auth¶

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-okta repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-okta repo.

class pulumi_okta.auth.AwaitableGetServerResult(audiences=None, credentials_last_rotated=None, credentials_next_rotation=None, credentials_rotation_mode=None, description=None, id=None, kid=None, name=None, status=None)¶

class pulumi_okta.auth.GetServerResult(audiences=None, credentials_last_rotated=None, credentials_next_rotation=None, credentials_rotation_mode=None, description=None, id=None, kid=None, name=None, status=None)¶

A collection of values returned by getServer.

audiences = None¶: array of audiences,

credentials_last_rotated = None¶: last time credentials were rotated.

credentials_next_rotation = None¶: next time credentials will be rotated

credentials_rotation_mode = None¶: mode of credential rotation, auto or manual.

description = None¶: description of Authorization server.

id = None¶: The provider-assigned unique ID for this managed resource.

kid = None¶: auth server key id.

name = None¶: The name of the auth server.

status = None¶: the activation status of the authorization server.

class pulumi_okta.auth.Server(resource_name, opts=None, audiences=None, credentials_rotation_mode=None, description=None, issuer_mode=None, name=None, status=None, __props__=None, __name__=None, __opts__=None)¶

Creates an Authorization Server.

This resource allows you to create and configure an Authorization Server.

import pulumi
import pulumi_okta as okta

example = okta.auth.Server("example",
    audiences=["api://example"],
    description="My Example Auth Server",
    issuer_mode="CUSTOM_URL",
    status="ACTIVE")

Parameters

resource_name (str) – The name of the resource.
opts (pulumi.ResourceOptions) – Options for the resource.
audiences (pulumi.Input[list]) – The recipients that the tokens are intended for. This becomes the aud claim in an access token.
credentials_rotation_mode (pulumi.Input[str]) – The key rotation mode for the authorization server. Can be "AUTO" or "MANUAL".
description (pulumi.Input[str]) – The description of the authorization server.
issuer_mode (pulumi.Input[str]) – Allows you to use a custom issuer URL. It can be set to "CUSTOM_URL" or "ORG_URL"
name (pulumi.Input[str]) – The name of the authorization server.
status (pulumi.Input[str]) – The status of the auth server. It defaults to "ACTIVE"

audiences: pulumi.Output[list] = None¶: The recipients that the tokens are intended for. This becomes the aud claim in an access token.

credentials_last_rotated: pulumi.Output[str] = None¶: The timestamp when the authorization server started to use the kid for signing tokens.

credentials_next_rotation: pulumi.Output[str] = None¶: The timestamp when the authorization server changes the key for signing tokens. Only returned when credentials_rotation_mode is "AUTO".

credentials_rotation_mode: pulumi.Output[str] = None¶: The key rotation mode for the authorization server. Can be "AUTO" or "MANUAL".

description: pulumi.Output[str] = None¶: The description of the authorization server.

issuer: pulumi.Output[str] = None¶: The complete URL for a Custom Authorization Server. This becomes the iss claim in an access token.

issuer_mode: pulumi.Output[str] = None¶: Allows you to use a custom issuer URL. It can be set to "CUSTOM_URL" or "ORG_URL"

kid: pulumi.Output[str] = None¶: The ID of the JSON Web Key used for signing tokens issued by the authorization server.

name: pulumi.Output[str] = None¶: The name of the authorization server.

status: pulumi.Output[str] = None¶: The status of the auth server. It defaults to "ACTIVE"

static get(resource_name, id, opts=None, audiences=None, credentials_last_rotated=None, credentials_next_rotation=None, credentials_rotation_mode=None, description=None, issuer=None, issuer_mode=None, kid=None, name=None, status=None)¶

