Grafana v0.4.2, Apr 15 24

Grafana v0.4.2 published on Monday, Apr 15, 2024 by pulumiverse

grafana.SsoSettings

Explore with Pulumi AI

Grafana v0.4.2 published on Monday, Apr 15, 2024 by pulumiverse

Create SsoSettings Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new SsoSettings(name: string, args: SsoSettingsArgs, opts?: CustomResourceOptions);

@overload
def SsoSettings(resource_name: str,
                args: SsoSettingsArgs,
                opts: Optional[ResourceOptions] = None)

@overload
def SsoSettings(resource_name: str,
                opts: Optional[ResourceOptions] = None,
                oauth2_settings: Optional[SsoSettingsOauth2SettingsArgs] = None,
                provider_name: Optional[str] = None)

func NewSsoSettings(ctx *Context, name string, args SsoSettingsArgs, opts ...ResourceOption) (*SsoSettings, error)

public SsoSettings(string name, SsoSettingsArgs args, CustomResourceOptions? opts = null)

public SsoSettings(String name, SsoSettingsArgs args)
public SsoSettings(String name, SsoSettingsArgs args, CustomResourceOptions options)

type: grafana:SsoSettings
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args SsoSettingsArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args SsoSettingsArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args SsoSettingsArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args SsoSettingsArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args SsoSettingsArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Example

The following reference example uses placeholder values for all input properties.

var ssoSettingsResource = new Grafana.SsoSettings("ssoSettingsResource", new()
{
    Oauth2Settings = new Grafana.Inputs.SsoSettingsOauth2SettingsArgs
    {
        ClientId = "string",
        GroupsAttributePath = "string",
        UsePkce = false,
        AllowedGroups = "string",
        IdTokenAttributeName = "string",
        ApiUrl = "string",
        AuthStyle = "string",
        AuthUrl = "string",
        AutoLogin = false,
        AllowSignUp = false,
        ClientSecret = "string",
        Custom = 
        {
            { "string", "string" },
        },
        DefineAllowedGroups = false,
        DefineAllowedTeamsIds = false,
        EmailAttributeName = "string",
        EmailAttributePath = "string",
        EmptyScopes = false,
        Enabled = false,
        AllowAssignGrafanaAdmin = false,
        AllowedOrganizations = "string",
        AllowedDomains = "string",
        NameAttributePath = "string",
        Name = "string",
        RoleAttributePath = "string",
        RoleAttributeStrict = false,
        Scopes = "string",
        SignoutRedirectUrl = "string",
        SkipOrgRoleSync = false,
        TeamIds = "string",
        TeamIdsAttributePath = "string",
        TeamsUrl = "string",
        TlsClientCa = "string",
        TlsClientCert = "string",
        TlsClientKey = "string",
        TlsSkipVerifyInsecure = false,
        TokenUrl = "string",
        LoginAttributePath = "string",
        UseRefreshToken = false,
    },
    ProviderName = "string",
});

example, err := grafana.NewSsoSettings(ctx, "ssoSettingsResource", &grafana.SsoSettingsArgs{
	Oauth2Settings: &grafana.SsoSettingsOauth2SettingsArgs{
		ClientId:             pulumi.String("string"),
		GroupsAttributePath:  pulumi.String("string"),
		UsePkce:              pulumi.Bool(false),
		AllowedGroups:        pulumi.String("string"),
		IdTokenAttributeName: pulumi.String("string"),
		ApiUrl:               pulumi.String("string"),
		AuthStyle:            pulumi.String("string"),
		AuthUrl:              pulumi.String("string"),
		AutoLogin:            pulumi.Bool(false),
		AllowSignUp:          pulumi.Bool(false),
		ClientSecret:         pulumi.String("string"),
		Custom: pulumi.StringMap{
			"string": pulumi.String("string"),
		},
		DefineAllowedGroups:     pulumi.Bool(false),
		DefineAllowedTeamsIds:   pulumi.Bool(false),
		EmailAttributeName:      pulumi.String("string"),
		EmailAttributePath:      pulumi.String("string"),
		EmptyScopes:             pulumi.Bool(false),
		Enabled:                 pulumi.Bool(false),
		AllowAssignGrafanaAdmin: pulumi.Bool(false),
		AllowedOrganizations:    pulumi.String("string"),
		AllowedDomains:          pulumi.String("string"),
		NameAttributePath:       pulumi.String("string"),
		Name:                    pulumi.String("string"),
		RoleAttributePath:       pulumi.String("string"),
		RoleAttributeStrict:     pulumi.Bool(false),
		Scopes:                  pulumi.String("string"),
		SignoutRedirectUrl:      pulumi.String("string"),
		SkipOrgRoleSync:         pulumi.Bool(false),
		TeamIds:                 pulumi.String("string"),
		TeamIdsAttributePath:    pulumi.String("string"),
		TeamsUrl:                pulumi.String("string"),
		TlsClientCa:             pulumi.String("string"),
		TlsClientCert:           pulumi.String("string"),
		TlsClientKey:            pulumi.String("string"),
		TlsSkipVerifyInsecure:   pulumi.Bool(false),
		TokenUrl:                pulumi.String("string"),
		LoginAttributePath:      pulumi.String("string"),
		UseRefreshToken:         pulumi.Bool(false),
	},
	ProviderName: pulumi.String("string"),
})

