1. Docs
  2. Reference
  3. API
  4. pulumi_okta
  5. app

app

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-okta repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-okta repo.

class pulumi_okta.app.AutoLogin(resource_name, opts=None, accessibility_error_redirect_url=None, accessibility_self_service=None, auto_submit_toolbar=None, credentials_scheme=None, groups=None, hide_ios=None, hide_web=None, label=None, preconfigured_app=None, reveal_password=None, shared_password=None, shared_username=None, sign_on_redirect_url=None, sign_on_url=None, status=None, users=None, __props__=None, __name__=None, __opts__=None)

Creates an Auto Login Okta Application.

This resource allows you to create and configure an Auto Login Okta Application.

import pulumi
import pulumi_okta as okta

example = okta.app.AutoLogin("example",
    credentials_scheme="EDIT_USERNAME_AND_PASSWORD",
    label="Example App",
    reveal_password=True,
    sign_on_redirect_url="https://example.com",
    sign_on_url="https://example.com/login.html")
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • accessibility_error_redirect_url (pulumi.Input[str]) – Custom error page URL

  • accessibility_self_service (pulumi.Input[bool]) – Enable self service

  • auto_submit_toolbar (pulumi.Input[bool]) – Display auto submit toolbar

  • credentials_scheme (pulumi.Input[str]) – Application credentials scheme

  • groups (pulumi.Input[list]) – Groups associated with the application

  • hide_ios (pulumi.Input[bool]) – Do not display application icon on mobile app

  • hide_web (pulumi.Input[bool]) – Do not display application icon to users

  • label (pulumi.Input[str]) – The Application’s display name.

  • preconfigured_app (pulumi.Input[str]) – Tells Okta to use an existing application in their application catalog, as opposed to a custom application.

  • reveal_password (pulumi.Input[bool]) – Allow user to reveal password

  • shared_password (pulumi.Input[str]) – Shared password, required for certain schemes.

  • shared_username (pulumi.Input[str]) – Shared username, required for certain schemes.

  • sign_on_redirect_url (pulumi.Input[str]) – Post login redirect URL

  • sign_on_url (pulumi.Input[str]) – Login URL

  • status (pulumi.Input[str]) – The status of the application, by default it is "ACTIVE".

  • users (pulumi.Input[list]) – Users associated with the application

The users object supports the following:

  • id (pulumi.Input[str])

  • password (pulumi.Input[str])

  • scope (pulumi.Input[str])

  • username (pulumi.Input[str])

accessibility_error_redirect_url: pulumi.Output[str] = None

Custom error page URL

accessibility_self_service: pulumi.Output[bool] = None

Enable self service

auto_submit_toolbar: pulumi.Output[bool] = None

Display auto submit toolbar

credentials_scheme: pulumi.Output[str] = None

Application credentials scheme

groups: pulumi.Output[list] = None

Groups associated with the application

hide_ios: pulumi.Output[bool] = None

Do not display application icon on mobile app

hide_web: pulumi.Output[bool] = None

Do not display application icon to users

label: pulumi.Output[str] = None

The Application’s display name.

name: pulumi.Output[str] = None

Name assigned to the application by Okta.

preconfigured_app: pulumi.Output[str] = None

Tells Okta to use an existing application in their application catalog, as opposed to a custom application.

reveal_password: pulumi.Output[bool] = None

Allow user to reveal password

shared_password: pulumi.Output[str] = None

Shared password, required for certain schemes.

shared_username: pulumi.Output[str] = None

Shared username, required for certain schemes.

sign_on_mode: pulumi.Output[str] = None

Sign on mode of application.

sign_on_redirect_url: pulumi.Output[str] = None

Post login redirect URL

sign_on_url: pulumi.Output[str] = None

Login URL

status: pulumi.Output[str] = None

The status of the application, by default it is "ACTIVE".

user_name_template: pulumi.Output[str] = None

Username template

user_name_template_type: pulumi.Output[str] = None

Username template type

users: pulumi.Output[list] = None

Users associated with the application

  • id (str)

  • password (str)

  • scope (str)

  • username (str)

static get(resource_name, id, opts=None, accessibility_error_redirect_url=None, accessibility_self_service=None, auto_submit_toolbar=None, credentials_scheme=None, groups=None, hide_ios=None, hide_web=None, label=None, name=None, preconfigured_app=None, reveal_password=None, shared_password=None, shared_username=None, sign_on_mode=None, sign_on_redirect_url=None, sign_on_url=None, status=None, user_name_template=None, user_name_template_type=None, users=None)

Get an existing AutoLogin resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • accessibility_error_redirect_url (pulumi.Input[str]) – Custom error page URL

  • accessibility_self_service (pulumi.Input[bool]) – Enable self service

  • auto_submit_toolbar (pulumi.Input[bool]) – Display auto submit toolbar

  • credentials_scheme (pulumi.Input[str]) – Application credentials scheme

  • groups (pulumi.Input[list]) – Groups associated with the application

  • hide_ios (pulumi.Input[bool]) – Do not display application icon on mobile app

  • hide_web (pulumi.Input[bool]) – Do not display application icon to users

  • label (pulumi.Input[str]) – The Application’s display name.

  • name (pulumi.Input[str]) – Name assigned to the application by Okta.

  • preconfigured_app (pulumi.Input[str]) – Tells Okta to use an existing application in their application catalog, as opposed to a custom application.

  • reveal_password (pulumi.Input[bool]) – Allow user to reveal password

  • shared_password (pulumi.Input[str]) – Shared password, required for certain schemes.

  • shared_username (pulumi.Input[str]) – Shared username, required for certain schemes.

  • sign_on_mode (pulumi.Input[str]) – Sign on mode of application.

  • sign_on_redirect_url (pulumi.Input[str]) – Post login redirect URL

  • sign_on_url (pulumi.Input[str]) – Login URL

  • status (pulumi.Input[str]) – The status of the application, by default it is "ACTIVE".

  • user_name_template (pulumi.Input[str]) – Username template

  • user_name_template_type (pulumi.Input[str]) – Username template type

  • users (pulumi.Input[list]) – Users associated with the application

The users object supports the following:

  • id (pulumi.Input[str])

  • password (pulumi.Input[str])

  • scope (pulumi.Input[str])

  • username (pulumi.Input[str])

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_okta.app.AwaitableGetAppResult(active_only=None, description=None, id=None, label=None, label_prefix=None, name=None, status=None)
class pulumi_okta.app.AwaitableGetMetadataSamlResult(app_id=None, certificate=None, entity_id=None, http_post_binding=None, http_redirect_binding=None, id=None, key_id=None, metadata=None, want_authn_requests_signed=None)
class pulumi_okta.app.AwaitableGetSamlResult(accessibility_error_redirect_url=None, accessibility_login_redirect_url=None, accessibility_self_service=None, active_only=None, app_settings_json=None, assertion_signed=None, attribute_statements=None, audience=None, authn_context_class_ref=None, auto_submit_toolbar=None, default_relay_state=None, description=None, destination=None, digest_algorithm=None, features=None, hide_ios=None, hide_web=None, honor_force_authn=None, id=None, idp_issuer=None, key_id=None, label=None, label_prefix=None, name=None, recipient=None, request_compressed=None, response_signed=None, signature_algorithm=None, sp_issuer=None, sso_url=None, status=None, subject_name_id_format=None, subject_name_id_template=None, user_name_template=None, user_name_template_suffix=None, user_name_template_type=None)
class pulumi_okta.app.BasicAuth(resource_name, opts=None, auth_url=None, auto_submit_toolbar=None, groups=None, hide_ios=None, hide_web=None, label=None, status=None, url=None, users=None, __props__=None, __name__=None, __opts__=None)

Creates a Bsaic Auth Application.

This resource allows you to create and configure a Basic Auth Application.

import pulumi
import pulumi_okta as okta

example = okta.app.BasicAuth("example",
    auth_url="https://example.com/auth.html",
    label="Example",
    url="https://example.com/login.html")
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • auth_url (pulumi.Input[str]) – The URL of the authenticating site for this app.

  • auto_submit_toolbar (pulumi.Input[bool]) – Display auto submit toolbar

  • groups (pulumi.Input[list]) – Groups associated with the application

  • hide_ios (pulumi.Input[bool]) – Do not display application icon on mobile app

  • hide_web (pulumi.Input[bool]) – Do not display application icon to users

  • label (pulumi.Input[str]) – The Application’s display name.

  • status (pulumi.Input[str]) – Status of application.

  • url (pulumi.Input[str]) – The URL of the sign-in page for this app.

  • users (pulumi.Input[list]) – Users associated with the application

The users object supports the following:

  • id (pulumi.Input[str]) - ID of the Application.

  • password (pulumi.Input[str])

  • scope (pulumi.Input[str])

  • username (pulumi.Input[str])

auth_url: pulumi.Output[str] = None

The URL of the authenticating site for this app.

auto_submit_toolbar: pulumi.Output[bool] = None

Display auto submit toolbar

groups: pulumi.Output[list] = None

Groups associated with the application

hide_ios: pulumi.Output[bool] = None

Do not display application icon on mobile app

hide_web: pulumi.Output[bool] = None

Do not display application icon to users

label: pulumi.Output[str] = None

The Application’s display name.

name: pulumi.Output[str] = None

name of app.

sign_on_mode: pulumi.Output[str] = None

Sign on mode of application.

status: pulumi.Output[str] = None

Status of application.

url: pulumi.Output[str] = None

The URL of the sign-in page for this app.

users: pulumi.Output[list] = None

Users associated with the application

  • id (str) - ID of the Application.

  • password (str)

  • scope (str)

  • username (str)

static get(resource_name, id, opts=None, auth_url=None, auto_submit_toolbar=None, groups=None, hide_ios=None, hide_web=None, label=None, name=None, sign_on_mode=None, status=None, url=None, users=None)

Get an existing BasicAuth resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • auth_url (pulumi.Input[str]) – The URL of the authenticating site for this app.

