idp¶

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-okta repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-okta repo.

class pulumi_okta.idp.AwaitableGetMetadataSamlResult(assertions_signed=None, authn_request_signed=None, encryption_certificate=None, entity_id=None, http_post_binding=None, http_redirect_binding=None, id=None, idp_id=None, metadata=None, signing_certificate=None)¶

class pulumi_okta.idp.AwaitableGetSamlResult(acs_binding=None, acs_type=None, audience=None, id=None, issuer=None, issuer_mode=None, kid=None, name=None, sso_binding=None, sso_destination=None, sso_url=None, subject_filter=None, subject_formats=None, type=None)¶

class pulumi_okta.idp.GetMetadataSamlResult(assertions_signed=None, authn_request_signed=None, encryption_certificate=None, entity_id=None, http_post_binding=None, http_redirect_binding=None, id=None, idp_id=None, metadata=None, signing_certificate=None)¶

A collection of values returned by getMetadataSaml.

assertions_signed = None¶: whether assertions are signed.

authn_request_signed = None¶: whether authn requests are signed.

encryption_certificate = None¶: SAML request encryption certificate.

entity_id = None¶: Entity URL for instance https://www.okta.com/saml2/service-provider/sposcfdmlybtwkdcgtuf.

http_post_binding = None¶: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Post location from the SAML metadata.

http_redirect_binding = None¶: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect location from the SAML metadata.

id = None¶: The provider-assigned unique ID for this managed resource.

metadata = None¶: raw IdP metadata.

signing_certificate = None¶: SAML request signing certificate.

class pulumi_okta.idp.GetSamlResult(acs_binding=None, acs_type=None, audience=None, id=None, issuer=None, issuer_mode=None, kid=None, name=None, sso_binding=None, sso_destination=None, sso_url=None, subject_filter=None, subject_formats=None, type=None)¶

A collection of values returned by getSaml.

acs_binding = None¶: HTTP binding used to receive a SAMLResponse message from the IdP.

acs_type = None¶: Determines whether to publish an instance-specific (trust) or organization (shared) ACS endpoint in the SAML metadata.

audience = None¶: URI that identifies the target Okta IdP instance (SP)

id = None¶: id of idp.

issuer = None¶: URI that identifies the issuer (IdP).

issuer_mode = None¶: indicates whether Okta uses the original Okta org domain URL, or a custom domain URL in the request to the IdP.

kid = None¶: Key ID reference to the IdP’s X.509 signature certificate.

name = None¶: name of the idp.

sso_binding = None¶: single sign on binding.

sso_destination = None¶: SSO request binding, HTTP-POST or HTTP-REDIRECT.

sso_url = None¶: single sign on url.

subject_filter = None¶: regular expression pattern used to filter untrusted IdP usernames.

subject_formats = None¶: Expression to generate or transform a unique username for the IdP user.

type = None¶: type of idp.

class pulumi_okta.idp.Oidc(resource_name, opts=None, account_link_action=None, account_link_group_includes=None, acs_binding=None, acs_type=None, authorization_binding=None, authorization_url=None, client_id=None, client_secret=None, deprovisioned_action=None, groups_action=None, groups_assignments=None, groups_attribute=None, groups_filters=None, issuer_mode=None, issuer_url=None, jwks_binding=None, jwks_url=None, max_clock_skew=None, name=None, profile_master=None, protocol_type=None, provisioning_action=None, request_signature_algorithm=None, request_signature_scope=None, response_signature_algorithm=None, response_signature_scope=None, scopes=None, status=None, subject_match_attribute=None, subject_match_type=None, suspended_action=None, token_binding=None, token_url=None, user_info_binding=None, user_info_url=None, username_template=None, __props__=None, __name__=None, __opts__=None)¶

Creates an OIDC Identity Provider.

This resource allows you to create and configure an OIDC Identity Provider.

import pulumi
import pulumi_okta as okta

example = okta.idp.Oidc("example",
    acs_binding="HTTP-POST",
    acs_type="INSTANCE",
    authorization_binding="HTTP-REDIRECT",
    authorization_url="https://idp.example.com/authorize",
    client_id="efg456",
    client_secret="efg456",
    issuer_url="https://id.example.com",
    jwks_binding="HTTP-REDIRECT",
    jwks_url="https://idp.example.com/keys",
    scopes=["openid"],
    token_binding="HTTP-POST",
    token_url="https://idp.example.com/token",
    user_info_binding="HTTP-REDIRECT",
    user_info_url="https://idp.example.com/userinfo",
    username_template="idpuser.email")