var ssoSettingsResource = new SsoSettings("ssoSettingsResource", SsoSettingsArgs.builder()        
    .oauth2Settings(SsoSettingsOauth2SettingsArgs.builder()
        .clientId("string")
        .groupsAttributePath("string")
        .usePkce(false)
        .allowedGroups("string")
        .idTokenAttributeName("string")
        .apiUrl("string")
        .authStyle("string")
        .authUrl("string")
        .autoLogin(false)
        .allowSignUp(false)
        .clientSecret("string")
        .custom(Map.of("string", "string"))
        .defineAllowedGroups(false)
        .defineAllowedTeamsIds(false)
        .emailAttributeName("string")
        .emailAttributePath("string")
        .emptyScopes(false)
        .enabled(false)
        .allowAssignGrafanaAdmin(false)
        .allowedOrganizations("string")
        .allowedDomains("string")
        .nameAttributePath("string")
        .name("string")
        .roleAttributePath("string")
        .roleAttributeStrict(false)
        .scopes("string")
        .signoutRedirectUrl("string")
        .skipOrgRoleSync(false)
        .teamIds("string")
        .teamIdsAttributePath("string")
        .teamsUrl("string")
        .tlsClientCa("string")
        .tlsClientCert("string")
        .tlsClientKey("string")
        .tlsSkipVerifyInsecure(false)
        .tokenUrl("string")
        .loginAttributePath("string")
        .useRefreshToken(false)
        .build())
    .providerName("string")
    .build());

sso_settings_resource = grafana.SsoSettings("ssoSettingsResource",
    oauth2_settings=grafana.SsoSettingsOauth2SettingsArgs(
        client_id="string",
        groups_attribute_path="string",
        use_pkce=False,
        allowed_groups="string",
        id_token_attribute_name="string",
        api_url="string",
        auth_style="string",
        auth_url="string",
        auto_login=False,
        allow_sign_up=False,
        client_secret="string",
        custom={
            "string": "string",
        },
        define_allowed_groups=False,
        define_allowed_teams_ids=False,
        email_attribute_name="string",
        email_attribute_path="string",
        empty_scopes=False,
        enabled=False,
        allow_assign_grafana_admin=False,
        allowed_organizations="string",
        allowed_domains="string",
        name_attribute_path="string",
        name="string",
        role_attribute_path="string",
        role_attribute_strict=False,
        scopes="string",
        signout_redirect_url="string",
        skip_org_role_sync=False,
        team_ids="string",
        team_ids_attribute_path="string",
        teams_url="string",
        tls_client_ca="string",
        tls_client_cert="string",
        tls_client_key="string",
        tls_skip_verify_insecure=False,
        token_url="string",
        login_attribute_path="string",
        use_refresh_token=False,
    ),
    provider_name="string")

const ssoSettingsResource = new grafana.SsoSettings("ssoSettingsResource", {
    oauth2Settings: {
        clientId: "string",
        groupsAttributePath: "string",
        usePkce: false,
        allowedGroups: "string",
        idTokenAttributeName: "string",
        apiUrl: "string",
        authStyle: "string",
        authUrl: "string",
        autoLogin: false,
        allowSignUp: false,
        clientSecret: "string",
        custom: {
            string: "string",
        },
        defineAllowedGroups: false,
        defineAllowedTeamsIds: false,
        emailAttributeName: "string",
        emailAttributePath: "string",
        emptyScopes: false,
        enabled: false,
        allowAssignGrafanaAdmin: false,
        allowedOrganizations: "string",
        allowedDomains: "string",
        nameAttributePath: "string",
        name: "string",
        roleAttributePath: "string",
        roleAttributeStrict: false,
        scopes: "string",
        signoutRedirectUrl: "string",
        skipOrgRoleSync: false,
        teamIds: "string",
        teamIdsAttributePath: "string",
        teamsUrl: "string",
        tlsClientCa: "string",
        tlsClientCert: "string",
        tlsClientKey: "string",
        tlsSkipVerifyInsecure: false,
        tokenUrl: "string",
        loginAttributePath: "string",
        useRefreshToken: false,
    },
    providerName: "string",
});

type: grafana:SsoSettings
properties:
    oauth2Settings:
        allowAssignGrafanaAdmin: false
        allowSignUp: false
        allowedDomains: string
        allowedGroups: string
        allowedOrganizations: string
        apiUrl: string
        authStyle: string
        authUrl: string
        autoLogin: false
        clientId: string
        clientSecret: string
        custom:
            string: string
        defineAllowedGroups: false
        defineAllowedTeamsIds: false
        emailAttributeName: string
        emailAttributePath: string
        emptyScopes: false
        enabled: false
        groupsAttributePath: string
        idTokenAttributeName: string
        loginAttributePath: string
        name: string
        nameAttributePath: string
        roleAttributePath: string
        roleAttributeStrict: false
        scopes: string
        signoutRedirectUrl: string
        skipOrgRoleSync: false
        teamIds: string
        teamIdsAttributePath: string
        teamsUrl: string
        tlsClientCa: string
        tlsClientCert: string
        tlsClientKey: string
        tlsSkipVerifyInsecure: false
        tokenUrl: string
        usePkce: false
        useRefreshToken: false
    providerName: string