  • auto_submit_toolbar (pulumi.Input[bool]) – Display auto submit toolbar

  • groups (pulumi.Input[list]) – Groups associated with the application

  • hide_ios (pulumi.Input[bool]) – Do not display application icon on mobile app

  • hide_web (pulumi.Input[bool]) – Do not display application icon to users

  • label (pulumi.Input[str]) – The Application’s display name.

  • name (pulumi.Input[str]) – name of app.

  • sign_on_mode (pulumi.Input[str]) – Sign on mode of application.

  • status (pulumi.Input[str]) – Status of application.

  • url (pulumi.Input[str]) – The URL of the sign-in page for this app.

  • users (pulumi.Input[list]) – Users associated with the application

The users object supports the following:

  • id (pulumi.Input[str]) - ID of the Application.

  • password (pulumi.Input[str])

  • scope (pulumi.Input[str])

  • username (pulumi.Input[str])

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_okta.app.Bookmark(resource_name, opts=None, auto_submit_toolbar=None, groups=None, hide_ios=None, hide_web=None, label=None, request_integration=None, status=None, url=None, users=None, __props__=None, __name__=None, __opts__=None)

Creates a Bookmark Application.

This resource allows you to create and configure a Bookmark Application.

import pulumi
import pulumi_okta as okta

example = okta.app.Bookmark("example",
    label="Example",
    url="https://example.com")
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • auto_submit_toolbar (pulumi.Input[bool]) – Display auto submit toolbar

  • groups (pulumi.Input[list]) – Groups associated with the application

  • hide_ios (pulumi.Input[bool]) – Do not display application icon on mobile app

  • hide_web (pulumi.Input[bool]) – Do not display application icon to users

  • label (pulumi.Input[str]) – The Application’s display name.

  • request_integration (pulumi.Input[bool]) – Would you like Okta to add an integration for this app?

  • status (pulumi.Input[str]) – Status of application.

  • url (pulumi.Input[str]) – The URL of the bookmark.

  • users (pulumi.Input[list]) – Users associated with the application

The users object supports the following:

  • id (pulumi.Input[str]) - ID of the Application.

  • password (pulumi.Input[str])

  • scope (pulumi.Input[str])

  • username (pulumi.Input[str])

auto_submit_toolbar: pulumi.Output[bool] = None

Display auto submit toolbar

groups: pulumi.Output[list] = None

Groups associated with the application

hide_ios: pulumi.Output[bool] = None

Do not display application icon on mobile app

hide_web: pulumi.Output[bool] = None

Do not display application icon to users

label: pulumi.Output[str] = None

The Application’s display name.

name: pulumi.Output[str] = None

name of app.

request_integration: pulumi.Output[bool] = None

Would you like Okta to add an integration for this app?

sign_on_mode: pulumi.Output[str] = None

Sign on mode of application.

status: pulumi.Output[str] = None

Status of application.

url: pulumi.Output[str] = None

The URL of the bookmark.

users: pulumi.Output[list] = None

Users associated with the application

  • id (str) - ID of the Application.

  • password (str)

  • scope (str)

  • username (str)

static get(resource_name, id, opts=None, auto_submit_toolbar=None, groups=None, hide_ios=None, hide_web=None, label=None, name=None, request_integration=None, sign_on_mode=None, status=None, url=None, users=None)

Get an existing Bookmark resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • auto_submit_toolbar (pulumi.Input[bool]) – Display auto submit toolbar

  • groups (pulumi.Input[list]) – Groups associated with the application

  • hide_ios (pulumi.Input[bool]) – Do not display application icon on mobile app

  • hide_web (pulumi.Input[bool]) – Do not display application icon to users

  • label (pulumi.Input[str]) – The Application’s display name.

  • name (pulumi.Input[str]) – name of app.

  • request_integration (pulumi.Input[bool]) – Would you like Okta to add an integration for this app?

  • sign_on_mode (pulumi.Input[str]) – Sign on mode of application.

  • status (pulumi.Input[str]) – Status of application.

  • url (pulumi.Input[str]) – The URL of the bookmark.

  • users (pulumi.Input[list]) – Users associated with the application

The users object supports the following:

  • id (pulumi.Input[str]) - ID of the Application.

  • password (pulumi.Input[str])

  • scope (pulumi.Input[str])

  • username (pulumi.Input[str])

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_okta.app.GetAppResult(active_only=None, description=None, id=None, label=None, label_prefix=None, name=None, status=None)

A collection of values returned by getApp.

description = None

description of application.

id = None

id of application.

label = None

label of application.

name = None

name of application.

status = None

status of application.

class pulumi_okta.app.GetMetadataSamlResult(app_id=None, certificate=None, entity_id=None, http_post_binding=None, http_redirect_binding=None, id=None, key_id=None, metadata=None, want_authn_requests_signed=None)

A collection of values returned by getMetadataSaml.

certificate = None

public certificate from application metadata.

entity_id = None

Entity URL for instance https://www.okta.com/saml2/service-provider/sposcfdmlybtwkdcgtuf.

http_post_binding = None

urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Post location from the SAML metadata.

http_redirect_binding = None

urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect location from the SAML metadata.

id = None

The provider-assigned unique ID for this managed resource.

metadata = None

raw metadata of application.

want_authn_requests_signed = None

Whether authn requests are signed.

class pulumi_okta.app.GetSamlResult(accessibility_error_redirect_url=None, accessibility_login_redirect_url=None, accessibility_self_service=None, active_only=None, app_settings_json=None, assertion_signed=None, attribute_statements=None, audience=None, authn_context_class_ref=None, auto_submit_toolbar=None, default_relay_state=None, description=None, destination=None, digest_algorithm=None, features=None, hide_ios=None, hide_web=None, honor_force_authn=None, id=None, idp_issuer=None, key_id=None, label=None, label_prefix=None, name=None, recipient=None, request_compressed=None, response_signed=None, signature_algorithm=None, sp_issuer=None, sso_url=None, status=None, subject_name_id_format=None, subject_name_id_template=None, user_name_template=None, user_name_template_suffix=None, user_name_template_type=None)

A collection of values returned by getSaml.

accessibility_error_redirect_url = None

Custom error page URL.

accessibility_login_redirect_url = None

Custom login page URL.

accessibility_self_service = None

Enable self service.

app_settings_json = None

Application settings in JSON format.

assertion_signed = None

Determines whether the SAML assertion is digitally signed.

attribute_statements = None

SAML Attribute statements.

audience = None

Audience restriction.

authn_context_class_ref = None

Identifies the SAML authentication context class for the assertion’s authentication statement.

auto_submit_toolbar = None

Display auto submit toolbar.

default_relay_state = None

Identifies a specific application resource in an IDP initiated SSO scenario.

description = None

description of application.

destination = None

Identifies the location where the SAML response is intended to be sent inside of the SAML assertion.

digest_algorithm = None

Determines the digest algorithm used to digitally sign the SAML assertion and response.

features = None

features enabled.

hide_ios = None

Do not display application icon on mobile app.

hide_web = None

Do not display application icon to users

honor_force_authn = None

Prompt user to re-authenticate if SP asks for it.

id = None

id of application.

idp_issuer = None

SAML issuer ID.

key_id = None

Certificate key ID.

label = None

label of application.

name = None

name of application.

recipient = None

The location where the app may present the SAML assertion.

request_compressed = None

Denotes whether the request is compressed or not.

response_signed = None

Determines whether the SAML auth response message is digitally signed.

signature_algorithm = None

Signature algorithm used ot digitally sign the assertion and response.

sp_issuer = None

SAML service provider issuer.

sso_url = None

Single Sign on Url.

status = None

status of application.

subject_name_id_format = None

Identifies the SAML processing rules.

subject_name_id_template = None

Template for app user’s username when a user is assigned to the app.

user_name_template = None

Username template.

user_name_template_suffix = None

Username template suffix.

user_name_template_type = None

Username template type.

class pulumi_okta.app.GroupAssignment(resource_name, opts=None, app_id=None, group_id=None, priority=None, profile=None, __props__=None, __name__=None, __opts__=None)

Assigns a group to an application.

This resource allows you to create an App Group assignment.

When using this resource, make sure to add the following ``lifefycle`` argument to the application resource you are assigning to:

import pulumi

import pulumi
import pulumi_okta as okta

example = okta.app.GroupAssignment("example",
    app_id="<app id>",
    group_id="<group id>",
    profile="""{
  "<app_profile_field>": "<value>"
}

""")
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • app_id (pulumi.Input[str]) – The ID of the application to assign a group to.

  • group_id (pulumi.Input[str]) – The ID of the group to assign the app to.

  • profile (pulumi.Input[str]) – JSON document containing application profile

app_id: pulumi.Output[str] = None

The ID of the application to assign a group to.

group_id: pulumi.Output[str] = None

The ID of the group to assign the app to.

profile: pulumi.Output[str] = None

JSON document containing application profile

static get(resource_name, id, opts=None, app_id=None, group_id=None, priority=None, profile=None)

Get an existing GroupAssignment resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • app_id (pulumi.Input[str]) – The ID of the application to assign a group to.

  • group_id (pulumi.Input[str]) – The ID of the group to assign the app to.

  • profile (pulumi.Input[str]) –

    JSON document containing application profile

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_okta.app.OAuth(resource_name, opts=None, auto_key_rotation=None, auto_submit_toolbar=None, client_basic_secret=None, client_uri=None, consent_method=None, custom_client_id=None, grant_types=None, groups=None, hide_ios=None, hide_web=None, issuer_mode=None, label=None, login_uri=None, logo_uri=None, omit_secret=None, policy_uri=None, post_logout_redirect_uris=None, profile=None, redirect_uris=None, response_types=None, status=None, token_endpoint_auth_method=None, tos_uri=None, type=None, users=None, __props__=None, __name__=None, __opts__=None)

Creates an OIDC Application.

This resource allows you to create and configure an OIDC Application.

import pulumi
import pulumi_okta as okta

example = okta.app.OAuth("example",
    grant_types=["authorization_code"],
    label="example",
    redirect_uris=["https://example.com/"],
    response_types=["code"],
    type="web")
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • auto_key_rotation (pulumi.Input[bool]) – Requested key rotation mode.

  • auto_submit_toolbar (pulumi.Input[bool]) – Display auto submit toolbar.

