Docs Home
Keycloak v6.7.0 published on Tuesday, Jul 29, 2025 by Pulumi
keycloak.Organization
Explore with Pulumi AI
Allow for creating and managing Organizations within Keycloak.
Attributes can also be defined on Groups.
Linkage with identity providers is managed with the identity provider resources.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";
const realm = new keycloak.Realm("realm", {
realm: "my-realm",
enabled: true,
});
const _this = new keycloak.Organization("this", {
realm: realm.name,
name: "org",
alias: "org",
enabled: true,
domains: [{
name: "example.com",
}],
});
const thisIdentityProvider = new keycloak.oidc.IdentityProvider("this", {
realm: realm.name,
alias: "my-idp",
authorizationUrl: "https://authorizationurl.com",
clientId: "clientID",
clientSecret: "clientSecret",
tokenUrl: "https://tokenurl.com",
organizationId: _this.id,
orgDomain: "example.com",
orgRedirectModeEmailMatches: true,
});
import pulumi
import pulumi_keycloak as keycloak
realm = keycloak.Realm("realm",
realm="my-realm",
enabled=True)
this = keycloak.Organization("this",
realm=realm.name,
name="org",
alias="org",
enabled=True,
domains=[{
"name": "example.com",
}])
this_identity_provider = keycloak.oidc.IdentityProvider("this",
realm=realm.name,
alias="my-idp",
authorization_url="https://authorizationurl.com",
client_id="clientID",
client_secret="clientSecret",
token_url="https://tokenurl.com",
organization_id=this.id,
org_domain="example.com",
org_redirect_mode_email_matches=True)
package main
import (
"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak"
"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/oidc"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
Realm: pulumi.String("my-realm"),
Enabled: pulumi.Bool(true),
})
if err != nil {
return err
}
this, err := keycloak.NewOrganization(ctx, "this", &keycloak.OrganizationArgs{
Realm: realm.Name,
Name: pulumi.String("org"),
Alias: pulumi.String("org"),
Enabled: pulumi.Bool(true),
Domains: keycloak.OrganizationDomainArray{
&keycloak.OrganizationDomainArgs{
Name: pulumi.String("example.com"),
},
},
})
if err != nil {
return err
}
_, err = oidc.NewIdentityProvider(ctx, "this", &oidc.IdentityProviderArgs{
Realm: realm.Name,
Alias: pulumi.String("my-idp"),
AuthorizationUrl: pulumi.String("https://authorizationurl.com"),
ClientId: pulumi.String("clientID"),
ClientSecret: pulumi.String("clientSecret"),
TokenUrl: pulumi.String("https://tokenurl.com"),
OrganizationId: this.ID(),
OrgDomain: pulumi.String("example.com"),
OrgRedirectModeEmailMatches: pulumi.Bool(true),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Keycloak = Pulumi.Keycloak;
return await Deployment.RunAsync(() =>
{
var realm = new Keycloak.Realm("realm", new()
{
RealmName = "my-realm",
Enabled = true,
});
var @this = new Keycloak.Organization("this", new()
{
Realm = realm.Name,
Name = "org",
Alias = "org",
Enabled = true,
Domains = new[]
{
new Keycloak.Inputs.OrganizationDomainArgs
{
Name = "example.com",
},
},
});
var thisIdentityProvider = new Keycloak.Oidc.IdentityProvider("this", new()
{
Realm = realm.Name,
Alias = "my-idp",
AuthorizationUrl = "https://authorizationurl.com",
ClientId = "clientID",
ClientSecret = "clientSecret",
TokenUrl = "https://tokenurl.com",
OrganizationId = @this.Id,
OrgDomain = "example.com",
OrgRedirectModeEmailMatches = true,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.keycloak.Realm;
import com.pulumi.keycloak.RealmArgs;
import com.pulumi.keycloak.Organization;
import com.pulumi.keycloak.OrganizationArgs;
import com.pulumi.keycloak.inputs.OrganizationDomainArgs;
import com.pulumi.keycloak.oidc.IdentityProvider;
import com.pulumi.keycloak.oidc.IdentityProviderArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var realm = new Realm("realm", RealmArgs.builder()
.realm("my-realm")
.enabled(true)
.build());
var this_ = new Organization("this", OrganizationArgs.builder()
.realm(realm.name())
.name("org")
.alias("org")
.enabled(true)
.domains(OrganizationDomainArgs.builder()
.name("example.com")
.build())
.build());
var thisIdentityProvider = new IdentityProvider("thisIdentityProvider", IdentityProviderArgs.builder()
.realm(realm.name())
.alias("my-idp")
.authorizationUrl("https://authorizationurl.com")
.clientId("clientID")
.clientSecret("clientSecret")
.tokenUrl("https://tokenurl.com")
.organizationId(this_.id())
.orgDomain("example.com")
.orgRedirectModeEmailMatches(true)