SsoSettings Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The SsoSettings resource accepts the following input properties:

Oauth2Settings Pulumiverse.Grafana.Inputs.SsoSettingsOauth2Settings: The SSO settings set.
ProviderName string: The name of the SSO provider. Supported values: github, gitlab, google, azuread, okta, generic_oauth.

Oauth2Settings SsoSettingsOauth2SettingsArgs: The SSO settings set.
ProviderName string: The name of the SSO provider. Supported values: github, gitlab, google, azuread, okta, generic_oauth.

oauth2Settings SsoSettingsOauth2Settings: The SSO settings set.
providerName String: The name of the SSO provider. Supported values: github, gitlab, google, azuread, okta, generic_oauth.

oauth2Settings SsoSettingsOauth2Settings: The SSO settings set.
providerName string: The name of the SSO provider. Supported values: github, gitlab, google, azuread, okta, generic_oauth.

oauth2_settings SsoSettingsOauth2SettingsArgs: The SSO settings set.
provider_name str: The name of the SSO provider. Supported values: github, gitlab, google, azuread, okta, generic_oauth.

oauth2Settings Property Map: The SSO settings set.
providerName String: The name of the SSO provider. Supported values: github, gitlab, google, azuread, okta, generic_oauth.

Outputs

All input properties are implicitly available as output properties. Additionally, the SsoSettings resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

Look up Existing SsoSettings Resource

Get an existing SsoSettings resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: SsoSettingsState, opts?: CustomResourceOptions): SsoSettings

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        oauth2_settings: Optional[SsoSettingsOauth2SettingsArgs] = None,
        provider_name: Optional[str] = None) -> SsoSettings

func GetSsoSettings(ctx *Context, name string, id IDInput, state *SsoSettingsState, opts ...ResourceOption) (*SsoSettings, error)

public static SsoSettings Get(string name, Input<string> id, SsoSettingsState? state, CustomResourceOptions? opts = null)

public static SsoSettings get(String name, Output<String> id, SsoSettingsState state, CustomResourceOptions options)

Resource lookup is not supported in YAML

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Oauth2Settings Pulumiverse.Grafana.Inputs.SsoSettingsOauth2Settings: The SSO settings set.
ProviderName string: The name of the SSO provider. Supported values: github, gitlab, google, azuread, okta, generic_oauth.

Oauth2Settings SsoSettingsOauth2SettingsArgs: The SSO settings set.
ProviderName string: The name of the SSO provider. Supported values: github, gitlab, google, azuread, okta, generic_oauth.

oauth2Settings SsoSettingsOauth2Settings: The SSO settings set.
providerName String: The name of the SSO provider. Supported values: github, gitlab, google, azuread, okta, generic_oauth.

oauth2Settings SsoSettingsOauth2Settings: The SSO settings set.
providerName string: The name of the SSO provider. Supported values: github, gitlab, google, azuread, okta, generic_oauth.

oauth2_settings SsoSettingsOauth2SettingsArgs: The SSO settings set.
provider_name str: The name of the SSO provider. Supported values: github, gitlab, google, azuread, okta, generic_oauth.

oauth2Settings Property Map: The SSO settings set.
providerName String: The name of the SSO provider. Supported values: github, gitlab, google, azuread, okta, generic_oauth.

