1. Docs
  2. Reference
  3. API
  4. pulumi_vault
  5. okta

okta

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-vault repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-vault repo.

class pulumi_vault.okta.AuthBackend(resource_name, opts=None, base_url=None, bypass_okta_mfa=None, description=None, groups=None, max_ttl=None, organization=None, path=None, token=None, ttl=None, users=None, __props__=None, __name__=None, __opts__=None)

Create a AuthBackend resource with the given unique name, props, and options. :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] base_url: The Okta url. Examples: oktapreview.com, okta.com :param pulumi.Input[bool] bypass_okta_mfa: When true, requests by Okta for a MFA check will be bypassed. This also disallows certain status checks on the account, such as whether the password is expired. :param pulumi.Input[str] description: The description of the auth backend :param pulumi.Input[list] groups: Associate Okta groups with policies within Vault.

See below for more details.

Parameters

  • max_ttl (pulumi.Input[str]) – Maximum duration after which authentication will be expired See the documentation for info on valid duration formats.

  • organization (pulumi.Input[str]) – The Okta organization. This will be the first part of the url https://XXX.okta.com

  • path (pulumi.Input[str]) – Path to mount the Okta auth backend

  • token (pulumi.Input[str]) – The Okta API token. This is required to query Okta for user group membership. If this is not supplied only locally configured groups will be enabled.

  • ttl (pulumi.Input[str]) –

    Duration after which authentication will be expired. See the documentation for info on valid duration formats.

  • users (pulumi.Input[list]) – Associate Okta users with groups or policies within Vault. See below for more details.

The groups object supports the following:

  • group_name (pulumi.Input[str]) - Name of the group within the Okta

  • policies (pulumi.Input[list]) - List of Vault policies to associate with this user

The users object supports the following:

  • groups (pulumi.Input[list]) - List of Okta groups to associate with this user

  • policies (pulumi.Input[list]) - List of Vault policies to associate with this user

  • username (pulumi.Input[str]) - Name of the user within Okta

accessor: pulumi.Output[str] = None

The mount accessor related to the auth mount. It is useful for integration with Identity Secrets Engine.

base_url: pulumi.Output[str] = None

The Okta url. Examples: oktapreview.com, okta.com

bypass_okta_mfa: pulumi.Output[bool] = None

When true, requests by Okta for a MFA check will be bypassed. This also disallows certain status checks on the account, such as whether the password is expired.

description: pulumi.Output[str] = None

The description of the auth backend

groups: pulumi.Output[list] = None

Associate Okta groups with policies within Vault. See below for more details.

  • group_name (str) - Name of the group within the Okta

  • policies (list) - List of Vault policies to associate with this user

max_ttl: pulumi.Output[str] = None

Maximum duration after which authentication will be expired See the documentation for info on valid duration formats.

organization: pulumi.Output[str] = None

The Okta organization. This will be the first part of the url https://XXX.okta.com

path: pulumi.Output[str] = None

Path to mount the Okta auth backend

token: pulumi.Output[str] = None

The Okta API token. This is required to query Okta for user group membership. If this is not supplied only locally configured groups will be enabled.

ttl: pulumi.Output[str] = None

Duration after which authentication will be expired. See the documentation for info on valid duration formats.

users: pulumi.Output[list] = None

Associate Okta users with groups or policies within Vault. See below for more details.

  • groups (list) - List of Okta groups to associate with this user

  • policies (list) - List of Vault policies to associate with this user

  • username (str) - Name of the user within Okta

static get(resource_name, id, opts=None, accessor=None, base_url=None, bypass_okta_mfa=None, description=None, groups=None, max_ttl=None, organization=None, path=None, token=None, ttl=None, users=None)

Get an existing AuthBackend resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • accessor (pulumi.Input[str]) –

    The mount accessor related to the auth mount. It is useful for integration with Identity Secrets Engine.

  • base_url (pulumi.Input[str]) – The Okta url. Examples: oktapreview.com, okta.com

  • bypass_okta_mfa (pulumi.Input[bool]) – When true, requests by Okta for a MFA check will be bypassed. This also disallows certain status checks on the account, such as whether the password is expired.