  • client_basic_secret (pulumi.Input[str]) – OAuth client secret key, this can be set when token_endpoint_auth_method is client_secret_basic.

  • client_uri (pulumi.Input[str]) – URI to a web page providing information about the client.

  • consent_method (pulumi.Input[str]) – Indicates whether user consent is required or implicit. Valid values: REQUIRED, TRUSTED. Default value is TRUSTED.

  • custom_client_id (pulumi.Input[str]) – This property allows you to set the application’s client id.

  • grant_types (pulumi.Input[list]) – List of OAuth 2.0 grant types. Conditional validation params found here https://developer.okta.com/docs/api/resources/apps#credentials-settings-details. Defaults to minimum requirements per app type.

  • groups (pulumi.Input[list]) – The groups assigned to the application. It is recommended not to use this and instead use app.GroupAssignment.

  • hide_ios (pulumi.Input[bool]) – Do not display application icon on mobile app.

  • hide_web (pulumi.Input[bool]) – Do not display application icon to users.

  • issuer_mode (pulumi.Input[str]) – Indicates whether the Okta Authorization Server uses the original Okta org domain URL or a custom domain URL as the issuer of ID token for this client.

  • label (pulumi.Input[str]) – The Application’s display name.

  • login_uri (pulumi.Input[str]) – URI that initiates login.

  • logo_uri (pulumi.Input[str]) – URI that references a logo for the client.

  • omit_secret (pulumi.Input[bool]) – This tells the provider not to persist the application’s secret to state. If this is ever changes from true => false your app will be recreated.

  • policy_uri (pulumi.Input[str]) – URI to web page providing client policy document.

  • post_logout_redirect_uris (pulumi.Input[list]) – List of URIs for redirection after logout.

  • profile (pulumi.Input[str]) – Custom JSON that represents an OAuth application’s profile.

  • redirect_uris (pulumi.Input[list]) – List of URIs for use in the redirect-based flow. This is required for all application types except service.

  • response_types (pulumi.Input[list]) – List of OAuth 2.0 response type strings.

  • status (pulumi.Input[str]) – The status of the application, by default it is "ACTIVE".

  • token_endpoint_auth_method (pulumi.Input[str]) – Requested authentication method for the token endpoint. It can be set to "none", "client_secret_post", "client_secret_basic", "client_secret_jwt".

  • tos_uri (pulumi.Input[str]) – URI to web page providing client tos (terms of service).

  • type (pulumi.Input[str]) – The type of OAuth application.

  • users (pulumi.Input[list]) – The users assigned to the application. It is recommended not to use this and instead use app.User.

The users object supports the following:

  • id (pulumi.Input[str])

  • password (pulumi.Input[str])

  • scope (pulumi.Input[str])

  • username (pulumi.Input[str])

auto_key_rotation: pulumi.Output[bool] = None

Requested key rotation mode.

auto_submit_toolbar: pulumi.Output[bool] = None

Display auto submit toolbar.

client_basic_secret: pulumi.Output[str] = None

OAuth client secret key, this can be set when token_endpoint_auth_method is client_secret_basic.

client_id: pulumi.Output[str] = None

The client ID of the application.

client_secret: pulumi.Output[str] = None

The client secret of the application.

client_uri: pulumi.Output[str] = None

URI to a web page providing information about the client.

consent_method: pulumi.Output[str] = None

Indicates whether user consent is required or implicit. Valid values: REQUIRED, TRUSTED. Default value is TRUSTED.

custom_client_id: pulumi.Output[str] = None

This property allows you to set the application’s client id.

grant_types: pulumi.Output[list] = None

List of OAuth 2.0 grant types. Conditional validation params found here https://developer.okta.com/docs/api/resources/apps#credentials-settings-details. Defaults to minimum requirements per app type.

groups: pulumi.Output[list] = None

The groups assigned to the application. It is recommended not to use this and instead use app.GroupAssignment.

hide_ios: pulumi.Output[bool] = None

Do not display application icon on mobile app.

hide_web: pulumi.Output[bool] = None

Do not display application icon to users.

issuer_mode: pulumi.Output[str] = None

Indicates whether the Okta Authorization Server uses the original Okta org domain URL or a custom domain URL as the issuer of ID token for this client.

label: pulumi.Output[str] = None

The Application’s display name.

login_uri: pulumi.Output[str] = None

URI that initiates login.

logo_uri: pulumi.Output[str] = None

URI that references a logo for the client.

name: pulumi.Output[str] = None

Name assigned to the application by Okta.

omit_secret: pulumi.Output[bool] = None

This tells the provider not to persist the application’s secret to state. If this is ever changes from true => false your app will be recreated.

policy_uri: pulumi.Output[str] = None

URI to web page providing client policy document.

post_logout_redirect_uris: pulumi.Output[list] = None

List of URIs for redirection after logout.

profile: pulumi.Output[str] = None

Custom JSON that represents an OAuth application’s profile.

redirect_uris: pulumi.Output[list] = None

List of URIs for use in the redirect-based flow. This is required for all application types except service.

response_types: pulumi.Output[list] = None

List of OAuth 2.0 response type strings.

sign_on_mode: pulumi.Output[str] = None

Sign on mode of application.

status: pulumi.Output[str] = None

The status of the application, by default it is "ACTIVE".

token_endpoint_auth_method: pulumi.Output[str] = None

Requested authentication method for the token endpoint. It can be set to "none", "client_secret_post", "client_secret_basic", "client_secret_jwt".

tos_uri: pulumi.Output[str] = None

URI to web page providing client tos (terms of service).

type: pulumi.Output[str] = None

The type of OAuth application.

users: pulumi.Output[list] = None

The users assigned to the application. It is recommended not to use this and instead use app.User.

  • id (str)

  • password (str)

  • scope (str)

  • username (str)

static get(resource_name, id, opts=None, auto_key_rotation=None, auto_submit_toolbar=None, client_basic_secret=None, client_id=None, client_secret=None, client_uri=None, consent_method=None, custom_client_id=None, grant_types=None, groups=None, hide_ios=None, hide_web=None, issuer_mode=None, label=None, login_uri=None, logo_uri=None, name=None, omit_secret=None, policy_uri=None, post_logout_redirect_uris=None, profile=None, redirect_uris=None, response_types=None, sign_on_mode=None, status=None, token_endpoint_auth_method=None, tos_uri=None, type=None, users=None)

Get an existing OAuth resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • auto_key_rotation (pulumi.Input[bool]) – Requested key rotation mode.

  • auto_submit_toolbar (pulumi.Input[bool]) – Display auto submit toolbar.

  • client_basic_secret (pulumi.Input[str]) – OAuth client secret key, this can be set when token_endpoint_auth_method is client_secret_basic.

  • client_id (pulumi.Input[str]) – The client ID of the application.

  • client_secret (pulumi.Input[str]) – The client secret of the application.

  • client_uri (pulumi.Input[str]) – URI to a web page providing information about the client.

  • consent_method (pulumi.Input[str]) – Indicates whether user consent is required or implicit. Valid values: REQUIRED, TRUSTED. Default value is TRUSTED.

  • custom_client_id (pulumi.Input[str]) – This property allows you to set the application’s client id.

  • grant_types (pulumi.Input[list]) – List of OAuth 2.0 grant types. Conditional validation params found here https://developer.okta.com/docs/api/resources/apps#credentials-settings-details. Defaults to minimum requirements per app type.

  • groups (pulumi.Input[list]) – The groups assigned to the application. It is recommended not to use this and instead use app.GroupAssignment.

  • hide_ios (pulumi.Input[bool]) – Do not display application icon on mobile app.

  • hide_web (pulumi.Input[bool]) – Do not display application icon to users.

  • issuer_mode (pulumi.Input[str]) – Indicates whether the Okta Authorization Server uses the original Okta org domain URL or a custom domain URL as the issuer of ID token for this client.

  • label (pulumi.Input[str]) – The Application’s display name.

  • login_uri (pulumi.Input[str]) – URI that initiates login.

  • logo_uri (pulumi.Input[str]) – URI that references a logo for the client.

  • name (pulumi.Input[str]) – Name assigned to the application by Okta.

  • omit_secret (pulumi.Input[bool]) – This tells the provider not to persist the application’s secret to state. If this is ever changes from true => false your app will be recreated.

  • policy_uri (pulumi.Input[str]) – URI to web page providing client policy document.

  • post_logout_redirect_uris (pulumi.Input[list]) – List of URIs for redirection after logout.

  • profile (pulumi.Input[str]) – Custom JSON that represents an OAuth application’s profile.

  • redirect_uris (pulumi.Input[list]) – List of URIs for use in the redirect-based flow. This is required for all application types except service.

  • response_types (pulumi.Input[list]) – List of OAuth 2.0 response type strings.

  • sign_on_mode (pulumi.Input[str]) – Sign on mode of application.

  • status (pulumi.Input[str]) – The status of the application, by default it is "ACTIVE".

  • token_endpoint_auth_method (pulumi.Input[str]) – Requested authentication method for the token endpoint. It can be set to "none", "client_secret_post", "client_secret_basic", "client_secret_jwt".

  • tos_uri (pulumi.Input[str]) – URI to web page providing client tos (terms of service).

  • type (pulumi.Input[str]) – The type of OAuth application.

  • users (pulumi.Input[list]) – The users assigned to the application. It is recommended not to use this and instead use app.User.

