Class Oidc

Creates an OIDC Identity Provider.

This resource allows you to create and configure an OIDC Identity Provider.

Example Usage

using Pulumi;
using Okta = Pulumi.Okta;

class MyStack : Stack
{
public MyStack()
{
    var example = new Okta.Idp.Oidc("example", new Okta.Idp.OidcArgs
    {
        AcsBinding = "HTTP-POST",
        AcsType = "INSTANCE",
        AuthorizationBinding = "HTTP-REDIRECT",
        AuthorizationUrl = "https://idp.example.com/authorize",
        ClientId = "efg456",
        ClientSecret = "efg456",
        IssuerUrl = "https://id.example.com",
        JwksBinding = "HTTP-REDIRECT",
        JwksUrl = "https://idp.example.com/keys",
        Scopes = 
        {
            "openid",
        },
        TokenBinding = "HTTP-POST",
        TokenUrl = "https://idp.example.com/token",
        UserInfoBinding = "HTTP-REDIRECT",
        UserInfoUrl = "https://idp.example.com/userinfo",
        UsernameTemplate = "idpuser.email",
    });
}

}
Inheritance
System.Object
Resource
CustomResource
Oidc
Inherited Members
System.Object.Equals(System.Object)
System.Object.Equals(System.Object, System.Object)
System.Object.GetHashCode()
System.Object.GetType()
System.Object.MemberwiseClone()
System.Object.ReferenceEquals(System.Object, System.Object)
System.Object.ToString()
Namespace: Pulumi.Okta.Idp
Assembly: Pulumi.Okta.dll
Syntax
public class Oidc : CustomResource

Constructors

View Source

Oidc(String, OidcArgs, CustomResourceOptions)

Create a Oidc resource with the given unique name, arguments, and options.

Declaration
public Oidc(string name, OidcArgs args, CustomResourceOptions options = null)
Parameters
Type Name Description
System.String name

The unique name of the resource
OidcArgs args

The arguments used to populate this resource's properties
CustomResourceOptions options

A bag of options that control this resource's behavior

Properties

View Source

AccountLinkAction

Specifies the account linking action for an IdP user.

Declaration
public Output<string> AccountLinkAction { get; }
Property Value
Type Description
Output<System.String>
View Source

AccountLinkGroupIncludes

Group memberships to determine link candidates.

Declaration
public Output<ImmutableArray<string>> AccountLinkGroupIncludes { get; }
Property Value
Type Description
Output<System.Collections.Immutable.ImmutableArray<System.String>>
View Source

AcsBinding

The method of making an ACS request. It can be set to &quot;HTTP-POST&quot; or &quot;HTTP-REDIRECT&quot;.

Declaration
public Output<string> AcsBinding { get; }
Property Value
Type Description
Output<System.String>
View Source

AcsType

The type of ACS. Default is &quot;INSTANCE&quot;.

Declaration
public Output<string> AcsType { get; }
Property Value
Type Description
Output<System.String>
View Source

AuthorizationBinding

The method of making an authorization request. It can be set to &quot;HTTP-POST&quot; or &quot;HTTP-REDIRECT&quot;.

Declaration
public Output<string> AuthorizationBinding { get; }
Property Value
Type Description
Output<System.String>
View Source

AuthorizationUrl

IdP Authorization Server (AS) endpoint to request consent from the user and obtain an authorization code grant.

Declaration
public Output<string> AuthorizationUrl { get; }
Property Value
Type Description
Output<System.String>
View Source

ClientId

Unique identifier issued by AS for the Okta IdP instance.

Declaration
public Output<string> ClientId { get; }
Property Value
Type Description
Output<System.String>
View Source

ClientSecret

Client secret issued by AS for the Okta IdP instance.

Declaration
public Output<string> ClientSecret { get; }
Property Value
Type Description
Output<System.String>
View Source

DeprovisionedAction

Action for a previously deprovisioned IdP user during authentication. Can be &quot;NONE&quot; or &quot;REACTIVATE&quot;.

Declaration
public Output<string> DeprovisionedAction { get; }
Property Value
Type Description
Output<System.String>
View Source

GroupsAction

Provisioning action for IdP user's group memberships. It can be &quot;NONE&quot;, &quot;SYNC&quot;, &quot;APPEND&quot;, or &quot;ASSIGN&quot;.

Declaration
public Output<string> GroupsAction { get; }
Property Value
Type Description
Output<System.String>
View Source

GroupsAssignments

List of Okta Group IDs to add an IdP user as a member with the &quot;ASSIGN&quot; groups_action.

Declaration
public Output<ImmutableArray<string>> GroupsAssignments { get; }
Property Value
Type Description
Output<System.Collections.Immutable.ImmutableArray<System.String>>
View Source

GroupsAttribute

IdP user profile attribute name (case-insensitive) for an array value that contains group memberships.

Declaration
public Output<string> GroupsAttribute { get; }
Property Value
Type Description
Output<System.String>
View Source

GroupsFilters

Whitelist of Okta Group identifiers that are allowed for the &quot;APPEND&quot; or &quot;SYNC&quot; groups_action.

Declaration
public Output<ImmutableArray<string>> GroupsFilters { get; }
Property Value
Type Description
Output<System.Collections.Immutable.ImmutableArray<System.String>>
View Source

IssuerMode

Indicates whether Okta uses the original Okta org domain URL, or a custom domain URL. It can be &quot;ORG_URL&quot; or &quot;CUSTOM_URL&quot;.

