOutput
- func (o SamlOutput) ToSamlOutput() SamlOutput
- func (o SamlOutput) ToSamlOutputWithContext(ctx context.Context) SamlOutput
- func (o SamlOutput) Type() pulumi.StringOutput
- func (o SamlOutput) UserTypeId() pulumi.StringOutput
- func (o SamlOutput) UsernameTemplate() pulumi.StringPtrOutput
- type SamlState
- type Social
- type SocialArgs
- type SocialArray
- type SocialArrayInput
- type SocialArrayOutput
- type SocialInput
- type SocialMap
- type SocialMapInput
- type SocialMapOutput
- type SocialOutput
- func (o SocialOutput) AccountLinkAction() pulumi.StringPtrOutput
- func (o SocialOutput) AccountLinkGroupIncludes() pulumi.StringArrayOutput
- func (o SocialOutput) AppleKid() pulumi.StringPtrOutput
- func (o SocialOutput) ApplePrivateKey() pulumi.StringPtrOutput
- func (o SocialOutput) AppleTeamId() pulumi.StringPtrOutput
- func (o SocialOutput) AuthorizationBinding() pulumi.StringOutput
- func (o SocialOutput) AuthorizationUrl() pulumi.StringOutput
- func (o SocialOutput) ClientId() pulumi.StringPtrOutput
- func (o SocialOutput) ClientSecret() pulumi.StringPtrOutput
- func (o SocialOutput) DeprovisionedAction() pulumi.StringPtrOutput
- func (SocialOutput) ElementType() reflect.Type
- func (o SocialOutput) GroupsAction() pulumi.StringPtrOutput
- func (o SocialOutput) GroupsAssignments() pulumi.StringArrayOutput
- func (o SocialOutput) GroupsAttribute() pulumi.StringPtrOutput
- func (o SocialOutput) GroupsFilters() pulumi.StringArrayOutput
- func (o SocialOutput) IssuerMode() pulumi.StringPtrOutput
- func (o SocialOutput) MaxClockSkew() pulumi.IntPtrOutput
- func (o SocialOutput) Name() pulumi.StringOutput
- func (o SocialOutput) ProfileMaster() pulumi.BoolPtrOutput
- func (o SocialOutput) ProtocolType() pulumi.StringPtrOutput
- func (o SocialOutput) ProvisioningAction() pulumi.StringPtrOutput
- func (o SocialOutput) Scopes() pulumi.StringArrayOutput
- func (o SocialOutput) Status() pulumi.StringPtrOutput
- func (o SocialOutput) SubjectMatchAttribute() pulumi.StringPtrOutput
- func (o SocialOutput) SubjectMatchType() pulumi.StringPtrOutput
- func (o SocialOutput) SuspendedAction() pulumi.StringPtrOutput
- func (o SocialOutput) ToSocialOutput() SocialOutput
- func (o SocialOutput) ToSocialOutputWithContext(ctx context.Context) SocialOutput
- func (o SocialOutput) TokenBinding() pulumi.StringOutput
- func (o SocialOutput) TokenUrl() pulumi.StringOutput
- func (o SocialOutput) Type() pulumi.StringOutput
- func (o SocialOutput) UsernameTemplate() pulumi.StringPtrOutput
- type SocialState
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type GetMetadataSamlArgs ¶
type GetMetadataSamlArgs struct { // The id of the IdP to retrieve metadata for. IdpId *string `pulumi:"idpId"` }
A collection of arguments for invoking getMetadataSaml.
type GetMetadataSamlOutputArgs ¶
type GetMetadataSamlOutputArgs struct { // The id of the IdP to retrieve metadata for. IdpId pulumi.StringPtrInput `pulumi:"idpId"` }
A collection of arguments for invoking getMetadataSaml.
func (GetMetadataSamlOutputArgs) ElementType ¶
func (GetMetadataSamlOutputArgs) ElementType() reflect.Type
type GetMetadataSamlResult ¶
type GetMetadataSamlResult struct { // whether assertions are signed. AssertionsSigned bool `pulumi:"assertionsSigned"` // whether authn requests are signed. AuthnRequestSigned bool `pulumi:"authnRequestSigned"` // SAML request encryption certificate. EncryptionCertificate string `pulumi:"encryptionCertificate"` // Entity URL for instance `https://www.okta.com/saml2/service-provider/sposcfdmlybtwkdcgtuf`. EntityId string `pulumi:"entityId"` // urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Post location from the SAML metadata. HttpPostBinding string `pulumi:"httpPostBinding"` // urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect location from the SAML metadata. HttpRedirectBinding string `pulumi:"httpRedirectBinding"` // The provider-assigned unique ID for this managed resource. Id string `pulumi:"id"` IdpId *string `pulumi:"idpId"` // raw IdP metadata. Metadata string `pulumi:"metadata"` // SAML request signing certificate. SigningCertificate string `pulumi:"signingCertificate"` }
A collection of values returned by getMetadataSaml.
func GetMetadataSaml ¶
func GetMetadataSaml(ctx *pulumi.Context, args *GetMetadataSamlArgs, opts ...pulumi.InvokeOption) (*GetMetadataSamlResult, error)
Use this data source to retrieve SAML IdP metadata from Okta.
## Example Usage
<!--Start PulumiCodeChooser --> ```go package main
import (
"github.com/pulumi/pulumi-okta/sdk/v4/go/okta/idp" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := idp.GetMetadataSaml(ctx, &idp.GetMetadataSamlArgs{ IdpId: pulumi.StringRef("<idp id>"), }, nil) if err != nil { return err } return nil }) }
``` <!--End PulumiCodeChooser -->
type GetMetadataSamlResultOutput ¶
type GetMetadataSamlResultOutput struct{ *pulumi.OutputState }
A collection of values returned by getMetadataSaml.
func GetMetadataSamlOutput ¶
func GetMetadataSamlOutput(ctx *pulumi.Context, args GetMetadataSamlOutputArgs, opts ...pulumi.InvokeOption) GetMetadataSamlResultOutput
func (GetMetadataSamlResultOutput) AssertionsSigned ¶
func (o GetMetadataSamlResultOutput) AssertionsSigned() pulumi.BoolOutput
whether assertions are signed.
func (GetMetadataSamlResultOutput) AuthnRequestSigned ¶
func (o GetMetadataSamlResultOutput) AuthnRequestSigned() pulumi.BoolOutput
whether authn requests are signed.
func (GetMetadataSamlResultOutput) ElementType ¶
func (GetMetadataSamlResultOutput) ElementType() reflect.Type
func (GetMetadataSamlResultOutput) EncryptionCertificate ¶
func (o GetMetadataSamlResultOutput) EncryptionCertificate() pulumi.StringOutput
SAML request encryption certificate.
func (GetMetadataSamlResultOutput) EntityId ¶
func (o GetMetadataSamlResultOutput) EntityId() pulumi.StringOutput
Entity URL for instance `https://www.okta.com/saml2/service-provider/sposcfdmlybtwkdcgtuf`.
func (GetMetadataSamlResultOutput) HttpPostBinding ¶
func (o GetMetadataSamlResultOutput) HttpPostBinding() pulumi.StringOutput
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Post location from the SAML metadata.
func (GetMetadataSamlResultOutput) HttpRedirectBinding ¶
func (o GetMetadataSamlResultOutput) HttpRedirectBinding() pulumi.StringOutput
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect location from the SAML metadata.
func (GetMetadataSamlResultOutput) Id ¶
func (o GetMetadataSamlResultOutput) Id() pulumi.StringOutput
The provider-assigned unique ID for this managed resource.
func (GetMetadataSamlResultOutput) IdpId ¶
func (o GetMetadataSamlResultOutput) IdpId() pulumi.StringPtrOutput
func (GetMetadataSamlResultOutput) Metadata ¶
func (o GetMetadataSamlResultOutput) Metadata() pulumi.StringOutput
raw IdP metadata.
func (GetMetadataSamlResultOutput) SigningCertificate ¶
func (o GetMetadataSamlResultOutput) SigningCertificate() pulumi.StringOutput
SAML request signing certificate.
func (GetMetadataSamlResultOutput) ToGetMetadataSamlResultOutput ¶
func (o GetMetadataSamlResultOutput) ToGetMetadataSamlResultOutput() GetMetadataSamlResultOutput
func (GetMetadataSamlResultOutput) ToGetMetadataSamlResultOutputWithContext ¶
func (o GetMetadataSamlResultOutput) ToGetMetadataSamlResultOutputWithContext(ctx context.Context) GetMetadataSamlResultOutput
type LookupOidcArgs ¶
type LookupOidcArgs struct { // The id of the idp to retrieve, conflicts with `name`. Id *string `pulumi:"id"` // The name of the idp to retrieve, conflicts with `id`. Name *string `pulumi:"name"` }
A collection of arguments for invoking getOidc.
type LookupOidcOutputArgs ¶
type LookupOidcOutputArgs struct { // The id of the idp to retrieve, conflicts with `name`. Id pulumi.StringPtrInput `pulumi:"id"` // The name of the idp to retrieve, conflicts with `id`. Name pulumi.StringPtrInput `pulumi:"name"` }
A collection of arguments for invoking getOidc.
func (LookupOidcOutputArgs) ElementType ¶
func (LookupOidcOutputArgs) ElementType() reflect.Type
type LookupOidcResult ¶
type LookupOidcResult struct { // The method of making an authorization request. AuthorizationBinding string `pulumi:"authorizationBinding"` // IdP Authorization Server (AS) endpoint to request consent from the user and obtain an authorization code grant. AuthorizationUrl string `pulumi:"authorizationUrl"` // Unique identifier issued by AS for the Okta IdP instance. ClientId string `pulumi:"clientId"` // Client secret issued by AS for the Okta IdP instance. ClientSecret string `pulumi:"clientSecret"` // id of idp. Id *string `pulumi:"id"` // Indicates whether Okta uses the original Okta org domain URL, a custom domain URL, or dynamic. IssuerMode string `pulumi:"issuerMode"` // URI that identifies the issuer. IssuerUrl string `pulumi:"issuerUrl"` // The method of making a request for the OIDC JWKS. JwksBinding string `pulumi:"jwksBinding"` // Endpoint where the keys signer publishes its keys in a JWK Set. JwksUrl string `pulumi:"jwksUrl"` // Maximum allowable clock-skew when processing messages from the IdP. MaxClockSkew int `pulumi:"maxClockSkew"` // name of the idp. Name *string `pulumi:"name"` // The type of protocol to use. ProtocolType string `pulumi:"protocolType"` // The scopes of the IdP. Scopes []string `pulumi:"scopes"` // The method of making a token request. TokenBinding string `pulumi:"tokenBinding"` // IdP Authorization Server (AS) endpoint to exchange the authorization code grant for an access token. TokenUrl string `pulumi:"tokenUrl"` // type of idp. Type string `pulumi:"type"` // The method of making a user info request. UserInfoBinding string `pulumi:"userInfoBinding"` // Protected resource endpoint that returns claims about the authenticated user. UserInfoUrl string `pulumi:"userInfoUrl"` }
A collection of values returned by getOidc.
func LookupOidc ¶
func LookupOidc(ctx *pulumi.Context, args *LookupOidcArgs, opts ...pulumi.InvokeOption) (*LookupOidcResult, error)
Use this data source to retrieve a OIDC IdP from Okta.
## Example Usage
<!--Start PulumiCodeChooser --> ```go package main
import (
"github.com/pulumi/pulumi-okta/sdk/v4/go/okta/idp" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := idp.LookupOidc(ctx, &idp.LookupOidcArgs{ Name: pulumi.StringRef("Example Provider"), }, nil) if err != nil { return err } return nil }) }
``` <!--End PulumiCodeChooser -->
type LookupOidcResultOutput ¶
type LookupOidcResultOutput struct{ *pulumi.OutputState }
A collection of values returned by getOidc.
func LookupOidcOutput ¶
func LookupOidcOutput(ctx *pulumi.Context, args LookupOidcOutputArgs, opts ...pulumi.InvokeOption) LookupOidcResultOutput
func (LookupOidcResultOutput) AuthorizationBinding ¶
func (o LookupOidcResultOutput) AuthorizationBinding() pulumi.StringOutput
The method of making an authorization request.
func (LookupOidcResultOutput) AuthorizationUrl ¶
func (o LookupOidcResultOutput) AuthorizationUrl() pulumi.StringOutput
IdP Authorization Server (AS) endpoint to request consent from the user and obtain an authorization code grant.
func (LookupOidcResultOutput) ClientId ¶
func (o LookupOidcResultOutput) ClientId() pulumi.StringOutput
Unique identifier issued by AS for the Okta IdP instance.
func (LookupOidcResultOutput) ClientSecret ¶
func (o LookupOidcResultOutput) ClientSecret() pulumi.StringOutput
Client secret issued by AS for the Okta IdP instance.
func (LookupOidcResultOutput) ElementType ¶
func (LookupOidcResultOutput) ElementType() reflect.Type
func (LookupOidcResultOutput) Id ¶
func (o LookupOidcResultOutput) Id() pulumi.StringPtrOutput
id of idp.
func (LookupOidcResultOutput) IssuerMode ¶
func (o LookupOidcResultOutput) IssuerMode() pulumi.StringOutput
Indicates whether Okta uses the original Okta org domain URL, a custom domain URL, or dynamic.
func (LookupOidcResultOutput) IssuerUrl ¶
func (o LookupOidcResultOutput) IssuerUrl() pulumi.StringOutput
URI that identifies the issuer.
func (LookupOidcResultOutput) JwksBinding ¶
func (o LookupOidcResultOutput) JwksBinding() pulumi.StringOutput
The method of making a request for the OIDC JWKS.
func (LookupOidcResultOutput) JwksUrl ¶
func (o LookupOidcResultOutput) JwksUrl() pulumi.StringOutput
Endpoint where the keys signer publishes its keys in a JWK Set.
func (LookupOidcResultOutput) MaxClockSkew ¶
func (o LookupOidcResultOutput) MaxClockSkew() pulumi.IntOutput
Maximum allowable clock-skew when processing messages from the IdP.
func (LookupOidcResultOutput) Name ¶
func (o LookupOidcResultOutput) Name() pulumi.StringPtrOutput
name of the idp.
func (LookupOidcResultOutput) ProtocolType ¶
func (o LookupOidcResultOutput) ProtocolType() pulumi.StringOutput
The type of protocol to use.
func (LookupOidcResultOutput) Scopes ¶
func (o LookupOidcResultOutput) Scopes() pulumi.StringArrayOutput
The scopes of the IdP.
func (LookupOidcResultOutput) ToLookupOidcResultOutput ¶
func (o LookupOidcResultOutput) ToLookupOidcResultOutput() LookupOidcResultOutput
func (LookupOidcResultOutput) ToLookupOidcResultOutputWithContext ¶
func (o LookupOidcResultOutput) ToLookupOidcResultOutputWithContext(ctx context.Context) LookupOidcResultOutput
func (LookupOidcResultOutput) TokenBinding ¶
func (o LookupOidcResultOutput) TokenBinding() pulumi.StringOutput
The method of making a token request.
