Okta v4.8.0 published on Saturday, Mar 2, 2024 by Pulumi
okta.idp.Social
Explore with Pulumi AI
Creates a Social Identity Provider.
This resource allows you to create and configure a Social Identity Provider.
Example Usage
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Okta = Pulumi.Okta;
return await Deployment.RunAsync(() =>
{
var example = new Okta.Idp.Social("example", new()
{
ClientId = "abcd123",
ClientSecret = "abcd123",
ProtocolType = "OAUTH2",
Scopes = new[]
{
"public_profile",
"email",
},
Type = "FACEBOOK",
UsernameTemplate = "idpuser.email",
});
});
package main
import (
"github.com/pulumi/pulumi-okta/sdk/v4/go/okta/idp"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := idp.NewSocial(ctx, "example", &idp.SocialArgs{
ClientId: pulumi.String("abcd123"),
ClientSecret: pulumi.String("abcd123"),
ProtocolType: pulumi.String("OAUTH2"),
Scopes: pulumi.StringArray{
pulumi.String("public_profile"),
pulumi.String("email"),
},
Type: pulumi.String("FACEBOOK"),
UsernameTemplate: pulumi.String("idpuser.email"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.okta.idp.Social;
import com.pulumi.okta.idp.SocialArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Social("example", SocialArgs.builder()
.clientId("abcd123")
.clientSecret("abcd123")
.protocolType("OAUTH2")
.scopes(
"public_profile",
"email")
.type("FACEBOOK")
.usernameTemplate("idpuser.email")
.build());
}
}
import pulumi
import pulumi_okta as okta
example = okta.idp.Social("example",
client_id="abcd123",
client_secret="abcd123",
protocol_type="OAUTH2",
scopes=[
"public_profile",
"email",
],
type="FACEBOOK",
username_template="idpuser.email")
import * as pulumi from "@pulumi/pulumi";
import * as okta from "@pulumi/okta";
const example = new okta.idp.Social("example", {
clientId: "abcd123",
clientSecret: "abcd123",
protocolType: "OAUTH2",
scopes: [
"public_profile",
"email",
],
type: "FACEBOOK",
usernameTemplate: "idpuser.email",
});
resources:
example:
type: okta:idp:Social
properties:
clientId: abcd123
clientSecret: abcd123
protocolType: OAUTH2
scopes:
- public_profile
- email
type: FACEBOOK
usernameTemplate: idpuser.email
Create Social Resource
new Social(name: string, args: SocialArgs, opts?: CustomResourceOptions);
@overload
def Social(resource_name: str,
opts: Optional[ResourceOptions] = None,
account_link_action: Optional[str] = None,
account_link_group_includes: Optional[Sequence[str]] = None,
apple_kid: Optional[str] = None,
apple_private_key: Optional[str] = None,
apple_team_id: Optional[str] = None,
client_id: Optional[str] = None,
client_secret: Optional[str] = None,
deprovisioned_action: Optional[str] = None,
groups_action: Optional[str] = None,
groups_assignments: Optional[Sequence[str]] = None,
groups_attribute: Optional[str] = None,
groups_filters: Optional[Sequence[str]] = None,
issuer_mode: Optional[str] = None,
max_clock_skew: Optional[int] = None,
name: Optional[str] = None,
profile_master: Optional[bool] = None,
protocol_type: Optional[str] = None,
provisioning_action: Optional[str] = None,
scopes: Optional[Sequence[str]] = None,
status: Optional[str] = None,
subject_match_attribute: Optional[str] = None,
subject_match_type: Optional[str] = None,
suspended_action: Optional[str] = None,
type: Optional[str] = None,
username_template: Optional[str] = None)
@overload
def Social(resource_name: str,
args: SocialArgs,
opts: Optional[ResourceOptions] = None)
func NewSocial(ctx *Context, name string, args SocialArgs, opts ...ResourceOption) (*Social, error)
public Social(string name, SocialArgs args, CustomResourceOptions? opts = null)
public Social(String name, SocialArgs args)
public Social(String name, SocialArgs args, CustomResourceOptions options)
type: okta:idp:Social
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args SocialArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args SocialArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args SocialArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args SocialArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args SocialArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Social Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The Social resource accepts the following input properties:
- Scopes List<string>
- The scopes of the IdP.
- Type string
- The type of Social IdP. See API docs Identity Provider Type
- Account
Link stringAction - Specifies the account linking action for an IdP user.
- Account
Link List<string>Group Includes - Group memberships to determine link candidates.
- Apple
Kid string - The Key ID that you obtained from Apple when you created the private key for the client.
- Apple
Private stringKey - The Key ID that you obtained from Apple when you created the private key for the client. PrivateKey is required when resource is first created. For all consecutive updates, it can be empty/omitted and keeps the existing value if it is empty/omitted. PrivateKey isn't returned when importing this resource.
- Apple
Team stringId - The Team ID associated with your Apple developer account.
- Client
Id string - Unique identifier issued by AS for the Okta IdP instance.
- Client
Secret string - Client secret issued by AS for the Okta IdP instance.
- Deprovisioned
Action string - Action for a previously deprovisioned IdP user during authentication. Can be
"NONE"
or"REACTIVATE"
. - Groups
Action string - Provisioning action for IdP user's group memberships. It can be
"NONE"
,"SYNC"
,"APPEND"
, or"ASSIGN"
. - Groups
Assignments List<string> - List of Okta Group IDs to add an IdP user as a member with the
"ASSIGN"
groups_action
. - Groups
Attribute string - IdP user profile attribute name (case-insensitive) for an array value that contains group memberships.