Supporting Types

SsoSettingsOauth2Settings, SsoSettingsOauth2SettingsArgs

ClientId string: The client Id of your OAuth2 app.
AllowAssignGrafanaAdmin bool: If enabled, it will automatically sync the Grafana server administrator role.
AllowSignUp bool: If not enabled, only existing Grafana users can log in using OAuth.
AllowedDomains string: List of comma- or space-separated domains. The user should belong to at least one domain to log in.
AllowedGroups string: List of comma- or space-separated groups. The user should be a member of at least one group to log in. For Generic OAuth, if you configure allowed_groups, you must also configure groups_attribute_path.
AllowedOrganizations string: List of comma- or space-separated organizations. The user should be a member of at least one organization to log in.
ApiUrl string: The user information endpoint of your OAuth2 provider. Required for azuread, okta and generic_oauth providers.
AuthStyle string: It determines how client_id and client_secret are sent to Oauth2 provider. Possible values are AutoDetect, InParams, InHeader. Default is AutoDetect.
AuthUrl string: The authorization endpoint of your OAuth2 provider. Required for azuread, okta and generic_oauth providers.
AutoLogin bool: Log in automatically, skipping the login screen.
ClientSecret string: The client secret of your OAuth2 app.
Custom Dictionary<string, string>: Custom fields to configure for OAuth2 such as the force_use_graph_api field.
DefineAllowedGroups bool: Define allowed groups.
DefineAllowedTeamsIds bool: Define allowed teams ids.
EmailAttributeName string: Name of the key to use for user email lookup within the attributes map of OAuth2 ID token. Only applicable to Generic OAuth.
EmailAttributePath string: JMESPath expression to use for user email lookup from the user information. Only applicable to Generic OAuth.
EmptyScopes bool: If enabled, no scopes will be sent to the OAuth2 provider.
Enabled bool: Define whether this configuration is enabled for the specified provider.
GroupsAttributePath string: JMESPath expression to use for user group lookup. If you configure allowed_groups, you must also configure groups_attribute_path.
IdTokenAttributeName string: The name of the key used to extract the ID token from the returned OAuth2 token. Only applicable to Generic OAuth.
LoginAttributePath string: JMESPath expression to use for user login lookup from the user ID token. Only applicable to Generic OAuth.
Name string: Helpful if you use more than one identity providers or SSO protocols.
NameAttributePath string: JMESPath expression to use for user name lookup from the user ID token. This name will be used as the user’s display name. Only applicable to Generic OAuth.
RoleAttributePath string: JMESPath expression to use for Grafana role lookup.
RoleAttributeStrict bool: If enabled, denies user login if the Grafana role cannot be extracted using Role attribute path.
Scopes string: List of comma- or space-separated OAuth2 scopes.
SignoutRedirectUrl string: The URL to redirect the user to after signing out from Grafana.
SkipOrgRoleSync bool: Prevent synchronizing users’ organization roles from your IdP.
TeamIds string: String list of Team Ids. If set, the user must be a member of one of the given teams to log in. If you configure team_ids, you must also configure teams_url and team_ids_attribute_path.
TeamIdsAttributePath string: The JMESPath expression to use for Grafana Team Id lookup within the results returned by the teams_url endpoint. Only applicable to Generic OAuth.
TeamsUrl string: The URL used to query for Team Ids. If not set, the default value is /teams. If you configure teams_url, you must also configure team_ids_attribute_path. Only applicable to Generic OAuth.
TlsClientCa string: The path to the trusted certificate authority list. Is not applicable on Grafana Cloud.
TlsClientCert string: The path to the certificate. Is not applicable on Grafana Cloud.
TlsClientKey string: The path to the key. Is not applicable on Grafana Cloud.
TlsSkipVerifyInsecure bool: If enabled, the client accepts any certificate presented by the server and any host name in that certificate. You should only use this for testing, because this mode leaves SSL/TLS susceptible to man-in-the-middle attacks.
TokenUrl string: The token endpoint of your OAuth2 provider. Required for azuread, okta and generic_oauth providers.
UsePkce bool: If enabled, Grafana will use Proof Key for Code Exchange (PKCE) with the OAuth2 Authorization Code Grant.
UseRefreshToken bool: If enabled, Grafana will fetch a new access token using the refresh token provided by the OAuth2 provider.

