flexibleengine 1.46.0, Apr 14 25

flexibleengine 1.46.0 published on Monday, Apr 14, 2025 by flexibleenginecloud

flexibleenginecloud/terraform-provider-flexibleengine

flexibleengine.IdentityProvider

Explore with Pulumi AI

flexibleengine 1.46.0 published on Monday, Apr 14, 2025 by flexibleenginecloud

flexibleenginecloud/terraform-provider-flexibleengine

Example Usage

Create a SAML protocol provider

import * as pulumi from "@pulumi/pulumi";
import * as flexibleengine from "@pulumi/flexibleengine";

const provider1 = new flexibleengine.IdentityProvider("provider1", {protocol: "saml"});

import pulumi
import pulumi_flexibleengine as flexibleengine

provider1 = flexibleengine.IdentityProvider("provider1", protocol="saml")

package main

import (
	"github.com/pulumi/pulumi-terraform-provider/sdks/go/flexibleengine/flexibleengine"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := flexibleengine.NewIdentityProvider(ctx, "provider1", &flexibleengine.IdentityProviderArgs{
			Protocol: pulumi.String("saml"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Flexibleengine = Pulumi.Flexibleengine;

return await Deployment.RunAsync(() => 
{
    var provider1 = new Flexibleengine.IdentityProvider("provider1", new()
    {
        Protocol = "saml",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.flexibleengine.IdentityProvider;
import com.pulumi.flexibleengine.IdentityProviderArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var provider1 = new IdentityProvider("provider1", IdentityProviderArgs.builder()
            .protocol("saml")
            .build());

    }
}

resources:
  provider1:
    type: flexibleengine:IdentityProvider
    properties:
      protocol: saml

Create a OpenID Connect protocol provider

import * as pulumi from "@pulumi/pulumi";
import * as flexibleengine from "@pulumi/flexibleengine";

const provider2 = new flexibleengine.IdentityProvider("provider2", {
    protocol: "oidc",
    openidConnectConfig: {
        accessType: "program_console",
        providerUrl: "https://accounts.example.com",
        clientId: "your_client_id",
        authorizationEndpoint: "https://accounts.example.com/o/oauth2/v2/auth",
        scopes: ["openid"],
        signingKey: JSON.stringify({
            keys: [{
                alg: "RS256",
                e: "AQAB",
                kid: "...",
                kty: "RSA",
                n: "...",
                use: "sig",
            }],
        }),
    },
});

import pulumi
import json
import pulumi_flexibleengine as flexibleengine

provider2 = flexibleengine.IdentityProvider("provider2",
    protocol="oidc",
    openid_connect_config={
        "access_type": "program_console",
        "provider_url": "https://accounts.example.com",
        "client_id": "your_client_id",
        "authorization_endpoint": "https://accounts.example.com/o/oauth2/v2/auth",
        "scopes": ["openid"],
        "signing_key": json.dumps({
            "keys": [{
                "alg": "RS256",
                "e": "AQAB",
                "kid": "...",
                "kty": "RSA",
                "n": "...",
                "use": "sig",
            }],
        }),
    })

package main

import (
	"encoding/json"

	"github.com/pulumi/pulumi-terraform-provider/sdks/go/flexibleengine/flexibleengine"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		tmpJSON0, err := json.Marshal(map[string]interface{}{
			"keys": []map[string]interface{}{
				map[string]interface{}{
					"alg": "RS256",
					"e":   "AQAB",
					"kid": "...",
					"kty": "RSA",
					"n":   "...",
					"use": "sig",
				},
			},
		})
		if err != nil {
			return err
		}
		json0 := string(tmpJSON0)
		_, err = flexibleengine.NewIdentityProvider(ctx, "provider2", &flexibleengine.IdentityProviderArgs{
			Protocol: pulumi.String("oidc"),
			OpenidConnectConfig: &flexibleengine.IdentityProviderOpenidConnectConfigArgs{
				AccessType:            pulumi.String("program_console"),
				ProviderUrl:           pulumi.String("https://accounts.example.com"),
				ClientId:              pulumi.String("your_client_id"),
				AuthorizationEndpoint: pulumi.String("https://accounts.example.com/o/oauth2/v2/auth"),
				Scopes: pulumi.StringArray{
					pulumi.String("openid"),
				},
				SigningKey: pulumi.String(json0),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Flexibleengine = Pulumi.Flexibleengine;

