Docs Home
MongoDB Atlas v3.31.0 published on Tuesday, May 6, 2025 by Pulumi
mongodbatlas.FederatedSettingsIdentityProvider
Explore with Pulumi AI
# Resource: mongodbatlas.FederatedSettingsIdentityProvider
mongodbatlas.FederatedSettingsIdentityProvider provides an Atlas federated settings identity provider resource provides a subset of settings to be maintained post import of the existing resource.
Example Usage
IMPORTANT If you want to use a SAML Identity Provider, you MUST import this resource before you can manage it with this provider.
SAML IdP:
import * as pulumi from "@pulumi/pulumi";
import * as mongodbatlas from "@pulumi/mongodbatlas";
const identityProvider = new mongodbatlas.FederatedSettingsIdentityProvider("identity_provider", {
federationSettingsId: "627a9687f7f7f7f774de306f14",
name: "mongodb_federation_test",
associatedDomains: ["yourdomain.com"],
ssoDebugEnabled: true,
status: "ACTIVE",
ssoUrl: "https://mysso.oktapreview.com/app/mysso_terraformtestsso/exk17q7f7f7f7f50h8/sso/saml",
issuerUri: "http://www.okta.com/exk17q7f7f7f7fp50h8",
requestBinding: "HTTP-POST",
responseSignatureAlgorithm: "SHA-256",
});
import pulumi
import pulumi_mongodbatlas as mongodbatlas
identity_provider = mongodbatlas.FederatedSettingsIdentityProvider("identity_provider",
federation_settings_id="627a9687f7f7f7f774de306f14",
name="mongodb_federation_test",
associated_domains=["yourdomain.com"],
sso_debug_enabled=True,
status="ACTIVE",
sso_url="https://mysso.oktapreview.com/app/mysso_terraformtestsso/exk17q7f7f7f7f50h8/sso/saml",
issuer_uri="http://www.okta.com/exk17q7f7f7f7fp50h8",
request_binding="HTTP-POST",
response_signature_algorithm="SHA-256")
package main
import (
"github.com/pulumi/pulumi-mongodbatlas/sdk/v3/go/mongodbatlas"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := mongodbatlas.NewFederatedSettingsIdentityProvider(ctx, "identity_provider", &mongodbatlas.FederatedSettingsIdentityProviderArgs{
FederationSettingsId: pulumi.String("627a9687f7f7f7f774de306f14"),
Name: pulumi.String("mongodb_federation_test"),
AssociatedDomains: pulumi.StringArray{
pulumi.String("yourdomain.com"),
},
SsoDebugEnabled: pulumi.Bool(true),
Status: pulumi.String("ACTIVE"),
SsoUrl: pulumi.String("https://mysso.oktapreview.com/app/mysso_terraformtestsso/exk17q7f7f7f7f50h8/sso/saml"),
IssuerUri: pulumi.String("http://www.okta.com/exk17q7f7f7f7fp50h8"),
RequestBinding: pulumi.String("HTTP-POST"),
ResponseSignatureAlgorithm: pulumi.String("SHA-256"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Mongodbatlas = Pulumi.Mongodbatlas;
return await Deployment.RunAsync(() =>
{
var identityProvider = new Mongodbatlas.FederatedSettingsIdentityProvider("identity_provider", new()
{
FederationSettingsId = "627a9687f7f7f7f774de306f14",
Name = "mongodb_federation_test",
AssociatedDomains = new[]
{
"yourdomain.com",
},
SsoDebugEnabled = true,
Status = "ACTIVE",
SsoUrl = "https://mysso.oktapreview.com/app/mysso_terraformtestsso/exk17q7f7f7f7f50h8/sso/saml",
IssuerUri = "http://www.okta.com/exk17q7f7f7f7fp50h8",
RequestBinding = "HTTP-POST",
ResponseSignatureAlgorithm = "SHA-256",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.mongodbatlas.FederatedSettingsIdentityProvider;
import com.pulumi.mongodbatlas.FederatedSettingsIdentityProviderArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var identityProvider = new FederatedSettingsIdentityProvider("identityProvider", FederatedSettingsIdentityProviderArgs.builder()
.federationSettingsId("627a9687f7f7f7f774de306f14")
.name("mongodb_federation_test")
.associatedDomains("yourdomain.com")
.ssoDebugEnabled(true)
.status("ACTIVE")
.ssoUrl("https://mysso.oktapreview.com/app/mysso_terraformtestsso/exk17q7f7f7f7f50h8/sso/saml")
.issuerUri("http://www.okta.com/exk17q7f7f7f7fp50h8")
.requestBinding("HTTP-POST")
.responseSignatureAlgorithm("SHA-256")
.build());
}
}
resources:
identityProvider:
type: mongodbatlas:FederatedSettingsIdentityProvider
name: identity_provider
properties:
federationSettingsId: 627a9687f7f7f7f774de306f14
name: mongodb_federation_test
associatedDomains:
- yourdomain.com
ssoDebugEnabled: true
status: ACTIVE
ssoUrl: https://mysso.oktapreview.com/app/mysso_terraformtestsso/exk17q7f7f7f7f50h8/sso/saml
issuerUri: http://www.okta.com/exk17q7f7f7f7fp50h8
requestBinding: HTTP-POST
responseSignatureAlgorithm: SHA-256
OIDC IdP:
import * as pulumi from "@pulumi/pulumi";
import * as mongodbatlas from "@pulumi/mongodbatlas";
const oidc = new mongodbatlas.FederatedSettingsIdentityProvider("oidc", {
federationSettingsId: _this.id,
