Saml

Creates an SAML Application.

This resource allows you to create and configure an SAML Application.

Example Usage

using Pulumi;
using Okta = Pulumi.Okta;

class MyStack : Stack
{
    public MyStack()
    {
        var example = new Okta.App.Saml("example", new Okta.App.SamlArgs
        {
            AttributeStatements = 
            {
                new Okta.App.Inputs.SamlAttributeStatementArgs
                {
                    FilterType = "REGEX",
                    FilterValue = ".*",
                    Name = "groups",
                    Type = "GROUP",
                },
            },
            Audience = "http://example.com/audience",
            AuthnContextClassRef = "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport",
            Destination = "http://example.com",
            DigestAlgorithm = "SHA256",
            HonorForceAuthn = false,
            Label = "example",
            Recipient = "http://example.com",
            ResponseSigned = true,
            SignatureAlgorithm = "RSA_SHA256",
            SsoUrl = "http://example.com",
            SubjectNameIdFormat = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
            SubjectNameIdTemplate = user.UserName,
        });
    }

}

Coming soon!

import pulumi
import pulumi_okta as okta

example = okta.app.Saml("example",
    attribute_statements=[{
        "filterType": "REGEX",
        "filterValue": ".*",
        "name": "groups",
        "type": "GROUP",
    }],
    audience="http://example.com/audience",
    authn_context_class_ref="urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport",
    destination="http://example.com",
    digest_algorithm="SHA256",
    honor_force_authn=False,
    label="example",
    recipient="http://example.com",
    response_signed=True,
    signature_algorithm="RSA_SHA256",
    sso_url="http://example.com",
    subject_name_id_format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
    subject_name_id_template=user["userName"])

import * as pulumi from "@pulumi/pulumi";
import * as okta from "@pulumi/okta";

const example = new okta.app.Saml("example", {
    attributeStatements: [{
        filterType: "REGEX",
        filterValue: ".*",
        name: "groups",
        type: "GROUP",
    }],
    audience: "http://example.com/audience",
    authnContextClassRef: "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport",
    destination: "http://example.com",
    digestAlgorithm: "SHA256",
    honorForceAuthn: false,
    label: "example",
    recipient: "http://example.com",
    responseSigned: true,
    signatureAlgorithm: "RSA_SHA256",
    ssoUrl: "http://example.com",
    subjectNameIdFormat: "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
    subjectNameIdTemplate: "${user.userName}",
});

Create a Saml Resource

new Saml(name: string, args: SamlArgs, opts?: CustomResourceOptions);

def Saml(resource_name, opts=None, accessibility_error_redirect_url=None, accessibility_login_redirect_url=None, accessibility_self_service=None, app_settings_json=None, assertion_signed=None, attribute_statements=None, audience=None, authn_context_class_ref=None, auto_submit_toolbar=None, default_relay_state=None, destination=None, digest_algorithm=None, features=None, groups=None, hide_ios=None, hide_web=None, honor_force_authn=None, idp_issuer=None, key_name=None, key_years_valid=None, label=None, preconfigured_app=None, recipient=None, request_compressed=None, response_signed=None, signature_algorithm=None, sp_issuer=None, sso_url=None, status=None, subject_name_id_format=None, subject_name_id_template=None, user_name_template=None, user_name_template_suffix=None, user_name_template_type=None, users=None, __props__=None);

func NewSaml(ctx *Context, name string, args SamlArgs, opts ...ResourceOption) (*Saml, error)

public Saml(string name, SamlArgs args, CustomResourceOptions? opts = null)

name string: The unique name of the resource.
args SamlArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
opts ResourceOptions: A bag of options that control this resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args SamlArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args SamlArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

Saml Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.

