Module idp

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-okta repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-okta repo.

Resources

Resource Oidc

class Oidc extends CustomResource

Creates an OIDC Identity Provider.

This resource allows you to create and configure an OIDC Identity Provider.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as okta from "@pulumi/okta";

const example = new okta.idp.Oidc("example", {
    acsBinding: "HTTP-POST",
    acsType: "INSTANCE",
    authorizationBinding: "HTTP-REDIRECT",
    authorizationUrl: "https://idp.example.com/authorize",
    clientId: "efg456",
    clientSecret: "efg456",
    issuerUrl: "https://id.example.com",
    jwksBinding: "HTTP-REDIRECT",
    jwksUrl: "https://idp.example.com/keys",
    scopes: ["openid"],
    tokenBinding: "HTTP-POST",
    tokenUrl: "https://idp.example.com/token",
    userInfoBinding: "HTTP-REDIRECT",
    userInfoUrl: "https://idp.example.com/userinfo",
    usernameTemplate: "idpuser.email",
});

constructor

new Oidc(name: string, args: OidcArgs, opts?: pulumi.CustomResourceOptions)

Create a Oidc resource with the given unique name, arguments, and options.

name The unique name of the resource.
args The arguments to use to populate this resource's properties.
opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: OidcState, opts?: pulumi.CustomResourceOptions): Oidc

Get an existing Oidc resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is Oidc

Returns true if the given object is an instance of Oidc. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property accountLinkAction

public accountLinkAction: pulumi.Output<string | undefined>;

Specifies the account linking action for an IdP user.

property accountLinkGroupIncludes

public accountLinkGroupIncludes: pulumi.Output<string[] | undefined>;

Group memberships to determine link candidates.

property acsBinding

public acsBinding: pulumi.Output<string>;

The method of making an ACS request. It can be set to "HTTP-POST" or "HTTP-REDIRECT".

property acsType

public acsType: pulumi.Output<string | undefined>;

The type of ACS. Default is "INSTANCE".

property authorizationBinding

public authorizationBinding: pulumi.Output<string>;

The method of making an authorization request. It can be set to "HTTP-POST" or "HTTP-REDIRECT".

property authorizationUrl

public authorizationUrl: pulumi.Output<string>;

IdP Authorization Server (AS) endpoint to request consent from the user and obtain an authorization code grant.

property clientId

public clientId: pulumi.Output<string>;

Unique identifier issued by AS for the Okta IdP instance.

property clientSecret

public clientSecret: pulumi.Output<string>;

Client secret issued by AS for the Okta IdP instance.

property deprovisionedAction

public deprovisionedAction: pulumi.Output<string | undefined>;

Action for a previously deprovisioned IdP user during authentication. Can be "NONE" or "REACTIVATE".

property groupsAction

public groupsAction: pulumi.Output<string | undefined>;

Provisioning action for IdP user’s group memberships. It can be "NONE", "SYNC", "APPEND", or "ASSIGN".

property groupsAssignments

public groupsAssignments: pulumi.Output<string[] | undefined>;

List of Okta Group IDs to add an IdP user as a member with the "ASSIGN" groupsAction.

property groupsAttribute

public groupsAttribute: pulumi.Output<string | undefined>;

IdP user profile attribute name (case-insensitive) for an array value that contains group memberships.

property groupsFilters

public groupsFilters: pulumi.Output<string[] | undefined>;

Whitelist of Okta Group identifiers that are allowed for the "APPEND" or "SYNC" groupsAction.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property issuerMode

public issuerMode: pulumi.Output<string | undefined>;

Indicates whether Okta uses the original Okta org domain URL, or a custom domain URL. It can be "ORG_URL" or "CUSTOM_URL".

property jwksBinding

public jwksBinding: pulumi.Output<string>;

The method of making a request for the OIDC JWKS. It can be set to "HTTP-POST" or "HTTP-REDIRECT".

property jwksUrl

public jwksUrl: pulumi.Output<string>;

Endpoint where the signer of the keys publishes its keys in a JWK Set.

property maxClockSkew

public maxClockSkew: pulumi.Output<number | undefined>;

Maximum allowable clock-skew when processing messages from the IdP.

property profileMaster

public profileMaster: pulumi.Output<boolean | undefined>;

Determines if the IdP should act as a source of truth for user profile attributes.

property protocolType

public protocolType: pulumi.Output<string | undefined>;

The type of protocol to use. It can be "OIDC" or "OAUTH2".

property provisioningAction

public provisioningAction: pulumi.Output<string | undefined>;

Provisioning action for an IdP user during authentication.

property requestSignatureAlgorithm

public requestSignatureAlgorithm: pulumi.Output<string | undefined>;

algorithm to use to sign requests

property requestSignatureScope

public requestSignatureScope: pulumi.Output<string | undefined>;

algorithm to use to sign response

property responseSignatureAlgorithm

public responseSignatureAlgorithm: pulumi.Output<string | undefined>;

algorithm to use to sign requests

property responseSignatureScope

public responseSignatureScope: pulumi.Output<string | undefined>;

algorithm to use to sign response

property subjectMatchAttribute

public subjectMatchAttribute: pulumi.Output<string | undefined>;

Okta user profile attribute for matching transformed IdP username. Only for matchType "CUSTOM_ATTRIBUTE".

property subjectMatchType

public subjectMatchType: pulumi.Output<string | undefined>;

Determines the Okta user profile attribute match conditions for account linking and authentication of the transformed IdP username. By default it is set to "USERNAME". It can be set to "USERNAME", "EMAIL", "USERNAME_OR_EMAIL" or "CUSTOM_ATTRIBUTE".

property suspendedAction

public suspendedAction: pulumi.Output<string | undefined>;

Action for a previously suspended IdP user during authentication. Can be set to "NONE" or "UNSUSPEND"

property tokenBinding

public tokenBinding: pulumi.Output<string>;

The method of making a token request. It can be set to "HTTP-POST" or "HTTP-REDIRECT".

property tokenUrl

public tokenUrl: pulumi.Output<string>;

IdP Authorization Server (AS) endpoint to exchange the authorization code grant for an access token.

property type

public type: pulumi.Output<string>;

Type of OIDC IdP.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property userInfoBinding

public userInfoBinding: pulumi.Output<string | undefined>;

property userInfoUrl

public userInfoUrl: pulumi.Output<string | undefined>;

Protected resource endpoint that returns claims about the authenticated user.

property usernameTemplate

public usernameTemplate: pulumi.Output<string | undefined>;

Okta EL Expression to generate or transform a unique username for the IdP user.