audience: tokenAudience,
authorizationType: "USER",
description: "oidc",
issuerUri: `https://sts.windows.net/${thisAzurermUserAssignedIdentity.tenantId}/`,
idpType: "WORKLOAD",
name: "OIDC-for-azure",
protocol: "OIDC",
userClaim: "sub",
});
import pulumi
import pulumi_mongodbatlas as mongodbatlas
oidc = mongodbatlas.FederatedSettingsIdentityProvider("oidc",
federation_settings_id=this["id"],
audience=token_audience,
authorization_type="USER",
description="oidc",
issuer_uri=f"https://sts.windows.net/{this_azurerm_user_assigned_identity['tenantId']}/",
idp_type="WORKLOAD",
name="OIDC-for-azure",
protocol="OIDC",
user_claim="sub")
package main
import (
"fmt"
"github.com/pulumi/pulumi-mongodbatlas/sdk/v3/go/mongodbatlas"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := mongodbatlas.NewFederatedSettingsIdentityProvider(ctx, "oidc", &mongodbatlas.FederatedSettingsIdentityProviderArgs{
FederationSettingsId: pulumi.Any(this.Id),
Audience: pulumi.Any(tokenAudience),
AuthorizationType: pulumi.String("USER"),
Description: pulumi.String("oidc"),
IssuerUri: pulumi.Sprintf("https://sts.windows.net/%v/", thisAzurermUserAssignedIdentity.TenantId),
IdpType: pulumi.String("WORKLOAD"),
Name: pulumi.String("OIDC-for-azure"),
Protocol: pulumi.String("OIDC"),
UserClaim: pulumi.String("sub"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Mongodbatlas = Pulumi.Mongodbatlas;
return await Deployment.RunAsync(() =>
{
var oidc = new Mongodbatlas.FederatedSettingsIdentityProvider("oidc", new()
{
FederationSettingsId = @this.Id,
Audience = tokenAudience,
AuthorizationType = "USER",
Description = "oidc",
IssuerUri = $"https://sts.windows.net/{thisAzurermUserAssignedIdentity.TenantId}/",
IdpType = "WORKLOAD",
Name = "OIDC-for-azure",
Protocol = "OIDC",
UserClaim = "sub",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.mongodbatlas.FederatedSettingsIdentityProvider;
import com.pulumi.mongodbatlas.FederatedSettingsIdentityProviderArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var oidc = new FederatedSettingsIdentityProvider("oidc", FederatedSettingsIdentityProviderArgs.builder()
.federationSettingsId(this_.id())
.audience(tokenAudience)
.authorizationType("USER")
.description("oidc")
.issuerUri(String.format("https://sts.windows.net/%s/", thisAzurermUserAssignedIdentity.tenantId()))
.idpType("WORKLOAD")
.name("OIDC-for-azure")
.protocol("OIDC")
.userClaim("sub")
.build());
}
}
resources:
oidc:
type: mongodbatlas:FederatedSettingsIdentityProvider
properties:
federationSettingsId: ${this.id}
audience: ${tokenAudience}
authorizationType: USER
description: oidc
issuerUri: https://sts.windows.net/${thisAzurermUserAssignedIdentity.tenantId}/
idpType: WORKLOAD
name: OIDC-for-azure
protocol: OIDC
userClaim: sub
Create FederatedSettingsIdentityProvider Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new FederatedSettingsIdentityProvider(name: string, args: FederatedSettingsIdentityProviderArgs, opts?: CustomResourceOptions);@overload
def FederatedSettingsIdentityProvider(resource_name: str,
args: FederatedSettingsIdentityProviderArgs,
opts: Optional[ResourceOptions] = None)
@overload
def FederatedSettingsIdentityProvider(resource_name: str,
opts: Optional[ResourceOptions] = None,
federation_settings_id: Optional[str] = None,
issuer_uri: Optional[str] = None,
description: Optional[str] = None,
name: Optional[str] = None,
associated_domains: Optional[Sequence[str]] = None,
authorization_type: Optional[str] = None,
groups_claim: Optional[str] = None,
idp_type: Optional[str] = None,
audience: Optional[str] = None,
client_id: Optional[str] = None,
protocol: Optional[str] = None,
request_binding: Optional[str] = None,
requested_scopes: Optional[Sequence[str]] = None,
response_signature_algorithm: Optional[str] = None,
sso_debug_enabled: Optional[bool] = None,
sso_url: Optional[str] = None,
status: Optional[str] = None,
user_claim: Optional[str] = None)func NewFederatedSettingsIdentityProvider(ctx *Context, name string, args FederatedSettingsIdentityProviderArgs, opts ...ResourceOption) (*FederatedSettingsIdentityProvider, error)public FederatedSettingsIdentityProvider(string name, FederatedSettingsIdentityProviderArgs args, CustomResourceOptions? opts = null)
public FederatedSettingsIdentityProvider(String name, FederatedSettingsIdentityProviderArgs args)
public FederatedSettingsIdentityProvider(String name, FederatedSettingsIdentityProviderArgs args, CustomResourceOptions options)
type: mongodbatlas:FederatedSettingsIdentityProvider
