Google Cloud Native v0.30.0, Apr 14 23

google-native.cloudidentity/v1.InboundSsoAssignment

Explore with Pulumi AI

Creates an InboundSsoAssignment for users and devices in a Customer under a given Group or OrgUnit. Auto-naming is currently not supported for this resource.

Create InboundSsoAssignment Resource

new InboundSsoAssignment(name: string, args?: InboundSsoAssignmentArgs, opts?: CustomResourceOptions);

@overload
def InboundSsoAssignment(resource_name: str,
                         opts: Optional[ResourceOptions] = None,
                         customer: Optional[str] = None,
                         rank: Optional[int] = None,
                         saml_sso_info: Optional[SamlSsoInfoArgs] = None,
                         sign_in_behavior: Optional[SignInBehaviorArgs] = None,
                         sso_mode: Optional[InboundSsoAssignmentSsoMode] = None,
                         target_group: Optional[str] = None,
                         target_org_unit: Optional[str] = None)
@overload
def InboundSsoAssignment(resource_name: str,
                         args: Optional[InboundSsoAssignmentArgs] = None,
                         opts: Optional[ResourceOptions] = None)

func NewInboundSsoAssignment(ctx *Context, name string, args *InboundSsoAssignmentArgs, opts ...ResourceOption) (*InboundSsoAssignment, error)

public InboundSsoAssignment(string name, InboundSsoAssignmentArgs? args = null, CustomResourceOptions? opts = null)

public InboundSsoAssignment(String name, InboundSsoAssignmentArgs args)
public InboundSsoAssignment(String name, InboundSsoAssignmentArgs args, CustomResourceOptions options)

type: google-native:cloudidentity/v1:InboundSsoAssignment
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string: The unique name of the resource.
args InboundSsoAssignmentArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args InboundSsoAssignmentArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args InboundSsoAssignmentArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args InboundSsoAssignmentArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args InboundSsoAssignmentArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

InboundSsoAssignment Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The InboundSsoAssignment resource accepts the following input properties:

Customer string: Immutable. The customer. For example: customers/C0123abc.
Rank int: Must be zero (which is the default value so it can be omitted) for assignments with target_org_unit set and must be greater-than-or-equal-to one for assignments with target_group set.
SamlSsoInfo Pulumi.GoogleNative.CloudIdentity.V1.Inputs.SamlSsoInfoArgs: SAML SSO details. Must be set if and only if sso_mode is set to SAML_SSO.
SignInBehavior Pulumi.GoogleNative.CloudIdentity.V1.Inputs.SignInBehaviorArgs: Assertions about users assigned to an IdP will always be accepted from that IdP. This controls whether/when Google should redirect a user to the IdP. Unset (defaults) is the recommended configuration.
SsoMode Pulumi.GoogleNative.CloudIdentity.V1.InboundSsoAssignmentSsoMode: Inbound SSO behavior.
TargetGroup string: Immutable. Must be of the form groups/{group}.
TargetOrgUnit string: Immutable. Must be of the form orgUnits/{org_unit}.

Customer string: Immutable. The customer. For example: customers/C0123abc.
Rank int: Must be zero (which is the default value so it can be omitted) for assignments with target_org_unit set and must be greater-than-or-equal-to one for assignments with target_group set.
SamlSsoInfo SamlSsoInfoArgs: SAML SSO details. Must be set if and only if sso_mode is set to SAML_SSO.
SignInBehavior SignInBehaviorArgs: Assertions about users assigned to an IdP will always be accepted from that IdP. This controls whether/when Google should redirect a user to the IdP. Unset (defaults) is the recommended configuration.
SsoMode InboundSsoAssignmentSsoMode: Inbound SSO behavior.
TargetGroup string: Immutable. Must be of the form groups/{group}.
TargetOrgUnit string: Immutable. Must be of the form orgUnits/{org_unit}.

customer String: Immutable. The customer. For example: customers/C0123abc.
rank Integer: Must be zero (which is the default value so it can be omitted) for assignments with target_org_unit set and must be greater-than-or-equal-to one for assignments with target_group set.
samlSsoInfo SamlSsoInfoArgs: SAML SSO details. Must be set if and only if sso_mode is set to SAML_SSO.
signInBehavior SignInBehaviorArgs: Assertions about users assigned to an IdP will always be accepted from that IdP. This controls whether/when Google should redirect a user to the IdP. Unset (defaults) is the recommended configuration.
ssoMode InboundSsoAssignmentSsoMode: Inbound SSO behavior.
targetGroup String: Immutable. Must be of the form groups/{group}.
targetOrgUnit String: Immutable. Must be of the form orgUnits/{org_unit}.