Resource Saml

class Saml extends CustomResource

Creates a SAML Identity Provider.

This resource allows you to create and configure a SAML Identity Provider.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as okta from "@pulumi/okta";

const example = new okta.idp.Saml("example", {
    acsBinding: "HTTP-POST",
    acsType: "INSTANCE",
    issuer: "https://idp.example.com",
    kid: okta_idp_saml_key_test.id,
    requestSignatureScope: "REQUEST",
    responseSignatureScope: "ANY",
    ssoBinding: "HTTP-POST",
    ssoDestination: "https://idp.example.com",
    ssoUrl: "https://idp.example.com",
    usernameTemplate: "idpuser.email",
});

constructor

new Saml(name: string, args: SamlArgs, opts?: pulumi.CustomResourceOptions)

Create a Saml resource with the given unique name, arguments, and options.

name The unique name of the resource.
args The arguments to use to populate this resource's properties.
opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: SamlState, opts?: pulumi.CustomResourceOptions): Saml

Get an existing Saml resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is Saml

Returns true if the given object is an instance of Saml. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property accountLinkAction

public accountLinkAction: pulumi.Output<string | undefined>;

Specifies the account linking action for an IdP user.

property accountLinkGroupIncludes

public accountLinkGroupIncludes: pulumi.Output<string[] | undefined>;

Group memberships to determine link candidates.

property acsBinding

public acsBinding: pulumi.Output<string>;

The method of making an ACS request. It can be set to "HTTP-POST" or "HTTP-REDIRECT".

property acsType

public acsType: pulumi.Output<string | undefined>;

The type of ACS. It can be "INSTANCE" or "ORG".

property audience

public audience: pulumi.Output<string>;

The audience restriction for the IdP.

property deprovisionedAction

public deprovisionedAction: pulumi.Output<string | undefined>;

Action for a previously deprovisioned IdP user during authentication. Can be "NONE" or "REACTIVATE".

property groupsAction

public groupsAction: pulumi.Output<string | undefined>;

Provisioning action for IdP user’s group memberships. It can be "NONE", "SYNC", "APPEND", or "ASSIGN".

property groupsAssignments

public groupsAssignments: pulumi.Output<string[] | undefined>;

List of Okta Group IDs to add an IdP user as a member with the "ASSIGN" groupsAction.

property groupsAttribute

public groupsAttribute: pulumi.Output<string | undefined>;

IdP user profile attribute name (case-insensitive) for an array value that contains group memberships.

property groupsFilters

public groupsFilters: pulumi.Output<string[] | undefined>;

Whitelist of Okta Group identifiers that are allowed for the "APPEND" or "SYNC" groupsAction.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property issuer

public issuer: pulumi.Output<string>;

URI that identifies the issuer.

property issuerMode

public issuerMode: pulumi.Output<string | undefined>;

Indicates whether Okta uses the original Okta org domain URL, or a custom domain URL. It can be "ORG_URL" or "CUSTOM_URL".

property kid

public kid: pulumi.Output<string>;

The ID of the signing key.

property name

public name: pulumi.Output<string>;

The Application’s display name.

property nameFormat

public nameFormat: pulumi.Output<string | undefined>;

The name identifier format to use. By default "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified".

property profileMaster

public profileMaster: pulumi.Output<boolean | undefined>;

Determines if the IdP should act as a source of truth for user profile attributes.

property provisioningAction

public provisioningAction: pulumi.Output<string | undefined>;

Provisioning action for an IdP user during authentication.

property requestSignatureAlgorithm

public requestSignatureAlgorithm: pulumi.Output<string | undefined>;

The XML digital signature algorithm used when signing an AuthnRequest message.

property requestSignatureScope

public requestSignatureScope: pulumi.Output<string | undefined>;

Specifies whether or not to digitally sign an AuthnRequest messages to the IdP. It can be "REQUEST" or "NONE".

property responseSignatureAlgorithm

public responseSignatureAlgorithm: pulumi.Output<string | undefined>;

The minimum XML digital signature algorithm allowed when verifying a SAMLResponse message or Assertion element.

property responseSignatureScope

public responseSignatureScope: pulumi.Output<string | undefined>;

Specifies whether to verify a SAMLResponse message or Assertion element XML digital signature. It can be "RESPONSE", "ASSERTION", or "ANY".

property ssoBinding

public ssoBinding: pulumi.Output<string | undefined>;

The method of making an SSO request. It can be set to "HTTP-POST" or "HTTP-REDIRECT".

property ssoDestination

public ssoDestination: pulumi.Output<string | undefined>;

URI reference indicating the address to which the AuthnRequest message is sent.

property ssoUrl

public ssoUrl: pulumi.Output<string>;

URL of binding-specific endpoint to send an AuthnRequest message to IdP.

property status

public status: pulumi.Output<string | undefined>;

Status of the IdP.

property subjectFilter

public subjectFilter: pulumi.Output<string | undefined>;

Optional regular expression pattern used to filter untrusted IdP usernames.

property subjectFormats

public subjectFormats: pulumi.Output<string[] | undefined>;

The name formate. By default "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified".

property subjectMatchAttribute

public subjectMatchAttribute: pulumi.Output<string | undefined>;

Okta user profile attribute for matching transformed IdP username. Only for matchType "CUSTOM_ATTRIBUTE".

property subjectMatchType

public subjectMatchType: pulumi.Output<string | undefined>;

property suspendedAction

public suspendedAction: pulumi.Output<string | undefined>;

Action for a previously suspended IdP user during authentication. Can be set to "NONE" or "UNSUSPEND"

property type

public type: pulumi.Output<string>;

Type of the IdP.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property usernameTemplate

public usernameTemplate: pulumi.Output<string | undefined>;

Okta EL Expression to generate or transform a unique username for the IdP user.

Resource SamlKey

class SamlKey extends CustomResource

Creates a SAML Identity Provider Signing Key.