func (LookupOidcResultOutput) TokenUrl ¶
func (o LookupOidcResultOutput) TokenUrl() pulumi.StringOutput
IdP Authorization Server (AS) endpoint to exchange the authorization code grant for an access token.
func (LookupOidcResultOutput) Type ¶
func (o LookupOidcResultOutput) Type() pulumi.StringOutput
type of idp.
func (LookupOidcResultOutput) UserInfoBinding ¶
func (o LookupOidcResultOutput) UserInfoBinding() pulumi.StringOutput
The method of making a user info request.
func (LookupOidcResultOutput) UserInfoUrl ¶
func (o LookupOidcResultOutput) UserInfoUrl() pulumi.StringOutput
Protected resource endpoint that returns claims about the authenticated user.
type LookupSamlArgs ¶
type LookupSamlArgs struct { // The id of the idp to retrieve, conflicts with `name`. Id *string `pulumi:"id"` // The name of the idp to retrieve, conflicts with `id`. Name *string `pulumi:"name"` }
A collection of arguments for invoking getSaml.
type LookupSamlOutputArgs ¶
type LookupSamlOutputArgs struct { // The id of the idp to retrieve, conflicts with `name`. Id pulumi.StringPtrInput `pulumi:"id"` // The name of the idp to retrieve, conflicts with `id`. Name pulumi.StringPtrInput `pulumi:"name"` }
A collection of arguments for invoking getSaml.
func (LookupSamlOutputArgs) ElementType ¶
func (LookupSamlOutputArgs) ElementType() reflect.Type
type LookupSamlResult ¶
type LookupSamlResult struct { AcsBinding string `pulumi:"acsBinding"` // Determines whether to publish an instance-specific (trust) or organization (shared) ACS endpoint in the SAML metadata. AcsType string `pulumi:"acsType"` // URI that identifies the target Okta IdP instance (SP) Audience string `pulumi:"audience"` // id of idp. Id *string `pulumi:"id"` // URI that identifies the issuer (IdP). Issuer string `pulumi:"issuer"` // indicates whether Okta uses the original Okta org domain URL, or a custom domain URL in the request to the IdP. IssuerMode string `pulumi:"issuerMode"` // Key ID reference to the IdP's X.509 signature certificate. Kid string `pulumi:"kid"` // name of the idp. Name *string `pulumi:"name"` // single sign-on binding. SsoBinding string `pulumi:"ssoBinding"` // SSO request binding, HTTP-POST or HTTP-REDIRECT. SsoDestination string `pulumi:"ssoDestination"` // single sign-on url. SsoUrl string `pulumi:"ssoUrl"` // regular expression pattern used to filter untrusted IdP usernames. SubjectFilter string `pulumi:"subjectFilter"` // Expression to generate or transform a unique username for the IdP user. SubjectFormats []string `pulumi:"subjectFormats"` // type of idp. Type string `pulumi:"type"` }
A collection of values returned by getSaml.
func LookupSaml ¶
func LookupSaml(ctx *pulumi.Context, args *LookupSamlArgs, opts ...pulumi.InvokeOption) (*LookupSamlResult, error)
Use this data source to retrieve a SAML IdP from Okta.
## Example Usage
<!--Start PulumiCodeChooser --> ```go package main
import (
"github.com/pulumi/pulumi-okta/sdk/v4/go/okta/idp" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := idp.LookupSaml(ctx, &idp.LookupSamlArgs{ Name: pulumi.StringRef("Example App"), }, nil) if err != nil { return err } return nil }) }
``` <!--End PulumiCodeChooser -->
type LookupSamlResultOutput ¶
type LookupSamlResultOutput struct{ *pulumi.OutputState }
A collection of values returned by getSaml.
func LookupSamlOutput ¶
func LookupSamlOutput(ctx *pulumi.Context, args LookupSamlOutputArgs, opts ...pulumi.InvokeOption) LookupSamlResultOutput
func (LookupSamlResultOutput) AcsBinding ¶
func (o LookupSamlResultOutput) AcsBinding() pulumi.StringOutput
func (LookupSamlResultOutput) AcsType ¶
func (o LookupSamlResultOutput) AcsType() pulumi.StringOutput
Determines whether to publish an instance-specific (trust) or organization (shared) ACS endpoint in the SAML metadata.
func (LookupSamlResultOutput) Audience ¶
func (o LookupSamlResultOutput) Audience() pulumi.StringOutput
URI that identifies the target Okta IdP instance (SP)
func (LookupSamlResultOutput) ElementType ¶
func (LookupSamlResultOutput) ElementType() reflect.Type
func (LookupSamlResultOutput) Id ¶
func (o LookupSamlResultOutput) Id() pulumi.StringPtrOutput
id of idp.
func (LookupSamlResultOutput) Issuer ¶
func (o LookupSamlResultOutput) Issuer() pulumi.StringOutput
URI that identifies the issuer (IdP).
func (LookupSamlResultOutput) IssuerMode ¶
func (o LookupSamlResultOutput) IssuerMode() pulumi.StringOutput
indicates whether Okta uses the original Okta org domain URL, or a custom domain URL in the request to the IdP.
func (LookupSamlResultOutput) Kid ¶
func (o LookupSamlResultOutput) Kid() pulumi.StringOutput
Key ID reference to the IdP's X.509 signature certificate.
func (LookupSamlResultOutput) Name ¶
func (o LookupSamlResultOutput) Name() pulumi.StringPtrOutput
name of the idp.
func (LookupSamlResultOutput) SsoBinding ¶
func (o LookupSamlResultOutput) SsoBinding() pulumi.StringOutput
single sign-on binding.
func (LookupSamlResultOutput) SsoDestination ¶
func (o LookupSamlResultOutput) SsoDestination() pulumi.StringOutput
SSO request binding, HTTP-POST or HTTP-REDIRECT.
func (LookupSamlResultOutput) SsoUrl ¶
func (o LookupSamlResultOutput) SsoUrl() pulumi.StringOutput
single sign-on url.
func (LookupSamlResultOutput) SubjectFilter ¶
func (o LookupSamlResultOutput) SubjectFilter() pulumi.StringOutput
regular expression pattern used to filter untrusted IdP usernames.
func (LookupSamlResultOutput) SubjectFormats ¶
func (o LookupSamlResultOutput) SubjectFormats() pulumi.StringArrayOutput
Expression to generate or transform a unique username for the IdP user.
func (LookupSamlResultOutput) ToLookupSamlResultOutput ¶
func (o LookupSamlResultOutput) ToLookupSamlResultOutput() LookupSamlResultOutput
func (LookupSamlResultOutput) ToLookupSamlResultOutputWithContext ¶
func (o LookupSamlResultOutput) ToLookupSamlResultOutputWithContext(ctx context.Context) LookupSamlResultOutput
func (LookupSamlResultOutput) Type ¶
func (o LookupSamlResultOutput) Type() pulumi.StringOutput
type of idp.
type LookupSocialArgs ¶
type LookupSocialArgs struct { // The id of the social idp to retrieve, conflicts with `name`. Id *string `pulumi:"id"` // The name of the social idp to retrieve, conflicts with `id`. Name *string `pulumi:"name"` }
A collection of arguments for invoking getSocial.
type LookupSocialOutputArgs ¶
type LookupSocialOutputArgs struct { // The id of the social idp to retrieve, conflicts with `name`. Id pulumi.StringPtrInput `pulumi:"id"` // The name of the social idp to retrieve, conflicts with `id`. Name pulumi.StringPtrInput `pulumi:"name"` }
A collection of arguments for invoking getSocial.
func (LookupSocialOutputArgs) ElementType ¶
func (LookupSocialOutputArgs) ElementType() reflect.Type
type LookupSocialResult ¶
type LookupSocialResult struct { // Specifies the account linking action for an IdP user. AccountLinkAction string `pulumi:"accountLinkAction"` // Group memberships to determine link candidates. AccountLinkGroupIncludes []string `pulumi:"accountLinkGroupIncludes"` // The method of making an authorization request. AuthorizationBinding string `pulumi:"authorizationBinding"` // IdP Authorization Server (AS) endpoint to request consent from the user and obtain an authorization code grant. AuthorizationUrl string `pulumi:"authorizationUrl"` // Unique identifier issued by AS for the Okta IdP instance. ClientId string `pulumi:"clientId"` // Client secret issued by AS for the Okta IdP instance. ClientSecret string `pulumi:"clientSecret"` // Action for a previously deprovisioned IdP user during authentication. DeprovisionedAction string `pulumi:"deprovisionedAction"` // Provisioning action for IdP user's group memberships. GroupsAction string `pulumi:"groupsAction"` // List of Okta Group IDs. GroupsAssignments []string `pulumi:"groupsAssignments"` // IdP user profile attribute name for an array value that contains group memberships. GroupsAttribute string `pulumi:"groupsAttribute"` // Whitelist of Okta Group identifiers. GroupsFilters []string `pulumi:"groupsFilters"` Id *string `pulumi:"id"` // Indicates whether Okta uses the original Okta org domain URL, or a custom domain URL. IssuerMode string `pulumi:"issuerMode"` // Maximum allowable clock-skew when processing messages from the IdP. MaxClockSkew int `pulumi:"maxClockSkew"` Name *string `pulumi:"name"` // Determines if the IdP should act as a source of truth for user profile attributes. ProfileMaster bool `pulumi:"profileMaster"` // The type of protocol to use. ProtocolType string `pulumi:"protocolType"` // Provisioning action for an IdP user during authentication. ProvisioningAction string `pulumi:"provisioningAction"` // The scopes of the IdP. Scopes []string `pulumi:"scopes"` // Status of the IdP. Status string `pulumi:"status"` // Okta user profile attribute for matching transformed IdP username. SubjectMatchAttribute string `pulumi:"subjectMatchAttribute"` // Determines the Okta user profile attribute match conditions for account linking and authentication of the transformed IdP username. SubjectMatchType string `pulumi:"subjectMatchType"` // Action for a previously suspended IdP user during authentication. SuspendedAction string `pulumi:"suspendedAction"` // The method of making a token request. TokenBinding string `pulumi:"tokenBinding"` // IdP Authorization Server (AS) endpoint to exchange the authorization code grant for an access token. TokenUrl string `pulumi:"tokenUrl"` // The type of Social IdP. See API docs [Identity Provider Type](https://developer.okta.com/docs/reference/api/idps/#identity-provider-type) Type string `pulumi:"type"` // Okta EL Expression to generate or transform a unique username for the IdP user. UsernameTemplate string `pulumi:"usernameTemplate"` }
A collection of values returned by getSocial.
func LookupSocial ¶
func LookupSocial(ctx *pulumi.Context, args *LookupSocialArgs, opts ...pulumi.InvokeOption) (*LookupSocialResult, error)
Use this data source to retrieve a social IdP from Okta, namely `APPLE`, `FACEBOOK`, `LINKEDIN`, `MICROSOFT`, or `GOOGLE`.
## Example Usage
<!--Start PulumiCodeChooser --> ```go package main
import (
"github.com/pulumi/pulumi-okta/sdk/v4/go/okta/idp" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := idp.LookupSocial(ctx, &idp.LookupSocialArgs{ Name: pulumi.StringRef("My Facebook IdP"), }, nil) if err != nil { return err } return nil }) }
``` <!--End PulumiCodeChooser -->
type LookupSocialResultOutput ¶
type LookupSocialResultOutput struct{ *pulumi.OutputState }
A collection of values returned by getSocial.
func LookupSocialOutput ¶
func LookupSocialOutput(ctx *pulumi.Context, args LookupSocialOutputArgs, opts ...pulumi.InvokeOption) LookupSocialResultOutput
func (LookupSocialResultOutput) AccountLinkAction ¶
func (o LookupSocialResultOutput) AccountLinkAction() pulumi.StringOutput
Specifies the account linking action for an IdP user.
func (LookupSocialResultOutput) AccountLinkGroupIncludes ¶
func (o LookupSocialResultOutput) AccountLinkGroupIncludes() pulumi.StringArrayOutput
Group memberships to determine link candidates.
func (LookupSocialResultOutput) AuthorizationBinding ¶
func (o LookupSocialResultOutput) AuthorizationBinding() pulumi.StringOutput
The method of making an authorization request.
func (LookupSocialResultOutput) AuthorizationUrl ¶
func (o LookupSocialResultOutput) AuthorizationUrl() pulumi.StringOutput
IdP Authorization Server (AS) endpoint to request consent from the user and obtain an authorization code grant.
func (LookupSocialResultOutput) ClientId ¶
func (o LookupSocialResultOutput) ClientId() pulumi.StringOutput
Unique identifier issued by AS for the Okta IdP instance.
func (LookupSocialResultOutput) ClientSecret ¶
func (o LookupSocialResultOutput) ClientSecret() pulumi.StringOutput
Client secret issued by AS for the Okta IdP instance.
func (LookupSocialResultOutput) DeprovisionedAction ¶
func (o LookupSocialResultOutput) DeprovisionedAction() pulumi.StringOutput
Action for a previously deprovisioned IdP user during authentication.
func (LookupSocialResultOutput) ElementType ¶
func (LookupSocialResultOutput) ElementType() reflect.Type
func (LookupSocialResultOutput) GroupsAction ¶
func (o LookupSocialResultOutput) GroupsAction() pulumi.StringOutput
Provisioning action for IdP user's group memberships.
func (LookupSocialResultOutput) GroupsAssignments ¶
func (o LookupSocialResultOutput) GroupsAssignments() pulumi.StringArrayOutput
List of Okta Group IDs.
func (LookupSocialResultOutput) GroupsAttribute ¶
func (o LookupSocialResultOutput) GroupsAttribute() pulumi.StringOutput
IdP user profile attribute name for an array value that contains group memberships.
func (LookupSocialResultOutput) GroupsFilters ¶
func (o LookupSocialResultOutput) GroupsFilters() pulumi.StringArrayOutput
Whitelist of Okta Group identifiers.
func (LookupSocialResultOutput) Id ¶
func (o LookupSocialResultOutput) Id() pulumi.StringPtrOutput
func (LookupSocialResultOutput) IssuerMode ¶
func (o LookupSocialResultOutput) IssuerMode() pulumi.StringOutput
Indicates whether Okta uses the original Okta org domain URL, or a custom domain URL.
func (LookupSocialResultOutput) MaxClockSkew ¶
func (o LookupSocialResultOutput) MaxClockSkew() pulumi.IntOutput
Maximum allowable clock-skew when processing messages from the IdP.
func (LookupSocialResultOutput) Name ¶
func (o LookupSocialResultOutput) Name() pulumi.StringPtrOutput
func (LookupSocialResultOutput) ProfileMaster ¶
func (o LookupSocialResultOutput) ProfileMaster() pulumi.BoolOutput
Determines if the IdP should act as a source of truth for user profile attributes.