- Groups
Filters List<string> - Whitelist of Okta Group identifiers that are allowed for the
"APPEND"
or"SYNC"
groups_action
. - Issuer
Mode string - Indicates whether Okta uses the original Okta org domain URL, or a custom domain URL. It can be
"ORG_URL"
or"CUSTOM_URL"
. - Max
Clock intSkew - Maximum allowable clock-skew when processing messages from the IdP.
- Name string
- The Application's display name.
- Profile
Master bool - Determines if the IdP should act as a source of truth for user profile attributes.
- Protocol
Type string - The type of protocol to use. It can be
"OIDC"
or"OAUTH2"
. - Provisioning
Action string - Provisioning action for an IdP user during authentication.
- Status string
- Status of the IdP.
- Subject
Match stringAttribute - Okta user profile attribute for matching transformed IdP username. Only for matchType
"CUSTOM_ATTRIBUTE"
. - Subject
Match stringType - Determines the Okta user profile attribute match conditions for account linking and authentication of the transformed IdP username. By default, it is set to
"USERNAME"
. It can be set to"USERNAME"
,"EMAIL"
,"USERNAME_OR_EMAIL"
or"CUSTOM_ATTRIBUTE"
. - Suspended
Action string - Action for a previously suspended IdP user during authentication. Can be set to
"NONE"
or"UNSUSPEND"
- Username
Template string - Okta EL Expression to generate or transform a unique username for the IdP user.
- Scopes []string
- The scopes of the IdP.
- Type string
- The type of Social IdP. See API docs Identity Provider Type
- Account
Link stringAction - Specifies the account linking action for an IdP user.
- Account
Link []stringGroup Includes - Group memberships to determine link candidates.
- Apple
Kid string - The Key ID that you obtained from Apple when you created the private key for the client.
- Apple
Private stringKey - The Key ID that you obtained from Apple when you created the private key for the client. PrivateKey is required when resource is first created. For all consecutive updates, it can be empty/omitted and keeps the existing value if it is empty/omitted. PrivateKey isn't returned when importing this resource.
- Apple
Team stringId - The Team ID associated with your Apple developer account.
- Client
Id string - Unique identifier issued by AS for the Okta IdP instance.
- Client
Secret string - Client secret issued by AS for the Okta IdP instance.
- Deprovisioned
Action string - Action for a previously deprovisioned IdP user during authentication. Can be
"NONE"
or"REACTIVATE"
. - Groups
Action string - Provisioning action for IdP user's group memberships. It can be
"NONE"
,"SYNC"
,"APPEND"
, or"ASSIGN"
. - Groups
Assignments []string - List of Okta Group IDs to add an IdP user as a member with the
"ASSIGN"
groups_action
. - Groups
Attribute string - IdP user profile attribute name (case-insensitive) for an array value that contains group memberships.
- Groups
Filters []string - Whitelist of Okta Group identifiers that are allowed for the
"APPEND"
or"SYNC"
groups_action
. - Issuer
Mode string - Indicates whether Okta uses the original Okta org domain URL, or a custom domain URL. It can be
"ORG_URL"
or"CUSTOM_URL"
. - Max
Clock intSkew - Maximum allowable clock-skew when processing messages from the IdP.
- Name string
- The Application's display name.
- Profile
Master bool - Determines if the IdP should act as a source of truth for user profile attributes.
- Protocol
Type string - The type of protocol to use. It can be
"OIDC"
or"OAUTH2"
. - Provisioning
Action string - Provisioning action for an IdP user during authentication.
- Status string
- Status of the IdP.
- Subject
Match stringAttribute - Okta user profile attribute for matching transformed IdP username. Only for matchType
"CUSTOM_ATTRIBUTE"
. - Subject
Match stringType - Determines the Okta user profile attribute match conditions for account linking and authentication of the transformed IdP username. By default, it is set to
"USERNAME"
. It can be set to"USERNAME"
,"EMAIL"
,"USERNAME_OR_EMAIL"
or"CUSTOM_ATTRIBUTE"
. - Suspended
Action string - Action for a previously suspended IdP user during authentication. Can be set to
"NONE"
or"UNSUSPEND"
- Username
Template string - Okta EL Expression to generate or transform a unique username for the IdP user.
- scopes List<String>
- The scopes of the IdP.
- type String
- The type of Social IdP. See API docs Identity Provider Type
- account
Link StringAction - Specifies the account linking action for an IdP user.
- account
Link List<String>Group Includes - Group memberships to determine link candidates.
- apple
Kid String - The Key ID that you obtained from Apple when you created the private key for the client.
- apple
Private StringKey - The Key ID that you obtained from Apple when you created the private key for the client. PrivateKey is required when resource is first created. For all consecutive updates, it can be empty/omitted and keeps the existing value if it is empty/omitted. PrivateKey isn't returned when importing this resource.
- apple
Team StringId - The Team ID associated with your Apple developer account.
- client
Id String - Unique identifier issued by AS for the Okta IdP instance.
- client
Secret String - Client secret issued by AS for the Okta IdP instance.
- deprovisioned
Action String - Action for a previously deprovisioned IdP user during authentication. Can be
"NONE"
or"REACTIVATE"
. - groups
Action String - Provisioning action for IdP user's group memberships. It can be
"NONE"
,"SYNC"
,"APPEND"
, or"ASSIGN"
. - groups
Assignments List<String> - List of Okta Group IDs to add an IdP user as a member with the
"ASSIGN"
groups_action
. - groups
Attribute String - IdP user profile attribute name (case-insensitive) for an array value that contains group memberships.