ClientId string: The client Id of your OAuth2 app.
AllowAssignGrafanaAdmin bool: If enabled, it will automatically sync the Grafana server administrator role.
AllowSignUp bool: If not enabled, only existing Grafana users can log in using OAuth.
AllowedDomains string: List of comma- or space-separated domains. The user should belong to at least one domain to log in.
AllowedGroups string: List of comma- or space-separated groups. The user should be a member of at least one group to log in. For Generic OAuth, if you configure allowed_groups, you must also configure groups_attribute_path.
AllowedOrganizations string: List of comma- or space-separated organizations. The user should be a member of at least one organization to log in.
ApiUrl string: The user information endpoint of your OAuth2 provider. Required for azuread, okta and generic_oauth providers.
AuthStyle string: It determines how client_id and client_secret are sent to Oauth2 provider. Possible values are AutoDetect, InParams, InHeader. Default is AutoDetect.
AuthUrl string: The authorization endpoint of your OAuth2 provider. Required for azuread, okta and generic_oauth providers.
AutoLogin bool: Log in automatically, skipping the login screen.
ClientSecret string: The client secret of your OAuth2 app.
Custom map[string]string: Custom fields to configure for OAuth2 such as the force_use_graph_api field.
DefineAllowedGroups bool: Define allowed groups.
DefineAllowedTeamsIds bool: Define allowed teams ids.
EmailAttributeName string: Name of the key to use for user email lookup within the attributes map of OAuth2 ID token. Only applicable to Generic OAuth.
EmailAttributePath string: JMESPath expression to use for user email lookup from the user information. Only applicable to Generic OAuth.
EmptyScopes bool: If enabled, no scopes will be sent to the OAuth2 provider.
Enabled bool: Define whether this configuration is enabled for the specified provider.
GroupsAttributePath string: JMESPath expression to use for user group lookup. If you configure allowed_groups, you must also configure groups_attribute_path.
IdTokenAttributeName string: The name of the key used to extract the ID token from the returned OAuth2 token. Only applicable to Generic OAuth.
LoginAttributePath string: JMESPath expression to use for user login lookup from the user ID token. Only applicable to Generic OAuth.
Name string: Helpful if you use more than one identity providers or SSO protocols.
NameAttributePath string: JMESPath expression to use for user name lookup from the user ID token. This name will be used as the user’s display name. Only applicable to Generic OAuth.
RoleAttributePath string: JMESPath expression to use for Grafana role lookup.
RoleAttributeStrict bool: If enabled, denies user login if the Grafana role cannot be extracted using Role attribute path.
Scopes string: List of comma- or space-separated OAuth2 scopes.
SignoutRedirectUrl string: The URL to redirect the user to after signing out from Grafana.
SkipOrgRoleSync bool: Prevent synchronizing users’ organization roles from your IdP.
TeamIds string: String list of Team Ids. If set, the user must be a member of one of the given teams to log in. If you configure team_ids, you must also configure teams_url and team_ids_attribute_path.
TeamIdsAttributePath string: The JMESPath expression to use for Grafana Team Id lookup within the results returned by the teams_url endpoint. Only applicable to Generic OAuth.
TeamsUrl string: The URL used to query for Team Ids. If not set, the default value is /teams. If you configure teams_url, you must also configure team_ids_attribute_path. Only applicable to Generic OAuth.
TlsClientCa string: The path to the trusted certificate authority list. Is not applicable on Grafana Cloud.
TlsClientCert string: The path to the certificate. Is not applicable on Grafana Cloud.
TlsClientKey string: The path to the key. Is not applicable on Grafana Cloud.
TlsSkipVerifyInsecure bool: If enabled, the client accepts any certificate presented by the server and any host name in that certificate. You should only use this for testing, because this mode leaves SSL/TLS susceptible to man-in-the-middle attacks.
TokenUrl string: The token endpoint of your OAuth2 provider. Required for azuread, okta and generic_oauth providers.
UsePkce bool: If enabled, Grafana will use Proof Key for Code Exchange (PKCE) with the OAuth2 Authorization Code Grant.
UseRefreshToken bool: If enabled, Grafana will fetch a new access token using the refresh token provided by the OAuth2 provider.

clientId String: The client Id of your OAuth2 app.
allowAssignGrafanaAdmin Boolean: If enabled, it will automatically sync the Grafana server administrator role.
allowSignUp Boolean: If not enabled, only existing Grafana users can log in using OAuth.
allowedDomains String: List of comma- or space-separated domains. The user should belong to at least one domain to log in.
allowedGroups String: List of comma- or space-separated groups. The user should be a member of at least one group to log in. For Generic OAuth, if you configure allowed_groups, you must also configure groups_attribute_path.
allowedOrganizations String: List of comma- or space-separated organizations. The user should be a member of at least one organization to log in.
apiUrl String: The user information endpoint of your OAuth2 provider. Required for azuread, okta and generic_oauth providers.
authStyle String: It determines how client_id and client_secret are sent to Oauth2 provider. Possible values are AutoDetect, InParams, InHeader. Default is AutoDetect.
authUrl String: The authorization endpoint of your OAuth2 provider. Required for azuread, okta and generic_oauth providers.
autoLogin Boolean: Log in automatically, skipping the login screen.
clientSecret String: The client secret of your OAuth2 app.
custom Map<String,String>: Custom fields to configure for OAuth2 such as the force_use_graph_api field.
defineAllowedGroups Boolean: Define allowed groups.
defineAllowedTeamsIds Boolean: Define allowed teams ids.
emailAttributeName String: Name of the key to use for user email lookup within the attributes map of OAuth2 ID token. Only applicable to Generic OAuth.
emailAttributePath String: JMESPath expression to use for user email lookup from the user information. Only applicable to Generic OAuth.
emptyScopes Boolean: If enabled, no scopes will be sent to the OAuth2 provider.
enabled Boolean: Define whether this configuration is enabled for the specified provider.
groupsAttributePath String: JMESPath expression to use for user group lookup. If you configure allowed_groups, you must also configure groups_attribute_path.
idTokenAttributeName String: The name of the key used to extract the ID token from the returned OAuth2 token. Only applicable to Generic OAuth.
loginAttributePath String: JMESPath expression to use for user login lookup from the user ID token. Only applicable to Generic OAuth.
name String: Helpful if you use more than one identity providers or SSO protocols.
nameAttributePath String: JMESPath expression to use for user name lookup from the user ID token. This name will be used as the user’s display name. Only applicable to Generic OAuth.
roleAttributePath String: JMESPath expression to use for Grafana role lookup.
roleAttributeStrict Boolean: If enabled, denies user login if the Grafana role cannot be extracted using Role attribute path.
scopes String: List of comma- or space-separated OAuth2 scopes.
signoutRedirectUrl String: The URL to redirect the user to after signing out from Grafana.
skipOrgRoleSync Boolean: Prevent synchronizing users’ organization roles from your IdP.
teamIds String: String list of Team Ids. If set, the user must be a member of one of the given teams to log in. If you configure team_ids, you must also configure teams_url and team_ids_attribute_path.
teamIdsAttributePath String: The JMESPath expression to use for Grafana Team Id lookup within the results returned by the teams_url endpoint. Only applicable to Generic OAuth.
teamsUrl String: The URL used to query for Team Ids. If not set, the default value is /teams. If you configure teams_url, you must also configure team_ids_attribute_path. Only applicable to Generic OAuth.
tlsClientCa String: The path to the trusted certificate authority list. Is not applicable on Grafana Cloud.
tlsClientCert String: The path to the certificate. Is not applicable on Grafana Cloud.
tlsClientKey String: The path to the key. Is not applicable on Grafana Cloud.
tlsSkipVerifyInsecure Boolean: If enabled, the client accepts any certificate presented by the server and any host name in that certificate. You should only use this for testing, because this mode leaves SSL/TLS susceptible to man-in-the-middle attacks.
tokenUrl String: The token endpoint of your OAuth2 provider. Required for azuread, okta and generic_oauth providers.
usePkce Boolean: If enabled, Grafana will use Proof Key for Code Exchange (PKCE) with the OAuth2 Authorization Code Grant.
useRefreshToken Boolean: If enabled, Grafana will fetch a new access token using the refresh token provided by the OAuth2 provider.