func (LookupSocialResultOutput) ProtocolType ¶
func (o LookupSocialResultOutput) ProtocolType() pulumi.StringOutput
The type of protocol to use.
func (LookupSocialResultOutput) ProvisioningAction ¶
func (o LookupSocialResultOutput) ProvisioningAction() pulumi.StringOutput
Provisioning action for an IdP user during authentication.
func (LookupSocialResultOutput) Scopes ¶
func (o LookupSocialResultOutput) Scopes() pulumi.StringArrayOutput
The scopes of the IdP.
func (LookupSocialResultOutput) Status ¶
func (o LookupSocialResultOutput) Status() pulumi.StringOutput
Status of the IdP.
func (LookupSocialResultOutput) SubjectMatchAttribute ¶
func (o LookupSocialResultOutput) SubjectMatchAttribute() pulumi.StringOutput
Okta user profile attribute for matching transformed IdP username.
func (LookupSocialResultOutput) SubjectMatchType ¶
func (o LookupSocialResultOutput) SubjectMatchType() pulumi.StringOutput
Determines the Okta user profile attribute match conditions for account linking and authentication of the transformed IdP username.
func (LookupSocialResultOutput) SuspendedAction ¶
func (o LookupSocialResultOutput) SuspendedAction() pulumi.StringOutput
Action for a previously suspended IdP user during authentication.
func (LookupSocialResultOutput) ToLookupSocialResultOutput ¶
func (o LookupSocialResultOutput) ToLookupSocialResultOutput() LookupSocialResultOutput
func (LookupSocialResultOutput) ToLookupSocialResultOutputWithContext ¶
func (o LookupSocialResultOutput) ToLookupSocialResultOutputWithContext(ctx context.Context) LookupSocialResultOutput
func (LookupSocialResultOutput) TokenBinding ¶
func (o LookupSocialResultOutput) TokenBinding() pulumi.StringOutput
The method of making a token request.
func (LookupSocialResultOutput) TokenUrl ¶
func (o LookupSocialResultOutput) TokenUrl() pulumi.StringOutput
IdP Authorization Server (AS) endpoint to exchange the authorization code grant for an access token.
func (LookupSocialResultOutput) Type ¶
func (o LookupSocialResultOutput) Type() pulumi.StringOutput
The type of Social IdP. See API docs [Identity Provider Type](https://developer.okta.com/docs/reference/api/idps/#identity-provider-type)
func (LookupSocialResultOutput) UsernameTemplate ¶
func (o LookupSocialResultOutput) UsernameTemplate() pulumi.StringOutput
Okta EL Expression to generate or transform a unique username for the IdP user.
type Oidc ¶
type Oidc struct { pulumi.CustomResourceState // Specifies the account linking action for an IdP user. AccountLinkAction pulumi.StringPtrOutput `pulumi:"accountLinkAction"` // Group memberships to determine link candidates. AccountLinkGroupIncludes pulumi.StringArrayOutput `pulumi:"accountLinkGroupIncludes"` // The method of making an authorization request. It can be set to `"HTTP-POST"` or `"HTTP-REDIRECT"`. AuthorizationBinding pulumi.StringOutput `pulumi:"authorizationBinding"` // IdP Authorization Server (AS) endpoint to request consent from the user and obtain an authorization code grant. AuthorizationUrl pulumi.StringOutput `pulumi:"authorizationUrl"` // Unique identifier issued by AS for the Okta IdP instance. ClientId pulumi.StringOutput `pulumi:"clientId"` // Client secret issued by AS for the Okta IdP instance. ClientSecret pulumi.StringOutput `pulumi:"clientSecret"` // Action for a previously deprovisioned IdP user during authentication. Can be `"NONE"` or `"REACTIVATE"`. DeprovisionedAction pulumi.StringPtrOutput `pulumi:"deprovisionedAction"` // Provisioning action for IdP user's group memberships. It can be `"NONE"`, `"SYNC"`, `"APPEND"`, or `"ASSIGN"`. GroupsAction pulumi.StringPtrOutput `pulumi:"groupsAction"` // List of Okta Group IDs to add an IdP user as a member with the `"ASSIGN"` `groupsAction`. GroupsAssignments pulumi.StringArrayOutput `pulumi:"groupsAssignments"` // IdP user profile attribute name (case-insensitive) for an array value that contains group memberships. GroupsAttribute pulumi.StringPtrOutput `pulumi:"groupsAttribute"` // Whitelist of Okta Group identifiers that are allowed for the `"APPEND"` or `"SYNC"` `groupsAction`. GroupsFilters pulumi.StringArrayOutput `pulumi:"groupsFilters"` // Indicates whether Okta uses the original Okta org domain URL, a custom domain URL, or dynamic. It can be `"ORG_URL"`, `"CUSTOM_URL"`, or `"DYNAMIC"`. IssuerMode pulumi.StringPtrOutput `pulumi:"issuerMode"` // URI that identifies the issuer. IssuerUrl pulumi.StringOutput `pulumi:"issuerUrl"` // The method of making a request for the OIDC JWKS. It can be set to `"HTTP-POST"` or `"HTTP-REDIRECT"`. JwksBinding pulumi.StringOutput `pulumi:"jwksBinding"` // Endpoint where the keys signer publishes its keys in a JWK Set. JwksUrl pulumi.StringOutput `pulumi:"jwksUrl"` // Maximum allowable clock-skew when processing messages from the IdP. MaxClockSkew pulumi.IntPtrOutput `pulumi:"maxClockSkew"` // The Application's display name. Name pulumi.StringOutput `pulumi:"name"` // Determines if the IdP should act as a source of truth for user profile attributes. ProfileMaster pulumi.BoolPtrOutput `pulumi:"profileMaster"` // The type of protocol to use. It can be `"OIDC"` or `"OAUTH2"`. ProtocolType pulumi.StringPtrOutput `pulumi:"protocolType"` // Provisioning action for an IdP user during authentication. ProvisioningAction pulumi.StringPtrOutput `pulumi:"provisioningAction"` // The HMAC Signature Algorithm used when signing an authorization request. Defaults to `"HS256"`. It can be `"HS256"`, `"HS384"`, `"HS512"`, `"SHA-256"`. `"RS256"`, `"RS384"`, or `"RS512"`. NOTE: `"SHA-256"` an undocumented legacy value and not continue to be valid. See API docs https://developer.okta.com/docs/reference/api/idps/#oidc-request-signature-algorithm-object RequestSignatureAlgorithm pulumi.StringPtrOutput `pulumi:"requestSignatureAlgorithm"` // Specifies whether to digitally sign an AuthnRequest messages to the IdP. Defaults to `"REQUEST"`. It can be `"REQUEST"` or `"NONE"`. RequestSignatureScope pulumi.StringPtrOutput `pulumi:"requestSignatureScope"` // The scopes of the IdP. Scopes pulumi.StringArrayOutput `pulumi:"scopes"` // Status of the IdP. Status pulumi.StringPtrOutput `pulumi:"status"` // Okta user profile attribute for matching transformed IdP username. Only for matchType `"CUSTOM_ATTRIBUTE"`. SubjectMatchAttribute pulumi.StringPtrOutput `pulumi:"subjectMatchAttribute"` // Determines the Okta user profile attribute match conditions for account linking and authentication of the transformed IdP username. By default, it is set to `"USERNAME"`. It can be set to `"USERNAME"`, `"EMAIL"`, `"USERNAME_OR_EMAIL"` or `"CUSTOM_ATTRIBUTE"`. SubjectMatchType pulumi.StringPtrOutput `pulumi:"subjectMatchType"` // Action for a previously suspended IdP user during authentication. Can be set to `"NONE"` or `"UNSUSPEND"` SuspendedAction pulumi.StringPtrOutput `pulumi:"suspendedAction"` // The method of making a token request. It can be set to `"HTTP-POST"` or `"HTTP-REDIRECT"`. TokenBinding pulumi.StringOutput `pulumi:"tokenBinding"` // IdP Authorization Server (AS) endpoint to exchange the authorization code grant for an access token. TokenUrl pulumi.StringOutput `pulumi:"tokenUrl"` // Type of OIDC IdP. Type pulumi.StringOutput `pulumi:"type"` UserInfoBinding pulumi.StringPtrOutput `pulumi:"userInfoBinding"` // Protected resource endpoint that returns claims about the authenticated user. UserInfoUrl pulumi.StringPtrOutput `pulumi:"userInfoUrl"` // User type ID. Can be used as `targetId` in the `profile.Mapping` resource. UserTypeId pulumi.StringOutput `pulumi:"userTypeId"` // Okta EL Expression to generate or transform a unique username for the IdP user. UsernameTemplate pulumi.StringPtrOutput `pulumi:"usernameTemplate"` }
Creates an OIDC Identity Provider.
This resource allows you to create and configure an OIDC Identity Provider.
## Example Usage
<!--Start PulumiCodeChooser --> ```go package main
import (
"github.com/pulumi/pulumi-okta/sdk/v4/go/okta/idp" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := idp.NewOidc(ctx, "example", &idp.OidcArgs{ AuthorizationBinding: pulumi.String("HTTP-REDIRECT"), AuthorizationUrl: pulumi.String("https://idp.example.com/authorize"), ClientId: pulumi.String("efg456"), ClientSecret: pulumi.String("efg456"), IssuerUrl: pulumi.String("https://id.example.com"), JwksBinding: pulumi.String("HTTP-REDIRECT"), JwksUrl: pulumi.String("https://idp.example.com/keys"), Scopes: pulumi.StringArray{ pulumi.String("openid"), }, TokenBinding: pulumi.String("HTTP-POST"), TokenUrl: pulumi.String("https://idp.example.com/token"), UserInfoBinding: pulumi.String("HTTP-REDIRECT"), UserInfoUrl: pulumi.String("https://idp.example.com/userinfo"), UsernameTemplate: pulumi.String("idpuser.email"), }) if err != nil { return err } return nil }) }
``` <!--End PulumiCodeChooser -->
## Import
An OIDC IdP can be imported via the Okta ID.
```sh $ pulumi import okta:idp/oidc:Oidc example <idp id> ```
func GetOidc ¶
func GetOidc(ctx *pulumi.Context, name string, id pulumi.IDInput, state *OidcState, opts ...pulumi.ResourceOption) (*Oidc, error)
GetOidc gets an existing Oidc resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewOidc ¶
func NewOidc(ctx *pulumi.Context, name string, args *OidcArgs, opts ...pulumi.ResourceOption) (*Oidc, error)
NewOidc registers a new resource with the given unique name, arguments, and options.
func (*Oidc) ElementType ¶
func (*Oidc) ToOidcOutput ¶
func (i *Oidc) ToOidcOutput() OidcOutput
func (*Oidc) ToOidcOutputWithContext ¶
func (i *Oidc) ToOidcOutputWithContext(ctx context.Context) OidcOutput
type OidcArgs ¶
type OidcArgs struct { // Specifies the account linking action for an IdP user. AccountLinkAction pulumi.StringPtrInput // Group memberships to determine link candidates. AccountLinkGroupIncludes pulumi.StringArrayInput // The method of making an authorization request. It can be set to `"HTTP-POST"` or `"HTTP-REDIRECT"`. AuthorizationBinding pulumi.StringInput // IdP Authorization Server (AS) endpoint to request consent from the user and obtain an authorization code grant. AuthorizationUrl pulumi.StringInput // Unique identifier issued by AS for the Okta IdP instance. ClientId pulumi.StringInput // Client secret issued by AS for the Okta IdP instance. ClientSecret pulumi.StringInput // Action for a previously deprovisioned IdP user during authentication. Can be `"NONE"` or `"REACTIVATE"`. DeprovisionedAction pulumi.StringPtrInput // Provisioning action for IdP user's group memberships. It can be `"NONE"`, `"SYNC"`, `"APPEND"`, or `"ASSIGN"`. GroupsAction pulumi.StringPtrInput // List of Okta Group IDs to add an IdP user as a member with the `"ASSIGN"` `groupsAction`. GroupsAssignments pulumi.StringArrayInput // IdP user profile attribute name (case-insensitive) for an array value that contains group memberships. GroupsAttribute pulumi.StringPtrInput // Whitelist of Okta Group identifiers that are allowed for the `"APPEND"` or `"SYNC"` `groupsAction`. GroupsFilters pulumi.StringArrayInput // Indicates whether Okta uses the original Okta org domain URL, a custom domain URL, or dynamic. It can be `"ORG_URL"`, `"CUSTOM_URL"`, or `"DYNAMIC"`. IssuerMode pulumi.StringPtrInput // URI that identifies the issuer. IssuerUrl pulumi.StringInput // The method of making a request for the OIDC JWKS. It can be set to `"HTTP-POST"` or `"HTTP-REDIRECT"`. JwksBinding pulumi.StringInput // Endpoint where the keys signer publishes its keys in a JWK Set. JwksUrl pulumi.StringInput // Maximum allowable clock-skew when processing messages from the IdP. MaxClockSkew pulumi.IntPtrInput // The Application's display name. Name pulumi.StringPtrInput // Determines if the IdP should act as a source of truth for user profile attributes. ProfileMaster pulumi.BoolPtrInput // The type of protocol to use. It can be `"OIDC"` or `"OAUTH2"`. ProtocolType pulumi.StringPtrInput // Provisioning action for an IdP user during authentication. ProvisioningAction pulumi.StringPtrInput // The HMAC Signature Algorithm used when signing an authorization request. Defaults to `"HS256"`. It can be `"HS256"`, `"HS384"`, `"HS512"`, `"SHA-256"`. `"RS256"`, `"RS384"`, or `"RS512"`. NOTE: `"SHA-256"` an undocumented legacy value and not continue to be valid. See API docs https://developer.okta.com/docs/reference/api/idps/#oidc-request-signature-algorithm-object RequestSignatureAlgorithm pulumi.StringPtrInput // Specifies whether to digitally sign an AuthnRequest messages to the IdP. Defaults to `"REQUEST"`. It can be `"REQUEST"` or `"NONE"`. RequestSignatureScope pulumi.StringPtrInput // The scopes of the IdP. Scopes pulumi.StringArrayInput // Status of the IdP. Status pulumi.StringPtrInput // Okta user profile attribute for matching transformed IdP username. Only for matchType `"CUSTOM_ATTRIBUTE"`. SubjectMatchAttribute pulumi.StringPtrInput // Determines the Okta user profile attribute match conditions for account linking and authentication of the transformed IdP username. By default, it is set to `"USERNAME"`. It can be set to `"USERNAME"`, `"EMAIL"`, `"USERNAME_OR_EMAIL"` or `"CUSTOM_ATTRIBUTE"`. SubjectMatchType pulumi.StringPtrInput // Action for a previously suspended IdP user during authentication. Can be set to `"NONE"` or `"UNSUSPEND"` SuspendedAction pulumi.StringPtrInput // The method of making a token request. It can be set to `"HTTP-POST"` or `"HTTP-REDIRECT"`. TokenBinding pulumi.StringInput // IdP Authorization Server (AS) endpoint to exchange the authorization code grant for an access token. TokenUrl pulumi.StringInput UserInfoBinding pulumi.StringPtrInput // Protected resource endpoint that returns claims about the authenticated user. UserInfoUrl pulumi.StringPtrInput // Okta EL Expression to generate or transform a unique username for the IdP user. UsernameTemplate pulumi.StringPtrInput }
The set of arguments for constructing a Oidc resource.
