Google Cloud Native v0.32.0, Nov 29 23

Google Cloud Native is in preview. Google Cloud Classic is fully supported.

Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi

pulumi/pulumi-google-native

google-native.cloudidentity/v1.InboundSsoAssignment

Explore with Pulumi AI

Google Cloud Native is in preview. Google Cloud Classic is fully supported.

Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi

pulumi/pulumi-google-native

Create InboundSsoAssignment Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new InboundSsoAssignment(name: string, args?: InboundSsoAssignmentArgs, opts?: CustomResourceOptions);

@overload
def InboundSsoAssignment(resource_name: str,
                         args: Optional[InboundSsoAssignmentArgs] = None,
                         opts: Optional[ResourceOptions] = None)

@overload
def InboundSsoAssignment(resource_name: str,
                         opts: Optional[ResourceOptions] = None,
                         customer: Optional[str] = None,
                         rank: Optional[int] = None,
                         saml_sso_info: Optional[SamlSsoInfoArgs] = None,
                         sign_in_behavior: Optional[SignInBehaviorArgs] = None,
                         sso_mode: Optional[InboundSsoAssignmentSsoMode] = None,
                         target_group: Optional[str] = None,
                         target_org_unit: Optional[str] = None)

func NewInboundSsoAssignment(ctx *Context, name string, args *InboundSsoAssignmentArgs, opts ...ResourceOption) (*InboundSsoAssignment, error)

public InboundSsoAssignment(string name, InboundSsoAssignmentArgs? args = null, CustomResourceOptions? opts = null)

public InboundSsoAssignment(String name, InboundSsoAssignmentArgs args)
public InboundSsoAssignment(String name, InboundSsoAssignmentArgs args, CustomResourceOptions options)

type: google-native:cloudidentity/v1:InboundSsoAssignment
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args InboundSsoAssignmentArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args InboundSsoAssignmentArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args InboundSsoAssignmentArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args InboundSsoAssignmentArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args InboundSsoAssignmentArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var inboundSsoAssignmentResource = new GoogleNative.CloudIdentity.V1.InboundSsoAssignment("inboundSsoAssignmentResource", new()
{
    Customer = "string",
    Rank = 0,
    SamlSsoInfo = new GoogleNative.CloudIdentity.V1.Inputs.SamlSsoInfoArgs
    {
        InboundSamlSsoProfile = "string",
    },
    SignInBehavior = new GoogleNative.CloudIdentity.V1.Inputs.SignInBehaviorArgs
    {
        RedirectCondition = GoogleNative.CloudIdentity.V1.SignInBehaviorRedirectCondition.RedirectConditionUnspecified,
    },
    SsoMode = GoogleNative.CloudIdentity.V1.InboundSsoAssignmentSsoMode.SsoModeUnspecified,
    TargetGroup = "string",
    TargetOrgUnit = "string",
});

example, err := cloudidentity.NewInboundSsoAssignment(ctx, "inboundSsoAssignmentResource", &cloudidentity.InboundSsoAssignmentArgs{
	Customer: pulumi.String("string"),
	Rank:     pulumi.Int(0),
	SamlSsoInfo: &cloudidentity.SamlSsoInfoArgs{
		InboundSamlSsoProfile: pulumi.String("string"),
	},
	SignInBehavior: &cloudidentity.SignInBehaviorArgs{
		RedirectCondition: cloudidentity.SignInBehaviorRedirectConditionRedirectConditionUnspecified,
	},
	SsoMode:       cloudidentity.InboundSsoAssignmentSsoModeSsoModeUnspecified,
	TargetGroup:   pulumi.String("string"),
	TargetOrgUnit: pulumi.String("string"),
})

