Class Saml
Creates a SAML Identity Provider.
This resource allows you to create and configure a SAML Identity Provider.
Example Usage
using Pulumi;
using Okta = Pulumi.Okta;
class MyStack : Stack
{
public MyStack()
{
var example = new Okta.Idp.Saml("example", new Okta.Idp.SamlArgs
{
AcsBinding = "HTTP-POST",
AcsType = "INSTANCE",
Issuer = "https://idp.example.com",
Kid = okta_idp_saml_key.Test.Id,
RequestSignatureScope = "REQUEST",
ResponseSignatureScope = "ANY",
SsoBinding = "HTTP-POST",
SsoDestination = "https://idp.example.com",
SsoUrl = "https://idp.example.com",
UsernameTemplate = "idpuser.email",
});
}
}
Inherited Members
Namespace: Pulumi.Okta.Idp
Assembly: Pulumi.Okta.dll
Syntax
public class Saml : CustomResourceConstructors
View SourceSaml(String, SamlArgs, CustomResourceOptions)
Create a Saml resource with the given unique name, arguments, and options.
Declaration
public Saml(string name, SamlArgs args, CustomResourceOptions options = null)Parameters
| Type | Name | Description |
|---|---|---|
| System.String | name | The unique name of the resource |
| SamlArgs | args | The arguments used to populate this resource's properties |
| CustomResourceOptions | options | A bag of options that control this resource's behavior |
Properties
View SourceAccountLinkAction
Specifies the account linking action for an IdP user.
Declaration
public Output<string> AccountLinkAction { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
AccountLinkGroupIncludes
Group memberships to determine link candidates.
Declaration
public Output<ImmutableArray<string>> AccountLinkGroupIncludes { get; }Property Value
| Type | Description |
|---|---|
| Output<System.Collections.Immutable.ImmutableArray<System.String>> |
AcsBinding
The method of making an ACS request. It can be set to "HTTP-POST" or "HTTP-REDIRECT".
Declaration
public Output<string> AcsBinding { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
AcsType
The type of ACS. It can be "INSTANCE" or "ORG".
Declaration
public Output<string> AcsType { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
Audience
The audience restriction for the IdP.
Declaration
public Output<string> Audience { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
DeprovisionedAction
Action for a previously deprovisioned IdP user during authentication. Can be "NONE" or "REACTIVATE".
Declaration
public Output<string> DeprovisionedAction { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
GroupsAction
Provisioning action for IdP user's group memberships. It can be "NONE", "SYNC", "APPEND", or "ASSIGN".
Declaration
public Output<string> GroupsAction { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
GroupsAssignments
List of Okta Group IDs to add an IdP user as a member with the "ASSIGN" groups_action.
Declaration
public Output<ImmutableArray<string>> GroupsAssignments { get; }Property Value
| Type | Description |
|---|---|
| Output<System.Collections.Immutable.ImmutableArray<System.String>> |
GroupsAttribute
IdP user profile attribute name (case-insensitive) for an array value that contains group memberships.
Declaration
public Output<string> GroupsAttribute { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
GroupsFilters
Whitelist of Okta Group identifiers that are allowed for the "APPEND" or "SYNC" groups_action.
Declaration
public Output<ImmutableArray<string>> GroupsFilters { get; }Property Value
| Type | Description |
|---|---|
| Output<System.Collections.Immutable.ImmutableArray<System.String>> |
Issuer
URI that identifies the issuer.
Declaration
public Output<string> Issuer { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
IssuerMode
Indicates whether Okta uses the original Okta org domain URL, or a custom domain URL. It can be "ORG_URL" or "CUSTOM_URL".
Declaration
public Output<string> IssuerMode { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
Kid
The ID of the signing key.
Declaration
public Output<string> Kid { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
Name
The Application's display name.
Declaration
public Output<string> Name { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
NameFormat
The name identifier format to use. By default "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified".
Declaration
public Output<string> NameFormat { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
ProfileMaster
Determines if the IdP should act as a source of truth for user profile attributes.
Declaration
public Output<bool?> ProfileMaster { get; }Property Value
| Type | Description |
|---|---|
| Output<System.Nullable<System.Boolean>> |
ProvisioningAction
Provisioning action for an IdP user during authentication.
Declaration
public Output<string> ProvisioningAction { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
RequestSignatureAlgorithm
The XML digital signature algorithm used when signing an AuthnRequest message.
Declaration
public Output<string> RequestSignatureAlgorithm { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
RequestSignatureScope
Specifies whether or not to digitally sign an AuthnRequest messages to the IdP. It can be "REQUEST" or "NONE".
Declaration
public Output<string> RequestSignatureScope { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
ResponseSignatureAlgorithm
The minimum XML digital signature algorithm allowed when verifying a SAMLResponse message or Assertion element.
Declaration
public Output<string> ResponseSignatureAlgorithm { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
ResponseSignatureScope
Specifies whether to verify a SAMLResponse message or Assertion element XML digital signature. It can be "RESPONSE", "ASSERTION", or "ANY".
Declaration
public Output<string> ResponseSignatureScope { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
SsoBinding
The method of making an SSO request. It can be set to "HTTP-POST" or "HTTP-REDIRECT".
Declaration
public Output<string> SsoBinding { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
SsoDestination
URI reference indicating the address to which the AuthnRequest message is sent.
Declaration
public Output<string> SsoDestination { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
SsoUrl
URL of binding-specific endpoint to send an AuthnRequest message to IdP.
Declaration
public Output<string> SsoUrl { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
Status
Status of the IdP.
Declaration
public Output<string> Status { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
SubjectFilter
Optional regular expression pattern used to filter untrusted IdP usernames.
Declaration
public Output<string> SubjectFilter { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
SubjectFormats
The name formate. By default "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified".
Declaration
public Output<ImmutableArray<string>> SubjectFormats { get; }Property Value
| Type | Description |
|---|---|
| Output<System.Collections.Immutable.ImmutableArray<System.String>> |
SubjectMatchAttribute
Okta user profile attribute for matching transformed IdP username. Only for matchType "CUSTOM_ATTRIBUTE".
Declaration
public Output<string> SubjectMatchAttribute { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
SubjectMatchType
Determines the Okta user profile attribute match conditions for account linking and authentication of the transformed IdP username. By default it is set to "USERNAME". It can be set to "USERNAME", "EMAIL", "USERNAME_OR_EMAIL" or "CUSTOM_ATTRIBUTE".
Declaration
public Output<string> SubjectMatchType { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
SuspendedAction
Action for a previously suspended IdP user during authentication. Can be set to "NONE" or "UNSUSPEND"
Declaration
public Output<string> SuspendedAction { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
Type
Type of the IdP.
Declaration
public Output<string> Type { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
UsernameTemplate
Okta EL Expression to generate or transform a unique username for the IdP user.
Declaration
public Output<string> UsernameTemplate { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
Methods
View SourceGet(String, Input<String>, SamlState, CustomResourceOptions)
Get an existing Saml resource's state with the given name, ID, and optional extra properties used to qualify the lookup.
Declaration
public static Saml Get(string name, Input<string> id, SamlState state = null, CustomResourceOptions options = null)Parameters
| Type | Name | Description |
|---|---|---|
| System.String | name | The unique name of the resulting resource. |
| Input<System.String> | id | The unique provider ID of the resource to lookup. |
| SamlState | state | Any extra arguments used during the lookup. |
| CustomResourceOptions | options | A bag of options that control this resource's behavior |
Returns
| Type | Description |
|---|---|
| Saml |