return await Deployment.RunAsync(() => 
{
    var provider2 = new Flexibleengine.IdentityProvider("provider2", new()
    {
        Protocol = "oidc",
        OpenidConnectConfig = new Flexibleengine.Inputs.IdentityProviderOpenidConnectConfigArgs
        {
            AccessType = "program_console",
            ProviderUrl = "https://accounts.example.com",
            ClientId = "your_client_id",
            AuthorizationEndpoint = "https://accounts.example.com/o/oauth2/v2/auth",
            Scopes = new[]
            {
                "openid",
            },
            SigningKey = JsonSerializer.Serialize(new Dictionary<string, object?>
            {
                ["keys"] = new[]
                {
                    new Dictionary<string, object?>
                    {
                        ["alg"] = "RS256",
                        ["e"] = "AQAB",
                        ["kid"] = "...",
                        ["kty"] = "RSA",
                        ["n"] = "...",
                        ["use"] = "sig",
                    },
                },
            }),
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.flexibleengine.IdentityProvider;
import com.pulumi.flexibleengine.IdentityProviderArgs;
import com.pulumi.flexibleengine.inputs.IdentityProviderOpenidConnectConfigArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var provider2 = new IdentityProvider("provider2", IdentityProviderArgs.builder()
            .protocol("oidc")
            .openidConnectConfig(IdentityProviderOpenidConnectConfigArgs.builder()
                .accessType("program_console")
                .providerUrl("https://accounts.example.com")
                .clientId("your_client_id")
                .authorizationEndpoint("https://accounts.example.com/o/oauth2/v2/auth")
                .scopes("openid")
                .signingKey(serializeJson(
                    jsonObject(
                        jsonProperty("keys", jsonArray(jsonObject(
                            jsonProperty("alg", "RS256"),
                            jsonProperty("e", "AQAB"),
                            jsonProperty("kid", "..."),
                            jsonProperty("kty", "RSA"),
                            jsonProperty("n", "..."),
                            jsonProperty("use", "sig")
                        )))
                    )))
                .build())
            .build());

    }
}

resources:
  provider2:
    type: flexibleengine:IdentityProvider
    properties:
      protocol: oidc
      openidConnectConfig:
        accessType: program_console
        providerUrl: https://accounts.example.com
        clientId: your_client_id
        authorizationEndpoint: https://accounts.example.com/o/oauth2/v2/auth
        scopes:
          - openid
        signingKey:
          fn::toJSON:
            keys:
              - alg: RS256
                e: AQAB
                kid: '...'
                kty: RSA
                n: '...'
                use: sig

Create IdentityProvider Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new IdentityProvider(name: string, args: IdentityProviderArgs, opts?: CustomResourceOptions);

@overload
def IdentityProvider(resource_name: str,
                     args: IdentityProviderArgs,
                     opts: Optional[ResourceOptions] = None)

@overload
def IdentityProvider(resource_name: str,
                     opts: Optional[ResourceOptions] = None,
                     protocol: Optional[str] = None,
                     description: Optional[str] = None,
                     enabled: Optional[bool] = None,
                     identity_provider_id: Optional[str] = None,
                     metadata: Optional[str] = None,
                     name: Optional[str] = None,
                     openid_connect_config: Optional[IdentityProviderOpenidConnectConfigArgs] = None)

func NewIdentityProvider(ctx *Context, name string, args IdentityProviderArgs, opts ...ResourceOption) (*IdentityProvider, error)

public IdentityProvider(string name, IdentityProviderArgs args, CustomResourceOptions? opts = null)

public IdentityProvider(String name, IdentityProviderArgs args)
public IdentityProvider(String name, IdentityProviderArgs args, CustomResourceOptions options)