This resource allows you to create and configure a SAML Identity Provider Signing Key.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as okta from "@pulumi/okta";

const example = new okta.idp.SamlKey("example", {
    x5cs: [okta_app_saml_example.certificate],
});

constructor

new SamlKey(name: string, args: SamlKeyArgs, opts?: pulumi.CustomResourceOptions)

Create a SamlKey resource with the given unique name, arguments, and options.

name The unique name of the resource.
args The arguments to use to populate this resource's properties.
opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: SamlKeyState, opts?: pulumi.CustomResourceOptions): SamlKey

Get an existing SamlKey resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is SamlKey

Returns true if the given object is an instance of SamlKey. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property created

public created: pulumi.Output<string>;

Date created.

property expiresAt

public expiresAt: pulumi.Output<string>;

Date the cert expires.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property kid

public kid: pulumi.Output<string>;

Key ID.

property kty

public kty: pulumi.Output<string>;

Identifies the cryptographic algorithm family used with the key.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property use

public use: pulumi.Output<string>;

Intended use of the public key.

property x5cs

public x5cs: pulumi.Output<string[]>;

base64-encoded X.509 certificate chain with DER encoding.

property x5tS256

public x5tS256: pulumi.Output<string>;

base64url-encoded SHA-256 thumbprint of the DER encoding of an X.509 certificate.

class Social extends CustomResource

Creates an Social Identity Provider.

This resource allows you to create and configure an Social Identity Provider.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as okta from "@pulumi/okta";

const example = new okta.idp.Social("example", {
    clientId: "abcd123",
    clientSecret: "abcd123",
    matchAttribute: "customfieldId",
    matchType: "CUSTOM_ATTRIBUTE",
    protocolType: "OAUTH2",
    scopes: [
        "publicProfile",
        "email",
    ],
    type: "FACEBOOK",
    usernameTemplate: "idpuser.email",
});

new Social(name: string, args: SocialArgs, opts?: pulumi.CustomResourceOptions)

Create a Social resource with the given unique name, arguments, and options.

name The unique name of the resource.
args The arguments to use to populate this resource's properties.
opts A bag of options that control this resource's behavior.

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: SocialState, opts?: pulumi.CustomResourceOptions): Social

Get an existing Social resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

getProvider(moduleMember: string): ProviderResource | undefined

public static isInstance(obj: any): obj is Social

Returns true if the given object is an instance of Social. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

public accountLinkAction: pulumi.Output<string | undefined>;

Specifies the account linking action for an IdP user.

public accountLinkGroupIncludes: pulumi.Output<string[] | undefined>;

Group memberships to determine link candidates.

public authorizationBinding: pulumi.Output<string>;

The method of making an authorization request. It can be set to "HTTP-POST" or "HTTP-REDIRECT".

public authorizationUrl: pulumi.Output<string>;

IdP Authorization Server (AS) endpoint to request consent from the user and obtain an authorization code grant.

public clientId: pulumi.Output<string | undefined>;

Unique identifier issued by AS for the Okta IdP instance.

public clientSecret: pulumi.Output<string | undefined>;

Client secret issued by AS for the Okta IdP instance.

public deprovisionedAction: pulumi.Output<string | undefined>;

Action for a previously deprovisioned IdP user during authentication. Can be "NONE" or "REACTIVATE".

public groupsAction: pulumi.Output<string | undefined>;

Provisioning action for IdP user’s group memberships. It can be "NONE", "SYNC", "APPEND", or "ASSIGN".

public groupsAssignments: pulumi.Output<string[] | undefined>;

List of Okta Group IDs to add an IdP user as a member with the "ASSIGN" groupsAction.

public groupsAttribute: pulumi.Output<string | undefined>;

IdP user profile attribute name (case-insensitive) for an array value that contains group memberships.

public groupsFilters: pulumi.Output<string[] | undefined>;

Whitelist of Okta Group identifiers that are allowed for the "APPEND" or "SYNC" groupsAction.

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

public issuerMode: pulumi.Output<string | undefined>;

Indicates whether Okta uses the original Okta org domain URL, or a custom domain URL. It can be "ORG_URL" or "CUSTOM_URL".

public matchAttribute: pulumi.Output<string | undefined>;

public matchType: pulumi.Output<string | undefined>;

public maxClockSkew: pulumi.Output<number | undefined>;

Maximum allowable clock-skew when processing messages from the IdP.

public name: pulumi.Output<string>;

The Application’s display name.

public profileMaster: pulumi.Output<boolean | undefined>;

Determines if the IdP should act as a source of truth for user profile attributes.

public protocolType: pulumi.Output<string | undefined>;

The type of protocol to use. It can be "OIDC" or "OAUTH2".

public provisioningAction: pulumi.Output<string | undefined>;

Provisioning action for an IdP user during authentication.

public requestSignatureAlgorithm: pulumi.Output<string | undefined>;

The XML digital signature algorithm used when signing an AuthnRequest message.

public requestSignatureScope: pulumi.Output<string | undefined>;

Specifies whether or not to digitally sign an AuthnRequest messages to the IdP. It can be "REQUEST" or "NONE".

public responseSignatureAlgorithm: pulumi.Output<string | undefined>;

The minimum XML digital signature algorithm allowed when verifying a SAMLResponse message or Assertion element.

public responseSignatureScope: pulumi.Output<string | undefined>;

Specifies whether to verify a SAMLResponse message or Assertion element XML digital signature. It can be "RESPONSE", "ASSERTION", or "ANY".

public scopes: pulumi.Output<string[]>;

The scopes of the IdP.

public status: pulumi.Output<string | undefined>;

Status of the IdP.

public subjectMatchAttribute: pulumi.Output<string | undefined>;

Okta user profile attribute for matching transformed IdP username. Only for matchType "CUSTOM_ATTRIBUTE".

public subjectMatchType: pulumi.Output<string | undefined>;

public suspendedAction: pulumi.Output<string | undefined>;

Action for a previously suspended IdP user during authentication. Can be set to "NONE" or "UNSUSPEND"

public tokenBinding: pulumi.Output<string>;

The method of making a token request. It can be set to "HTTP-POST" or "HTTP-REDIRECT".

public tokenUrl: pulumi.Output<string>;

IdP Authorization Server (AS) endpoint to exchange the authorization code grant for an access token.

public type: pulumi.Output<string>;

The type of Social IdP. It can be "FACEBOOK", "LINKEDIN", "MICROSOFT", or "GOOGLE".

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

public usernameTemplate: pulumi.Output<string | undefined>;

Okta EL Expression to generate or transform a unique username for the IdP user.

