Come join Pulumi for the industry's first Cloud Engineering Summit! October 7–8. Save Your Spot

idp

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-okta repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-okta repo.

class pulumi_okta.idp.AwaitableGetMetadataSamlResult(assertions_signed=None, authn_request_signed=None, encryption_certificate=None, entity_id=None, http_post_binding=None, http_redirect_binding=None, id=None, idp_id=None, metadata=None, signing_certificate=None)
class pulumi_okta.idp.AwaitableGetSamlResult(acs_binding=None, acs_type=None, audience=None, id=None, issuer=None, issuer_mode=None, kid=None, name=None, sso_binding=None, sso_destination=None, sso_url=None, subject_filter=None, subject_formats=None, type=None)
class pulumi_okta.idp.GetMetadataSamlResult(assertions_signed=None, authn_request_signed=None, encryption_certificate=None, entity_id=None, http_post_binding=None, http_redirect_binding=None, id=None, idp_id=None, metadata=None, signing_certificate=None)

A collection of values returned by getMetadataSaml.

assertions_signed = None

whether assertions are signed.

authn_request_signed = None

whether authn requests are signed.

encryption_certificate = None

SAML request encryption certificate.

entity_id = None

Entity URL for instance https://www.okta.com/saml2/service-provider/sposcfdmlybtwkdcgtuf.

http_post_binding = None

urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Post location from the SAML metadata.

http_redirect_binding = None

urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect location from the SAML metadata.

id = None

The provider-assigned unique ID for this managed resource.

metadata = None

raw IdP metadata.

signing_certificate = None

SAML request signing certificate.

class pulumi_okta.idp.GetSamlResult(acs_binding=None, acs_type=None, audience=None, id=None, issuer=None, issuer_mode=None, kid=None, name=None, sso_binding=None, sso_destination=None, sso_url=None, subject_filter=None, subject_formats=None, type=None)

A collection of values returned by getSaml.

acs_binding = None

HTTP binding used to receive a SAMLResponse message from the IdP.

acs_type = None

Determines whether to publish an instance-specific (trust) or organization (shared) ACS endpoint in the SAML metadata.

audience = None

URI that identifies the target Okta IdP instance (SP)

id = None

id of idp.

issuer = None

URI that identifies the issuer (IdP).

issuer_mode = None

indicates whether Okta uses the original Okta org domain URL, or a custom domain URL in the request to the IdP.

kid = None

Key ID reference to the IdP’s X.509 signature certificate.

name = None

name of the idp.

sso_binding = None

single sign on binding.

sso_destination = None

SSO request binding, HTTP-POST or HTTP-REDIRECT.

sso_url = None

single sign on url.

subject_filter = None

regular expression pattern used to filter untrusted IdP usernames.

subject_formats = None

Expression to generate or transform a unique username for the IdP user.

type = None

type of idp.

class pulumi_okta.idp.Oidc(resource_name, opts=None, account_link_action=None, account_link_group_includes=None, acs_binding=None, acs_type=None, authorization_binding=None, authorization_url=None, client_id=None, client_secret=None, deprovisioned_action=None, groups_action=None, groups_assignments=None, groups_attribute=None, groups_filters=None, issuer_mode=None, issuer_url=None, jwks_binding=None, jwks_url=None, max_clock_skew=None, name=None, profile_master=None, protocol_type=None, provisioning_action=None, request_signature_algorithm=None, request_signature_scope=None, response_signature_algorithm=None, response_signature_scope=None, scopes=None, status=None, subject_match_attribute=None, subject_match_type=None, suspended_action=None, token_binding=None, token_url=None, user_info_binding=None, user_info_url=None, username_template=None, __props__=None, __name__=None, __opts__=None)

Creates an OIDC Identity Provider.

This resource allows you to create and configure an OIDC Identity Provider.

import pulumi
import pulumi_okta as okta

example = okta.idp.Oidc("example",
    acs_binding="HTTP-POST",
    acs_type="INSTANCE",
    authorization_binding="HTTP-REDIRECT",
    authorization_url="https://idp.example.com/authorize",
    client_id="efg456",
    client_secret="efg456",
    issuer_url="https://id.example.com",
    jwks_binding="HTTP-REDIRECT",
    jwks_url="https://idp.example.com/keys",
    scopes=["openid"],
    token_binding="HTTP-POST",
    token_url="https://idp.example.com/token",
    user_info_binding="HTTP-REDIRECT",
    user_info_url="https://idp.example.com/userinfo",
    username_template="idpuser.email")
Parameters
  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • account_link_action (pulumi.Input[str]) – Specifies the account linking action for an IdP user.

  • account_link_group_includes (pulumi.Input[list]) – Group memberships to determine link candidates.

  • acs_binding (pulumi.Input[str]) – The method of making an ACS request. It can be set to "HTTP-POST" or "HTTP-REDIRECT".

  • acs_type (pulumi.Input[str]) – The type of ACS. Default is "INSTANCE".

  • authorization_binding (pulumi.Input[str]) – The method of making an authorization request. It can be set to "HTTP-POST" or "HTTP-REDIRECT".

  • authorization_url (pulumi.Input[str]) – IdP Authorization Server (AS) endpoint to request consent from the user and obtain an authorization code grant.

  • client_id (pulumi.Input[str]) – Unique identifier issued by AS for the Okta IdP instance.

  • client_secret (pulumi.Input[str]) – Client secret issued by AS for the Okta IdP instance.

  • deprovisioned_action (pulumi.Input[str]) – Action for a previously deprovisioned IdP user during authentication. Can be "NONE" or "REACTIVATE".

  • groups_action (pulumi.Input[str]) – Provisioning action for IdP user’s group memberships. It can be "NONE", "SYNC", "APPEND", or "ASSIGN".

  • groups_assignments (pulumi.Input[list]) – List of Okta Group IDs to add an IdP user as a member with the "ASSIGN" groups_action.

  • groups_attribute (pulumi.Input[str]) – IdP user profile attribute name (case-insensitive) for an array value that contains group memberships.