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args FederatedSettingsIdentityProviderArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args FederatedSettingsIdentityProviderArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args FederatedSettingsIdentityProviderArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args FederatedSettingsIdentityProviderArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args FederatedSettingsIdentityProviderArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var federatedSettingsIdentityProviderResource = new Mongodbatlas.FederatedSettingsIdentityProvider("federatedSettingsIdentityProviderResource", new()
{
FederationSettingsId = "string",
IssuerUri = "string",
Description = "string",
Name = "string",
AssociatedDomains = new[]
{
"string",
},
AuthorizationType = "string",
GroupsClaim = "string",
IdpType = "string",
Audience = "string",
ClientId = "string",
Protocol = "string",
RequestBinding = "string",
RequestedScopes = new[]
{
"string",
},
ResponseSignatureAlgorithm = "string",
SsoDebugEnabled = false,
SsoUrl = "string",
Status = "string",
UserClaim = "string",
});
example, err := mongodbatlas.NewFederatedSettingsIdentityProvider(ctx, "federatedSettingsIdentityProviderResource", &mongodbatlas.FederatedSettingsIdentityProviderArgs{
FederationSettingsId: pulumi.String("string"),
IssuerUri: pulumi.String("string"),
Description: pulumi.String("string"),
Name: pulumi.String("string"),
AssociatedDomains: pulumi.StringArray{
pulumi.String("string"),
},
AuthorizationType: pulumi.String("string"),
GroupsClaim: pulumi.String("string"),
IdpType: pulumi.String("string"),
Audience: pulumi.String("string"),
ClientId: pulumi.String("string"),
Protocol: pulumi.String("string"),
RequestBinding: pulumi.String("string"),
RequestedScopes: pulumi.StringArray{
pulumi.String("string"),
},
ResponseSignatureAlgorithm: pulumi.String("string"),
SsoDebugEnabled: pulumi.Bool(false),
SsoUrl: pulumi.String("string"),
Status: pulumi.String("string"),
UserClaim: pulumi.String("string"),
})
var federatedSettingsIdentityProviderResource = new FederatedSettingsIdentityProvider("federatedSettingsIdentityProviderResource", FederatedSettingsIdentityProviderArgs.builder()
.federationSettingsId("string")
.issuerUri("string")
.description("string")
.name("string")
.associatedDomains("string")
.authorizationType("string")
.groupsClaim("string")
.idpType("string")
.audience("string")
.clientId("string")
.protocol("string")
.requestBinding("string")
.requestedScopes("string")
.responseSignatureAlgorithm("string")
.ssoDebugEnabled(false)
.ssoUrl("string")
.status("string")
.userClaim("string")
.build());
federated_settings_identity_provider_resource = mongodbatlas.FederatedSettingsIdentityProvider("federatedSettingsIdentityProviderResource",
federation_settings_id="string",
issuer_uri="string",
description="string",
name="string",
associated_domains=["string"],
authorization_type="string",
groups_claim="string",
idp_type="string",
audience="string",
client_id="string",
protocol="string",
request_binding="string",
requested_scopes=["string"],
response_signature_algorithm="string",
sso_debug_enabled=False,
sso_url="string",
status="string",
user_claim="string")
const federatedSettingsIdentityProviderResource = new mongodbatlas.FederatedSettingsIdentityProvider("federatedSettingsIdentityProviderResource", {
federationSettingsId: "string",
issuerUri: "string",
description: "string",
name: "string",
associatedDomains: ["string"],
authorizationType: "string",
groupsClaim: "string",
idpType: "string",
audience: "string",
clientId: "string",
protocol: "string",
requestBinding: "string",
requestedScopes: ["string"],
responseSignatureAlgorithm: "string",
ssoDebugEnabled: false,
ssoUrl: "string",
status: "string",
userClaim: "string",
});
type: mongodbatlas:FederatedSettingsIdentityProvider
properties:
associatedDomains:
- string
audience: string
authorizationType: string
clientId: string
description: string
federationSettingsId: string
groupsClaim: string
idpType: string
issuerUri: string
name: string
protocol: string
requestBinding: string
requestedScopes:
- string
responseSignatureAlgorithm: string
ssoDebugEnabled: false
ssoUrl: string
status: string
userClaim: string
FederatedSettingsIdentityProvider Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The FederatedSettingsIdentityProvider resource accepts the following input properties:
- Federation
Settings stringId - Unique 24-hexadecimal digit string that identifies the federated authentication configuration.