.build());
}
}
resources:
realm:
type: keycloak:Realm
properties:
realm: my-realm
enabled: true
this:
type: keycloak:Organization
properties:
realm: ${realm.name}
name: org
alias: org
enabled: true
domains:
- name: example.com
thisIdentityProvider:
type: keycloak:oidc:IdentityProvider
name: this
properties:
realm: ${realm.name}
alias: my-idp
authorizationUrl: https://authorizationurl.com
clientId: clientID
clientSecret: clientSecret
tokenUrl: https://tokenurl.com
organizationId: ${this.id}
orgDomain: example.com
orgRedirectModeEmailMatches: true
Create Organization Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Organization(name: string, args: OrganizationArgs, opts?: CustomResourceOptions);@overload
def Organization(resource_name: str,
args: OrganizationArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Organization(resource_name: str,
opts: Optional[ResourceOptions] = None,
domains: Optional[Sequence[OrganizationDomainArgs]] = None,
realm: Optional[str] = None,
alias: Optional[str] = None,
attributes: Optional[Mapping[str, str]] = None,
description: Optional[str] = None,
enabled: Optional[bool] = None,
name: Optional[str] = None,
redirect_url: Optional[str] = None)func NewOrganization(ctx *Context, name string, args OrganizationArgs, opts ...ResourceOption) (*Organization, error)public Organization(string name, OrganizationArgs args, CustomResourceOptions? opts = null)
public Organization(String name, OrganizationArgs args)
public Organization(String name, OrganizationArgs args, CustomResourceOptions options)
type: keycloak:Organization
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args OrganizationArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args OrganizationArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args OrganizationArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args OrganizationArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args OrganizationArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var organizationResource = new Keycloak.Organization("organizationResource", new()
{
Domains = new[]
{
new Keycloak.Inputs.OrganizationDomainArgs
{
Name = "string",
Verified = false,
},
},
Realm = "string",
Alias = "string",
Attributes =
{
{ "string", "string" },
},
Description = "string",
Enabled = false,
Name = "string",
RedirectUrl = "string",
});
example, err := keycloak.NewOrganization(ctx, "organizationResource", &keycloak.OrganizationArgs{
Domains: keycloak.OrganizationDomainArray{
&keycloak.OrganizationDomainArgs{
Name: pulumi.String("string"),
Verified: pulumi.Bool(false),
},
},
Realm: pulumi.String("string"),
Alias: pulumi.String("string"),
Attributes: pulumi.StringMap{
"string": pulumi.String("string"),
},
Description: pulumi.String("string"),
Enabled: pulumi.Bool(false),
Name: pulumi.String("string"),
RedirectUrl: pulumi.String("string"),
})
var organizationResource = new Organization("organizationResource", OrganizationArgs.builder()
.domains(OrganizationDomainArgs.builder()
.name("string")
.verified(false)
.build())
.realm("string")
.alias("string")
.attributes(Map.of("string", "string"))
.description("string")
.enabled(false)
.name("string")
.redirectUrl("string")
.build());
organization_resource = keycloak.Organization("organizationResource",
domains=[{
"name": "string",
"verified": False,
}],
realm="string",
alias="string",
attributes={
"string": "string",
},
description="string",
enabled=False,
name="string",
redirect_url="string")
const organizationResource = new keycloak.Organization("organizationResource", {
domains: [{
name: "string",
verified: false,
}],
realm: "string",
alias: "string",
attributes: {
string: "string",
},
description: "string",
enabled: false,
name: "string",
redirectUrl: "string",
});
type: keycloak:Organization
properties:
alias: string
attributes:
string: string
description: string
domains:
- name: string
verified: false
enabled: false
name: string
realm: string
redirectUrl: string
Organization Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Organization resource accepts the following input properties:
- Domains
List<Organization
Domain> - A list of domains. At least one domain is required.
- Realm string
- The realm this organization exists in.
- Alias string
- The alias unique identifies the organization. Same as the name if not specified. The alias cannot be changed after the organization has been created.