Parameters

resource_name (str) – The name of the resource.
opts (pulumi.ResourceOptions) – Options for the resource.
account_link_action (pulumi.Input[str]) – Specifies the account linking action for an IdP user.
account_link_group_includes (pulumi.Input[list]) – Group memberships to determine link candidates.
acs_binding (pulumi.Input[str]) – The method of making an ACS request. It can be set to "HTTP-POST" or "HTTP-REDIRECT".
acs_type (pulumi.Input[str]) – The type of ACS. Default is "INSTANCE".
authorization_binding (pulumi.Input[str]) – The method of making an authorization request. It can be set to "HTTP-POST" or "HTTP-REDIRECT".
authorization_url (pulumi.Input[str]) – IdP Authorization Server (AS) endpoint to request consent from the user and obtain an authorization code grant.
client_id (pulumi.Input[str]) – Unique identifier issued by AS for the Okta IdP instance.
client_secret (pulumi.Input[str]) – Client secret issued by AS for the Okta IdP instance.
deprovisioned_action (pulumi.Input[str]) – Action for a previously deprovisioned IdP user during authentication. Can be "NONE" or "REACTIVATE".
groups_action (pulumi.Input[str]) – Provisioning action for IdP user’s group memberships. It can be "NONE", "SYNC", "APPEND", or "ASSIGN".
groups_assignments (pulumi.Input[list]) – List of Okta Group IDs to add an IdP user as a member with the "ASSIGN" groups_action.
groups_attribute (pulumi.Input[str]) – IdP user profile attribute name (case-insensitive) for an array value that contains group memberships.
groups_filters (pulumi.Input[list]) – Whitelist of Okta Group identifiers that are allowed for the "APPEND" or "SYNC" groups_action.
issuer_mode (pulumi.Input[str]) – Indicates whether Okta uses the original Okta org domain URL, or a custom domain URL. It can be "ORG_URL" or "CUSTOM_URL".
issuer_url (pulumi.Input[str]) – URI that identifies the issuer.
jwks_binding (pulumi.Input[str]) – The method of making a request for the OIDC JWKS. It can be set to "HTTP-POST" or "HTTP-REDIRECT".
jwks_url (pulumi.Input[str]) – Endpoint where the signer of the keys publishes its keys in a JWK Set.
max_clock_skew (pulumi.Input[float]) – Maximum allowable clock-skew when processing messages from the IdP.
name (pulumi.Input[str]) – The Application’s display name.
profile_master (pulumi.Input[bool]) – Determines if the IdP should act as a source of truth for user profile attributes.
protocol_type (pulumi.Input[str]) – The type of protocol to use. It can be "OIDC" or "OAUTH2".
provisioning_action (pulumi.Input[str]) – Provisioning action for an IdP user during authentication.
request_signature_algorithm (pulumi.Input[str]) – algorithm to use to sign requests
request_signature_scope (pulumi.Input[str]) – algorithm to use to sign response
response_signature_algorithm (pulumi.Input[str]) – algorithm to use to sign requests
response_signature_scope (pulumi.Input[str]) – algorithm to use to sign response
scopes (pulumi.Input[list]) – The scopes of the IdP.
status (pulumi.Input[str]) – Status of the IdP.
subject_match_attribute (pulumi.Input[str]) – Okta user profile attribute for matching transformed IdP username. Only for matchType "CUSTOM_ATTRIBUTE".
subject_match_type (pulumi.Input[str]) – Determines the Okta user profile attribute match conditions for account linking and authentication of the transformed IdP username. By default it is set to "USERNAME". It can be set to "USERNAME", "EMAIL", "USERNAME_OR_EMAIL" or "CUSTOM_ATTRIBUTE".
suspended_action (pulumi.Input[str]) – Action for a previously suspended IdP user during authentication. Can be set to "NONE" or "UNSUSPEND"
token_binding (pulumi.Input[str]) – The method of making a token request. It can be set to "HTTP-POST" or "HTTP-REDIRECT".
token_url (pulumi.Input[str]) – IdP Authorization Server (AS) endpoint to exchange the authorization code grant for an access token.
user_info_url (pulumi.Input[str]) – Protected resource endpoint that returns claims about the authenticated user.
username_template (pulumi.Input[str]) – Okta EL Expression to generate or transform a unique username for the IdP user.

account_link_action: pulumi.Output[str] = None¶: Specifies the account linking action for an IdP user.

account_link_group_includes: pulumi.Output[list] = None¶: Group memberships to determine link candidates.

acs_binding: pulumi.Output[str] = None¶: The method of making an ACS request. It can be set to "HTTP-POST" or "HTTP-REDIRECT".

acs_type: pulumi.Output[str] = None¶: The type of ACS. Default is "INSTANCE".

authorization_binding: pulumi.Output[str] = None¶: The method of making an authorization request. It can be set to "HTTP-POST" or "HTTP-REDIRECT".

authorization_url: pulumi.Output[str] = None¶: IdP Authorization Server (AS) endpoint to request consent from the user and obtain an authorization code grant.

client_id: pulumi.Output[str] = None¶: Unique identifier issued by AS for the Okta IdP instance.

client_secret: pulumi.Output[str] = None¶: Client secret issued by AS for the Okta IdP instance.

deprovisioned_action: pulumi.Output[str] = None¶: Action for a previously deprovisioned IdP user during authentication. Can be "NONE" or "REACTIVATE".

groups_action: pulumi.Output[str] = None¶: Provisioning action for IdP user’s group memberships. It can be "NONE", "SYNC", "APPEND", or "ASSIGN".

groups_assignments: pulumi.Output[list] = None¶: List of Okta Group IDs to add an IdP user as a member with the "ASSIGN" groups_action.

groups_attribute: pulumi.Output[str] = None¶: IdP user profile attribute name (case-insensitive) for an array value that contains group memberships.

groups_filters: pulumi.Output[list] = None¶: Whitelist of Okta Group identifiers that are allowed for the "APPEND" or "SYNC" groups_action.

issuer_mode: pulumi.Output[str] = None¶: Indicates whether Okta uses the original Okta org domain URL, or a custom domain URL. It can be "ORG_URL" or "CUSTOM_URL".

issuer_url: pulumi.Output[str] = None¶: URI that identifies the issuer.

jwks_binding: pulumi.Output[str] = None¶: The method of making a request for the OIDC JWKS. It can be set to "HTTP-POST" or "HTTP-REDIRECT".

jwks_url: pulumi.Output[str] = None¶: Endpoint where the signer of the keys publishes its keys in a JWK Set.

max_clock_skew: pulumi.Output[float] = None¶: Maximum allowable clock-skew when processing messages from the IdP.

name: pulumi.Output[str] = None¶: The Application’s display name.

profile_master: pulumi.Output[bool] = None¶: Determines if the IdP should act as a source of truth for user profile attributes.

protocol_type: pulumi.Output[str] = None¶: The type of protocol to use. It can be "OIDC" or "OAUTH2".

provisioning_action: pulumi.Output[str] = None¶: Provisioning action for an IdP user during authentication.

request_signature_algorithm: pulumi.Output[str] = None¶: algorithm to use to sign requests

request_signature_scope: pulumi.Output[str] = None¶: algorithm to use to sign response

response_signature_algorithm: pulumi.Output[str] = None¶: algorithm to use to sign requests

response_signature_scope: pulumi.Output[str] = None¶: algorithm to use to sign response

scopes: pulumi.Output[list] = None¶: The scopes of the IdP.

status: pulumi.Output[str] = None¶: Status of the IdP.

subject_match_attribute: pulumi.Output[str] = None¶: Okta user profile attribute for matching transformed IdP username. Only for matchType "CUSTOM_ATTRIBUTE".