  • groups_filters (pulumi.Input[list]) – Whitelist of Okta Group identifiers that are allowed for the "APPEND" or "SYNC" groups_action.

  • issuer_mode (pulumi.Input[str]) – Indicates whether Okta uses the original Okta org domain URL, or a custom domain URL. It can be "ORG_URL" or "CUSTOM_URL".

  • issuer_url (pulumi.Input[str]) – URI that identifies the issuer.

  • jwks_binding (pulumi.Input[str]) – The method of making a request for the OIDC JWKS. It can be set to "HTTP-POST" or "HTTP-REDIRECT".

  • jwks_url (pulumi.Input[str]) – Endpoint where the signer of the keys publishes its keys in a JWK Set.

  • max_clock_skew (pulumi.Input[float]) – Maximum allowable clock-skew when processing messages from the IdP.

  • name (pulumi.Input[str]) – The Application’s display name.

  • profile_master (pulumi.Input[bool]) – Determines if the IdP should act as a source of truth for user profile attributes.

  • protocol_type (pulumi.Input[str]) – The type of protocol to use. It can be "OIDC" or "OAUTH2".

  • provisioning_action (pulumi.Input[str]) – Provisioning action for an IdP user during authentication.

  • request_signature_algorithm (pulumi.Input[str]) – algorithm to use to sign requests

  • request_signature_scope (pulumi.Input[str]) – algorithm to use to sign response

  • response_signature_algorithm (pulumi.Input[str]) – algorithm to use to sign requests

  • response_signature_scope (pulumi.Input[str]) – algorithm to use to sign response

  • scopes (pulumi.Input[list]) – The scopes of the IdP.

  • status (pulumi.Input[str]) – Status of the IdP.

  • subject_match_attribute (pulumi.Input[str]) – Okta user profile attribute for matching transformed IdP username. Only for matchType "CUSTOM_ATTRIBUTE".

  • subject_match_type (pulumi.Input[str]) – Determines the Okta user profile attribute match conditions for account linking and authentication of the transformed IdP username. By default it is set to "USERNAME". It can be set to "USERNAME", "EMAIL", "USERNAME_OR_EMAIL" or "CUSTOM_ATTRIBUTE".

  • suspended_action (pulumi.Input[str]) – Action for a previously suspended IdP user during authentication. Can be set to "NONE" or "UNSUSPEND"

  • token_binding (pulumi.Input[str]) – The method of making a token request. It can be set to "HTTP-POST" or "HTTP-REDIRECT".

  • token_url (pulumi.Input[str]) – IdP Authorization Server (AS) endpoint to exchange the authorization code grant for an access token.

  • user_info_url (pulumi.Input[str]) – Protected resource endpoint that returns claims about the authenticated user.

  • username_template (pulumi.Input[str]) – Okta EL Expression to generate or transform a unique username for the IdP user.

Specifies the account linking action for an IdP user.

Group memberships to determine link candidates.

acs_binding: pulumi.Output[str] = None

The method of making an ACS request. It can be set to "HTTP-POST" or "HTTP-REDIRECT".

acs_type: pulumi.Output[str] = None

The type of ACS. Default is "INSTANCE".

authorization_binding: pulumi.Output[str] = None

The method of making an authorization request. It can be set to "HTTP-POST" or "HTTP-REDIRECT".

authorization_url: pulumi.Output[str] = None

IdP Authorization Server (AS) endpoint to request consent from the user and obtain an authorization code grant.

client_id: pulumi.Output[str] = None

Unique identifier issued by AS for the Okta IdP instance.

client_secret: pulumi.Output[str] = None

Client secret issued by AS for the Okta IdP instance.

deprovisioned_action: pulumi.Output[str] = None

Action for a previously deprovisioned IdP user during authentication. Can be "NONE" or "REACTIVATE".

groups_action: pulumi.Output[str] = None

Provisioning action for IdP user’s group memberships. It can be "NONE", "SYNC", "APPEND", or "ASSIGN".

groups_assignments: pulumi.Output[list] = None

List of Okta Group IDs to add an IdP user as a member with the "ASSIGN" groups_action.

groups_attribute: pulumi.Output[str] = None

IdP user profile attribute name (case-insensitive) for an array value that contains group memberships.

groups_filters: pulumi.Output[list] = None

Whitelist of Okta Group identifiers that are allowed for the "APPEND" or "SYNC" groups_action.

issuer_mode: pulumi.Output[str] = None

Indicates whether Okta uses the original Okta org domain URL, or a custom domain URL. It can be "ORG_URL" or "CUSTOM_URL".

issuer_url: pulumi.Output[str] = None

URI that identifies the issuer.

jwks_binding: pulumi.Output[str] = None

The method of making a request for the OIDC JWKS. It can be set to "HTTP-POST" or "HTTP-REDIRECT".

jwks_url: pulumi.Output[str] = None

Endpoint where the signer of the keys publishes its keys in a JWK Set.

max_clock_skew: pulumi.Output[float] = None

Maximum allowable clock-skew when processing messages from the IdP.

name: pulumi.Output[str] = None

The Application’s display name.

profile_master: pulumi.Output[bool] = None

Determines if the IdP should act as a source of truth for user profile attributes.

protocol_type: pulumi.Output[str] = None

The type of protocol to use. It can be "OIDC" or "OAUTH2".

provisioning_action: pulumi.Output[str] = None

Provisioning action for an IdP user during authentication.

request_signature_algorithm: pulumi.Output[str] = None

algorithm to use to sign requests

request_signature_scope: pulumi.Output[str] = None

algorithm to use to sign response

response_signature_algorithm: pulumi.Output[str] = None

algorithm to use to sign requests

response_signature_scope: pulumi.Output[str] = None

algorithm to use to sign response

scopes: pulumi.Output[list] = None

The scopes of the IdP.

status: pulumi.Output[str] = None

Status of the IdP.

subject_match_attribute: pulumi.Output[str] = None

Okta user profile attribute for matching transformed IdP username. Only for matchType "CUSTOM_ATTRIBUTE".