func (OidcArgs) ElementType ¶
type OidcArray ¶
type OidcArray []OidcInput
func (OidcArray) ElementType ¶
func (OidcArray) ToOidcArrayOutput ¶
func (i OidcArray) ToOidcArrayOutput() OidcArrayOutput
func (OidcArray) ToOidcArrayOutputWithContext ¶
func (i OidcArray) ToOidcArrayOutputWithContext(ctx context.Context) OidcArrayOutput
type OidcArrayInput ¶
type OidcArrayInput interface { pulumi.Input ToOidcArrayOutput() OidcArrayOutput ToOidcArrayOutputWithContext(context.Context) OidcArrayOutput }
OidcArrayInput is an input type that accepts OidcArray and OidcArrayOutput values. You can construct a concrete instance of `OidcArrayInput` via:
OidcArray{ OidcArgs{...} }
type OidcArrayOutput ¶
type OidcArrayOutput struct{ *pulumi.OutputState }
func (OidcArrayOutput) ElementType ¶
func (OidcArrayOutput) ElementType() reflect.Type
func (OidcArrayOutput) Index ¶
func (o OidcArrayOutput) Index(i pulumi.IntInput) OidcOutput
func (OidcArrayOutput) ToOidcArrayOutput ¶
func (o OidcArrayOutput) ToOidcArrayOutput() OidcArrayOutput
func (OidcArrayOutput) ToOidcArrayOutputWithContext ¶
func (o OidcArrayOutput) ToOidcArrayOutputWithContext(ctx context.Context) OidcArrayOutput
type OidcInput ¶
type OidcInput interface { pulumi.Input ToOidcOutput() OidcOutput ToOidcOutputWithContext(ctx context.Context) OidcOutput }
type OidcMap ¶
func (OidcMap) ElementType ¶
func (OidcMap) ToOidcMapOutput ¶
func (i OidcMap) ToOidcMapOutput() OidcMapOutput
func (OidcMap) ToOidcMapOutputWithContext ¶
func (i OidcMap) ToOidcMapOutputWithContext(ctx context.Context) OidcMapOutput
type OidcMapInput ¶
type OidcMapInput interface { pulumi.Input ToOidcMapOutput() OidcMapOutput ToOidcMapOutputWithContext(context.Context) OidcMapOutput }
OidcMapInput is an input type that accepts OidcMap and OidcMapOutput values. You can construct a concrete instance of `OidcMapInput` via:
OidcMap{ "key": OidcArgs{...} }
type OidcMapOutput ¶
type OidcMapOutput struct{ *pulumi.OutputState }
func (OidcMapOutput) ElementType ¶
func (OidcMapOutput) ElementType() reflect.Type
func (OidcMapOutput) MapIndex ¶
func (o OidcMapOutput) MapIndex(k pulumi.StringInput) OidcOutput
func (OidcMapOutput) ToOidcMapOutput ¶
func (o OidcMapOutput) ToOidcMapOutput() OidcMapOutput
func (OidcMapOutput) ToOidcMapOutputWithContext ¶
func (o OidcMapOutput) ToOidcMapOutputWithContext(ctx context.Context) OidcMapOutput
type OidcOutput ¶
type OidcOutput struct{ *pulumi.OutputState }
func (OidcOutput) AccountLinkAction ¶
func (o OidcOutput) AccountLinkAction() pulumi.StringPtrOutput
Specifies the account linking action for an IdP user.
func (OidcOutput) AccountLinkGroupIncludes ¶
func (o OidcOutput) AccountLinkGroupIncludes() pulumi.StringArrayOutput
Group memberships to determine link candidates.
func (OidcOutput) AuthorizationBinding ¶
func (o OidcOutput) AuthorizationBinding() pulumi.StringOutput
The method of making an authorization request. It can be set to `"HTTP-POST"` or `"HTTP-REDIRECT"`.
func (OidcOutput) AuthorizationUrl ¶
func (o OidcOutput) AuthorizationUrl() pulumi.StringOutput
IdP Authorization Server (AS) endpoint to request consent from the user and obtain an authorization code grant.
func (OidcOutput) ClientId ¶
func (o OidcOutput) ClientId() pulumi.StringOutput
Unique identifier issued by AS for the Okta IdP instance.
func (OidcOutput) ClientSecret ¶
func (o OidcOutput) ClientSecret() pulumi.StringOutput
Client secret issued by AS for the Okta IdP instance.
func (OidcOutput) DeprovisionedAction ¶
func (o OidcOutput) DeprovisionedAction() pulumi.StringPtrOutput
Action for a previously deprovisioned IdP user during authentication. Can be `"NONE"` or `"REACTIVATE"`.
func (OidcOutput) ElementType ¶
func (OidcOutput) ElementType() reflect.Type
func (OidcOutput) GroupsAction ¶
func (o OidcOutput) GroupsAction() pulumi.StringPtrOutput
Provisioning action for IdP user's group memberships. It can be `"NONE"`, `"SYNC"`, `"APPEND"`, or `"ASSIGN"`.
func (OidcOutput) GroupsAssignments ¶
func (o OidcOutput) GroupsAssignments() pulumi.StringArrayOutput
List of Okta Group IDs to add an IdP user as a member with the `"ASSIGN"` `groupsAction`.
func (OidcOutput) GroupsAttribute ¶
func (o OidcOutput) GroupsAttribute() pulumi.StringPtrOutput
IdP user profile attribute name (case-insensitive) for an array value that contains group memberships.
func (OidcOutput) GroupsFilters ¶
func (o OidcOutput) GroupsFilters() pulumi.StringArrayOutput
Whitelist of Okta Group identifiers that are allowed for the `"APPEND"` or `"SYNC"` `groupsAction`.
func (OidcOutput) IssuerMode ¶
func (o OidcOutput) IssuerMode() pulumi.StringPtrOutput
Indicates whether Okta uses the original Okta org domain URL, a custom domain URL, or dynamic. It can be `"ORG_URL"`, `"CUSTOM_URL"`, or `"DYNAMIC"`.
func (OidcOutput) IssuerUrl ¶
func (o OidcOutput) IssuerUrl() pulumi.StringOutput
URI that identifies the issuer.
func (OidcOutput) JwksBinding ¶
func (o OidcOutput) JwksBinding() pulumi.StringOutput
The method of making a request for the OIDC JWKS. It can be set to `"HTTP-POST"` or `"HTTP-REDIRECT"`.
func (OidcOutput) JwksUrl ¶
func (o OidcOutput) JwksUrl() pulumi.StringOutput
Endpoint where the keys signer publishes its keys in a JWK Set.
func (OidcOutput) MaxClockSkew ¶
func (o OidcOutput) MaxClockSkew() pulumi.IntPtrOutput
Maximum allowable clock-skew when processing messages from the IdP.
func (OidcOutput) Name ¶
func (o OidcOutput) Name() pulumi.StringOutput
The Application's display name.
func (OidcOutput) ProfileMaster ¶
func (o OidcOutput) ProfileMaster() pulumi.BoolPtrOutput
Determines if the IdP should act as a source of truth for user profile attributes.
func (OidcOutput) ProtocolType ¶
func (o OidcOutput) ProtocolType() pulumi.StringPtrOutput
The type of protocol to use. It can be `"OIDC"` or `"OAUTH2"`.
func (OidcOutput) ProvisioningAction ¶
func (o OidcOutput) ProvisioningAction() pulumi.StringPtrOutput
Provisioning action for an IdP user during authentication.
func (OidcOutput) RequestSignatureAlgorithm ¶
func (o OidcOutput) RequestSignatureAlgorithm() pulumi.StringPtrOutput
The HMAC Signature Algorithm used when signing an authorization request. Defaults to `"HS256"`. It can be `"HS256"`, `"HS384"`, `"HS512"`, `"SHA-256"`. `"RS256"`, `"RS384"`, or `"RS512"`. NOTE: `"SHA-256"` an undocumented legacy value and not continue to be valid. See API docs https://developer.okta.com/docs/reference/api/idps/#oidc-request-signature-algorithm-object
func (OidcOutput) RequestSignatureScope ¶
func (o OidcOutput) RequestSignatureScope() pulumi.StringPtrOutput
Specifies whether to digitally sign an AuthnRequest messages to the IdP. Defaults to `"REQUEST"`. It can be `"REQUEST"` or `"NONE"`.
func (OidcOutput) Scopes ¶
func (o OidcOutput) Scopes() pulumi.StringArrayOutput
The scopes of the IdP.
func (OidcOutput) SubjectMatchAttribute ¶
func (o OidcOutput) SubjectMatchAttribute() pulumi.StringPtrOutput
Okta user profile attribute for matching transformed IdP username. Only for matchType `"CUSTOM_ATTRIBUTE"`.
func (OidcOutput) SubjectMatchType ¶
func (o OidcOutput) SubjectMatchType() pulumi.StringPtrOutput
Determines the Okta user profile attribute match conditions for account linking and authentication of the transformed IdP username. By default, it is set to `"USERNAME"`. It can be set to `"USERNAME"`, `"EMAIL"`, `"USERNAME_OR_EMAIL"` or `"CUSTOM_ATTRIBUTE"`.
func (OidcOutput) SuspendedAction ¶
func (o OidcOutput) SuspendedAction() pulumi.StringPtrOutput
Action for a previously suspended IdP user during authentication. Can be set to `"NONE"` or `"UNSUSPEND"`
func (OidcOutput) ToOidcOutput ¶
func (o OidcOutput) ToOidcOutput() OidcOutput
func (OidcOutput) ToOidcOutputWithContext ¶
func (o OidcOutput) ToOidcOutputWithContext(ctx context.Context) OidcOutput
func (OidcOutput) TokenBinding ¶
func (o OidcOutput) TokenBinding() pulumi.StringOutput
The method of making a token request. It can be set to `"HTTP-POST"` or `"HTTP-REDIRECT"`.
func (OidcOutput) TokenUrl ¶
func (o OidcOutput) TokenUrl() pulumi.StringOutput
IdP Authorization Server (AS) endpoint to exchange the authorization code grant for an access token.
func (OidcOutput) UserInfoBinding ¶
func (o OidcOutput) UserInfoBinding() pulumi.StringPtrOutput
func (OidcOutput) UserInfoUrl ¶
func (o OidcOutput) UserInfoUrl() pulumi.StringPtrOutput
Protected resource endpoint that returns claims about the authenticated user.
func (OidcOutput) UserTypeId ¶
func (o OidcOutput) UserTypeId() pulumi.StringOutput
User type ID. Can be used as `targetId` in the `profile.Mapping` resource.
func (OidcOutput) UsernameTemplate ¶
func (o OidcOutput) UsernameTemplate() pulumi.StringPtrOutput
Okta EL Expression to generate or transform a unique username for the IdP user.