subject_match_type: pulumi.Output[str] = None¶: Determines the Okta user profile attribute match conditions for account linking and authentication of the transformed IdP username. By default it is set to "USERNAME". It can be set to "USERNAME", "EMAIL", "USERNAME_OR_EMAIL" or "CUSTOM_ATTRIBUTE".

suspended_action: pulumi.Output[str] = None¶: Action for a previously suspended IdP user during authentication. Can be set to "NONE" or "UNSUSPEND"

token_binding: pulumi.Output[str] = None¶: The method of making a token request. It can be set to "HTTP-POST" or "HTTP-REDIRECT".

token_url: pulumi.Output[str] = None¶: IdP Authorization Server (AS) endpoint to exchange the authorization code grant for an access token.

type: pulumi.Output[str] = None¶: Type of OIDC IdP.

user_info_url: pulumi.Output[str] = None¶: Protected resource endpoint that returns claims about the authenticated user.

username_template: pulumi.Output[str] = None¶: Okta EL Expression to generate or transform a unique username for the IdP user.

static get(resource_name, id, opts=None, account_link_action=None, account_link_group_includes=None, acs_binding=None, acs_type=None, authorization_binding=None, authorization_url=None, client_id=None, client_secret=None, deprovisioned_action=None, groups_action=None, groups_assignments=None, groups_attribute=None, groups_filters=None, issuer_mode=None, issuer_url=None, jwks_binding=None, jwks_url=None, max_clock_skew=None, name=None, profile_master=None, protocol_type=None, provisioning_action=None, request_signature_algorithm=None, request_signature_scope=None, response_signature_algorithm=None, response_signature_scope=None, scopes=None, status=None, subject_match_attribute=None, subject_match_type=None, suspended_action=None, token_binding=None, token_url=None, type=None, user_info_binding=None, user_info_url=None, username_template=None)¶

Get an existing Oidc resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

resource_name (str) – The unique name of the resulting resource.
id (str) – The unique provider ID of the resource to lookup.
opts (pulumi.ResourceOptions) – Options for the resource.
account_link_action (pulumi.Input[str]) – Specifies the account linking action for an IdP user.
account_link_group_includes (pulumi.Input[list]) – Group memberships to determine link candidates.
acs_binding (pulumi.Input[str]) – The method of making an ACS request. It can be set to "HTTP-POST" or "HTTP-REDIRECT".
acs_type (pulumi.Input[str]) – The type of ACS. Default is "INSTANCE".
authorization_binding (pulumi.Input[str]) – The method of making an authorization request. It can be set to "HTTP-POST" or "HTTP-REDIRECT".
authorization_url (pulumi.Input[str]) – IdP Authorization Server (AS) endpoint to request consent from the user and obtain an authorization code grant.
client_id (pulumi.Input[str]) – Unique identifier issued by AS for the Okta IdP instance.
client_secret (pulumi.Input[str]) – Client secret issued by AS for the Okta IdP instance.
deprovisioned_action (pulumi.Input[str]) – Action for a previously deprovisioned IdP user during authentication. Can be "NONE" or "REACTIVATE".
groups_action (pulumi.Input[str]) – Provisioning action for IdP user’s group memberships. It can be "NONE", "SYNC", "APPEND", or "ASSIGN".
groups_assignments (pulumi.Input[list]) – List of Okta Group IDs to add an IdP user as a member with the "ASSIGN" groups_action.
groups_attribute (pulumi.Input[str]) – IdP user profile attribute name (case-insensitive) for an array value that contains group memberships.
groups_filters (pulumi.Input[list]) – Whitelist of Okta Group identifiers that are allowed for the "APPEND" or "SYNC" groups_action.
issuer_mode (pulumi.Input[str]) – Indicates whether Okta uses the original Okta org domain URL, or a custom domain URL. It can be "ORG_URL" or "CUSTOM_URL".
issuer_url (pulumi.Input[str]) – URI that identifies the issuer.
jwks_binding (pulumi.Input[str]) – The method of making a request for the OIDC JWKS. It can be set to "HTTP-POST" or "HTTP-REDIRECT".
jwks_url (pulumi.Input[str]) – Endpoint where the signer of the keys publishes its keys in a JWK Set.
max_clock_skew (pulumi.Input[float]) – Maximum allowable clock-skew when processing messages from the IdP.
name (pulumi.Input[str]) – The Application’s display name.
profile_master (pulumi.Input[bool]) – Determines if the IdP should act as a source of truth for user profile attributes.
protocol_type (pulumi.Input[str]) – The type of protocol to use. It can be "OIDC" or "OAUTH2".
provisioning_action (pulumi.Input[str]) – Provisioning action for an IdP user during authentication.
request_signature_algorithm (pulumi.Input[str]) – algorithm to use to sign requests
request_signature_scope (pulumi.Input[str]) – algorithm to use to sign response
response_signature_algorithm (pulumi.Input[str]) – algorithm to use to sign requests
response_signature_scope (pulumi.Input[str]) – algorithm to use to sign response
scopes (pulumi.Input[list]) – The scopes of the IdP.
status (pulumi.Input[str]) – Status of the IdP.
subject_match_attribute (pulumi.Input[str]) – Okta user profile attribute for matching transformed IdP username. Only for matchType "CUSTOM_ATTRIBUTE".
subject_match_type (pulumi.Input[str]) – Determines the Okta user profile attribute match conditions for account linking and authentication of the transformed IdP username. By default it is set to "USERNAME". It can be set to "USERNAME", "EMAIL", "USERNAME_OR_EMAIL" or "CUSTOM_ATTRIBUTE".
suspended_action (pulumi.Input[str]) – Action for a previously suspended IdP user during authentication. Can be set to "NONE" or "UNSUSPEND"
token_binding (pulumi.Input[str]) – The method of making a token request. It can be set to "HTTP-POST" or "HTTP-REDIRECT".
token_url (pulumi.Input[str]) – IdP Authorization Server (AS) endpoint to exchange the authorization code grant for an access token.
type (pulumi.Input[str]) – Type of OIDC IdP.
user_info_url (pulumi.Input[str]) – Protected resource endpoint that returns claims about the authenticated user.
username_template (pulumi.Input[str]) – Okta EL Expression to generate or transform a unique username for the IdP user.

