google-native logo
Google Cloud Native v0.30.0, Apr 14 23

google-native.cloudidentity/v1.InboundSsoAssignment

Explore with Pulumi AI

Creates an InboundSsoAssignment for users and devices in a Customer under a given Group or OrgUnit. Auto-naming is currently not supported for this resource.

Create InboundSsoAssignment Resource

new InboundSsoAssignment(name: string, args?: InboundSsoAssignmentArgs, opts?: CustomResourceOptions);
@overload
def InboundSsoAssignment(resource_name: str,
                         opts: Optional[ResourceOptions] = None,
                         customer: Optional[str] = None,
                         rank: Optional[int] = None,
                         saml_sso_info: Optional[SamlSsoInfoArgs] = None,
                         sign_in_behavior: Optional[SignInBehaviorArgs] = None,
                         sso_mode: Optional[InboundSsoAssignmentSsoMode] = None,
                         target_group: Optional[str] = None,
                         target_org_unit: Optional[str] = None)
@overload
def InboundSsoAssignment(resource_name: str,
                         args: Optional[InboundSsoAssignmentArgs] = None,
                         opts: Optional[ResourceOptions] = None)
func NewInboundSsoAssignment(ctx *Context, name string, args *InboundSsoAssignmentArgs, opts ...ResourceOption) (*InboundSsoAssignment, error)
public InboundSsoAssignment(string name, InboundSsoAssignmentArgs? args = null, CustomResourceOptions? opts = null)
public InboundSsoAssignment(String name, InboundSsoAssignmentArgs args)
public InboundSsoAssignment(String name, InboundSsoAssignmentArgs args, CustomResourceOptions options)
type: google-native:cloudidentity/v1:InboundSsoAssignment
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args InboundSsoAssignmentArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args InboundSsoAssignmentArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args InboundSsoAssignmentArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args InboundSsoAssignmentArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args InboundSsoAssignmentArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

InboundSsoAssignment Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The InboundSsoAssignment resource accepts the following input properties:

Customer string

Immutable. The customer. For example: customers/C0123abc.

Rank int

Must be zero (which is the default value so it can be omitted) for assignments with target_org_unit set and must be greater-than-or-equal-to one for assignments with target_group set.

SamlSsoInfo Pulumi.GoogleNative.CloudIdentity.V1.Inputs.SamlSsoInfoArgs

SAML SSO details. Must be set if and only if sso_mode is set to SAML_SSO.

SignInBehavior Pulumi.GoogleNative.CloudIdentity.V1.Inputs.SignInBehaviorArgs

Assertions about users assigned to an IdP will always be accepted from that IdP. This controls whether/when Google should redirect a user to the IdP. Unset (defaults) is the recommended configuration.

SsoMode Pulumi.GoogleNative.CloudIdentity.V1.InboundSsoAssignmentSsoMode

Inbound SSO behavior.

TargetGroup string

Immutable. Must be of the form groups/{group}.

TargetOrgUnit string

Immutable. Must be of the form orgUnits/{org_unit}.

Customer string

Immutable. The customer. For example: customers/C0123abc.

Rank int

Must be zero (which is the default value so it can be omitted) for assignments with target_org_unit set and must be greater-than-or-equal-to one for assignments with target_group set.

SamlSsoInfo SamlSsoInfoArgs

SAML SSO details. Must be set if and only if sso_mode is set to SAML_SSO.

SignInBehavior SignInBehaviorArgs

Assertions about users assigned to an IdP will always be accepted from that IdP. This controls whether/when Google should redirect a user to the IdP. Unset (defaults) is the recommended configuration.

SsoMode InboundSsoAssignmentSsoMode

Inbound SSO behavior.

TargetGroup string

Immutable. Must be of the form groups/{group}.

TargetOrgUnit string

Immutable. Must be of the form orgUnits/{org_unit}.

customer String

Immutable. The customer. For example: customers/C0123abc.

rank Integer

Must be zero (which is the default value so it can be omitted) for assignments with target_org_unit set and must be greater-than-or-equal-to one for assignments with target_group set.

samlSsoInfo SamlSsoInfoArgs

SAML SSO details. Must be set if and only if sso_mode is set to SAML_SSO.

signInBehavior SignInBehaviorArgs

Assertions about users assigned to an IdP will always be accepted from that IdP. This controls whether/when Google should redirect a user to the IdP. Unset (defaults) is the recommended configuration.

ssoMode InboundSsoAssignmentSsoMode

Inbound SSO behavior.

targetGroup String

Immutable. Must be of the form groups/{group}.

targetOrgUnit String

Immutable. Must be of the form orgUnits/{org_unit}.

customer string

Immutable. The customer. For example: customers/C0123abc.

rank number

Must be zero (which is the default value so it can be omitted) for assignments with target_org_unit set and must be greater-than-or-equal-to one for assignments with target_group set.

samlSsoInfo SamlSsoInfoArgs

SAML SSO details. Must be set if and only if sso_mode is set to SAML_SSO.

signInBehavior SignInBehaviorArgs

Assertions about users assigned to an IdP will always be accepted from that IdP. This controls whether/when Google should redirect a user to the IdP. Unset (defaults) is the recommended configuration.

ssoMode InboundSsoAssignmentSsoMode

Inbound SSO behavior.

targetGroup string

Immutable. Must be of the form groups/{group}.

targetOrgUnit string

Immutable. Must be of the form orgUnits/{org_unit}.

customer str

Immutable. The customer. For example: customers/C0123abc.

rank int

Must be zero (which is the default value so it can be omitted) for assignments with target_org_unit set and must be greater-than-or-equal-to one for assignments with target_group set.

saml_sso_info SamlSsoInfoArgs

SAML SSO details. Must be set if and only if sso_mode is set to SAML_SSO.

sign_in_behavior SignInBehaviorArgs

Assertions about users assigned to an IdP will always be accepted from that IdP. This controls whether/when Google should redirect a user to the IdP. Unset (defaults) is the recommended configuration.

sso_mode InboundSsoAssignmentSsoMode

Inbound SSO behavior.

target_group str

Immutable. Must be of the form groups/{group}.

target_org_unit str

Immutable. Must be of the form orgUnits/{org_unit}.

customer String

Immutable. The customer. For example: customers/C0123abc.

rank Number

Must be zero (which is the default value so it can be omitted) for assignments with target_org_unit set and must be greater-than-or-equal-to one for assignments with target_group set.

samlSsoInfo Property Map

SAML SSO details. Must be set if and only if sso_mode is set to SAML_SSO.

signInBehavior Property Map

Assertions about users assigned to an IdP will always be accepted from that IdP. This controls whether/when Google should redirect a user to the IdP. Unset (defaults) is the recommended configuration.

ssoMode "SSO_MODE_UNSPECIFIED" | "SSO_OFF" | "SAML_SSO" | "DOMAIN_WIDE_SAML_IF_ENABLED"

Inbound SSO behavior.

targetGroup String

Immutable. Must be of the form groups/{group}.

targetOrgUnit String

Immutable. Must be of the form orgUnits/{org_unit}.

Outputs

All input properties are implicitly available as output properties. Additionally, the InboundSsoAssignment resource produces the following output properties:

Id string

The provider-assigned unique ID for this managed resource.

Name string

Resource name of the Inbound SSO Assignment.

Id string

The provider-assigned unique ID for this managed resource.

Name string

Resource name of the Inbound SSO Assignment.

id String

The provider-assigned unique ID for this managed resource.

name String

Resource name of the Inbound SSO Assignment.

id string

The provider-assigned unique ID for this managed resource.

name string

Resource name of the Inbound SSO Assignment.

id str

The provider-assigned unique ID for this managed resource.

name str

Resource name of the Inbound SSO Assignment.

id String

The provider-assigned unique ID for this managed resource.

name String

Resource name of the Inbound SSO Assignment.

Supporting Types

InboundSsoAssignmentSsoMode

SsoModeUnspecified
SSO_MODE_UNSPECIFIED

Not allowed.

SsoOff
SSO_OFF

Disable SSO for the targeted users.

SamlSso
SAML_SSO

Use an external SAML Identity Provider for SSO for the targeted users.

DomainWideSamlIfEnabled
DOMAIN_WIDE_SAML_IF_ENABLED

Use the domain-wide SAML Identity Provider for the targeted users if one is configured; otherwise, this is equivalent to SSO_OFF. Note that this will also be equivalent to SSO_OFF if/when support for domain-wide SAML is removed. Google may disallow this mode at that point and existing assignments with this mode may be automatically changed to SSO_OFF.

InboundSsoAssignmentSsoModeSsoModeUnspecified
SSO_MODE_UNSPECIFIED

Not allowed.

InboundSsoAssignmentSsoModeSsoOff
SSO_OFF

Disable SSO for the targeted users.

InboundSsoAssignmentSsoModeSamlSso
SAML_SSO

Use an external SAML Identity Provider for SSO for the targeted users.

InboundSsoAssignmentSsoModeDomainWideSamlIfEnabled
DOMAIN_WIDE_SAML_IF_ENABLED

Use the domain-wide SAML Identity Provider for the targeted users if one is configured; otherwise, this is equivalent to SSO_OFF. Note that this will also be equivalent to SSO_OFF if/when support for domain-wide SAML is removed. Google may disallow this mode at that point and existing assignments with this mode may be automatically changed to SSO_OFF.

SsoModeUnspecified
SSO_MODE_UNSPECIFIED

Not allowed.

SsoOff
SSO_OFF

Disable SSO for the targeted users.

SamlSso
SAML_SSO

Use an external SAML Identity Provider for SSO for the targeted users.

DomainWideSamlIfEnabled
DOMAIN_WIDE_SAML_IF_ENABLED

Use the domain-wide SAML Identity Provider for the targeted users if one is configured; otherwise, this is equivalent to SSO_OFF. Note that this will also be equivalent to SSO_OFF if/when support for domain-wide SAML is removed. Google may disallow this mode at that point and existing assignments with this mode may be automatically changed to SSO_OFF.

SsoModeUnspecified
SSO_MODE_UNSPECIFIED

Not allowed.

SsoOff
SSO_OFF

Disable SSO for the targeted users.

SamlSso
SAML_SSO

Use an external SAML Identity Provider for SSO for the targeted users.

DomainWideSamlIfEnabled
DOMAIN_WIDE_SAML_IF_ENABLED

Use the domain-wide SAML Identity Provider for the targeted users if one is configured; otherwise, this is equivalent to SSO_OFF. Note that this will also be equivalent to SSO_OFF if/when support for domain-wide SAML is removed. Google may disallow this mode at that point and existing assignments with this mode may be automatically changed to SSO_OFF.

SSO_MODE_UNSPECIFIED
SSO_MODE_UNSPECIFIED

Not allowed.

SSO_OFF
SSO_OFF

Disable SSO for the targeted users.

SAML_SSO
SAML_SSO

Use an external SAML Identity Provider for SSO for the targeted users.

DOMAIN_WIDE_SAML_IF_ENABLED
DOMAIN_WIDE_SAML_IF_ENABLED

Use the domain-wide SAML Identity Provider for the targeted users if one is configured; otherwise, this is equivalent to SSO_OFF. Note that this will also be equivalent to SSO_OFF if/when support for domain-wide SAML is removed. Google may disallow this mode at that point and existing assignments with this mode may be automatically changed to SSO_OFF.

"SSO_MODE_UNSPECIFIED"
SSO_MODE_UNSPECIFIED

Not allowed.

"SSO_OFF"
SSO_OFF

Disable SSO for the targeted users.

"SAML_SSO"
SAML_SSO

Use an external SAML Identity Provider for SSO for the targeted users.

"DOMAIN_WIDE_SAML_IF_ENABLED"
DOMAIN_WIDE_SAML_IF_ENABLED

Use the domain-wide SAML Identity Provider for the targeted users if one is configured; otherwise, this is equivalent to SSO_OFF. Note that this will also be equivalent to SSO_OFF if/when support for domain-wide SAML is removed. Google may disallow this mode at that point and existing assignments with this mode may be automatically changed to SSO_OFF.

SamlSsoInfo

InboundSamlSsoProfile string

Name of the InboundSamlSsoProfile to use. Must be of the form inboundSamlSsoProfiles/{inbound_saml_sso_profile}.

InboundSamlSsoProfile string

Name of the InboundSamlSsoProfile to use. Must be of the form inboundSamlSsoProfiles/{inbound_saml_sso_profile}.

inboundSamlSsoProfile String

Name of the InboundSamlSsoProfile to use. Must be of the form inboundSamlSsoProfiles/{inbound_saml_sso_profile}.

inboundSamlSsoProfile string

Name of the InboundSamlSsoProfile to use. Must be of the form inboundSamlSsoProfiles/{inbound_saml_sso_profile}.

inbound_saml_sso_profile str

Name of the InboundSamlSsoProfile to use. Must be of the form inboundSamlSsoProfiles/{inbound_saml_sso_profile}.

inboundSamlSsoProfile String

Name of the InboundSamlSsoProfile to use. Must be of the form inboundSamlSsoProfiles/{inbound_saml_sso_profile}.

SamlSsoInfoResponse

InboundSamlSsoProfile string

Name of the InboundSamlSsoProfile to use. Must be of the form inboundSamlSsoProfiles/{inbound_saml_sso_profile}.

InboundSamlSsoProfile string

Name of the InboundSamlSsoProfile to use. Must be of the form inboundSamlSsoProfiles/{inbound_saml_sso_profile}.

inboundSamlSsoProfile String

Name of the InboundSamlSsoProfile to use. Must be of the form inboundSamlSsoProfiles/{inbound_saml_sso_profile}.

inboundSamlSsoProfile string

Name of the InboundSamlSsoProfile to use. Must be of the form inboundSamlSsoProfiles/{inbound_saml_sso_profile}.

inbound_saml_sso_profile str

Name of the InboundSamlSsoProfile to use. Must be of the form inboundSamlSsoProfiles/{inbound_saml_sso_profile}.

inboundSamlSsoProfile String

Name of the InboundSamlSsoProfile to use. Must be of the form inboundSamlSsoProfiles/{inbound_saml_sso_profile}.

SignInBehavior

RedirectCondition SignInBehaviorRedirectCondition

When to redirect sign-ins to the IdP.

redirectCondition SignInBehaviorRedirectCondition

When to redirect sign-ins to the IdP.

redirectCondition SignInBehaviorRedirectCondition

When to redirect sign-ins to the IdP.

redirect_condition SignInBehaviorRedirectCondition

When to redirect sign-ins to the IdP.

SignInBehaviorRedirectCondition

RedirectConditionUnspecified
REDIRECT_CONDITION_UNSPECIFIED

Default and means "always"

Never
NEVER

Sign-in flows where the user is prompted for their identity will not redirect to the IdP (so the user will most likely be prompted by Google for a password), but special flows like IdP-initiated SAML and sign-in following automatic redirection to the IdP by domain-specific service URLs will accept the IdP's assertion of the user's identity.

SignInBehaviorRedirectConditionRedirectConditionUnspecified
REDIRECT_CONDITION_UNSPECIFIED

Default and means "always"

SignInBehaviorRedirectConditionNever
NEVER

Sign-in flows where the user is prompted for their identity will not redirect to the IdP (so the user will most likely be prompted by Google for a password), but special flows like IdP-initiated SAML and sign-in following automatic redirection to the IdP by domain-specific service URLs will accept the IdP's assertion of the user's identity.

RedirectConditionUnspecified
REDIRECT_CONDITION_UNSPECIFIED

Default and means "always"

Never
NEVER

Sign-in flows where the user is prompted for their identity will not redirect to the IdP (so the user will most likely be prompted by Google for a password), but special flows like IdP-initiated SAML and sign-in following automatic redirection to the IdP by domain-specific service URLs will accept the IdP's assertion of the user's identity.

RedirectConditionUnspecified
REDIRECT_CONDITION_UNSPECIFIED

Default and means "always"

Never
NEVER

Sign-in flows where the user is prompted for their identity will not redirect to the IdP (so the user will most likely be prompted by Google for a password), but special flows like IdP-initiated SAML and sign-in following automatic redirection to the IdP by domain-specific service URLs will accept the IdP's assertion of the user's identity.

REDIRECT_CONDITION_UNSPECIFIED
REDIRECT_CONDITION_UNSPECIFIED

Default and means "always"

NEVER
NEVER

Sign-in flows where the user is prompted for their identity will not redirect to the IdP (so the user will most likely be prompted by Google for a password), but special flows like IdP-initiated SAML and sign-in following automatic redirection to the IdP by domain-specific service URLs will accept the IdP's assertion of the user's identity.

"REDIRECT_CONDITION_UNSPECIFIED"
REDIRECT_CONDITION_UNSPECIFIED

Default and means "always"

"NEVER"
NEVER

Sign-in flows where the user is prompted for their identity will not redirect to the IdP (so the user will most likely be prompted by Google for a password), but special flows like IdP-initiated SAML and sign-in following automatic redirection to the IdP by domain-specific service URLs will accept the IdP's assertion of the user's identity.

SignInBehaviorResponse

RedirectCondition string

When to redirect sign-ins to the IdP.

RedirectCondition string

When to redirect sign-ins to the IdP.

redirectCondition String

When to redirect sign-ins to the IdP.

redirectCondition string

When to redirect sign-ins to the IdP.

redirect_condition str

When to redirect sign-ins to the IdP.

redirectCondition String

When to redirect sign-ins to the IdP.

Package Details

Repository
Google Cloud Native pulumi/pulumi-google-native
License
Apache-2.0