Inputs

The Saml resource accepts the following input properties:

Label string: label of application.
AccessibilityErrorRedirectUrl string: Custom error page URL.
AccessibilityLoginRedirectUrl string: Custom login page URL.
AccessibilitySelfService bool: Enable self service.
AppSettingsJson string: Application settings in JSON format.
AssertionSigned bool: Determines whether the SAML assertion is digitally signed.
AttributeStatements List<SamlAttributeStatementArgs>: List of SAML Attribute statements.
Audience string: Audience restriction.
AuthnContextClassRef string: Identifies the SAML authentication context class for the assertion’s authentication statement.
AutoSubmitToolbar bool: Display auto submit toolbar.
DefaultRelayState string: Identifies a specific application resource in an IDP initiated SSO scenario.
Destination string: Identifies the location where the SAML response is intended to be sent inside of the SAML assertion.
DigestAlgorithm string: Determines the digest algorithm used to digitally sign the SAML assertion and response.
Features List<string>: features enabled.
Groups List<string>: Groups associated with the application
HideIos bool: Do not display application icon on mobile app.
HideWeb bool: Do not display application icon to users
HonorForceAuthn bool: Prompt user to re-authenticate if SP asks for it.
IdpIssuer string: SAML issuer ID.
KeyName string: Certificate name. This modulates the rotation of keys. New name == new key.
KeyYearsValid int: Number of years the certificate is valid.
PreconfiguredApp string: name of application from the Okta Integration Network, if not included a custom app will be created.
Recipient string: The location where the app may present the SAML assertion.
RequestCompressed bool: Denotes whether the request is compressed or not.
ResponseSigned bool: Determines whether the SAML auth response message is digitally signed.
SignatureAlgorithm string: Signature algorithm used ot digitally sign the assertion and response.
SpIssuer string: SAML service provider issuer.
SsoUrl string: Single Sign on Url.
Status string: status of application.
SubjectNameIdFormat string: Identifies the SAML processing rules.
SubjectNameIdTemplate string: Template for app user’s username when a user is assigned to the app.
UserNameTemplate string: Username template.
UserNameTemplateSuffix string: Username template suffix.
UserNameTemplateType string: Username template type.
Users List<SamlUserArgs>: Users associated with the application

Label string: label of application.
AccessibilityErrorRedirectUrl string: Custom error page URL.
AccessibilityLoginRedirectUrl string: Custom login page URL.
AccessibilitySelfService bool: Enable self service.
AppSettingsJson string: Application settings in JSON format.
AssertionSigned bool: Determines whether the SAML assertion is digitally signed.
AttributeStatements []SamlAttributeStatement: List of SAML Attribute statements.
Audience string: Audience restriction.
AuthnContextClassRef string: Identifies the SAML authentication context class for the assertion’s authentication statement.
AutoSubmitToolbar bool: Display auto submit toolbar.
DefaultRelayState string: Identifies a specific application resource in an IDP initiated SSO scenario.
Destination string: Identifies the location where the SAML response is intended to be sent inside of the SAML assertion.
DigestAlgorithm string: Determines the digest algorithm used to digitally sign the SAML assertion and response.
Features []string: features enabled.
Groups []string: Groups associated with the application
HideIos bool: Do not display application icon on mobile app.
HideWeb bool: Do not display application icon to users
HonorForceAuthn bool: Prompt user to re-authenticate if SP asks for it.
IdpIssuer string: SAML issuer ID.
KeyName string: Certificate name. This modulates the rotation of keys. New name == new key.
KeyYearsValid int: Number of years the certificate is valid.
PreconfiguredApp string: name of application from the Okta Integration Network, if not included a custom app will be created.
Recipient string: The location where the app may present the SAML assertion.
RequestCompressed bool: Denotes whether the request is compressed or not.
ResponseSigned bool: Determines whether the SAML auth response message is digitally signed.
SignatureAlgorithm string: Signature algorithm used ot digitally sign the assertion and response.
SpIssuer string: SAML service provider issuer.
SsoUrl string: Single Sign on Url.
Status string: status of application.
SubjectNameIdFormat string: Identifies the SAML processing rules.
SubjectNameIdTemplate string: Template for app user’s username when a user is assigned to the app.
UserNameTemplate string: Username template.
UserNameTemplateSuffix string: Username template suffix.
UserNameTemplateType string: Username template type.
Users []SamlUser: Users associated with the application