type OidcState ¶
type OidcState struct { // Specifies the account linking action for an IdP user. AccountLinkAction pulumi.StringPtrInput // Group memberships to determine link candidates. AccountLinkGroupIncludes pulumi.StringArrayInput // The method of making an authorization request. It can be set to `"HTTP-POST"` or `"HTTP-REDIRECT"`. AuthorizationBinding pulumi.StringPtrInput // IdP Authorization Server (AS) endpoint to request consent from the user and obtain an authorization code grant. AuthorizationUrl pulumi.StringPtrInput // Unique identifier issued by AS for the Okta IdP instance. ClientId pulumi.StringPtrInput // Client secret issued by AS for the Okta IdP instance. ClientSecret pulumi.StringPtrInput // Action for a previously deprovisioned IdP user during authentication. Can be `"NONE"` or `"REACTIVATE"`. DeprovisionedAction pulumi.StringPtrInput // Provisioning action for IdP user's group memberships. It can be `"NONE"`, `"SYNC"`, `"APPEND"`, or `"ASSIGN"`. GroupsAction pulumi.StringPtrInput // List of Okta Group IDs to add an IdP user as a member with the `"ASSIGN"` `groupsAction`. GroupsAssignments pulumi.StringArrayInput // IdP user profile attribute name (case-insensitive) for an array value that contains group memberships. GroupsAttribute pulumi.StringPtrInput // Whitelist of Okta Group identifiers that are allowed for the `"APPEND"` or `"SYNC"` `groupsAction`. GroupsFilters pulumi.StringArrayInput // Indicates whether Okta uses the original Okta org domain URL, a custom domain URL, or dynamic. It can be `"ORG_URL"`, `"CUSTOM_URL"`, or `"DYNAMIC"`. IssuerMode pulumi.StringPtrInput // URI that identifies the issuer. IssuerUrl pulumi.StringPtrInput // The method of making a request for the OIDC JWKS. It can be set to `"HTTP-POST"` or `"HTTP-REDIRECT"`. JwksBinding pulumi.StringPtrInput // Endpoint where the keys signer publishes its keys in a JWK Set. JwksUrl pulumi.StringPtrInput // Maximum allowable clock-skew when processing messages from the IdP. MaxClockSkew pulumi.IntPtrInput // The Application's display name. Name pulumi.StringPtrInput // Determines if the IdP should act as a source of truth for user profile attributes. ProfileMaster pulumi.BoolPtrInput // The type of protocol to use. It can be `"OIDC"` or `"OAUTH2"`. ProtocolType pulumi.StringPtrInput // Provisioning action for an IdP user during authentication. ProvisioningAction pulumi.StringPtrInput // The HMAC Signature Algorithm used when signing an authorization request. Defaults to `"HS256"`. It can be `"HS256"`, `"HS384"`, `"HS512"`, `"SHA-256"`. `"RS256"`, `"RS384"`, or `"RS512"`. NOTE: `"SHA-256"` an undocumented legacy value and not continue to be valid. See API docs https://developer.okta.com/docs/reference/api/idps/#oidc-request-signature-algorithm-object RequestSignatureAlgorithm pulumi.StringPtrInput // Specifies whether to digitally sign an AuthnRequest messages to the IdP. Defaults to `"REQUEST"`. It can be `"REQUEST"` or `"NONE"`. RequestSignatureScope pulumi.StringPtrInput // The scopes of the IdP. Scopes pulumi.StringArrayInput // Status of the IdP. Status pulumi.StringPtrInput // Okta user profile attribute for matching transformed IdP username. Only for matchType `"CUSTOM_ATTRIBUTE"`. SubjectMatchAttribute pulumi.StringPtrInput // Determines the Okta user profile attribute match conditions for account linking and authentication of the transformed IdP username. By default, it is set to `"USERNAME"`. It can be set to `"USERNAME"`, `"EMAIL"`, `"USERNAME_OR_EMAIL"` or `"CUSTOM_ATTRIBUTE"`. SubjectMatchType pulumi.StringPtrInput // Action for a previously suspended IdP user during authentication. Can be set to `"NONE"` or `"UNSUSPEND"` SuspendedAction pulumi.StringPtrInput // The method of making a token request. It can be set to `"HTTP-POST"` or `"HTTP-REDIRECT"`. TokenBinding pulumi.StringPtrInput // IdP Authorization Server (AS) endpoint to exchange the authorization code grant for an access token. TokenUrl pulumi.StringPtrInput // Type of OIDC IdP. Type pulumi.StringPtrInput UserInfoBinding pulumi.StringPtrInput // Protected resource endpoint that returns claims about the authenticated user. UserInfoUrl pulumi.StringPtrInput // User type ID. Can be used as `targetId` in the `profile.Mapping` resource. UserTypeId pulumi.StringPtrInput // Okta EL Expression to generate or transform a unique username for the IdP user. UsernameTemplate pulumi.StringPtrInput }
func (OidcState) ElementType ¶
type Saml ¶
type Saml struct { pulumi.CustomResourceState // Specifies the account linking action for an IdP user. AccountLinkAction pulumi.StringPtrOutput `pulumi:"accountLinkAction"` // Group memberships to determine link candidates. AccountLinkGroupIncludes pulumi.StringArrayOutput `pulumi:"accountLinkGroupIncludes"` AcsBinding pulumi.StringOutput `pulumi:"acsBinding"` // The type of ACS. It can be `"INSTANCE"` or `"ORG"`. AcsType pulumi.StringPtrOutput `pulumi:"acsType"` // The audience restriction for the IdP. Audience pulumi.StringOutput `pulumi:"audience"` // Action for a previously deprovisioned IdP user during authentication. Can be `"NONE"` or `"REACTIVATE"`. DeprovisionedAction pulumi.StringPtrOutput `pulumi:"deprovisionedAction"` // Provisioning action for IdP user's group memberships. It can be `"NONE"`, `"SYNC"`, `"APPEND"`, or `"ASSIGN"`. GroupsAction pulumi.StringPtrOutput `pulumi:"groupsAction"` // List of Okta Group IDs to add an IdP user as a member with the `"ASSIGN"` `groupsAction`. GroupsAssignments pulumi.StringArrayOutput `pulumi:"groupsAssignments"` // IdP user profile attribute name (case-insensitive) for an array value that contains group memberships. GroupsAttribute pulumi.StringPtrOutput `pulumi:"groupsAttribute"` // Whitelist of Okta Group identifiers that are allowed for the `"APPEND"` or `"SYNC"` `groupsAction`. GroupsFilters pulumi.StringArrayOutput `pulumi:"groupsFilters"` // URI that identifies the issuer. Issuer pulumi.StringOutput `pulumi:"issuer"` // Indicates whether Okta uses the original Okta org domain URL, or a custom domain URL. It can be `"ORG_URL"` or `"CUSTOM_URL"`. IssuerMode pulumi.StringPtrOutput `pulumi:"issuerMode"` // The ID of the signing key. Kid pulumi.StringOutput `pulumi:"kid"` // Maximum allowable clock-skew when processing messages from the IdP. MaxClockSkew pulumi.IntPtrOutput `pulumi:"maxClockSkew"` // The Application's display name. Name pulumi.StringOutput `pulumi:"name"` // The name identifier format to use. By default `"urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"`. NameFormat pulumi.StringPtrOutput `pulumi:"nameFormat"` // Determines if the IdP should act as a source of truth for user profile attributes. ProfileMaster pulumi.BoolPtrOutput `pulumi:"profileMaster"` // Provisioning action for an IdP user during authentication. ProvisioningAction pulumi.StringPtrOutput `pulumi:"provisioningAction"` // The XML digital signature algorithm used when signing an AuthnRequest message. It can be `"SHA-256"` or `"SHA-1"`. RequestSignatureAlgorithm pulumi.StringPtrOutput `pulumi:"requestSignatureAlgorithm"` // Specifies whether to digitally sign an AuthnRequest messages to the IdP. It can be `"REQUEST"` or `"NONE"`. RequestSignatureScope pulumi.StringPtrOutput `pulumi:"requestSignatureScope"` // The minimum XML digital signature algorithm allowed when verifying a SAMLResponse message or Assertion element. It can be `"SHA-256"` or `"SHA-1"`. ResponseSignatureAlgorithm pulumi.StringPtrOutput `pulumi:"responseSignatureAlgorithm"` // Specifies whether to verify a SAMLResponse message or Assertion element XML digital signature. It can be `"RESPONSE"`, `"ASSERTION"`, or `"ANY"`. ResponseSignatureScope pulumi.StringPtrOutput `pulumi:"responseSignatureScope"` // The method of making an SSO request. It can be set to `"HTTP-POST"` or `"HTTP-REDIRECT"`. SsoBinding pulumi.StringPtrOutput `pulumi:"ssoBinding"` // URI reference indicating the address to which the AuthnRequest message is sent. SsoDestination pulumi.StringPtrOutput `pulumi:"ssoDestination"` // URL of binding-specific endpoint to send an AuthnRequest message to IdP. SsoUrl pulumi.StringOutput `pulumi:"ssoUrl"` // Status of the IdP. Status pulumi.StringPtrOutput `pulumi:"status"` // Optional regular expression pattern used to filter untrusted IdP usernames. SubjectFilter pulumi.StringPtrOutput `pulumi:"subjectFilter"` // The name format. By default `"urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"`. SubjectFormats pulumi.StringArrayOutput `pulumi:"subjectFormats"` // Okta user profile attribute for matching transformed IdP username. Only for matchType `"CUSTOM_ATTRIBUTE"`. SubjectMatchAttribute pulumi.StringPtrOutput `pulumi:"subjectMatchAttribute"` // Determines the Okta user profile attribute match conditions for account linking and authentication of the transformed IdP username. By default, it is set to `"USERNAME"`. It can be set to `"USERNAME"`, `"EMAIL"`, `"USERNAME_OR_EMAIL"` or `"CUSTOM_ATTRIBUTE"`. SubjectMatchType pulumi.StringPtrOutput `pulumi:"subjectMatchType"` // Action for a previously suspended IdP user during authentication. Can be set to `"NONE"` or `"UNSUSPEND"` SuspendedAction pulumi.StringPtrOutput `pulumi:"suspendedAction"` // Type of the IdP. Type pulumi.StringOutput `pulumi:"type"` // User type ID. Can be used as `targetId` in the `profile.Mapping` resource. UserTypeId pulumi.StringOutput `pulumi:"userTypeId"` // Okta EL Expression to generate or transform a unique username for the IdP user. UsernameTemplate pulumi.StringPtrOutput `pulumi:"usernameTemplate"` }
Creates a SAML Identity Provider.
This resource allows you to create and configure a SAML Identity Provider.
## Example Usage
<!--Start PulumiCodeChooser --> ```go package main
import (
"github.com/pulumi/pulumi-okta/sdk/v4/go/okta/idp" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := idp.NewSaml(ctx, "example", &idp.SamlArgs{ AcsType: pulumi.String("INSTANCE"), Issuer: pulumi.String("https://idp.example.com"), Kid: pulumi.Any(okta_idp_saml_key.Test.Id), RequestSignatureScope: pulumi.String("REQUEST"), ResponseSignatureScope: pulumi.String("ANY"), SsoBinding: pulumi.String("HTTP-POST"), SsoDestination: pulumi.String("https://idp.example.com"), SsoUrl: pulumi.String("https://idp.example.com"), UsernameTemplate: pulumi.String("idpuser.email"), }) if err != nil { return err } return nil }) }
``` <!--End PulumiCodeChooser -->
## Import
An SAML IdP can be imported via the Okta ID.
```sh $ pulumi import okta:idp/saml:Saml example <idp id> ```
func GetSaml ¶
func GetSaml(ctx *pulumi.Context, name string, id pulumi.IDInput, state *SamlState, opts ...pulumi.ResourceOption) (*Saml, error)
GetSaml gets an existing Saml resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewSaml ¶
func NewSaml(ctx *pulumi.Context, name string, args *SamlArgs, opts ...pulumi.ResourceOption) (*Saml, error)
NewSaml registers a new resource with the given unique name, arguments, and options.
func (*Saml) ElementType ¶
func (*Saml) ToSamlOutput ¶
func (i *Saml) ToSamlOutput() SamlOutput
func (*Saml) ToSamlOutputWithContext ¶
func (i *Saml) ToSamlOutputWithContext(ctx context.Context) SamlOutput
type SamlArgs ¶
type SamlArgs struct { // Specifies the account linking action for an IdP user. AccountLinkAction pulumi.StringPtrInput // Group memberships to determine link candidates. AccountLinkGroupIncludes pulumi.StringArrayInput // The type of ACS. It can be `"INSTANCE"` or `"ORG"`. AcsType pulumi.StringPtrInput // Action for a previously deprovisioned IdP user during authentication. Can be `"NONE"` or `"REACTIVATE"`. DeprovisionedAction pulumi.StringPtrInput // Provisioning action for IdP user's group memberships. It can be `"NONE"`, `"SYNC"`, `"APPEND"`, or `"ASSIGN"`. GroupsAction pulumi.StringPtrInput // List of Okta Group IDs to add an IdP user as a member with the `"ASSIGN"` `groupsAction`. GroupsAssignments pulumi.StringArrayInput // IdP user profile attribute name (case-insensitive) for an array value that contains group memberships. GroupsAttribute pulumi.StringPtrInput // Whitelist of Okta Group identifiers that are allowed for the `"APPEND"` or `"SYNC"` `groupsAction`. GroupsFilters pulumi.StringArrayInput // URI that identifies the issuer. Issuer pulumi.StringInput // Indicates whether Okta uses the original Okta org domain URL, or a custom domain URL. It can be `"ORG_URL"` or `"CUSTOM_URL"`. IssuerMode pulumi.StringPtrInput // The ID of the signing key. Kid pulumi.StringInput // Maximum allowable clock-skew when processing messages from the IdP. MaxClockSkew pulumi.IntPtrInput // The Application's display name. Name pulumi.StringPtrInput // The name identifier format to use. By default `"urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"`. NameFormat pulumi.StringPtrInput // Determines if the IdP should act as a source of truth for user profile attributes. ProfileMaster pulumi.BoolPtrInput // Provisioning action for an IdP user during authentication. ProvisioningAction pulumi.StringPtrInput // The XML digital signature algorithm used when signing an AuthnRequest message. It can be `"SHA-256"` or `"SHA-1"`. RequestSignatureAlgorithm pulumi.StringPtrInput // Specifies whether to digitally sign an AuthnRequest messages to the IdP. It can be `"REQUEST"` or `"NONE"`. RequestSignatureScope pulumi.StringPtrInput // The minimum XML digital signature algorithm allowed when verifying a SAMLResponse message or Assertion element. It can be `"SHA-256"` or `"SHA-1"`. ResponseSignatureAlgorithm pulumi.StringPtrInput // Specifies whether to verify a SAMLResponse message or Assertion element XML digital signature. It can be `"RESPONSE"`, `"ASSERTION"`, or `"ANY"`. ResponseSignatureScope pulumi.StringPtrInput // The method of making an SSO request. It can be set to `"HTTP-POST"` or `"HTTP-REDIRECT"`. SsoBinding pulumi.StringPtrInput // URI reference indicating the address to which the AuthnRequest message is sent. SsoDestination pulumi.StringPtrInput // URL of binding-specific endpoint to send an AuthnRequest message to IdP. SsoUrl pulumi.StringInput // Status of the IdP. Status pulumi.StringPtrInput // Optional regular expression pattern used to filter untrusted IdP usernames. SubjectFilter pulumi.StringPtrInput // The name format. By default `"urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"`. SubjectFormats pulumi.StringArrayInput // Okta user profile attribute for matching transformed IdP username. Only for matchType `"CUSTOM_ATTRIBUTE"`. SubjectMatchAttribute pulumi.StringPtrInput // Determines the Okta user profile attribute match conditions for account linking and authentication of the transformed IdP username. By default, it is set to `"USERNAME"`. It can be set to `"USERNAME"`, `"EMAIL"`, `"USERNAME_OR_EMAIL"` or `"CUSTOM_ATTRIBUTE"`. SubjectMatchType pulumi.StringPtrInput // Action for a previously suspended IdP user during authentication. Can be set to `"NONE"` or `"UNSUSPEND"` SuspendedAction pulumi.StringPtrInput // Okta EL Expression to generate or transform a unique username for the IdP user. UsernameTemplate pulumi.StringPtrInput }
The set of arguments for constructing a Saml resource.
func (SamlArgs) ElementType ¶
type SamlArray ¶
type SamlArray []SamlInput
func (SamlArray) ElementType ¶
func (SamlArray) ToSamlArrayOutput ¶
func (i SamlArray) ToSamlArrayOutput() SamlArrayOutput
func (SamlArray) ToSamlArrayOutputWithContext ¶
func (i SamlArray) ToSamlArrayOutputWithContext(ctx context.Context) SamlArrayOutput
type SamlArrayInput ¶
type SamlArrayInput interface { pulumi.Input ToSamlArrayOutput() SamlArrayOutput ToSamlArrayOutputWithContext(context.Context) SamlArrayOutput }
SamlArrayInput is an input type that accepts SamlArray and SamlArrayOutput values. You can construct a concrete instance of `SamlArrayInput` via:
SamlArray{ SamlArgs{...} }
type SamlArrayOutput ¶
type SamlArrayOutput struct{ *pulumi.OutputState }
func (SamlArrayOutput) ElementType ¶
func (SamlArrayOutput) ElementType() reflect.Type
func (SamlArrayOutput) Index ¶
func (o SamlArrayOutput) Index(i pulumi.IntInput) SamlOutput
func (SamlArrayOutput) ToSamlArrayOutput ¶
func (o SamlArrayOutput) ToSamlArrayOutput() SamlArrayOutput
func (SamlArrayOutput) ToSamlArrayOutputWithContext ¶
func (o SamlArrayOutput) ToSamlArrayOutputWithContext(ctx context.Context) SamlArrayOutput
type SamlInput ¶
type SamlInput interface { pulumi.Input ToSamlOutput() SamlOutput ToSamlOutputWithContext(ctx context.Context) SamlOutput }
type SamlKey ¶
type SamlKey struct { pulumi.CustomResourceState // Date created. Created pulumi.StringOutput `pulumi:"created"` // Date the cert expires. ExpiresAt pulumi.StringOutput `pulumi:"expiresAt"` // Key ID. Kid pulumi.StringOutput `pulumi:"kid"` // Identifies the cryptographic algorithm family used with the key. Kty pulumi.StringOutput `pulumi:"kty"` // Intended use of the public key. Use pulumi.StringOutput `pulumi:"use"` // base64-encoded X.509 certificate chain with DER encoding. X5cs pulumi.StringArrayOutput `pulumi:"x5cs"` // base64url-encoded SHA-256 thumbprint of the DER encoding of an X.509 certificate. X5tS256 pulumi.StringOutput `pulumi:"x5tS256"` }
## Example Usage
## Import
A SAML IdP Signing Key can be imported via the key id.