var inboundSsoAssignmentResource = new com.pulumi.googlenative.cloudidentity_v1.InboundSsoAssignment("inboundSsoAssignmentResource", com.pulumi.googlenative.cloudidentity_v1.InboundSsoAssignmentArgs.builder()
    .customer("string")
    .rank(0)
    .samlSsoInfo(SamlSsoInfoArgs.builder()
        .inboundSamlSsoProfile("string")
        .build())
    .signInBehavior(SignInBehaviorArgs.builder()
        .redirectCondition("REDIRECT_CONDITION_UNSPECIFIED")
        .build())
    .ssoMode("SSO_MODE_UNSPECIFIED")
    .targetGroup("string")
    .targetOrgUnit("string")
    .build());

inbound_sso_assignment_resource = google_native.cloudidentity.v1.InboundSsoAssignment("inboundSsoAssignmentResource",
    customer="string",
    rank=0,
    saml_sso_info={
        "inbound_saml_sso_profile": "string",
    },
    sign_in_behavior={
        "redirect_condition": google_native.cloudidentity.v1.SignInBehaviorRedirectCondition.REDIRECT_CONDITION_UNSPECIFIED,
    },
    sso_mode=google_native.cloudidentity.v1.InboundSsoAssignmentSsoMode.SSO_MODE_UNSPECIFIED,
    target_group="string",
    target_org_unit="string")

const inboundSsoAssignmentResource = new google_native.cloudidentity.v1.InboundSsoAssignment("inboundSsoAssignmentResource", {
    customer: "string",
    rank: 0,
    samlSsoInfo: {
        inboundSamlSsoProfile: "string",
    },
    signInBehavior: {
        redirectCondition: google_native.cloudidentity.v1.SignInBehaviorRedirectCondition.RedirectConditionUnspecified,
    },
    ssoMode: google_native.cloudidentity.v1.InboundSsoAssignmentSsoMode.SsoModeUnspecified,
    targetGroup: "string",
    targetOrgUnit: "string",
});

type: google-native:cloudidentity/v1:InboundSsoAssignment
properties:
    customer: string
    rank: 0
    samlSsoInfo:
        inboundSamlSsoProfile: string
    signInBehavior:
        redirectCondition: REDIRECT_CONDITION_UNSPECIFIED
    ssoMode: SSO_MODE_UNSPECIFIED
    targetGroup: string
    targetOrgUnit: string

InboundSsoAssignment Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The InboundSsoAssignment resource accepts the following input properties:

Customer string: Immutable. The customer. For example: customers/C0123abc.
Rank int: Must be zero (which is the default value so it can be omitted) for assignments with target_org_unit set and must be greater-than-or-equal-to one for assignments with target_group set.
SamlSsoInfo Pulumi.GoogleNative.CloudIdentity.V1.Inputs.SamlSsoInfo: SAML SSO details. Must be set if and only if sso_mode is set to SAML_SSO.
SignInBehavior Pulumi.GoogleNative.CloudIdentity.V1.Inputs.SignInBehavior: Assertions about users assigned to an IdP will always be accepted from that IdP. This controls whether/when Google should redirect a user to the IdP. Unset (defaults) is the recommended configuration.
SsoMode Pulumi.GoogleNative.CloudIdentity.V1.InboundSsoAssignmentSsoMode: Inbound SSO behavior.
TargetGroup string: Immutable. Must be of the form groups/{group}.
TargetOrgUnit string: Immutable. Must be of the form orgUnits/{org_unit}.

Customer string: Immutable. The customer. For example: customers/C0123abc.
Rank int: Must be zero (which is the default value so it can be omitted) for assignments with target_org_unit set and must be greater-than-or-equal-to one for assignments with target_group set.
SamlSsoInfo SamlSsoInfoArgs: SAML SSO details. Must be set if and only if sso_mode is set to SAML_SSO.
SignInBehavior SignInBehaviorArgs: Assertions about users assigned to an IdP will always be accepted from that IdP. This controls whether/when Google should redirect a user to the IdP. Unset (defaults) is the recommended configuration.
SsoMode InboundSsoAssignmentSsoMode: Inbound SSO behavior.
TargetGroup string: Immutable. Must be of the form groups/{group}.
TargetOrgUnit string: Immutable. Must be of the form orgUnits/{org_unit}.