label string: label of application.
accessibilityErrorRedirectUrl string: Custom error page URL.
accessibilityLoginRedirectUrl string: Custom login page URL.
accessibilitySelfService boolean: Enable self service.
appSettingsJson string: Application settings in JSON format.
assertionSigned boolean: Determines whether the SAML assertion is digitally signed.
attributeStatements SamlAttributeStatement[]: List of SAML Attribute statements.
audience string: Audience restriction.
authnContextClassRef string: Identifies the SAML authentication context class for the assertion’s authentication statement.
autoSubmitToolbar boolean: Display auto submit toolbar.
defaultRelayState string: Identifies a specific application resource in an IDP initiated SSO scenario.
destination string: Identifies the location where the SAML response is intended to be sent inside of the SAML assertion.
digestAlgorithm string: Determines the digest algorithm used to digitally sign the SAML assertion and response.
features string[]: features enabled.
groups string[]: Groups associated with the application
hideIos boolean: Do not display application icon on mobile app.
hideWeb boolean: Do not display application icon to users
honorForceAuthn boolean: Prompt user to re-authenticate if SP asks for it.
idpIssuer string: SAML issuer ID.
keyName string: Certificate name. This modulates the rotation of keys. New name == new key.
keyYearsValid number: Number of years the certificate is valid.
preconfiguredApp string: name of application from the Okta Integration Network, if not included a custom app will be created.
recipient string: The location where the app may present the SAML assertion.
requestCompressed boolean: Denotes whether the request is compressed or not.
responseSigned boolean: Determines whether the SAML auth response message is digitally signed.
signatureAlgorithm string: Signature algorithm used ot digitally sign the assertion and response.
spIssuer string: SAML service provider issuer.
ssoUrl string: Single Sign on Url.
status string: status of application.
subjectNameIdFormat string: Identifies the SAML processing rules.
subjectNameIdTemplate string: Template for app user’s username when a user is assigned to the app.
userNameTemplate string: Username template.
userNameTemplateSuffix string: Username template suffix.
userNameTemplateType string: Username template type.
users SamlUser[]: Users associated with the application

label str: label of application.
accessibility_error_redirect_url str: Custom error page URL.
accessibility_login_redirect_url str: Custom login page URL.
accessibility_self_service bool: Enable self service.
app_settings_json str: Application settings in JSON format.
assertion_signed bool: Determines whether the SAML assertion is digitally signed.
attribute_statements List[SamlAttributeStatement]: List of SAML Attribute statements.
audience str: Audience restriction.
authn_context_class_ref str: Identifies the SAML authentication context class for the assertion’s authentication statement.
auto_submit_toolbar bool: Display auto submit toolbar.
default_relay_state str: Identifies a specific application resource in an IDP initiated SSO scenario.
destination str: Identifies the location where the SAML response is intended to be sent inside of the SAML assertion.
digest_algorithm str: Determines the digest algorithm used to digitally sign the SAML assertion and response.
features List[str]: features enabled.
groups List[str]: Groups associated with the application
hide_ios bool: Do not display application icon on mobile app.
hide_web bool: Do not display application icon to users
honor_force_authn bool: Prompt user to re-authenticate if SP asks for it.
idp_issuer str: SAML issuer ID.
key_name str: Certificate name. This modulates the rotation of keys. New name == new key.
key_years_valid float: Number of years the certificate is valid.
preconfigured_app str: name of application from the Okta Integration Network, if not included a custom app will be created.
recipient str: The location where the app may present the SAML assertion.
request_compressed bool: Denotes whether the request is compressed or not.
response_signed bool: Determines whether the SAML auth response message is digitally signed.
signature_algorithm str: Signature algorithm used ot digitally sign the assertion and response.
sp_issuer str: SAML service provider issuer.
sso_url str: Single Sign on Url.
status str: status of application.
subject_name_id_format str: Identifies the SAML processing rules.
subject_name_id_template str: Template for app user’s username when a user is assigned to the app.
user_name_template str: Username template.
user_name_template_suffix str: Username template suffix.
user_name_template_type str: Username template type.
users List[SamlUser]: Users associated with the application