clientId string: The client Id of your OAuth2 app.
allowAssignGrafanaAdmin boolean: If enabled, it will automatically sync the Grafana server administrator role.
allowSignUp boolean: If not enabled, only existing Grafana users can log in using OAuth.
allowedDomains string: List of comma- or space-separated domains. The user should belong to at least one domain to log in.
allowedGroups string: List of comma- or space-separated groups. The user should be a member of at least one group to log in. For Generic OAuth, if you configure allowed_groups, you must also configure groups_attribute_path.
allowedOrganizations string: List of comma- or space-separated organizations. The user should be a member of at least one organization to log in.
apiUrl string: The user information endpoint of your OAuth2 provider. Required for azuread, okta and generic_oauth providers.
authStyle string: It determines how client_id and client_secret are sent to Oauth2 provider. Possible values are AutoDetect, InParams, InHeader. Default is AutoDetect.
authUrl string: The authorization endpoint of your OAuth2 provider. Required for azuread, okta and generic_oauth providers.
autoLogin boolean: Log in automatically, skipping the login screen.
clientSecret string: The client secret of your OAuth2 app.
custom {[key: string]: string}: Custom fields to configure for OAuth2 such as the force_use_graph_api field.
defineAllowedGroups boolean: Define allowed groups.
defineAllowedTeamsIds boolean: Define allowed teams ids.
emailAttributeName string: Name of the key to use for user email lookup within the attributes map of OAuth2 ID token. Only applicable to Generic OAuth.
emailAttributePath string: JMESPath expression to use for user email lookup from the user information. Only applicable to Generic OAuth.
emptyScopes boolean: If enabled, no scopes will be sent to the OAuth2 provider.
enabled boolean: Define whether this configuration is enabled for the specified provider.
groupsAttributePath string: JMESPath expression to use for user group lookup. If you configure allowed_groups, you must also configure groups_attribute_path.
idTokenAttributeName string: The name of the key used to extract the ID token from the returned OAuth2 token. Only applicable to Generic OAuth.
loginAttributePath string: JMESPath expression to use for user login lookup from the user ID token. Only applicable to Generic OAuth.
name string: Helpful if you use more than one identity providers or SSO protocols.
nameAttributePath string: JMESPath expression to use for user name lookup from the user ID token. This name will be used as the user’s display name. Only applicable to Generic OAuth.
roleAttributePath string: JMESPath expression to use for Grafana role lookup.
roleAttributeStrict boolean: If enabled, denies user login if the Grafana role cannot be extracted using Role attribute path.
scopes string: List of comma- or space-separated OAuth2 scopes.
signoutRedirectUrl string: The URL to redirect the user to after signing out from Grafana.
skipOrgRoleSync boolean: Prevent synchronizing users’ organization roles from your IdP.
teamIds string: String list of Team Ids. If set, the user must be a member of one of the given teams to log in. If you configure team_ids, you must also configure teams_url and team_ids_attribute_path.
teamIdsAttributePath string: The JMESPath expression to use for Grafana Team Id lookup within the results returned by the teams_url endpoint. Only applicable to Generic OAuth.
teamsUrl string: The URL used to query for Team Ids. If not set, the default value is /teams. If you configure teams_url, you must also configure team_ids_attribute_path. Only applicable to Generic OAuth.
tlsClientCa string: The path to the trusted certificate authority list. Is not applicable on Grafana Cloud.
tlsClientCert string: The path to the certificate. Is not applicable on Grafana Cloud.
tlsClientKey string: The path to the key. Is not applicable on Grafana Cloud.
tlsSkipVerifyInsecure boolean: If enabled, the client accepts any certificate presented by the server and any host name in that certificate. You should only use this for testing, because this mode leaves SSL/TLS susceptible to man-in-the-middle attacks.
tokenUrl string: The token endpoint of your OAuth2 provider. Required for azuread, okta and generic_oauth providers.
usePkce boolean: If enabled, Grafana will use Proof Key for Code Exchange (PKCE) with the OAuth2 Authorization Code Grant.
useRefreshToken boolean: If enabled, Grafana will fetch a new access token using the refresh token provided by the OAuth2 provider.