The users object supports the following:

  • id (pulumi.Input[str])

  • password (pulumi.Input[str])

  • scope (pulumi.Input[str])

  • username (pulumi.Input[str])

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_okta.app.OAuthRedirectUri(resource_name, opts=None, app_id=None, uri=None, __props__=None, __name__=None, __opts__=None)

Create a OAuthRedirectUri resource with the given unique name, props, and options. :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] uri: Redirect URI to append to Okta OIDC application.

uri: pulumi.Output[str] = None

Redirect URI to append to Okta OIDC application.

static get(resource_name, id, opts=None, app_id=None, uri=None)

Get an existing OAuthRedirectUri resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • uri (pulumi.Input[str]) – Redirect URI to append to Okta OIDC application.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_okta.app.Saml(resource_name, opts=None, accessibility_error_redirect_url=None, accessibility_login_redirect_url=None, accessibility_self_service=None, app_settings_json=None, assertion_signed=None, attribute_statements=None, audience=None, authn_context_class_ref=None, auto_submit_toolbar=None, default_relay_state=None, destination=None, digest_algorithm=None, features=None, groups=None, hide_ios=None, hide_web=None, honor_force_authn=None, idp_issuer=None, key_name=None, key_years_valid=None, label=None, preconfigured_app=None, recipient=None, request_compressed=None, response_signed=None, signature_algorithm=None, sp_issuer=None, sso_url=None, status=None, subject_name_id_format=None, subject_name_id_template=None, user_name_template=None, user_name_template_suffix=None, user_name_template_type=None, users=None, __props__=None, __name__=None, __opts__=None)

Creates an SAML Application.

This resource allows you to create and configure an SAML Application.

import pulumi
import pulumi_okta as okta

example = okta.app.Saml("example",
    attribute_statements=[{
        "filterType": "REGEX",
        "filterValue": ".*",
        "name": "groups",
        "type": "GROUP",
    }],
    audience="http://example.com/audience",
    authn_context_class_ref="urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport",
    destination="http://example.com",
    digest_algorithm="SHA256",
    honor_force_authn=False,
    label="example",
    recipient="http://example.com",
    response_signed=True,
    signature_algorithm="RSA_SHA256",
    sso_url="http://example.com",
    subject_name_id_format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
    subject_name_id_template=user["userName"])
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • accessibility_error_redirect_url (pulumi.Input[str]) – Custom error page URL.

  • accessibility_login_redirect_url (pulumi.Input[str]) – Custom login page URL.

  • accessibility_self_service (pulumi.Input[bool]) – Enable self service.

  • app_settings_json (pulumi.Input[str]) – Application settings in JSON format.

  • assertion_signed (pulumi.Input[bool]) – Determines whether the SAML assertion is digitally signed.

  • attribute_statements (pulumi.Input[list]) – List of SAML Attribute statements.

  • audience (pulumi.Input[str]) – Audience restriction.

  • authn_context_class_ref (pulumi.Input[str]) – Identifies the SAML authentication context class for the assertion’s authentication statement.

  • auto_submit_toolbar (pulumi.Input[bool]) – Display auto submit toolbar.

  • default_relay_state (pulumi.Input[str]) – Identifies a specific application resource in an IDP initiated SSO scenario.

  • destination (pulumi.Input[str]) – Identifies the location where the SAML response is intended to be sent inside of the SAML assertion.

  • digest_algorithm (pulumi.Input[str]) – Determines the digest algorithm used to digitally sign the SAML assertion and response.

  • features (pulumi.Input[list]) – features enabled.

  • groups (pulumi.Input[list]) – Groups associated with the application

  • hide_ios (pulumi.Input[bool]) – Do not display application icon on mobile app.

  • hide_web (pulumi.Input[bool]) – Do not display application icon to users

  • honor_force_authn (pulumi.Input[bool]) – Prompt user to re-authenticate if SP asks for it.

  • idp_issuer (pulumi.Input[str]) – SAML issuer ID.

  • key_name (pulumi.Input[str]) – Certificate name. This modulates the rotation of keys. New name == new key.

  • key_years_valid (pulumi.Input[float]) – Number of years the certificate is valid.

  • label (pulumi.Input[str]) – label of application.

  • preconfigured_app (pulumi.Input[str]) – name of application from the Okta Integration Network, if not included a custom app will be created.

  • recipient (pulumi.Input[str]) – The location where the app may present the SAML assertion.

  • request_compressed (pulumi.Input[bool]) – Denotes whether the request is compressed or not.

  • response_signed (pulumi.Input[bool]) – Determines whether the SAML auth response message is digitally signed.

  • signature_algorithm (pulumi.Input[str]) – Signature algorithm used ot digitally sign the assertion and response.

  • sp_issuer (pulumi.Input[str]) – SAML service provider issuer.

  • sso_url (pulumi.Input[str]) – Single Sign on Url.

  • status (pulumi.Input[str]) – status of application.

  • subject_name_id_format (pulumi.Input[str]) – Identifies the SAML processing rules.

  • subject_name_id_template (pulumi.Input[str]) – Template for app user’s username when a user is assigned to the app.

  • user_name_template (pulumi.Input[str]) – Username template.

  • user_name_template_suffix (pulumi.Input[str]) – Username template suffix.

  • user_name_template_type (pulumi.Input[str]) – Username template type.

  • users (pulumi.Input[list]) – Users associated with the application

The attribute_statements object supports the following:

  • filterType (pulumi.Input[str]) - Type of group attribute filter.

  • filterValue (pulumi.Input[str]) - Filter value to use.

  • name (pulumi.Input[str]) - The name of the attribute statement.

  • namespace (pulumi.Input[str]) - The attribute namespace. It can be set to "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified", "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", or "urn:oasis:names:tc:SAML:2.0:attrname-format:basic".

  • type (pulumi.Input[str]) - The type of attribute statement value. Can be "EXPRESSION" or "GROUP".

  • values (pulumi.Input[list]) - Array of values to use.

The users object supports the following:

  • id (pulumi.Input[str]) - id of application.

  • password (pulumi.Input[str])

  • scope (pulumi.Input[str])

  • username (pulumi.Input[str])

accessibility_error_redirect_url: pulumi.Output[str] = None

Custom error page URL.

accessibility_login_redirect_url: pulumi.Output[str] = None

Custom login page URL.

accessibility_self_service: pulumi.Output[bool] = None

Enable self service.

app_settings_json: pulumi.Output[str] = None

Application settings in JSON format.

assertion_signed: pulumi.Output[bool] = None

Determines whether the SAML assertion is digitally signed.

attribute_statements: pulumi.Output[list] = None

List of SAML Attribute statements.

  • filterType (str) - Type of group attribute filter.

  • filterValue (str) - Filter value to use.

  • name (str) - The name of the attribute statement.

  • namespace (str) - The attribute namespace. It can be set to "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified", "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", or "urn:oasis:names:tc:SAML:2.0:attrname-format:basic".

  • type (str) - The type of attribute statement value. Can be "EXPRESSION" or "GROUP".

  • values (list) - Array of values to use.

audience: pulumi.Output[str] = None

Audience restriction.

authn_context_class_ref: pulumi.Output[str] = None

Identifies the SAML authentication context class for the assertion’s authentication statement.

auto_submit_toolbar: pulumi.Output[bool] = None

Display auto submit toolbar.

certificate: pulumi.Output[str] = None

The raw signing certificate.

default_relay_state: pulumi.Output[str] = None

Identifies a specific application resource in an IDP initiated SSO scenario.

destination: pulumi.Output[str] = None

Identifies the location where the SAML response is intended to be sent inside of the SAML assertion.

digest_algorithm: pulumi.Output[str] = None

Determines the digest algorithm used to digitally sign the SAML assertion and response.

entity_key: pulumi.Output[str] = None

Entity ID, the ID portion of the entity_url.

entity_url: pulumi.Output[str] = None

Entity URL for instance http://www.okta.com/exk1fcia6d6EMsf331d8.

features: pulumi.Output[list] = None

features enabled.

groups: pulumi.Output[list] = None

Groups associated with the application

hide_ios: pulumi.Output[bool] = None

Do not display application icon on mobile app.

hide_web: pulumi.Output[bool] = None

Do not display application icon to users

honor_force_authn: pulumi.Output[bool] = None

Prompt user to re-authenticate if SP asks for it.

http_post_binding: pulumi.Output[str] = None

urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Post location from the SAML metadata.

http_redirect_binding: pulumi.Output[str] = None

urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect location from the SAML metadata.

idp_issuer: pulumi.Output[str] = None

SAML issuer ID.

key_id: pulumi.Output[str] = None

Certificate key ID.

key_name: pulumi.Output[str] = None

Certificate name. This modulates the rotation of keys. New name == new key.

key_years_valid: pulumi.Output[float] = None

Number of years the certificate is valid.

label: pulumi.Output[str] = None

label of application.

metadata: pulumi.Output[str] = None

The raw SAML metadata in XML.

name: pulumi.Output[str] = None

The name of the attribute statement.

preconfigured_app: pulumi.Output[str] = None

name of application from the Okta Integration Network, if not included a custom app will be created.

recipient: pulumi.Output[str] = None

The location where the app may present the SAML assertion.

request_compressed: pulumi.Output[bool] = None

Denotes whether the request is compressed or not.

response_signed: pulumi.Output[bool] = None

Determines whether the SAML auth response message is digitally signed.

sign_on_mode: pulumi.Output[str] = None

Sign on mode of application.

signature_algorithm: pulumi.Output[str] = None

Signature algorithm used ot digitally sign the assertion and response.

sp_issuer: pulumi.Output[str] = None

SAML service provider issuer.

sso_url: pulumi.Output[str] = None

Single Sign on Url.

status: pulumi.Output[str] = None

status of application.

subject_name_id_format: pulumi.Output[str] = None

Identifies the SAML processing rules.

subject_name_id_template: pulumi.Output[str] = None

Template for app user’s username when a user is assigned to the app.

user_name_template: pulumi.Output[str] = None

Username template.

user_name_template_suffix: pulumi.Output[str] = None

Username template suffix.

user_name_template_type: pulumi.Output[str] = None

Username template type.

users: pulumi.Output[list] = None

Users associated with the application

  • id (str) - id of application.

  • password (str)

  • scope (str)

  • username (str)

static get(resource_name, id, opts=None, accessibility_error_redirect_url=None, accessibility_login_redirect_url=None, accessibility_self_service=None, app_settings_json=None, assertion_signed=None, attribute_statements=None, audience=None, authn_context_class_ref=None, auto_submit_toolbar=None, certificate=None, default_relay_state=None, destination=None, digest_algorithm=None, entity_key=None, entity_url=None, features=None, groups=None, hide_ios=None, hide_web=None, honor_force_authn=None, http_post_binding=None, http_redirect_binding=None, idp_issuer=None, key_id=None, key_name=None, key_years_valid=None, label=None, metadata=None, name=None, preconfigured_app=None, recipient=None, request_compressed=None, response_signed=None, sign_on_mode=None, signature_algorithm=None, sp_issuer=None, sso_url=None, status=None, subject_name_id_format=None, subject_name_id_template=None, user_name_template=None, user_name_template_suffix=None, user_name_template_type=None, users=None)

Get an existing Saml resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • accessibility_error_redirect_url (pulumi.Input[str]) – Custom error page URL.