Outputs

All input properties are implicitly available as output properties. Additionally, the Saml resource produces the following output properties:

Certificate string: The raw signing certificate.
EntityKey string: Entity ID, the ID portion of the entity_url.
EntityUrl string: Entity URL for instance http://www.okta.com/exk1fcia6d6EMsf331d8.
HttpPostBinding string: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Post location from the SAML metadata.
HttpRedirectBinding string: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect location from the SAML metadata.
Id string: The provider-assigned unique ID for this managed resource.
KeyId string: Certificate key ID.
Metadata string: The raw SAML metadata in XML.
Name string: The name of the attribute statement.
SignOnMode string: Sign on mode of application.

Certificate string: The raw signing certificate.
EntityKey string: Entity ID, the ID portion of the entity_url.
EntityUrl string: Entity URL for instance http://www.okta.com/exk1fcia6d6EMsf331d8.
HttpPostBinding string: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Post location from the SAML metadata.
HttpRedirectBinding string: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect location from the SAML metadata.
Id string: The provider-assigned unique ID for this managed resource.
KeyId string: Certificate key ID.
Metadata string: The raw SAML metadata in XML.
Name string: The name of the attribute statement.
SignOnMode string: Sign on mode of application.

certificate string: The raw signing certificate.
entityKey string: Entity ID, the ID portion of the entity_url.
entityUrl string: Entity URL for instance http://www.okta.com/exk1fcia6d6EMsf331d8.
httpPostBinding string: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Post location from the SAML metadata.
httpRedirectBinding string: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect location from the SAML metadata.
id string: The provider-assigned unique ID for this managed resource.
keyId string: Certificate key ID.
metadata string: The raw SAML metadata in XML.
name string: The name of the attribute statement.
signOnMode string: Sign on mode of application.

certificate str: The raw signing certificate.
entity_key str: Entity ID, the ID portion of the entity_url.
entity_url str: Entity URL for instance http://www.okta.com/exk1fcia6d6EMsf331d8.
http_post_binding str: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Post location from the SAML metadata.
http_redirect_binding str: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect location from the SAML metadata.
id str: The provider-assigned unique ID for this managed resource.
key_id str: Certificate key ID.
metadata str: The raw SAML metadata in XML.
name str: The name of the attribute statement.
sign_on_mode str: Sign on mode of application.

Look up an Existing Saml Resource

Get an existing Saml resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: SamlState, opts?: CustomResourceOptions): Saml

static get(resource_name, id, opts=None, accessibility_error_redirect_url=None, accessibility_login_redirect_url=None, accessibility_self_service=None, app_settings_json=None, assertion_signed=None, attribute_statements=None, audience=None, authn_context_class_ref=None, auto_submit_toolbar=None, certificate=None, default_relay_state=None, destination=None, digest_algorithm=None, entity_key=None, entity_url=None, features=None, groups=None, hide_ios=None, hide_web=None, honor_force_authn=None, http_post_binding=None, http_redirect_binding=None, idp_issuer=None, key_id=None, key_name=None, key_years_valid=None, label=None, metadata=None, name=None, preconfigured_app=None, recipient=None, request_compressed=None, response_signed=None, sign_on_mode=None, signature_algorithm=None, sp_issuer=None, sso_url=None, status=None, subject_name_id_format=None, subject_name_id_template=None, user_name_template=None, user_name_template_suffix=None, user_name_template_type=None, users=None, __props__=None);

func GetSaml(ctx *Context, name string, id IDInput, state *SamlState, opts ...ResourceOption) (*Saml, error)

public static Saml Get(string name, Input<string> id, SamlState? state, CustomResourceOptions? opts = null)