- groups
Filters List<String> - Whitelist of Okta Group identifiers that are allowed for the
"APPEND"
or"SYNC"
groups_action
. - issuer
Mode String - Indicates whether Okta uses the original Okta org domain URL, or a custom domain URL. It can be
"ORG_URL"
or"CUSTOM_URL"
. - max
Clock IntegerSkew - Maximum allowable clock-skew when processing messages from the IdP.
- name String
- The Application's display name.
- profile
Master Boolean - Determines if the IdP should act as a source of truth for user profile attributes.
- protocol
Type String - The type of protocol to use. It can be
"OIDC"
or"OAUTH2"
. - provisioning
Action String - Provisioning action for an IdP user during authentication.
- status String
- Status of the IdP.
- subject
Match StringAttribute - Okta user profile attribute for matching transformed IdP username. Only for matchType
"CUSTOM_ATTRIBUTE"
. - subject
Match StringType - Determines the Okta user profile attribute match conditions for account linking and authentication of the transformed IdP username. By default, it is set to
"USERNAME"
. It can be set to"USERNAME"
,"EMAIL"
,"USERNAME_OR_EMAIL"
or"CUSTOM_ATTRIBUTE"
. - suspended
Action String - Action for a previously suspended IdP user during authentication. Can be set to
"NONE"
or"UNSUSPEND"
- username
Template String - Okta EL Expression to generate or transform a unique username for the IdP user.
- scopes string[]
- The scopes of the IdP.
- type string
- The type of Social IdP. See API docs Identity Provider Type
- account
Link stringAction - Specifies the account linking action for an IdP user.
- account
Link string[]Group Includes - Group memberships to determine link candidates.
- apple
Kid string - The Key ID that you obtained from Apple when you created the private key for the client.
- apple
Private stringKey - The Key ID that you obtained from Apple when you created the private key for the client. PrivateKey is required when resource is first created. For all consecutive updates, it can be empty/omitted and keeps the existing value if it is empty/omitted. PrivateKey isn't returned when importing this resource.
- apple
Team stringId - The Team ID associated with your Apple developer account.
- client
Id string - Unique identifier issued by AS for the Okta IdP instance.
- client
Secret string - Client secret issued by AS for the Okta IdP instance.
- deprovisioned
Action string - Action for a previously deprovisioned IdP user during authentication. Can be
"NONE"
or"REACTIVATE"
. - groups
Action string - Provisioning action for IdP user's group memberships. It can be
"NONE"
,"SYNC"
,"APPEND"
, or"ASSIGN"
. - groups
Assignments string[] - List of Okta Group IDs to add an IdP user as a member with the
"ASSIGN"
groups_action
. - groups
Attribute string - IdP user profile attribute name (case-insensitive) for an array value that contains group memberships.
- groups
Filters string[] - Whitelist of Okta Group identifiers that are allowed for the
"APPEND"
or"SYNC"
groups_action
. - issuer
Mode string - Indicates whether Okta uses the original Okta org domain URL, or a custom domain URL. It can be
"ORG_URL"
or"CUSTOM_URL"
. - max
Clock numberSkew - Maximum allowable clock-skew when processing messages from the IdP.
- name string
- The Application's display name.
- profile
Master boolean - Determines if the IdP should act as a source of truth for user profile attributes.
- protocol
Type string - The type of protocol to use. It can be
"OIDC"
or"OAUTH2"
. - provisioning
Action string - Provisioning action for an IdP user during authentication.
- status string
- Status of the IdP.
- subject
Match stringAttribute - Okta user profile attribute for matching transformed IdP username. Only for matchType
"CUSTOM_ATTRIBUTE"
. - subject
Match stringType - Determines the Okta user profile attribute match conditions for account linking and authentication of the transformed IdP username. By default, it is set to
"USERNAME"
. It can be set to"USERNAME"
,"EMAIL"
,"USERNAME_OR_EMAIL"
or"CUSTOM_ATTRIBUTE"
. - suspended
Action string - Action for a previously suspended IdP user during authentication. Can be set to
"NONE"
or"UNSUSPEND"
- username
Template string - Okta EL Expression to generate or transform a unique username for the IdP user.
- scopes Sequence[str]
- The scopes of the IdP.
- type str
- The type of Social IdP. See API docs Identity Provider Type
- account_
link_ straction - Specifies the account linking action for an IdP user.
- account_
link_ Sequence[str]group_ includes - Group memberships to determine link candidates.
- apple_
kid str - The Key ID that you obtained from Apple when you created the private key for the client.
- apple_
private_ strkey - The Key ID that you obtained from Apple when you created the private key for the client. PrivateKey is required when resource is first created. For all consecutive updates, it can be empty/omitted and keeps the existing value if it is empty/omitted. PrivateKey isn't returned when importing this resource.
- apple_
team_ strid - The Team ID associated with your Apple developer account.
- client_
id str - Unique identifier issued by AS for the Okta IdP instance.
- client_
secret str - Client secret issued by AS for the Okta IdP instance.
- deprovisioned_
action str - Action for a previously deprovisioned IdP user during authentication. Can be
"NONE"
or"REACTIVATE"
. - groups_
action str - Provisioning action for IdP user's group memberships. It can be
"NONE"
,"SYNC"
,"APPEND"
, or"ASSIGN"
. - groups_
assignments Sequence[str] - List of Okta Group IDs to add an IdP user as a member with the
"ASSIGN"
groups_action
. - groups_
attribute str - IdP user profile attribute name (case-insensitive) for an array value that contains group memberships.
- groups_
filters Sequence[str] - Whitelist of Okta Group identifiers that are allowed for the
"APPEND"
or"SYNC"
groups_action
. - issuer_
mode str - Indicates whether Okta uses the original Okta org domain URL, or a custom domain URL. It can be
"ORG_URL"
or"CUSTOM_URL"
. - max_
clock_ intskew - Maximum allowable clock-skew when processing messages from the IdP.