  • accessibility_login_redirect_url (pulumi.Input[str]) – Custom login page URL.

  • accessibility_self_service (pulumi.Input[bool]) – Enable self service.

  • app_settings_json (pulumi.Input[str]) – Application settings in JSON format.

  • assertion_signed (pulumi.Input[bool]) – Determines whether the SAML assertion is digitally signed.

  • attribute_statements (pulumi.Input[list]) – List of SAML Attribute statements.

  • audience (pulumi.Input[str]) – Audience restriction.

  • authn_context_class_ref (pulumi.Input[str]) – Identifies the SAML authentication context class for the assertion’s authentication statement.

  • auto_submit_toolbar (pulumi.Input[bool]) – Display auto submit toolbar.

  • certificate (pulumi.Input[str]) – The raw signing certificate.

  • default_relay_state (pulumi.Input[str]) – Identifies a specific application resource in an IDP initiated SSO scenario.

  • destination (pulumi.Input[str]) – Identifies the location where the SAML response is intended to be sent inside of the SAML assertion.

  • digest_algorithm (pulumi.Input[str]) – Determines the digest algorithm used to digitally sign the SAML assertion and response.

  • entity_key (pulumi.Input[str]) – Entity ID, the ID portion of the entity_url.

  • entity_url (pulumi.Input[str]) – Entity URL for instance http://www.okta.com/exk1fcia6d6EMsf331d8.

  • features (pulumi.Input[list]) – features enabled.

  • groups (pulumi.Input[list]) – Groups associated with the application

  • hide_ios (pulumi.Input[bool]) – Do not display application icon on mobile app.

  • hide_web (pulumi.Input[bool]) – Do not display application icon to users

  • honor_force_authn (pulumi.Input[bool]) – Prompt user to re-authenticate if SP asks for it.

  • http_post_binding (pulumi.Input[str]) – urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Post location from the SAML metadata.

  • http_redirect_binding (pulumi.Input[str]) – urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect location from the SAML metadata.

  • idp_issuer (pulumi.Input[str]) – SAML issuer ID.

  • key_id (pulumi.Input[str]) – Certificate key ID.

  • key_name (pulumi.Input[str]) – Certificate name. This modulates the rotation of keys. New name == new key.

  • key_years_valid (pulumi.Input[float]) – Number of years the certificate is valid.

  • label (pulumi.Input[str]) – label of application.

  • metadata (pulumi.Input[str]) – The raw SAML metadata in XML.

  • name (pulumi.Input[str]) – The name of the attribute statement.

  • preconfigured_app (pulumi.Input[str]) – name of application from the Okta Integration Network, if not included a custom app will be created.

  • recipient (pulumi.Input[str]) – The location where the app may present the SAML assertion.

  • request_compressed (pulumi.Input[bool]) – Denotes whether the request is compressed or not.

  • response_signed (pulumi.Input[bool]) – Determines whether the SAML auth response message is digitally signed.

  • sign_on_mode (pulumi.Input[str]) – Sign on mode of application.

  • signature_algorithm (pulumi.Input[str]) – Signature algorithm used ot digitally sign the assertion and response.

  • sp_issuer (pulumi.Input[str]) – SAML service provider issuer.

  • sso_url (pulumi.Input[str]) – Single Sign on Url.

  • status (pulumi.Input[str]) – status of application.

  • subject_name_id_format (pulumi.Input[str]) – Identifies the SAML processing rules.

  • subject_name_id_template (pulumi.Input[str]) – Template for app user’s username when a user is assigned to the app.

  • user_name_template (pulumi.Input[str]) – Username template.

  • user_name_template_suffix (pulumi.Input[str]) – Username template suffix.

  • user_name_template_type (pulumi.Input[str]) – Username template type.

  • users (pulumi.Input[list]) – Users associated with the application

The attribute_statements object supports the following:

  • filterType (pulumi.Input[str]) - Type of group attribute filter.

  • filterValue (pulumi.Input[str]) - Filter value to use.

  • name (pulumi.Input[str]) - The name of the attribute statement.

  • namespace (pulumi.Input[str]) - The attribute namespace. It can be set to "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified", "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", or "urn:oasis:names:tc:SAML:2.0:attrname-format:basic".

  • type (pulumi.Input[str]) - The type of attribute statement value. Can be "EXPRESSION" or "GROUP".

  • values (pulumi.Input[list]) - Array of values to use.

The users object supports the following:

  • id (pulumi.Input[str]) - id of application.

  • password (pulumi.Input[str])

  • scope (pulumi.Input[str])

  • username (pulumi.Input[str])

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_okta.app.SecurePasswordStore(resource_name, opts=None, accessibility_error_redirect_url=None, accessibility_self_service=None, auto_submit_toolbar=None, credentials_scheme=None, groups=None, hide_ios=None, hide_web=None, label=None, optional_field1=None, optional_field1_value=None, optional_field2=None, optional_field2_value=None, optional_field3=None, optional_field3_value=None, password_field=None, reveal_password=None, shared_password=None, shared_username=None, status=None, url=None, username_field=None, users=None, __props__=None, __name__=None, __opts__=None)

Creates a Secure Password Store Application.

This resource allows you to create and configure a Secure Password Store Application.

import pulumi
import pulumi_okta as okta

example = okta.app.SecurePasswordStore("example",
    credentials_scheme="ADMIN_SETS_CREDENTIALS",
    label="example",
    password_field="pass",
    url="http://test.com",
    username_field="user")
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • accessibility_error_redirect_url (pulumi.Input[str]) – Custom error page URL.

  • accessibility_self_service (pulumi.Input[bool]) – Enable self service. By default it is false.

  • auto_submit_toolbar (pulumi.Input[bool]) – Display auto submit toolbar.

  • credentials_scheme (pulumi.Input[str]) – Application credentials scheme. Can be set to "EDIT_USERNAME_AND_PASSWORD", "ADMIN_SETS_CREDENTIALS", "EDIT_PASSWORD_ONLY", "EXTERNAL_PASSWORD_SYNC", or "SHARED_USERNAME_AND_PASSWORD".

  • groups (pulumi.Input[list]) – Groups associated with the application. See app.GroupAssignment for a more flexible approach.

  • hide_ios (pulumi.Input[bool]) – Do not display application icon on mobile app.

  • hide_web (pulumi.Input[bool]) – Do not display application icon to users.

  • label (pulumi.Input[str]) – The display name of the Application.

  • optional_field1 (pulumi.Input[str]) – Name of optional param in the login form.

  • optional_field1_value (pulumi.Input[str]) – Name of optional value in the login form.

  • optional_field2 (pulumi.Input[str]) – Name of optional param in the login form.

  • optional_field2_value (pulumi.Input[str]) – Name of optional value in the login form.

  • optional_field3 (pulumi.Input[str]) – Name of optional param in the login form.

  • optional_field3_value (pulumi.Input[str]) – Name of optional value in the login form.

  • password_field (pulumi.Input[str]) – Login password field.

  • reveal_password (pulumi.Input[bool]) – Allow user to reveal password.

  • shared_password (pulumi.Input[str]) – Shared password, required for certain schemes.

  • shared_username (pulumi.Input[str]) – Shared username, required for certain schemes.

  • status (pulumi.Input[str]) – Status of application. By default it is "ACTIVE".

  • url (pulumi.Input[str]) – Login URL.

  • username_field (pulumi.Input[str]) – Login username field.

  • users (pulumi.Input[list]) – The users assigned to the application. See app.User for a more flexible approach.

The users object supports the following:

  • id (pulumi.Input[str])

  • password (pulumi.Input[str])

  • scope (pulumi.Input[str])

  • username (pulumi.Input[str])

accessibility_error_redirect_url: pulumi.Output[str] = None

Custom error page URL.

accessibility_self_service: pulumi.Output[bool] = None

Enable self service. By default it is false.

auto_submit_toolbar: pulumi.Output[bool] = None

Display auto submit toolbar.

credentials_scheme: pulumi.Output[str] = None

Application credentials scheme. Can be set to "EDIT_USERNAME_AND_PASSWORD", "ADMIN_SETS_CREDENTIALS", "EDIT_PASSWORD_ONLY", "EXTERNAL_PASSWORD_SYNC", or "SHARED_USERNAME_AND_PASSWORD".

groups: pulumi.Output[list] = None

Groups associated with the application. See app.GroupAssignment for a more flexible approach.

hide_ios: pulumi.Output[bool] = None

Do not display application icon on mobile app.

hide_web: pulumi.Output[bool] = None

Do not display application icon to users.

label: pulumi.Output[str] = None

The display name of the Application.

name: pulumi.Output[str] = None

Name assigned to the application by Okta.

optional_field1: pulumi.Output[str] = None

Name of optional param in the login form.

optional_field1_value: pulumi.Output[str] = None

Name of optional value in the login form.

optional_field2: pulumi.Output[str] = None

Name of optional param in the login form.

optional_field2_value: pulumi.Output[str] = None

Name of optional value in the login form.

optional_field3: pulumi.Output[str] = None

Name of optional param in the login form.

optional_field3_value: pulumi.Output[str] = None

Name of optional value in the login form.

password_field: pulumi.Output[str] = None

Login password field.

reveal_password: pulumi.Output[bool] = None

Allow user to reveal password.

shared_password: pulumi.Output[str] = None

Shared password, required for certain schemes.

shared_username: pulumi.Output[str] = None

Shared username, required for certain schemes.

sign_on_mode: pulumi.Output[str] = None

Sign on mode of application.

status: pulumi.Output[str] = None

Status of application. By default it is "ACTIVE".

url: pulumi.Output[str] = None

Login URL.

user_name_template: pulumi.Output[str] = None

The default username assigned to each user.

user_name_template_type: pulumi.Output[str] = None

The Username template type.

username_field: pulumi.Output[str] = None

Login username field.

users: pulumi.Output[list] = None

The users assigned to the application. See app.User for a more flexible approach.