type: flexibleengine:IdentityProvider
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args IdentityProviderArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args IdentityProviderArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args IdentityProviderArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args IdentityProviderArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args IdentityProviderArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var identityProviderResource = new Flexibleengine.IdentityProvider("identityProviderResource", new()
{
    Protocol = "string",
    Description = "string",
    Enabled = false,
    IdentityProviderId = "string",
    Metadata = "string",
    Name = "string",
    OpenidConnectConfig = new Flexibleengine.Inputs.IdentityProviderOpenidConnectConfigArgs
    {
        AccessType = "string",
        ClientId = "string",
        ProviderUrl = "string",
        SigningKey = "string",
        AuthorizationEndpoint = "string",
        ResponseMode = "string",
        ResponseType = "string",
        Scopes = new[]
        {
            "string",
        },
    },
});

example, err := flexibleengine.NewIdentityProvider(ctx, "identityProviderResource", &flexibleengine.IdentityProviderArgs{
	Protocol:           pulumi.String("string"),
	Description:        pulumi.String("string"),
	Enabled:            pulumi.Bool(false),
	IdentityProviderId: pulumi.String("string"),
	Metadata:           pulumi.String("string"),
	Name:               pulumi.String("string"),
	OpenidConnectConfig: &flexibleengine.IdentityProviderOpenidConnectConfigArgs{
		AccessType:            pulumi.String("string"),
		ClientId:              pulumi.String("string"),
		ProviderUrl:           pulumi.String("string"),
		SigningKey:            pulumi.String("string"),
		AuthorizationEndpoint: pulumi.String("string"),
		ResponseMode:          pulumi.String("string"),
		ResponseType:          pulumi.String("string"),
		Scopes: pulumi.StringArray{
			pulumi.String("string"),
		},
	},
})

var identityProviderResource = new IdentityProvider("identityProviderResource", IdentityProviderArgs.builder()
    .protocol("string")
    .description("string")
    .enabled(false)
    .identityProviderId("string")
    .metadata("string")
    .name("string")
    .openidConnectConfig(IdentityProviderOpenidConnectConfigArgs.builder()
        .accessType("string")
        .clientId("string")
        .providerUrl("string")
        .signingKey("string")
        .authorizationEndpoint("string")
        .responseMode("string")
        .responseType("string")
        .scopes("string")
        .build())
    .build());

identity_provider_resource = flexibleengine.IdentityProvider("identityProviderResource",
    protocol="string",
    description="string",
    enabled=False,
    identity_provider_id="string",
    metadata="string",
    name="string",
    openid_connect_config={
        "access_type": "string",
        "client_id": "string",
        "provider_url": "string",
        "signing_key": "string",
        "authorization_endpoint": "string",
        "response_mode": "string",
        "response_type": "string",
        "scopes": ["string"],
    })

const identityProviderResource = new flexibleengine.IdentityProvider("identityProviderResource", {
    protocol: "string",
    description: "string",
    enabled: false,
    identityProviderId: "string",
    metadata: "string",
    name: "string",
    openidConnectConfig: {
        accessType: "string",
        clientId: "string",
        providerUrl: "string",
        signingKey: "string",
        authorizationEndpoint: "string",
        responseMode: "string",
        responseType: "string",
        scopes: ["string"],
    },
});

type: flexibleengine:IdentityProvider
properties:
    description: string
    enabled: false
    identityProviderId: string
    metadata: string
    name: string
    openidConnectConfig:
        accessType: string
        authorizationEndpoint: string
        clientId: string
        providerUrl: string
        responseMode: string
        responseType: string
        scopes:
            - string
        signingKey: string
    protocol: string

IdentityProvider Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The IdentityProvider resource accepts the following input properties:

Protocol string

Specifies the protocol of the identity provider. Valid values are saml and oidc. Changing this creates a new resource.

Description string

Specifies the description of the identity provider.

Enabled bool

Specifies the status for the identity provider. Defaults to true.

IdentityProviderId string

The resource ID which equals to the name.

Metadata string

Specifies the metadata of the IDP(Identity Provider) server. To obtain the metadata file of your enterprise IDP, contact the enterprise administrator. This field is used to import a metadata file to IAM to implement federated identity authentication. This field is required only if the protocol is set to saml. The maximum length is 30,000 characters and it stores in the state with SHA1 algorithm.