- name str
- The Application's display name.
- profile_
master bool - Determines if the IdP should act as a source of truth for user profile attributes.
- protocol_
type str - The type of protocol to use. It can be
"OIDC"
or"OAUTH2"
. - provisioning_
action str - Provisioning action for an IdP user during authentication.
- status str
- Status of the IdP.
- subject_
match_ strattribute - Okta user profile attribute for matching transformed IdP username. Only for matchType
"CUSTOM_ATTRIBUTE"
. - subject_
match_ strtype - Determines the Okta user profile attribute match conditions for account linking and authentication of the transformed IdP username. By default, it is set to
"USERNAME"
. It can be set to"USERNAME"
,"EMAIL"
,"USERNAME_OR_EMAIL"
or"CUSTOM_ATTRIBUTE"
. - suspended_
action str - Action for a previously suspended IdP user during authentication. Can be set to
"NONE"
or"UNSUSPEND"
- username_
template str - Okta EL Expression to generate or transform a unique username for the IdP user.
- scopes List<String>
- The scopes of the IdP.
- type String
- The type of Social IdP. See API docs Identity Provider Type
- account
Link StringAction - Specifies the account linking action for an IdP user.
- account
Link List<String>Group Includes - Group memberships to determine link candidates.
- apple
Kid String - The Key ID that you obtained from Apple when you created the private key for the client.
- apple
Private StringKey - The Key ID that you obtained from Apple when you created the private key for the client. PrivateKey is required when resource is first created. For all consecutive updates, it can be empty/omitted and keeps the existing value if it is empty/omitted. PrivateKey isn't returned when importing this resource.
- apple
Team StringId - The Team ID associated with your Apple developer account.
- client
Id String - Unique identifier issued by AS for the Okta IdP instance.
- client
Secret String - Client secret issued by AS for the Okta IdP instance.
- deprovisioned
Action String - Action for a previously deprovisioned IdP user during authentication. Can be
"NONE"
or"REACTIVATE"
. - groups
Action String - Provisioning action for IdP user's group memberships. It can be
"NONE"
,"SYNC"
,"APPEND"
, or"ASSIGN"
. - groups
Assignments List<String> - List of Okta Group IDs to add an IdP user as a member with the
"ASSIGN"
groups_action
. - groups
Attribute String - IdP user profile attribute name (case-insensitive) for an array value that contains group memberships.
- groups
Filters List<String> - Whitelist of Okta Group identifiers that are allowed for the
"APPEND"
or"SYNC"
groups_action
. - issuer
Mode String - Indicates whether Okta uses the original Okta org domain URL, or a custom domain URL. It can be
"ORG_URL"
or"CUSTOM_URL"
. - max
Clock NumberSkew - Maximum allowable clock-skew when processing messages from the IdP.
- name String
- The Application's display name.
- profile
Master Boolean - Determines if the IdP should act as a source of truth for user profile attributes.
- protocol
Type String - The type of protocol to use. It can be
"OIDC"
or"OAUTH2"
. - provisioning
Action String - Provisioning action for an IdP user during authentication.
- status String
- Status of the IdP.
- subject
Match StringAttribute - Okta user profile attribute for matching transformed IdP username. Only for matchType
"CUSTOM_ATTRIBUTE"
. - subject
Match StringType - Determines the Okta user profile attribute match conditions for account linking and authentication of the transformed IdP username. By default, it is set to
"USERNAME"
. It can be set to"USERNAME"
,"EMAIL"
,"USERNAME_OR_EMAIL"
or"CUSTOM_ATTRIBUTE"
. - suspended
Action String - Action for a previously suspended IdP user during authentication. Can be set to
"NONE"
or"UNSUSPEND"
- username
Template String - Okta EL Expression to generate or transform a unique username for the IdP user.
Outputs
All input properties are implicitly available as output properties. Additionally, the Social resource produces the following output properties:
- string
- The method of making an authorization request. It can be set to
"HTTP-POST"
or"HTTP-REDIRECT"
. - string
- IdP Authorization Server (AS) endpoint to request consent from the user and obtain an authorization code grant.
- Id string
- The provider-assigned unique ID for this managed resource.
- Token
Binding string - The method of making a token request. It can be set to
"HTTP-POST"
or"HTTP-REDIRECT"
. - Token
Url string - IdP Authorization Server (AS) endpoint to exchange the authorization code grant for an access token.
- string
- The method of making an authorization request. It can be set to
"HTTP-POST"
or"HTTP-REDIRECT"
. - string
- IdP Authorization Server (AS) endpoint to request consent from the user and obtain an authorization code grant.
- Id string
- The provider-assigned unique ID for this managed resource.
- Token
Binding string - The method of making a token request. It can be set to
"HTTP-POST"
or"HTTP-REDIRECT"
. - Token
Url string - IdP Authorization Server (AS) endpoint to exchange the authorization code grant for an access token.
- String
- The method of making an authorization request. It can be set to
"HTTP-POST"
or"HTTP-REDIRECT"
. - String
- IdP Authorization Server (AS) endpoint to request consent from the user and obtain an authorization code grant.
- id String
- The provider-assigned unique ID for this managed resource.
- token
Binding String - The method of making a token request. It can be set to
"HTTP-POST"
or"HTTP-REDIRECT"
. - token
Url String - IdP Authorization Server (AS) endpoint to exchange the authorization code grant for an access token.