  • id (str)

  • password (str)

  • scope (str)

  • username (str)

static get(resource_name, id, opts=None, accessibility_error_redirect_url=None, accessibility_self_service=None, auto_submit_toolbar=None, credentials_scheme=None, groups=None, hide_ios=None, hide_web=None, label=None, name=None, optional_field1=None, optional_field1_value=None, optional_field2=None, optional_field2_value=None, optional_field3=None, optional_field3_value=None, password_field=None, reveal_password=None, shared_password=None, shared_username=None, sign_on_mode=None, status=None, url=None, user_name_template=None, user_name_template_type=None, username_field=None, users=None)

Get an existing SecurePasswordStore resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • accessibility_error_redirect_url (pulumi.Input[str]) – Custom error page URL.

  • accessibility_self_service (pulumi.Input[bool]) – Enable self service. By default it is false.

  • auto_submit_toolbar (pulumi.Input[bool]) – Display auto submit toolbar.

  • credentials_scheme (pulumi.Input[str]) – Application credentials scheme. Can be set to "EDIT_USERNAME_AND_PASSWORD", "ADMIN_SETS_CREDENTIALS", "EDIT_PASSWORD_ONLY", "EXTERNAL_PASSWORD_SYNC", or "SHARED_USERNAME_AND_PASSWORD".

  • groups (pulumi.Input[list]) – Groups associated with the application. See app.GroupAssignment for a more flexible approach.

  • hide_ios (pulumi.Input[bool]) – Do not display application icon on mobile app.

  • hide_web (pulumi.Input[bool]) – Do not display application icon to users.

  • label (pulumi.Input[str]) – The display name of the Application.

  • name (pulumi.Input[str]) – Name assigned to the application by Okta.

  • optional_field1 (pulumi.Input[str]) – Name of optional param in the login form.

  • optional_field1_value (pulumi.Input[str]) – Name of optional value in the login form.

  • optional_field2 (pulumi.Input[str]) – Name of optional param in the login form.

  • optional_field2_value (pulumi.Input[str]) – Name of optional value in the login form.

  • optional_field3 (pulumi.Input[str]) – Name of optional param in the login form.

  • optional_field3_value (pulumi.Input[str]) – Name of optional value in the login form.

  • password_field (pulumi.Input[str]) – Login password field.

  • reveal_password (pulumi.Input[bool]) – Allow user to reveal password.

  • shared_password (pulumi.Input[str]) – Shared password, required for certain schemes.

  • shared_username (pulumi.Input[str]) – Shared username, required for certain schemes.

  • sign_on_mode (pulumi.Input[str]) – Sign on mode of application.

  • status (pulumi.Input[str]) – Status of application. By default it is "ACTIVE".

  • url (pulumi.Input[str]) – Login URL.

  • user_name_template (pulumi.Input[str]) – The default username assigned to each user.

  • user_name_template_type (pulumi.Input[str]) – The Username template type.

  • username_field (pulumi.Input[str]) – Login username field.

  • users (pulumi.Input[list]) – The users assigned to the application. See app.User for a more flexible approach.

The users object supports the following:

  • id (pulumi.Input[str])

  • password (pulumi.Input[str])

  • scope (pulumi.Input[str])

  • username (pulumi.Input[str])

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_okta.app.Swa(resource_name, opts=None, accessibility_error_redirect_url=None, accessibility_self_service=None, auto_submit_toolbar=None, button_field=None, groups=None, hide_ios=None, hide_web=None, label=None, password_field=None, preconfigured_app=None, status=None, url=None, url_regex=None, username_field=None, users=None, __props__=None, __name__=None, __opts__=None)

Creates an SWA Application.

This resource allows you to create and configure an SWA Application.

import pulumi
import pulumi_okta as okta

example = okta.app.Swa("example",
    button_field="btn-login",
    label="example",
    password_field="txtbox-password",
    url="https://example.com/login.html",
    username_field="txtbox-username")
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • accessibility_error_redirect_url (pulumi.Input[str]) – Custom error page URL.

  • accessibility_self_service (pulumi.Input[bool]) – Enable self service. By default it is false.

  • auto_submit_toolbar (pulumi.Input[bool]) – Display auto submit toolbar.

  • button_field (pulumi.Input[str]) – Login button field.

  • groups (pulumi.Input[list]) – Groups associated with the application. See app.GroupAssignment for a more flexible approach.

  • hide_ios (pulumi.Input[bool]) – Do not display application icon on mobile app.

  • hide_web (pulumi.Input[bool]) – Do not display application icon to users.

  • label (pulumi.Input[str]) – The display name of the Application.

  • password_field (pulumi.Input[str]) – Login password field.

  • preconfigured_app (pulumi.Input[str]) – name of application from the Okta Integration Network, if not included a custom app will be created.

  • status (pulumi.Input[str]) – Status of application. By default it is "ACTIVE".

  • url (pulumi.Input[str]) – Login URL.

  • url_regex (pulumi.Input[str]) – A regex that further restricts URL to the specified regex.

  • username_field (pulumi.Input[str]) – Login username field.

  • users (pulumi.Input[list]) – The users assigned to the application. See app.User for a more flexible approach.

The users object supports the following:

  • id (pulumi.Input[str])

  • password (pulumi.Input[str])

  • scope (pulumi.Input[str])

  • username (pulumi.Input[str])

accessibility_error_redirect_url: pulumi.Output[str] = None

Custom error page URL.

accessibility_self_service: pulumi.Output[bool] = None

Enable self service. By default it is false.

auto_submit_toolbar: pulumi.Output[bool] = None

Display auto submit toolbar.

button_field: pulumi.Output[str] = None

Login button field.

groups: pulumi.Output[list] = None

Groups associated with the application. See app.GroupAssignment for a more flexible approach.

hide_ios: pulumi.Output[bool] = None

Do not display application icon on mobile app.

hide_web: pulumi.Output[bool] = None

Do not display application icon to users.

label: pulumi.Output[str] = None

The display name of the Application.

name: pulumi.Output[str] = None

Name assigned to the application by Okta.

password_field: pulumi.Output[str] = None

Login password field.

preconfigured_app: pulumi.Output[str] = None

name of application from the Okta Integration Network, if not included a custom app will be created.

sign_on_mode: pulumi.Output[str] = None

Sign on mode of application.

status: pulumi.Output[str] = None

Status of application. By default it is "ACTIVE".

url: pulumi.Output[str] = None

Login URL.

url_regex: pulumi.Output[str] = None

A regex that further restricts URL to the specified regex.

user_name_template: pulumi.Output[str] = None

The default username assigned to each user.

user_name_template_type: pulumi.Output[str] = None

The Username template type.

username_field: pulumi.Output[str] = None

Login username field.

users: pulumi.Output[list] = None

The users assigned to the application. See app.User for a more flexible approach.

  • id (str)

  • password (str)

  • scope (str)

  • username (str)

static get(resource_name, id, opts=None, accessibility_error_redirect_url=None, accessibility_self_service=None, auto_submit_toolbar=None, button_field=None, groups=None, hide_ios=None, hide_web=None, label=None, name=None, password_field=None, preconfigured_app=None, sign_on_mode=None, status=None, url=None, url_regex=None, user_name_template=None, user_name_template_type=None, username_field=None, users=None)

Get an existing Swa resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • accessibility_error_redirect_url (pulumi.Input[str]) – Custom error page URL.

  • accessibility_self_service (pulumi.Input[bool]) – Enable self service. By default it is false.

  • auto_submit_toolbar (pulumi.Input[bool]) – Display auto submit toolbar.

  • button_field (pulumi.Input[str]) – Login button field.

  • groups (pulumi.Input[list]) – Groups associated with the application. See app.GroupAssignment for a more flexible approach.

  • hide_ios (pulumi.Input[bool]) – Do not display application icon on mobile app.

  • hide_web (pulumi.Input[bool]) – Do not display application icon to users.

  • label (pulumi.Input[str]) – The display name of the Application.

  • name (pulumi.Input[str]) – Name assigned to the application by Okta.

  • password_field (pulumi.Input[str]) – Login password field.

  • preconfigured_app (pulumi.Input[str]) – name of application from the Okta Integration Network, if not included a custom app will be created.

  • sign_on_mode (pulumi.Input[str]) – Sign on mode of application.

  • status (pulumi.Input[str]) – Status of application. By default it is "ACTIVE".

  • url (pulumi.Input[str]) – Login URL.

  • url_regex (pulumi.Input[str]) – A regex that further restricts URL to the specified regex.

  • user_name_template (pulumi.Input[str]) – The default username assigned to each user.

  • user_name_template_type (pulumi.Input[str]) – The Username template type.

  • username_field (pulumi.Input[str]) – Login username field.

  • users (pulumi.Input[list]) – The users assigned to the application. See app.User for a more flexible approach.

The users object supports the following:

  • id (pulumi.Input[str])

  • password (pulumi.Input[str])

  • scope (pulumi.Input[str])

  • username (pulumi.Input[str])

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_okta.app.ThreeField(resource_name, opts=None, accessibility_error_redirect_url=None, accessibility_self_service=None, auto_submit_toolbar=None, button_selector=None, extra_field_selector=None, extra_field_value=None, groups=None, hide_ios=None, hide_web=None, label=None, password_selector=None, status=None, url=None, url_regex=None, username_selector=None, users=None, __props__=None, __name__=None, __opts__=None)

Creates an Three Field Application.

This resource allows you to create and configure an Three Field Application.

import pulumi
import pulumi_okta as okta

example = okta.app.ThreeField("example",
    credentials_scheme="EDIT_USERNAME_AND_PASSWORD",
    label="Example App",
    reveal_password=True,
    sign_on_redirect_url="https://example.com",
    sign_on_url="https://example.com/login.html")
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • accessibility_error_redirect_url (pulumi.Input[str]) – Custom error page URL.

  • accessibility_self_service (pulumi.Input[bool]) – Enable self service. By default it is false.