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

class pulumi_okta.idp.Saml(resource_name, opts=None, account_link_action=None, account_link_group_includes=None, acs_binding=None, acs_type=None, deprovisioned_action=None, groups_action=None, groups_assignments=None, groups_attribute=None, groups_filters=None, issuer=None, issuer_mode=None, kid=None, name=None, name_format=None, profile_master=None, provisioning_action=None, request_signature_algorithm=None, request_signature_scope=None, response_signature_algorithm=None, response_signature_scope=None, sso_binding=None, sso_destination=None, sso_url=None, status=None, subject_filter=None, subject_formats=None, subject_match_attribute=None, subject_match_type=None, suspended_action=None, username_template=None, __props__=None, __name__=None, __opts__=None)¶

Creates a SAML Identity Provider.

This resource allows you to create and configure a SAML Identity Provider.

import pulumi
import pulumi_okta as okta

example = okta.idp.Saml("example",
    acs_binding="HTTP-POST",
    acs_type="INSTANCE",
    issuer="https://idp.example.com",
    kid=okta_idp_saml_key["test"]["id"],
    request_signature_scope="REQUEST",
    response_signature_scope="ANY",
    sso_binding="HTTP-POST",
    sso_destination="https://idp.example.com",
    sso_url="https://idp.example.com",
    username_template="idpuser.email")

Parameters

resource_name (str) – The name of the resource.
opts (pulumi.ResourceOptions) – Options for the resource.
account_link_action (pulumi.Input[str]) – Specifies the account linking action for an IdP user.
account_link_group_includes (pulumi.Input[list]) – Group memberships to determine link candidates.
acs_binding (pulumi.Input[str]) – The method of making an ACS request. It can be set to "HTTP-POST" or "HTTP-REDIRECT".
acs_type (pulumi.Input[str]) – The type of ACS. It can be "INSTANCE" or "ORG".
deprovisioned_action (pulumi.Input[str]) – Action for a previously deprovisioned IdP user during authentication. Can be "NONE" or "REACTIVATE".
groups_action (pulumi.Input[str]) – Provisioning action for IdP user’s group memberships. It can be "NONE", "SYNC", "APPEND", or "ASSIGN".
groups_assignments (pulumi.Input[list]) – List of Okta Group IDs to add an IdP user as a member with the "ASSIGN" groups_action.
groups_attribute (pulumi.Input[str]) – IdP user profile attribute name (case-insensitive) for an array value that contains group memberships.
groups_filters (pulumi.Input[list]) – Whitelist of Okta Group identifiers that are allowed for the "APPEND" or "SYNC" groups_action.
issuer (pulumi.Input[str]) – URI that identifies the issuer.
issuer_mode (pulumi.Input[str]) – Indicates whether Okta uses the original Okta org domain URL, or a custom domain URL. It can be "ORG_URL" or "CUSTOM_URL".
kid (pulumi.Input[str]) – The ID of the signing key.
name (pulumi.Input[str]) – The Application’s display name.
name_format (pulumi.Input[str]) – The name identifier format to use. By default "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified".
profile_master (pulumi.Input[bool]) – Determines if the IdP should act as a source of truth for user profile attributes.
provisioning_action (pulumi.Input[str]) – Provisioning action for an IdP user during authentication.
request_signature_algorithm (pulumi.Input[str]) – The XML digital signature algorithm used when signing an AuthnRequest message.
request_signature_scope (pulumi.Input[str]) – Specifies whether or not to digitally sign an AuthnRequest messages to the IdP. It can be "REQUEST" or "NONE".
response_signature_algorithm (pulumi.Input[str]) – The minimum XML digital signature algorithm allowed when verifying a SAMLResponse message or Assertion element.
response_signature_scope (pulumi.Input[str]) – Specifies whether to verify a SAMLResponse message or Assertion element XML digital signature. It can be "RESPONSE", "ASSERTION", or "ANY".
sso_binding (pulumi.Input[str]) – The method of making an SSO request. It can be set to "HTTP-POST" or "HTTP-REDIRECT".
sso_destination (pulumi.Input[str]) – URI reference indicating the address to which the AuthnRequest message is sent.
sso_url (pulumi.Input[str]) – URL of binding-specific endpoint to send an AuthnRequest message to IdP.
status (pulumi.Input[str]) – Status of the IdP.
subject_filter (pulumi.Input[str]) – Optional regular expression pattern used to filter untrusted IdP usernames.
subject_formats (pulumi.Input[list]) – The name formate. By default "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified".
subject_match_attribute (pulumi.Input[str]) – Okta user profile attribute for matching transformed IdP username. Only for matchType "CUSTOM_ATTRIBUTE".
subject_match_type (pulumi.Input[str]) – Determines the Okta user profile attribute match conditions for account linking and authentication of the transformed IdP username. By default it is set to "USERNAME". It can be set to "USERNAME", "EMAIL", "USERNAME_OR_EMAIL" or "CUSTOM_ATTRIBUTE".
suspended_action (pulumi.Input[str]) – Action for a previously suspended IdP user during authentication. Can be set to "NONE" or "UNSUSPEND"
username_template (pulumi.Input[str]) – Okta EL Expression to generate or transform a unique username for the IdP user.

account_link_action: pulumi.Output[str] = None¶: Specifies the account linking action for an IdP user.

account_link_group_includes: pulumi.Output[list] = None¶: Group memberships to determine link candidates.

acs_binding: pulumi.Output[str] = None¶: The method of making an ACS request. It can be set to "HTTP-POST" or "HTTP-REDIRECT".

acs_type: pulumi.Output[str] = None¶: The type of ACS. It can be "INSTANCE" or "ORG".

audience: pulumi.Output[str] = None¶: The audience restriction for the IdP.

deprovisioned_action: pulumi.Output[str] = None¶: Action for a previously deprovisioned IdP user during authentication. Can be "NONE" or "REACTIVATE".

groups_action: pulumi.Output[str] = None¶: Provisioning action for IdP user’s group memberships. It can be "NONE", "SYNC", "APPEND", or "ASSIGN".