- string
- The method of making an authorization request. It can be set to
"HTTP-POST"
or"HTTP-REDIRECT"
. - string
- IdP Authorization Server (AS) endpoint to request consent from the user and obtain an authorization code grant.
- id string
- The provider-assigned unique ID for this managed resource.
- token
Binding string - The method of making a token request. It can be set to
"HTTP-POST"
or"HTTP-REDIRECT"
. - token
Url string - IdP Authorization Server (AS) endpoint to exchange the authorization code grant for an access token.
- str
- The method of making an authorization request. It can be set to
"HTTP-POST"
or"HTTP-REDIRECT"
. - str
- IdP Authorization Server (AS) endpoint to request consent from the user and obtain an authorization code grant.
- id str
- The provider-assigned unique ID for this managed resource.
- token_
binding str - The method of making a token request. It can be set to
"HTTP-POST"
or"HTTP-REDIRECT"
. - token_
url str - IdP Authorization Server (AS) endpoint to exchange the authorization code grant for an access token.
- String
- The method of making an authorization request. It can be set to
"HTTP-POST"
or"HTTP-REDIRECT"
. - String
- IdP Authorization Server (AS) endpoint to request consent from the user and obtain an authorization code grant.
- id String
- The provider-assigned unique ID for this managed resource.
- token
Binding String - The method of making a token request. It can be set to
"HTTP-POST"
or"HTTP-REDIRECT"
. - token
Url String - IdP Authorization Server (AS) endpoint to exchange the authorization code grant for an access token.
Look up Existing Social Resource
Get an existing Social resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: SocialState, opts?: CustomResourceOptions): Social
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
account_link_action: Optional[str] = None,
account_link_group_includes: Optional[Sequence[str]] = None,
apple_kid: Optional[str] = None,
apple_private_key: Optional[str] = None,
apple_team_id: Optional[str] = None,
authorization_binding: Optional[str] = None,
authorization_url: Optional[str] = None,
client_id: Optional[str] = None,
client_secret: Optional[str] = None,
deprovisioned_action: Optional[str] = None,
groups_action: Optional[str] = None,
groups_assignments: Optional[Sequence[str]] = None,
groups_attribute: Optional[str] = None,
groups_filters: Optional[Sequence[str]] = None,
issuer_mode: Optional[str] = None,
max_clock_skew: Optional[int] = None,
name: Optional[str] = None,
profile_master: Optional[bool] = None,
protocol_type: Optional[str] = None,
provisioning_action: Optional[str] = None,
scopes: Optional[Sequence[str]] = None,
status: Optional[str] = None,
subject_match_attribute: Optional[str] = None,
subject_match_type: Optional[str] = None,
suspended_action: Optional[str] = None,
token_binding: Optional[str] = None,
token_url: Optional[str] = None,
type: Optional[str] = None,
username_template: Optional[str] = None) -> Social
func GetSocial(ctx *Context, name string, id IDInput, state *SocialState, opts ...ResourceOption) (*Social, error)
public static Social Get(string name, Input<string> id, SocialState? state, CustomResourceOptions? opts = null)
public static Social get(String name, Output<String> id, SocialState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Account
Link stringAction - Specifies the account linking action for an IdP user.
- Account
Link List<string>Group Includes - Group memberships to determine link candidates.
- Apple
Kid string - The Key ID that you obtained from Apple when you created the private key for the client.
- Apple
Private stringKey - The Key ID that you obtained from Apple when you created the private key for the client. PrivateKey is required when resource is first created. For all consecutive updates, it can be empty/omitted and keeps the existing value if it is empty/omitted. PrivateKey isn't returned when importing this resource.
- Apple
Team stringId - The Team ID associated with your Apple developer account.
- string
- The method of making an authorization request. It can be set to
"HTTP-POST"
or"HTTP-REDIRECT"
. - string
- IdP Authorization Server (AS) endpoint to request consent from the user and obtain an authorization code grant.
- Client
Id string - Unique identifier issued by AS for the Okta IdP instance.
- Client
Secret string - Client secret issued by AS for the Okta IdP instance.
- Deprovisioned
Action string - Action for a previously deprovisioned IdP user during authentication. Can be
"NONE"
or"REACTIVATE"
. - Groups
Action string - Provisioning action for IdP user's group memberships. It can be
"NONE"
,"SYNC"
,"APPEND"
, or"ASSIGN"
. - Groups
Assignments List<string> - List of Okta Group IDs to add an IdP user as a member with the
"ASSIGN"
groups_action
. - Groups
Attribute string - IdP user profile attribute name (case-insensitive) for an array value that contains group memberships.
- Groups
Filters List<string> - Whitelist of Okta Group identifiers that are allowed for the
"APPEND"
or"SYNC"
groups_action
. - Issuer
Mode string - Indicates whether Okta uses the original Okta org domain URL, or a custom domain URL. It can be
"ORG_URL"
or"CUSTOM_URL"
. - Max
Clock intSkew - Maximum allowable clock-skew when processing messages from the IdP.
- Name string
- The Application's display name.
- Profile
Master bool - Determines if the IdP should act as a source of truth for user profile attributes.
- Protocol
Type string - The type of protocol to use. It can be
"OIDC"
or"OAUTH2"
. - Provisioning
Action string - Provisioning action for an IdP user during authentication.
- Scopes List<string>
- The scopes of the IdP.
- Status string
- Status of the IdP.