Get an existing Server resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

resource_name (str) – The unique name of the resulting resource.
id (str) – The unique provider ID of the resource to lookup.
opts (pulumi.ResourceOptions) – Options for the resource.
audiences (pulumi.Input[list]) – The recipients that the tokens are intended for. This becomes the aud claim in an access token.
credentials_last_rotated (pulumi.Input[str]) – The timestamp when the authorization server started to use the kid for signing tokens.
credentials_next_rotation (pulumi.Input[str]) – The timestamp when the authorization server changes the key for signing tokens. Only returned when credentials_rotation_mode is "AUTO".
credentials_rotation_mode (pulumi.Input[str]) – The key rotation mode for the authorization server. Can be "AUTO" or "MANUAL".
description (pulumi.Input[str]) – The description of the authorization server.
issuer (pulumi.Input[str]) – The complete URL for a Custom Authorization Server. This becomes the iss claim in an access token.
issuer_mode (pulumi.Input[str]) – Allows you to use a custom issuer URL. It can be set to "CUSTOM_URL" or "ORG_URL"
kid (pulumi.Input[str]) – The ID of the JSON Web Key used for signing tokens issued by the authorization server.
name (pulumi.Input[str]) – The name of the authorization server.
status (pulumi.Input[str]) – The status of the auth server. It defaults to "ACTIVE"

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

class pulumi_okta.auth.ServerClaim(resource_name, opts=None, always_include_in_token=None, auth_server_id=None, claim_type=None, group_filter_type=None, name=None, scopes=None, status=None, value=None, value_type=None, __props__=None, __name__=None, __opts__=None)¶

Creates an Authorization Server Claim.

This resource allows you to create and configure an Authorization Server Claim.

import pulumi
import pulumi_okta as okta

example = okta.auth.ServerClaim("example",
    auth_server_id="<auth server id>",
    claim_type="IDENTITY",
    scopes=[okta_auth_server_scope["example"]["name"]],
    value="String.substringAfter(user.email, "@") == "example.com"")

Parameters

resource_name (str) – The name of the resource.
opts (pulumi.ResourceOptions) – Options for the resource.
always_include_in_token (pulumi.Input[bool]) – Specifies whether to include claims in token, by default is is set to true.
auth_server_id (pulumi.Input[str]) – The Application’s display name.
claim_type (pulumi.Input[str]) – Specifies whether the claim is for an access token "RESOURCE" or ID token "IDENTITY".
group_filter_type (pulumi.Input[str]) – Specifies the type of group filter if value_type is "GROUPS". Can be set to one of the following "STARTS_WITH", "EQUALS", "CONTAINS", "REGEX".
name (pulumi.Input[str]) – The name of the claim.
scopes (pulumi.Input[list]) – The list of scopes the auth server claim is tied to.
status (pulumi.Input[str]) – The status of the application. It defaults to "ACTIVE".
value (pulumi.Input[str]) – The value of the claim.
value_type (pulumi.Input[str]) – The type of value of the claim. It can be set to "EXPRESSION" or "GROUPS". It defaults to "EXPRESSION".

always_include_in_token: pulumi.Output[bool] = None¶: Specifies whether to include claims in token, by default is is set to true.

auth_server_id: pulumi.Output[str] = None¶: The Application’s display name.

claim_type: pulumi.Output[str] = None¶: Specifies whether the claim is for an access token "RESOURCE" or ID token "IDENTITY".

group_filter_type: pulumi.Output[str] = None¶: Specifies the type of group filter if value_type is "GROUPS". Can be set to one of the following "STARTS_WITH", "EQUALS", "CONTAINS", "REGEX".

name: pulumi.Output[str] = None¶: The name of the claim.

scopes: pulumi.Output[list] = None¶: The list of scopes the auth server claim is tied to.

status: pulumi.Output[str] = None¶: The status of the application. It defaults to "ACTIVE".

value: pulumi.Output[str] = None¶: The value of the claim.

value_type: pulumi.Output[str] = None¶: The type of value of the claim. It can be set to "EXPRESSION" or "GROUPS". It defaults to "EXPRESSION".

static get(resource_name, id, opts=None, always_include_in_token=None, auth_server_id=None, claim_type=None, group_filter_type=None, name=None, scopes=None, status=None, value=None, value_type=None)¶