groups_assignments: pulumi.Output[list] = None¶: List of Okta Group IDs to add an IdP user as a member with the "ASSIGN" groups_action.

groups_attribute: pulumi.Output[str] = None¶: IdP user profile attribute name (case-insensitive) for an array value that contains group memberships.

groups_filters: pulumi.Output[list] = None¶: Whitelist of Okta Group identifiers that are allowed for the "APPEND" or "SYNC" groups_action.

issuer: pulumi.Output[str] = None¶: URI that identifies the issuer.

issuer_mode: pulumi.Output[str] = None¶: Indicates whether Okta uses the original Okta org domain URL, or a custom domain URL. It can be "ORG_URL" or "CUSTOM_URL".

kid: pulumi.Output[str] = None¶: The ID of the signing key.

name: pulumi.Output[str] = None¶: The Application’s display name.

name_format: pulumi.Output[str] = None¶: The name identifier format to use. By default "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified".

profile_master: pulumi.Output[bool] = None¶: Determines if the IdP should act as a source of truth for user profile attributes.

provisioning_action: pulumi.Output[str] = None¶: Provisioning action for an IdP user during authentication.

request_signature_algorithm: pulumi.Output[str] = None¶: The XML digital signature algorithm used when signing an AuthnRequest message.

request_signature_scope: pulumi.Output[str] = None¶: Specifies whether or not to digitally sign an AuthnRequest messages to the IdP. It can be "REQUEST" or "NONE".

response_signature_algorithm: pulumi.Output[str] = None¶: The minimum XML digital signature algorithm allowed when verifying a SAMLResponse message or Assertion element.

response_signature_scope: pulumi.Output[str] = None¶: Specifies whether to verify a SAMLResponse message or Assertion element XML digital signature. It can be "RESPONSE", "ASSERTION", or "ANY".

sso_binding: pulumi.Output[str] = None¶: The method of making an SSO request. It can be set to "HTTP-POST" or "HTTP-REDIRECT".

sso_destination: pulumi.Output[str] = None¶: URI reference indicating the address to which the AuthnRequest message is sent.

sso_url: pulumi.Output[str] = None¶: URL of binding-specific endpoint to send an AuthnRequest message to IdP.

status: pulumi.Output[str] = None¶: Status of the IdP.

subject_filter: pulumi.Output[str] = None¶: Optional regular expression pattern used to filter untrusted IdP usernames.

subject_formats: pulumi.Output[list] = None¶: The name formate. By default "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified".

subject_match_attribute: pulumi.Output[str] = None¶: Okta user profile attribute for matching transformed IdP username. Only for matchType "CUSTOM_ATTRIBUTE".

subject_match_type: pulumi.Output[str] = None¶: Determines the Okta user profile attribute match conditions for account linking and authentication of the transformed IdP username. By default it is set to "USERNAME". It can be set to "USERNAME", "EMAIL", "USERNAME_OR_EMAIL" or "CUSTOM_ATTRIBUTE".

suspended_action: pulumi.Output[str] = None¶: Action for a previously suspended IdP user during authentication. Can be set to "NONE" or "UNSUSPEND"

type: pulumi.Output[str] = None¶: Type of the IdP.

username_template: pulumi.Output[str] = None¶: Okta EL Expression to generate or transform a unique username for the IdP user.

static get(resource_name, id, opts=None, account_link_action=None, account_link_group_includes=None, acs_binding=None, acs_type=None, audience=None, deprovisioned_action=None, groups_action=None, groups_assignments=None, groups_attribute=None, groups_filters=None, issuer=None, issuer_mode=None, kid=None, name=None, name_format=None, profile_master=None, provisioning_action=None, request_signature_algorithm=None, request_signature_scope=None, response_signature_algorithm=None, response_signature_scope=None, sso_binding=None, sso_destination=None, sso_url=None, status=None, subject_filter=None, subject_formats=None, subject_match_attribute=None, subject_match_type=None, suspended_action=None, type=None, username_template=None)¶

Get an existing Saml resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

resource_name (str) – The unique name of the resulting resource.
id (str) – The unique provider ID of the resource to lookup.
opts (pulumi.ResourceOptions) – Options for the resource.
account_link_action (pulumi.Input[str]) – Specifies the account linking action for an IdP user.
account_link_group_includes (pulumi.Input[list]) – Group memberships to determine link candidates.
acs_binding (pulumi.Input[str]) – The method of making an ACS request. It can be set to "HTTP-POST" or "HTTP-REDIRECT".
acs_type (pulumi.Input[str]) – The type of ACS. It can be "INSTANCE" or "ORG".
audience (pulumi.Input[str]) – The audience restriction for the IdP.
deprovisioned_action (pulumi.Input[str]) – Action for a previously deprovisioned IdP user during authentication. Can be "NONE" or "REACTIVATE".
groups_action (pulumi.Input[str]) – Provisioning action for IdP user’s group memberships. It can be "NONE", "SYNC", "APPEND", or "ASSIGN".
groups_assignments (pulumi.Input[list]) – List of Okta Group IDs to add an IdP user as a member with the "ASSIGN" groups_action.
groups_attribute (pulumi.Input[str]) – IdP user profile attribute name (case-insensitive) for an array value that contains group memberships.
groups_filters (pulumi.Input[list]) – Whitelist of Okta Group identifiers that are allowed for the "APPEND" or "SYNC" groups_action.
issuer (pulumi.Input[str]) – URI that identifies the issuer.
issuer_mode (pulumi.Input[str]) – Indicates whether Okta uses the original Okta org domain URL, or a custom domain URL. It can be "ORG_URL" or "CUSTOM_URL".
kid (pulumi.Input[str]) – The ID of the signing key.
name (pulumi.Input[str]) – The Application’s display name.
name_format (pulumi.Input[str]) – The name identifier format to use. By default "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified".
profile_master (pulumi.Input[bool]) – Determines if the IdP should act as a source of truth for user profile attributes.
provisioning_action (pulumi.Input[str]) – Provisioning action for an IdP user during authentication.
request_signature_algorithm (pulumi.Input[str]) – The XML digital signature algorithm used when signing an AuthnRequest message.
request_signature_scope (pulumi.Input[str]) – Specifies whether or not to digitally sign an AuthnRequest messages to the IdP. It can be "REQUEST" or "NONE".
response_signature_algorithm (pulumi.Input[str]) – The minimum XML digital signature algorithm allowed when verifying a SAMLResponse message or Assertion element.
response_signature_scope (pulumi.Input[str]) – Specifies whether to verify a SAMLResponse message or Assertion element XML digital signature. It can be "RESPONSE", "ASSERTION", or "ANY".
sso_binding (pulumi.Input[str]) – The method of making an SSO request. It can be set to "HTTP-POST" or "HTTP-REDIRECT".
sso_destination (pulumi.Input[str]) – URI reference indicating the address to which the AuthnRequest message is sent.
sso_url (pulumi.Input[str]) – URL of binding-specific endpoint to send an AuthnRequest message to IdP.
status (pulumi.Input[str]) – Status of the IdP.
subject_filter (pulumi.Input[str]) – Optional regular expression pattern used to filter untrusted IdP usernames.
subject_formats (pulumi.Input[list]) – The name formate. By default "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified".
subject_match_attribute (pulumi.Input[str]) – Okta user profile attribute for matching transformed IdP username. Only for matchType "CUSTOM_ATTRIBUTE".
subject_match_type (pulumi.Input[str]) – Determines the Okta user profile attribute match conditions for account linking and authentication of the transformed IdP username. By default it is set to "USERNAME". It can be set to "USERNAME", "EMAIL", "USERNAME_OR_EMAIL" or "CUSTOM_ATTRIBUTE".
suspended_action (pulumi.Input[str]) – Action for a previously suspended IdP user during authentication. Can be set to "NONE" or "UNSUSPEND"
type (pulumi.Input[str]) – Type of the IdP.
username_template (pulumi.Input[str]) – Okta EL Expression to generate or transform a unique username for the IdP user.