- Issuer
Uri string - Unique string that identifies the issuer of the IdP.
- Associated
Domains List<string> - List that contains the domains associated with the identity provider.
- Audience string
- Identifier of the intended recipient of the token used in OIDC IdP.
- string
- Indicates whether authorization is granted based on group membership or user ID. Valid values are
GROUPorUSER. - Client
Id string - Client identifier that is assigned to an application by the OIDC Identity Provider.
- Description string
- The description of the identity provider.
- Groups
Claim string - Identifier of the claim which contains OIDC IdP Group IDs in the token.
- Idp
Type string - Name string
- Human-readable label that identifies the identity provider.
- Protocol string
- The protocol of the identity provider. Either
SAMLorOIDC. - Request
Binding string - SAML Authentication Request Protocol HTTP method binding (
POSTorREDIRECT) that Federated Authentication uses to send the authentication request. Atlas supports the following binding values:- HTTP POST
- HTTP REDIRECT
- Requested
Scopes List<string> - Scopes that MongoDB applications will request from the authorization endpoint used for OIDC IdPs.
- Response
Signature stringAlgorithm - Signature algorithm that Federated Authentication uses to encrypt the identity provider signature. Valid values include
SHA-1andSHA-256. - Sso
Debug boolEnabled - Flag that indicates whether the identity provider has SSO debug enabled.
- Sso
Url string - Unique string that identifies the intended audience of the SAML assertion.
- Status string
- String enum that indicates whether the identity provider is active or not. Accepted values are ACTIVE or INACTIVE.
- User
Claim string - Identifier of the claim which contains the user ID in the token used for OIDC IdPs. userClaim is required for OIDC IdP with authorizationType GROUP and USER.
- Federation
Settings stringId - Unique 24-hexadecimal digit string that identifies the federated authentication configuration.
- Issuer
Uri string - Unique string that identifies the issuer of the IdP.
- Associated
Domains []string - List that contains the domains associated with the identity provider.
- Audience string
- Identifier of the intended recipient of the token used in OIDC IdP.
- string
- Indicates whether authorization is granted based on group membership or user ID. Valid values are
GROUPorUSER. - Client
Id string - Client identifier that is assigned to an application by the OIDC Identity Provider.
- Description string
- The description of the identity provider.
- Groups
Claim string - Identifier of the claim which contains OIDC IdP Group IDs in the token.
- Idp
Type string - Name string
- Human-readable label that identifies the identity provider.
- Protocol string
- The protocol of the identity provider. Either
SAMLorOIDC. - Request
Binding string - SAML Authentication Request Protocol HTTP method binding (
POSTorREDIRECT) that Federated Authentication uses to send the authentication request. Atlas supports the following binding values:- HTTP POST
- HTTP REDIRECT
- Requested
Scopes []string - Scopes that MongoDB applications will request from the authorization endpoint used for OIDC IdPs.
- Response
Signature stringAlgorithm - Signature algorithm that Federated Authentication uses to encrypt the identity provider signature. Valid values include
SHA-1andSHA-256. - Sso
Debug boolEnabled - Flag that indicates whether the identity provider has SSO debug enabled.
- Sso
Url string - Unique string that identifies the intended audience of the SAML assertion.
- Status string
- String enum that indicates whether the identity provider is active or not. Accepted values are ACTIVE or INACTIVE.
- User
Claim string - Identifier of the claim which contains the user ID in the token used for OIDC IdPs. userClaim is required for OIDC IdP with authorizationType GROUP and USER.
- federation
Settings StringId - Unique 24-hexadecimal digit string that identifies the federated authentication configuration.
- issuer
Uri String - Unique string that identifies the issuer of the IdP.
- associated
Domains List<String> - List that contains the domains associated with the identity provider.
- audience String
- Identifier of the intended recipient of the token used in OIDC IdP.
- String
- Indicates whether authorization is granted based on group membership or user ID. Valid values are
GROUPorUSER. - client
Id String - Client identifier that is assigned to an application by the OIDC Identity Provider.
- description String
- The description of the identity provider.
- groups
Claim String - Identifier of the claim which contains OIDC IdP Group IDs in the token.
- idp
Type String - name String
- Human-readable label that identifies the identity provider.
- protocol String
- The protocol of the identity provider. Either
SAMLorOIDC. - request
Binding String - SAML Authentication Request Protocol HTTP method binding (
POSTorREDIRECT) that Federated Authentication uses to send the authentication request. Atlas supports the following binding values:- HTTP POST
- HTTP REDIRECT
- requested
Scopes List<String> - Scopes that MongoDB applications will request from the authorization endpoint used for OIDC IdPs.
- response
Signature StringAlgorithm - Signature algorithm that Federated Authentication uses to encrypt the identity provider signature. Valid values include
SHA-1andSHA-256. - sso
Debug BooleanEnabled - Flag that indicates whether the identity provider has SSO debug enabled.