Functions

Function getMetadataSaml

getMetadataSaml(args?: GetMetadataSamlArgs, opts?: pulumi.InvokeOptions): Promise<GetMetadataSamlResult>

Use this data source to retrieve SAML IdP metadata from Okta.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as okta from "@pulumi/okta";

const example = pulumi.output(okta.idp.getMetadataSaml({
    id: "<idp id>",
}, { async: true }));

Function getSaml

getSaml(args?: GetSamlArgs, opts?: pulumi.InvokeOptions): Promise<GetSamlResult>

Use this data source to retrieve a SAML IdP from Okta.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as okta from "@pulumi/okta";

const example = pulumi.output(okta.idp.getSaml({
    label: "Example App",
}, { async: true }));

Others

interface GetMetadataSamlArgs

interface GetMetadataSamlArgs

A collection of arguments for invoking getMetadataSaml.

property idpId

idpId?: undefined | string;

The id of the IdP to retrieve metadata for.

interface GetMetadataSamlResult

interface GetMetadataSamlResult

A collection of values returned by getMetadataSaml.

property assertionsSigned

assertionsSigned: boolean;

whether assertions are signed.

property authnRequestSigned

authnRequestSigned: boolean;

whether authn requests are signed.

property encryptionCertificate

encryptionCertificate: string;

SAML request encryption certificate.

property entityId

entityId: string;

Entity URL for instance https://www.okta.com/saml2/service-provider/sposcfdmlybtwkdcgtuf.

property httpPostBinding

httpPostBinding: string;

urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Post location from the SAML metadata.

property httpRedirectBinding

httpRedirectBinding: string;

urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect location from the SAML metadata.

property id

id: string;

The provider-assigned unique ID for this managed resource.

property idpId

idpId?: undefined | string;

property metadata

metadata: string;

raw IdP metadata.

property signingCertificate

signingCertificate: string;

SAML request signing certificate.

interface GetSamlArgs

interface GetSamlArgs

A collection of arguments for invoking getSaml.

property id

id?: undefined | string;

The id of the idp to retrieve, conflicts with name.

property name

name?: undefined | string;

The name of the idp to retrieve, conflicts with id.

interface GetSamlResult

interface GetSamlResult

A collection of values returned by getSaml.

property acsBinding

acsBinding: string;

HTTP binding used to receive a SAMLResponse message from the IdP.

property acsType

acsType: string;

Determines whether to publish an instance-specific (trust) or organization (shared) ACS endpoint in the SAML metadata.

property audience

audience: string;

URI that identifies the target Okta IdP instance (SP)

property id

id?: undefined | string;

id of idp.

property issuer

issuer: string;

URI that identifies the issuer (IdP).

property issuerMode

issuerMode: string;

indicates whether Okta uses the original Okta org domain URL, or a custom domain URL in the request to the IdP.

property kid

kid: string;

Key ID reference to the IdP’s X.509 signature certificate.

property name

name?: undefined | string;

name of the idp.

property ssoBinding

ssoBinding: string;

single sign on binding.

property ssoDestination

ssoDestination: string;

SSO request binding, HTTP-POST or HTTP-REDIRECT.

property ssoUrl

ssoUrl: string;

single sign on url.

property subjectFilter

subjectFilter: string;

regular expression pattern used to filter untrusted IdP usernames.

property subjectFormats

subjectFormats: string[];

Expression to generate or transform a unique username for the IdP user.

property type

type: string;

type of idp.

interface OidcArgs

interface OidcArgs

The set of arguments for constructing a Oidc resource.

property accountLinkAction

accountLinkAction?: pulumi.Input<string>;

Specifies the account linking action for an IdP user.

property accountLinkGroupIncludes

accountLinkGroupIncludes?: pulumi.Input<pulumi.Input<string>[]>;

Group memberships to determine link candidates.

property acsBinding

acsBinding: pulumi.Input<string>;

The method of making an ACS request. It can be set to "HTTP-POST" or "HTTP-REDIRECT".

property acsType

acsType?: pulumi.Input<string>;

The type of ACS. Default is "INSTANCE".

property authorizationBinding

authorizationBinding: pulumi.Input<string>;

The method of making an authorization request. It can be set to "HTTP-POST" or "HTTP-REDIRECT".

property authorizationUrl

authorizationUrl: pulumi.Input<string>;

IdP Authorization Server (AS) endpoint to request consent from the user and obtain an authorization code grant.

property clientId

clientId: pulumi.Input<string>;

Unique identifier issued by AS for the Okta IdP instance.

property clientSecret

clientSecret: pulumi.Input<string>;

Client secret issued by AS for the Okta IdP instance.

property deprovisionedAction

deprovisionedAction?: pulumi.Input<string>;

Action for a previously deprovisioned IdP user during authentication. Can be "NONE" or "REACTIVATE".

property groupsAction

groupsAction?: pulumi.Input<string>;

Provisioning action for IdP user’s group memberships. It can be "NONE", "SYNC", "APPEND", or "ASSIGN".

property groupsAssignments

groupsAssignments?: pulumi.Input<pulumi.Input<string>[]>;

List of Okta Group IDs to add an IdP user as a member with the "ASSIGN" groupsAction.

property groupsAttribute

groupsAttribute?: pulumi.Input<string>;

IdP user profile attribute name (case-insensitive) for an array value that contains group memberships.

property groupsFilters

groupsFilters?: pulumi.Input<pulumi.Input<string>[]>;

Whitelist of Okta Group identifiers that are allowed for the "APPEND" or "SYNC" groupsAction.

property issuerMode

issuerMode?: pulumi.Input<string>;

Indicates whether Okta uses the original Okta org domain URL, or a custom domain URL. It can be "ORG_URL" or "CUSTOM_URL".

property issuerUrl

issuerUrl: pulumi.Input<string>;

URI that identifies the issuer.

property jwksBinding

jwksBinding: pulumi.Input<string>;

The method of making a request for the OIDC JWKS. It can be set to "HTTP-POST" or "HTTP-REDIRECT".

property jwksUrl

jwksUrl: pulumi.Input<string>;

Endpoint where the signer of the keys publishes its keys in a JWK Set.

property maxClockSkew

maxClockSkew?: pulumi.Input<number>;

Maximum allowable clock-skew when processing messages from the IdP.

property name

name?: pulumi.Input<string>;

The Application’s display name.

property profileMaster

profileMaster?: pulumi.Input<boolean>;

Determines if the IdP should act as a source of truth for user profile attributes.

property protocolType

protocolType?: pulumi.Input<string>;

The type of protocol to use. It can be "OIDC" or "OAUTH2".

property provisioningAction

provisioningAction?: pulumi.Input<string>;

Provisioning action for an IdP user during authentication.

