auth

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-okta repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-okta repo.

class pulumi_okta.auth.AwaitableGetServerResult(audiences=None, credentials_last_rotated=None, credentials_next_rotation=None, credentials_rotation_mode=None, description=None, kid=None, name=None, status=None, id=None)
class pulumi_okta.auth.GetServerResult(audiences=None, credentials_last_rotated=None, credentials_next_rotation=None, credentials_rotation_mode=None, description=None, kid=None, name=None, status=None, id=None)

A collection of values returned by getServer.

audiences = None

array of audiences,

credentials_last_rotated = None

last time credentials were rotated.

credentials_next_rotation = None

next time credentials will be rotated

credentials_rotation_mode = None

mode of credential rotation, auto or manual.

description = None

description of Authorization server.

kid = None

auth server key id.

name = None

The name of the auth server.

status = None

the activation status of the authorization server.

id = None

id is the provider-assigned unique ID for this managed resource.

class pulumi_okta.auth.Server(resource_name, opts=None, audiences=None, credentials_rotation_mode=None, description=None, issuer_mode=None, name=None, status=None, __props__=None, __name__=None, __opts__=None)

Creates an Authorization Server.

This resource allows you to create and configure an Authorization Server.

Parameters
  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • audiences (pulumi.Input[list]) – The recipients that the tokens are intended for. This becomes the aud claim in an access token.

  • credentials_rotation_mode (pulumi.Input[str]) – The key rotation mode for the authorization server. Can be "AUTO" or "MANUAL".

  • description (pulumi.Input[str]) – The description of the authorization server.

  • issuer_mode (pulumi.Input[str]) – Allows you to use a custom issuer URL. It can be set to "CUSTOM_URL" or "ORG_URL"

  • name (pulumi.Input[str]) – The name of the authorization server.

  • status (pulumi.Input[str]) – The status of the auth server. It defaults to "ACTIVE"

audiences = None

The recipients that the tokens are intended for. This becomes the aud claim in an access token.

credentials_last_rotated = None

The timestamp when the authorization server started to use the kid for signing tokens.

credentials_next_rotation = None

The timestamp when the authorization server changes the key for signing tokens. Only returned when credentials_rotation_mode is "AUTO".

credentials_rotation_mode = None

The key rotation mode for the authorization server. Can be "AUTO" or "MANUAL".

description = None

The description of the authorization server.

issuer = None

The complete URL for a Custom Authorization Server. This becomes the iss claim in an access token.

issuer_mode = None

Allows you to use a custom issuer URL. It can be set to "CUSTOM_URL" or "ORG_URL"

kid = None

The ID of the JSON Web Key used for signing tokens issued by the authorization server.

name = None

The name of the authorization server.

status = None

The status of the auth server. It defaults to "ACTIVE"

static get(resource_name, id, opts=None, audiences=None, credentials_last_rotated=None, credentials_next_rotation=None, credentials_rotation_mode=None, description=None, issuer=None, issuer_mode=None, kid=None, name=None, status=None)

Get an existing Server resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters
  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • audiences (pulumi.Input[list]) – The recipients that the tokens are intended for. This becomes the aud claim in an access token.

  • credentials_last_rotated (pulumi.Input[str]) – The timestamp when the authorization server started to use the kid for signing tokens.

  • credentials_next_rotation (pulumi.Input[str]) – The timestamp when the authorization server changes the key for signing tokens. Only returned when credentials_rotation_mode is "AUTO".

  • credentials_rotation_mode (pulumi.Input[str]) – The key rotation mode for the authorization server. Can be "AUTO" or "MANUAL".

  • description (pulumi.Input[str]) – The description of the authorization server.

  • issuer (pulumi.Input[str]) – The complete URL for a Custom Authorization Server. This becomes the iss claim in an access token.

  • issuer_mode (pulumi.Input[str]) – Allows you to use a custom issuer URL. It can be set to "CUSTOM_URL" or "ORG_URL"

  • kid (pulumi.Input[str]) – The ID of the JSON Web Key used for signing tokens issued by the authorization server.