Get an existing ServerClaim resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

resource_name (str) – The unique name of the resulting resource.
id (str) – The unique provider ID of the resource to lookup.
opts (pulumi.ResourceOptions) – Options for the resource.
always_include_in_token (pulumi.Input[bool]) – Specifies whether to include claims in token, by default is is set to true.
auth_server_id (pulumi.Input[str]) – The Application’s display name.
claim_type (pulumi.Input[str]) – Specifies whether the claim is for an access token "RESOURCE" or ID token "IDENTITY".
group_filter_type (pulumi.Input[str]) – Specifies the type of group filter if value_type is "GROUPS". Can be set to one of the following "STARTS_WITH", "EQUALS", "CONTAINS", "REGEX".
name (pulumi.Input[str]) – The name of the claim.
scopes (pulumi.Input[list]) – The list of scopes the auth server claim is tied to.
status (pulumi.Input[str]) – The status of the application. It defaults to "ACTIVE".
value (pulumi.Input[str]) – The value of the claim.
value_type (pulumi.Input[str]) – The type of value of the claim. It can be set to "EXPRESSION" or "GROUPS". It defaults to "EXPRESSION".

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

class pulumi_okta.auth.ServerPolicy(resource_name, opts=None, auth_server_id=None, client_whitelists=None, description=None, name=None, priority=None, status=None, type=None, __props__=None, __name__=None, __opts__=None)¶

Creates an Authorization Server Policy.

This resource allows you to create and configure an Authorization Server Policy.

import pulumi
import pulumi_okta as okta

example = okta.auth.ServerPolicy("example",
    auth_server_id="<auth server id>",
    client_whitelists=["ALL_CLIENTS"],
    description="example",
    priority=1,
    status="ACTIVE")

Parameters

resource_name (str) – The name of the resource.
opts (pulumi.ResourceOptions) – Options for the resource.
auth_server_id (pulumi.Input[str]) – The ID of the Auth Server.
client_whitelists (pulumi.Input[list]) – The clients to whitelist the policy for. ["ALL_CLIENTS"] is a special value that can be used to whitelist for all clients. Otherwise it is a list of client ids.
description (pulumi.Input[str]) – The description of the Auth Server Policy.
name (pulumi.Input[str]) – The name of the Auth Server Policy.
priority (pulumi.Input[float]) – The priority of the Auth Server Policy.
status (pulumi.Input[str]) – The status of the Auth Server Policy.
type (pulumi.Input[str]) – The type of the Auth Server Policy.

auth_server_id: pulumi.Output[str] = None¶: The ID of the Auth Server.

client_whitelists: pulumi.Output[list] = None¶: The clients to whitelist the policy for. ["ALL_CLIENTS"] is a special value that can be used to whitelist for all clients. Otherwise it is a list of client ids.

description: pulumi.Output[str] = None¶: The description of the Auth Server Policy.

name: pulumi.Output[str] = None¶: The name of the Auth Server Policy.

priority: pulumi.Output[float] = None¶: The priority of the Auth Server Policy.

status: pulumi.Output[str] = None¶: The status of the Auth Server Policy.

type: pulumi.Output[str] = None¶: The type of the Auth Server Policy.

static get(resource_name, id, opts=None, auth_server_id=None, client_whitelists=None, description=None, name=None, priority=None, status=None, type=None)¶

Get an existing ServerPolicy resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

resource_name (str) – The unique name of the resulting resource.
id (str) – The unique provider ID of the resource to lookup.
opts (pulumi.ResourceOptions) – Options for the resource.
auth_server_id (pulumi.Input[str]) – The ID of the Auth Server.
client_whitelists (pulumi.Input[list]) – The clients to whitelist the policy for. ["ALL_CLIENTS"] is a special value that can be used to whitelist for all clients. Otherwise it is a list of client ids.
description (pulumi.Input[str]) – The description of the Auth Server Policy.
name (pulumi.Input[str]) – The name of the Auth Server Policy.
priority (pulumi.Input[float]) – The priority of the Auth Server Policy.
status (pulumi.Input[str]) – The status of the Auth Server Policy.
type (pulumi.Input[str]) – The type of the Auth Server Policy.