```sh $ pulumi import okta:idp/samlKey:SamlKey example <key id> ```
func GetSamlKey ¶
func GetSamlKey(ctx *pulumi.Context, name string, id pulumi.IDInput, state *SamlKeyState, opts ...pulumi.ResourceOption) (*SamlKey, error)
GetSamlKey gets an existing SamlKey resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewSamlKey ¶
func NewSamlKey(ctx *pulumi.Context, name string, args *SamlKeyArgs, opts ...pulumi.ResourceOption) (*SamlKey, error)
NewSamlKey registers a new resource with the given unique name, arguments, and options.
func (*SamlKey) ElementType ¶
func (*SamlKey) ToSamlKeyOutput ¶
func (i *SamlKey) ToSamlKeyOutput() SamlKeyOutput
func (*SamlKey) ToSamlKeyOutputWithContext ¶
func (i *SamlKey) ToSamlKeyOutputWithContext(ctx context.Context) SamlKeyOutput
type SamlKeyArgs ¶
type SamlKeyArgs struct { // base64-encoded X.509 certificate chain with DER encoding. X5cs pulumi.StringArrayInput }
The set of arguments for constructing a SamlKey resource.
func (SamlKeyArgs) ElementType ¶
func (SamlKeyArgs) ElementType() reflect.Type
type SamlKeyArray ¶
type SamlKeyArray []SamlKeyInput
func (SamlKeyArray) ElementType ¶
func (SamlKeyArray) ElementType() reflect.Type
func (SamlKeyArray) ToSamlKeyArrayOutput ¶
func (i SamlKeyArray) ToSamlKeyArrayOutput() SamlKeyArrayOutput
func (SamlKeyArray) ToSamlKeyArrayOutputWithContext ¶
func (i SamlKeyArray) ToSamlKeyArrayOutputWithContext(ctx context.Context) SamlKeyArrayOutput
type SamlKeyArrayInput ¶
type SamlKeyArrayInput interface { pulumi.Input ToSamlKeyArrayOutput() SamlKeyArrayOutput ToSamlKeyArrayOutputWithContext(context.Context) SamlKeyArrayOutput }
SamlKeyArrayInput is an input type that accepts SamlKeyArray and SamlKeyArrayOutput values. You can construct a concrete instance of `SamlKeyArrayInput` via:
SamlKeyArray{ SamlKeyArgs{...} }
type SamlKeyArrayOutput ¶
type SamlKeyArrayOutput struct{ *pulumi.OutputState }
func (SamlKeyArrayOutput) ElementType ¶
func (SamlKeyArrayOutput) ElementType() reflect.Type
func (SamlKeyArrayOutput) Index ¶
func (o SamlKeyArrayOutput) Index(i pulumi.IntInput) SamlKeyOutput
func (SamlKeyArrayOutput) ToSamlKeyArrayOutput ¶
func (o SamlKeyArrayOutput) ToSamlKeyArrayOutput() SamlKeyArrayOutput
func (SamlKeyArrayOutput) ToSamlKeyArrayOutputWithContext ¶
func (o SamlKeyArrayOutput) ToSamlKeyArrayOutputWithContext(ctx context.Context) SamlKeyArrayOutput
type SamlKeyInput ¶
type SamlKeyInput interface { pulumi.Input ToSamlKeyOutput() SamlKeyOutput ToSamlKeyOutputWithContext(ctx context.Context) SamlKeyOutput }
type SamlKeyMap ¶
type SamlKeyMap map[string]SamlKeyInput
func (SamlKeyMap) ElementType ¶
func (SamlKeyMap) ElementType() reflect.Type
func (SamlKeyMap) ToSamlKeyMapOutput ¶
func (i SamlKeyMap) ToSamlKeyMapOutput() SamlKeyMapOutput
func (SamlKeyMap) ToSamlKeyMapOutputWithContext ¶
func (i SamlKeyMap) ToSamlKeyMapOutputWithContext(ctx context.Context) SamlKeyMapOutput
type SamlKeyMapInput ¶
type SamlKeyMapInput interface { pulumi.Input ToSamlKeyMapOutput() SamlKeyMapOutput ToSamlKeyMapOutputWithContext(context.Context) SamlKeyMapOutput }
SamlKeyMapInput is an input type that accepts SamlKeyMap and SamlKeyMapOutput values. You can construct a concrete instance of `SamlKeyMapInput` via:
SamlKeyMap{ "key": SamlKeyArgs{...} }
type SamlKeyMapOutput ¶
type SamlKeyMapOutput struct{ *pulumi.OutputState }
func (SamlKeyMapOutput) ElementType ¶
func (SamlKeyMapOutput) ElementType() reflect.Type
func (SamlKeyMapOutput) MapIndex ¶
func (o SamlKeyMapOutput) MapIndex(k pulumi.StringInput) SamlKeyOutput
func (SamlKeyMapOutput) ToSamlKeyMapOutput ¶
func (o SamlKeyMapOutput) ToSamlKeyMapOutput() SamlKeyMapOutput
func (SamlKeyMapOutput) ToSamlKeyMapOutputWithContext ¶
func (o SamlKeyMapOutput) ToSamlKeyMapOutputWithContext(ctx context.Context) SamlKeyMapOutput
type SamlKeyOutput ¶
type SamlKeyOutput struct{ *pulumi.OutputState }
func (SamlKeyOutput) ElementType ¶
func (SamlKeyOutput) ElementType() reflect.Type
func (SamlKeyOutput) ExpiresAt ¶
func (o SamlKeyOutput) ExpiresAt() pulumi.StringOutput
Date the cert expires.
func (SamlKeyOutput) Kty ¶
func (o SamlKeyOutput) Kty() pulumi.StringOutput
Identifies the cryptographic algorithm family used with the key.
func (SamlKeyOutput) ToSamlKeyOutput ¶
func (o SamlKeyOutput) ToSamlKeyOutput() SamlKeyOutput
func (SamlKeyOutput) ToSamlKeyOutputWithContext ¶
func (o SamlKeyOutput) ToSamlKeyOutputWithContext(ctx context.Context) SamlKeyOutput
func (SamlKeyOutput) Use ¶
func (o SamlKeyOutput) Use() pulumi.StringOutput
Intended use of the public key.
func (SamlKeyOutput) X5cs ¶
func (o SamlKeyOutput) X5cs() pulumi.StringArrayOutput
base64-encoded X.509 certificate chain with DER encoding.
func (SamlKeyOutput) X5tS256 ¶
func (o SamlKeyOutput) X5tS256() pulumi.StringOutput
base64url-encoded SHA-256 thumbprint of the DER encoding of an X.509 certificate.
type SamlKeyState ¶
type SamlKeyState struct { // Date created. Created pulumi.StringPtrInput // Date the cert expires. ExpiresAt pulumi.StringPtrInput // Key ID. Kid pulumi.StringPtrInput // Identifies the cryptographic algorithm family used with the key. Kty pulumi.StringPtrInput // Intended use of the public key. Use pulumi.StringPtrInput // base64-encoded X.509 certificate chain with DER encoding. X5cs pulumi.StringArrayInput // base64url-encoded SHA-256 thumbprint of the DER encoding of an X.509 certificate. X5tS256 pulumi.StringPtrInput }
func (SamlKeyState) ElementType ¶
func (SamlKeyState) ElementType() reflect.Type
type SamlMap ¶
func (SamlMap) ElementType ¶
func (SamlMap) ToSamlMapOutput ¶
func (i SamlMap) ToSamlMapOutput() SamlMapOutput
func (SamlMap) ToSamlMapOutputWithContext ¶
func (i SamlMap) ToSamlMapOutputWithContext(ctx context.Context) SamlMapOutput
type SamlMapInput ¶
type SamlMapInput interface { pulumi.Input ToSamlMapOutput() SamlMapOutput ToSamlMapOutputWithContext(context.Context) SamlMapOutput }
SamlMapInput is an input type that accepts SamlMap and SamlMapOutput values. You can construct a concrete instance of `SamlMapInput` via:
SamlMap{ "key": SamlArgs{...} }
type SamlMapOutput ¶
type SamlMapOutput struct{ *pulumi.OutputState }
func (SamlMapOutput) ElementType ¶
func (SamlMapOutput) ElementType() reflect.Type
func (SamlMapOutput) MapIndex ¶
func (o SamlMapOutput) MapIndex(k pulumi.StringInput) SamlOutput
func (SamlMapOutput) ToSamlMapOutput ¶
func (o SamlMapOutput) ToSamlMapOutput() SamlMapOutput
func (SamlMapOutput) ToSamlMapOutputWithContext ¶
func (o SamlMapOutput) ToSamlMapOutputWithContext(ctx context.Context) SamlMapOutput
type SamlOutput ¶
type SamlOutput struct{ *pulumi.OutputState }
func (SamlOutput) AccountLinkAction ¶
func (o SamlOutput) AccountLinkAction() pulumi.StringPtrOutput
Specifies the account linking action for an IdP user.
func (SamlOutput) AccountLinkGroupIncludes ¶
func (o SamlOutput) AccountLinkGroupIncludes() pulumi.StringArrayOutput
Group memberships to determine link candidates.
func (SamlOutput) AcsBinding ¶
func (o SamlOutput) AcsBinding() pulumi.StringOutput
func (SamlOutput) AcsType ¶
func (o SamlOutput) AcsType() pulumi.StringPtrOutput
The type of ACS. It can be `"INSTANCE"` or `"ORG"`.
func (SamlOutput) Audience ¶
func (o SamlOutput) Audience() pulumi.StringOutput
The audience restriction for the IdP.
func (SamlOutput) DeprovisionedAction ¶
func (o SamlOutput) DeprovisionedAction() pulumi.StringPtrOutput
Action for a previously deprovisioned IdP user during authentication. Can be `"NONE"` or `"REACTIVATE"`.
func (SamlOutput) ElementType ¶
func (SamlOutput) ElementType() reflect.Type
func (SamlOutput) GroupsAction ¶
func (o SamlOutput) GroupsAction() pulumi.StringPtrOutput
Provisioning action for IdP user's group memberships. It can be `"NONE"`, `"SYNC"`, `"APPEND"`, or `"ASSIGN"`.
func (SamlOutput) GroupsAssignments ¶
func (o SamlOutput) GroupsAssignments() pulumi.StringArrayOutput
List of Okta Group IDs to add an IdP user as a member with the `"ASSIGN"` `groupsAction`.
func (SamlOutput) GroupsAttribute ¶
func (o SamlOutput) GroupsAttribute() pulumi.StringPtrOutput
IdP user profile attribute name (case-insensitive) for an array value that contains group memberships.
func (SamlOutput) GroupsFilters ¶
func (o SamlOutput) GroupsFilters() pulumi.StringArrayOutput
Whitelist of Okta Group identifiers that are allowed for the `"APPEND"` or `"SYNC"` `groupsAction`.
func (SamlOutput) Issuer ¶
func (o SamlOutput) Issuer() pulumi.StringOutput
URI that identifies the issuer.
func (SamlOutput) IssuerMode ¶
func (o SamlOutput) IssuerMode() pulumi.StringPtrOutput
Indicates whether Okta uses the original Okta org domain URL, or a custom domain URL. It can be `"ORG_URL"` or `"CUSTOM_URL"`.
func (SamlOutput) MaxClockSkew ¶
func (o SamlOutput) MaxClockSkew() pulumi.IntPtrOutput
Maximum allowable clock-skew when processing messages from the IdP.
func (SamlOutput) Name ¶
func (o SamlOutput) Name() pulumi.StringOutput
The Application's display name.
func (SamlOutput) NameFormat ¶
func (o SamlOutput) NameFormat() pulumi.StringPtrOutput
The name identifier format to use. By default `"urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"`.
func (SamlOutput) ProfileMaster ¶
func (o SamlOutput) ProfileMaster() pulumi.BoolPtrOutput
Determines if the IdP should act as a source of truth for user profile attributes.
func (SamlOutput) ProvisioningAction ¶
func (o SamlOutput) ProvisioningAction() pulumi.StringPtrOutput
Provisioning action for an IdP user during authentication.
func (SamlOutput) RequestSignatureAlgorithm ¶
func (o SamlOutput) RequestSignatureAlgorithm() pulumi.StringPtrOutput
The XML digital signature algorithm used when signing an AuthnRequest message. It can be `"SHA-256"` or `"SHA-1"`.
func (SamlOutput) RequestSignatureScope ¶
func (o SamlOutput) RequestSignatureScope() pulumi.StringPtrOutput
Specifies whether to digitally sign an AuthnRequest messages to the IdP. It can be `"REQUEST"` or `"NONE"`.
func (SamlOutput) ResponseSignatureAlgorithm ¶
func (o SamlOutput) ResponseSignatureAlgorithm() pulumi.StringPtrOutput
The minimum XML digital signature algorithm allowed when verifying a SAMLResponse message or Assertion element. It can be `"SHA-256"` or `"SHA-1"`.
func (SamlOutput) ResponseSignatureScope ¶
func (o SamlOutput) ResponseSignatureScope() pulumi.StringPtrOutput
Specifies whether to verify a SAMLResponse message or Assertion element XML digital signature. It can be `"RESPONSE"`, `"ASSERTION"`, or `"ANY"`.
func (SamlOutput) SsoBinding ¶
func (o SamlOutput) SsoBinding() pulumi.StringPtrOutput
The method of making an SSO request. It can be set to `"HTTP-POST"` or `"HTTP-REDIRECT"`.
func (SamlOutput) SsoDestination ¶
func (o SamlOutput) SsoDestination() pulumi.StringPtrOutput
URI reference indicating the address to which the AuthnRequest message is sent.
func (SamlOutput) SsoUrl ¶
func (o SamlOutput) SsoUrl() pulumi.StringOutput
URL of binding-specific endpoint to send an AuthnRequest message to IdP.
func (SamlOutput) SubjectFilter ¶
func (o SamlOutput) SubjectFilter() pulumi.StringPtrOutput
Optional regular expression pattern used to filter untrusted IdP usernames.
func (SamlOutput) SubjectFormats ¶
func (o SamlOutput) SubjectFormats() pulumi.StringArrayOutput
The name format. By default `"urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"`.
func (SamlOutput) SubjectMatchAttribute ¶
func (o SamlOutput) SubjectMatchAttribute() pulumi.StringPtrOutput
Okta user profile attribute for matching transformed IdP username. Only for matchType `"CUSTOM_ATTRIBUTE"`.