- sso
Url String - Unique string that identifies the intended audience of the SAML assertion.
- status String
- String enum that indicates whether the identity provider is active or not. Accepted values are ACTIVE or INACTIVE.
- user
Claim String - Identifier of the claim which contains the user ID in the token used for OIDC IdPs. userClaim is required for OIDC IdP with authorizationType GROUP and USER.
- federation
Settings stringId - Unique 24-hexadecimal digit string that identifies the federated authentication configuration.
- issuer
Uri string - Unique string that identifies the issuer of the IdP.
- associated
Domains string[] - List that contains the domains associated with the identity provider.
- audience string
- Identifier of the intended recipient of the token used in OIDC IdP.
- string
- Indicates whether authorization is granted based on group membership or user ID. Valid values are
GROUPorUSER. - client
Id string - Client identifier that is assigned to an application by the OIDC Identity Provider.
- description string
- The description of the identity provider.
- groups
Claim string - Identifier of the claim which contains OIDC IdP Group IDs in the token.
- idp
Type string - name string
- Human-readable label that identifies the identity provider.
- protocol string
- The protocol of the identity provider. Either
SAMLorOIDC. - request
Binding string - SAML Authentication Request Protocol HTTP method binding (
POSTorREDIRECT) that Federated Authentication uses to send the authentication request. Atlas supports the following binding values:- HTTP POST
- HTTP REDIRECT
- requested
Scopes string[] - Scopes that MongoDB applications will request from the authorization endpoint used for OIDC IdPs.
- response
Signature stringAlgorithm - Signature algorithm that Federated Authentication uses to encrypt the identity provider signature. Valid values include
SHA-1andSHA-256. - sso
Debug booleanEnabled - Flag that indicates whether the identity provider has SSO debug enabled.
- sso
Url string - Unique string that identifies the intended audience of the SAML assertion.
- status string
- String enum that indicates whether the identity provider is active or not. Accepted values are ACTIVE or INACTIVE.
- user
Claim string - Identifier of the claim which contains the user ID in the token used for OIDC IdPs. userClaim is required for OIDC IdP with authorizationType GROUP and USER.
- federation_
settings_ strid - Unique 24-hexadecimal digit string that identifies the federated authentication configuration.
- issuer_
uri str - Unique string that identifies the issuer of the IdP.
- associated_
domains Sequence[str] - List that contains the domains associated with the identity provider.
- audience str
- Identifier of the intended recipient of the token used in OIDC IdP.
- str
- Indicates whether authorization is granted based on group membership or user ID. Valid values are
GROUPorUSER. - client_
id str - Client identifier that is assigned to an application by the OIDC Identity Provider.
- description str
- The description of the identity provider.
- groups_
claim str - Identifier of the claim which contains OIDC IdP Group IDs in the token.
- idp_
type str - name str
- Human-readable label that identifies the identity provider.
- protocol str
- The protocol of the identity provider. Either
SAMLorOIDC. - request_
binding str - SAML Authentication Request Protocol HTTP method binding (
POSTorREDIRECT) that Federated Authentication uses to send the authentication request. Atlas supports the following binding values:- HTTP POST
- HTTP REDIRECT
- requested_
scopes Sequence[str] - Scopes that MongoDB applications will request from the authorization endpoint used for OIDC IdPs.
- response_
signature_ stralgorithm - Signature algorithm that Federated Authentication uses to encrypt the identity provider signature. Valid values include
SHA-1andSHA-256. - sso_
debug_ boolenabled - Flag that indicates whether the identity provider has SSO debug enabled.
- sso_
url str - Unique string that identifies the intended audience of the SAML assertion.
- status str
- String enum that indicates whether the identity provider is active or not. Accepted values are ACTIVE or INACTIVE.
- user_
claim str - Identifier of the claim which contains the user ID in the token used for OIDC IdPs. userClaim is required for OIDC IdP with authorizationType GROUP and USER.
- federation
Settings StringId - Unique 24-hexadecimal digit string that identifies the federated authentication configuration.
- issuer
Uri String - Unique string that identifies the issuer of the IdP.
- associated
Domains List<String> - List that contains the domains associated with the identity provider.
- audience String
- Identifier of the intended recipient of the token used in OIDC IdP.
- String
- Indicates whether authorization is granted based on group membership or user ID. Valid values are
GROUPorUSER. - client
Id String - Client identifier that is assigned to an application by the OIDC Identity Provider.
- description String
- The description of the identity provider.
- groups
Claim String - Identifier of the claim which contains OIDC IdP Group IDs in the token.
- idp
Type String - name String
- Human-readable label that identifies the identity provider.
- protocol String
- The protocol of the identity provider. Either
SAMLorOIDC. - request
Binding String - SAML Authentication Request Protocol HTTP method binding (
POSTorREDIRECT) that Federated Authentication uses to send the authentication request. Atlas supports the following binding values:- HTTP POST
- HTTP REDIRECT
- requested
Scopes List<String> - Scopes that MongoDB applications will request from the authorization endpoint used for OIDC IdPs.