  • auto_submit_toolbar (pulumi.Input[bool]) – Display auto submit toolbar.

  • button_selector (pulumi.Input[str]) – Login button field CSS selector.

  • extra_field_selector (pulumi.Input[str]) – Extra field CSS selector.

  • extra_field_value (pulumi.Input[str]) – Value for extra form field.

  • groups (pulumi.Input[list]) – Groups associated with the application. See app.GroupAssignment for a more flexible approach.

  • hide_ios (pulumi.Input[bool]) – Do not display application icon on mobile app.

  • hide_web (pulumi.Input[bool]) – Do not display application icon to users.

  • label (pulumi.Input[str]) – The display name of the Application.

  • password_selector (pulumi.Input[str]) – Login password field CSS selector.

  • status (pulumi.Input[str]) – Status of application. By default it is "ACTIVE".

  • url (pulumi.Input[str]) – Login URL.

  • url_regex (pulumi.Input[str]) – A regex that further restricts URL to the specified regex.

  • username_selector (pulumi.Input[str]) – Login username field CSS selector.

  • users (pulumi.Input[list]) – The users assigned to the application. See app.User for a more flexible approach.

The users object supports the following:

  • id (pulumi.Input[str])

  • password (pulumi.Input[str])

  • scope (pulumi.Input[str])

  • username (pulumi.Input[str])

accessibility_error_redirect_url: pulumi.Output[str] = None

Custom error page URL.

accessibility_self_service: pulumi.Output[bool] = None

Enable self service. By default it is false.

auto_submit_toolbar: pulumi.Output[bool] = None

Display auto submit toolbar.

button_selector: pulumi.Output[str] = None

Login button field CSS selector.

extra_field_selector: pulumi.Output[str] = None

Extra field CSS selector.

extra_field_value: pulumi.Output[str] = None

Value for extra form field.

groups: pulumi.Output[list] = None

Groups associated with the application. See app.GroupAssignment for a more flexible approach.

hide_ios: pulumi.Output[bool] = None

Do not display application icon on mobile app.

hide_web: pulumi.Output[bool] = None

Do not display application icon to users.

label: pulumi.Output[str] = None

The display name of the Application.

name: pulumi.Output[str] = None

Name assigned to the application by Okta.

password_selector: pulumi.Output[str] = None

Login password field CSS selector.

sign_on_mode: pulumi.Output[str] = None

Sign on mode of application.

status: pulumi.Output[str] = None

Status of application. By default it is "ACTIVE".

url: pulumi.Output[str] = None

Login URL.

url_regex: pulumi.Output[str] = None

A regex that further restricts URL to the specified regex.

user_name_template: pulumi.Output[str] = None

The default username assigned to each user.

user_name_template_type: pulumi.Output[str] = None

The Username template type.

username_selector: pulumi.Output[str] = None

Login username field CSS selector.

users: pulumi.Output[list] = None

The users assigned to the application. See app.User for a more flexible approach.

  • id (str)

  • password (str)

  • scope (str)

  • username (str)

static get(resource_name, id, opts=None, accessibility_error_redirect_url=None, accessibility_self_service=None, auto_submit_toolbar=None, button_selector=None, extra_field_selector=None, extra_field_value=None, groups=None, hide_ios=None, hide_web=None, label=None, name=None, password_selector=None, sign_on_mode=None, status=None, url=None, url_regex=None, user_name_template=None, user_name_template_type=None, username_selector=None, users=None)

Get an existing ThreeField resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • accessibility_error_redirect_url (pulumi.Input[str]) – Custom error page URL.

  • accessibility_self_service (pulumi.Input[bool]) – Enable self service. By default it is false.

  • auto_submit_toolbar (pulumi.Input[bool]) – Display auto submit toolbar.

  • button_selector (pulumi.Input[str]) – Login button field CSS selector.

  • extra_field_selector (pulumi.Input[str]) – Extra field CSS selector.

  • extra_field_value (pulumi.Input[str]) – Value for extra form field.

  • groups (pulumi.Input[list]) – Groups associated with the application. See app.GroupAssignment for a more flexible approach.

  • hide_ios (pulumi.Input[bool]) – Do not display application icon on mobile app.

  • hide_web (pulumi.Input[bool]) – Do not display application icon to users.

  • label (pulumi.Input[str]) – The display name of the Application.

  • name (pulumi.Input[str]) – Name assigned to the application by Okta.

  • password_selector (pulumi.Input[str]) – Login password field CSS selector.

  • sign_on_mode (pulumi.Input[str]) – Sign on mode of application.

  • status (pulumi.Input[str]) – Status of application. By default it is "ACTIVE".

  • url (pulumi.Input[str]) – Login URL.

  • url_regex (pulumi.Input[str]) – A regex that further restricts URL to the specified regex.

  • user_name_template (pulumi.Input[str]) – The default username assigned to each user.

  • user_name_template_type (pulumi.Input[str]) – The Username template type.

  • username_selector (pulumi.Input[str]) – Login username field CSS selector.

  • users (pulumi.Input[list]) – The users assigned to the application. See app.User for a more flexible approach.

The users object supports the following:

  • id (pulumi.Input[str])

  • password (pulumi.Input[str])

  • scope (pulumi.Input[str])

  • username (pulumi.Input[str])

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_okta.app.User(resource_name, opts=None, app_id=None, password=None, profile=None, user_id=None, username=None, __props__=None, __name__=None, __opts__=None)

Creates an Application User.

This resource allows you to create and configure an Application User.

When using this resource, make sure to add the following ``lifefycle`` argument to the application resource you are assigning to:

import pulumi

import pulumi
import pulumi_okta as okta

example = okta.app.User("example",
    app_id="<app_id>",
    user_id="<user id>",
    username="example")
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • app_id (pulumi.Input[str]) – App to associate user with.

  • password (pulumi.Input[str]) – The password to use.

  • profile (pulumi.Input[str]) – The JSON profile of the App User.

  • user_id (pulumi.Input[str]) – User to associate the application with.

  • username (pulumi.Input[str]) – The username to use for the app user.

app_id: pulumi.Output[str] = None

App to associate user with.

password: pulumi.Output[str] = None

The password to use.

profile: pulumi.Output[str] = None

The JSON profile of the App User.

user_id: pulumi.Output[str] = None

User to associate the application with.

username: pulumi.Output[str] = None

The username to use for the app user.

static get(resource_name, id, opts=None, app_id=None, password=None, profile=None, user_id=None, username=None)

Get an existing User resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • app_id (pulumi.Input[str]) – App to associate user with.

  • password (pulumi.Input[str]) – The password to use.

  • profile (pulumi.Input[str]) – The JSON profile of the App User.

  • user_id (pulumi.Input[str]) – User to associate the application with.

  • username (pulumi.Input[str]) – The username to use for the app user.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_okta.app.UserBaseSchema(resource_name, opts=None, app_id=None, index=None, master=None, permissions=None, required=None, title=None, type=None, __props__=None, __name__=None, __opts__=None)

Manages an Application User Base Schema property.

This resource allows you to configure a base app user schema property.

import pulumi
import pulumi_okta as okta

example = okta.app.UserBaseSchema("example",
    app_id="<app id>",
    index="customPropertyName",
    master="OKTA",
    title="customPropertyName",
    type="string")
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • app_id (pulumi.Input[str]) – The Application’s ID the user schema property should be assigned to.

  • index (pulumi.Input[str]) – The property name.

  • master (pulumi.Input[str]) – Master priority for the user schema property. It can be set to "PROFILE_MASTER" or "OKTA".

  • permissions (pulumi.Input[str]) – Access control permissions for the property. It can be set to "READ_WRITE", "READ_ONLY", "HIDE".

  • required (pulumi.Input[bool]) – Whether the property is required for this application’s users.

  • title (pulumi.Input[str]) – The property display name.

  • type (pulumi.Input[str]) – The type of the schema property. It can be "string", "boolean", "number", "integer", "array", or "object".

app_id: pulumi.Output[str] = None

The Application’s ID the user schema property should be assigned to.

index: pulumi.Output[str] = None

The property name.

master: pulumi.Output[str] = None

Master priority for the user schema property. It can be set to "PROFILE_MASTER" or "OKTA".

permissions: pulumi.Output[str] = None

Access control permissions for the property. It can be set to "READ_WRITE", "READ_ONLY", "HIDE".

required: pulumi.Output[bool] = None

Whether the property is required for this application’s users.

title: pulumi.Output[str] = None

The property display name.

type: pulumi.Output[str] = None

The type of the schema property. It can be "string", "boolean", "number", "integer", "array", or "object".

static get(resource_name, id, opts=None, app_id=None, index=None, master=None, permissions=None, required=None, title=None, type=None)

Get an existing UserBaseSchema resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • app_id (pulumi.Input[str]) – The Application’s ID the user schema property should be assigned to.

  • index (pulumi.Input[str]) – The property name.

  • master (pulumi.Input[str]) – Master priority for the user schema property. It can be set to "PROFILE_MASTER" or "OKTA".

  • permissions (pulumi.Input[str]) – Access control permissions for the property. It can be set to "READ_WRITE", "READ_ONLY", "HIDE".

  • required (pulumi.Input[bool]) – Whether the property is required for this application’s users.

  • title (pulumi.Input[str]) – The property display name.

  • type (pulumi.Input[str]) – The type of the schema property. It can be "string", "boolean", "number", "integer", "array", or "object".

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_okta.app.UserSchema(resource_name, opts=None, app_id=None, array_enums=None, array_one_ofs=None, array_type=None, description=None, enums=None, external_name=None, index=None, master=None, max_length=None, min_length=None, one_ofs=None, permissions=None, required=None, scope=None, title=None, type=None, __props__=None, __name__=None, __opts__=None)

Creates an Application User Schema property.

This resource allows you to create and configure a custom user schema property and associate it with an application.

import pulumi
import pulumi_okta as okta

example = okta.app.UserSchema("example",
    app_id="<app id>",
    description="My custom property name",
    index="customPropertyName",
    master="OKTA",
    scope="SELF",
    title="customPropertyName",
    type="string")
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • app_id (pulumi.Input[str]) – The Application’s ID the user custom schema property should be assigned to.