- Attributes Dictionary<string, string>
- A map representing attributes for the group. In order to add multivalued attributes, use
##to separate the values. Max length for each value is 255 chars. - Description string
- The description of the organization.
- Enabled bool
- Enable/disable this organization.
- Name string
- The name of the organization.
- Redirect
Url string - The landing page after user completes registration or accepts an invitation to the organization. If left empty, the user will be redirected to the account console by default.
- Domains
[]Organization
Domain Args - A list of domains. At least one domain is required.
- Realm string
- The realm this organization exists in.
- Alias string
- The alias unique identifies the organization. Same as the name if not specified. The alias cannot be changed after the organization has been created.
- Attributes map[string]string
- A map representing attributes for the group. In order to add multivalued attributes, use
##to separate the values. Max length for each value is 255 chars. - Description string
- The description of the organization.
- Enabled bool
- Enable/disable this organization.
- Name string
- The name of the organization.
- Redirect
Url string - The landing page after user completes registration or accepts an invitation to the organization. If left empty, the user will be redirected to the account console by default.
- domains
List<Organization
Domain> - A list of domains. At least one domain is required.
- realm String
- The realm this organization exists in.
- alias String
- The alias unique identifies the organization. Same as the name if not specified. The alias cannot be changed after the organization has been created.
- attributes Map<String,String>
- A map representing attributes for the group. In order to add multivalued attributes, use
##to separate the values. Max length for each value is 255 chars. - description String
- The description of the organization.
- enabled Boolean
- Enable/disable this organization.
- name String
- The name of the organization.
- redirect
Url String - The landing page after user completes registration or accepts an invitation to the organization. If left empty, the user will be redirected to the account console by default.
- domains
Organization
Domain[] - A list of domains. At least one domain is required.
- realm string
- The realm this organization exists in.
- alias string
- The alias unique identifies the organization. Same as the name if not specified. The alias cannot be changed after the organization has been created.
- attributes {[key: string]: string}
- A map representing attributes for the group. In order to add multivalued attributes, use
##to separate the values. Max length for each value is 255 chars. - description string
- The description of the organization.
- enabled boolean
- Enable/disable this organization.
- name string
- The name of the organization.
- redirect
Url string - The landing page after user completes registration or accepts an invitation to the organization. If left empty, the user will be redirected to the account console by default.
- domains
Sequence[Organization
Domain Args] - A list of domains. At least one domain is required.
- realm str
- The realm this organization exists in.
- alias str
- The alias unique identifies the organization. Same as the name if not specified. The alias cannot be changed after the organization has been created.
- attributes Mapping[str, str]
- A map representing attributes for the group. In order to add multivalued attributes, use
##to separate the values. Max length for each value is 255 chars. - description str
- The description of the organization.
- enabled bool
- Enable/disable this organization.
- name str
- The name of the organization.
- redirect_
url str - The landing page after user completes registration or accepts an invitation to the organization. If left empty, the user will be redirected to the account console by default.
- domains List<Property Map>
- A list of domains. At least one domain is required.
- realm String
- The realm this organization exists in.
- alias String
- The alias unique identifies the organization. Same as the name if not specified. The alias cannot be changed after the organization has been created.
- attributes Map<String>
- A map representing attributes for the group. In order to add multivalued attributes, use
##to separate the values. Max length for each value is 255 chars. - description String
- The description of the organization.
- enabled Boolean
- Enable/disable this organization.
- name String
- The name of the organization.
- redirect
Url String - The landing page after user completes registration or accepts an invitation to the organization. If left empty, the user will be redirected to the account console by default.
Outputs
All input properties are implicitly available as output properties. Additionally, the Organization resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing Organization Resource
Get an existing Organization resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: OrganizationState, opts?: CustomResourceOptions): Organization@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
alias: Optional[str] = None,
attributes: Optional[Mapping[str, str]] = None,
description: Optional[str] = None,
domains: Optional[Sequence[OrganizationDomainArgs]] = None,
enabled: Optional[bool] = None,
name: Optional[str] = None,
realm: Optional[str] = None,
redirect_url: Optional[str] = None) -> Organizationfunc GetOrganization(ctx *Context, name string, id IDInput, state *OrganizationState, opts ...ResourceOption) (*Organization, error)public static Organization Get(string name, Input<string> id, OrganizationState? state, CustomResourceOptions? opts = null)public static Organization get(String name, Output<String> id, OrganizationState state, CustomResourceOptions options)resources: _: type: keycloak:Organization get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Alias string
- The alias unique identifies the organization. Same as the name if not specified. The alias cannot be changed after the organization has been created.