func (SamlOutput) SubjectMatchType ¶
func (o SamlOutput) SubjectMatchType() pulumi.StringPtrOutput
Determines the Okta user profile attribute match conditions for account linking and authentication of the transformed IdP username. By default, it is set to `"USERNAME"`. It can be set to `"USERNAME"`, `"EMAIL"`, `"USERNAME_OR_EMAIL"` or `"CUSTOM_ATTRIBUTE"`.
func (SamlOutput) SuspendedAction ¶
func (o SamlOutput) SuspendedAction() pulumi.StringPtrOutput
Action for a previously suspended IdP user during authentication. Can be set to `"NONE"` or `"UNSUSPEND"`
func (SamlOutput) ToSamlOutput ¶
func (o SamlOutput) ToSamlOutput() SamlOutput
func (SamlOutput) ToSamlOutputWithContext ¶
func (o SamlOutput) ToSamlOutputWithContext(ctx context.Context) SamlOutput
func (SamlOutput) UserTypeId ¶
func (o SamlOutput) UserTypeId() pulumi.StringOutput
User type ID. Can be used as `targetId` in the `profile.Mapping` resource.
func (SamlOutput) UsernameTemplate ¶
func (o SamlOutput) UsernameTemplate() pulumi.StringPtrOutput
Okta EL Expression to generate or transform a unique username for the IdP user.
type SamlState ¶
type SamlState struct { // Specifies the account linking action for an IdP user. AccountLinkAction pulumi.StringPtrInput // Group memberships to determine link candidates. AccountLinkGroupIncludes pulumi.StringArrayInput AcsBinding pulumi.StringPtrInput // The type of ACS. It can be `"INSTANCE"` or `"ORG"`. AcsType pulumi.StringPtrInput // The audience restriction for the IdP. Audience pulumi.StringPtrInput // Action for a previously deprovisioned IdP user during authentication. Can be `"NONE"` or `"REACTIVATE"`. DeprovisionedAction pulumi.StringPtrInput // Provisioning action for IdP user's group memberships. It can be `"NONE"`, `"SYNC"`, `"APPEND"`, or `"ASSIGN"`. GroupsAction pulumi.StringPtrInput // List of Okta Group IDs to add an IdP user as a member with the `"ASSIGN"` `groupsAction`. GroupsAssignments pulumi.StringArrayInput // IdP user profile attribute name (case-insensitive) for an array value that contains group memberships. GroupsAttribute pulumi.StringPtrInput // Whitelist of Okta Group identifiers that are allowed for the `"APPEND"` or `"SYNC"` `groupsAction`. GroupsFilters pulumi.StringArrayInput // URI that identifies the issuer. Issuer pulumi.StringPtrInput // Indicates whether Okta uses the original Okta org domain URL, or a custom domain URL. It can be `"ORG_URL"` or `"CUSTOM_URL"`. IssuerMode pulumi.StringPtrInput // The ID of the signing key. Kid pulumi.StringPtrInput // Maximum allowable clock-skew when processing messages from the IdP. MaxClockSkew pulumi.IntPtrInput // The Application's display name. Name pulumi.StringPtrInput // The name identifier format to use. By default `"urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"`. NameFormat pulumi.StringPtrInput // Determines if the IdP should act as a source of truth for user profile attributes. ProfileMaster pulumi.BoolPtrInput // Provisioning action for an IdP user during authentication. ProvisioningAction pulumi.StringPtrInput // The XML digital signature algorithm used when signing an AuthnRequest message. It can be `"SHA-256"` or `"SHA-1"`. RequestSignatureAlgorithm pulumi.StringPtrInput // Specifies whether to digitally sign an AuthnRequest messages to the IdP. It can be `"REQUEST"` or `"NONE"`. RequestSignatureScope pulumi.StringPtrInput // The minimum XML digital signature algorithm allowed when verifying a SAMLResponse message or Assertion element. It can be `"SHA-256"` or `"SHA-1"`. ResponseSignatureAlgorithm pulumi.StringPtrInput // Specifies whether to verify a SAMLResponse message or Assertion element XML digital signature. It can be `"RESPONSE"`, `"ASSERTION"`, or `"ANY"`. ResponseSignatureScope pulumi.StringPtrInput // The method of making an SSO request. It can be set to `"HTTP-POST"` or `"HTTP-REDIRECT"`. SsoBinding pulumi.StringPtrInput // URI reference indicating the address to which the AuthnRequest message is sent. SsoDestination pulumi.StringPtrInput // URL of binding-specific endpoint to send an AuthnRequest message to IdP. SsoUrl pulumi.StringPtrInput // Status of the IdP. Status pulumi.StringPtrInput // Optional regular expression pattern used to filter untrusted IdP usernames. SubjectFilter pulumi.StringPtrInput // The name format. By default `"urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"`. SubjectFormats pulumi.StringArrayInput // Okta user profile attribute for matching transformed IdP username. Only for matchType `"CUSTOM_ATTRIBUTE"`. SubjectMatchAttribute pulumi.StringPtrInput // Determines the Okta user profile attribute match conditions for account linking and authentication of the transformed IdP username. By default, it is set to `"USERNAME"`. It can be set to `"USERNAME"`, `"EMAIL"`, `"USERNAME_OR_EMAIL"` or `"CUSTOM_ATTRIBUTE"`. SubjectMatchType pulumi.StringPtrInput // Action for a previously suspended IdP user during authentication. Can be set to `"NONE"` or `"UNSUSPEND"` SuspendedAction pulumi.StringPtrInput // Type of the IdP. Type pulumi.StringPtrInput // User type ID. Can be used as `targetId` in the `profile.Mapping` resource. UserTypeId pulumi.StringPtrInput // Okta EL Expression to generate or transform a unique username for the IdP user. UsernameTemplate pulumi.StringPtrInput }
func (SamlState) ElementType ¶
type Social ¶
type Social struct { pulumi.CustomResourceState // Specifies the account linking action for an IdP user. AccountLinkAction pulumi.StringPtrOutput `pulumi:"accountLinkAction"` // Group memberships to determine link candidates. AccountLinkGroupIncludes pulumi.StringArrayOutput `pulumi:"accountLinkGroupIncludes"` // The Key ID that you obtained from Apple when you created the private key for the client. AppleKid pulumi.StringPtrOutput `pulumi:"appleKid"` // The Key ID that you obtained from Apple when you created the private // key for the client. PrivateKey is required when resource is first created. For all consecutive updates, it can be empty/omitted // and keeps the existing value if it is empty/omitted. PrivateKey isn't returned when importing this resource. ApplePrivateKey pulumi.StringPtrOutput `pulumi:"applePrivateKey"` // The Team ID associated with your Apple developer account. AppleTeamId pulumi.StringPtrOutput `pulumi:"appleTeamId"` // The method of making an authorization request. It can be set to `"HTTP-POST"` or `"HTTP-REDIRECT"`. AuthorizationBinding pulumi.StringOutput `pulumi:"authorizationBinding"` // IdP Authorization Server (AS) endpoint to request consent from the user and obtain an authorization code grant. AuthorizationUrl pulumi.StringOutput `pulumi:"authorizationUrl"` // Unique identifier issued by AS for the Okta IdP instance. ClientId pulumi.StringPtrOutput `pulumi:"clientId"` // Client secret issued by AS for the Okta IdP instance. ClientSecret pulumi.StringPtrOutput `pulumi:"clientSecret"` // Action for a previously deprovisioned IdP user during authentication. Can be `"NONE"` or `"REACTIVATE"`. DeprovisionedAction pulumi.StringPtrOutput `pulumi:"deprovisionedAction"` // Provisioning action for IdP user's group memberships. It can be `"NONE"`, `"SYNC"`, `"APPEND"`, or `"ASSIGN"`. GroupsAction pulumi.StringPtrOutput `pulumi:"groupsAction"` // List of Okta Group IDs to add an IdP user as a member with the `"ASSIGN"` `groupsAction`. GroupsAssignments pulumi.StringArrayOutput `pulumi:"groupsAssignments"` // IdP user profile attribute name (case-insensitive) for an array value that contains group memberships. GroupsAttribute pulumi.StringPtrOutput `pulumi:"groupsAttribute"` // Whitelist of Okta Group identifiers that are allowed for the `"APPEND"` or `"SYNC"` `groupsAction`. GroupsFilters pulumi.StringArrayOutput `pulumi:"groupsFilters"` // Indicates whether Okta uses the original Okta org domain URL, or a custom domain URL. It can be `"ORG_URL"` or `"CUSTOM_URL"`. IssuerMode pulumi.StringPtrOutput `pulumi:"issuerMode"` // Maximum allowable clock-skew when processing messages from the IdP. MaxClockSkew pulumi.IntPtrOutput `pulumi:"maxClockSkew"` // The Application's display name. Name pulumi.StringOutput `pulumi:"name"` // Determines if the IdP should act as a source of truth for user profile attributes. ProfileMaster pulumi.BoolPtrOutput `pulumi:"profileMaster"` // The type of protocol to use. It can be `"OIDC"` or `"OAUTH2"`. ProtocolType pulumi.StringPtrOutput `pulumi:"protocolType"` // Provisioning action for an IdP user during authentication. ProvisioningAction pulumi.StringPtrOutput `pulumi:"provisioningAction"` // The scopes of the IdP. Scopes pulumi.StringArrayOutput `pulumi:"scopes"` // Status of the IdP. Status pulumi.StringPtrOutput `pulumi:"status"` // Okta user profile attribute for matching transformed IdP username. Only for matchType `"CUSTOM_ATTRIBUTE"`. SubjectMatchAttribute pulumi.StringPtrOutput `pulumi:"subjectMatchAttribute"` // Determines the Okta user profile attribute match conditions for account linking and authentication of the transformed IdP username. By default, it is set to `"USERNAME"`. It can be set to `"USERNAME"`, `"EMAIL"`, `"USERNAME_OR_EMAIL"` or `"CUSTOM_ATTRIBUTE"`. SubjectMatchType pulumi.StringPtrOutput `pulumi:"subjectMatchType"` // Action for a previously suspended IdP user during authentication. Can be set to `"NONE"` or `"UNSUSPEND"` SuspendedAction pulumi.StringPtrOutput `pulumi:"suspendedAction"` // The method of making a token request. It can be set to `"HTTP-POST"` or `"HTTP-REDIRECT"`. TokenBinding pulumi.StringOutput `pulumi:"tokenBinding"` // IdP Authorization Server (AS) endpoint to exchange the authorization code grant for an access token. TokenUrl pulumi.StringOutput `pulumi:"tokenUrl"` // The type of Social IdP. See API docs [Identity Provider Type](https://developer.okta.com/docs/reference/api/idps/#identity-provider-type) Type pulumi.StringOutput `pulumi:"type"` // Okta EL Expression to generate or transform a unique username for the IdP user. UsernameTemplate pulumi.StringPtrOutput `pulumi:"usernameTemplate"` }
Creates a Social Identity Provider.
This resource allows you to create and configure a Social Identity Provider.
## Example Usage
<!--Start PulumiCodeChooser --> ```go package main
import (
"github.com/pulumi/pulumi-okta/sdk/v4/go/okta/idp" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := idp.NewSocial(ctx, "example", &idp.SocialArgs{ ClientId: pulumi.String("abcd123"), ClientSecret: pulumi.String("abcd123"), ProtocolType: pulumi.String("OAUTH2"), Scopes: pulumi.StringArray{ pulumi.String("public_profile"), pulumi.String("email"), }, Type: pulumi.String("FACEBOOK"), UsernameTemplate: pulumi.String("idpuser.email"), }) if err != nil { return err } return nil }) }
``` <!--End PulumiCodeChooser -->
## Import
A Social IdP can be imported via the Okta ID.
```sh $ pulumi import okta:idp/social:Social example <idp id> ```
func GetSocial ¶
func GetSocial(ctx *pulumi.Context, name string, id pulumi.IDInput, state *SocialState, opts ...pulumi.ResourceOption) (*Social, error)
GetSocial gets an existing Social resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewSocial ¶
func NewSocial(ctx *pulumi.Context, name string, args *SocialArgs, opts ...pulumi.ResourceOption) (*Social, error)
NewSocial registers a new resource with the given unique name, arguments, and options.
func (*Social) ElementType ¶
func (*Social) ToSocialOutput ¶
func (i *Social) ToSocialOutput() SocialOutput
func (*Social) ToSocialOutputWithContext ¶
func (i *Social) ToSocialOutputWithContext(ctx context.Context) SocialOutput
type SocialArgs ¶
type SocialArgs struct { // Specifies the account linking action for an IdP user. AccountLinkAction pulumi.StringPtrInput // Group memberships to determine link candidates. AccountLinkGroupIncludes pulumi.StringArrayInput // The Key ID that you obtained from Apple when you created the private key for the client. AppleKid pulumi.StringPtrInput // The Key ID that you obtained from Apple when you created the private // key for the client. PrivateKey is required when resource is first created. For all consecutive updates, it can be empty/omitted // and keeps the existing value if it is empty/omitted. PrivateKey isn't returned when importing this resource. ApplePrivateKey pulumi.StringPtrInput // The Team ID associated with your Apple developer account. AppleTeamId pulumi.StringPtrInput // Unique identifier issued by AS for the Okta IdP instance. ClientId pulumi.StringPtrInput // Client secret issued by AS for the Okta IdP instance. ClientSecret pulumi.StringPtrInput // Action for a previously deprovisioned IdP user during authentication. Can be `"NONE"` or `"REACTIVATE"`. DeprovisionedAction pulumi.StringPtrInput // Provisioning action for IdP user's group memberships. It can be `"NONE"`, `"SYNC"`, `"APPEND"`, or `"ASSIGN"`. GroupsAction pulumi.StringPtrInput // List of Okta Group IDs to add an IdP user as a member with the `"ASSIGN"` `groupsAction`. GroupsAssignments pulumi.StringArrayInput // IdP user profile attribute name (case-insensitive) for an array value that contains group memberships. GroupsAttribute pulumi.StringPtrInput // Whitelist of Okta Group identifiers that are allowed for the `"APPEND"` or `"SYNC"` `groupsAction`. GroupsFilters pulumi.StringArrayInput // Indicates whether Okta uses the original Okta org domain URL, or a custom domain URL. It can be `"ORG_URL"` or `"CUSTOM_URL"`. IssuerMode pulumi.StringPtrInput // Maximum allowable clock-skew when processing messages from the IdP. MaxClockSkew pulumi.IntPtrInput // The Application's display name. Name pulumi.StringPtrInput // Determines if the IdP should act as a source of truth for user profile attributes. ProfileMaster pulumi.BoolPtrInput // The type of protocol to use. It can be `"OIDC"` or `"OAUTH2"`. ProtocolType pulumi.StringPtrInput // Provisioning action for an IdP user during authentication. ProvisioningAction pulumi.StringPtrInput // The scopes of the IdP. Scopes pulumi.StringArrayInput // Status of the IdP. Status pulumi.StringPtrInput // Okta user profile attribute for matching transformed IdP username. Only for matchType `"CUSTOM_ATTRIBUTE"`. SubjectMatchAttribute pulumi.StringPtrInput // Determines the Okta user profile attribute match conditions for account linking and authentication of the transformed IdP username. By default, it is set to `"USERNAME"`. It can be set to `"USERNAME"`, `"EMAIL"`, `"USERNAME_OR_EMAIL"` or `"CUSTOM_ATTRIBUTE"`. SubjectMatchType pulumi.StringPtrInput // Action for a previously suspended IdP user during authentication. Can be set to `"NONE"` or `"UNSUSPEND"` SuspendedAction pulumi.StringPtrInput // The type of Social IdP. See API docs [Identity Provider Type](https://developer.okta.com/docs/reference/api/idps/#identity-provider-type) Type pulumi.StringInput // Okta EL Expression to generate or transform a unique username for the IdP user. UsernameTemplate pulumi.StringPtrInput }
The set of arguments for constructing a Social resource.