client_id str: The client Id of your OAuth2 app.
allow_assign_grafana_admin bool: If enabled, it will automatically sync the Grafana server administrator role.
allow_sign_up bool: If not enabled, only existing Grafana users can log in using OAuth.
allowed_domains str: List of comma- or space-separated domains. The user should belong to at least one domain to log in.
allowed_groups str: List of comma- or space-separated groups. The user should be a member of at least one group to log in. For Generic OAuth, if you configure allowed_groups, you must also configure groups_attribute_path.
allowed_organizations str: List of comma- or space-separated organizations. The user should be a member of at least one organization to log in.
api_url str: The user information endpoint of your OAuth2 provider. Required for azuread, okta and generic_oauth providers.
auth_style str: It determines how client_id and client_secret are sent to Oauth2 provider. Possible values are AutoDetect, InParams, InHeader. Default is AutoDetect.
auth_url str: The authorization endpoint of your OAuth2 provider. Required for azuread, okta and generic_oauth providers.
auto_login bool: Log in automatically, skipping the login screen.
client_secret str: The client secret of your OAuth2 app.
custom Mapping[str, str]: Custom fields to configure for OAuth2 such as the force_use_graph_api field.
define_allowed_groups bool: Define allowed groups.
define_allowed_teams_ids bool: Define allowed teams ids.
email_attribute_name str: Name of the key to use for user email lookup within the attributes map of OAuth2 ID token. Only applicable to Generic OAuth.
email_attribute_path str: JMESPath expression to use for user email lookup from the user information. Only applicable to Generic OAuth.
empty_scopes bool: If enabled, no scopes will be sent to the OAuth2 provider.
enabled bool: Define whether this configuration is enabled for the specified provider.
groups_attribute_path str: JMESPath expression to use for user group lookup. If you configure allowed_groups, you must also configure groups_attribute_path.
id_token_attribute_name str: The name of the key used to extract the ID token from the returned OAuth2 token. Only applicable to Generic OAuth.
login_attribute_path str: JMESPath expression to use for user login lookup from the user ID token. Only applicable to Generic OAuth.
name str: Helpful if you use more than one identity providers or SSO protocols.
name_attribute_path str: JMESPath expression to use for user name lookup from the user ID token. This name will be used as the user’s display name. Only applicable to Generic OAuth.
role_attribute_path str: JMESPath expression to use for Grafana role lookup.
role_attribute_strict bool: If enabled, denies user login if the Grafana role cannot be extracted using Role attribute path.
scopes str: List of comma- or space-separated OAuth2 scopes.
signout_redirect_url str: The URL to redirect the user to after signing out from Grafana.
skip_org_role_sync bool: Prevent synchronizing users’ organization roles from your IdP.
team_ids str: String list of Team Ids. If set, the user must be a member of one of the given teams to log in. If you configure team_ids, you must also configure teams_url and team_ids_attribute_path.
team_ids_attribute_path str: The JMESPath expression to use for Grafana Team Id lookup within the results returned by the teams_url endpoint. Only applicable to Generic OAuth.
teams_url str: The URL used to query for Team Ids. If not set, the default value is /teams. If you configure teams_url, you must also configure team_ids_attribute_path. Only applicable to Generic OAuth.
tls_client_ca str: The path to the trusted certificate authority list. Is not applicable on Grafana Cloud.
tls_client_cert str: The path to the certificate. Is not applicable on Grafana Cloud.
tls_client_key str: The path to the key. Is not applicable on Grafana Cloud.
tls_skip_verify_insecure bool: If enabled, the client accepts any certificate presented by the server and any host name in that certificate. You should only use this for testing, because this mode leaves SSL/TLS susceptible to man-in-the-middle attacks.
token_url str: The token endpoint of your OAuth2 provider. Required for azuread, okta and generic_oauth providers.
use_pkce bool: If enabled, Grafana will use Proof Key for Code Exchange (PKCE) with the OAuth2 Authorization Code Grant.
use_refresh_token bool: If enabled, Grafana will fetch a new access token using the refresh token provided by the OAuth2 provider.

