1. Packages
  2. Google Cloud Native
  3. API Docs
  4. cloudidentity
  5. cloudidentity/v1
  6. InboundSsoAssignment

Google Cloud Native is in preview. Google Cloud Classic is fully supported.

Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi

google-native.cloudidentity/v1.InboundSsoAssignment

Explore with Pulumi AI

google-native logo

Google Cloud Native is in preview. Google Cloud Classic is fully supported.

Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi

    Creates an InboundSsoAssignment for users and devices in a Customer under a given Group or OrgUnit. Auto-naming is currently not supported for this resource.

    Create InboundSsoAssignment Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new InboundSsoAssignment(name: string, args?: InboundSsoAssignmentArgs, opts?: CustomResourceOptions);
    @overload
    def InboundSsoAssignment(resource_name: str,
                             args: Optional[InboundSsoAssignmentArgs] = None,
                             opts: Optional[ResourceOptions] = None)
    
    @overload
    def InboundSsoAssignment(resource_name: str,
                             opts: Optional[ResourceOptions] = None,
                             customer: Optional[str] = None,
                             rank: Optional[int] = None,
                             saml_sso_info: Optional[SamlSsoInfoArgs] = None,
                             sign_in_behavior: Optional[SignInBehaviorArgs] = None,
                             sso_mode: Optional[InboundSsoAssignmentSsoMode] = None,
                             target_group: Optional[str] = None,
                             target_org_unit: Optional[str] = None)
    func NewInboundSsoAssignment(ctx *Context, name string, args *InboundSsoAssignmentArgs, opts ...ResourceOption) (*InboundSsoAssignment, error)
    public InboundSsoAssignment(string name, InboundSsoAssignmentArgs? args = null, CustomResourceOptions? opts = null)
    public InboundSsoAssignment(String name, InboundSsoAssignmentArgs args)
    public InboundSsoAssignment(String name, InboundSsoAssignmentArgs args, CustomResourceOptions options)
    
    type: google-native:cloudidentity/v1:InboundSsoAssignment
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args InboundSsoAssignmentArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args InboundSsoAssignmentArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args InboundSsoAssignmentArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args InboundSsoAssignmentArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args InboundSsoAssignmentArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Example

    The following reference example uses placeholder values for all input properties.

    var inboundSsoAssignmentResource = new GoogleNative.CloudIdentity.V1.InboundSsoAssignment("inboundSsoAssignmentResource", new()
    {
        Customer = "string",
        Rank = 0,
        SamlSsoInfo = new GoogleNative.CloudIdentity.V1.Inputs.SamlSsoInfoArgs
        {
            InboundSamlSsoProfile = "string",
        },
        SignInBehavior = new GoogleNative.CloudIdentity.V1.Inputs.SignInBehaviorArgs
        {
            RedirectCondition = GoogleNative.CloudIdentity.V1.SignInBehaviorRedirectCondition.RedirectConditionUnspecified,
        },
        SsoMode = GoogleNative.CloudIdentity.V1.InboundSsoAssignmentSsoMode.SsoModeUnspecified,
        TargetGroup = "string",
        TargetOrgUnit = "string",
    });
    
    example, err := cloudidentity.NewInboundSsoAssignment(ctx, "inboundSsoAssignmentResource", &cloudidentity.InboundSsoAssignmentArgs{
    Customer: pulumi.String("string"),
    Rank: pulumi.Int(0),
    SamlSsoInfo: &cloudidentity.SamlSsoInfoArgs{
    InboundSamlSsoProfile: pulumi.String("string"),
    },
    SignInBehavior: &cloudidentity.SignInBehaviorArgs{
    RedirectCondition: cloudidentity.SignInBehaviorRedirectConditionRedirectConditionUnspecified,
    },
    SsoMode: cloudidentity.InboundSsoAssignmentSsoModeSsoModeUnspecified,
    TargetGroup: pulumi.String("string"),
    TargetOrgUnit: pulumi.String("string"),
    })
    
    var inboundSsoAssignmentResource = new InboundSsoAssignment("inboundSsoAssignmentResource", InboundSsoAssignmentArgs.builder()
        .customer("string")
        .rank(0)
        .samlSsoInfo(SamlSsoInfoArgs.builder()
            .inboundSamlSsoProfile("string")
            .build())
        .signInBehavior(SignInBehaviorArgs.builder()
            .redirectCondition("REDIRECT_CONDITION_UNSPECIFIED")
            .build())
        .ssoMode("SSO_MODE_UNSPECIFIED")
        .targetGroup("string")
        .targetOrgUnit("string")
        .build());
    