customer string: Immutable. The customer. For example: customers/C0123abc.
rank number: Must be zero (which is the default value so it can be omitted) for assignments with target_org_unit set and must be greater-than-or-equal-to one for assignments with target_group set.
samlSsoInfo SamlSsoInfoArgs: SAML SSO details. Must be set if and only if sso_mode is set to SAML_SSO.
signInBehavior SignInBehaviorArgs: Assertions about users assigned to an IdP will always be accepted from that IdP. This controls whether/when Google should redirect a user to the IdP. Unset (defaults) is the recommended configuration.
ssoMode InboundSsoAssignmentSsoMode: Inbound SSO behavior.
targetGroup string: Immutable. Must be of the form groups/{group}.
targetOrgUnit string: Immutable. Must be of the form orgUnits/{org_unit}.

customer str: Immutable. The customer. For example: customers/C0123abc.
rank int: Must be zero (which is the default value so it can be omitted) for assignments with target_org_unit set and must be greater-than-or-equal-to one for assignments with target_group set.
saml_sso_info SamlSsoInfoArgs: SAML SSO details. Must be set if and only if sso_mode is set to SAML_SSO.
sign_in_behavior SignInBehaviorArgs: Assertions about users assigned to an IdP will always be accepted from that IdP. This controls whether/when Google should redirect a user to the IdP. Unset (defaults) is the recommended configuration.
sso_mode InboundSsoAssignmentSsoMode: Inbound SSO behavior.
target_group str: Immutable. Must be of the form groups/{group}.
target_org_unit str: Immutable. Must be of the form orgUnits/{org_unit}.

customer String: Immutable. The customer. For example: customers/C0123abc.
rank Number: Must be zero (which is the default value so it can be omitted) for assignments with target_org_unit set and must be greater-than-or-equal-to one for assignments with target_group set.
samlSsoInfo Property Map: SAML SSO details. Must be set if and only if sso_mode is set to SAML_SSO.
signInBehavior Property Map: Assertions about users assigned to an IdP will always be accepted from that IdP. This controls whether/when Google should redirect a user to the IdP. Unset (defaults) is the recommended configuration.
ssoMode "SSO_MODE_UNSPECIFIED" | "SSO_OFF" | "SAML_SSO" | "DOMAIN_WIDE_SAML_IF_ENABLED": Inbound SSO behavior.
targetGroup String: Immutable. Must be of the form groups/{group}.
targetOrgUnit String: Immutable. Must be of the form orgUnits/{org_unit}.

Outputs

All input properties are implicitly available as output properties. Additionally, the InboundSsoAssignment resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.
Name string: Resource name of the Inbound SSO Assignment.

Id string: The provider-assigned unique ID for this managed resource.
Name string: Resource name of the Inbound SSO Assignment.

id String: The provider-assigned unique ID for this managed resource.
name String: Resource name of the Inbound SSO Assignment.

id string: The provider-assigned unique ID for this managed resource.
name string: Resource name of the Inbound SSO Assignment.

id str: The provider-assigned unique ID for this managed resource.
name str: Resource name of the Inbound SSO Assignment.

id String: The provider-assigned unique ID for this managed resource.
name String: Resource name of the Inbound SSO Assignment.

Supporting Types

InboundSsoAssignmentSsoMode

SsoModeUnspecified: SSO_MODE_UNSPECIFIED
Not allowed.
SsoOff: SSO_OFF
Disable SSO for the targeted users.
SamlSso: SAML_SSO
Use an external SAML Identity Provider for SSO for the targeted users.
DomainWideSamlIfEnabled: DOMAIN_WIDE_SAML_IF_ENABLED
Use the domain-wide SAML Identity Provider for the targeted users if one is configured; otherwise, this is equivalent to SSO_OFF. Note that this will also be equivalent to SSO_OFF if/when support for domain-wide SAML is removed. Google may disallow this mode at that point and existing assignments with this mode may be automatically changed to SSO_OFF.

InboundSsoAssignmentSsoModeSsoModeUnspecified: SSO_MODE_UNSPECIFIED
Not allowed.
InboundSsoAssignmentSsoModeSsoOff: SSO_OFF
Disable SSO for the targeted users.
InboundSsoAssignmentSsoModeSamlSso: SAML_SSO
Use an external SAML Identity Provider for SSO for the targeted users.
InboundSsoAssignmentSsoModeDomainWideSamlIfEnabled: DOMAIN_WIDE_SAML_IF_ENABLED
Use the domain-wide SAML Identity Provider for the targeted users if one is configured; otherwise, this is equivalent to SSO_OFF. Note that this will also be equivalent to SSO_OFF if/when support for domain-wide SAML is removed. Google may disallow this mode at that point and existing assignments with this mode may be automatically changed to SSO_OFF.

SsoModeUnspecified: SSO_MODE_UNSPECIFIED
Not allowed.
SsoOff: SSO_OFF
Disable SSO for the targeted users.
SamlSso: SAML_SSO
Use an external SAML Identity Provider for SSO for the targeted users.
DomainWideSamlIfEnabled: DOMAIN_WIDE_SAML_IF_ENABLED
Use the domain-wide SAML Identity Provider for the targeted users if one is configured; otherwise, this is equivalent to SSO_OFF. Note that this will also be equivalent to SSO_OFF if/when support for domain-wide SAML is removed. Google may disallow this mode at that point and existing assignments with this mode may be automatically changed to SSO_OFF.

SsoModeUnspecified: SSO_MODE_UNSPECIFIED
Not allowed.
SsoOff: SSO_OFF
Disable SSO for the targeted users.
SamlSso: SAML_SSO
Use an external SAML Identity Provider for SSO for the targeted users.
DomainWideSamlIfEnabled: DOMAIN_WIDE_SAML_IF_ENABLED
Use the domain-wide SAML Identity Provider for the targeted users if one is configured; otherwise, this is equivalent to SSO_OFF. Note that this will also be equivalent to SSO_OFF if/when support for domain-wide SAML is removed. Google may disallow this mode at that point and existing assignments with this mode may be automatically changed to SSO_OFF.

SSO_MODE_UNSPECIFIED: SSO_MODE_UNSPECIFIED
Not allowed.
SSO_OFF: SSO_OFF
Disable SSO for the targeted users.
SAML_SSO: SAML_SSO
Use an external SAML Identity Provider for SSO for the targeted users.
DOMAIN_WIDE_SAML_IF_ENABLED: DOMAIN_WIDE_SAML_IF_ENABLED
Use the domain-wide SAML Identity Provider for the targeted users if one is configured; otherwise, this is equivalent to SSO_OFF. Note that this will also be equivalent to SSO_OFF if/when support for domain-wide SAML is removed. Google may disallow this mode at that point and existing assignments with this mode may be automatically changed to SSO_OFF.

"SSO_MODE_UNSPECIFIED": SSO_MODE_UNSPECIFIED
Not allowed.
"SSO_OFF": SSO_OFF
Disable SSO for the targeted users.
"SAML_SSO": SAML_SSO
Use an external SAML Identity Provider for SSO for the targeted users.
"DOMAIN_WIDE_SAML_IF_ENABLED": DOMAIN_WIDE_SAML_IF_ENABLED
Use the domain-wide SAML Identity Provider for the targeted users if one is configured; otherwise, this is equivalent to SSO_OFF. Note that this will also be equivalent to SSO_OFF if/when support for domain-wide SAML is removed. Google may disallow this mode at that point and existing assignments with this mode may be automatically changed to SSO_OFF.

SamlSsoInfo

InboundSamlSsoProfile string: Name of the InboundSamlSsoProfile to use. Must be of the form inboundSamlSsoProfiles/{inbound_saml_sso_profile}.

InboundSamlSsoProfile string: Name of the InboundSamlSsoProfile to use. Must be of the form inboundSamlSsoProfiles/{inbound_saml_sso_profile}.

inboundSamlSsoProfile String: Name of the InboundSamlSsoProfile to use. Must be of the form inboundSamlSsoProfiles/{inbound_saml_sso_profile}.

inboundSamlSsoProfile string: Name of the InboundSamlSsoProfile to use. Must be of the form inboundSamlSsoProfiles/{inbound_saml_sso_profile}.

inbound_saml_sso_profile str: Name of the InboundSamlSsoProfile to use. Must be of the form inboundSamlSsoProfiles/{inbound_saml_sso_profile}.

inboundSamlSsoProfile String: Name of the InboundSamlSsoProfile to use. Must be of the form inboundSamlSsoProfiles/{inbound_saml_sso_profile}.

SamlSsoInfoResponse

InboundSamlSsoProfile string: Name of the InboundSamlSsoProfile to use. Must be of the form inboundSamlSsoProfiles/{inbound_saml_sso_profile}.

InboundSamlSsoProfile string: Name of the InboundSamlSsoProfile to use. Must be of the form inboundSamlSsoProfiles/{inbound_saml_sso_profile}.

inboundSamlSsoProfile String: Name of the InboundSamlSsoProfile to use. Must be of the form inboundSamlSsoProfiles/{inbound_saml_sso_profile}.

inboundSamlSsoProfile string: Name of the InboundSamlSsoProfile to use. Must be of the form inboundSamlSsoProfiles/{inbound_saml_sso_profile}.

inbound_saml_sso_profile str: Name of the InboundSamlSsoProfile to use. Must be of the form inboundSamlSsoProfiles/{inbound_saml_sso_profile}.

inboundSamlSsoProfile String: Name of the InboundSamlSsoProfile to use. Must be of the form inboundSamlSsoProfiles/{inbound_saml_sso_profile}.

SignInBehavior

RedirectCondition Pulumi.GoogleNative.CloudIdentity.V1.SignInBehaviorRedirectCondition: When to redirect sign-ins to the IdP.

RedirectCondition SignInBehaviorRedirectCondition: When to redirect sign-ins to the IdP.

redirectCondition SignInBehaviorRedirectCondition: When to redirect sign-ins to the IdP.

redirectCondition SignInBehaviorRedirectCondition: When to redirect sign-ins to the IdP.

redirect_condition SignInBehaviorRedirectCondition: When to redirect sign-ins to the IdP.

redirectCondition "REDIRECT_CONDITION_UNSPECIFIED" | "NEVER": When to redirect sign-ins to the IdP.

SignInBehaviorRedirectCondition

RedirectConditionUnspecified: REDIRECT_CONDITION_UNSPECIFIED
Default and means "always"
Never: NEVER
Sign-in flows where the user is prompted for their identity will not redirect to the IdP (so the user will most likely be prompted by Google for a password), but special flows like IdP-initiated SAML and sign-in following automatic redirection to the IdP by domain-specific service URLs will accept the IdP's assertion of the user's identity.

SignInBehaviorRedirectConditionRedirectConditionUnspecified: REDIRECT_CONDITION_UNSPECIFIED
Default and means "always"
SignInBehaviorRedirectConditionNever: NEVER
Sign-in flows where the user is prompted for their identity will not redirect to the IdP (so the user will most likely be prompted by Google for a password), but special flows like IdP-initiated SAML and sign-in following automatic redirection to the IdP by domain-specific service URLs will accept the IdP's assertion of the user's identity.

RedirectConditionUnspecified: REDIRECT_CONDITION_UNSPECIFIED
Default and means "always"
Never: NEVER
Sign-in flows where the user is prompted for their identity will not redirect to the IdP (so the user will most likely be prompted by Google for a password), but special flows like IdP-initiated SAML and sign-in following automatic redirection to the IdP by domain-specific service URLs will accept the IdP's assertion of the user's identity.

RedirectConditionUnspecified: REDIRECT_CONDITION_UNSPECIFIED
Default and means "always"
Never: NEVER
Sign-in flows where the user is prompted for their identity will not redirect to the IdP (so the user will most likely be prompted by Google for a password), but special flows like IdP-initiated SAML and sign-in following automatic redirection to the IdP by domain-specific service URLs will accept the IdP's assertion of the user's identity.

REDIRECT_CONDITION_UNSPECIFIED: REDIRECT_CONDITION_UNSPECIFIED
Default and means "always"
NEVER: NEVER
Sign-in flows where the user is prompted for their identity will not redirect to the IdP (so the user will most likely be prompted by Google for a password), but special flows like IdP-initiated SAML and sign-in following automatic redirection to the IdP by domain-specific service URLs will accept the IdP's assertion of the user's identity.

"REDIRECT_CONDITION_UNSPECIFIED": REDIRECT_CONDITION_UNSPECIFIED
Default and means "always"
"NEVER": NEVER
Sign-in flows where the user is prompted for their identity will not redirect to the IdP (so the user will most likely be prompted by Google for a password), but special flows like IdP-initiated SAML and sign-in following automatic redirection to the IdP by domain-specific service URLs will accept the IdP's assertion of the user's identity.

SignInBehaviorResponse

RedirectCondition string: When to redirect sign-ins to the IdP.

RedirectCondition string: When to redirect sign-ins to the IdP.

redirectCondition String: When to redirect sign-ins to the IdP.

redirectCondition string: When to redirect sign-ins to the IdP.

redirect_condition str: When to redirect sign-ins to the IdP.

redirectCondition String: When to redirect sign-ins to the IdP.

Package Details

Repository: Google Cloud Native pulumi/pulumi-google-native
License: Apache-2.0