customer String: Immutable. The customer. For example: customers/C0123abc.
rank Integer: Must be zero (which is the default value so it can be omitted) for assignments with target_org_unit set and must be greater-than-or-equal-to one for assignments with target_group set.
samlSsoInfo SamlSsoInfo: SAML SSO details. Must be set if and only if sso_mode is set to SAML_SSO.
signInBehavior SignInBehavior: Assertions about users assigned to an IdP will always be accepted from that IdP. This controls whether/when Google should redirect a user to the IdP. Unset (defaults) is the recommended configuration.
ssoMode InboundSsoAssignmentSsoMode: Inbound SSO behavior.
targetGroup String: Immutable. Must be of the form groups/{group}.
targetOrgUnit String: Immutable. Must be of the form orgUnits/{org_unit}.

customer string: Immutable. The customer. For example: customers/C0123abc.
rank number: Must be zero (which is the default value so it can be omitted) for assignments with target_org_unit set and must be greater-than-or-equal-to one for assignments with target_group set.
samlSsoInfo SamlSsoInfo: SAML SSO details. Must be set if and only if sso_mode is set to SAML_SSO.
signInBehavior SignInBehavior: Assertions about users assigned to an IdP will always be accepted from that IdP. This controls whether/when Google should redirect a user to the IdP. Unset (defaults) is the recommended configuration.
ssoMode InboundSsoAssignmentSsoMode: Inbound SSO behavior.
targetGroup string: Immutable. Must be of the form groups/{group}.
targetOrgUnit string: Immutable. Must be of the form orgUnits/{org_unit}.

customer str: Immutable. The customer. For example: customers/C0123abc.
rank int: Must be zero (which is the default value so it can be omitted) for assignments with target_org_unit set and must be greater-than-or-equal-to one for assignments with target_group set.
saml_sso_info SamlSsoInfoArgs: SAML SSO details. Must be set if and only if sso_mode is set to SAML_SSO.
sign_in_behavior SignInBehaviorArgs: Assertions about users assigned to an IdP will always be accepted from that IdP. This controls whether/when Google should redirect a user to the IdP. Unset (defaults) is the recommended configuration.
sso_mode InboundSsoAssignmentSsoMode: Inbound SSO behavior.
target_group str: Immutable. Must be of the form groups/{group}.
target_org_unit str: Immutable. Must be of the form orgUnits/{org_unit}.

customer String: Immutable. The customer. For example: customers/C0123abc.
rank Number: Must be zero (which is the default value so it can be omitted) for assignments with target_org_unit set and must be greater-than-or-equal-to one for assignments with target_group set.
samlSsoInfo Property Map: SAML SSO details. Must be set if and only if sso_mode is set to SAML_SSO.
signInBehavior Property Map: Assertions about users assigned to an IdP will always be accepted from that IdP. This controls whether/when Google should redirect a user to the IdP. Unset (defaults) is the recommended configuration.
ssoMode "SSO_MODE_UNSPECIFIED" | "SSO_OFF" | "SAML_SSO" | "DOMAIN_WIDE_SAML_IF_ENABLED": Inbound SSO behavior.
targetGroup String: Immutable. Must be of the form groups/{group}.
targetOrgUnit String: Immutable. Must be of the form orgUnits/{org_unit}.

Outputs

All input properties are implicitly available as output properties. Additionally, the InboundSsoAssignment resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.
Name string: Resource name of the Inbound SSO Assignment.