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AccessibilityErrorRedirectUrl string: Custom error page URL.
AccessibilityLoginRedirectUrl string: Custom login page URL.
AccessibilitySelfService bool: Enable self service.
AppSettingsJson string: Application settings in JSON format.
AssertionSigned bool: Determines whether the SAML assertion is digitally signed.
AttributeStatements List<SamlAttributeStatementArgs>: List of SAML Attribute statements.
Audience string: Audience restriction.
AuthnContextClassRef string: Identifies the SAML authentication context class for the assertion’s authentication statement.
AutoSubmitToolbar bool: Display auto submit toolbar.
Certificate string: The raw signing certificate.
DefaultRelayState string: Identifies a specific application resource in an IDP initiated SSO scenario.
Destination string: Identifies the location where the SAML response is intended to be sent inside of the SAML assertion.
DigestAlgorithm string: Determines the digest algorithm used to digitally sign the SAML assertion and response.
EntityKey string: Entity ID, the ID portion of the entity_url.
EntityUrl string: Entity URL for instance http://www.okta.com/exk1fcia6d6EMsf331d8.
Features List<string>: features enabled.
Groups List<string>: Groups associated with the application
HideIos bool: Do not display application icon on mobile app.
HideWeb bool: Do not display application icon to users
HonorForceAuthn bool: Prompt user to re-authenticate if SP asks for it.
HttpPostBinding string: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Post location from the SAML metadata.
HttpRedirectBinding string: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect location from the SAML metadata.
IdpIssuer string: SAML issuer ID.
KeyId string: Certificate key ID.
KeyName string: Certificate name. This modulates the rotation of keys. New name == new key.
KeyYearsValid int: Number of years the certificate is valid.
Label string: label of application.
Metadata string: The raw SAML metadata in XML.
Name string: The name of the attribute statement.
PreconfiguredApp string: name of application from the Okta Integration Network, if not included a custom app will be created.
Recipient string: The location where the app may present the SAML assertion.
RequestCompressed bool: Denotes whether the request is compressed or not.
ResponseSigned bool: Determines whether the SAML auth response message is digitally signed.
SignOnMode string: Sign on mode of application.
SignatureAlgorithm string: Signature algorithm used ot digitally sign the assertion and response.
SpIssuer string: SAML service provider issuer.
SsoUrl string: Single Sign on Url.
Status string: status of application.
SubjectNameIdFormat string: Identifies the SAML processing rules.
SubjectNameIdTemplate string: Template for app user’s username when a user is assigned to the app.
UserNameTemplate string: Username template.
UserNameTemplateSuffix string: Username template suffix.
UserNameTemplateType string: Username template type.
Users List<SamlUserArgs>: Users associated with the application

AccessibilityErrorRedirectUrl string: Custom error page URL.
AccessibilityLoginRedirectUrl string: Custom login page URL.
AccessibilitySelfService bool: Enable self service.
AppSettingsJson string: Application settings in JSON format.
AssertionSigned bool: Determines whether the SAML assertion is digitally signed.
AttributeStatements []SamlAttributeStatement: List of SAML Attribute statements.
Audience string: Audience restriction.
AuthnContextClassRef string: Identifies the SAML authentication context class for the assertion’s authentication statement.
AutoSubmitToolbar bool: Display auto submit toolbar.
Certificate string: The raw signing certificate.
DefaultRelayState string: Identifies a specific application resource in an IDP initiated SSO scenario.
Destination string: Identifies the location where the SAML response is intended to be sent inside of the SAML assertion.
DigestAlgorithm string: Determines the digest algorithm used to digitally sign the SAML assertion and response.
EntityKey string: Entity ID, the ID portion of the entity_url.
EntityUrl string: Entity URL for instance http://www.okta.com/exk1fcia6d6EMsf331d8.
Features []string: features enabled.
Groups []string: Groups associated with the application
HideIos bool: Do not display application icon on mobile app.
HideWeb bool: Do not display application icon to users
HonorForceAuthn bool: Prompt user to re-authenticate if SP asks for it.
HttpPostBinding string: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Post location from the SAML metadata.
HttpRedirectBinding string: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect location from the SAML metadata.
IdpIssuer string: SAML issuer ID.
KeyId string: Certificate key ID.
KeyName string: Certificate name. This modulates the rotation of keys. New name == new key.
KeyYearsValid int: Number of years the certificate is valid.
Label string: label of application.
Metadata string: The raw SAML metadata in XML.
Name string: The name of the attribute statement.
PreconfiguredApp string: name of application from the Okta Integration Network, if not included a custom app will be created.
Recipient string: The location where the app may present the SAML assertion.
RequestCompressed bool: Denotes whether the request is compressed or not.
ResponseSigned bool: Determines whether the SAML auth response message is digitally signed.
SignOnMode string: Sign on mode of application.
SignatureAlgorithm string: Signature algorithm used ot digitally sign the assertion and response.
SpIssuer string: SAML service provider issuer.
SsoUrl string: Single Sign on Url.
Status string: status of application.
SubjectNameIdFormat string: Identifies the SAML processing rules.
SubjectNameIdTemplate string: Template for app user’s username when a user is assigned to the app.
UserNameTemplate string: Username template.
UserNameTemplateSuffix string: Username template suffix.
UserNameTemplateType string: Username template type.
Users []SamlUser: Users associated with the application

