Google Cloud Native v0.30.0, Apr 14 23
Google Cloud Native v0.30.0, Apr 14 23
google-native.cloudidentity/v1.InboundSsoAssignment
Explore with Pulumi AI
Creates an InboundSsoAssignment for users and devices in a Customer
under a given Group
or OrgUnit
.
Auto-naming is currently not supported for this resource.
Create InboundSsoAssignment Resource
new InboundSsoAssignment(name: string, args?: InboundSsoAssignmentArgs, opts?: CustomResourceOptions);
@overload
def InboundSsoAssignment(resource_name: str,
opts: Optional[ResourceOptions] = None,
customer: Optional[str] = None,
rank: Optional[int] = None,
saml_sso_info: Optional[SamlSsoInfoArgs] = None,
sign_in_behavior: Optional[SignInBehaviorArgs] = None,
sso_mode: Optional[InboundSsoAssignmentSsoMode] = None,
target_group: Optional[str] = None,
target_org_unit: Optional[str] = None)
@overload
def InboundSsoAssignment(resource_name: str,
args: Optional[InboundSsoAssignmentArgs] = None,
opts: Optional[ResourceOptions] = None)
func NewInboundSsoAssignment(ctx *Context, name string, args *InboundSsoAssignmentArgs, opts ...ResourceOption) (*InboundSsoAssignment, error)
public InboundSsoAssignment(string name, InboundSsoAssignmentArgs? args = null, CustomResourceOptions? opts = null)
public InboundSsoAssignment(String name, InboundSsoAssignmentArgs args)
public InboundSsoAssignment(String name, InboundSsoAssignmentArgs args, CustomResourceOptions options)
type: google-native:cloudidentity/v1:InboundSsoAssignment
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args InboundSsoAssignmentArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args InboundSsoAssignmentArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args InboundSsoAssignmentArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args InboundSsoAssignmentArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args InboundSsoAssignmentArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
InboundSsoAssignment Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The InboundSsoAssignment resource accepts the following input properties:
- Customer string
Immutable. The customer. For example:
customers/C0123abc
.- Rank int
Must be zero (which is the default value so it can be omitted) for assignments with
target_org_unit
set and must be greater-than-or-equal-to one for assignments withtarget_group
set.- Saml
Sso Pulumi.Info Google Native. Cloud Identity. V1. Inputs. Saml Sso Info Args SAML SSO details. Must be set if and only if
sso_mode
is set toSAML_SSO
.- Sign
In Pulumi.Behavior Google Native. Cloud Identity. V1. Inputs. Sign In Behavior Args Assertions about users assigned to an IdP will always be accepted from that IdP. This controls whether/when Google should redirect a user to the IdP. Unset (defaults) is the recommended configuration.
- Sso
Mode Pulumi.Google Native. Cloud Identity. V1. Inbound Sso Assignment Sso Mode Inbound SSO behavior.
- Target
Group string Immutable. Must be of the form
groups/{group}
.- Target
Org stringUnit Immutable. Must be of the form
orgUnits/{org_unit}
.
- Customer string
Immutable. The customer. For example:
customers/C0123abc
.- Rank int
Must be zero (which is the default value so it can be omitted) for assignments with
target_org_unit
set and must be greater-than-or-equal-to one for assignments withtarget_group
set.- Saml
Sso SamlInfo Sso Info Args SAML SSO details. Must be set if and only if
sso_mode
is set toSAML_SSO
.- Sign
In SignBehavior In Behavior Args Assertions about users assigned to an IdP will always be accepted from that IdP. This controls whether/when Google should redirect a user to the IdP. Unset (defaults) is the recommended configuration.
- Sso
Mode InboundSso Assignment Sso Mode Inbound SSO behavior.
- Target
Group string Immutable. Must be of the form
groups/{group}
.- Target
Org stringUnit Immutable. Must be of the form
orgUnits/{org_unit}
.
- customer String
Immutable. The customer. For example:
customers/C0123abc
.- rank Integer
Must be zero (which is the default value so it can be omitted) for assignments with
target_org_unit
set and must be greater-than-or-equal-to one for assignments withtarget_group
set.- saml
Sso SamlInfo Sso Info Args SAML SSO details. Must be set if and only if
sso_mode
is set toSAML_SSO
.- sign
In SignBehavior In Behavior Args Assertions about users assigned to an IdP will always be accepted from that IdP. This controls whether/when Google should redirect a user to the IdP. Unset (defaults) is the recommended configuration.
- sso
Mode InboundSso Assignment Sso Mode Inbound SSO behavior.
- target
Group String Immutable. Must be of the form
groups/{group}
.- target
Org StringUnit Immutable. Must be of the form
orgUnits/{org_unit}
.