Id string: The provider-assigned unique ID for this managed resource.
Name string: Resource name of the Inbound SSO Assignment.

id String: The provider-assigned unique ID for this managed resource.
name String: Resource name of the Inbound SSO Assignment.

id string: The provider-assigned unique ID for this managed resource.
name string: Resource name of the Inbound SSO Assignment.

id str: The provider-assigned unique ID for this managed resource.
name str: Resource name of the Inbound SSO Assignment.

id String: The provider-assigned unique ID for this managed resource.
name String: Resource name of the Inbound SSO Assignment.

Supporting Types

InboundSsoAssignmentSsoMode, InboundSsoAssignmentSsoModeArgs

SsoModeUnspecified: SSO_MODE_UNSPECIFIEDNot allowed.
SsoOff: SSO_OFFDisable SSO for the targeted users.
SamlSso: SAML_SSOUse an external SAML Identity Provider for SSO for the targeted users.
DomainWideSamlIfEnabled: DOMAIN_WIDE_SAML_IF_ENABLEDUse the domain-wide SAML Identity Provider for the targeted users if one is configured; otherwise, this is equivalent to SSO_OFF. Note that this will also be equivalent to SSO_OFF if/when support for domain-wide SAML is removed. Google may disallow this mode at that point and existing assignments with this mode may be automatically changed to SSO_OFF.

InboundSsoAssignmentSsoModeSsoModeUnspecified: SSO_MODE_UNSPECIFIEDNot allowed.
InboundSsoAssignmentSsoModeSsoOff: SSO_OFFDisable SSO for the targeted users.
InboundSsoAssignmentSsoModeSamlSso: SAML_SSOUse an external SAML Identity Provider for SSO for the targeted users.
InboundSsoAssignmentSsoModeDomainWideSamlIfEnabled: DOMAIN_WIDE_SAML_IF_ENABLEDUse the domain-wide SAML Identity Provider for the targeted users if one is configured; otherwise, this is equivalent to SSO_OFF. Note that this will also be equivalent to SSO_OFF if/when support for domain-wide SAML is removed. Google may disallow this mode at that point and existing assignments with this mode may be automatically changed to SSO_OFF.

SsoModeUnspecified: SSO_MODE_UNSPECIFIEDNot allowed.
SsoOff: SSO_OFFDisable SSO for the targeted users.
SamlSso: SAML_SSOUse an external SAML Identity Provider for SSO for the targeted users.
DomainWideSamlIfEnabled: DOMAIN_WIDE_SAML_IF_ENABLEDUse the domain-wide SAML Identity Provider for the targeted users if one is configured; otherwise, this is equivalent to SSO_OFF. Note that this will also be equivalent to SSO_OFF if/when support for domain-wide SAML is removed. Google may disallow this mode at that point and existing assignments with this mode may be automatically changed to SSO_OFF.

SsoModeUnspecified: SSO_MODE_UNSPECIFIEDNot allowed.
SsoOff: SSO_OFFDisable SSO for the targeted users.
SamlSso: SAML_SSOUse an external SAML Identity Provider for SSO for the targeted users.
DomainWideSamlIfEnabled: DOMAIN_WIDE_SAML_IF_ENABLEDUse the domain-wide SAML Identity Provider for the targeted users if one is configured; otherwise, this is equivalent to SSO_OFF. Note that this will also be equivalent to SSO_OFF if/when support for domain-wide SAML is removed. Google may disallow this mode at that point and existing assignments with this mode may be automatically changed to SSO_OFF.

SSO_MODE_UNSPECIFIED: SSO_MODE_UNSPECIFIEDNot allowed.
SSO_OFF: SSO_OFFDisable SSO for the targeted users.
SAML_SSO: SAML_SSOUse an external SAML Identity Provider for SSO for the targeted users.
DOMAIN_WIDE_SAML_IF_ENABLED: DOMAIN_WIDE_SAML_IF_ENABLEDUse the domain-wide SAML Identity Provider for the targeted users if one is configured; otherwise, this is equivalent to SSO_OFF. Note that this will also be equivalent to SSO_OFF if/when support for domain-wide SAML is removed. Google may disallow this mode at that point and existing assignments with this mode may be automatically changed to SSO_OFF.