- Subject
Match stringAttribute - Okta user profile attribute for matching transformed IdP username. Only for matchType
"CUSTOM_ATTRIBUTE"
. - Subject
Match stringType - Determines the Okta user profile attribute match conditions for account linking and authentication of the transformed IdP username. By default, it is set to
"USERNAME"
. It can be set to"USERNAME"
,"EMAIL"
,"USERNAME_OR_EMAIL"
or"CUSTOM_ATTRIBUTE"
. - Suspended
Action string - Action for a previously suspended IdP user during authentication. Can be set to
"NONE"
or"UNSUSPEND"
- Token
Binding string - The method of making a token request. It can be set to
"HTTP-POST"
or"HTTP-REDIRECT"
. - Token
Url string - IdP Authorization Server (AS) endpoint to exchange the authorization code grant for an access token.
- Type string
- The type of Social IdP. See API docs Identity Provider Type
- Username
Template string - Okta EL Expression to generate or transform a unique username for the IdP user.
- Account
Link stringAction - Specifies the account linking action for an IdP user.
- Account
Link []stringGroup Includes - Group memberships to determine link candidates.
- Apple
Kid string - The Key ID that you obtained from Apple when you created the private key for the client.
- Apple
Private stringKey - The Key ID that you obtained from Apple when you created the private key for the client. PrivateKey is required when resource is first created. For all consecutive updates, it can be empty/omitted and keeps the existing value if it is empty/omitted. PrivateKey isn't returned when importing this resource.
- Apple
Team stringId - The Team ID associated with your Apple developer account.
- string
- The method of making an authorization request. It can be set to
"HTTP-POST"
or"HTTP-REDIRECT"
. - string
- IdP Authorization Server (AS) endpoint to request consent from the user and obtain an authorization code grant.
- Client
Id string - Unique identifier issued by AS for the Okta IdP instance.
- Client
Secret string - Client secret issued by AS for the Okta IdP instance.
- Deprovisioned
Action string - Action for a previously deprovisioned IdP user during authentication. Can be
"NONE"
or"REACTIVATE"
. - Groups
Action string - Provisioning action for IdP user's group memberships. It can be
"NONE"
,"SYNC"
,"APPEND"
, or"ASSIGN"
. - Groups
Assignments []string - List of Okta Group IDs to add an IdP user as a member with the
"ASSIGN"
groups_action
. - Groups
Attribute string - IdP user profile attribute name (case-insensitive) for an array value that contains group memberships.
- Groups
Filters []string - Whitelist of Okta Group identifiers that are allowed for the
"APPEND"
or"SYNC"
groups_action
. - Issuer
Mode string - Indicates whether Okta uses the original Okta org domain URL, or a custom domain URL. It can be
"ORG_URL"
or"CUSTOM_URL"
. - Max
Clock intSkew - Maximum allowable clock-skew when processing messages from the IdP.
- Name string
- The Application's display name.
- Profile
Master bool - Determines if the IdP should act as a source of truth for user profile attributes.
- Protocol
Type string - The type of protocol to use. It can be
"OIDC"
or"OAUTH2"
. - Provisioning
Action string - Provisioning action for an IdP user during authentication.
- Scopes []string
- The scopes of the IdP.
- Status string
- Status of the IdP.
- Subject
Match stringAttribute - Okta user profile attribute for matching transformed IdP username. Only for matchType
"CUSTOM_ATTRIBUTE"
. - Subject
Match stringType - Determines the Okta user profile attribute match conditions for account linking and authentication of the transformed IdP username. By default, it is set to
"USERNAME"
. It can be set to"USERNAME"
,"EMAIL"
,"USERNAME_OR_EMAIL"
or"CUSTOM_ATTRIBUTE"
. - Suspended
Action string - Action for a previously suspended IdP user during authentication. Can be set to
"NONE"
or"UNSUSPEND"
- Token
Binding string - The method of making a token request. It can be set to
"HTTP-POST"
or"HTTP-REDIRECT"
. - Token
Url string - IdP Authorization Server (AS) endpoint to exchange the authorization code grant for an access token.
- Type string
- The type of Social IdP. See API docs Identity Provider Type
- Username
Template string - Okta EL Expression to generate or transform a unique username for the IdP user.
- account
Link StringAction - Specifies the account linking action for an IdP user.
- account
Link List<String>Group Includes - Group memberships to determine link candidates.
- apple
Kid String - The Key ID that you obtained from Apple when you created the private key for the client.
- apple
Private StringKey - The Key ID that you obtained from Apple when you created the private key for the client. PrivateKey is required when resource is first created. For all consecutive updates, it can be empty/omitted and keeps the existing value if it is empty/omitted. PrivateKey isn't returned when importing this resource.
- apple
Team StringId - The Team ID associated with your Apple developer account.
- String
- The method of making an authorization request. It can be set to
"HTTP-POST"
or"HTTP-REDIRECT"
. - String
- IdP Authorization Server (AS) endpoint to request consent from the user and obtain an authorization code grant.
- client
Id String - Unique identifier issued by AS for the Okta IdP instance.
- client
Secret String - Client secret issued by AS for the Okta IdP instance.
- deprovisioned
Action String - Action for a previously deprovisioned IdP user during authentication. Can be
"NONE"
or"REACTIVATE"
. - groups
Action String - Provisioning action for IdP user's group memberships. It can be
"NONE"
,"SYNC"
,"APPEND"
, or"ASSIGN"
. - groups
Assignments List<String> - List of Okta Group IDs to add an IdP user as a member with the
"ASSIGN"
groups_action
. - groups
Attribute String - IdP user profile attribute name (case-insensitive) for an array value that contains group memberships.
- groups
Filters List<String> - Whitelist of Okta Group identifiers that are allowed for the
"APPEND"
or"SYNC"
groups_action
. - issuer
Mode String - Indicates whether Okta uses the original Okta org domain URL, or a custom domain URL. It can be
"ORG_URL"
or"CUSTOM_URL"
. - max
Clock IntegerSkew - Maximum allowable clock-skew when processing messages from the IdP.