  • description (pulumi.Input[str]) – The description of the auth backend

  • groups (pulumi.Input[list]) – Associate Okta groups with policies within Vault. See below for more details.

  • max_ttl (pulumi.Input[str]) –

    Maximum duration after which authentication will be expired See the documentation for info on valid duration formats.

  • organization (pulumi.Input[str]) – The Okta organization. This will be the first part of the url https://XXX.okta.com

  • path (pulumi.Input[str]) – Path to mount the Okta auth backend

  • token (pulumi.Input[str]) – The Okta API token. This is required to query Okta for user group membership. If this is not supplied only locally configured groups will be enabled.

  • ttl (pulumi.Input[str]) –

    Duration after which authentication will be expired. See the documentation for info on valid duration formats.

  • users (pulumi.Input[list]) – Associate Okta users with groups or policies within Vault. See below for more details.

The groups object supports the following:

  • group_name (pulumi.Input[str]) - Name of the group within the Okta

  • policies (pulumi.Input[list]) - List of Vault policies to associate with this user

The users object supports the following:

  • groups (pulumi.Input[list]) - List of Okta groups to associate with this user

  • policies (pulumi.Input[list]) - List of Vault policies to associate with this user

  • username (pulumi.Input[str]) - Name of the user within Okta

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_vault.okta.AuthBackendGroup(resource_name, opts=None, group_name=None, path=None, policies=None, __props__=None, __name__=None, __opts__=None)

Provides a resource to create a group in an Okta auth backend within Vault.

import pulumi
import pulumi_vault as vault

example = vault.okta.AuthBackend("example",
    organization="dummy",
    path="group_okta")
foo = vault.okta.AuthBackendGroup("foo",
    group_name="foo",
    path=example.path,
    policies=[
        "one",
        "two",
    ])
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • group_name (pulumi.Input[str]) – Name of the group within the Okta

  • path (pulumi.Input[str]) – The path where the Okta auth backend is mounted

  • policies (pulumi.Input[list]) – Vault policies to associate with this group

group_name: pulumi.Output[str] = None

Name of the group within the Okta

path: pulumi.Output[str] = None

The path where the Okta auth backend is mounted

policies: pulumi.Output[list] = None

Vault policies to associate with this group

static get(resource_name, id, opts=None, group_name=None, path=None, policies=None)

Get an existing AuthBackendGroup resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • group_name (pulumi.Input[str]) – Name of the group within the Okta

  • path (pulumi.Input[str]) – The path where the Okta auth backend is mounted

  • policies (pulumi.Input[list]) – Vault policies to associate with this group

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_vault.okta.AuthBackendUser(resource_name, opts=None, groups=None, path=None, policies=None, username=None, __props__=None, __name__=None, __opts__=None)

Provides a resource to create a user in an Okta auth backend within Vault.

import pulumi
import pulumi_vault as vault

example = vault.okta.AuthBackend("example",
    organization="dummy",
    path="user_okta")
foo = vault.okta.AuthBackendUser("foo",
    groups=[
        "one",
        "two",
    ],
    path=example.path,
    username="foo")
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • groups (pulumi.Input[list]) – List of Okta groups to associate with this user

  • path (pulumi.Input[str]) – The path where the Okta auth backend is mounted

  • policies (pulumi.Input[list]) – List of Vault policies to associate with this user

  • username (pulumi.Input[str]) – Name of the user within Okta

groups: pulumi.Output[list] = None

List of Okta groups to associate with this user

path: pulumi.Output[str] = None

The path where the Okta auth backend is mounted

policies: pulumi.Output[list] = None

List of Vault policies to associate with this user

username: pulumi.Output[str] = None

Name of the user within Okta

static get(resource_name, id, opts=None, groups=None, path=None, policies=None, username=None)

Get an existing AuthBackendUser resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • groups (pulumi.Input[list]) – List of Okta groups to associate with this user

  • path (pulumi.Input[str]) – The path where the Okta auth backend is mounted

  • policies (pulumi.Input[list]) – List of Vault policies to associate with this user

  • username (pulumi.Input[str]) – Name of the user within Okta

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str