Name string

Specifies the name of the identity provider to be registered. The maximum length is 64 characters. Only letters, digits, underscores (_), and hyphens (-) are allowed. The name is unique, it is recommended to include domain name information. Changing this creates a new resource.

OpenidConnectConfig IdentityProviderOpenidConnectConfig

Specifies the description of the identity provider. This field is required only if the protocol is set to oidc. The openid_connect_config object structure is documented below.

The openid_connect_config block supports:

Protocol string

Specifies the protocol of the identity provider. Valid values are saml and oidc. Changing this creates a new resource.

Description string

Specifies the description of the identity provider.

Enabled bool

Specifies the status for the identity provider. Defaults to true.

IdentityProviderId string

The resource ID which equals to the name.

Metadata string

Name string

OpenidConnectConfig IdentityProviderOpenidConnectConfigArgs

Specifies the description of the identity provider. This field is required only if the protocol is set to oidc. The openid_connect_config object structure is documented below.

The openid_connect_config block supports:

protocol String

Specifies the protocol of the identity provider. Valid values are saml and oidc. Changing this creates a new resource.

description String

Specifies the description of the identity provider.

enabled Boolean

Specifies the status for the identity provider. Defaults to true.

identityProviderId String

The resource ID which equals to the name.

metadata String

name String

openidConnectConfig IdentityProviderOpenidConnectConfig

Specifies the description of the identity provider. This field is required only if the protocol is set to oidc. The openid_connect_config object structure is documented below.

The openid_connect_config block supports:

protocol string

Specifies the protocol of the identity provider. Valid values are saml and oidc. Changing this creates a new resource.

description string

Specifies the description of the identity provider.

enabled boolean

Specifies the status for the identity provider. Defaults to true.

identityProviderId string

The resource ID which equals to the name.

metadata string

name string

openidConnectConfig IdentityProviderOpenidConnectConfig

Specifies the description of the identity provider. This field is required only if the protocol is set to oidc. The openid_connect_config object structure is documented below.

The openid_connect_config block supports:

protocol str

Specifies the protocol of the identity provider. Valid values are saml and oidc. Changing this creates a new resource.

description str

Specifies the description of the identity provider.

enabled bool

Specifies the status for the identity provider. Defaults to true.

identity_provider_id str

The resource ID which equals to the name.

metadata str

name str

openid_connect_config IdentityProviderOpenidConnectConfigArgs

Specifies the description of the identity provider. This field is required only if the protocol is set to oidc. The openid_connect_config object structure is documented below.

The openid_connect_config block supports:

protocol String

Specifies the protocol of the identity provider. Valid values are saml and oidc. Changing this creates a new resource.

description String

Specifies the description of the identity provider.

enabled Boolean

Specifies the status for the identity provider. Defaults to true.

identityProviderId String

The resource ID which equals to the name.

metadata String

name String

openidConnectConfig Property Map

Specifies the description of the identity provider. This field is required only if the protocol is set to oidc. The openid_connect_config object structure is documented below.

The openid_connect_config block supports:

Outputs

All input properties are implicitly available as output properties. Additionally, the IdentityProvider resource produces the following output properties:

ConversionRules List<IdentityProviderConversionRule>: The identity conversion rules of the identity provider. The conversion_rules object structure is documented below.
Id string: The provider-assigned unique ID for this managed resource.
LoginLink string: The login link of the identity provider.
SsoType string: The single sign-on type of the identity provider.