subject_match_type: pulumi.Output[str] = None

Determines the Okta user profile attribute match conditions for account linking and authentication of the transformed IdP username. By default it is set to "USERNAME". It can be set to "USERNAME", "EMAIL", "USERNAME_OR_EMAIL" or "CUSTOM_ATTRIBUTE".

suspended_action: pulumi.Output[str] = None

Action for a previously suspended IdP user during authentication. Can be set to "NONE" or "UNSUSPEND"

token_binding: pulumi.Output[str] = None

The method of making a token request. It can be set to "HTTP-POST" or "HTTP-REDIRECT".

token_url: pulumi.Output[str] = None

IdP Authorization Server (AS) endpoint to exchange the authorization code grant for an access token.

type: pulumi.Output[str] = None

Type of OIDC IdP.

user_info_url: pulumi.Output[str] = None

Protected resource endpoint that returns claims about the authenticated user.

username_template: pulumi.Output[str] = None

Okta EL Expression to generate or transform a unique username for the IdP user.

static get(resource_name, id, opts=None, account_link_action=None, account_link_group_includes=None, acs_binding=None, acs_type=None, authorization_binding=None, authorization_url=None, client_id=None, client_secret=None, deprovisioned_action=None, groups_action=None, groups_assignments=None, groups_attribute=None, groups_filters=None, issuer_mode=None, issuer_url=None, jwks_binding=None, jwks_url=None, max_clock_skew=None, name=None, profile_master=None, protocol_type=None, provisioning_action=None, request_signature_algorithm=None, request_signature_scope=None, response_signature_algorithm=None, response_signature_scope=None, scopes=None, status=None, subject_match_attribute=None, subject_match_type=None, suspended_action=None, token_binding=None, token_url=None, type=None, user_info_binding=None, user_info_url=None, username_template=None)

Get an existing Oidc resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters
  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • account_link_action (pulumi.Input[str]) – Specifies the account linking action for an IdP user.

  • account_link_group_includes (pulumi.Input[list]) – Group memberships to determine link candidates.

  • acs_binding (pulumi.Input[str]) – The method of making an ACS request. It can be set to "HTTP-POST" or "HTTP-REDIRECT".

  • acs_type (pulumi.Input[str]) – The type of ACS. Default is "INSTANCE".

  • authorization_binding (pulumi.Input[str]) – The method of making an authorization request. It can be set to "HTTP-POST" or "HTTP-REDIRECT".

  • authorization_url (pulumi.Input[str]) – IdP Authorization Server (AS) endpoint to request consent from the user and obtain an authorization code grant.

  • client_id (pulumi.Input[str]) – Unique identifier issued by AS for the Okta IdP instance.

  • client_secret (pulumi.Input[str]) – Client secret issued by AS for the Okta IdP instance.

  • deprovisioned_action (pulumi.Input[str]) – Action for a previously deprovisioned IdP user during authentication. Can be "NONE" or "REACTIVATE".

  • groups_action (pulumi.Input[str]) – Provisioning action for IdP user’s group memberships. It can be "NONE", "SYNC", "APPEND", or "ASSIGN".

  • groups_assignments (pulumi.Input[list]) – List of Okta Group IDs to add an IdP user as a member with the "ASSIGN" groups_action.

  • groups_attribute (pulumi.Input[str]) – IdP user profile attribute name (case-insensitive) for an array value that contains group memberships.

  • groups_filters (pulumi.Input[list]) – Whitelist of Okta Group identifiers that are allowed for the "APPEND" or "SYNC" groups_action.

  • issuer_mode (pulumi.Input[str]) – Indicates whether Okta uses the original Okta org domain URL, or a custom domain URL. It can be "ORG_URL" or "CUSTOM_URL".

  • issuer_url (pulumi.Input[str]) – URI that identifies the issuer.

  • jwks_binding (pulumi.Input[str]) – The method of making a request for the OIDC JWKS. It can be set to "HTTP-POST" or "HTTP-REDIRECT".

  • jwks_url (pulumi.Input[str]) – Endpoint where the signer of the keys publishes its keys in a JWK Set.

  • max_clock_skew (pulumi.Input[float]) – Maximum allowable clock-skew when processing messages from the IdP.

  • name (pulumi.Input[str]) – The Application’s display name.

  • profile_master (pulumi.Input[bool]) – Determines if the IdP should act as a source of truth for user profile attributes.

  • protocol_type (pulumi.Input[str]) – The type of protocol to use. It can be "OIDC" or "OAUTH2".

  • provisioning_action (pulumi.Input[str]) – Provisioning action for an IdP user during authentication.

  • request_signature_algorithm (pulumi.Input[str]) – algorithm to use to sign requests

  • request_signature_scope (pulumi.Input[str]) – algorithm to use to sign response

  • response_signature_algorithm (pulumi.Input[str]) – algorithm to use to sign requests

  • response_signature_scope (pulumi.Input[str]) – algorithm to use to sign response

  • scopes (pulumi.Input[list]) – The scopes of the IdP.

  • status (pulumi.Input[str]) – Status of the IdP.

  • subject_match_attribute (pulumi.Input[str]) – Okta user profile attribute for matching transformed IdP username. Only for matchType "CUSTOM_ATTRIBUTE".

  • subject_match_type (pulumi.Input[str]) – Determines the Okta user profile attribute match conditions for account linking and authentication of the transformed IdP username. By default it is set to "USERNAME". It can be set to "USERNAME", "EMAIL", "USERNAME_OR_EMAIL" or "CUSTOM_ATTRIBUTE".

  • suspended_action (pulumi.Input[str]) – Action for a previously suspended IdP user during authentication. Can be set to "NONE" or "UNSUSPEND"

  • token_binding (pulumi.Input[str]) – The method of making a token request. It can be set to "HTTP-POST" or "HTTP-REDIRECT".

  • token_url (pulumi.Input[str]) – IdP Authorization Server (AS) endpoint to exchange the authorization code grant for an access token.

  • type (pulumi.Input[str]) – Type of OIDC IdP.