- response
Signature StringAlgorithm - Signature algorithm that Federated Authentication uses to encrypt the identity provider signature. Valid values include
SHA-1andSHA-256. - sso
Debug BooleanEnabled - Flag that indicates whether the identity provider has SSO debug enabled.
- sso
Url String - Unique string that identifies the intended audience of the SAML assertion.
- status String
- String enum that indicates whether the identity provider is active or not. Accepted values are ACTIVE or INACTIVE.
- user
Claim String - Identifier of the claim which contains the user ID in the token used for OIDC IdPs. userClaim is required for OIDC IdP with authorizationType GROUP and USER.
Outputs
All input properties are implicitly available as output properties. Additionally, the FederatedSettingsIdentityProvider resource produces the following output properties:
- id str
- The provider-assigned unique ID for this managed resource.
- idp_
id str - Unique 24-hexadecimal digit string that identifies the IdP.
- okta_
idp_ strid - Unique 20-hexadecimal digit string that identifies the IdP.
Look up Existing FederatedSettingsIdentityProvider Resource
Get an existing FederatedSettingsIdentityProvider resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: FederatedSettingsIdentityProviderState, opts?: CustomResourceOptions): FederatedSettingsIdentityProvider@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
associated_domains: Optional[Sequence[str]] = None,
audience: Optional[str] = None,
authorization_type: Optional[str] = None,
client_id: Optional[str] = None,
description: Optional[str] = None,
federation_settings_id: Optional[str] = None,
groups_claim: Optional[str] = None,
idp_id: Optional[str] = None,
idp_type: Optional[str] = None,
issuer_uri: Optional[str] = None,
name: Optional[str] = None,
okta_idp_id: Optional[str] = None,
protocol: Optional[str] = None,
request_binding: Optional[str] = None,
requested_scopes: Optional[Sequence[str]] = None,
response_signature_algorithm: Optional[str] = None,
sso_debug_enabled: Optional[bool] = None,
sso_url: Optional[str] = None,
status: Optional[str] = None,
user_claim: Optional[str] = None) -> FederatedSettingsIdentityProviderfunc GetFederatedSettingsIdentityProvider(ctx *Context, name string, id IDInput, state *FederatedSettingsIdentityProviderState, opts ...ResourceOption) (*FederatedSettingsIdentityProvider, error)public static FederatedSettingsIdentityProvider Get(string name, Input<string> id, FederatedSettingsIdentityProviderState? state, CustomResourceOptions? opts = null)public static FederatedSettingsIdentityProvider get(String name, Output<String> id, FederatedSettingsIdentityProviderState state, CustomResourceOptions options)resources: _: type: mongodbatlas:FederatedSettingsIdentityProvider get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Associated
Domains List<string> - List that contains the domains associated with the identity provider.
- Audience string
- Identifier of the intended recipient of the token used in OIDC IdP.
- string
- Indicates whether authorization is granted based on group membership or user ID. Valid values are
GROUPorUSER. - Client
Id string - Client identifier that is assigned to an application by the OIDC Identity Provider.
- Description string
- The description of the identity provider.
- Federation
Settings stringId - Unique 24-hexadecimal digit string that identifies the federated authentication configuration.
- Groups
Claim string - Identifier of the claim which contains OIDC IdP Group IDs in the token.
- Idp
Id string - Unique 24-hexadecimal digit string that identifies the IdP.
- Idp
Type string - Issuer
Uri string - Unique string that identifies the issuer of the IdP.
- Name string
- Human-readable label that identifies the identity provider.
- Okta
Idp stringId - Unique 20-hexadecimal digit string that identifies the IdP.
- Protocol string
- The protocol of the identity provider. Either
SAMLorOIDC. - Request
Binding string - SAML Authentication Request Protocol HTTP method binding (
POSTorREDIRECT) that Federated Authentication uses to send the authentication request. Atlas supports the following binding values:- HTTP POST
- HTTP REDIRECT
- Requested
Scopes List<string> - Scopes that MongoDB applications will request from the authorization endpoint used for OIDC IdPs.
- Response
Signature stringAlgorithm - Signature algorithm that Federated Authentication uses to encrypt the identity provider signature. Valid values include
SHA-1andSHA-256. - Sso
Debug boolEnabled - Flag that indicates whether the identity provider has SSO debug enabled.
- Sso
Url string - Unique string that identifies the intended audience of the SAML assertion.
- Status string
- String enum that indicates whether the identity provider is active or not. Accepted values are ACTIVE or INACTIVE.
- User
Claim string - Identifier of the claim which contains the user ID in the token used for OIDC IdPs. userClaim is required for OIDC IdP with authorizationType GROUP and USER.
- Associated
Domains []string - List that contains the domains associated with the identity provider.
- Audience string
- Identifier of the intended recipient of the token used in OIDC IdP.