    inbound_sso_assignment_resource = google_native.cloudidentity.v1.InboundSsoAssignment("inboundSsoAssignmentResource",
        customer="string",
        rank=0,
        saml_sso_info=google_native.cloudidentity.v1.SamlSsoInfoArgs(
            inbound_saml_sso_profile="string",
        ),
        sign_in_behavior=google_native.cloudidentity.v1.SignInBehaviorArgs(
            redirect_condition=google_native.cloudidentity.v1.SignInBehaviorRedirectCondition.REDIRECT_CONDITION_UNSPECIFIED,
        ),
        sso_mode=google_native.cloudidentity.v1.InboundSsoAssignmentSsoMode.SSO_MODE_UNSPECIFIED,
        target_group="string",
        target_org_unit="string")
    
    const inboundSsoAssignmentResource = new google_native.cloudidentity.v1.InboundSsoAssignment("inboundSsoAssignmentResource", {
        customer: "string",
        rank: 0,
        samlSsoInfo: {
            inboundSamlSsoProfile: "string",
        },
        signInBehavior: {
            redirectCondition: google_native.cloudidentity.v1.SignInBehaviorRedirectCondition.RedirectConditionUnspecified,
        },
        ssoMode: google_native.cloudidentity.v1.InboundSsoAssignmentSsoMode.SsoModeUnspecified,
        targetGroup: "string",
        targetOrgUnit: "string",
    });
    
    type: google-native:cloudidentity/v1:InboundSsoAssignment
    properties:
        customer: string
        rank: 0
        samlSsoInfo:
            inboundSamlSsoProfile: string
        signInBehavior:
            redirectCondition: REDIRECT_CONDITION_UNSPECIFIED
        ssoMode: SSO_MODE_UNSPECIFIED
        targetGroup: string
        targetOrgUnit: string
    

    InboundSsoAssignment Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The InboundSsoAssignment resource accepts the following input properties:

    Customer string
    Immutable. The customer. For example: customers/C0123abc.
    Rank int
    Must be zero (which is the default value so it can be omitted) for assignments with target_org_unit set and must be greater-than-or-equal-to one for assignments with target_group set.
    SamlSsoInfo Pulumi.GoogleNative.CloudIdentity.V1.Inputs.SamlSsoInfo
    SAML SSO details. Must be set if and only if sso_mode is set to SAML_SSO.
    SignInBehavior Pulumi.GoogleNative.CloudIdentity.V1.Inputs.SignInBehavior
    Assertions about users assigned to an IdP will always be accepted from that IdP. This controls whether/when Google should redirect a user to the IdP. Unset (defaults) is the recommended configuration.
    SsoMode Pulumi.GoogleNative.CloudIdentity.V1.InboundSsoAssignmentSsoMode
    Inbound SSO behavior.
    TargetGroup string
    Immutable. Must be of the form groups/{group}.
    TargetOrgUnit string
    Immutable. Must be of the form orgUnits/{org_unit}.
    Customer string
    Immutable. The customer. For example: customers/C0123abc.
    Rank int
    Must be zero (which is the default value so it can be omitted) for assignments with target_org_unit set and must be greater-than-or-equal-to one for assignments with target_group set.
    SamlSsoInfo SamlSsoInfoArgs
    SAML SSO details. Must be set if and only if sso_mode is set to SAML_SSO.
    SignInBehavior SignInBehaviorArgs
    Assertions about users assigned to an IdP will always be accepted from that IdP. This controls whether/when Google should redirect a user to the IdP. Unset (defaults) is the recommended configuration.
    SsoMode InboundSsoAssignmentSsoMode
    Inbound SSO behavior.
    TargetGroup string
    Immutable. Must be of the form groups/{group}.
    TargetOrgUnit string
    Immutable. Must be of the form orgUnits/{org_unit}.
    customer String
    Immutable. The customer. For example: customers/C0123abc.
    rank Integer
    Must be zero (which is the default value so it can be omitted) for assignments with target_org_unit set and must be greater-than-or-equal-to one for assignments with target_group set.
    samlSsoInfo SamlSsoInfo
    SAML SSO details. Must be set if and only if sso_mode is set to SAML_SSO.
    signInBehavior SignInBehavior
    Assertions about users assigned to an IdP will always be accepted from that IdP. This controls whether/when Google should redirect a user to the IdP. Unset (defaults) is the recommended configuration.
    ssoMode InboundSsoAssignmentSsoMode
    Inbound SSO behavior.
    targetGroup String
    Immutable. Must be of the form groups/{group}.
    targetOrgUnit String
    Immutable. Must be of the form orgUnits/{org_unit}.
    customer string
    Immutable. The customer. For example: customers/C0123abc.
    rank number
    Must be zero (which is the default value so it can be omitted) for assignments with target_org_unit set and must be greater-than-or-equal-to one for assignments with target_group set.
    samlSsoInfo SamlSsoInfo
    SAML SSO details. Must be set if and only if sso_mode is set to SAML_SSO.
    signInBehavior SignInBehavior
    Assertions about users assigned to an IdP will always be accepted from that IdP. This controls whether/when Google should redirect a user to the IdP. Unset (defaults) is the recommended configuration.
    ssoMode InboundSsoAssignmentSsoMode
    Inbound SSO behavior.
    targetGroup string
    Immutable. Must be of the form groups/{group}.
    targetOrgUnit string
    Immutable. Must be of the form orgUnits/{org_unit}.
    customer str
    Immutable. The customer. For example: customers/C0123abc.
    rank int
    Must be zero (which is the default value so it can be omitted) for assignments with target_org_unit set and must be greater-than-or-equal-to one for assignments with target_group set.
    saml_sso_info SamlSsoInfoArgs
    SAML SSO details. Must be set if and only if sso_mode is set to SAML_SSO.
    sign_in_behavior SignInBehaviorArgs
    Assertions about users assigned to an IdP will always be accepted from that IdP. This controls whether/when Google should redirect a user to the IdP. Unset (defaults) is the recommended configuration.
    sso_mode InboundSsoAssignmentSsoMode
    Inbound SSO behavior.
    target_group str
    Immutable. Must be of the form groups/{group}.
    target_org_unit str
    Immutable. Must be of the form orgUnits/{org_unit}.
    customer String
    Immutable. The customer. For example: customers/C0123abc.
    rank Number
    Must be zero (which is the default value so it can be omitted) for assignments with target_org_unit set and must be greater-than-or-equal-to one for assignments with target_group set.
    samlSsoInfo Property Map
    SAML SSO details. Must be set if and only if sso_mode is set to SAML_SSO.
    signInBehavior Property Map
    Assertions about users assigned to an IdP will always be accepted from that IdP. This controls whether/when Google should redirect a user to the IdP. Unset (defaults) is the recommended configuration.
    ssoMode "SSO_MODE_UNSPECIFIED" | "SSO_OFF" | "SAML_SSO" | "DOMAIN_WIDE_SAML_IF_ENABLED"
    Inbound SSO behavior.
    targetGroup String
    Immutable. Must be of the form groups/{group}.
    targetOrgUnit String
    Immutable. Must be of the form orgUnits/{org_unit}.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the InboundSsoAssignment resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Name string
    Resource name of the Inbound SSO Assignment.
    Id string
    The provider-assigned unique ID for this managed resource.
    Name string
    Resource name of the Inbound SSO Assignment.
    id String
    The provider-assigned unique ID for this managed resource.
    name String
    Resource name of the Inbound SSO Assignment.
    id string
    The provider-assigned unique ID for this managed resource.
    name string
    Resource name of the Inbound SSO Assignment.
    id str
    The provider-assigned unique ID for this managed resource.
    name str
    Resource name of the Inbound SSO Assignment.
    id String
    The provider-assigned unique ID for this managed resource.
    name String
    Resource name of the Inbound SSO Assignment.