accessibilityErrorRedirectUrl string: Custom error page URL.
accessibilityLoginRedirectUrl string: Custom login page URL.
accessibilitySelfService boolean: Enable self service.
appSettingsJson string: Application settings in JSON format.
assertionSigned boolean: Determines whether the SAML assertion is digitally signed.
attributeStatements SamlAttributeStatement[]: List of SAML Attribute statements.
audience string: Audience restriction.
authnContextClassRef string: Identifies the SAML authentication context class for the assertion’s authentication statement.
autoSubmitToolbar boolean: Display auto submit toolbar.
certificate string: The raw signing certificate.
defaultRelayState string: Identifies a specific application resource in an IDP initiated SSO scenario.
destination string: Identifies the location where the SAML response is intended to be sent inside of the SAML assertion.
digestAlgorithm string: Determines the digest algorithm used to digitally sign the SAML assertion and response.
entityKey string: Entity ID, the ID portion of the entity_url.
entityUrl string: Entity URL for instance http://www.okta.com/exk1fcia6d6EMsf331d8.
features string[]: features enabled.
groups string[]: Groups associated with the application
hideIos boolean: Do not display application icon on mobile app.
hideWeb boolean: Do not display application icon to users
honorForceAuthn boolean: Prompt user to re-authenticate if SP asks for it.
httpPostBinding string: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Post location from the SAML metadata.
httpRedirectBinding string: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect location from the SAML metadata.
idpIssuer string: SAML issuer ID.
keyId string: Certificate key ID.
keyName string: Certificate name. This modulates the rotation of keys. New name == new key.
keyYearsValid number: Number of years the certificate is valid.
label string: label of application.
metadata string: The raw SAML metadata in XML.
name string: The name of the attribute statement.
preconfiguredApp string: name of application from the Okta Integration Network, if not included a custom app will be created.
recipient string: The location where the app may present the SAML assertion.
requestCompressed boolean: Denotes whether the request is compressed or not.
responseSigned boolean: Determines whether the SAML auth response message is digitally signed.
signOnMode string: Sign on mode of application.
signatureAlgorithm string: Signature algorithm used ot digitally sign the assertion and response.
spIssuer string: SAML service provider issuer.
ssoUrl string: Single Sign on Url.
status string: status of application.
subjectNameIdFormat string: Identifies the SAML processing rules.
subjectNameIdTemplate string: Template for app user’s username when a user is assigned to the app.
userNameTemplate string: Username template.
userNameTemplateSuffix string: Username template suffix.
userNameTemplateType string: Username template type.
users SamlUser[]: Users associated with the application