clientId String: The client Id of your OAuth2 app.
allowAssignGrafanaAdmin Boolean: If enabled, it will automatically sync the Grafana server administrator role.
allowSignUp Boolean: If not enabled, only existing Grafana users can log in using OAuth.
allowedDomains String: List of comma- or space-separated domains. The user should belong to at least one domain to log in.
allowedGroups String: List of comma- or space-separated groups. The user should be a member of at least one group to log in. For Generic OAuth, if you configure allowed_groups, you must also configure groups_attribute_path.
allowedOrganizations String: List of comma- or space-separated organizations. The user should be a member of at least one organization to log in.
apiUrl String: The user information endpoint of your OAuth2 provider. Required for azuread, okta and generic_oauth providers.
authStyle String: It determines how client_id and client_secret are sent to Oauth2 provider. Possible values are AutoDetect, InParams, InHeader. Default is AutoDetect.
authUrl String: The authorization endpoint of your OAuth2 provider. Required for azuread, okta and generic_oauth providers.
autoLogin Boolean: Log in automatically, skipping the login screen.
clientSecret String: The client secret of your OAuth2 app.
custom Map<String>: Custom fields to configure for OAuth2 such as the force_use_graph_api field.
defineAllowedGroups Boolean: Define allowed groups.
defineAllowedTeamsIds Boolean: Define allowed teams ids.
emailAttributeName String: Name of the key to use for user email lookup within the attributes map of OAuth2 ID token. Only applicable to Generic OAuth.
emailAttributePath String: JMESPath expression to use for user email lookup from the user information. Only applicable to Generic OAuth.
emptyScopes Boolean: If enabled, no scopes will be sent to the OAuth2 provider.
enabled Boolean: Define whether this configuration is enabled for the specified provider.
groupsAttributePath String: JMESPath expression to use for user group lookup. If you configure allowed_groups, you must also configure groups_attribute_path.
idTokenAttributeName String: The name of the key used to extract the ID token from the returned OAuth2 token. Only applicable to Generic OAuth.
loginAttributePath String: JMESPath expression to use for user login lookup from the user ID token. Only applicable to Generic OAuth.
name String: Helpful if you use more than one identity providers or SSO protocols.
nameAttributePath String: JMESPath expression to use for user name lookup from the user ID token. This name will be used as the user’s display name. Only applicable to Generic OAuth.
roleAttributePath String: JMESPath expression to use for Grafana role lookup.
roleAttributeStrict Boolean: If enabled, denies user login if the Grafana role cannot be extracted using Role attribute path.
scopes String: List of comma- or space-separated OAuth2 scopes.
signoutRedirectUrl String: The URL to redirect the user to after signing out from Grafana.
skipOrgRoleSync Boolean: Prevent synchronizing users’ organization roles from your IdP.
teamIds String: String list of Team Ids. If set, the user must be a member of one of the given teams to log in. If you configure team_ids, you must also configure teams_url and team_ids_attribute_path.
teamIdsAttributePath String: The JMESPath expression to use for Grafana Team Id lookup within the results returned by the teams_url endpoint. Only applicable to Generic OAuth.
teamsUrl String: The URL used to query for Team Ids. If not set, the default value is /teams. If you configure teams_url, you must also configure team_ids_attribute_path. Only applicable to Generic OAuth.
tlsClientCa String: The path to the trusted certificate authority list. Is not applicable on Grafana Cloud.
tlsClientCert String: The path to the certificate. Is not applicable on Grafana Cloud.
tlsClientKey String: The path to the key. Is not applicable on Grafana Cloud.
tlsSkipVerifyInsecure Boolean: If enabled, the client accepts any certificate presented by the server and any host name in that certificate. You should only use this for testing, because this mode leaves SSL/TLS susceptible to man-in-the-middle attacks.
tokenUrl String: The token endpoint of your OAuth2 provider. Required for azuread, okta and generic_oauth providers.
usePkce Boolean: If enabled, Grafana will use Proof Key for Code Exchange (PKCE) with the OAuth2 Authorization Code Grant.
useRefreshToken Boolean: If enabled, Grafana will fetch a new access token using the refresh token provided by the OAuth2 provider.

Package Details

Repository: grafana pulumiverse/pulumi-grafana
License: Apache-2.0
Notes: This Pulumi package is based on the grafana Terraform Provider.

Grafana v0.4.2 published on Monday, Apr 15, 2024 by pulumiverse

pulumiverse/pulumi-grafana

grafana.SsoSettings

On this page

On this page

Create SsoSettings Resource

Constructor syntax

Parameters

Example

SsoSettings Resource Properties

Inputs

Outputs

Look up Existing SsoSettings Resource

Supporting Types

SsoSettingsOauth2Settings, SsoSettingsOauth2SettingsArgs

Package Details

On this page

On this page