    Supporting Types

    InboundSsoAssignmentSsoMode, InboundSsoAssignmentSsoModeArgs

    SsoModeUnspecified
    SSO_MODE_UNSPECIFIEDNot allowed.
    SsoOff
    SSO_OFFDisable SSO for the targeted users.
    SamlSso
    SAML_SSOUse an external SAML Identity Provider for SSO for the targeted users.
    DomainWideSamlIfEnabled
    DOMAIN_WIDE_SAML_IF_ENABLEDUse the domain-wide SAML Identity Provider for the targeted users if one is configured; otherwise, this is equivalent to SSO_OFF. Note that this will also be equivalent to SSO_OFF if/when support for domain-wide SAML is removed. Google may disallow this mode at that point and existing assignments with this mode may be automatically changed to SSO_OFF.
    InboundSsoAssignmentSsoModeSsoModeUnspecified
    SSO_MODE_UNSPECIFIEDNot allowed.
    InboundSsoAssignmentSsoModeSsoOff
    SSO_OFFDisable SSO for the targeted users.
    InboundSsoAssignmentSsoModeSamlSso
    SAML_SSOUse an external SAML Identity Provider for SSO for the targeted users.
    InboundSsoAssignmentSsoModeDomainWideSamlIfEnabled
    DOMAIN_WIDE_SAML_IF_ENABLEDUse the domain-wide SAML Identity Provider for the targeted users if one is configured; otherwise, this is equivalent to SSO_OFF. Note that this will also be equivalent to SSO_OFF if/when support for domain-wide SAML is removed. Google may disallow this mode at that point and existing assignments with this mode may be automatically changed to SSO_OFF.
    SsoModeUnspecified
    SSO_MODE_UNSPECIFIEDNot allowed.
    SsoOff
    SSO_OFFDisable SSO for the targeted users.
    SamlSso
    SAML_SSOUse an external SAML Identity Provider for SSO for the targeted users.
    DomainWideSamlIfEnabled
    DOMAIN_WIDE_SAML_IF_ENABLEDUse the domain-wide SAML Identity Provider for the targeted users if one is configured; otherwise, this is equivalent to SSO_OFF. Note that this will also be equivalent to SSO_OFF if/when support for domain-wide SAML is removed. Google may disallow this mode at that point and existing assignments with this mode may be automatically changed to SSO_OFF.
    SsoModeUnspecified
    SSO_MODE_UNSPECIFIEDNot allowed.
    SsoOff
    SSO_OFFDisable SSO for the targeted users.
    SamlSso
    SAML_SSOUse an external SAML Identity Provider for SSO for the targeted users.
    DomainWideSamlIfEnabled
    DOMAIN_WIDE_SAML_IF_ENABLEDUse the domain-wide SAML Identity Provider for the targeted users if one is configured; otherwise, this is equivalent to SSO_OFF. Note that this will also be equivalent to SSO_OFF if/when support for domain-wide SAML is removed. Google may disallow this mode at that point and existing assignments with this mode may be automatically changed to SSO_OFF.
    SSO_MODE_UNSPECIFIED
    SSO_MODE_UNSPECIFIEDNot allowed.
    SSO_OFF
    SSO_OFFDisable SSO for the targeted users.
    SAML_SSO
    SAML_SSOUse an external SAML Identity Provider for SSO for the targeted users.
    DOMAIN_WIDE_SAML_IF_ENABLED
    DOMAIN_WIDE_SAML_IF_ENABLEDUse the domain-wide SAML Identity Provider for the targeted users if one is configured; otherwise, this is equivalent to SSO_OFF. Note that this will also be equivalent to SSO_OFF if/when support for domain-wide SAML is removed. Google may disallow this mode at that point and existing assignments with this mode may be automatically changed to SSO_OFF.
    "SSO_MODE_UNSPECIFIED"
    SSO_MODE_UNSPECIFIEDNot allowed.
    "SSO_OFF"
    SSO_OFFDisable SSO for the targeted users.
    "SAML_SSO"
    SAML_SSOUse an external SAML Identity Provider for SSO for the targeted users.
    "DOMAIN_WIDE_SAML_IF_ENABLED"
    DOMAIN_WIDE_SAML_IF_ENABLEDUse the domain-wide SAML Identity Provider for the targeted users if one is configured; otherwise, this is equivalent to SSO_OFF. Note that this will also be equivalent to SSO_OFF if/when support for domain-wide SAML is removed. Google may disallow this mode at that point and existing assignments with this mode may be automatically changed to SSO_OFF.

    SamlSsoInfo, SamlSsoInfoArgs

    InboundSamlSsoProfile string
    Name of the InboundSamlSsoProfile to use. Must be of the form inboundSamlSsoProfiles/{inbound_saml_sso_profile}.
    InboundSamlSsoProfile string
    Name of the InboundSamlSsoProfile to use. Must be of the form inboundSamlSsoProfiles/{inbound_saml_sso_profile}.
    inboundSamlSsoProfile String
    Name of the InboundSamlSsoProfile to use. Must be of the form inboundSamlSsoProfiles/{inbound_saml_sso_profile}.
    inboundSamlSsoProfile string
    Name of the InboundSamlSsoProfile to use. Must be of the form inboundSamlSsoProfiles/{inbound_saml_sso_profile}.
    inbound_saml_sso_profile str
    Name of the InboundSamlSsoProfile to use. Must be of the form inboundSamlSsoProfiles/{inbound_saml_sso_profile}.
    inboundSamlSsoProfile String
    Name of the InboundSamlSsoProfile to use. Must be of the form inboundSamlSsoProfiles/{inbound_saml_sso_profile}.