property requestSignatureAlgorithm

requestSignatureAlgorithm?: pulumi.Input<string>;

algorithm to use to sign requests

property requestSignatureScope

requestSignatureScope?: pulumi.Input<string>;

algorithm to use to sign response

property responseSignatureAlgorithm

responseSignatureAlgorithm?: pulumi.Input<string>;

algorithm to use to sign requests

property responseSignatureScope

responseSignatureScope?: pulumi.Input<string>;

algorithm to use to sign response

property scopes

scopes: pulumi.Input<pulumi.Input<string>[]>;

The scopes of the IdP.

property status

status?: pulumi.Input<string>;

Status of the IdP.

property subjectMatchAttribute

subjectMatchAttribute?: pulumi.Input<string>;

Okta user profile attribute for matching transformed IdP username. Only for matchType "CUSTOM_ATTRIBUTE".

property subjectMatchType

subjectMatchType?: pulumi.Input<string>;

property suspendedAction

suspendedAction?: pulumi.Input<string>;

Action for a previously suspended IdP user during authentication. Can be set to "NONE" or "UNSUSPEND"

property tokenBinding

tokenBinding: pulumi.Input<string>;

The method of making a token request. It can be set to "HTTP-POST" or "HTTP-REDIRECT".

property tokenUrl

tokenUrl: pulumi.Input<string>;

IdP Authorization Server (AS) endpoint to exchange the authorization code grant for an access token.

property userInfoBinding

userInfoBinding?: pulumi.Input<string>;

property userInfoUrl

userInfoUrl?: pulumi.Input<string>;

Protected resource endpoint that returns claims about the authenticated user.

property usernameTemplate

usernameTemplate?: pulumi.Input<string>;

Okta EL Expression to generate or transform a unique username for the IdP user.

interface OidcState

interface OidcState

Input properties used for looking up and filtering Oidc resources.

property accountLinkAction

accountLinkAction?: pulumi.Input<string>;

Specifies the account linking action for an IdP user.

property accountLinkGroupIncludes

accountLinkGroupIncludes?: pulumi.Input<pulumi.Input<string>[]>;

Group memberships to determine link candidates.

property acsBinding

acsBinding?: pulumi.Input<string>;

The method of making an ACS request. It can be set to "HTTP-POST" or "HTTP-REDIRECT".

property acsType

acsType?: pulumi.Input<string>;

The type of ACS. Default is "INSTANCE".

property authorizationBinding

authorizationBinding?: pulumi.Input<string>;

The method of making an authorization request. It can be set to "HTTP-POST" or "HTTP-REDIRECT".

property authorizationUrl

authorizationUrl?: pulumi.Input<string>;

IdP Authorization Server (AS) endpoint to request consent from the user and obtain an authorization code grant.

property clientId

clientId?: pulumi.Input<string>;

Unique identifier issued by AS for the Okta IdP instance.

property clientSecret

clientSecret?: pulumi.Input<string>;

Client secret issued by AS for the Okta IdP instance.

property deprovisionedAction

deprovisionedAction?: pulumi.Input<string>;

Action for a previously deprovisioned IdP user during authentication. Can be "NONE" or "REACTIVATE".

property groupsAction

groupsAction?: pulumi.Input<string>;

Provisioning action for IdP user’s group memberships. It can be "NONE", "SYNC", "APPEND", or "ASSIGN".

property groupsAssignments

groupsAssignments?: pulumi.Input<pulumi.Input<string>[]>;

List of Okta Group IDs to add an IdP user as a member with the "ASSIGN" groupsAction.

property groupsAttribute

groupsAttribute?: pulumi.Input<string>;

IdP user profile attribute name (case-insensitive) for an array value that contains group memberships.

property groupsFilters

groupsFilters?: pulumi.Input<pulumi.Input<string>[]>;

Whitelist of Okta Group identifiers that are allowed for the "APPEND" or "SYNC" groupsAction.

property issuerMode

issuerMode?: pulumi.Input<string>;

Indicates whether Okta uses the original Okta org domain URL, or a custom domain URL. It can be "ORG_URL" or "CUSTOM_URL".

property issuerUrl

issuerUrl?: pulumi.Input<string>;

URI that identifies the issuer.

property jwksBinding

jwksBinding?: pulumi.Input<string>;

The method of making a request for the OIDC JWKS. It can be set to "HTTP-POST" or "HTTP-REDIRECT".

property jwksUrl

jwksUrl?: pulumi.Input<string>;

Endpoint where the signer of the keys publishes its keys in a JWK Set.

property maxClockSkew

maxClockSkew?: pulumi.Input<number>;

Maximum allowable clock-skew when processing messages from the IdP.

property name

name?: pulumi.Input<string>;

The Application’s display name.

property profileMaster

profileMaster?: pulumi.Input<boolean>;

Determines if the IdP should act as a source of truth for user profile attributes.

property protocolType

protocolType?: pulumi.Input<string>;

The type of protocol to use. It can be "OIDC" or "OAUTH2".

property provisioningAction

provisioningAction?: pulumi.Input<string>;

Provisioning action for an IdP user during authentication.

property requestSignatureAlgorithm

requestSignatureAlgorithm?: pulumi.Input<string>;

algorithm to use to sign requests

property requestSignatureScope

requestSignatureScope?: pulumi.Input<string>;

algorithm to use to sign response

property responseSignatureAlgorithm

responseSignatureAlgorithm?: pulumi.Input<string>;

algorithm to use to sign requests

property responseSignatureScope

responseSignatureScope?: pulumi.Input<string>;

algorithm to use to sign response

property scopes

scopes?: pulumi.Input<pulumi.Input<string>[]>;

The scopes of the IdP.

property status

status?: pulumi.Input<string>;

Status of the IdP.

property subjectMatchAttribute

subjectMatchAttribute?: pulumi.Input<string>;

Okta user profile attribute for matching transformed IdP username. Only for matchType "CUSTOM_ATTRIBUTE".

property subjectMatchType

subjectMatchType?: pulumi.Input<string>;

property suspendedAction

suspendedAction?: pulumi.Input<string>;

Action for a previously suspended IdP user during authentication. Can be set to "NONE" or "UNSUSPEND"

property tokenBinding

tokenBinding?: pulumi.Input<string>;

The method of making a token request. It can be set to "HTTP-POST" or "HTTP-REDIRECT".

property tokenUrl

tokenUrl?: pulumi.Input<string>;

IdP Authorization Server (AS) endpoint to exchange the authorization code grant for an access token.

property type

type?: pulumi.Input<string>;

Type of OIDC IdP.

property userInfoBinding

userInfoBinding?: pulumi.Input<string>;

property userInfoUrl

userInfoUrl?: pulumi.Input<string>;