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

class pulumi_okta.auth.ServerPolicyClaim(resource_name, opts=None, access_token_lifetime_minutes=None, auth_server_id=None, grant_type_whitelists=None, group_blacklists=None, group_whitelists=None, inline_hook_id=None, name=None, policy_id=None, priority=None, refresh_token_lifetime_minutes=None, refresh_token_window_minutes=None, scope_whitelists=None, status=None, type=None, user_blacklists=None, user_whitelists=None, __props__=None, __name__=None, __opts__=None)¶

Creates an Authorization Server Policy Rule.

This resource allows you to create and configure an Authorization Server Policy Rule.

import pulumi
import pulumi_okta as okta

example = okta.auth.ServerPolicyClaim("example",
    auth_server_id="<auth server id>",
    grant_type_whitelists=["implicit"],
    group_whitelists=["<group ids>"],
    policy_id="<auth server policy id>",
    priority=1,
    status="ACTIVE")

Parameters

resource_name (str) – The name of the resource.
opts (pulumi.ResourceOptions) – Options for the resource.
access_token_lifetime_minutes (pulumi.Input[float]) – Lifetime of access token. Can be set to a value between 5 and 1440.
auth_server_id (pulumi.Input[str]) – Auth Server ID.
grant_type_whitelists (pulumi.Input[list]) – Accepted grant type values, "authorization_code", "implicit", "password"
inline_hook_id (pulumi.Input[str]) – The ID of the inline token to trigger.
name (pulumi.Input[str]) – Auth Server Policy Rule name.
policy_id (pulumi.Input[str]) – Auth Server Policy ID.
priority (pulumi.Input[float]) – Priority of the auth server policy rule.
refresh_token_lifetime_minutes (pulumi.Input[float]) – Lifetime of refresh token.
scope_whitelists (pulumi.Input[list]) – Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with "*".
status (pulumi.Input[str]) – The status of the Auth Server Policy Rule.
type (pulumi.Input[str]) – The type of the Auth Server Policy Rule.

access_token_lifetime_minutes: pulumi.Output[float] = None¶: Lifetime of access token. Can be set to a value between 5 and 1440.

auth_server_id: pulumi.Output[str] = None¶: Auth Server ID.

grant_type_whitelists: pulumi.Output[list] = None¶: Accepted grant type values, "authorization_code", "implicit", "password"

inline_hook_id: pulumi.Output[str] = None¶: The ID of the inline token to trigger.

name: pulumi.Output[str] = None¶: Auth Server Policy Rule name.

policy_id: pulumi.Output[str] = None¶: Auth Server Policy ID.

priority: pulumi.Output[float] = None¶: Priority of the auth server policy rule.

refresh_token_lifetime_minutes: pulumi.Output[float] = None¶: Lifetime of refresh token.

scope_whitelists: pulumi.Output[list] = None¶: Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with "*".

status: pulumi.Output[str] = None¶: The status of the Auth Server Policy Rule.

type: pulumi.Output[str] = None¶: The type of the Auth Server Policy Rule.

static get(resource_name, id, opts=None, access_token_lifetime_minutes=None, auth_server_id=None, grant_type_whitelists=None, group_blacklists=None, group_whitelists=None, inline_hook_id=None, name=None, policy_id=None, priority=None, refresh_token_lifetime_minutes=None, refresh_token_window_minutes=None, scope_whitelists=None, status=None, type=None, user_blacklists=None, user_whitelists=None)¶

Get an existing ServerPolicyClaim resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

resource_name (str) – The unique name of the resulting resource.
id (str) – The unique provider ID of the resource to lookup.
opts (pulumi.ResourceOptions) – Options for the resource.
access_token_lifetime_minutes (pulumi.Input[float]) – Lifetime of access token. Can be set to a value between 5 and 1440.
auth_server_id (pulumi.Input[str]) – Auth Server ID.
grant_type_whitelists (pulumi.Input[list]) – Accepted grant type values, "authorization_code", "implicit", "password"
inline_hook_id (pulumi.Input[str]) – The ID of the inline token to trigger.
name (pulumi.Input[str]) – Auth Server Policy Rule name.
policy_id (pulumi.Input[str]) – Auth Server Policy ID.
priority (pulumi.Input[float]) – Priority of the auth server policy rule.
refresh_token_lifetime_minutes (pulumi.Input[float]) – Lifetime of refresh token.
scope_whitelists (pulumi.Input[list]) – Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with "*".
status (pulumi.Input[str]) – The status of the Auth Server Policy Rule.
type (pulumi.Input[str]) – The type of the Auth Server Policy Rule.

