Come join Pulumi for the industry's first Cloud Engineering Summit! October 7–8. Save Your Spot

auth

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-okta repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-okta repo.

class pulumi_okta.auth.AwaitableGetServerResult(audiences=None, credentials_last_rotated=None, credentials_next_rotation=None, credentials_rotation_mode=None, description=None, id=None, kid=None, name=None, status=None)
class pulumi_okta.auth.GetServerResult(audiences=None, credentials_last_rotated=None, credentials_next_rotation=None, credentials_rotation_mode=None, description=None, id=None, kid=None, name=None, status=None)

A collection of values returned by getServer.

audiences = None

array of audiences,

credentials_last_rotated = None

last time credentials were rotated.

credentials_next_rotation = None

next time credentials will be rotated

credentials_rotation_mode = None

mode of credential rotation, auto or manual.

description = None

description of Authorization server.

id = None

The provider-assigned unique ID for this managed resource.

kid = None

auth server key id.

name = None

The name of the auth server.

status = None

the activation status of the authorization server.

class pulumi_okta.auth.Server(resource_name, opts=None, audiences=None, credentials_rotation_mode=None, description=None, issuer_mode=None, name=None, status=None, __props__=None, __name__=None, __opts__=None)

Creates an Authorization Server.

This resource allows you to create and configure an Authorization Server.

import pulumi
import pulumi_okta as okta

example = okta.auth.Server("example",
    audiences=["api://example"],
    description="My Example Auth Server",
    issuer_mode="CUSTOM_URL",
    status="ACTIVE")
Parameters
  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • audiences (pulumi.Input[list]) – The recipients that the tokens are intended for. This becomes the aud claim in an access token.

  • credentials_rotation_mode (pulumi.Input[str]) – The key rotation mode for the authorization server. Can be "AUTO" or "MANUAL".

  • description (pulumi.Input[str]) – The description of the authorization server.

  • issuer_mode (pulumi.Input[str]) – Allows you to use a custom issuer URL. It can be set to "CUSTOM_URL" or "ORG_URL"

  • name (pulumi.Input[str]) – The name of the authorization server.

  • status (pulumi.Input[str]) – The status of the auth server. It defaults to "ACTIVE"

audiences: pulumi.Output[list] = None

The recipients that the tokens are intended for. This becomes the aud claim in an access token.

credentials_last_rotated: pulumi.Output[str] = None

The timestamp when the authorization server started to use the kid for signing tokens.

credentials_next_rotation: pulumi.Output[str] = None

The timestamp when the authorization server changes the key for signing tokens. Only returned when credentials_rotation_mode is "AUTO".

credentials_rotation_mode: pulumi.Output[str] = None

The key rotation mode for the authorization server. Can be "AUTO" or "MANUAL".

description: pulumi.Output[str] = None

The description of the authorization server.

issuer: pulumi.Output[str] = None

The complete URL for a Custom Authorization Server. This becomes the iss claim in an access token.

issuer_mode: pulumi.Output[str] = None

Allows you to use a custom issuer URL. It can be set to "CUSTOM_URL" or "ORG_URL"

kid: pulumi.Output[str] = None

The ID of the JSON Web Key used for signing tokens issued by the authorization server.

name: pulumi.Output[str] = None

The name of the authorization server.

status: pulumi.Output[str] = None

The status of the auth server. It defaults to "ACTIVE"

static get(resource_name, id, opts=None, audiences=None, credentials_last_rotated=None, credentials_next_rotation=None, credentials_rotation_mode=None, description=None, issuer=None, issuer_mode=None, kid=None, name=None, status=None)

Get an existing Server resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters
  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • audiences (pulumi.Input[list]) – The recipients that the tokens are intended for. This becomes the aud claim in an access token.

  • credentials_last_rotated (pulumi.Input[str]) – The timestamp when the authorization server started to use the kid for signing tokens.

  • credentials_next_rotation (pulumi.Input[str]) – The timestamp when the authorization server changes the key for signing tokens. Only returned when credentials_rotation_mode is "AUTO".

  • credentials_rotation_mode (pulumi.Input[str]) – The key rotation mode for the authorization server. Can be "AUTO" or "MANUAL".

  • description (pulumi.Input[str]) – The description of the authorization server.

  • issuer (pulumi.Input[str]) – The complete URL for a Custom Authorization Server. This becomes the iss claim in an access token.

  • issuer_mode (pulumi.Input[str]) – Allows you to use a custom issuer URL. It can be set to "CUSTOM_URL" or "ORG_URL"

  • kid (pulumi.Input[str]) – The ID of the JSON Web Key used for signing tokens issued by the authorization server.

  • name (pulumi.Input[str]) – The name of the authorization server.