- customer string
Immutable. The customer. For example:
customers/C0123abc
.- rank number
Must be zero (which is the default value so it can be omitted) for assignments with
target_org_unit
set and must be greater-than-or-equal-to one for assignments withtarget_group
set.- saml
Sso SamlInfo Sso Info Args SAML SSO details. Must be set if and only if
sso_mode
is set toSAML_SSO
.- sign
In SignBehavior In Behavior Args Assertions about users assigned to an IdP will always be accepted from that IdP. This controls whether/when Google should redirect a user to the IdP. Unset (defaults) is the recommended configuration.
- sso
Mode InboundSso Assignment Sso Mode Inbound SSO behavior.
- target
Group string Immutable. Must be of the form
groups/{group}
.- target
Org stringUnit Immutable. Must be of the form
orgUnits/{org_unit}
.
- customer str
Immutable. The customer. For example:
customers/C0123abc
.- rank int
Must be zero (which is the default value so it can be omitted) for assignments with
target_org_unit
set and must be greater-than-or-equal-to one for assignments withtarget_group
set.- saml_
sso_ Samlinfo Sso Info Args SAML SSO details. Must be set if and only if
sso_mode
is set toSAML_SSO
.- sign_
in_ Signbehavior In Behavior Args Assertions about users assigned to an IdP will always be accepted from that IdP. This controls whether/when Google should redirect a user to the IdP. Unset (defaults) is the recommended configuration.
- sso_
mode InboundSso Assignment Sso Mode Inbound SSO behavior.
- target_
group str Immutable. Must be of the form
groups/{group}
.- target_
org_ strunit Immutable. Must be of the form
orgUnits/{org_unit}
.
- customer String
Immutable. The customer. For example:
customers/C0123abc
.- rank Number
Must be zero (which is the default value so it can be omitted) for assignments with
target_org_unit
set and must be greater-than-or-equal-to one for assignments withtarget_group
set.- saml
Sso Property MapInfo SAML SSO details. Must be set if and only if
sso_mode
is set toSAML_SSO
.- sign
In Property MapBehavior Assertions about users assigned to an IdP will always be accepted from that IdP. This controls whether/when Google should redirect a user to the IdP. Unset (defaults) is the recommended configuration.
- sso
Mode "SSO_MODE_UNSPECIFIED" | "SSO_OFF" | "SAML_SSO" | "DOMAIN_WIDE_SAML_IF_ENABLED" Inbound SSO behavior.
- target
Group String Immutable. Must be of the form
groups/{group}
.- target
Org StringUnit Immutable. Must be of the form
orgUnits/{org_unit}
.
Outputs
All input properties are implicitly available as output properties. Additionally, the InboundSsoAssignment resource produces the following output properties:
- Id string
The provider-assigned unique ID for this managed resource.
- Name string
Resource name of the Inbound SSO Assignment.
- Id string
The provider-assigned unique ID for this managed resource.
- Name string
Resource name of the Inbound SSO Assignment.
- id String
The provider-assigned unique ID for this managed resource.
- name String
Resource name of the Inbound SSO Assignment.
- id string
The provider-assigned unique ID for this managed resource.
- name string
Resource name of the Inbound SSO Assignment.
- id str
The provider-assigned unique ID for this managed resource.
- name str
Resource name of the Inbound SSO Assignment.
- id String
The provider-assigned unique ID for this managed resource.
- name String
Resource name of the Inbound SSO Assignment.
Supporting Types
InboundSsoAssignmentSsoMode
- Sso
Mode Unspecified - SSO_MODE_UNSPECIFIED
Not allowed.
- Sso
Off - SSO_OFF
Disable SSO for the targeted users.
- Saml
Sso - SAML_SSO
Use an external SAML Identity Provider for SSO for the targeted users.
- Domain
Wide Saml If Enabled - DOMAIN_WIDE_SAML_IF_ENABLED
Use the domain-wide SAML Identity Provider for the targeted users if one is configured; otherwise, this is equivalent to
SSO_OFF
. Note that this will also be equivalent toSSO_OFF
if/when support for domain-wide SAML is removed. Google may disallow this mode at that point and existing assignments with this mode may be automatically changed toSSO_OFF
.
- Inbound
Sso Assignment Sso Mode Sso Mode Unspecified - SSO_MODE_UNSPECIFIED
Not allowed.
- Inbound
Sso Assignment Sso Mode Sso Off - SSO_OFF
Disable SSO for the targeted users.
- Inbound
Sso Assignment Sso Mode Saml Sso - SAML_SSO
Use an external SAML Identity Provider for SSO for the targeted users.