  • user_info_url (pulumi.Input[str]) – Protected resource endpoint that returns claims about the authenticated user.

  • username_template (pulumi.Input[str]) – Okta EL Expression to generate or transform a unique username for the IdP user.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_okta.idp.Saml(resource_name, opts=None, account_link_action=None, account_link_group_includes=None, acs_binding=None, acs_type=None, deprovisioned_action=None, groups_action=None, groups_assignments=None, groups_attribute=None, groups_filters=None, issuer=None, issuer_mode=None, kid=None, name=None, name_format=None, profile_master=None, provisioning_action=None, request_signature_algorithm=None, request_signature_scope=None, response_signature_algorithm=None, response_signature_scope=None, sso_binding=None, sso_destination=None, sso_url=None, status=None, subject_filter=None, subject_formats=None, subject_match_attribute=None, subject_match_type=None, suspended_action=None, username_template=None, __props__=None, __name__=None, __opts__=None)

Creates a SAML Identity Provider.

This resource allows you to create and configure a SAML Identity Provider.

import pulumi
import pulumi_okta as okta

example = okta.idp.Saml("example",
    acs_binding="HTTP-POST",
    acs_type="INSTANCE",
    issuer="https://idp.example.com",
    kid=okta_idp_saml_key["test"]["id"],
    request_signature_scope="REQUEST",
    response_signature_scope="ANY",
    sso_binding="HTTP-POST",
    sso_destination="https://idp.example.com",
    sso_url="https://idp.example.com",
    username_template="idpuser.email")
Parameters
  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • account_link_action (pulumi.Input[str]) – Specifies the account linking action for an IdP user.

  • account_link_group_includes (pulumi.Input[list]) – Group memberships to determine link candidates.

  • acs_binding (pulumi.Input[str]) – The method of making an ACS request. It can be set to "HTTP-POST" or "HTTP-REDIRECT".

  • acs_type (pulumi.Input[str]) – The type of ACS. It can be "INSTANCE" or "ORG".

  • deprovisioned_action (pulumi.Input[str]) – Action for a previously deprovisioned IdP user during authentication. Can be "NONE" or "REACTIVATE".

  • groups_action (pulumi.Input[str]) – Provisioning action for IdP user’s group memberships. It can be "NONE", "SYNC", "APPEND", or "ASSIGN".

  • groups_assignments (pulumi.Input[list]) – List of Okta Group IDs to add an IdP user as a member with the "ASSIGN" groups_action.

  • groups_attribute (pulumi.Input[str]) – IdP user profile attribute name (case-insensitive) for an array value that contains group memberships.

  • groups_filters (pulumi.Input[list]) – Whitelist of Okta Group identifiers that are allowed for the "APPEND" or "SYNC" groups_action.

  • issuer (pulumi.Input[str]) – URI that identifies the issuer.

  • issuer_mode (pulumi.Input[str]) – Indicates whether Okta uses the original Okta org domain URL, or a custom domain URL. It can be "ORG_URL" or "CUSTOM_URL".

  • kid (pulumi.Input[str]) – The ID of the signing key.

  • name (pulumi.Input[str]) – The Application’s display name.

  • name_format (pulumi.Input[str]) – The name identifier format to use. By default "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified".

  • profile_master (pulumi.Input[bool]) – Determines if the IdP should act as a source of truth for user profile attributes.

  • provisioning_action (pulumi.Input[str]) – Provisioning action for an IdP user during authentication.

  • request_signature_algorithm (pulumi.Input[str]) – The XML digital signature algorithm used when signing an AuthnRequest message.

  • request_signature_scope (pulumi.Input[str]) – Specifies whether or not to digitally sign an AuthnRequest messages to the IdP. It can be "REQUEST" or "NONE".

  • response_signature_algorithm (pulumi.Input[str]) – The minimum XML digital signature algorithm allowed when verifying a SAMLResponse message or Assertion element.

  • response_signature_scope (pulumi.Input[str]) – Specifies whether to verify a SAMLResponse message or Assertion element XML digital signature. It can be "RESPONSE", "ASSERTION", or "ANY".

  • sso_binding (pulumi.Input[str]) – The method of making an SSO request. It can be set to "HTTP-POST" or "HTTP-REDIRECT".

  • sso_destination (pulumi.Input[str]) – URI reference indicating the address to which the AuthnRequest message is sent.

  • sso_url (pulumi.Input[str]) – URL of binding-specific endpoint to send an AuthnRequest message to IdP.

  • status (pulumi.Input[str]) – Status of the IdP.

  • subject_filter (pulumi.Input[str]) – Optional regular expression pattern used to filter untrusted IdP usernames.

  • subject_formats (pulumi.Input[list]) – The name formate. By default "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified".

  • subject_match_attribute (pulumi.Input[str]) – Okta user profile attribute for matching transformed IdP username. Only for matchType "CUSTOM_ATTRIBUTE".

  • subject_match_type (pulumi.Input[str]) – Determines the Okta user profile attribute match conditions for account linking and authentication of the transformed IdP username. By default it is set to "USERNAME". It can be set to "USERNAME", "EMAIL", "USERNAME_OR_EMAIL" or "CUSTOM_ATTRIBUTE".

  • suspended_action (pulumi.Input[str]) – Action for a previously suspended IdP user during authentication. Can be set to "NONE" or "UNSUSPEND"

  • username_template (pulumi.Input[str]) – Okta EL Expression to generate or transform a unique username for the IdP user.

Specifies the account linking action for an IdP user.