- Attributes Dictionary<string, string>
- A map representing attributes for the group. In order to add multivalued attributes, use
##to separate the values. Max length for each value is 255 chars. - Description string
- The description of the organization.
- Domains
List<Organization
Domain> - A list of domains. At least one domain is required.
- Enabled bool
- Enable/disable this organization.
- Name string
- The name of the organization.
- Realm string
- The realm this organization exists in.
- Redirect
Url string - The landing page after user completes registration or accepts an invitation to the organization. If left empty, the user will be redirected to the account console by default.
- Alias string
- The alias unique identifies the organization. Same as the name if not specified. The alias cannot be changed after the organization has been created.
- Attributes map[string]string
- A map representing attributes for the group. In order to add multivalued attributes, use
##to separate the values. Max length for each value is 255 chars. - Description string
- The description of the organization.
- Domains
[]Organization
Domain Args - A list of domains. At least one domain is required.
- Enabled bool
- Enable/disable this organization.
- Name string
- The name of the organization.
- Realm string
- The realm this organization exists in.
- Redirect
Url string - The landing page after user completes registration or accepts an invitation to the organization. If left empty, the user will be redirected to the account console by default.
- alias String
- The alias unique identifies the organization. Same as the name if not specified. The alias cannot be changed after the organization has been created.
- attributes Map<String,String>
- A map representing attributes for the group. In order to add multivalued attributes, use
##to separate the values. Max length for each value is 255 chars. - description String
- The description of the organization.
- domains
List<Organization
Domain> - A list of domains. At least one domain is required.
- enabled Boolean
- Enable/disable this organization.
- name String
- The name of the organization.
- realm String
- The realm this organization exists in.
- redirect
Url String - The landing page after user completes registration or accepts an invitation to the organization. If left empty, the user will be redirected to the account console by default.
- alias string
- The alias unique identifies the organization. Same as the name if not specified. The alias cannot be changed after the organization has been created.
- attributes {[key: string]: string}
- A map representing attributes for the group. In order to add multivalued attributes, use
##to separate the values. Max length for each value is 255 chars. - description string
- The description of the organization.
- domains
Organization
Domain[] - A list of domains. At least one domain is required.
- enabled boolean
- Enable/disable this organization.
- name string
- The name of the organization.
- realm string
- The realm this organization exists in.
- redirect
Url string - The landing page after user completes registration or accepts an invitation to the organization. If left empty, the user will be redirected to the account console by default.
- alias str
- The alias unique identifies the organization. Same as the name if not specified. The alias cannot be changed after the organization has been created.
- attributes Mapping[str, str]
- A map representing attributes for the group. In order to add multivalued attributes, use
##to separate the values. Max length for each value is 255 chars. - description str
- The description of the organization.
- domains
Sequence[Organization
Domain Args] - A list of domains. At least one domain is required.
- enabled bool
- Enable/disable this organization.
- name str
- The name of the organization.
- realm str
- The realm this organization exists in.
- redirect_
url str - The landing page after user completes registration or accepts an invitation to the organization. If left empty, the user will be redirected to the account console by default.
- alias String
- The alias unique identifies the organization. Same as the name if not specified. The alias cannot be changed after the organization has been created.
- attributes Map<String>
- A map representing attributes for the group. In order to add multivalued attributes, use
##to separate the values. Max length for each value is 255 chars. - description String
- The description of the organization.
- domains List<Property Map>
- A list of domains. At least one domain is required.
- enabled Boolean
- Enable/disable this organization.
- name String
- The name of the organization.
- realm String
- The realm this organization exists in.
- redirect
Url String - The landing page after user completes registration or accepts an invitation to the organization. If left empty, the user will be redirected to the account console by default.
Supporting Types
OrganizationDomain, OrganizationDomainArgs
Import
Organizations can be imported using the format {{realm_id}}/{{organization_id}}, where organization_id is the unique ID that Keycloak
assigns to the organizations upon creation. This value can be found in the URI when editing this organization in the GUI, and is typically a GUID.
Example:
bash
$ pulumi import keycloak:index/organization:Organization this my-realm/cec54914-b702-4c7b-9431-b407817d059a
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Keycloak pulumi/pulumi-keycloak
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
keycloakTerraform Provider.