Protected resource endpoint that returns claims about the authenticated user.

property usernameTemplate

usernameTemplate?: pulumi.Input<string>;

Okta EL Expression to generate or transform a unique username for the IdP user.

interface SamlArgs

interface SamlArgs

The set of arguments for constructing a Saml resource.

property accountLinkAction

accountLinkAction?: pulumi.Input<string>;

Specifies the account linking action for an IdP user.

property accountLinkGroupIncludes

accountLinkGroupIncludes?: pulumi.Input<pulumi.Input<string>[]>;

Group memberships to determine link candidates.

property acsBinding

acsBinding: pulumi.Input<string>;

The method of making an ACS request. It can be set to "HTTP-POST" or "HTTP-REDIRECT".

property acsType

acsType?: pulumi.Input<string>;

The type of ACS. It can be "INSTANCE" or "ORG".

property deprovisionedAction

deprovisionedAction?: pulumi.Input<string>;

Action for a previously deprovisioned IdP user during authentication. Can be "NONE" or "REACTIVATE".

property groupsAction

groupsAction?: pulumi.Input<string>;

Provisioning action for IdP user’s group memberships. It can be "NONE", "SYNC", "APPEND", or "ASSIGN".

property groupsAssignments

groupsAssignments?: pulumi.Input<pulumi.Input<string>[]>;

List of Okta Group IDs to add an IdP user as a member with the "ASSIGN" groupsAction.

property groupsAttribute

groupsAttribute?: pulumi.Input<string>;

IdP user profile attribute name (case-insensitive) for an array value that contains group memberships.

property groupsFilters

groupsFilters?: pulumi.Input<pulumi.Input<string>[]>;

Whitelist of Okta Group identifiers that are allowed for the "APPEND" or "SYNC" groupsAction.

property issuer

issuer: pulumi.Input<string>;

URI that identifies the issuer.

property issuerMode

issuerMode?: pulumi.Input<string>;

Indicates whether Okta uses the original Okta org domain URL, or a custom domain URL. It can be "ORG_URL" or "CUSTOM_URL".

property kid

kid: pulumi.Input<string>;

The ID of the signing key.

property name

name?: pulumi.Input<string>;

The Application’s display name.

property nameFormat

nameFormat?: pulumi.Input<string>;

The name identifier format to use. By default "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified".

property profileMaster

profileMaster?: pulumi.Input<boolean>;

Determines if the IdP should act as a source of truth for user profile attributes.

property provisioningAction

provisioningAction?: pulumi.Input<string>;

Provisioning action for an IdP user during authentication.

property requestSignatureAlgorithm

requestSignatureAlgorithm?: pulumi.Input<string>;

The XML digital signature algorithm used when signing an AuthnRequest message.

property requestSignatureScope

requestSignatureScope?: pulumi.Input<string>;

Specifies whether or not to digitally sign an AuthnRequest messages to the IdP. It can be "REQUEST" or "NONE".

property responseSignatureAlgorithm

responseSignatureAlgorithm?: pulumi.Input<string>;

The minimum XML digital signature algorithm allowed when verifying a SAMLResponse message or Assertion element.

property responseSignatureScope

responseSignatureScope?: pulumi.Input<string>;

Specifies whether to verify a SAMLResponse message or Assertion element XML digital signature. It can be "RESPONSE", "ASSERTION", or "ANY".

property ssoBinding

ssoBinding?: pulumi.Input<string>;

The method of making an SSO request. It can be set to "HTTP-POST" or "HTTP-REDIRECT".

property ssoDestination

ssoDestination?: pulumi.Input<string>;

URI reference indicating the address to which the AuthnRequest message is sent.

property ssoUrl

ssoUrl: pulumi.Input<string>;

URL of binding-specific endpoint to send an AuthnRequest message to IdP.

property status

status?: pulumi.Input<string>;

Status of the IdP.

property subjectFilter

subjectFilter?: pulumi.Input<string>;

Optional regular expression pattern used to filter untrusted IdP usernames.

property subjectFormats

subjectFormats?: pulumi.Input<pulumi.Input<string>[]>;

The name formate. By default "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified".

property subjectMatchAttribute

subjectMatchAttribute?: pulumi.Input<string>;

Okta user profile attribute for matching transformed IdP username. Only for matchType "CUSTOM_ATTRIBUTE".

property subjectMatchType

subjectMatchType?: pulumi.Input<string>;

property suspendedAction

suspendedAction?: pulumi.Input<string>;

Action for a previously suspended IdP user during authentication. Can be set to "NONE" or "UNSUSPEND"

property usernameTemplate

usernameTemplate?: pulumi.Input<string>;

Okta EL Expression to generate or transform a unique username for the IdP user.

interface SamlKeyArgs

interface SamlKeyArgs

The set of arguments for constructing a SamlKey resource.

property x5cs

x5cs: pulumi.Input<pulumi.Input<string>[]>;

base64-encoded X.509 certificate chain with DER encoding.

interface SamlKeyState

interface SamlKeyState

Input properties used for looking up and filtering SamlKey resources.

property created

created?: pulumi.Input<string>;

Date created.

property expiresAt

expiresAt?: pulumi.Input<string>;

Date the cert expires.

property kid

kid?: pulumi.Input<string>;

Key ID.

property kty

kty?: pulumi.Input<string>;

Identifies the cryptographic algorithm family used with the key.

property use

use?: pulumi.Input<string>;

Intended use of the public key.

property x5cs

x5cs?: pulumi.Input<pulumi.Input<string>[]>;

base64-encoded X.509 certificate chain with DER encoding.

property x5tS256

x5tS256?: pulumi.Input<string>;

base64url-encoded SHA-256 thumbprint of the DER encoding of an X.509 certificate.

interface SamlState

interface SamlState

Input properties used for looking up and filtering Saml resources.

property accountLinkAction

accountLinkAction?: pulumi.Input<string>;

Specifies the account linking action for an IdP user.

property accountLinkGroupIncludes

accountLinkGroupIncludes?: pulumi.Input<pulumi.Input<string>[]>;

Group memberships to determine link candidates.

property acsBinding

acsBinding?: pulumi.Input<string>;

The method of making an ACS request. It can be set to "HTTP-POST" or "HTTP-REDIRECT".

property acsType

acsType?: pulumi.Input<string>;

The type of ACS. It can be "INSTANCE" or "ORG".

property audience

audience?: pulumi.Input<string>;

The audience restriction for the IdP.

property deprovisionedAction

deprovisionedAction?: pulumi.Input<string>;