Group memberships to determine link candidates.

acs_binding: pulumi.Output[str] = None

The method of making an ACS request. It can be set to "HTTP-POST" or "HTTP-REDIRECT".

acs_type: pulumi.Output[str] = None

The type of ACS. It can be "INSTANCE" or "ORG".

audience: pulumi.Output[str] = None

The audience restriction for the IdP.

deprovisioned_action: pulumi.Output[str] = None

Action for a previously deprovisioned IdP user during authentication. Can be "NONE" or "REACTIVATE".

groups_action: pulumi.Output[str] = None

Provisioning action for IdP user’s group memberships. It can be "NONE", "SYNC", "APPEND", or "ASSIGN".

groups_assignments: pulumi.Output[list] = None

List of Okta Group IDs to add an IdP user as a member with the "ASSIGN" groups_action.

groups_attribute: pulumi.Output[str] = None

IdP user profile attribute name (case-insensitive) for an array value that contains group memberships.

groups_filters: pulumi.Output[list] = None

Whitelist of Okta Group identifiers that are allowed for the "APPEND" or "SYNC" groups_action.

issuer: pulumi.Output[str] = None

URI that identifies the issuer.

issuer_mode: pulumi.Output[str] = None

Indicates whether Okta uses the original Okta org domain URL, or a custom domain URL. It can be "ORG_URL" or "CUSTOM_URL".

kid: pulumi.Output[str] = None

The ID of the signing key.

name: pulumi.Output[str] = None

The Application’s display name.

name_format: pulumi.Output[str] = None

The name identifier format to use. By default "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified".

profile_master: pulumi.Output[bool] = None

Determines if the IdP should act as a source of truth for user profile attributes.

provisioning_action: pulumi.Output[str] = None

Provisioning action for an IdP user during authentication.

request_signature_algorithm: pulumi.Output[str] = None

The XML digital signature algorithm used when signing an AuthnRequest message.

request_signature_scope: pulumi.Output[str] = None

Specifies whether or not to digitally sign an AuthnRequest messages to the IdP. It can be "REQUEST" or "NONE".

response_signature_algorithm: pulumi.Output[str] = None

The minimum XML digital signature algorithm allowed when verifying a SAMLResponse message or Assertion element.

response_signature_scope: pulumi.Output[str] = None

Specifies whether to verify a SAMLResponse message or Assertion element XML digital signature. It can be "RESPONSE", "ASSERTION", or "ANY".

sso_binding: pulumi.Output[str] = None

The method of making an SSO request. It can be set to "HTTP-POST" or "HTTP-REDIRECT".

sso_destination: pulumi.Output[str] = None

URI reference indicating the address to which the AuthnRequest message is sent.

sso_url: pulumi.Output[str] = None

URL of binding-specific endpoint to send an AuthnRequest message to IdP.

status: pulumi.Output[str] = None

Status of the IdP.

subject_filter: pulumi.Output[str] = None

Optional regular expression pattern used to filter untrusted IdP usernames.

subject_formats: pulumi.Output[list] = None

The name formate. By default "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified".

subject_match_attribute: pulumi.Output[str] = None

Okta user profile attribute for matching transformed IdP username. Only for matchType "CUSTOM_ATTRIBUTE".

subject_match_type: pulumi.Output[str] = None

Determines the Okta user profile attribute match conditions for account linking and authentication of the transformed IdP username. By default it is set to "USERNAME". It can be set to "USERNAME", "EMAIL", "USERNAME_OR_EMAIL" or "CUSTOM_ATTRIBUTE".

suspended_action: pulumi.Output[str] = None

Action for a previously suspended IdP user during authentication. Can be set to "NONE" or "UNSUSPEND"

type: pulumi.Output[str] = None

Type of the IdP.

username_template: pulumi.Output[str] = None

Okta EL Expression to generate or transform a unique username for the IdP user.

static get(resource_name, id, opts=None, account_link_action=None, account_link_group_includes=None, acs_binding=None, acs_type=None, audience=None, deprovisioned_action=None, groups_action=None, groups_assignments=None, groups_attribute=None, groups_filters=None, issuer=None, issuer_mode=None, kid=None, name=None, name_format=None, profile_master=None, provisioning_action=None, request_signature_algorithm=None, request_signature_scope=None, response_signature_algorithm=None, response_signature_scope=None, sso_binding=None, sso_destination=None, sso_url=None, status=None, subject_filter=None, subject_formats=None, subject_match_attribute=None, subject_match_type=None, suspended_action=None, type=None, username_template=None)

Get an existing Saml resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters
  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • account_link_action (pulumi.Input[str]) – Specifies the account linking action for an IdP user.

  • account_link_group_includes (pulumi.Input[list]) – Group memberships to determine link candidates.

  • acs_binding (pulumi.Input[str]) – The method of making an ACS request. It can be set to "HTTP-POST" or "HTTP-REDIRECT".

  • acs_type (pulumi.Input[str]) – The type of ACS. It can be "INSTANCE" or "ORG".

  • audience (pulumi.Input[str]) – The audience restriction for the IdP.

  • deprovisioned_action (pulumi.Input[str]) – Action for a previously deprovisioned IdP user during authentication. Can be "NONE" or "REACTIVATE".

  • groups_action (pulumi.Input[str]) – Provisioning action for IdP user’s group memberships. It can be "NONE", "SYNC", "APPEND", or "ASSIGN".

  • groups_assignments (pulumi.Input[list]) – List of Okta Group IDs to add an IdP user as a member with the "ASSIGN" groups_action.

  • groups_attribute (pulumi.Input[str]) – IdP user profile attribute name (case-insensitive) for an array value that contains group memberships.

  • groups_filters (pulumi.Input[list]) – Whitelist of Okta Group identifiers that are allowed for the "APPEND" or "SYNC" groups_action.

  • issuer (pulumi.Input[str]) – URI that identifies the issuer.

  • issuer_mode (pulumi.Input[str]) – Indicates whether Okta uses the original Okta org domain URL, or a custom domain URL. It can be "ORG_URL" or "CUSTOM_URL".

  • kid (pulumi.Input[str]) – The ID of the signing key.

  • name (pulumi.Input[str]) – The Application’s display name.

  • name_format (pulumi.Input[str]) – The name identifier format to use. By default "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified".

  • profile_master (pulumi.Input[bool]) – Determines if the IdP should act as a source of truth for user profile attributes.

  • provisioning_action (pulumi.Input[str]) – Provisioning action for an IdP user during authentication.