ConversionRules []IdentityProviderConversionRule: The identity conversion rules of the identity provider. The conversion_rules object structure is documented below.
Id string: The provider-assigned unique ID for this managed resource.
LoginLink string: The login link of the identity provider.
SsoType string: The single sign-on type of the identity provider.

conversionRules List<IdentityProviderConversionRule>: The identity conversion rules of the identity provider. The conversion_rules object structure is documented below.
id String: The provider-assigned unique ID for this managed resource.
loginLink String: The login link of the identity provider.
ssoType String: The single sign-on type of the identity provider.

conversionRules IdentityProviderConversionRule[]: The identity conversion rules of the identity provider. The conversion_rules object structure is documented below.
id string: The provider-assigned unique ID for this managed resource.
loginLink string: The login link of the identity provider.
ssoType string: The single sign-on type of the identity provider.

conversion_rules Sequence[IdentityProviderConversionRule]: The identity conversion rules of the identity provider. The conversion_rules object structure is documented below.
id str: The provider-assigned unique ID for this managed resource.
login_link str: The login link of the identity provider.
sso_type str: The single sign-on type of the identity provider.

conversionRules List<Property Map>: The identity conversion rules of the identity provider. The conversion_rules object structure is documented below.
id String: The provider-assigned unique ID for this managed resource.
loginLink String: The login link of the identity provider.
ssoType String: The single sign-on type of the identity provider.

Look up Existing IdentityProvider Resource

Get an existing IdentityProvider resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: IdentityProviderState, opts?: CustomResourceOptions): IdentityProvider

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        conversion_rules: Optional[Sequence[IdentityProviderConversionRuleArgs]] = None,
        description: Optional[str] = None,
        enabled: Optional[bool] = None,
        identity_provider_id: Optional[str] = None,
        login_link: Optional[str] = None,
        metadata: Optional[str] = None,
        name: Optional[str] = None,
        openid_connect_config: Optional[IdentityProviderOpenidConnectConfigArgs] = None,
        protocol: Optional[str] = None,
        sso_type: Optional[str] = None) -> IdentityProvider

func GetIdentityProvider(ctx *Context, name string, id IDInput, state *IdentityProviderState, opts ...ResourceOption) (*IdentityProvider, error)

public static IdentityProvider Get(string name, Input<string> id, IdentityProviderState? state, CustomResourceOptions? opts = null)

public static IdentityProvider get(String name, Output<String> id, IdentityProviderState state, CustomResourceOptions options)

resources:  _:    type: flexibleengine:IdentityProvider    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

ConversionRules List<IdentityProviderConversionRule>

The identity conversion rules of the identity provider. The conversion_rules object structure is documented below.

Description string

Specifies the description of the identity provider.

Enabled bool

Specifies the status for the identity provider. Defaults to true.

IdentityProviderId string

The resource ID which equals to the name.

LoginLink string

The login link of the identity provider.

Metadata string

Name string

OpenidConnectConfig IdentityProviderOpenidConnectConfig

Specifies the description of the identity provider. This field is required only if the protocol is set to oidc. The openid_connect_config object structure is documented below.

The openid_connect_config block supports:

Protocol string

Specifies the protocol of the identity provider. Valid values are saml and oidc. Changing this creates a new resource.

SsoType string

The single sign-on type of the identity provider.

ConversionRules []IdentityProviderConversionRuleArgs

The identity conversion rules of the identity provider. The conversion_rules object structure is documented below.

Description string

Specifies the description of the identity provider.

Enabled bool

Specifies the status for the identity provider. Defaults to true.

IdentityProviderId string

The resource ID which equals to the name.

LoginLink string

The login link of the identity provider.

Metadata string

Name string

OpenidConnectConfig IdentityProviderOpenidConnectConfigArgs

Specifies the description of the identity provider. This field is required only if the protocol is set to oidc. The openid_connect_config object structure is documented below.

The openid_connect_config block supports:

Protocol string

Specifies the protocol of the identity provider. Valid values are saml and oidc. Changing this creates a new resource.

SsoType string

The single sign-on type of the identity provider.

conversionRules List<IdentityProviderConversionRule>

The identity conversion rules of the identity provider. The conversion_rules object structure is documented below.

description String

Specifies the description of the identity provider.

enabled Boolean

Specifies the status for the identity provider. Defaults to true.

identityProviderId String

The resource ID which equals to the name.

loginLink String

The login link of the identity provider.

metadata String

name String

openidConnectConfig IdentityProviderOpenidConnectConfig

Specifies the description of the identity provider. This field is required only if the protocol is set to oidc. The openid_connect_config object structure is documented below.