- Inbound
Sso Assignment Sso Mode Domain Wide Saml If Enabled - DOMAIN_WIDE_SAML_IF_ENABLED
Use the domain-wide SAML Identity Provider for the targeted users if one is configured; otherwise, this is equivalent to
SSO_OFF
. Note that this will also be equivalent toSSO_OFF
if/when support for domain-wide SAML is removed. Google may disallow this mode at that point and existing assignments with this mode may be automatically changed toSSO_OFF
.
- Sso
Mode Unspecified - SSO_MODE_UNSPECIFIED
Not allowed.
- Sso
Off - SSO_OFF
Disable SSO for the targeted users.
- Saml
Sso - SAML_SSO
Use an external SAML Identity Provider for SSO for the targeted users.
- Domain
Wide Saml If Enabled - DOMAIN_WIDE_SAML_IF_ENABLED
Use the domain-wide SAML Identity Provider for the targeted users if one is configured; otherwise, this is equivalent to
SSO_OFF
. Note that this will also be equivalent toSSO_OFF
if/when support for domain-wide SAML is removed. Google may disallow this mode at that point and existing assignments with this mode may be automatically changed toSSO_OFF
.
- Sso
Mode Unspecified - SSO_MODE_UNSPECIFIED
Not allowed.
- Sso
Off - SSO_OFF
Disable SSO for the targeted users.
- Saml
Sso - SAML_SSO
Use an external SAML Identity Provider for SSO for the targeted users.
- Domain
Wide Saml If Enabled - DOMAIN_WIDE_SAML_IF_ENABLED
Use the domain-wide SAML Identity Provider for the targeted users if one is configured; otherwise, this is equivalent to
SSO_OFF
. Note that this will also be equivalent toSSO_OFF
if/when support for domain-wide SAML is removed. Google may disallow this mode at that point and existing assignments with this mode may be automatically changed toSSO_OFF
.
- SSO_MODE_UNSPECIFIED
- SSO_MODE_UNSPECIFIED
Not allowed.
- SSO_OFF
- SSO_OFF
Disable SSO for the targeted users.
- SAML_SSO
- SAML_SSO
Use an external SAML Identity Provider for SSO for the targeted users.
- DOMAIN_WIDE_SAML_IF_ENABLED
- DOMAIN_WIDE_SAML_IF_ENABLED
Use the domain-wide SAML Identity Provider for the targeted users if one is configured; otherwise, this is equivalent to
SSO_OFF
. Note that this will also be equivalent toSSO_OFF
if/when support for domain-wide SAML is removed. Google may disallow this mode at that point and existing assignments with this mode may be automatically changed toSSO_OFF
.
- "SSO_MODE_UNSPECIFIED"
- SSO_MODE_UNSPECIFIED
Not allowed.
- "SSO_OFF"
- SSO_OFF
Disable SSO for the targeted users.
- "SAML_SSO"
- SAML_SSO
Use an external SAML Identity Provider for SSO for the targeted users.
- "DOMAIN_WIDE_SAML_IF_ENABLED"
- DOMAIN_WIDE_SAML_IF_ENABLED
Use the domain-wide SAML Identity Provider for the targeted users if one is configured; otherwise, this is equivalent to
SSO_OFF
. Note that this will also be equivalent toSSO_OFF
if/when support for domain-wide SAML is removed. Google may disallow this mode at that point and existing assignments with this mode may be automatically changed toSSO_OFF
.
SamlSsoInfo
- Inbound
Saml stringSso Profile Name of the
InboundSamlSsoProfile
to use. Must be of the forminboundSamlSsoProfiles/{inbound_saml_sso_profile}
.
- Inbound
Saml stringSso Profile Name of the
InboundSamlSsoProfile
to use. Must be of the forminboundSamlSsoProfiles/{inbound_saml_sso_profile}
.
- inbound
Saml StringSso Profile Name of the
InboundSamlSsoProfile
to use. Must be of the forminboundSamlSsoProfiles/{inbound_saml_sso_profile}
.
- inbound
Saml stringSso Profile Name of the
InboundSamlSsoProfile
to use. Must be of the forminboundSamlSsoProfiles/{inbound_saml_sso_profile}
.
- inbound_
saml_ strsso_ profile Name of the
InboundSamlSsoProfile
to use. Must be of the forminboundSamlSsoProfiles/{inbound_saml_sso_profile}
.
- inbound
Saml StringSso Profile Name of the
InboundSamlSsoProfile
to use. Must be of the forminboundSamlSsoProfiles/{inbound_saml_sso_profile}
.
SamlSsoInfoResponse
- Inbound
Saml stringSso Profile Name of the
InboundSamlSsoProfile
to use. Must be of the forminboundSamlSsoProfiles/{inbound_saml_sso_profile}
.
- Inbound
Saml stringSso Profile Name of the
InboundSamlSsoProfile
to use. Must be of the forminboundSamlSsoProfiles/{inbound_saml_sso_profile}
.