  • status (pulumi.Input[str]) – The status of the auth server. It defaults to "ACTIVE"

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_okta.auth.ServerClaim(resource_name, opts=None, always_include_in_token=None, auth_server_id=None, claim_type=None, group_filter_type=None, name=None, scopes=None, status=None, value=None, value_type=None, __props__=None, __name__=None, __opts__=None)

Creates an Authorization Server Claim.

This resource allows you to create and configure an Authorization Server Claim.

import pulumi
import pulumi_okta as okta

example = okta.auth.ServerClaim("example",
    auth_server_id="<auth server id>",
    claim_type="IDENTITY",
    scopes=[okta_auth_server_scope["example"]["name"]],
    value="String.substringAfter(user.email, "@") == "example.com"")
Parameters
  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • always_include_in_token (pulumi.Input[bool]) – Specifies whether to include claims in token, by default is is set to true.

  • auth_server_id (pulumi.Input[str]) – The Application’s display name.

  • claim_type (pulumi.Input[str]) – Specifies whether the claim is for an access token "RESOURCE" or ID token "IDENTITY".

  • group_filter_type (pulumi.Input[str]) – Specifies the type of group filter if value_type is "GROUPS". Can be set to one of the following "STARTS_WITH", "EQUALS", "CONTAINS", "REGEX".

  • name (pulumi.Input[str]) – The name of the claim.

  • scopes (pulumi.Input[list]) – The list of scopes the auth server claim is tied to.

  • status (pulumi.Input[str]) – The status of the application. It defaults to "ACTIVE".

  • value (pulumi.Input[str]) – The value of the claim.

  • value_type (pulumi.Input[str]) – The type of value of the claim. It can be set to "EXPRESSION" or "GROUPS". It defaults to "EXPRESSION".

always_include_in_token: pulumi.Output[bool] = None

Specifies whether to include claims in token, by default is is set to true.

auth_server_id: pulumi.Output[str] = None

The Application’s display name.

claim_type: pulumi.Output[str] = None

Specifies whether the claim is for an access token "RESOURCE" or ID token "IDENTITY".

group_filter_type: pulumi.Output[str] = None

Specifies the type of group filter if value_type is "GROUPS". Can be set to one of the following "STARTS_WITH", "EQUALS", "CONTAINS", "REGEX".

name: pulumi.Output[str] = None

The name of the claim.

scopes: pulumi.Output[list] = None

The list of scopes the auth server claim is tied to.

status: pulumi.Output[str] = None

The status of the application. It defaults to "ACTIVE".

value: pulumi.Output[str] = None

The value of the claim.

value_type: pulumi.Output[str] = None

The type of value of the claim. It can be set to "EXPRESSION" or "GROUPS". It defaults to "EXPRESSION".

static get(resource_name, id, opts=None, always_include_in_token=None, auth_server_id=None, claim_type=None, group_filter_type=None, name=None, scopes=None, status=None, value=None, value_type=None)

Get an existing ServerClaim resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters
  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • always_include_in_token (pulumi.Input[bool]) – Specifies whether to include claims in token, by default is is set to true.

  • auth_server_id (pulumi.Input[str]) – The Application’s display name.

  • claim_type (pulumi.Input[str]) – Specifies whether the claim is for an access token "RESOURCE" or ID token "IDENTITY".

  • group_filter_type (pulumi.Input[str]) – Specifies the type of group filter if value_type is "GROUPS". Can be set to one of the following "STARTS_WITH", "EQUALS", "CONTAINS", "REGEX".

  • name (pulumi.Input[str]) – The name of the claim.

  • scopes (pulumi.Input[list]) – The list of scopes the auth server claim is tied to.

  • status (pulumi.Input[str]) – The status of the application. It defaults to "ACTIVE".

  • value (pulumi.Input[str]) – The value of the claim.

  • value_type (pulumi.Input[str]) – The type of value of the claim. It can be set to "EXPRESSION" or "GROUPS". It defaults to "EXPRESSION".

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_okta.auth.ServerPolicy(resource_name, opts=None, auth_server_id=None, client_whitelists=None, description=None, name=None, priority=None, status=None, type=None, __props__=None, __name__=None, __opts__=None)

Creates an Authorization Server Policy.

This resource allows you to create and configure an Authorization Server Policy.

import pulumi
import pulumi_okta as okta

example = okta.auth.ServerPolicy("example",
    auth_server_id="<auth server id>",
    client_whitelists=["ALL_CLIENTS"],
    description="example",
    priority=1,
    status="ACTIVE")
Parameters
  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • auth_server_id (pulumi.Input[str]) – The ID of the Auth Server.

  • client_whitelists (pulumi.Input[list]) – The clients to whitelist the policy for. ["ALL_CLIENTS"] is a special value that can be used to whitelist for all clients. Otherwise it is a list of client ids.

  • description (pulumi.Input[str]) – The description of the Auth Server Policy.

  • name (pulumi.Input[str]) – The name of the Auth Server Policy.

  • priority (pulumi.Input[float]) – The priority of the Auth Server Policy.

  • status (pulumi.Input[str]) – The status of the Auth Server Policy.

  • type (pulumi.Input[str]) – The type of the Auth Server Policy.

auth_server_id: pulumi.Output[str] = None

The ID of the Auth Server.

client_whitelists: pulumi.Output[list] = None

The clients to whitelist the policy for. ["ALL_CLIENTS"] is a special value that can be used to whitelist for all clients. Otherwise it is a list of client ids.

description: pulumi.Output[str] = None

The description of the Auth Server Policy.

name: pulumi.Output[str] = None

The name of the Auth Server Policy.

priority: pulumi.Output[float] = None

The priority of the Auth Server Policy.

status: pulumi.Output[str] = None

The status of the Auth Server Policy.

type: pulumi.Output[str] = None

The type of the Auth Server Policy.

static get(resource_name, id, opts=None, auth_server_id=None, client_whitelists=None, description=None, name=None, priority=None, status=None, type=None)

Get an existing ServerPolicy resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters
  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • auth_server_id (pulumi.Input[str]) – The ID of the Auth Server.

  • client_whitelists (pulumi.Input[list]) – The clients to whitelist the policy for. ["ALL_CLIENTS"] is a special value that can be used to whitelist for all clients. Otherwise it is a list of client ids.

  • description (pulumi.Input[str]) – The description of the Auth Server Policy.

  • name (pulumi.Input[str]) – The name of the Auth Server Policy.

  • priority (pulumi.Input[float]) – The priority of the Auth Server Policy.

  • status (pulumi.Input[str]) – The status of the Auth Server Policy.

  • type (pulumi.Input[str]) – The type of the Auth Server Policy.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_okta.auth.ServerPolicyClaim(resource_name, opts=None, access_token_lifetime_minutes=None, auth_server_id=None, grant_type_whitelists=None, group_blacklists=None, group_whitelists=None, inline_hook_id=None, name=None, policy_id=None, priority=None, refresh_token_lifetime_minutes=None, refresh_token_window_minutes=None, scope_whitelists=None, status=None, type=None, user_blacklists=None, user_whitelists=None, __props__=None, __name__=None, __opts__=None)

Creates an Authorization Server Policy Rule.

This resource allows you to create and configure an Authorization Server Policy Rule.

import pulumi
import pulumi_okta as okta

example = okta.auth.ServerPolicyClaim("example",
    auth_server_id="<auth server id>",
    grant_type_whitelists=["implicit"],
    group_whitelists=["<group ids>"],
    policy_id="<auth server policy id>",
    priority=1,
    status="ACTIVE")
Parameters
  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • access_token_lifetime_minutes (pulumi.Input[float]) – Lifetime of access token. Can be set to a value between 5 and 1440.

  • auth_server_id (pulumi.Input[str]) – Auth Server ID.

  • grant_type_whitelists (pulumi.Input[list]) – Accepted grant type values, "authorization_code", "implicit", "password"

  • inline_hook_id (pulumi.Input[str]) – The ID of the inline token to trigger.

  • name (pulumi.Input[str]) – Auth Server Policy Rule name.

  • policy_id (pulumi.Input[str]) – Auth Server Policy ID.

  • priority (pulumi.Input[float]) – Priority of the auth server policy rule.

  • refresh_token_lifetime_minutes (pulumi.Input[float]) – Lifetime of refresh token.

  • scope_whitelists (pulumi.Input[list]) – Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with "*".

  • status (pulumi.Input[str]) – The status of the Auth Server Policy Rule.

  • type (pulumi.Input[str]) – The type of the Auth Server Policy Rule.

access_token_lifetime_minutes: pulumi.Output[float] = None

Lifetime of access token. Can be set to a value between 5 and 1440.

auth_server_id: pulumi.Output[str] = None

Auth Server ID.

grant_type_whitelists: pulumi.Output[list] = None

Accepted grant type values, "authorization_code", "implicit", "password"

inline_hook_id: pulumi.Output[str] = None

The ID of the inline token to trigger.

name: pulumi.Output[str] = None

Auth Server Policy Rule name.

policy_id: pulumi.Output[str] = None

Auth Server Policy ID.

priority: pulumi.Output[float] = None

Priority of the auth server policy rule.

refresh_token_lifetime_minutes: pulumi.Output[float] = None

Lifetime of refresh token.

scope_whitelists: pulumi.Output[list] = None

Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with "*".

status: pulumi.Output[str] = None

The status of the Auth Server Policy Rule.

type: pulumi.Output[str] = None

The type of the Auth Server Policy Rule.

static get(resource_name, id, opts=None, access_token_lifetime_minutes=None, auth_server_id=None, grant_type_whitelists=None, group_blacklists=None, group_whitelists=None, inline_hook_id=None, name=None, policy_id=None, priority=None, refresh_token_lifetime_minutes=None, refresh_token_window_minutes=None, scope_whitelists=None, status=None, type=None, user_blacklists=None, user_whitelists=None)

Get an existing ServerPolicyClaim resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters
  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • access_token_lifetime_minutes (pulumi.Input[float]) – Lifetime of access token. Can be set to a value between 5 and 1440.

  • auth_server_id (pulumi.Input[str]) – Auth Server ID.

  • grant_type_whitelists (pulumi.Input[list]) – Accepted grant type values, "authorization_code", "implicit", "password"

  • inline_hook_id (pulumi.Input[str]) – The ID of the inline token to trigger.

  • name (pulumi.Input[str]) – Auth Server Policy Rule name.

  • policy_id (pulumi.Input[str]) – Auth Server Policy ID.

  • priority (pulumi.Input[float]) – Priority of the auth server policy rule.

  • refresh_token_lifetime_minutes (pulumi.Input[float]) – Lifetime of refresh token.

  • scope_whitelists (pulumi.Input[list]) – Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with "*".

  • status (pulumi.Input[str]) – The status of the Auth Server Policy Rule.

  • type (pulumi.Input[str]) – The type of the Auth Server Policy Rule.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_okta.auth.ServerScope(resource_name, opts=None, auth_server_id=None, consent=None, default=None, description=None, metadata_publish=None, name=None, __props__=None, __name__=None, __opts__=None)

Creates an Authorization Server Scope.

This resource allows you to create and configure an Authorization Server Scope.

import pulumi
import pulumi_okta as okta

example = okta.auth.ServerScope("example",
    auth_server_id="<auth server id>",
    consent="IMPLICIT",
    metadata_publish="NO_CLIENTS")
Parameters
  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • auth_server_id (pulumi.Input[str]) – Auth Server ID.

  • consent (pulumi.Input[str]) – Indicates whether a consent dialog is needed for the scope. It can be set to "REQUIRED" or "IMPLICIT".

  • default (pulumi.Input[bool]) – A default scope will be returned in an access token when the client omits the scope parameter in a token request, provided this scope is allowed as part of the access policy rule.

  • description (pulumi.Input[str]) – Description of the Auth Server Scope.

  • metadata_publish (pulumi.Input[str]) – Whether to publish metadata or not. It can be set to "ALL_CLIENTS" or "NO_CLIENTS".

  • name (pulumi.Input[str]) – Auth Server scope name.

auth_server_id: pulumi.Output[str] = None

Auth Server ID.

consent: pulumi.Output[str] = None

Indicates whether a consent dialog is needed for the scope. It can be set to "REQUIRED" or "IMPLICIT".

default: pulumi.Output[bool] = None

A default scope will be returned in an access token when the client omits the scope parameter in a token request, provided this scope is allowed as part of the access policy rule.

description: pulumi.Output[str] = None

Description of the Auth Server Scope.

metadata_publish: pulumi.Output[str] = None

Whether to publish metadata or not. It can be set to "ALL_CLIENTS" or "NO_CLIENTS".

name: pulumi.Output[str] = None

Auth Server scope name.

static get(resource_name, id, opts=None, auth_server_id=None, consent=None, default=None, description=None, metadata_publish=None, name=None)

Get an existing ServerScope resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters
  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • auth_server_id (pulumi.Input[str]) – Auth Server ID.

  • consent (pulumi.Input[str]) – Indicates whether a consent dialog is needed for the scope. It can be set to "REQUIRED" or "IMPLICIT".

  • default (pulumi.Input[bool]) – A default scope will be returned in an access token when the client omits the scope parameter in a token request, provided this scope is allowed as part of the access policy rule.

  • description (pulumi.Input[str]) – Description of the Auth Server Scope.

  • metadata_publish (pulumi.Input[str]) – Whether to publish metadata or not. It can be set to "ALL_CLIENTS" or "NO_CLIENTS".

  • name (pulumi.Input[str]) – Auth Server scope name.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

pulumi_okta.auth.get_server(name=None, opts=None)

Use this data source to retrieve an auth server from Okta.

import pulumi
import pulumi_okta as okta

example = okta.auth.get_server(name="Example Auth")
Parameters

name (str) – The name of the auth server to retrieve.