  • request_signature_algorithm (pulumi.Input[str]) – The XML digital signature algorithm used when signing an AuthnRequest message.

  • request_signature_scope (pulumi.Input[str]) – Specifies whether or not to digitally sign an AuthnRequest messages to the IdP. It can be "REQUEST" or "NONE".

  • response_signature_algorithm (pulumi.Input[str]) – The minimum XML digital signature algorithm allowed when verifying a SAMLResponse message or Assertion element.

  • response_signature_scope (pulumi.Input[str]) – Specifies whether to verify a SAMLResponse message or Assertion element XML digital signature. It can be "RESPONSE", "ASSERTION", or "ANY".

  • sso_binding (pulumi.Input[str]) – The method of making an SSO request. It can be set to "HTTP-POST" or "HTTP-REDIRECT".

  • sso_destination (pulumi.Input[str]) – URI reference indicating the address to which the AuthnRequest message is sent.

  • sso_url (pulumi.Input[str]) – URL of binding-specific endpoint to send an AuthnRequest message to IdP.

  • status (pulumi.Input[str]) – Status of the IdP.

  • subject_filter (pulumi.Input[str]) – Optional regular expression pattern used to filter untrusted IdP usernames.

  • subject_formats (pulumi.Input[list]) – The name formate. By default "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified".

  • subject_match_attribute (pulumi.Input[str]) – Okta user profile attribute for matching transformed IdP username. Only for matchType "CUSTOM_ATTRIBUTE".

  • subject_match_type (pulumi.Input[str]) – Determines the Okta user profile attribute match conditions for account linking and authentication of the transformed IdP username. By default it is set to "USERNAME". It can be set to "USERNAME", "EMAIL", "USERNAME_OR_EMAIL" or "CUSTOM_ATTRIBUTE".

  • suspended_action (pulumi.Input[str]) – Action for a previously suspended IdP user during authentication. Can be set to "NONE" or "UNSUSPEND"

  • type (pulumi.Input[str]) – Type of the IdP.

  • username_template (pulumi.Input[str]) – Okta EL Expression to generate or transform a unique username for the IdP user.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_okta.idp.SamlKey(resource_name, opts=None, x5cs=None, __props__=None, __name__=None, __opts__=None)

Creates a SAML Identity Provider Signing Key.

This resource allows you to create and configure a SAML Identity Provider Signing Key.

import pulumi
import pulumi_okta as okta

example = okta.idp.SamlKey("example", x5cs=[okta_app_saml["example"]["certificate"]])
Parameters
  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • x5cs (pulumi.Input[list]) – base64-encoded X.509 certificate chain with DER encoding.

created: pulumi.Output[str] = None

Date created.

expires_at: pulumi.Output[str] = None

Date the cert expires.

kid: pulumi.Output[str] = None

Key ID.

kty: pulumi.Output[str] = None

Identifies the cryptographic algorithm family used with the key.

use: pulumi.Output[str] = None

Intended use of the public key.

x5cs: pulumi.Output[list] = None

base64-encoded X.509 certificate chain with DER encoding.

x5t_s256: pulumi.Output[str] = None

base64url-encoded SHA-256 thumbprint of the DER encoding of an X.509 certificate.

static get(resource_name, id, opts=None, created=None, expires_at=None, kid=None, kty=None, use=None, x5cs=None, x5t_s256=None)

Get an existing SamlKey resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters
  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • created (pulumi.Input[str]) – Date created.

  • expires_at (pulumi.Input[str]) – Date the cert expires.

  • kid (pulumi.Input[str]) – Key ID.

  • kty (pulumi.Input[str]) – Identifies the cryptographic algorithm family used with the key.

  • use (pulumi.Input[str]) – Intended use of the public key.

  • x5cs (pulumi.Input[list]) – base64-encoded X.509 certificate chain with DER encoding.

  • x5t_s256 (pulumi.Input[str]) – base64url-encoded SHA-256 thumbprint of the DER encoding of an X.509 certificate.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_okta.idp.Social(resource_name, opts=None, account_link_action=None, account_link_group_includes=None, client_id=None, client_secret=None, deprovisioned_action=None, groups_action=None, groups_assignments=None, groups_attribute=None, groups_filters=None, issuer_mode=None, match_attribute=None, match_type=None, max_clock_skew=None, name=None, profile_master=None, protocol_type=None, provisioning_action=None, request_signature_algorithm=None, request_signature_scope=None, response_signature_algorithm=None, response_signature_scope=None, scopes=None, status=None, subject_match_attribute=None, subject_match_type=None, suspended_action=None, type=None, username_template=None, __props__=None, __name__=None, __opts__=None)

Creates an Social Identity Provider.

This resource allows you to create and configure an Social Identity Provider.

import pulumi
import pulumi_okta as okta

example = okta.idp.Social("example",
    client_id="abcd123",
    client_secret="abcd123",
    match_attribute="customfieldId",
    match_type="CUSTOM_ATTRIBUTE",
    protocol_type="OAUTH2",
    scopes=[
        "public_profile",
        "email",
    ],
    type="FACEBOOK",
    username_template="idpuser.email")
Parameters
  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • account_link_action (pulumi.Input[str]) – Specifies the account linking action for an IdP user.

  • account_link_group_includes (pulumi.Input[list]) – Group memberships to determine link candidates.

  • client_id (pulumi.Input[str]) – Unique identifier issued by AS for the Okta IdP instance.

  • client_secret (pulumi.Input[str]) – Client secret issued by AS for the Okta IdP instance.

  • deprovisioned_action (pulumi.Input[str]) – Action for a previously deprovisioned IdP user during authentication. Can be "NONE" or "REACTIVATE".

  • groups_action (pulumi.Input[str]) – Provisioning action for IdP user’s group memberships. It can be "NONE", "SYNC", "APPEND", or "ASSIGN".

  • groups_assignments (pulumi.Input[list]) – List of Okta Group IDs to add an IdP user as a member with the "ASSIGN" groups_action.