accessibility_error_redirect_url str: Custom error page URL.
accessibility_login_redirect_url str: Custom login page URL.
accessibility_self_service bool: Enable self service.
app_settings_json str: Application settings in JSON format.
assertion_signed bool: Determines whether the SAML assertion is digitally signed.
attribute_statements List[SamlAttributeStatement]: List of SAML Attribute statements.
audience str: Audience restriction.
authn_context_class_ref str: Identifies the SAML authentication context class for the assertion’s authentication statement.
auto_submit_toolbar bool: Display auto submit toolbar.
certificate str: The raw signing certificate.
default_relay_state str: Identifies a specific application resource in an IDP initiated SSO scenario.
destination str: Identifies the location where the SAML response is intended to be sent inside of the SAML assertion.
digest_algorithm str: Determines the digest algorithm used to digitally sign the SAML assertion and response.
entity_key str: Entity ID, the ID portion of the entity_url.
entity_url str: Entity URL for instance http://www.okta.com/exk1fcia6d6EMsf331d8.
features List[str]: features enabled.
groups List[str]: Groups associated with the application
hide_ios bool: Do not display application icon on mobile app.
hide_web bool: Do not display application icon to users
honor_force_authn bool: Prompt user to re-authenticate if SP asks for it.
http_post_binding str: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Post location from the SAML metadata.
http_redirect_binding str: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect location from the SAML metadata.
idp_issuer str: SAML issuer ID.
key_id str: Certificate key ID.
key_name str: Certificate name. This modulates the rotation of keys. New name == new key.
key_years_valid float: Number of years the certificate is valid.
label str: label of application.
metadata str: The raw SAML metadata in XML.
name str: The name of the attribute statement.
preconfigured_app str: name of application from the Okta Integration Network, if not included a custom app will be created.
recipient str: The location where the app may present the SAML assertion.
request_compressed bool: Denotes whether the request is compressed or not.
response_signed bool: Determines whether the SAML auth response message is digitally signed.
sign_on_mode str: Sign on mode of application.
signature_algorithm str: Signature algorithm used ot digitally sign the assertion and response.
sp_issuer str: SAML service provider issuer.
sso_url str: Single Sign on Url.
status str: status of application.
subject_name_id_format str: Identifies the SAML processing rules.
subject_name_id_template str: Template for app user’s username when a user is assigned to the app.
user_name_template str: Username template.
user_name_template_suffix str: Username template suffix.
user_name_template_type str: Username template type.
users List[SamlUser]: Users associated with the application

Supporting Types

SamlAttributeStatement

See the input and output API doc for this type.

Name string: The name of the attribute statement.
FilterType string: Type of group attribute filter.
FilterValue string: Filter value to use.
Namespace string: The attribute namespace. It can be set to "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified", "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", or "urn:oasis:names:tc:SAML:2.0:attrname-format:basic".
Type string: The type of attribute statement value. Can be "EXPRESSION" or "GROUP".
Values List<string>: Array of values to use.

Name string: The name of the attribute statement.
FilterType string: Type of group attribute filter.
FilterValue string: Filter value to use.
Namespace string: The attribute namespace. It can be set to "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified", "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", or "urn:oasis:names:tc:SAML:2.0:attrname-format:basic".
Type string: The type of attribute statement value. Can be "EXPRESSION" or "GROUP".
Values []string: Array of values to use.

name string: The name of the attribute statement.
filterType string: Type of group attribute filter.
filterValue string: Filter value to use.
namespace string: The attribute namespace. It can be set to "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified", "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", or "urn:oasis:names:tc:SAML:2.0:attrname-format:basic".
type string: The type of attribute statement value. Can be "EXPRESSION" or "GROUP".
values string[]: Array of values to use.

name str: The name of the attribute statement.
filterType str: Type of group attribute filter.
filterValue str: Filter value to use.
namespace str: The attribute namespace. It can be set to "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified", "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", or "urn:oasis:names:tc:SAML:2.0:attrname-format:basic".
type str: The type of attribute statement value. Can be "EXPRESSION" or "GROUP".
values List[str]: Array of values to use.

SamlUser

See the input and output API doc for this type.

Id string: id of application.
Password string
Scope string
Username string

Id string: id of application.
Password string
Scope string
Username string

id string: id of application.
password string
scope string
username string

id str: id of application.
password str
scope str
username str

Package Details

Repository: https://github.com/pulumi/pulumi-okta
License: Apache-2.0
Notes: This Pulumi package is based on the okta Terraform Provider.

The Pulumi Platform

Get Started

Migrate to Pulumi

Solutions for All Teams and Engineers

Any Code

Any Cloud