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

class pulumi_okta.auth.ServerScope(resource_name, opts=None, auth_server_id=None, consent=None, default=None, description=None, metadata_publish=None, name=None, __props__=None, __name__=None, __opts__=None)¶

Creates an Authorization Server Scope.

This resource allows you to create and configure an Authorization Server Scope.

import pulumi
import pulumi_okta as okta

example = okta.auth.ServerScope("example",
    auth_server_id="<auth server id>",
    consent="IMPLICIT",
    metadata_publish="NO_CLIENTS")

Parameters

resource_name (str) – The name of the resource.
opts (pulumi.ResourceOptions) – Options for the resource.
auth_server_id (pulumi.Input[str]) – Auth Server ID.
consent (pulumi.Input[str]) – Indicates whether a consent dialog is needed for the scope. It can be set to "REQUIRED" or "IMPLICIT".
default (pulumi.Input[bool]) – A default scope will be returned in an access token when the client omits the scope parameter in a token request, provided this scope is allowed as part of the access policy rule.
description (pulumi.Input[str]) – Description of the Auth Server Scope.
metadata_publish (pulumi.Input[str]) – Whether to publish metadata or not. It can be set to "ALL_CLIENTS" or "NO_CLIENTS".
name (pulumi.Input[str]) – Auth Server scope name.

auth_server_id: pulumi.Output[str] = None¶: Auth Server ID.

consent: pulumi.Output[str] = None¶: Indicates whether a consent dialog is needed for the scope. It can be set to "REQUIRED" or "IMPLICIT".

default: pulumi.Output[bool] = None¶: A default scope will be returned in an access token when the client omits the scope parameter in a token request, provided this scope is allowed as part of the access policy rule.

description: pulumi.Output[str] = None¶: Description of the Auth Server Scope.

metadata_publish: pulumi.Output[str] = None¶: Whether to publish metadata or not. It can be set to "ALL_CLIENTS" or "NO_CLIENTS".

name: pulumi.Output[str] = None¶: Auth Server scope name.

static get(resource_name, id, opts=None, auth_server_id=None, consent=None, default=None, description=None, metadata_publish=None, name=None)¶

Get an existing ServerScope resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

resource_name (str) – The unique name of the resulting resource.
id (str) – The unique provider ID of the resource to lookup.
opts (pulumi.ResourceOptions) – Options for the resource.
auth_server_id (pulumi.Input[str]) – Auth Server ID.
consent (pulumi.Input[str]) – Indicates whether a consent dialog is needed for the scope. It can be set to "REQUIRED" or "IMPLICIT".
default (pulumi.Input[bool]) – A default scope will be returned in an access token when the client omits the scope parameter in a token request, provided this scope is allowed as part of the access policy rule.
description (pulumi.Input[str]) – Description of the Auth Server Scope.
metadata_publish (pulumi.Input[str]) – Whether to publish metadata or not. It can be set to "ALL_CLIENTS" or "NO_CLIENTS".
name (pulumi.Input[str]) – Auth Server scope name.

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

pulumi_okta.auth.get_server(name=None, opts=None)¶

Use this data source to retrieve an auth server from Okta.

import pulumi
import pulumi_okta as okta

example = okta.auth.get_server(name="Example Auth")

Parameters: name (str) – The name of the auth server to retrieve.

The Pulumi Platform

Get Started

Migrate to Pulumi

Solutions for All Teams and Engineers

Any Code

Any Cloud

auth¶

On This Page