    SamlSsoInfoResponse, SamlSsoInfoResponseArgs

    InboundSamlSsoProfile string
    Name of the InboundSamlSsoProfile to use. Must be of the form inboundSamlSsoProfiles/{inbound_saml_sso_profile}.
    InboundSamlSsoProfile string
    Name of the InboundSamlSsoProfile to use. Must be of the form inboundSamlSsoProfiles/{inbound_saml_sso_profile}.
    inboundSamlSsoProfile String
    Name of the InboundSamlSsoProfile to use. Must be of the form inboundSamlSsoProfiles/{inbound_saml_sso_profile}.
    inboundSamlSsoProfile string
    Name of the InboundSamlSsoProfile to use. Must be of the form inboundSamlSsoProfiles/{inbound_saml_sso_profile}.
    inbound_saml_sso_profile str
    Name of the InboundSamlSsoProfile to use. Must be of the form inboundSamlSsoProfiles/{inbound_saml_sso_profile}.
    inboundSamlSsoProfile String
    Name of the InboundSamlSsoProfile to use. Must be of the form inboundSamlSsoProfiles/{inbound_saml_sso_profile}.

    SignInBehavior, SignInBehaviorArgs

    RedirectCondition SignInBehaviorRedirectCondition
    When to redirect sign-ins to the IdP.
    redirectCondition SignInBehaviorRedirectCondition
    When to redirect sign-ins to the IdP.
    redirectCondition SignInBehaviorRedirectCondition
    When to redirect sign-ins to the IdP.
    redirect_condition SignInBehaviorRedirectCondition
    When to redirect sign-ins to the IdP.

    SignInBehaviorRedirectCondition, SignInBehaviorRedirectConditionArgs

    RedirectConditionUnspecified
    REDIRECT_CONDITION_UNSPECIFIEDDefault and means "always"
    Never
    NEVERSign-in flows where the user is prompted for their identity will not redirect to the IdP (so the user will most likely be prompted by Google for a password), but special flows like IdP-initiated SAML and sign-in following automatic redirection to the IdP by domain-specific service URLs will accept the IdP's assertion of the user's identity.
    SignInBehaviorRedirectConditionRedirectConditionUnspecified
    REDIRECT_CONDITION_UNSPECIFIEDDefault and means "always"
    SignInBehaviorRedirectConditionNever
    NEVERSign-in flows where the user is prompted for their identity will not redirect to the IdP (so the user will most likely be prompted by Google for a password), but special flows like IdP-initiated SAML and sign-in following automatic redirection to the IdP by domain-specific service URLs will accept the IdP's assertion of the user's identity.
    RedirectConditionUnspecified
    REDIRECT_CONDITION_UNSPECIFIEDDefault and means "always"
    Never
    NEVERSign-in flows where the user is prompted for their identity will not redirect to the IdP (so the user will most likely be prompted by Google for a password), but special flows like IdP-initiated SAML and sign-in following automatic redirection to the IdP by domain-specific service URLs will accept the IdP's assertion of the user's identity.
    RedirectConditionUnspecified
    REDIRECT_CONDITION_UNSPECIFIEDDefault and means "always"
    Never
    NEVERSign-in flows where the user is prompted for their identity will not redirect to the IdP (so the user will most likely be prompted by Google for a password), but special flows like IdP-initiated SAML and sign-in following automatic redirection to the IdP by domain-specific service URLs will accept the IdP's assertion of the user's identity.
    REDIRECT_CONDITION_UNSPECIFIED
    REDIRECT_CONDITION_UNSPECIFIEDDefault and means "always"
    NEVER
    NEVERSign-in flows where the user is prompted for their identity will not redirect to the IdP (so the user will most likely be prompted by Google for a password), but special flows like IdP-initiated SAML and sign-in following automatic redirection to the IdP by domain-specific service URLs will accept the IdP's assertion of the user's identity.
    "REDIRECT_CONDITION_UNSPECIFIED"
    REDIRECT_CONDITION_UNSPECIFIEDDefault and means "always"
    "NEVER"
    NEVERSign-in flows where the user is prompted for their identity will not redirect to the IdP (so the user will most likely be prompted by Google for a password), but special flows like IdP-initiated SAML and sign-in following automatic redirection to the IdP by domain-specific service URLs will accept the IdP's assertion of the user's identity.

    SignInBehaviorResponse, SignInBehaviorResponseArgs

    RedirectCondition string
    When to redirect sign-ins to the IdP.
    RedirectCondition string
    When to redirect sign-ins to the IdP.
    redirectCondition String
    When to redirect sign-ins to the IdP.
    redirectCondition string
    When to redirect sign-ins to the IdP.
    redirect_condition str
    When to redirect sign-ins to the IdP.
    redirectCondition String
    When to redirect sign-ins to the IdP.

    Package Details

    Repository
    Google Cloud Native pulumi/pulumi-google-native
    License
    Apache-2.0
    google-native logo

    Google Cloud Native is in preview. Google Cloud Classic is fully supported.

    Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi