1. Docs
  2. Reference
  3. API
  4. @pulumi/vault
  5. okta

Module okta

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-vault repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-vault repo.

Resources

Others

Resources

Resource AuthBackend

class AuthBackend extends CustomResource

constructor

new AuthBackend(name: string, args: AuthBackendArgs, opts?: pulumi.CustomResourceOptions)

Create a AuthBackend resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: AuthBackendState, opts?: pulumi.CustomResourceOptions): AuthBackend

Get an existing AuthBackend resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is AuthBackend

Returns true if the given object is an instance of AuthBackend. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property accessor

public accessor: pulumi.Output<string>;

The mount accessor related to the auth mount. It is useful for integration with Identity Secrets Engine.

property baseUrl

public baseUrl: pulumi.Output<string | undefined>;

The Okta url. Examples: oktapreview.com, okta.com

property bypassOktaMfa

public bypassOktaMfa: pulumi.Output<boolean | undefined>;

When true, requests by Okta for a MFA check will be bypassed. This also disallows certain status checks on the account, such as whether the password is expired.

property description

public description: pulumi.Output<string | undefined>;

The description of the auth backend

property groups

public groups: pulumi.Output<AuthBackendGroup[]>;

Associate Okta groups with policies within Vault. See below for more details.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property maxTtl

public maxTtl: pulumi.Output<string | undefined>;

Maximum duration after which authentication will be expired See the documentation for info on valid duration formats.

property organization

public organization: pulumi.Output<string>;

The Okta organization. This will be the first part of the url https://XXX.okta.com

property path

public path: pulumi.Output<string | undefined>;

Path to mount the Okta auth backend

property token

public token: pulumi.Output<string | undefined>;

The Okta API token. This is required to query Okta for user group membership. If this is not supplied only locally configured groups will be enabled.

property ttl

public ttl: pulumi.Output<string | undefined>;

Duration after which authentication will be expired. See the documentation for info on valid duration formats.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property users

public users: pulumi.Output<AuthBackendUser[]>;

Associate Okta users with groups or policies within Vault. See below for more details.

Resource AuthBackendGroup

class AuthBackendGroup extends CustomResource

Provides a resource to create a group in an Okta auth backend within Vault.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";

const example = new vault.okta.AuthBackend("example", {
    organization: "dummy",
    path: "groupOkta",
});
const foo = new vault.okta.AuthBackendGroup("foo", {
    groupName: "foo",
    path: example.path,
    policies: [
        "one",
        "two",
    ],
});

constructor

new AuthBackendGroup(name: string, args: AuthBackendGroupArgs, opts?: pulumi.CustomResourceOptions)

Create a AuthBackendGroup resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: AuthBackendGroupState, opts?: pulumi.CustomResourceOptions): AuthBackendGroup

Get an existing AuthBackendGroup resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is AuthBackendGroup

Returns true if the given object is an instance of AuthBackendGroup. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property groupName

public groupName: pulumi.Output<string>;

Name of the group within the Okta

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property path

public path: pulumi.Output<string>;

The path where the Okta auth backend is mounted

property policies

public policies: pulumi.Output<string[] | undefined>;

Vault policies to associate with this group

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource AuthBackendUser

class AuthBackendUser extends CustomResource

Provides a resource to create a user in an Okta auth backend within Vault.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";

const example = new vault.okta.AuthBackend("example", {
    organization: "dummy",
    path: "userOkta",
});
const foo = new vault.okta.AuthBackendUser("foo", {
    groups: [
        "one",
        "two",
    ],
    path: example.path,
    username: "foo",
});

constructor

new AuthBackendUser(name: string, args: AuthBackendUserArgs, opts?: pulumi.CustomResourceOptions)

Create a AuthBackendUser resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: AuthBackendUserState, opts?: pulumi.CustomResourceOptions): AuthBackendUser

Get an existing AuthBackendUser resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is AuthBackendUser

Returns true if the given object is an instance of AuthBackendUser. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property groups

public groups: pulumi.Output<string[] | undefined>;

List of Okta groups to associate with this user

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property path

public path: pulumi.Output<string>;

The path where the Okta auth backend is mounted

property policies

public policies: pulumi.Output<string[] | undefined>;

List of Vault policies to associate with this user

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property username

public username: pulumi.Output<string>;

Name of the user within Okta

Others

interface AuthBackendArgs

interface AuthBackendArgs

The set of arguments for constructing a AuthBackend resource.

property baseUrl

baseUrl?: pulumi.Input<string>;

The Okta url. Examples: oktapreview.com, okta.com

property bypassOktaMfa

bypassOktaMfa?: pulumi.Input<boolean>;

When true, requests by Okta for a MFA check will be bypassed. This also disallows certain status checks on the account, such as whether the password is expired.

property description

description?: pulumi.Input<string>;

The description of the auth backend

property groups

groups?: pulumi.Input<pulumi.Input<AuthBackendGroup>[]>;

Associate Okta groups with policies within Vault. See below for more details.

property maxTtl

maxTtl?: pulumi.Input<string>;

Maximum duration after which authentication will be expired See the documentation for info on valid duration formats.

property organization

organization: pulumi.Input<string>;

The Okta organization. This will be the first part of the url https://XXX.okta.com

property path

path?: pulumi.Input<string>;

Path to mount the Okta auth backend

property token

token?: pulumi.Input<string>;

The Okta API token. This is required to query Okta for user group membership. If this is not supplied only locally configured groups will be enabled.

property ttl

ttl?: pulumi.Input<string>;

Duration after which authentication will be expired. See the documentation for info on valid duration formats.

property users

users?: pulumi.Input<pulumi.Input<AuthBackendUser>[]>;

Associate Okta users with groups or policies within Vault. See below for more details.

interface AuthBackendGroupArgs

interface AuthBackendGroupArgs

The set of arguments for constructing a AuthBackendGroup resource.

property groupName

groupName: pulumi.Input<string>;

Name of the group within the Okta

property path

path: pulumi.Input<string>;

The path where the Okta auth backend is mounted

property policies

policies?: pulumi.Input<pulumi.Input<string>[]>;

Vault policies to associate with this group

interface AuthBackendGroupState

interface AuthBackendGroupState

Input properties used for looking up and filtering AuthBackendGroup resources.

property groupName

groupName?: pulumi.Input<string>;

Name of the group within the Okta

property path

path?: pulumi.Input<string>;

The path where the Okta auth backend is mounted

property policies

policies?: pulumi.Input<pulumi.Input<string>[]>;

Vault policies to associate with this group

interface AuthBackendState

interface AuthBackendState

Input properties used for looking up and filtering AuthBackend resources.

property accessor

accessor?: pulumi.Input<string>;

The mount accessor related to the auth mount. It is useful for integration with Identity Secrets Engine.

property baseUrl

baseUrl?: pulumi.Input<string>;

The Okta url. Examples: oktapreview.com, okta.com

property bypassOktaMfa

bypassOktaMfa?: pulumi.Input<boolean>;

When true, requests by Okta for a MFA check will be bypassed. This also disallows certain status checks on the account, such as whether the password is expired.

property description

description?: pulumi.Input<string>;

The description of the auth backend

property groups

groups?: pulumi.Input<pulumi.Input<AuthBackendGroup>[]>;

Associate Okta groups with policies within Vault. See below for more details.

property maxTtl

maxTtl?: pulumi.Input<string>;

Maximum duration after which authentication will be expired See the documentation for info on valid duration formats.

property organization

organization?: pulumi.Input<string>;

The Okta organization. This will be the first part of the url https://XXX.okta.com

property path

path?: pulumi.Input<string>;

Path to mount the Okta auth backend

property token

token?: pulumi.Input<string>;

The Okta API token. This is required to query Okta for user group membership. If this is not supplied only locally configured groups will be enabled.

property ttl

ttl?: pulumi.Input<string>;

Duration after which authentication will be expired. See the documentation for info on valid duration formats.

property users

users?: pulumi.Input<pulumi.Input<AuthBackendUser>[]>;

Associate Okta users with groups or policies within Vault. See below for more details.

interface AuthBackendUserArgs

interface AuthBackendUserArgs

The set of arguments for constructing a AuthBackendUser resource.

property groups

groups?: pulumi.Input<pulumi.Input<string>[]>;

List of Okta groups to associate with this user

property path

path: pulumi.Input<string>;

The path where the Okta auth backend is mounted

property policies

policies?: pulumi.Input<pulumi.Input<string>[]>;

List of Vault policies to associate with this user

property username

username: pulumi.Input<string>;

Name of the user within Okta

interface AuthBackendUserState

interface AuthBackendUserState

Input properties used for looking up and filtering AuthBackendUser resources.

property groups

groups?: pulumi.Input<pulumi.Input<string>[]>;

List of Okta groups to associate with this user

property path

path?: pulumi.Input<string>;

The path where the Okta auth backend is mounted

property policies

policies?: pulumi.Input<pulumi.Input<string>[]>;

List of Vault policies to associate with this user

property username

username?: pulumi.Input<string>;

Name of the user within Okta