  • name (pulumi.Input[str]) – The name of the authorization server.

  • status (pulumi.Input[str]) – The status of the auth server. It defaults to "ACTIVE"

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_okta.auth.ServerClaim(resource_name, opts=None, always_include_in_token=None, auth_server_id=None, claim_type=None, group_filter_type=None, name=None, scopes=None, status=None, value=None, value_type=None, __props__=None, __name__=None, __opts__=None)

Creates an Authorization Server Claim.

This resource allows you to create and configure an Authorization Server Claim.

Parameters
  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • always_include_in_token (pulumi.Input[bool]) – Specifies whether to include claims in token, by default is is set to true.

  • auth_server_id (pulumi.Input[str]) – The Application’s display name.

  • claim_type (pulumi.Input[str]) – Specifies whether the claim is for an access token "RESOURCE" or ID token "IDENTITY".

  • group_filter_type (pulumi.Input[str]) – Specifies the type of group filter if value_type is "GROUPS". Can be set to one of the following "STARTS_WITH", "EQUALS", "CONTAINS", "REGEX".

  • name (pulumi.Input[str]) – The name of the claim.

  • scopes (pulumi.Input[list]) – The list of scopes the auth server claim is tied to.

  • status (pulumi.Input[str]) – The status of the application. It defaults to "ACTIVE".

  • value (pulumi.Input[str]) – The value of the claim.

  • value_type (pulumi.Input[str]) – The type of value of the claim. It can be set to "EXPRESSION" or "GROUPS". It defaults to "EXPRESSION".

always_include_in_token = None

Specifies whether to include claims in token, by default is is set to true.

auth_server_id = None

The Application’s display name.

claim_type = None

Specifies whether the claim is for an access token "RESOURCE" or ID token "IDENTITY".

group_filter_type = None

Specifies the type of group filter if value_type is "GROUPS". Can be set to one of the following "STARTS_WITH", "EQUALS", "CONTAINS", "REGEX".

name = None

The name of the claim.

scopes = None

The list of scopes the auth server claim is tied to.

status = None

The status of the application. It defaults to "ACTIVE".

value = None

The value of the claim.

value_type = None

The type of value of the claim. It can be set to "EXPRESSION" or "GROUPS". It defaults to "EXPRESSION".

static get(resource_name, id, opts=None, always_include_in_token=None, auth_server_id=None, claim_type=None, group_filter_type=None, name=None, scopes=None, status=None, value=None, value_type=None)

Get an existing ServerClaim resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters
  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • always_include_in_token (pulumi.Input[bool]) – Specifies whether to include claims in token, by default is is set to true.

  • auth_server_id (pulumi.Input[str]) – The Application’s display name.

  • claim_type (pulumi.Input[str]) – Specifies whether the claim is for an access token "RESOURCE" or ID token "IDENTITY".

  • group_filter_type (pulumi.Input[str]) – Specifies the type of group filter if value_type is "GROUPS". Can be set to one of the following "STARTS_WITH", "EQUALS", "CONTAINS", "REGEX".

  • name (pulumi.Input[str]) – The name of the claim.

  • scopes (pulumi.Input[list]) – The list of scopes the auth server claim is tied to.

  • status (pulumi.Input[str]) – The status of the application. It defaults to "ACTIVE".

  • value (pulumi.Input[str]) – The value of the claim.

  • value_type (pulumi.Input[str]) – The type of value of the claim. It can be set to "EXPRESSION" or "GROUPS". It defaults to "EXPRESSION".

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_okta.auth.ServerPolicy(resource_name, opts=None, auth_server_id=None, client_whitelists=None, description=None, name=None, priority=None, status=None, type=None, __props__=None, __name__=None, __opts__=None)

Creates an Authorization Server Policy.

This resource allows you to create and configure an Authorization Server Policy.

Parameters
  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • auth_server_id (pulumi.Input[str]) – The ID of the Auth Server.

  • client_whitelists (pulumi.Input[list]) – The clients to whitelist the policy for. ["ALL_CLIENTS"] is a special value that can be used to whitelist for all clients. Otherwise it is a list of client ids.