- inbound
Saml StringSso Profile Name of the
InboundSamlSsoProfile
to use. Must be of the forminboundSamlSsoProfiles/{inbound_saml_sso_profile}
.
- inbound
Saml stringSso Profile Name of the
InboundSamlSsoProfile
to use. Must be of the forminboundSamlSsoProfiles/{inbound_saml_sso_profile}
.
- inbound_
saml_ strsso_ profile Name of the
InboundSamlSsoProfile
to use. Must be of the forminboundSamlSsoProfiles/{inbound_saml_sso_profile}
.
- inbound
Saml StringSso Profile Name of the
InboundSamlSsoProfile
to use. Must be of the forminboundSamlSsoProfiles/{inbound_saml_sso_profile}
.
SignInBehavior
- Redirect
Condition Pulumi.Google Native. Cloud Identity. V1. Sign In Behavior Redirect Condition When to redirect sign-ins to the IdP.
- Redirect
Condition SignIn Behavior Redirect Condition When to redirect sign-ins to the IdP.
- redirect
Condition SignIn Behavior Redirect Condition When to redirect sign-ins to the IdP.
- redirect
Condition SignIn Behavior Redirect Condition When to redirect sign-ins to the IdP.
- redirect_
condition SignIn Behavior Redirect Condition When to redirect sign-ins to the IdP.
- redirect
Condition "REDIRECT_CONDITION_UNSPECIFIED" | "NEVER" When to redirect sign-ins to the IdP.
SignInBehaviorRedirectCondition
- Redirect
Condition Unspecified - REDIRECT_CONDITION_UNSPECIFIED
Default and means "always"
- Never
- NEVER
Sign-in flows where the user is prompted for their identity will not redirect to the IdP (so the user will most likely be prompted by Google for a password), but special flows like IdP-initiated SAML and sign-in following automatic redirection to the IdP by domain-specific service URLs will accept the IdP's assertion of the user's identity.
- Sign
In Behavior Redirect Condition Redirect Condition Unspecified - REDIRECT_CONDITION_UNSPECIFIED
Default and means "always"
- Sign
In Behavior Redirect Condition Never - NEVER
Sign-in flows where the user is prompted for their identity will not redirect to the IdP (so the user will most likely be prompted by Google for a password), but special flows like IdP-initiated SAML and sign-in following automatic redirection to the IdP by domain-specific service URLs will accept the IdP's assertion of the user's identity.
- Redirect
Condition Unspecified - REDIRECT_CONDITION_UNSPECIFIED
Default and means "always"
- Never
- NEVER
Sign-in flows where the user is prompted for their identity will not redirect to the IdP (so the user will most likely be prompted by Google for a password), but special flows like IdP-initiated SAML and sign-in following automatic redirection to the IdP by domain-specific service URLs will accept the IdP's assertion of the user's identity.
- Redirect
Condition Unspecified - REDIRECT_CONDITION_UNSPECIFIED
Default and means "always"
- Never
- NEVER
Sign-in flows where the user is prompted for their identity will not redirect to the IdP (so the user will most likely be prompted by Google for a password), but special flows like IdP-initiated SAML and sign-in following automatic redirection to the IdP by domain-specific service URLs will accept the IdP's assertion of the user's identity.
- REDIRECT_CONDITION_UNSPECIFIED
- REDIRECT_CONDITION_UNSPECIFIED
Default and means "always"
- NEVER
- NEVER
Sign-in flows where the user is prompted for their identity will not redirect to the IdP (so the user will most likely be prompted by Google for a password), but special flows like IdP-initiated SAML and sign-in following automatic redirection to the IdP by domain-specific service URLs will accept the IdP's assertion of the user's identity.
- "REDIRECT_CONDITION_UNSPECIFIED"
- REDIRECT_CONDITION_UNSPECIFIED
Default and means "always"
- "NEVER"
- NEVER
Sign-in flows where the user is prompted for their identity will not redirect to the IdP (so the user will most likely be prompted by Google for a password), but special flows like IdP-initiated SAML and sign-in following automatic redirection to the IdP by domain-specific service URLs will accept the IdP's assertion of the user's identity.
SignInBehaviorResponse
- Redirect
Condition string When to redirect sign-ins to the IdP.
- Redirect
Condition string When to redirect sign-ins to the IdP.
- redirect
Condition String When to redirect sign-ins to the IdP.
- redirect
Condition string When to redirect sign-ins to the IdP.
- redirect_
condition str When to redirect sign-ins to the IdP.
- redirect
Condition String When to redirect sign-ins to the IdP.
Package Details
- Repository
- Google Cloud Native pulumi/pulumi-google-native
- License
- Apache-2.0