The openid_connect_config block supports:

protocol String

Specifies the protocol of the identity provider. Valid values are saml and oidc. Changing this creates a new resource.

ssoType String

The single sign-on type of the identity provider.

conversionRules IdentityProviderConversionRule[]

The identity conversion rules of the identity provider. The conversion_rules object structure is documented below.

description string

Specifies the description of the identity provider.

enabled boolean

Specifies the status for the identity provider. Defaults to true.

identityProviderId string

The resource ID which equals to the name.

loginLink string

The login link of the identity provider.

metadata string

name string

openidConnectConfig IdentityProviderOpenidConnectConfig

Specifies the description of the identity provider. This field is required only if the protocol is set to oidc. The openid_connect_config object structure is documented below.

The openid_connect_config block supports:

protocol string

Specifies the protocol of the identity provider. Valid values are saml and oidc. Changing this creates a new resource.

ssoType string

The single sign-on type of the identity provider.

conversion_rules Sequence[IdentityProviderConversionRuleArgs]

The identity conversion rules of the identity provider. The conversion_rules object structure is documented below.

description str

Specifies the description of the identity provider.

enabled bool

Specifies the status for the identity provider. Defaults to true.

identity_provider_id str

The resource ID which equals to the name.

login_link str

The login link of the identity provider.

metadata str

name str

openid_connect_config IdentityProviderOpenidConnectConfigArgs

Specifies the description of the identity provider. This field is required only if the protocol is set to oidc. The openid_connect_config object structure is documented below.

The openid_connect_config block supports:

protocol str

Specifies the protocol of the identity provider. Valid values are saml and oidc. Changing this creates a new resource.

sso_type str

The single sign-on type of the identity provider.

conversionRules List<Property Map>

The identity conversion rules of the identity provider. The conversion_rules object structure is documented below.

description String

Specifies the description of the identity provider.

enabled Boolean

Specifies the status for the identity provider. Defaults to true.

identityProviderId String

The resource ID which equals to the name.

loginLink String

The login link of the identity provider.

metadata String

name String

openidConnectConfig Property Map

Specifies the description of the identity provider. This field is required only if the protocol is set to oidc. The openid_connect_config object structure is documented below.

The openid_connect_config block supports:

protocol String

Specifies the protocol of the identity provider. Valid values are saml and oidc. Changing this creates a new resource.

ssoType String

The single sign-on type of the identity provider.

Supporting Types

IdentityProviderConversionRule, IdentityProviderConversionRuleArgs

Locals List<IdentityProviderConversionRuleLocal>: The federated user information on the cloud platform. The local object structure is documented below.
Remotes List<IdentityProviderConversionRuleRemote>: The description of the identity provider. The remote object structure is documented below.

Locals []IdentityProviderConversionRuleLocal: The federated user information on the cloud platform. The local object structure is documented below.
Remotes []IdentityProviderConversionRuleRemote: The description of the identity provider. The remote object structure is documented below.

locals List<IdentityProviderConversionRuleLocal>: The federated user information on the cloud platform. The local object structure is documented below.
remotes List<IdentityProviderConversionRuleRemote>: The description of the identity provider. The remote object structure is documented below.

locals IdentityProviderConversionRuleLocal[]: The federated user information on the cloud platform. The local object structure is documented below.
remotes IdentityProviderConversionRuleRemote[]: The description of the identity provider. The remote object structure is documented below.

locals Sequence[IdentityProviderConversionRuleLocal]: The federated user information on the cloud platform. The local object structure is documented below.
remotes Sequence[IdentityProviderConversionRuleRemote]: The description of the identity provider. The remote object structure is documented below.

locals List<Property Map>: The federated user information on the cloud platform. The local object structure is documented below.
remotes List<Property Map>: The description of the identity provider. The remote object structure is documented below.

IdentityProviderConversionRuleLocal, IdentityProviderConversionRuleLocalArgs

Group string: The user group to which the federated user belongs on the cloud platform.
Username string: The name of a federated user on the cloud platform.