- name String
- The Application's display name.
- profile
Master Boolean - Determines if the IdP should act as a source of truth for user profile attributes.
- protocol
Type String - The type of protocol to use. It can be
"OIDC"
or"OAUTH2"
. - provisioning
Action String - Provisioning action for an IdP user during authentication.
- scopes List<String>
- The scopes of the IdP.
- status String
- Status of the IdP.
- subject
Match StringAttribute - Okta user profile attribute for matching transformed IdP username. Only for matchType
"CUSTOM_ATTRIBUTE"
. - subject
Match StringType - Determines the Okta user profile attribute match conditions for account linking and authentication of the transformed IdP username. By default, it is set to
"USERNAME"
. It can be set to"USERNAME"
,"EMAIL"
,"USERNAME_OR_EMAIL"
or"CUSTOM_ATTRIBUTE"
. - suspended
Action String - Action for a previously suspended IdP user during authentication. Can be set to
"NONE"
or"UNSUSPEND"
- token
Binding String - The method of making a token request. It can be set to
"HTTP-POST"
or"HTTP-REDIRECT"
. - token
Url String - IdP Authorization Server (AS) endpoint to exchange the authorization code grant for an access token.
- type String
- The type of Social IdP. See API docs Identity Provider Type
- username
Template String - Okta EL Expression to generate or transform a unique username for the IdP user.
- account
Link stringAction - Specifies the account linking action for an IdP user.
- account
Link string[]Group Includes - Group memberships to determine link candidates.
- apple
Kid string - The Key ID that you obtained from Apple when you created the private key for the client.
- apple
Private stringKey - The Key ID that you obtained from Apple when you created the private key for the client. PrivateKey is required when resource is first created. For all consecutive updates, it can be empty/omitted and keeps the existing value if it is empty/omitted. PrivateKey isn't returned when importing this resource.
- apple
Team stringId - The Team ID associated with your Apple developer account.
- string
- The method of making an authorization request. It can be set to
"HTTP-POST"
or"HTTP-REDIRECT"
. - string
- IdP Authorization Server (AS) endpoint to request consent from the user and obtain an authorization code grant.
- client
Id string - Unique identifier issued by AS for the Okta IdP instance.
- client
Secret string - Client secret issued by AS for the Okta IdP instance.
- deprovisioned
Action string - Action for a previously deprovisioned IdP user during authentication. Can be
"NONE"
or"REACTIVATE"
. - groups
Action string - Provisioning action for IdP user's group memberships. It can be
"NONE"
,"SYNC"
,"APPEND"
, or"ASSIGN"
. - groups
Assignments string[] - List of Okta Group IDs to add an IdP user as a member with the
"ASSIGN"
groups_action
. - groups
Attribute string - IdP user profile attribute name (case-insensitive) for an array value that contains group memberships.
- groups
Filters string[] - Whitelist of Okta Group identifiers that are allowed for the
"APPEND"
or"SYNC"
groups_action
. - issuer
Mode string - Indicates whether Okta uses the original Okta org domain URL, or a custom domain URL. It can be
"ORG_URL"
or"CUSTOM_URL"
. - max
Clock numberSkew - Maximum allowable clock-skew when processing messages from the IdP.
- name string
- The Application's display name.
- profile
Master boolean - Determines if the IdP should act as a source of truth for user profile attributes.
- protocol
Type string - The type of protocol to use. It can be
"OIDC"
or"OAUTH2"
. - provisioning
Action string - Provisioning action for an IdP user during authentication.
- scopes string[]
- The scopes of the IdP.
- status string
- Status of the IdP.
- subject
Match stringAttribute - Okta user profile attribute for matching transformed IdP username. Only for matchType
"CUSTOM_ATTRIBUTE"
. - subject
Match stringType - Determines the Okta user profile attribute match conditions for account linking and authentication of the transformed IdP username. By default, it is set to
"USERNAME"
. It can be set to"USERNAME"
,"EMAIL"
,"USERNAME_OR_EMAIL"
or"CUSTOM_ATTRIBUTE"
. - suspended
Action string - Action for a previously suspended IdP user during authentication. Can be set to
"NONE"
or"UNSUSPEND"
- token
Binding string - The method of making a token request. It can be set to
"HTTP-POST"
or"HTTP-REDIRECT"
. - token
Url string - IdP Authorization Server (AS) endpoint to exchange the authorization code grant for an access token.
- type string
- The type of Social IdP. See API docs Identity Provider Type
- username
Template string - Okta EL Expression to generate or transform a unique username for the IdP user.
- account_
link_ straction - Specifies the account linking action for an IdP user.
- account_
link_ Sequence[str]group_ includes - Group memberships to determine link candidates.
- apple_
kid str - The Key ID that you obtained from Apple when you created the private key for the client.
- apple_
private_ strkey - The Key ID that you obtained from Apple when you created the private key for the client. PrivateKey is required when resource is first created. For all consecutive updates, it can be empty/omitted and keeps the existing value if it is empty/omitted. PrivateKey isn't returned when importing this resource.
- apple_
team_ strid - The Team ID associated with your Apple developer account.
- str
- The method of making an authorization request. It can be set to
"HTTP-POST"
or"HTTP-REDIRECT"
. - str
- IdP Authorization Server (AS) endpoint to request consent from the user and obtain an authorization code grant.
- client_
id str - Unique identifier issued by AS for the Okta IdP instance.
- client_
secret str - Client secret issued by AS for the Okta IdP instance.