"SSO_MODE_UNSPECIFIED": SSO_MODE_UNSPECIFIEDNot allowed.
"SSO_OFF": SSO_OFFDisable SSO for the targeted users.
"SAML_SSO": SAML_SSOUse an external SAML Identity Provider for SSO for the targeted users.
"DOMAIN_WIDE_SAML_IF_ENABLED": DOMAIN_WIDE_SAML_IF_ENABLEDUse the domain-wide SAML Identity Provider for the targeted users if one is configured; otherwise, this is equivalent to SSO_OFF. Note that this will also be equivalent to SSO_OFF if/when support for domain-wide SAML is removed. Google may disallow this mode at that point and existing assignments with this mode may be automatically changed to SSO_OFF.

SamlSsoInfo, SamlSsoInfoArgs

InboundSamlSsoProfile string: Name of the InboundSamlSsoProfile to use. Must be of the form inboundSamlSsoProfiles/{inbound_saml_sso_profile}.

InboundSamlSsoProfile string: Name of the InboundSamlSsoProfile to use. Must be of the form inboundSamlSsoProfiles/{inbound_saml_sso_profile}.

inboundSamlSsoProfile String: Name of the InboundSamlSsoProfile to use. Must be of the form inboundSamlSsoProfiles/{inbound_saml_sso_profile}.

inboundSamlSsoProfile string: Name of the InboundSamlSsoProfile to use. Must be of the form inboundSamlSsoProfiles/{inbound_saml_sso_profile}.

inbound_saml_sso_profile str: Name of the InboundSamlSsoProfile to use. Must be of the form inboundSamlSsoProfiles/{inbound_saml_sso_profile}.

inboundSamlSsoProfile String: Name of the InboundSamlSsoProfile to use. Must be of the form inboundSamlSsoProfiles/{inbound_saml_sso_profile}.

SamlSsoInfoResponse, SamlSsoInfoResponseArgs

InboundSamlSsoProfile string: Name of the InboundSamlSsoProfile to use. Must be of the form inboundSamlSsoProfiles/{inbound_saml_sso_profile}.

InboundSamlSsoProfile string: Name of the InboundSamlSsoProfile to use. Must be of the form inboundSamlSsoProfiles/{inbound_saml_sso_profile}.

inboundSamlSsoProfile String: Name of the InboundSamlSsoProfile to use. Must be of the form inboundSamlSsoProfiles/{inbound_saml_sso_profile}.

inboundSamlSsoProfile string: Name of the InboundSamlSsoProfile to use. Must be of the form inboundSamlSsoProfiles/{inbound_saml_sso_profile}.

inbound_saml_sso_profile str: Name of the InboundSamlSsoProfile to use. Must be of the form inboundSamlSsoProfiles/{inbound_saml_sso_profile}.

inboundSamlSsoProfile String: Name of the InboundSamlSsoProfile to use. Must be of the form inboundSamlSsoProfiles/{inbound_saml_sso_profile}.

SignInBehavior, SignInBehaviorArgs

RedirectCondition Pulumi.GoogleNative.CloudIdentity.V1.SignInBehaviorRedirectCondition: When to redirect sign-ins to the IdP.

RedirectCondition SignInBehaviorRedirectCondition: When to redirect sign-ins to the IdP.

redirectCondition SignInBehaviorRedirectCondition: When to redirect sign-ins to the IdP.

redirectCondition SignInBehaviorRedirectCondition: When to redirect sign-ins to the IdP.

redirect_condition SignInBehaviorRedirectCondition: When to redirect sign-ins to the IdP.

redirectCondition "REDIRECT_CONDITION_UNSPECIFIED" | "NEVER": When to redirect sign-ins to the IdP.