Group string: The user group to which the federated user belongs on the cloud platform.
Username string: The name of a federated user on the cloud platform.

group String: The user group to which the federated user belongs on the cloud platform.
username String: The name of a federated user on the cloud platform.

group string: The user group to which the federated user belongs on the cloud platform.
username string: The name of a federated user on the cloud platform.

group str: The user group to which the federated user belongs on the cloud platform.
username str: The name of a federated user on the cloud platform.

group String: The user group to which the federated user belongs on the cloud platform.
username String: The name of a federated user on the cloud platform.

IdentityProviderConversionRuleRemote, IdentityProviderConversionRuleRemoteArgs

Attribute string: The attribute in the IDP assertion.
Condition string: The condition of conversion rule.
Values List<string>: The rule is matched only if the specified strings appear in the attribute type.

Attribute string: The attribute in the IDP assertion.
Condition string: The condition of conversion rule.
Values []string: The rule is matched only if the specified strings appear in the attribute type.

attribute String: The attribute in the IDP assertion.
condition String: The condition of conversion rule.
values List<String>: The rule is matched only if the specified strings appear in the attribute type.

attribute string: The attribute in the IDP assertion.
condition string: The condition of conversion rule.
values string[]: The rule is matched only if the specified strings appear in the attribute type.

attribute str: The attribute in the IDP assertion.
condition str: The condition of conversion rule.
values Sequence[str]: The rule is matched only if the specified strings appear in the attribute type.

attribute String: The attribute in the IDP assertion.
condition String: The condition of conversion rule.
values List<String>: The rule is matched only if the specified strings appear in the attribute type.

IdentityProviderOpenidConnectConfig, IdentityProviderOpenidConnectConfigArgs

AccessType string: Specifies the access type of the identity provider. Available options are:
ClientId string: Specifies the ID of a client registered with the OpenID Connect identity provider.
ProviderUrl string: Specifies the URL of the identity provider. This field corresponds to the iss field in the ID token.
SigningKey string: Public key used to sign the ID token of the OpenID Connect identity provider. This field is required only if the protocol is set to oidc.
AuthorizationEndpoint string: Specifies the authorization endpoint of the OpenID Connect identity provider. This field is required only if the access type is set to program_console.
ResponseMode string: Response mode. Valid values is form_post and fragment, default value is form_post. This field is required only if the access type is set to program_console.
ResponseType string: Response type. Valid values is id_token, default value is id_token. This field is required only if the access type is set to program_console.
Scopes List<string>: Specifies the scopes of authorization requests. It is an array of one or more scopes. Valid values are openid, email, profile and other values defined by you. This field is required only if the access type is set to program_console.

AccessType string: Specifies the access type of the identity provider. Available options are:
ClientId string: Specifies the ID of a client registered with the OpenID Connect identity provider.
ProviderUrl string: Specifies the URL of the identity provider. This field corresponds to the iss field in the ID token.
SigningKey string: Public key used to sign the ID token of the OpenID Connect identity provider. This field is required only if the protocol is set to oidc.
AuthorizationEndpoint string: Specifies the authorization endpoint of the OpenID Connect identity provider. This field is required only if the access type is set to program_console.
ResponseMode string: Response mode. Valid values is form_post and fragment, default value is form_post. This field is required only if the access type is set to program_console.
ResponseType string: Response type. Valid values is id_token, default value is id_token. This field is required only if the access type is set to program_console.
Scopes []string: Specifies the scopes of authorization requests. It is an array of one or more scopes. Valid values are openid, email, profile and other values defined by you. This field is required only if the access type is set to program_console.

accessType String: Specifies the access type of the identity provider. Available options are:
clientId String: Specifies the ID of a client registered with the OpenID Connect identity provider.
providerUrl String: Specifies the URL of the identity provider. This field corresponds to the iss field in the ID token.
signingKey String: Public key used to sign the ID token of the OpenID Connect identity provider. This field is required only if the protocol is set to oidc.
authorizationEndpoint String: Specifies the authorization endpoint of the OpenID Connect identity provider. This field is required only if the access type is set to program_console.
responseMode String: Response mode. Valid values is form_post and fragment, default value is form_post. This field is required only if the access type is set to program_console.
responseType String: Response type. Valid values is id_token, default value is id_token. This field is required only if the access type is set to program_console.
scopes List<String>: Specifies the scopes of authorization requests. It is an array of one or more scopes. Valid values are openid, email, profile and other values defined by you. This field is required only if the access type is set to program_console.