- string
- Indicates whether authorization is granted based on group membership or user ID. Valid values are
GROUPorUSER. - Client
Id string - Client identifier that is assigned to an application by the OIDC Identity Provider.
- Description string
- The description of the identity provider.
- Federation
Settings stringId - Unique 24-hexadecimal digit string that identifies the federated authentication configuration.
- Groups
Claim string - Identifier of the claim which contains OIDC IdP Group IDs in the token.
- Idp
Id string - Unique 24-hexadecimal digit string that identifies the IdP.
- Idp
Type string - Issuer
Uri string - Unique string that identifies the issuer of the IdP.
- Name string
- Human-readable label that identifies the identity provider.
- Okta
Idp stringId - Unique 20-hexadecimal digit string that identifies the IdP.
- Protocol string
- The protocol of the identity provider. Either
SAMLorOIDC. - Request
Binding string - SAML Authentication Request Protocol HTTP method binding (
POSTorREDIRECT) that Federated Authentication uses to send the authentication request. Atlas supports the following binding values:- HTTP POST
- HTTP REDIRECT
- Requested
Scopes []string - Scopes that MongoDB applications will request from the authorization endpoint used for OIDC IdPs.
- Response
Signature stringAlgorithm - Signature algorithm that Federated Authentication uses to encrypt the identity provider signature. Valid values include
SHA-1andSHA-256. - Sso
Debug boolEnabled - Flag that indicates whether the identity provider has SSO debug enabled.
- Sso
Url string - Unique string that identifies the intended audience of the SAML assertion.
- Status string
- String enum that indicates whether the identity provider is active or not. Accepted values are ACTIVE or INACTIVE.
- User
Claim string - Identifier of the claim which contains the user ID in the token used for OIDC IdPs. userClaim is required for OIDC IdP with authorizationType GROUP and USER.
- associated
Domains List<String> - List that contains the domains associated with the identity provider.
- audience String
- Identifier of the intended recipient of the token used in OIDC IdP.
- String
- Indicates whether authorization is granted based on group membership or user ID. Valid values are
GROUPorUSER. - client
Id String - Client identifier that is assigned to an application by the OIDC Identity Provider.
- description String
- The description of the identity provider.
- federation
Settings StringId - Unique 24-hexadecimal digit string that identifies the federated authentication configuration.
- groups
Claim String - Identifier of the claim which contains OIDC IdP Group IDs in the token.
- idp
Id String - Unique 24-hexadecimal digit string that identifies the IdP.
- idp
Type String - issuer
Uri String - Unique string that identifies the issuer of the IdP.
- name String
- Human-readable label that identifies the identity provider.
- okta
Idp StringId - Unique 20-hexadecimal digit string that identifies the IdP.
- protocol String
- The protocol of the identity provider. Either
SAMLorOIDC. - request
Binding String - SAML Authentication Request Protocol HTTP method binding (
POSTorREDIRECT) that Federated Authentication uses to send the authentication request. Atlas supports the following binding values:- HTTP POST
- HTTP REDIRECT
- requested
Scopes List<String> - Scopes that MongoDB applications will request from the authorization endpoint used for OIDC IdPs.
- response
Signature StringAlgorithm - Signature algorithm that Federated Authentication uses to encrypt the identity provider signature. Valid values include
SHA-1andSHA-256. - sso
Debug BooleanEnabled - Flag that indicates whether the identity provider has SSO debug enabled.
- sso
Url String - Unique string that identifies the intended audience of the SAML assertion.
- status String
- String enum that indicates whether the identity provider is active or not. Accepted values are ACTIVE or INACTIVE.
- user
Claim String - Identifier of the claim which contains the user ID in the token used for OIDC IdPs. userClaim is required for OIDC IdP with authorizationType GROUP and USER.
- associated
Domains string[] - List that contains the domains associated with the identity provider.
- audience string
- Identifier of the intended recipient of the token used in OIDC IdP.
- string
- Indicates whether authorization is granted based on group membership or user ID. Valid values are
GROUPorUSER. - client
Id string - Client identifier that is assigned to an application by the OIDC Identity Provider.
- description string
- The description of the identity provider.
- federation
Settings stringId - Unique 24-hexadecimal digit string that identifies the federated authentication configuration.
- groups
Claim string - Identifier of the claim which contains OIDC IdP Group IDs in the token.
- idp
Id string - Unique 24-hexadecimal digit string that identifies the IdP.
- idp
Type string - issuer
Uri string - Unique string that identifies the issuer of the IdP.
- name string
- Human-readable label that identifies the identity provider.
- okta
Idp stringId - Unique 20-hexadecimal digit string that identifies the IdP.
- protocol string
- The protocol of the identity provider. Either
SAMLorOIDC. - request
Binding string - SAML Authentication Request Protocol HTTP method binding (
POSTorREDIRECT) that Federated Authentication uses to send the authentication request. Atlas supports the following binding values:- HTTP POST
- HTTP REDIRECT
- requested
Scopes string[] - Scopes that MongoDB applications will request from the authorization endpoint used for OIDC IdPs.