  • groups_attribute (pulumi.Input[str]) – IdP user profile attribute name (case-insensitive) for an array value that contains group memberships.

  • groups_filters (pulumi.Input[list]) – Whitelist of Okta Group identifiers that are allowed for the "APPEND" or "SYNC" groups_action.

  • issuer_mode (pulumi.Input[str]) – Indicates whether Okta uses the original Okta org domain URL, or a custom domain URL. It can be "ORG_URL" or "CUSTOM_URL".

  • max_clock_skew (pulumi.Input[float]) – Maximum allowable clock-skew when processing messages from the IdP.

  • name (pulumi.Input[str]) – The Application’s display name.

  • profile_master (pulumi.Input[bool]) – Determines if the IdP should act as a source of truth for user profile attributes.

  • protocol_type (pulumi.Input[str]) – The type of protocol to use. It can be "OIDC" or "OAUTH2".

  • provisioning_action (pulumi.Input[str]) – Provisioning action for an IdP user during authentication.

  • request_signature_algorithm (pulumi.Input[str]) – The XML digital signature algorithm used when signing an AuthnRequest message.

  • request_signature_scope (pulumi.Input[str]) – Specifies whether or not to digitally sign an AuthnRequest messages to the IdP. It can be "REQUEST" or "NONE".

  • response_signature_algorithm (pulumi.Input[str]) – The minimum XML digital signature algorithm allowed when verifying a SAMLResponse message or Assertion element.

  • response_signature_scope (pulumi.Input[str]) – Specifies whether to verify a SAMLResponse message or Assertion element XML digital signature. It can be "RESPONSE", "ASSERTION", or "ANY".

  • scopes (pulumi.Input[list]) – The scopes of the IdP.

  • status (pulumi.Input[str]) – Status of the IdP.

  • subject_match_attribute (pulumi.Input[str]) – Okta user profile attribute for matching transformed IdP username. Only for matchType "CUSTOM_ATTRIBUTE".

  • subject_match_type (pulumi.Input[str]) – Determines the Okta user profile attribute match conditions for account linking and authentication of the transformed IdP username. By default it is set to "USERNAME". It can be set to "USERNAME", "EMAIL", "USERNAME_OR_EMAIL" or "CUSTOM_ATTRIBUTE".

  • suspended_action (pulumi.Input[str]) – Action for a previously suspended IdP user during authentication. Can be set to "NONE" or "UNSUSPEND"

  • type (pulumi.Input[str]) – The type of Social IdP. It can be "FACEBOOK", "LINKEDIN", "MICROSOFT", or "GOOGLE".

  • username_template (pulumi.Input[str]) – Okta EL Expression to generate or transform a unique username for the IdP user.

Specifies the account linking action for an IdP user.

Group memberships to determine link candidates.

authorization_binding: pulumi.Output[str] = None

The method of making an authorization request. It can be set to "HTTP-POST" or "HTTP-REDIRECT".

authorization_url: pulumi.Output[str] = None

IdP Authorization Server (AS) endpoint to request consent from the user and obtain an authorization code grant.

client_id: pulumi.Output[str] = None

Unique identifier issued by AS for the Okta IdP instance.

client_secret: pulumi.Output[str] = None

Client secret issued by AS for the Okta IdP instance.

deprovisioned_action: pulumi.Output[str] = None

Action for a previously deprovisioned IdP user during authentication. Can be "NONE" or "REACTIVATE".

groups_action: pulumi.Output[str] = None

Provisioning action for IdP user’s group memberships. It can be "NONE", "SYNC", "APPEND", or "ASSIGN".

groups_assignments: pulumi.Output[list] = None

List of Okta Group IDs to add an IdP user as a member with the "ASSIGN" groups_action.

groups_attribute: pulumi.Output[str] = None

IdP user profile attribute name (case-insensitive) for an array value that contains group memberships.

groups_filters: pulumi.Output[list] = None

Whitelist of Okta Group identifiers that are allowed for the "APPEND" or "SYNC" groups_action.

issuer_mode: pulumi.Output[str] = None

Indicates whether Okta uses the original Okta org domain URL, or a custom domain URL. It can be "ORG_URL" or "CUSTOM_URL".

max_clock_skew: pulumi.Output[float] = None

Maximum allowable clock-skew when processing messages from the IdP.

name: pulumi.Output[str] = None

The Application’s display name.

profile_master: pulumi.Output[bool] = None

Determines if the IdP should act as a source of truth for user profile attributes.

protocol_type: pulumi.Output[str] = None

The type of protocol to use. It can be "OIDC" or "OAUTH2".

provisioning_action: pulumi.Output[str] = None

Provisioning action for an IdP user during authentication.

request_signature_algorithm: pulumi.Output[str] = None

The XML digital signature algorithm used when signing an AuthnRequest message.

request_signature_scope: pulumi.Output[str] = None

Specifies whether or not to digitally sign an AuthnRequest messages to the IdP. It can be "REQUEST" or "NONE".

response_signature_algorithm: pulumi.Output[str] = None

The minimum XML digital signature algorithm allowed when verifying a SAMLResponse message or Assertion element.

response_signature_scope: pulumi.Output[str] = None

Specifies whether to verify a SAMLResponse message or Assertion element XML digital signature. It can be "RESPONSE", "ASSERTION", or "ANY".

scopes: pulumi.Output[list] = None

The scopes of the IdP.

status: pulumi.Output[str] = None

Status of the IdP.

subject_match_attribute: pulumi.Output[str] = None

Okta user profile attribute for matching transformed IdP username. Only for matchType "CUSTOM_ATTRIBUTE".

subject_match_type: pulumi.Output[str] = None

Determines the Okta user profile attribute match conditions for account linking and authentication of the transformed IdP username. By default it is set to "USERNAME". It can be set to "USERNAME", "EMAIL", "USERNAME_OR_EMAIL" or "CUSTOM_ATTRIBUTE".

suspended_action: pulumi.Output[str] = None

Action for a previously suspended IdP user during authentication. Can be set to "NONE" or "UNSUSPEND"

token_binding: pulumi.Output[str] = None

The method of making a token request. It can be set to "HTTP-POST" or "HTTP-REDIRECT".