func (SocialArgs) ElementType ¶
func (SocialArgs) ElementType() reflect.Type
type SocialArray ¶
type SocialArray []SocialInput
func (SocialArray) ElementType ¶
func (SocialArray) ElementType() reflect.Type
func (SocialArray) ToSocialArrayOutput ¶
func (i SocialArray) ToSocialArrayOutput() SocialArrayOutput
func (SocialArray) ToSocialArrayOutputWithContext ¶
func (i SocialArray) ToSocialArrayOutputWithContext(ctx context.Context) SocialArrayOutput
type SocialArrayInput ¶
type SocialArrayInput interface { pulumi.Input ToSocialArrayOutput() SocialArrayOutput ToSocialArrayOutputWithContext(context.Context) SocialArrayOutput }
SocialArrayInput is an input type that accepts SocialArray and SocialArrayOutput values. You can construct a concrete instance of `SocialArrayInput` via:
SocialArray{ SocialArgs{...} }
type SocialArrayOutput ¶
type SocialArrayOutput struct{ *pulumi.OutputState }
func (SocialArrayOutput) ElementType ¶
func (SocialArrayOutput) ElementType() reflect.Type
func (SocialArrayOutput) Index ¶
func (o SocialArrayOutput) Index(i pulumi.IntInput) SocialOutput
func (SocialArrayOutput) ToSocialArrayOutput ¶
func (o SocialArrayOutput) ToSocialArrayOutput() SocialArrayOutput
func (SocialArrayOutput) ToSocialArrayOutputWithContext ¶
func (o SocialArrayOutput) ToSocialArrayOutputWithContext(ctx context.Context) SocialArrayOutput
type SocialInput ¶
type SocialInput interface { pulumi.Input ToSocialOutput() SocialOutput ToSocialOutputWithContext(ctx context.Context) SocialOutput }
type SocialMap ¶
type SocialMap map[string]SocialInput
func (SocialMap) ElementType ¶
func (SocialMap) ToSocialMapOutput ¶
func (i SocialMap) ToSocialMapOutput() SocialMapOutput
func (SocialMap) ToSocialMapOutputWithContext ¶
func (i SocialMap) ToSocialMapOutputWithContext(ctx context.Context) SocialMapOutput
type SocialMapInput ¶
type SocialMapInput interface { pulumi.Input ToSocialMapOutput() SocialMapOutput ToSocialMapOutputWithContext(context.Context) SocialMapOutput }
SocialMapInput is an input type that accepts SocialMap and SocialMapOutput values. You can construct a concrete instance of `SocialMapInput` via:
SocialMap{ "key": SocialArgs{...} }
type SocialMapOutput ¶
type SocialMapOutput struct{ *pulumi.OutputState }
func (SocialMapOutput) ElementType ¶
func (SocialMapOutput) ElementType() reflect.Type
func (SocialMapOutput) MapIndex ¶
func (o SocialMapOutput) MapIndex(k pulumi.StringInput) SocialOutput
func (SocialMapOutput) ToSocialMapOutput ¶
func (o SocialMapOutput) ToSocialMapOutput() SocialMapOutput
func (SocialMapOutput) ToSocialMapOutputWithContext ¶
func (o SocialMapOutput) ToSocialMapOutputWithContext(ctx context.Context) SocialMapOutput
type SocialOutput ¶
type SocialOutput struct{ *pulumi.OutputState }
func (SocialOutput) AccountLinkAction ¶
func (o SocialOutput) AccountLinkAction() pulumi.StringPtrOutput
Specifies the account linking action for an IdP user.
func (SocialOutput) AccountLinkGroupIncludes ¶
func (o SocialOutput) AccountLinkGroupIncludes() pulumi.StringArrayOutput
Group memberships to determine link candidates.
func (SocialOutput) AppleKid ¶
func (o SocialOutput) AppleKid() pulumi.StringPtrOutput
The Key ID that you obtained from Apple when you created the private key for the client.
func (SocialOutput) ApplePrivateKey ¶
func (o SocialOutput) ApplePrivateKey() pulumi.StringPtrOutput
The Key ID that you obtained from Apple when you created the private key for the client. PrivateKey is required when resource is first created. For all consecutive updates, it can be empty/omitted and keeps the existing value if it is empty/omitted. PrivateKey isn't returned when importing this resource.
func (SocialOutput) AppleTeamId ¶
func (o SocialOutput) AppleTeamId() pulumi.StringPtrOutput
The Team ID associated with your Apple developer account.
func (SocialOutput) AuthorizationBinding ¶
func (o SocialOutput) AuthorizationBinding() pulumi.StringOutput
The method of making an authorization request. It can be set to `"HTTP-POST"` or `"HTTP-REDIRECT"`.
func (SocialOutput) AuthorizationUrl ¶
func (o SocialOutput) AuthorizationUrl() pulumi.StringOutput
IdP Authorization Server (AS) endpoint to request consent from the user and obtain an authorization code grant.
func (SocialOutput) ClientId ¶
func (o SocialOutput) ClientId() pulumi.StringPtrOutput
Unique identifier issued by AS for the Okta IdP instance.
func (SocialOutput) ClientSecret ¶
func (o SocialOutput) ClientSecret() pulumi.StringPtrOutput
Client secret issued by AS for the Okta IdP instance.
func (SocialOutput) DeprovisionedAction ¶
func (o SocialOutput) DeprovisionedAction() pulumi.StringPtrOutput
Action for a previously deprovisioned IdP user during authentication. Can be `"NONE"` or `"REACTIVATE"`.
func (SocialOutput) ElementType ¶
func (SocialOutput) ElementType() reflect.Type
func (SocialOutput) GroupsAction ¶
func (o SocialOutput) GroupsAction() pulumi.StringPtrOutput
Provisioning action for IdP user's group memberships. It can be `"NONE"`, `"SYNC"`, `"APPEND"`, or `"ASSIGN"`.
func (SocialOutput) GroupsAssignments ¶
func (o SocialOutput) GroupsAssignments() pulumi.StringArrayOutput
List of Okta Group IDs to add an IdP user as a member with the `"ASSIGN"` `groupsAction`.
func (SocialOutput) GroupsAttribute ¶
func (o SocialOutput) GroupsAttribute() pulumi.StringPtrOutput
IdP user profile attribute name (case-insensitive) for an array value that contains group memberships.
func (SocialOutput) GroupsFilters ¶
func (o SocialOutput) GroupsFilters() pulumi.StringArrayOutput
Whitelist of Okta Group identifiers that are allowed for the `"APPEND"` or `"SYNC"` `groupsAction`.
func (SocialOutput) IssuerMode ¶
func (o SocialOutput) IssuerMode() pulumi.StringPtrOutput
Indicates whether Okta uses the original Okta org domain URL, or a custom domain URL. It can be `"ORG_URL"` or `"CUSTOM_URL"`.
func (SocialOutput) MaxClockSkew ¶
func (o SocialOutput) MaxClockSkew() pulumi.IntPtrOutput
Maximum allowable clock-skew when processing messages from the IdP.
func (SocialOutput) Name ¶
func (o SocialOutput) Name() pulumi.StringOutput
The Application's display name.
func (SocialOutput) ProfileMaster ¶
func (o SocialOutput) ProfileMaster() pulumi.BoolPtrOutput
Determines if the IdP should act as a source of truth for user profile attributes.
func (SocialOutput) ProtocolType ¶
func (o SocialOutput) ProtocolType() pulumi.StringPtrOutput
The type of protocol to use. It can be `"OIDC"` or `"OAUTH2"`.
func (SocialOutput) ProvisioningAction ¶
func (o SocialOutput) ProvisioningAction() pulumi.StringPtrOutput
Provisioning action for an IdP user during authentication.
func (SocialOutput) Scopes ¶
func (o SocialOutput) Scopes() pulumi.StringArrayOutput
The scopes of the IdP.
func (SocialOutput) Status ¶
func (o SocialOutput) Status() pulumi.StringPtrOutput
Status of the IdP.
func (SocialOutput) SubjectMatchAttribute ¶
func (o SocialOutput) SubjectMatchAttribute() pulumi.StringPtrOutput
Okta user profile attribute for matching transformed IdP username. Only for matchType `"CUSTOM_ATTRIBUTE"`.
func (SocialOutput) SubjectMatchType ¶
func (o SocialOutput) SubjectMatchType() pulumi.StringPtrOutput
Determines the Okta user profile attribute match conditions for account linking and authentication of the transformed IdP username. By default, it is set to `"USERNAME"`. It can be set to `"USERNAME"`, `"EMAIL"`, `"USERNAME_OR_EMAIL"` or `"CUSTOM_ATTRIBUTE"`.
func (SocialOutput) SuspendedAction ¶
func (o SocialOutput) SuspendedAction() pulumi.StringPtrOutput
Action for a previously suspended IdP user during authentication. Can be set to `"NONE"` or `"UNSUSPEND"`
func (SocialOutput) ToSocialOutput ¶
func (o SocialOutput) ToSocialOutput() SocialOutput
func (SocialOutput) ToSocialOutputWithContext ¶
func (o SocialOutput) ToSocialOutputWithContext(ctx context.Context) SocialOutput
func (SocialOutput) TokenBinding ¶
func (o SocialOutput) TokenBinding() pulumi.StringOutput
The method of making a token request. It can be set to `"HTTP-POST"` or `"HTTP-REDIRECT"`.
func (SocialOutput) TokenUrl ¶
func (o SocialOutput) TokenUrl() pulumi.StringOutput
IdP Authorization Server (AS) endpoint to exchange the authorization code grant for an access token.
func (SocialOutput) Type ¶
func (o SocialOutput) Type() pulumi.StringOutput
The type of Social IdP. See API docs [Identity Provider Type](https://developer.okta.com/docs/reference/api/idps/#identity-provider-type)
func (SocialOutput) UsernameTemplate ¶
func (o SocialOutput) UsernameTemplate() pulumi.StringPtrOutput
Okta EL Expression to generate or transform a unique username for the IdP user.
type SocialState ¶
type SocialState struct { // Specifies the account linking action for an IdP user. AccountLinkAction pulumi.StringPtrInput // Group memberships to determine link candidates. AccountLinkGroupIncludes pulumi.StringArrayInput // The Key ID that you obtained from Apple when you created the private key for the client. AppleKid pulumi.StringPtrInput // The Key ID that you obtained from Apple when you created the private // key for the client. PrivateKey is required when resource is first created. For all consecutive updates, it can be empty/omitted // and keeps the existing value if it is empty/omitted. PrivateKey isn't returned when importing this resource. ApplePrivateKey pulumi.StringPtrInput // The Team ID associated with your Apple developer account. AppleTeamId pulumi.StringPtrInput // The method of making an authorization request. It can be set to `"HTTP-POST"` or `"HTTP-REDIRECT"`. AuthorizationBinding pulumi.StringPtrInput // IdP Authorization Server (AS) endpoint to request consent from the user and obtain an authorization code grant. AuthorizationUrl pulumi.StringPtrInput // Unique identifier issued by AS for the Okta IdP instance. ClientId pulumi.StringPtrInput // Client secret issued by AS for the Okta IdP instance. ClientSecret pulumi.StringPtrInput // Action for a previously deprovisioned IdP user during authentication. Can be `"NONE"` or `"REACTIVATE"`. DeprovisionedAction pulumi.StringPtrInput // Provisioning action for IdP user's group memberships. It can be `"NONE"`, `"SYNC"`, `"APPEND"`, or `"ASSIGN"`. GroupsAction pulumi.StringPtrInput // List of Okta Group IDs to add an IdP user as a member with the `"ASSIGN"` `groupsAction`. GroupsAssignments pulumi.StringArrayInput // IdP user profile attribute name (case-insensitive) for an array value that contains group memberships. GroupsAttribute pulumi.StringPtrInput // Whitelist of Okta Group identifiers that are allowed for the `"APPEND"` or `"SYNC"` `groupsAction`. GroupsFilters pulumi.StringArrayInput // Indicates whether Okta uses the original Okta org domain URL, or a custom domain URL. It can be `"ORG_URL"` or `"CUSTOM_URL"`. IssuerMode pulumi.StringPtrInput // Maximum allowable clock-skew when processing messages from the IdP. MaxClockSkew pulumi.IntPtrInput // The Application's display name. Name pulumi.StringPtrInput // Determines if the IdP should act as a source of truth for user profile attributes. ProfileMaster pulumi.BoolPtrInput // The type of protocol to use. It can be `"OIDC"` or `"OAUTH2"`. ProtocolType pulumi.StringPtrInput // Provisioning action for an IdP user during authentication. ProvisioningAction pulumi.StringPtrInput // The scopes of the IdP. Scopes pulumi.StringArrayInput // Status of the IdP. Status pulumi.StringPtrInput // Okta user profile attribute for matching transformed IdP username. Only for matchType `"CUSTOM_ATTRIBUTE"`. SubjectMatchAttribute pulumi.StringPtrInput // Determines the Okta user profile attribute match conditions for account linking and authentication of the transformed IdP username. By default, it is set to `"USERNAME"`. It can be set to `"USERNAME"`, `"EMAIL"`, `"USERNAME_OR_EMAIL"` or `"CUSTOM_ATTRIBUTE"`. SubjectMatchType pulumi.StringPtrInput // Action for a previously suspended IdP user during authentication. Can be set to `"NONE"` or `"UNSUSPEND"` SuspendedAction pulumi.StringPtrInput // The method of making a token request. It can be set to `"HTTP-POST"` or `"HTTP-REDIRECT"`. TokenBinding pulumi.StringPtrInput // IdP Authorization Server (AS) endpoint to exchange the authorization code grant for an access token. TokenUrl pulumi.StringPtrInput // The type of Social IdP. See API docs [Identity Provider Type](https://developer.okta.com/docs/reference/api/idps/#identity-provider-type) Type pulumi.StringPtrInput // Okta EL Expression to generate or transform a unique username for the IdP user. UsernameTemplate pulumi.StringPtrInput }
func (SocialState) ElementType ¶
func (SocialState) ElementType() reflect.Type