- deprovisioned_
action str - Action for a previously deprovisioned IdP user during authentication. Can be
"NONE"
or"REACTIVATE"
. - groups_
action str - Provisioning action for IdP user's group memberships. It can be
"NONE"
,"SYNC"
,"APPEND"
, or"ASSIGN"
. - groups_
assignments Sequence[str] - List of Okta Group IDs to add an IdP user as a member with the
"ASSIGN"
groups_action
. - groups_
attribute str - IdP user profile attribute name (case-insensitive) for an array value that contains group memberships.
- groups_
filters Sequence[str] - Whitelist of Okta Group identifiers that are allowed for the
"APPEND"
or"SYNC"
groups_action
. - issuer_
mode str - Indicates whether Okta uses the original Okta org domain URL, or a custom domain URL. It can be
"ORG_URL"
or"CUSTOM_URL"
. - max_
clock_ intskew - Maximum allowable clock-skew when processing messages from the IdP.
- name str
- The Application's display name.
- profile_
master bool - Determines if the IdP should act as a source of truth for user profile attributes.
- protocol_
type str - The type of protocol to use. It can be
"OIDC"
or"OAUTH2"
. - provisioning_
action str - Provisioning action for an IdP user during authentication.
- scopes Sequence[str]
- The scopes of the IdP.
- status str
- Status of the IdP.
- subject_
match_ strattribute - Okta user profile attribute for matching transformed IdP username. Only for matchType
"CUSTOM_ATTRIBUTE"
. - subject_
match_ strtype - Determines the Okta user profile attribute match conditions for account linking and authentication of the transformed IdP username. By default, it is set to
"USERNAME"
. It can be set to"USERNAME"
,"EMAIL"
,"USERNAME_OR_EMAIL"
or"CUSTOM_ATTRIBUTE"
. - suspended_
action str - Action for a previously suspended IdP user during authentication. Can be set to
"NONE"
or"UNSUSPEND"
- token_
binding str - The method of making a token request. It can be set to
"HTTP-POST"
or"HTTP-REDIRECT"
. - token_
url str - IdP Authorization Server (AS) endpoint to exchange the authorization code grant for an access token.
- type str
- The type of Social IdP. See API docs Identity Provider Type
- username_
template str - Okta EL Expression to generate or transform a unique username for the IdP user.
- account
Link StringAction - Specifies the account linking action for an IdP user.
- account
Link List<String>Group Includes - Group memberships to determine link candidates.
- apple
Kid String - The Key ID that you obtained from Apple when you created the private key for the client.
- apple
Private StringKey - The Key ID that you obtained from Apple when you created the private key for the client. PrivateKey is required when resource is first created. For all consecutive updates, it can be empty/omitted and keeps the existing value if it is empty/omitted. PrivateKey isn't returned when importing this resource.
- apple
Team StringId - The Team ID associated with your Apple developer account.
- String
- The method of making an authorization request. It can be set to
"HTTP-POST"
or"HTTP-REDIRECT"
. - String
- IdP Authorization Server (AS) endpoint to request consent from the user and obtain an authorization code grant.
- client
Id String - Unique identifier issued by AS for the Okta IdP instance.
- client
Secret String - Client secret issued by AS for the Okta IdP instance.
- deprovisioned
Action String - Action for a previously deprovisioned IdP user during authentication. Can be
"NONE"
or"REACTIVATE"
. - groups
Action String - Provisioning action for IdP user's group memberships. It can be
"NONE"
,"SYNC"
,"APPEND"
, or"ASSIGN"
. - groups
Assignments List<String> - List of Okta Group IDs to add an IdP user as a member with the
"ASSIGN"
groups_action
. - groups
Attribute String - IdP user profile attribute name (case-insensitive) for an array value that contains group memberships.
- groups
Filters List<String> - Whitelist of Okta Group identifiers that are allowed for the
"APPEND"
or"SYNC"
groups_action
. - issuer
Mode String - Indicates whether Okta uses the original Okta org domain URL, or a custom domain URL. It can be
"ORG_URL"
or"CUSTOM_URL"
. - max
Clock NumberSkew - Maximum allowable clock-skew when processing messages from the IdP.
- name String
- The Application's display name.
- profile
Master Boolean - Determines if the IdP should act as a source of truth for user profile attributes.
- protocol
Type String - The type of protocol to use. It can be
"OIDC"
or"OAUTH2"
. - provisioning
Action String - Provisioning action for an IdP user during authentication.
- scopes List<String>
- The scopes of the IdP.
- status String
- Status of the IdP.
- subject
Match StringAttribute - Okta user profile attribute for matching transformed IdP username. Only for matchType
"CUSTOM_ATTRIBUTE"
. - subject
Match StringType - Determines the Okta user profile attribute match conditions for account linking and authentication of the transformed IdP username. By default, it is set to
"USERNAME"
. It can be set to"USERNAME"
,"EMAIL"
,"USERNAME_OR_EMAIL"
or"CUSTOM_ATTRIBUTE"
. - suspended
Action String - Action for a previously suspended IdP user during authentication. Can be set to
"NONE"
or"UNSUSPEND"
- token
Binding String - The method of making a token request. It can be set to
"HTTP-POST"
or"HTTP-REDIRECT"
. - token
Url String - IdP Authorization Server (AS) endpoint to exchange the authorization code grant for an access token.
- type String
- The type of Social IdP. See API docs Identity Provider Type
- username
Template String - Okta EL Expression to generate or transform a unique username for the IdP user.
Import
A Social IdP can be imported via the Okta ID.
$ pulumi import okta:idp/social:Social example <idp id>
Package Details
- Repository
- Okta pulumi/pulumi-okta
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
okta
Terraform Provider.