Action for a previously deprovisioned IdP user during authentication. Can be "NONE" or "REACTIVATE".

property groupsAction

groupsAction?: pulumi.Input<string>;

Provisioning action for IdP user’s group memberships. It can be "NONE", "SYNC", "APPEND", or "ASSIGN".

property groupsAssignments

groupsAssignments?: pulumi.Input<pulumi.Input<string>[]>;

List of Okta Group IDs to add an IdP user as a member with the "ASSIGN" groupsAction.

property groupsAttribute

groupsAttribute?: pulumi.Input<string>;

IdP user profile attribute name (case-insensitive) for an array value that contains group memberships.

property groupsFilters

groupsFilters?: pulumi.Input<pulumi.Input<string>[]>;

Whitelist of Okta Group identifiers that are allowed for the "APPEND" or "SYNC" groupsAction.

property issuer

issuer?: pulumi.Input<string>;

URI that identifies the issuer.

property issuerMode

issuerMode?: pulumi.Input<string>;

Indicates whether Okta uses the original Okta org domain URL, or a custom domain URL. It can be "ORG_URL" or "CUSTOM_URL".

property kid

kid?: pulumi.Input<string>;

The ID of the signing key.

property name

name?: pulumi.Input<string>;

The Application’s display name.

property nameFormat

nameFormat?: pulumi.Input<string>;

The name identifier format to use. By default "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified".

property profileMaster

profileMaster?: pulumi.Input<boolean>;

Determines if the IdP should act as a source of truth for user profile attributes.

property provisioningAction

provisioningAction?: pulumi.Input<string>;

Provisioning action for an IdP user during authentication.

property requestSignatureAlgorithm

requestSignatureAlgorithm?: pulumi.Input<string>;

The XML digital signature algorithm used when signing an AuthnRequest message.

property requestSignatureScope

requestSignatureScope?: pulumi.Input<string>;

Specifies whether or not to digitally sign an AuthnRequest messages to the IdP. It can be "REQUEST" or "NONE".

property responseSignatureAlgorithm

responseSignatureAlgorithm?: pulumi.Input<string>;

The minimum XML digital signature algorithm allowed when verifying a SAMLResponse message or Assertion element.

property responseSignatureScope

responseSignatureScope?: pulumi.Input<string>;

Specifies whether to verify a SAMLResponse message or Assertion element XML digital signature. It can be "RESPONSE", "ASSERTION", or "ANY".

property ssoBinding

ssoBinding?: pulumi.Input<string>;

The method of making an SSO request. It can be set to "HTTP-POST" or "HTTP-REDIRECT".

property ssoDestination

ssoDestination?: pulumi.Input<string>;

URI reference indicating the address to which the AuthnRequest message is sent.

property ssoUrl

ssoUrl?: pulumi.Input<string>;

URL of binding-specific endpoint to send an AuthnRequest message to IdP.

property status

status?: pulumi.Input<string>;

Status of the IdP.

property subjectFilter

subjectFilter?: pulumi.Input<string>;

Optional regular expression pattern used to filter untrusted IdP usernames.

property subjectFormats

subjectFormats?: pulumi.Input<pulumi.Input<string>[]>;

The name formate. By default "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified".

property subjectMatchAttribute

subjectMatchAttribute?: pulumi.Input<string>;

Okta user profile attribute for matching transformed IdP username. Only for matchType "CUSTOM_ATTRIBUTE".

property subjectMatchType

subjectMatchType?: pulumi.Input<string>;

property suspendedAction

suspendedAction?: pulumi.Input<string>;

Action for a previously suspended IdP user during authentication. Can be set to "NONE" or "UNSUSPEND"

property type

type?: pulumi.Input<string>;

Type of the IdP.

property usernameTemplate

usernameTemplate?: pulumi.Input<string>;

Okta EL Expression to generate or transform a unique username for the IdP user.

interface SocialArgs

interface SocialArgs

The set of arguments for constructing a Social resource.

property accountLinkAction

accountLinkAction?: pulumi.Input<string>;

Specifies the account linking action for an IdP user.

property accountLinkGroupIncludes

accountLinkGroupIncludes?: pulumi.Input<pulumi.Input<string>[]>;

Group memberships to determine link candidates.

property clientId

clientId?: pulumi.Input<string>;

Unique identifier issued by AS for the Okta IdP instance.

property clientSecret

clientSecret?: pulumi.Input<string>;

Client secret issued by AS for the Okta IdP instance.

property deprovisionedAction

deprovisionedAction?: pulumi.Input<string>;

Action for a previously deprovisioned IdP user during authentication. Can be "NONE" or "REACTIVATE".

property groupsAction

groupsAction?: pulumi.Input<string>;

Provisioning action for IdP user’s group memberships. It can be "NONE", "SYNC", "APPEND", or "ASSIGN".

property groupsAssignments

groupsAssignments?: pulumi.Input<pulumi.Input<string>[]>;

List of Okta Group IDs to add an IdP user as a member with the "ASSIGN" groupsAction.

property groupsAttribute

groupsAttribute?: pulumi.Input<string>;

IdP user profile attribute name (case-insensitive) for an array value that contains group memberships.

property groupsFilters

groupsFilters?: pulumi.Input<pulumi.Input<string>[]>;

Whitelist of Okta Group identifiers that are allowed for the "APPEND" or "SYNC" groupsAction.

property issuerMode

issuerMode?: pulumi.Input<string>;

Indicates whether Okta uses the original Okta org domain URL, or a custom domain URL. It can be "ORG_URL" or "CUSTOM_URL".

property matchAttribute

matchAttribute?: pulumi.Input<string>;

property matchType

matchType?: pulumi.Input<string>;

property maxClockSkew

maxClockSkew?: pulumi.Input<number>;

Maximum allowable clock-skew when processing messages from the IdP.

property name

name?: pulumi.Input<string>;

The Application’s display name.

property profileMaster

profileMaster?: pulumi.Input<boolean>;

Determines if the IdP should act as a source of truth for user profile attributes.

property protocolType

protocolType?: pulumi.Input<string>;

The type of protocol to use. It can be "OIDC" or "OAUTH2".

property provisioningAction

provisioningAction?: pulumi.Input<string>;

Provisioning action for an IdP user during authentication.

property requestSignatureAlgorithm

requestSignatureAlgorithm?: pulumi.Input<string>;

The XML digital signature algorithm used when signing an AuthnRequest message.

property requestSignatureScope

requestSignatureScope?: pulumi.Input<string>;