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

class pulumi_okta.idp.SamlKey(resource_name, opts=None, x5cs=None, __props__=None, __name__=None, __opts__=None)¶

Creates a SAML Identity Provider Signing Key.

This resource allows you to create and configure a SAML Identity Provider Signing Key.

import pulumi
import pulumi_okta as okta

example = okta.idp.SamlKey("example", x5cs=[okta_app_saml["example"]["certificate"]])

Parameters

resource_name (str) – The name of the resource.
opts (pulumi.ResourceOptions) – Options for the resource.
x5cs (pulumi.Input[list]) – base64-encoded X.509 certificate chain with DER encoding.

created: pulumi.Output[str] = None¶: Date created.

expires_at: pulumi.Output[str] = None¶: Date the cert expires.

kid: pulumi.Output[str] = None¶: Key ID.

kty: pulumi.Output[str] = None¶: Identifies the cryptographic algorithm family used with the key.

use: pulumi.Output[str] = None¶: Intended use of the public key.

x5cs: pulumi.Output[list] = None¶: base64-encoded X.509 certificate chain with DER encoding.

x5t_s256: pulumi.Output[str] = None¶: base64url-encoded SHA-256 thumbprint of the DER encoding of an X.509 certificate.

static get(resource_name, id, opts=None, created=None, expires_at=None, kid=None, kty=None, use=None, x5cs=None, x5t_s256=None)¶

Get an existing SamlKey resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

resource_name (str) – The unique name of the resulting resource.
id (str) – The unique provider ID of the resource to lookup.
opts (pulumi.ResourceOptions) – Options for the resource.
created (pulumi.Input[str]) – Date created.
expires_at (pulumi.Input[str]) – Date the cert expires.
kid (pulumi.Input[str]) – Key ID.
kty (pulumi.Input[str]) – Identifies the cryptographic algorithm family used with the key.
use (pulumi.Input[str]) – Intended use of the public key.
x5cs (pulumi.Input[list]) – base64-encoded X.509 certificate chain with DER encoding.
x5t_s256 (pulumi.Input[str]) – base64url-encoded SHA-256 thumbprint of the DER encoding of an X.509 certificate.

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

class pulumi_okta.idp.Social(resource_name, opts=None, account_link_action=None, account_link_group_includes=None, client_id=None, client_secret=None, deprovisioned_action=None, groups_action=None, groups_assignments=None, groups_attribute=None, groups_filters=None, issuer_mode=None, match_attribute=None, match_type=None, max_clock_skew=None, name=None, profile_master=None, protocol_type=None, provisioning_action=None, request_signature_algorithm=None, request_signature_scope=None, response_signature_algorithm=None, response_signature_scope=None, scopes=None, status=None, subject_match_attribute=None, subject_match_type=None, suspended_action=None, type=None, username_template=None, __props__=None, __name__=None, __opts__=None)¶

Creates an Social Identity Provider.

This resource allows you to create and configure an Social Identity Provider.

import pulumi
import pulumi_okta as okta

example = okta.idp.Social("example",
    client_id="abcd123",
    client_secret="abcd123",
    match_attribute="customfieldId",
    match_type="CUSTOM_ATTRIBUTE",
    protocol_type="OAUTH2",
    scopes=[
        "public_profile",
        "email",
    ],
    type="FACEBOOK",
    username_template="idpuser.email")