- response
Signature stringAlgorithm - Signature algorithm that Federated Authentication uses to encrypt the identity provider signature. Valid values include
SHA-1andSHA-256. - sso
Debug booleanEnabled - Flag that indicates whether the identity provider has SSO debug enabled.
- sso
Url string - Unique string that identifies the intended audience of the SAML assertion.
- status string
- String enum that indicates whether the identity provider is active or not. Accepted values are ACTIVE or INACTIVE.
- user
Claim string - Identifier of the claim which contains the user ID in the token used for OIDC IdPs. userClaim is required for OIDC IdP with authorizationType GROUP and USER.
- associated_
domains Sequence[str] - List that contains the domains associated with the identity provider.
- audience str
- Identifier of the intended recipient of the token used in OIDC IdP.
- str
- Indicates whether authorization is granted based on group membership or user ID. Valid values are
GROUPorUSER. - client_
id str - Client identifier that is assigned to an application by the OIDC Identity Provider.
- description str
- The description of the identity provider.
- federation_
settings_ strid - Unique 24-hexadecimal digit string that identifies the federated authentication configuration.
- groups_
claim str - Identifier of the claim which contains OIDC IdP Group IDs in the token.
- idp_
id str - Unique 24-hexadecimal digit string that identifies the IdP.
- idp_
type str - issuer_
uri str - Unique string that identifies the issuer of the IdP.
- name str
- Human-readable label that identifies the identity provider.
- okta_
idp_ strid - Unique 20-hexadecimal digit string that identifies the IdP.
- protocol str
- The protocol of the identity provider. Either
SAMLorOIDC. - request_
binding str - SAML Authentication Request Protocol HTTP method binding (
POSTorREDIRECT) that Federated Authentication uses to send the authentication request. Atlas supports the following binding values:- HTTP POST
- HTTP REDIRECT
- requested_
scopes Sequence[str] - Scopes that MongoDB applications will request from the authorization endpoint used for OIDC IdPs.
- response_
signature_ stralgorithm - Signature algorithm that Federated Authentication uses to encrypt the identity provider signature. Valid values include
SHA-1andSHA-256. - sso_
debug_ boolenabled - Flag that indicates whether the identity provider has SSO debug enabled.
- sso_
url str - Unique string that identifies the intended audience of the SAML assertion.
- status str
- String enum that indicates whether the identity provider is active or not. Accepted values are ACTIVE or INACTIVE.
- user_
claim str - Identifier of the claim which contains the user ID in the token used for OIDC IdPs. userClaim is required for OIDC IdP with authorizationType GROUP and USER.
- associated
Domains List<String> - List that contains the domains associated with the identity provider.
- audience String
- Identifier of the intended recipient of the token used in OIDC IdP.
- String
- Indicates whether authorization is granted based on group membership or user ID. Valid values are
GROUPorUSER. - client
Id String - Client identifier that is assigned to an application by the OIDC Identity Provider.
- description String
- The description of the identity provider.
- federation
Settings StringId - Unique 24-hexadecimal digit string that identifies the federated authentication configuration.
- groups
Claim String - Identifier of the claim which contains OIDC IdP Group IDs in the token.
- idp
Id String - Unique 24-hexadecimal digit string that identifies the IdP.
- idp
Type String - issuer
Uri String - Unique string that identifies the issuer of the IdP.
- name String
- Human-readable label that identifies the identity provider.
- okta
Idp StringId - Unique 20-hexadecimal digit string that identifies the IdP.
- protocol String
- The protocol of the identity provider. Either
SAMLorOIDC. - request
Binding String - SAML Authentication Request Protocol HTTP method binding (
POSTorREDIRECT) that Federated Authentication uses to send the authentication request. Atlas supports the following binding values:- HTTP POST
- HTTP REDIRECT
- requested
Scopes List<String> - Scopes that MongoDB applications will request from the authorization endpoint used for OIDC IdPs.
- response
Signature StringAlgorithm - Signature algorithm that Federated Authentication uses to encrypt the identity provider signature. Valid values include
SHA-1andSHA-256. - sso
Debug BooleanEnabled - Flag that indicates whether the identity provider has SSO debug enabled.
- sso
Url String - Unique string that identifies the intended audience of the SAML assertion.
- status String
- String enum that indicates whether the identity provider is active or not. Accepted values are ACTIVE or INACTIVE.
- user
Claim String - Identifier of the claim which contains the user ID in the token used for OIDC IdPs. userClaim is required for OIDC IdP with authorizationType GROUP and USER.
Import
Identity Provider must be imported before using federation_settings_id-idp_id, e.g.
$ pulumi import mongodbatlas:index/federatedSettingsIdentityProvider:FederatedSettingsIdentityProvider identity_provider 6287a663c660f52b1c441c6c-0oad4fas87jL5Xnk12971234
For more information see: MongoDB Atlas API Reference.
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- MongoDB Atlas pulumi/pulumi-mongodbatlas
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
mongodbatlasTerraform Provider.