Specifies whether or not to digitally sign an AuthnRequest messages to the IdP. It can be "REQUEST" or "NONE".

property responseSignatureAlgorithm

responseSignatureAlgorithm?: pulumi.Input<string>;

The minimum XML digital signature algorithm allowed when verifying a SAMLResponse message or Assertion element.

property responseSignatureScope

responseSignatureScope?: pulumi.Input<string>;

Specifies whether to verify a SAMLResponse message or Assertion element XML digital signature. It can be "RESPONSE", "ASSERTION", or "ANY".

property scopes

scopes: pulumi.Input<pulumi.Input<string>[]>;

The scopes of the IdP.

property status

status?: pulumi.Input<string>;

Status of the IdP.

property subjectMatchAttribute

subjectMatchAttribute?: pulumi.Input<string>;

Okta user profile attribute for matching transformed IdP username. Only for matchType "CUSTOM_ATTRIBUTE".

property subjectMatchType

subjectMatchType?: pulumi.Input<string>;

property suspendedAction

suspendedAction?: pulumi.Input<string>;

Action for a previously suspended IdP user during authentication. Can be set to "NONE" or "UNSUSPEND"

property type

type: pulumi.Input<string>;

The type of Social IdP. It can be "FACEBOOK", "LINKEDIN", "MICROSOFT", or "GOOGLE".

property usernameTemplate

usernameTemplate?: pulumi.Input<string>;

Okta EL Expression to generate or transform a unique username for the IdP user.

interface SocialState

interface SocialState

Input properties used for looking up and filtering Social resources.

property accountLinkAction

accountLinkAction?: pulumi.Input<string>;

Specifies the account linking action for an IdP user.

property accountLinkGroupIncludes

accountLinkGroupIncludes?: pulumi.Input<pulumi.Input<string>[]>;

Group memberships to determine link candidates.

property authorizationBinding

authorizationBinding?: pulumi.Input<string>;

The method of making an authorization request. It can be set to "HTTP-POST" or "HTTP-REDIRECT".

property authorizationUrl

authorizationUrl?: pulumi.Input<string>;

IdP Authorization Server (AS) endpoint to request consent from the user and obtain an authorization code grant.

property clientId

clientId?: pulumi.Input<string>;

Unique identifier issued by AS for the Okta IdP instance.

property clientSecret

clientSecret?: pulumi.Input<string>;

Client secret issued by AS for the Okta IdP instance.

property deprovisionedAction

deprovisionedAction?: pulumi.Input<string>;

Action for a previously deprovisioned IdP user during authentication. Can be "NONE" or "REACTIVATE".

property groupsAction

groupsAction?: pulumi.Input<string>;

Provisioning action for IdP user’s group memberships. It can be "NONE", "SYNC", "APPEND", or "ASSIGN".

property groupsAssignments

groupsAssignments?: pulumi.Input<pulumi.Input<string>[]>;

List of Okta Group IDs to add an IdP user as a member with the "ASSIGN" groupsAction.

property groupsAttribute

groupsAttribute?: pulumi.Input<string>;

IdP user profile attribute name (case-insensitive) for an array value that contains group memberships.

property groupsFilters

groupsFilters?: pulumi.Input<pulumi.Input<string>[]>;

Whitelist of Okta Group identifiers that are allowed for the "APPEND" or "SYNC" groupsAction.

property issuerMode

issuerMode?: pulumi.Input<string>;

Indicates whether Okta uses the original Okta org domain URL, or a custom domain URL. It can be "ORG_URL" or "CUSTOM_URL".

property matchAttribute

matchAttribute?: pulumi.Input<string>;

property matchType

matchType?: pulumi.Input<string>;

property maxClockSkew

maxClockSkew?: pulumi.Input<number>;

Maximum allowable clock-skew when processing messages from the IdP.

property name

name?: pulumi.Input<string>;

The Application’s display name.

property profileMaster

profileMaster?: pulumi.Input<boolean>;

Determines if the IdP should act as a source of truth for user profile attributes.

property protocolType

protocolType?: pulumi.Input<string>;

The type of protocol to use. It can be "OIDC" or "OAUTH2".

property provisioningAction

provisioningAction?: pulumi.Input<string>;

Provisioning action for an IdP user during authentication.

property requestSignatureAlgorithm

requestSignatureAlgorithm?: pulumi.Input<string>;

The XML digital signature algorithm used when signing an AuthnRequest message.

property requestSignatureScope

requestSignatureScope?: pulumi.Input<string>;

Specifies whether or not to digitally sign an AuthnRequest messages to the IdP. It can be "REQUEST" or "NONE".

property responseSignatureAlgorithm

responseSignatureAlgorithm?: pulumi.Input<string>;

The minimum XML digital signature algorithm allowed when verifying a SAMLResponse message or Assertion element.

property responseSignatureScope

responseSignatureScope?: pulumi.Input<string>;

Specifies whether to verify a SAMLResponse message or Assertion element XML digital signature. It can be "RESPONSE", "ASSERTION", or "ANY".

property scopes

scopes?: pulumi.Input<pulumi.Input<string>[]>;

The scopes of the IdP.

property status

status?: pulumi.Input<string>;

Status of the IdP.

property subjectMatchAttribute

subjectMatchAttribute?: pulumi.Input<string>;

Okta user profile attribute for matching transformed IdP username. Only for matchType "CUSTOM_ATTRIBUTE".

property subjectMatchType

subjectMatchType?: pulumi.Input<string>;

property suspendedAction

suspendedAction?: pulumi.Input<string>;

Action for a previously suspended IdP user during authentication. Can be set to "NONE" or "UNSUSPEND"

property tokenBinding

tokenBinding?: pulumi.Input<string>;

The method of making a token request. It can be set to "HTTP-POST" or "HTTP-REDIRECT".

property tokenUrl

tokenUrl?: pulumi.Input<string>;

IdP Authorization Server (AS) endpoint to exchange the authorization code grant for an access token.

property type

type?: pulumi.Input<string>;

The type of Social IdP. It can be "FACEBOOK", "LINKEDIN", "MICROSOFT", or "GOOGLE".

property usernameTemplate

usernameTemplate?: pulumi.Input<string>;

Okta EL Expression to generate or transform a unique username for the IdP user.

The Pulumi Platform

Get Started

Migrate to Pulumi

Solutions for All Teams and Engineers

Any Code

Any Cloud

Module idp

Resources

Functions

Others

Resources

Example Usage

Example Usage

Example Usage

Example Usage