accessType string: Specifies the access type of the identity provider. Available options are:
clientId string: Specifies the ID of a client registered with the OpenID Connect identity provider.
providerUrl string: Specifies the URL of the identity provider. This field corresponds to the iss field in the ID token.
signingKey string: Public key used to sign the ID token of the OpenID Connect identity provider. This field is required only if the protocol is set to oidc.
authorizationEndpoint string: Specifies the authorization endpoint of the OpenID Connect identity provider. This field is required only if the access type is set to program_console.
responseMode string: Response mode. Valid values is form_post and fragment, default value is form_post. This field is required only if the access type is set to program_console.
responseType string: Response type. Valid values is id_token, default value is id_token. This field is required only if the access type is set to program_console.
scopes string[]: Specifies the scopes of authorization requests. It is an array of one or more scopes. Valid values are openid, email, profile and other values defined by you. This field is required only if the access type is set to program_console.

access_type str: Specifies the access type of the identity provider. Available options are:
client_id str: Specifies the ID of a client registered with the OpenID Connect identity provider.
provider_url str: Specifies the URL of the identity provider. This field corresponds to the iss field in the ID token.
signing_key str: Public key used to sign the ID token of the OpenID Connect identity provider. This field is required only if the protocol is set to oidc.
authorization_endpoint str: Specifies the authorization endpoint of the OpenID Connect identity provider. This field is required only if the access type is set to program_console.
response_mode str: Response mode. Valid values is form_post and fragment, default value is form_post. This field is required only if the access type is set to program_console.
response_type str: Response type. Valid values is id_token, default value is id_token. This field is required only if the access type is set to program_console.
scopes Sequence[str]: Specifies the scopes of authorization requests. It is an array of one or more scopes. Valid values are openid, email, profile and other values defined by you. This field is required only if the access type is set to program_console.

accessType String: Specifies the access type of the identity provider. Available options are:
clientId String: Specifies the ID of a client registered with the OpenID Connect identity provider.
providerUrl String: Specifies the URL of the identity provider. This field corresponds to the iss field in the ID token.
signingKey String: Public key used to sign the ID token of the OpenID Connect identity provider. This field is required only if the protocol is set to oidc.
authorizationEndpoint String: Specifies the authorization endpoint of the OpenID Connect identity provider. This field is required only if the access type is set to program_console.
responseMode String: Response mode. Valid values is form_post and fragment, default value is form_post. This field is required only if the access type is set to program_console.
responseType String: Response type. Valid values is id_token, default value is id_token. This field is required only if the access type is set to program_console.
scopes List<String>: Specifies the scopes of authorization requests. It is an array of one or more scopes. Valid values are openid, email, profile and other values defined by you. This field is required only if the access type is set to program_console.

Import

Identity provider can be imported using the name, e.g.

$ pulumi import flexibleengine:index/identityProvider:IdentityProvider provider_1 example_com_provider_saml

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: flexibleengine flexibleenginecloud/terraform-provider-flexibleengine
License
Notes: This Pulumi package is based on the flexibleengine Terraform Provider.

flexibleengine 1.46.0 published on Monday, Apr 14, 2025 by flexibleenginecloud

flexibleenginecloud/terraform-provider-flexibleengine

flexibleengine.IdentityProvider

On this page

On this page

Example Usage

Create a SAML protocol provider

Create a OpenID Connect protocol provider

Create IdentityProvider Resource

Constructor syntax

Parameters

Constructor example

IdentityProvider Resource Properties

Inputs

Outputs

Look up Existing IdentityProvider Resource

Supporting Types

IdentityProviderConversionRule, IdentityProviderConversionRuleArgs

IdentityProviderConversionRuleLocal, IdentityProviderConversionRuleLocalArgs

IdentityProviderConversionRuleRemote, IdentityProviderConversionRuleRemoteArgs

IdentityProviderOpenidConnectConfig, IdentityProviderOpenidConnectConfigArgs

Import

Package Details

On this page

On this page