  • array_enums (pulumi.Input[list]) – Array of values that an array property’s items can be set to.

  • array_one_ofs (pulumi.Input[list]) – Display name and value an enum array can be set to.

  • array_type (pulumi.Input[str]) – The type of the array elements if type is set to "array".

  • description (pulumi.Input[str]) – The description of the user schema property.

  • enums (pulumi.Input[list]) – Array of values a primitive property can be set to. See array_enum for arrays.

  • external_name (pulumi.Input[str]) – External name of the user schema property.

  • index (pulumi.Input[str]) – The property name.

  • master (pulumi.Input[str]) – Master priority for the user schema property. It can be set to "PROFILE_MASTER" or "OKTA".

  • max_length (pulumi.Input[float]) – The maximum length of the user property value. Only applies to type "string".

  • min_length (pulumi.Input[float]) – The minimum length of the user property value. Only applies to type "string".

  • one_ofs (pulumi.Input[list]) – Array of maps containing a mapping for display name to enum value.

  • permissions (pulumi.Input[str]) – Access control permissions for the property. It can be set to "READ_WRITE", "READ_ONLY", "HIDE".

  • required (pulumi.Input[bool]) – Whether the property is required for this application’s users.

  • scope (pulumi.Input[str]) – determines whether an app user attribute can be set at the Individual or Group Level.

  • title (pulumi.Input[str]) – display name for the enum value.

  • type (pulumi.Input[str]) – The type of the schema property. It can be "string", "boolean", "number", "integer", "array", or "object".

The array_one_ofs object supports the following:

  • const (pulumi.Input[str]) - value mapping to member of enum.

  • title (pulumi.Input[str]) - display name for the enum value.

The one_ofs object supports the following:

  • const (pulumi.Input[str]) - value mapping to member of enum.

  • title (pulumi.Input[str]) - display name for the enum value.

app_id: pulumi.Output[str] = None

The Application’s ID the user custom schema property should be assigned to.

array_enums: pulumi.Output[list] = None

Array of values that an array property’s items can be set to.

array_one_ofs: pulumi.Output[list] = None

Display name and value an enum array can be set to.

  • const (str) - value mapping to member of enum.

  • title (str) - display name for the enum value.

array_type: pulumi.Output[str] = None

The type of the array elements if type is set to "array".

description: pulumi.Output[str] = None

The description of the user schema property.

enums: pulumi.Output[list] = None

Array of values a primitive property can be set to. See array_enum for arrays.

external_name: pulumi.Output[str] = None

External name of the user schema property.

index: pulumi.Output[str] = None

The property name.

master: pulumi.Output[str] = None

Master priority for the user schema property. It can be set to "PROFILE_MASTER" or "OKTA".

max_length: pulumi.Output[float] = None

The maximum length of the user property value. Only applies to type "string".

min_length: pulumi.Output[float] = None

The minimum length of the user property value. Only applies to type "string".

one_ofs: pulumi.Output[list] = None

Array of maps containing a mapping for display name to enum value.

  • const (str) - value mapping to member of enum.

  • title (str) - display name for the enum value.

permissions: pulumi.Output[str] = None

Access control permissions for the property. It can be set to "READ_WRITE", "READ_ONLY", "HIDE".

required: pulumi.Output[bool] = None

Whether the property is required for this application’s users.

scope: pulumi.Output[str] = None

determines whether an app user attribute can be set at the Individual or Group Level.

title: pulumi.Output[str] = None

display name for the enum value.

type: pulumi.Output[str] = None

The type of the schema property. It can be "string", "boolean", "number", "integer", "array", or "object".

static get(resource_name, id, opts=None, app_id=None, array_enums=None, array_one_ofs=None, array_type=None, description=None, enums=None, external_name=None, index=None, master=None, max_length=None, min_length=None, one_ofs=None, permissions=None, required=None, scope=None, title=None, type=None)

Get an existing UserSchema resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • app_id (pulumi.Input[str]) – The Application’s ID the user custom schema property should be assigned to.

  • array_enums (pulumi.Input[list]) – Array of values that an array property’s items can be set to.

  • array_one_ofs (pulumi.Input[list]) – Display name and value an enum array can be set to.

  • array_type (pulumi.Input[str]) – The type of the array elements if type is set to "array".

  • description (pulumi.Input[str]) – The description of the user schema property.

  • enums (pulumi.Input[list]) – Array of values a primitive property can be set to. See array_enum for arrays.

  • external_name (pulumi.Input[str]) – External name of the user schema property.

  • index (pulumi.Input[str]) – The property name.

  • master (pulumi.Input[str]) – Master priority for the user schema property. It can be set to "PROFILE_MASTER" or "OKTA".

  • max_length (pulumi.Input[float]) – The maximum length of the user property value. Only applies to type "string".

  • min_length (pulumi.Input[float]) – The minimum length of the user property value. Only applies to type "string".

  • one_ofs (pulumi.Input[list]) – Array of maps containing a mapping for display name to enum value.

  • permissions (pulumi.Input[str]) – Access control permissions for the property. It can be set to "READ_WRITE", "READ_ONLY", "HIDE".

  • required (pulumi.Input[bool]) – Whether the property is required for this application’s users.

  • scope (pulumi.Input[str]) – determines whether an app user attribute can be set at the Individual or Group Level.

  • title (pulumi.Input[str]) – display name for the enum value.

  • type (pulumi.Input[str]) – The type of the schema property. It can be "string", "boolean", "number", "integer", "array", or "object".

The array_one_ofs object supports the following:

  • const (pulumi.Input[str]) - value mapping to member of enum.

  • title (pulumi.Input[str]) - display name for the enum value.

The one_ofs object supports the following:

  • const (pulumi.Input[str]) - value mapping to member of enum.

  • title (pulumi.Input[str]) - display name for the enum value.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

pulumi_okta.app.get_app(active_only=None, id=None, label=None, label_prefix=None, opts=None)

Use this data source to retrieve the collaborators for a given repository.

import pulumi
import pulumi_okta as okta

example = okta.app.get_app(label="Example App")
Parameters

  • active_only (bool) – tells the provider to query for only ACTIVE applications.

  • id (str) – id of application to retrieve, conflicts with label and label_prefix.

  • label (str) – The label of the app to retrieve, conflicts with label_prefix and id.

  • label_prefix (str) – Label prefix of the app to retrieve, conflicts with label and id. This will tell the provider to do a starts with query as opposed to an equals query.

pulumi_okta.app.get_metadata_saml(app_id=None, key_id=None, opts=None)

Use this data source to retrieve the collaborators for a given repository.

import pulumi
import pulumi_okta as okta

example = okta.app.get_metadata_saml(app_id="<app id>",
    key_id="<cert key id>")
Parameters

  • app_id (str) – The application ID.

  • key_id (str) – Certificate Key ID.

pulumi_okta.app.get_saml(accessibility_error_redirect_url=None, accessibility_login_redirect_url=None, accessibility_self_service=None, active_only=None, app_settings_json=None, assertion_signed=None, attribute_statements=None, audience=None, authn_context_class_ref=None, auto_submit_toolbar=None, default_relay_state=None, destination=None, digest_algorithm=None, features=None, hide_ios=None, hide_web=None, honor_force_authn=None, id=None, idp_issuer=None, label=None, label_prefix=None, recipient=None, request_compressed=None, response_signed=None, signature_algorithm=None, sp_issuer=None, sso_url=None, subject_name_id_format=None, subject_name_id_template=None, user_name_template=None, user_name_template_suffix=None, user_name_template_type=None, opts=None)

Use this data source to retrieve the collaborators for a given repository.

import pulumi
import pulumi_okta as okta

example = okta.app.get_saml(label="Example App")
Parameters

  • accessibility_error_redirect_url (str) – Custom error page URL.

  • accessibility_login_redirect_url (str) – Custom login page URL.

  • accessibility_self_service (bool) – Enable self service.

  • active_only (bool) – tells the provider to query for only ACTIVE applications.

  • app_settings_json (str) – Application settings in JSON format.

  • assertion_signed (bool) – Determines whether the SAML assertion is digitally signed.

  • attribute_statements (list) – SAML Attribute statements.

  • audience (str) – Audience restriction.

  • authn_context_class_ref (str) – Identifies the SAML authentication context class for the assertion’s authentication statement.

  • auto_submit_toolbar (bool) – Display auto submit toolbar.

  • default_relay_state (str) – Identifies a specific application resource in an IDP initiated SSO scenario.

  • destination (str) – Identifies the location where the SAML response is intended to be sent inside of the SAML assertion.

  • digest_algorithm (str) – Determines the digest algorithm used to digitally sign the SAML assertion and response.

  • features (list) – features enabled.

  • hide_ios (bool) – Do not display application icon on mobile app.

  • hide_web (bool) – Do not display application icon to users

  • honor_force_authn (bool) – Prompt user to re-authenticate if SP asks for it.

  • id (str) – id of application to retrieve, conflicts with label and label_prefix.

  • idp_issuer (str) – SAML issuer ID.

  • label (str) – The label of the app to retrieve, conflicts with label_prefix and id.

  • label_prefix (str) – Label prefix of the app to retrieve, conflicts with label and id. This will tell the provider to do a starts with query as opposed to an equals query.

  • recipient (str) – The location where the app may present the SAML assertion.

  • request_compressed (bool) – Denotes whether the request is compressed or not.

  • response_signed (bool) – Determines whether the SAML auth response message is digitally signed.

  • signature_algorithm (str) – Signature algorithm used ot digitally sign the assertion and response.

  • sp_issuer (str) – SAML service provider issuer.

  • sso_url (str) – Single Sign on Url.

  • subject_name_id_format (str) – Identifies the SAML processing rules.

  • subject_name_id_template (str) – Template for app user’s username when a user is assigned to the app.

  • user_name_template (str) – Username template.

  • user_name_template_suffix (str) – Username template suffix.

  • user_name_template_type (str) – Username template type.

The attribute_statements object supports the following:

  • filterType (str)

  • filterValue (str)

  • name (str) - name of application.

  • namespace (str)

  • type (str)

  • values (list)