token_url: pulumi.Output[str] = None

IdP Authorization Server (AS) endpoint to exchange the authorization code grant for an access token.

type: pulumi.Output[str] = None

The type of Social IdP. It can be "FACEBOOK", "LINKEDIN", "MICROSOFT", or "GOOGLE".

username_template: pulumi.Output[str] = None

Okta EL Expression to generate or transform a unique username for the IdP user.

static get(resource_name, id, opts=None, account_link_action=None, account_link_group_includes=None, authorization_binding=None, authorization_url=None, client_id=None, client_secret=None, deprovisioned_action=None, groups_action=None, groups_assignments=None, groups_attribute=None, groups_filters=None, issuer_mode=None, match_attribute=None, match_type=None, max_clock_skew=None, name=None, profile_master=None, protocol_type=None, provisioning_action=None, request_signature_algorithm=None, request_signature_scope=None, response_signature_algorithm=None, response_signature_scope=None, scopes=None, status=None, subject_match_attribute=None, subject_match_type=None, suspended_action=None, token_binding=None, token_url=None, type=None, username_template=None)

Get an existing Social resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters
  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • account_link_action (pulumi.Input[str]) – Specifies the account linking action for an IdP user.

  • account_link_group_includes (pulumi.Input[list]) – Group memberships to determine link candidates.

  • authorization_binding (pulumi.Input[str]) – The method of making an authorization request. It can be set to "HTTP-POST" or "HTTP-REDIRECT".

  • authorization_url (pulumi.Input[str]) – IdP Authorization Server (AS) endpoint to request consent from the user and obtain an authorization code grant.

  • client_id (pulumi.Input[str]) – Unique identifier issued by AS for the Okta IdP instance.

  • client_secret (pulumi.Input[str]) – Client secret issued by AS for the Okta IdP instance.

  • deprovisioned_action (pulumi.Input[str]) – Action for a previously deprovisioned IdP user during authentication. Can be "NONE" or "REACTIVATE".

  • groups_action (pulumi.Input[str]) – Provisioning action for IdP user’s group memberships. It can be "NONE", "SYNC", "APPEND", or "ASSIGN".

  • groups_assignments (pulumi.Input[list]) – List of Okta Group IDs to add an IdP user as a member with the "ASSIGN" groups_action.

  • groups_attribute (pulumi.Input[str]) – IdP user profile attribute name (case-insensitive) for an array value that contains group memberships.

  • groups_filters (pulumi.Input[list]) – Whitelist of Okta Group identifiers that are allowed for the "APPEND" or "SYNC" groups_action.

  • issuer_mode (pulumi.Input[str]) – Indicates whether Okta uses the original Okta org domain URL, or a custom domain URL. It can be "ORG_URL" or "CUSTOM_URL".

  • max_clock_skew (pulumi.Input[float]) – Maximum allowable clock-skew when processing messages from the IdP.

  • name (pulumi.Input[str]) – The Application’s display name.

  • profile_master (pulumi.Input[bool]) – Determines if the IdP should act as a source of truth for user profile attributes.

  • protocol_type (pulumi.Input[str]) – The type of protocol to use. It can be "OIDC" or "OAUTH2".

  • provisioning_action (pulumi.Input[str]) – Provisioning action for an IdP user during authentication.

  • request_signature_algorithm (pulumi.Input[str]) – The XML digital signature algorithm used when signing an AuthnRequest message.

  • request_signature_scope (pulumi.Input[str]) – Specifies whether or not to digitally sign an AuthnRequest messages to the IdP. It can be "REQUEST" or "NONE".

  • response_signature_algorithm (pulumi.Input[str]) – The minimum XML digital signature algorithm allowed when verifying a SAMLResponse message or Assertion element.

  • response_signature_scope (pulumi.Input[str]) – Specifies whether to verify a SAMLResponse message or Assertion element XML digital signature. It can be "RESPONSE", "ASSERTION", or "ANY".

  • scopes (pulumi.Input[list]) – The scopes of the IdP.

  • status (pulumi.Input[str]) – Status of the IdP.

  • subject_match_attribute (pulumi.Input[str]) – Okta user profile attribute for matching transformed IdP username. Only for matchType "CUSTOM_ATTRIBUTE".

  • subject_match_type (pulumi.Input[str]) – Determines the Okta user profile attribute match conditions for account linking and authentication of the transformed IdP username. By default it is set to "USERNAME". It can be set to "USERNAME", "EMAIL", "USERNAME_OR_EMAIL" or "CUSTOM_ATTRIBUTE".

  • suspended_action (pulumi.Input[str]) – Action for a previously suspended IdP user during authentication. Can be set to "NONE" or "UNSUSPEND"

  • token_binding (pulumi.Input[str]) – The method of making a token request. It can be set to "HTTP-POST" or "HTTP-REDIRECT".

  • token_url (pulumi.Input[str]) – IdP Authorization Server (AS) endpoint to exchange the authorization code grant for an access token.

  • type (pulumi.Input[str]) – The type of Social IdP. It can be "FACEBOOK", "LINKEDIN", "MICROSOFT", or "GOOGLE".

  • username_template (pulumi.Input[str]) – Okta EL Expression to generate or transform a unique username for the IdP user.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

pulumi_okta.idp.get_metadata_saml(idp_id=None, opts=None)

Use this data source to retrieve SAML IdP metadata from Okta.

import pulumi
import pulumi_okta as okta

example = okta.idp.get_metadata_saml(id="<idp id>")
Parameters

idp_id (str) – The id of the IdP to retrieve metadata for.

pulumi_okta.idp.get_saml(id=None, name=None, opts=None)

Use this data source to retrieve a SAML IdP from Okta.

import pulumi
import pulumi_okta as okta

example = okta.idp.get_saml(label="Example App")
Parameters
  • id (str) – The id of the idp to retrieve, conflicts with name.

  • name (str) – The name of the idp to retrieve, conflicts with id.