Declaration
public Output<string> IssuerMode { get; }
Property Value
Type Description
Output<System.String>
View Source

IssuerUrl

URI that identifies the issuer.

Declaration
public Output<string> IssuerUrl { get; }
Property Value
Type Description
Output<System.String>
View Source

JwksBinding

The method of making a request for the OIDC JWKS. It can be set to &quot;HTTP-POST&quot; or &quot;HTTP-REDIRECT&quot;.

Declaration
public Output<string> JwksBinding { get; }
Property Value
Type Description
Output<System.String>
View Source

JwksUrl

Endpoint where the signer of the keys publishes its keys in a JWK Set.

Declaration
public Output<string> JwksUrl { get; }
Property Value
Type Description
Output<System.String>
View Source

MaxClockSkew

Maximum allowable clock-skew when processing messages from the IdP.

Declaration
public Output<int?> MaxClockSkew { get; }
Property Value
Type Description
Output<System.Nullable<System.Int32>>
View Source

Name

The Application's display name.

Declaration
public Output<string> Name { get; }
Property Value
Type Description
Output<System.String>
View Source

ProfileMaster

Determines if the IdP should act as a source of truth for user profile attributes.

Declaration
public Output<bool?> ProfileMaster { get; }
Property Value
Type Description
Output<System.Nullable<System.Boolean>>
View Source

ProtocolType

The type of protocol to use. It can be &quot;OIDC&quot; or &quot;OAUTH2&quot;.

Declaration
public Output<string> ProtocolType { get; }
Property Value
Type Description
Output<System.String>
View Source

ProvisioningAction

Provisioning action for an IdP user during authentication.

Declaration
public Output<string> ProvisioningAction { get; }
Property Value
Type Description
Output<System.String>
View Source

RequestSignatureAlgorithm

algorithm to use to sign requests

Declaration
public Output<string> RequestSignatureAlgorithm { get; }
Property Value
Type Description
Output<System.String>
View Source

RequestSignatureScope

algorithm to use to sign response

Declaration
public Output<string> RequestSignatureScope { get; }
Property Value
Type Description
Output<System.String>
View Source

ResponseSignatureAlgorithm

algorithm to use to sign requests

Declaration
public Output<string> ResponseSignatureAlgorithm { get; }
Property Value
Type Description
Output<System.String>
View Source

ResponseSignatureScope

algorithm to use to sign response

Declaration
public Output<string> ResponseSignatureScope { get; }
Property Value
Type Description
Output<System.String>
View Source

Scopes

The scopes of the IdP.

Declaration
public Output<ImmutableArray<string>> Scopes { get; }
Property Value
Type Description
Output<System.Collections.Immutable.ImmutableArray<System.String>>
View Source

Status

Status of the IdP.

Declaration
public Output<string> Status { get; }
Property Value
Type Description
Output<System.String>
View Source

SubjectMatchAttribute

Okta user profile attribute for matching transformed IdP username. Only for matchType &quot;CUSTOM_ATTRIBUTE&quot;.

Declaration
public Output<string> SubjectMatchAttribute { get; }
Property Value
Type Description
Output<System.String>
View Source

SubjectMatchType

Determines the Okta user profile attribute match conditions for account linking and authentication of the transformed IdP username. By default it is set to &quot;USERNAME&quot;. It can be set to &quot;USERNAME&quot;, &quot;EMAIL&quot;, &quot;USERNAME_OR_EMAIL&quot; or &quot;CUSTOM_ATTRIBUTE&quot;.

Declaration
public Output<string> SubjectMatchType { get; }
Property Value
Type Description
Output<System.String>
View Source

SuspendedAction

Action for a previously suspended IdP user during authentication. Can be set to &quot;NONE&quot; or &quot;UNSUSPEND&quot;

Declaration
public Output<string> SuspendedAction { get; }
Property Value
Type Description
Output<System.String>
View Source

TokenBinding

The method of making a token request. It can be set to &quot;HTTP-POST&quot; or &quot;HTTP-REDIRECT&quot;.

Declaration
public Output<string> TokenBinding { get; }
Property Value
Type Description
Output<System.String>
View Source

TokenUrl

IdP Authorization Server (AS) endpoint to exchange the authorization code grant for an access token.

Declaration
public Output<string> TokenUrl { get; }
Property Value
Type Description
Output<System.String>
View Source

Type

Type of OIDC IdP.

Declaration
public Output<string> Type { get; }
Property Value
Type Description
Output<System.String>
View Source

UserInfoBinding

Declaration
public Output<string> UserInfoBinding { get; }
Property Value
Type Description
Output<System.String>
View Source

UserInfoUrl

Protected resource endpoint that returns claims about the authenticated user.

Declaration
public Output<string> UserInfoUrl { get; }
Property Value
Type Description
Output<System.String>
View Source

UsernameTemplate

Okta EL Expression to generate or transform a unique username for the IdP user.

Declaration
public Output<string> UsernameTemplate { get; }
Property Value
Type Description
Output<System.String>

Methods

View Source

Get(String, Input<String>, OidcState, CustomResourceOptions)

Get an existing Oidc resource's state with the given name, ID, and optional extra properties used to qualify the lookup.

Declaration
public static Oidc Get(string name, Input<string> id, OidcState state = null, CustomResourceOptions options = null)
Parameters
Type Name Description
System.String name

The unique name of the resulting resource.
Input<System.String> id

The unique provider ID of the resource to lookup.
OidcState state

Any extra arguments used during the lookup.
CustomResourceOptions options

A bag of options that control this resource's behavior
Returns
Type Description
Oidc