SignInBehaviorRedirectCondition, SignInBehaviorRedirectConditionArgs

RedirectConditionUnspecified: REDIRECT_CONDITION_UNSPECIFIEDDefault and means "always"
Never: NEVERSign-in flows where the user is prompted for their identity will not redirect to the IdP (so the user will most likely be prompted by Google for a password), but special flows like IdP-initiated SAML and sign-in following automatic redirection to the IdP by domain-specific service URLs will accept the IdP's assertion of the user's identity.

SignInBehaviorRedirectConditionRedirectConditionUnspecified: REDIRECT_CONDITION_UNSPECIFIEDDefault and means "always"
SignInBehaviorRedirectConditionNever: NEVERSign-in flows where the user is prompted for their identity will not redirect to the IdP (so the user will most likely be prompted by Google for a password), but special flows like IdP-initiated SAML and sign-in following automatic redirection to the IdP by domain-specific service URLs will accept the IdP's assertion of the user's identity.

RedirectConditionUnspecified: REDIRECT_CONDITION_UNSPECIFIEDDefault and means "always"
Never: NEVERSign-in flows where the user is prompted for their identity will not redirect to the IdP (so the user will most likely be prompted by Google for a password), but special flows like IdP-initiated SAML and sign-in following automatic redirection to the IdP by domain-specific service URLs will accept the IdP's assertion of the user's identity.

RedirectConditionUnspecified: REDIRECT_CONDITION_UNSPECIFIEDDefault and means "always"
Never: NEVERSign-in flows where the user is prompted for their identity will not redirect to the IdP (so the user will most likely be prompted by Google for a password), but special flows like IdP-initiated SAML and sign-in following automatic redirection to the IdP by domain-specific service URLs will accept the IdP's assertion of the user's identity.

REDIRECT_CONDITION_UNSPECIFIED: REDIRECT_CONDITION_UNSPECIFIEDDefault and means "always"
NEVER: NEVERSign-in flows where the user is prompted for their identity will not redirect to the IdP (so the user will most likely be prompted by Google for a password), but special flows like IdP-initiated SAML and sign-in following automatic redirection to the IdP by domain-specific service URLs will accept the IdP's assertion of the user's identity.

"REDIRECT_CONDITION_UNSPECIFIED": REDIRECT_CONDITION_UNSPECIFIEDDefault and means "always"
"NEVER": NEVERSign-in flows where the user is prompted for their identity will not redirect to the IdP (so the user will most likely be prompted by Google for a password), but special flows like IdP-initiated SAML and sign-in following automatic redirection to the IdP by domain-specific service URLs will accept the IdP's assertion of the user's identity.

SignInBehaviorResponse, SignInBehaviorResponseArgs

RedirectCondition string: When to redirect sign-ins to the IdP.

RedirectCondition string: When to redirect sign-ins to the IdP.

redirectCondition String: When to redirect sign-ins to the IdP.

redirectCondition string: When to redirect sign-ins to the IdP.

redirect_condition str: When to redirect sign-ins to the IdP.

redirectCondition String: When to redirect sign-ins to the IdP.

Package Details

Repository: Google Cloud Native pulumi/pulumi-google-native
License: Apache-2.0

Google Cloud Native is in preview. Google Cloud Classic is fully supported.

Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi

pulumi/pulumi-google-native

google-native.cloudidentity/v1.InboundSsoAssignment

On this page

On this page

Create InboundSsoAssignment Resource

Constructor syntax

Parameters

Constructor example

InboundSsoAssignment Resource Properties

Inputs

Outputs

Supporting Types

InboundSsoAssignmentSsoMode, InboundSsoAssignmentSsoModeArgs

SamlSsoInfo, SamlSsoInfoArgs

SamlSsoInfoResponse, SamlSsoInfoResponseArgs

SignInBehavior, SignInBehaviorArgs

SignInBehaviorRedirectCondition, SignInBehaviorRedirectConditionArgs

SignInBehaviorResponse, SignInBehaviorResponseArgs

Package Details

On this page

On this page