  • description (pulumi.Input[str]) – The description of the Auth Server Policy.

  • name (pulumi.Input[str]) – The name of the Auth Server Policy.

  • priority (pulumi.Input[float]) – The priority of the Auth Server Policy.

  • status (pulumi.Input[str]) – The status of the Auth Server Policy.

  • type (pulumi.Input[str]) – The type of the Auth Server Policy.

auth_server_id = None

The ID of the Auth Server.

client_whitelists = None

The clients to whitelist the policy for. ["ALL_CLIENTS"] is a special value that can be used to whitelist for all clients. Otherwise it is a list of client ids.

description = None

The description of the Auth Server Policy.

name = None

The name of the Auth Server Policy.

priority = None

The priority of the Auth Server Policy.

status = None

The status of the Auth Server Policy.

type = None

The type of the Auth Server Policy.

static get(resource_name, id, opts=None, auth_server_id=None, client_whitelists=None, description=None, name=None, priority=None, status=None, type=None)

Get an existing ServerPolicy resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters
  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • auth_server_id (pulumi.Input[str]) – The ID of the Auth Server.

  • client_whitelists (pulumi.Input[list]) – The clients to whitelist the policy for. ["ALL_CLIENTS"] is a special value that can be used to whitelist for all clients. Otherwise it is a list of client ids.

  • description (pulumi.Input[str]) – The description of the Auth Server Policy.

  • name (pulumi.Input[str]) – The name of the Auth Server Policy.

  • priority (pulumi.Input[float]) – The priority of the Auth Server Policy.

  • status (pulumi.Input[str]) – The status of the Auth Server Policy.

  • type (pulumi.Input[str]) – The type of the Auth Server Policy.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_okta.auth.ServerPolicyClaim(resource_name, opts=None, access_token_lifetime_minutes=None, auth_server_id=None, grant_type_whitelists=None, group_blacklists=None, group_whitelists=None, inline_hook_id=None, name=None, policy_id=None, priority=None, refresh_token_lifetime_minutes=None, refresh_token_window_minutes=None, scope_whitelists=None, status=None, type=None, user_blacklists=None, user_whitelists=None, __props__=None, __name__=None, __opts__=None)

Creates an Authorization Server Policy Rule.

This resource allows you to create and configure an Authorization Server Policy Rule.

Parameters
  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • access_token_lifetime_minutes (pulumi.Input[float]) – Lifetime of access token. Can be set to a value between 5 and 1440.

  • auth_server_id (pulumi.Input[str]) – Auth Server ID.

  • grant_type_whitelists (pulumi.Input[list]) – Accepted grant type values, "authorization_code", "implicit", "password"

  • inline_hook_id (pulumi.Input[str]) – The ID of the inline token to trigger.

  • name (pulumi.Input[str]) – Auth Server Policy Rule name.

  • policy_id (pulumi.Input[str]) – Auth Server Policy ID.

  • priority (pulumi.Input[float]) – Priority of the auth server policy rule.

  • refresh_token_lifetime_minutes (pulumi.Input[float]) – Lifetime of refresh token.

  • scope_whitelists (pulumi.Input[list]) – Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with "*".

  • status (pulumi.Input[str]) – The status of the Auth Server Policy Rule.

  • type (pulumi.Input[str]) – The type of the Auth Server Policy Rule.

access_token_lifetime_minutes = None

Lifetime of access token. Can be set to a value between 5 and 1440.

auth_server_id = None

Auth Server ID.

grant_type_whitelists = None

Accepted grant type values, "authorization_code", "implicit", "password"

inline_hook_id = None

The ID of the inline token to trigger.

name = None

Auth Server Policy Rule name.

policy_id = None

Auth Server Policy ID.

priority = None

Priority of the auth server policy rule.

refresh_token_lifetime_minutes = None

Lifetime of refresh token.

scope_whitelists = None

Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with "*".

status = None

The status of the Auth Server Policy Rule.

type = None

The type of the Auth Server Policy Rule.

static get(resource_name, id, opts=None, access_token_lifetime_minutes=None, auth_server_id=None, grant_type_whitelists=None, group_blacklists=None, group_whitelists=None, inline_hook_id=None, name=None, policy_id=None, priority=None, refresh_token_lifetime_minutes=None, refresh_token_window_minutes=None, scope_whitelists=None, status=None, type=None, user_blacklists=None, user_whitelists=None)

Get an existing ServerPolicyClaim resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters
  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • access_token_lifetime_minutes (pulumi.Input[float]) – Lifetime of access token. Can be set to a value between 5 and 1440.

  • auth_server_id (pulumi.Input[str]) – Auth Server ID.

  • grant_type_whitelists (pulumi.Input[list]) – Accepted grant type values, "authorization_code", "implicit", "password"

  • inline_hook_id (pulumi.Input[str]) – The ID of the inline token to trigger.

  • name (pulumi.Input[str]) – Auth Server Policy Rule name.

  • policy_id (pulumi.Input[str]) – Auth Server Policy ID.

  • priority (pulumi.Input[float]) – Priority of the auth server policy rule.

  • refresh_token_lifetime_minutes (pulumi.Input[float]) – Lifetime of refresh token.

  • scope_whitelists (pulumi.Input[list]) – Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with "*".

  • status (pulumi.Input[str]) – The status of the Auth Server Policy Rule.

  • type (pulumi.Input[str]) – The type of the Auth Server Policy Rule.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_okta.auth.ServerScope(resource_name, opts=None, auth_server_id=None, consent=None, default=None, description=None, metadata_publish=None, name=None, __props__=None, __name__=None, __opts__=None)

Creates an Authorization Server Scope.

This resource allows you to create and configure an Authorization Server Scope.

Parameters
  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • auth_server_id (pulumi.Input[str]) – Auth Server ID.

  • consent (pulumi.Input[str]) – Indicates whether a consent dialog is needed for the scope. It can be set to "REQUIRED" or "IMPLICIT".

  • default (pulumi.Input[bool]) – A default scope will be returned in an access token when the client omits the scope parameter in a token request, provided this scope is allowed as part of the access policy rule.

  • description (pulumi.Input[str]) – Description of the Auth Server Scope.

  • metadata_publish (pulumi.Input[str]) – Whether to publish metadata or not. It can be set to "ALL_CLIENTS" or "NO_CLIENTS".

  • name (pulumi.Input[str]) – Auth Server scope name.

auth_server_id = None

Auth Server ID.

consent = None

Indicates whether a consent dialog is needed for the scope. It can be set to "REQUIRED" or "IMPLICIT".

default = None

A default scope will be returned in an access token when the client omits the scope parameter in a token request, provided this scope is allowed as part of the access policy rule.

description = None

Description of the Auth Server Scope.

metadata_publish = None

Whether to publish metadata or not. It can be set to "ALL_CLIENTS" or "NO_CLIENTS".

name = None

Auth Server scope name.

static get(resource_name, id, opts=None, auth_server_id=None, consent=None, default=None, description=None, metadata_publish=None, name=None)

Get an existing ServerScope resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters
  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • auth_server_id (pulumi.Input[str]) – Auth Server ID.

  • consent (pulumi.Input[str]) – Indicates whether a consent dialog is needed for the scope. It can be set to "REQUIRED" or "IMPLICIT".

  • default (pulumi.Input[bool]) – A default scope will be returned in an access token when the client omits the scope parameter in a token request, provided this scope is allowed as part of the access policy rule.

  • description (pulumi.Input[str]) – Description of the Auth Server Scope.

  • metadata_publish (pulumi.Input[str]) – Whether to publish metadata or not. It can be set to "ALL_CLIENTS" or "NO_CLIENTS".

  • name (pulumi.Input[str]) – Auth Server scope name.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

pulumi_okta.auth.get_server(name=None, opts=None)

Use this data source to retrieve an auth server from Okta.

Parameters

name (str) – The name of the auth server to retrieve.