Parameters

resource_name (str) – The name of the resource.
opts (pulumi.ResourceOptions) – Options for the resource.
account_link_action (pulumi.Input[str]) – Specifies the account linking action for an IdP user.
account_link_group_includes (pulumi.Input[list]) – Group memberships to determine link candidates.
client_id (pulumi.Input[str]) – Unique identifier issued by AS for the Okta IdP instance.
client_secret (pulumi.Input[str]) – Client secret issued by AS for the Okta IdP instance.
deprovisioned_action (pulumi.Input[str]) – Action for a previously deprovisioned IdP user during authentication. Can be "NONE" or "REACTIVATE".
groups_action (pulumi.Input[str]) – Provisioning action for IdP user’s group memberships. It can be "NONE", "SYNC", "APPEND", or "ASSIGN".
groups_assignments (pulumi.Input[list]) – List of Okta Group IDs to add an IdP user as a member with the "ASSIGN" groups_action.
groups_attribute (pulumi.Input[str]) – IdP user profile attribute name (case-insensitive) for an array value that contains group memberships.
groups_filters (pulumi.Input[list]) – Whitelist of Okta Group identifiers that are allowed for the "APPEND" or "SYNC" groups_action.
issuer_mode (pulumi.Input[str]) – Indicates whether Okta uses the original Okta org domain URL, or a custom domain URL. It can be "ORG_URL" or "CUSTOM_URL".
max_clock_skew (pulumi.Input[float]) – Maximum allowable clock-skew when processing messages from the IdP.
name (pulumi.Input[str]) – The Application’s display name.
profile_master (pulumi.Input[bool]) – Determines if the IdP should act as a source of truth for user profile attributes.
protocol_type (pulumi.Input[str]) – The type of protocol to use. It can be "OIDC" or "OAUTH2".
provisioning_action (pulumi.Input[str]) – Provisioning action for an IdP user during authentication.
request_signature_algorithm (pulumi.Input[str]) – The XML digital signature algorithm used when signing an AuthnRequest message.
request_signature_scope (pulumi.Input[str]) – Specifies whether or not to digitally sign an AuthnRequest messages to the IdP. It can be "REQUEST" or "NONE".
response_signature_algorithm (pulumi.Input[str]) – The minimum XML digital signature algorithm allowed when verifying a SAMLResponse message or Assertion element.
response_signature_scope (pulumi.Input[str]) – Specifies whether to verify a SAMLResponse message or Assertion element XML digital signature. It can be "RESPONSE", "ASSERTION", or "ANY".
scopes (pulumi.Input[list]) – The scopes of the IdP.
status (pulumi.Input[str]) – Status of the IdP.
subject_match_attribute (pulumi.Input[str]) – Okta user profile attribute for matching transformed IdP username. Only for matchType "CUSTOM_ATTRIBUTE".
subject_match_type (pulumi.Input[str]) – Determines the Okta user profile attribute match conditions for account linking and authentication of the transformed IdP username. By default it is set to "USERNAME". It can be set to "USERNAME", "EMAIL", "USERNAME_OR_EMAIL" or "CUSTOM_ATTRIBUTE".
suspended_action (pulumi.Input[str]) – Action for a previously suspended IdP user during authentication. Can be set to "NONE" or "UNSUSPEND"
type (pulumi.Input[str]) – The type of Social IdP. It can be "FACEBOOK", "LINKEDIN", "MICROSOFT", or "GOOGLE".
username_template (pulumi.Input[str]) – Okta EL Expression to generate or transform a unique username for the IdP user.

account_link_action: pulumi.Output[str] = None¶: Specifies the account linking action for an IdP user.

account_link_group_includes: pulumi.Output[list] = None¶: Group memberships to determine link candidates.

authorization_binding: pulumi.Output[str] = None¶: The method of making an authorization request. It can be set to "HTTP-POST" or "HTTP-REDIRECT".

authorization_url: pulumi.Output[str] = None¶: IdP Authorization Server (AS) endpoint to request consent from the user and obtain an authorization code grant.

client_id: pulumi.Output[str] = None¶: Unique identifier issued by AS for the Okta IdP instance.

client_secret: pulumi.Output[str] = None¶: Client secret issued by AS for the Okta IdP instance.

deprovisioned_action: pulumi.Output[str] = None¶: Action for a previously deprovisioned IdP user during authentication. Can be "NONE" or "REACTIVATE".

groups_action: pulumi.Output[str] = None¶: Provisioning action for IdP user’s group memberships. It can be "NONE", "SYNC", "APPEND", or "ASSIGN".

groups_assignments: pulumi.Output[list] = None¶: List of Okta Group IDs to add an IdP user as a member with the "ASSIGN" groups_action.

groups_attribute: pulumi.Output[str] = None¶: IdP user profile attribute name (case-insensitive) for an array value that contains group memberships.

groups_filters: pulumi.Output[list] = None¶: Whitelist of Okta Group identifiers that are allowed for the "APPEND" or "SYNC" groups_action.

issuer_mode: pulumi.Output[str] = None¶: Indicates whether Okta uses the original Okta org domain URL, or a custom domain URL. It can be "ORG_URL" or "CUSTOM_URL".

max_clock_skew: pulumi.Output[float] = None¶: Maximum allowable clock-skew when processing messages from the IdP.

name: pulumi.Output[str] = None¶: The Application’s display name.

profile_master: pulumi.Output[bool] = None¶: Determines if the IdP should act as a source of truth for user profile attributes.

protocol_type: pulumi.Output[str] = None¶: The type of protocol to use. It can be "OIDC" or "OAUTH2".

provisioning_action: pulumi.Output[str] = None¶: Provisioning action for an IdP user during authentication.

request_signature_algorithm: pulumi.Output[str] = None¶: The XML digital signature algorithm used when signing an AuthnRequest message.

request_signature_scope: pulumi.Output[str] = None¶: Specifies whether or not to digitally sign an AuthnRequest messages to the IdP. It can be "REQUEST" or "NONE".

response_signature_algorithm: pulumi.Output[str] = None¶: The minimum XML digital signature algorithm allowed when verifying a SAMLResponse message or Assertion element.

response_signature_scope: pulumi.Output[str] = None¶: Specifies whether to verify a SAMLResponse message or Assertion element XML digital signature. It can be "RESPONSE", "ASSERTION", or "ANY".

scopes: pulumi.Output[list] = None¶: The scopes of the IdP.

status: pulumi.Output[str] = None¶: Status of the IdP.

subject_match_attribute: pulumi.Output[str] = None¶: Okta user profile attribute for matching transformed IdP username. Only for matchType "CUSTOM_ATTRIBUTE".

subject_match_type: pulumi.Output[str] = None¶: Determines the Okta user profile attribute match conditions for account linking and authentication of the transformed IdP username. By default it is set to "USERNAME". It can be set to "USERNAME", "EMAIL", "USERNAME_OR_EMAIL" or "CUSTOM_ATTRIBUTE".

suspended_action: pulumi.Output[str] = None¶: Action for a previously suspended IdP user during authentication. Can be set to "NONE" or "UNSUSPEND"

token_binding: pulumi.Output[str] = None¶: The method of making a token request. It can be set to "HTTP-POST" or "HTTP-REDIRECT".

token_url: pulumi.Output[str] = None¶: IdP Authorization Server (AS) endpoint to exchange the authorization code grant for an access token.

type: pulumi.Output[str] = None¶: The type of Social IdP. It can be "FACEBOOK", "LINKEDIN", "MICROSOFT", or "GOOGLE".

username_template: pulumi.Output[str] = None¶: Okta EL Expression to generate or transform a unique username for the IdP user.

static get(resource_name, id, opts=None, account_link_action=None, account_link_group_includes=None, authorization_binding=None, authorization_url=None, client_id=None, client_secret=None, deprovisioned_action=None, groups_action=None, groups_assignments=None, groups_attribute=None, groups_filters=None, issuer_mode=None, match_attribute=None, match_type=None, max_clock_skew=None, name=None, profile_master=None, protocol_type=None, provisioning_action=None, request_signature_algorithm=None, request_signature_scope=None, response_signature_algorithm=None, response_signature_scope=None, scopes=None, status=None, subject_match_attribute=None, subject_match_type=None, suspended_action=None, token_binding=None, token_url=None, type=None, username_template=None)¶

Get an existing Social resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

resource_name (str) – The unique name of the resulting resource.
id (str) – The unique provider ID of the resource to lookup.
opts (pulumi.ResourceOptions) – Options for the resource.
account_link_action (pulumi.Input[str]) – Specifies the account linking action for an IdP user.
account_link_group_includes (pulumi.Input[list]) – Group memberships to determine link candidates.
authorization_binding (pulumi.Input[str]) – The method of making an authorization request. It can be set to "HTTP-POST" or "HTTP-REDIRECT".
authorization_url (pulumi.Input[str]) – IdP Authorization Server (AS) endpoint to request consent from the user and obtain an authorization code grant.
client_id (pulumi.Input[str]) – Unique identifier issued by AS for the Okta IdP instance.
client_secret (pulumi.Input[str]) – Client secret issued by AS for the Okta IdP instance.
deprovisioned_action (pulumi.Input[str]) – Action for a previously deprovisioned IdP user during authentication. Can be "NONE" or "REACTIVATE".
groups_action (pulumi.Input[str]) – Provisioning action for IdP user’s group memberships. It can be "NONE", "SYNC", "APPEND", or "ASSIGN".
groups_assignments (pulumi.Input[list]) – List of Okta Group IDs to add an IdP user as a member with the "ASSIGN" groups_action.
groups_attribute (pulumi.Input[str]) – IdP user profile attribute name (case-insensitive) for an array value that contains group memberships.
groups_filters (pulumi.Input[list]) – Whitelist of Okta Group identifiers that are allowed for the "APPEND" or "SYNC" groups_action.
issuer_mode (pulumi.Input[str]) – Indicates whether Okta uses the original Okta org domain URL, or a custom domain URL. It can be "ORG_URL" or "CUSTOM_URL".
max_clock_skew (pulumi.Input[float]) – Maximum allowable clock-skew when processing messages from the IdP.
name (pulumi.Input[str]) – The Application’s display name.
profile_master (pulumi.Input[bool]) – Determines if the IdP should act as a source of truth for user profile attributes.
protocol_type (pulumi.Input[str]) – The type of protocol to use. It can be "OIDC" or "OAUTH2".
provisioning_action (pulumi.Input[str]) – Provisioning action for an IdP user during authentication.
request_signature_algorithm (pulumi.Input[str]) – The XML digital signature algorithm used when signing an AuthnRequest message.
request_signature_scope (pulumi.Input[str]) – Specifies whether or not to digitally sign an AuthnRequest messages to the IdP. It can be "REQUEST" or "NONE".
response_signature_algorithm (pulumi.Input[str]) – The minimum XML digital signature algorithm allowed when verifying a SAMLResponse message or Assertion element.
response_signature_scope (pulumi.Input[str]) – Specifies whether to verify a SAMLResponse message or Assertion element XML digital signature. It can be "RESPONSE", "ASSERTION", or "ANY".
scopes (pulumi.Input[list]) – The scopes of the IdP.
status (pulumi.Input[str]) – Status of the IdP.
subject_match_attribute (pulumi.Input[str]) – Okta user profile attribute for matching transformed IdP username. Only for matchType "CUSTOM_ATTRIBUTE".
subject_match_type (pulumi.Input[str]) – Determines the Okta user profile attribute match conditions for account linking and authentication of the transformed IdP username. By default it is set to "USERNAME". It can be set to "USERNAME", "EMAIL", "USERNAME_OR_EMAIL" or "CUSTOM_ATTRIBUTE".
suspended_action (pulumi.Input[str]) – Action for a previously suspended IdP user during authentication. Can be set to "NONE" or "UNSUSPEND"
token_binding (pulumi.Input[str]) – The method of making a token request. It can be set to "HTTP-POST" or "HTTP-REDIRECT".
token_url (pulumi.Input[str]) – IdP Authorization Server (AS) endpoint to exchange the authorization code grant for an access token.
type (pulumi.Input[str]) – The type of Social IdP. It can be "FACEBOOK", "LINKEDIN", "MICROSOFT", or "GOOGLE".
username_template (pulumi.Input[str]) – Okta EL Expression to generate or transform a unique username for the IdP user.

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

pulumi_okta.idp.get_metadata_saml(idp_id=None, opts=None)¶

Use this data source to retrieve SAML IdP metadata from Okta.

import pulumi
import pulumi_okta as okta

example = okta.idp.get_metadata_saml(id="<idp id>")

Parameters: idp_id (str) – The id of the IdP to retrieve metadata for.

pulumi_okta.idp.get_saml(id=None, name=None, opts=None)¶

Use this data source to retrieve a SAML IdP from Okta.

import pulumi
import pulumi_okta as okta

example = okta.idp.get_saml(label="Example App")

Parameters

id (str) – The id of the idp to retrieve, conflicts with name.
name (str) – The name of the idp to retrieve, conflicts with id.

The Pulumi Platform

Get Started

Migrate to Pulumi

Solutions for All Teams and Engineers

Any Code

Any Cloud

idp¶

On This Page