Docs
Packages
Oracle Cloud Infrastructure v0.19.0, May 26 23
Oracle Cloud Infrastructure v0.19.0, May 26 23
oci.Identity.getDomainsIdentityProvider
Explore with Pulumi AI
This data source provides details about a specific Identity Provider resource in Oracle Cloud Infrastructure Identity Domains service.
Get an Identity Provider
Example Usage
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Oci = Pulumi.Oci;
return await Deployment.RunAsync(() =>
{
var testIdentityProvider = Oci.Identity.GetDomainsIdentityProvider.Invoke(new()
{
IdcsEndpoint = data.Oci_identity_domain.Test_domain.Url,
IdentityProviderId = oci_identity_identity_provider.Test_identity_provider.Id,
AttributeSets = new[] {},
Attributes = "",
Authorization = @var.Identity_provider_authorization,
ResourceTypeSchemaVersion = @var.Identity_provider_resource_type_schema_version,
});
});
package main
import (
"github.com/pulumi/pulumi-oci/sdk/go/oci/Identity"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := Identity.GetDomainsIdentityProvider(ctx, &identity.GetDomainsIdentityProviderArgs{
IdcsEndpoint: data.Oci_identity_domain.Test_domain.Url,
IdentityProviderId: oci_identity_identity_provider.Test_identity_provider.Id,
AttributeSets: []interface{}{},
Attributes: pulumi.StringRef(""),
Authorization: pulumi.StringRef(_var.Identity_provider_authorization),
ResourceTypeSchemaVersion: pulumi.StringRef(_var.Identity_provider_resource_type_schema_version),
}, nil)
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.oci.Identity.IdentityFunctions;
import com.pulumi.oci.Identity.inputs.GetDomainsIdentityProviderArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var testIdentityProvider = IdentityFunctions.getDomainsIdentityProvider(GetDomainsIdentityProviderArgs.builder()
.idcsEndpoint(data.oci_identity_domain().test_domain().url())
.identityProviderId(oci_identity_identity_provider.test_identity_provider().id())
.attributeSets()
.attributes("")
.authorization(var_.identity_provider_authorization())
.resourceTypeSchemaVersion(var_.identity_provider_resource_type_schema_version())
.build());
}
}
import pulumi
import pulumi_oci as oci
test_identity_provider = oci.Identity.get_domains_identity_provider(idcs_endpoint=%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference),
identity_provider_id=%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference),
attribute_sets=[],
attributes="",
authorization=%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference),
resource_type_schema_version=%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
import * as pulumi from "@pulumi/pulumi";
import * as oci from "@pulumi/oci";
const testIdentityProvider = oci.Identity.getDomainsIdentityProvider({
idcsEndpoint: data.oci_identity_domain.test_domain.url,
identityProviderId: oci_identity_identity_provider.test_identity_provider.id,
attributeSets: [],
attributes: "",
authorization: _var.identity_provider_authorization,
resourceTypeSchemaVersion: _var.identity_provider_resource_type_schema_version,
});
variables:
testIdentityProvider:
fn::invoke:
Function: oci:Identity:getDomainsIdentityProvider
Arguments:
idcsEndpoint: ${data.oci_identity_domain.test_domain.url}
identityProviderId: ${oci_identity_identity_provider.test_identity_provider.id}
attributeSets: []
attributes:
authorization: ${var.identity_provider_authorization}
resourceTypeSchemaVersion: ${var.identity_provider_resource_type_schema_version}
Using getDomainsIdentityProvider
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getDomainsIdentityProvider(args: GetDomainsIdentityProviderArgs, opts?: InvokeOptions): Promise<GetDomainsIdentityProviderResult>
function getDomainsIdentityProviderOutput(args: GetDomainsIdentityProviderOutputArgs, opts?: InvokeOptions): Output<GetDomainsIdentityProviderResult>def get_domains_identity_provider(attribute_sets: Optional[Sequence[str]] = None,
attributes: Optional[str] = None,
authorization: Optional[str] = None,
idcs_endpoint: Optional[str] = None,
identity_provider_id: Optional[str] = None,
resource_type_schema_version: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetDomainsIdentityProviderResult
def get_domains_identity_provider_output(attribute_sets: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
attributes: Optional[pulumi.Input[str]] = None,
authorization: Optional[pulumi.Input[str]] = None,
idcs_endpoint: Optional[pulumi.Input[str]] = None,
identity_provider_id: Optional[pulumi.Input[str]] = None,
resource_type_schema_version: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetDomainsIdentityProviderResult]func GetDomainsIdentityProvider(ctx *Context, args *GetDomainsIdentityProviderArgs, opts ...InvokeOption) (*GetDomainsIdentityProviderResult, error)
func GetDomainsIdentityProviderOutput(ctx *Context, args *GetDomainsIdentityProviderOutputArgs, opts ...InvokeOption) GetDomainsIdentityProviderResultOutput> Note: This function is named GetDomainsIdentityProvider in the Go SDK.
public static class GetDomainsIdentityProvider
{
public static Task<GetDomainsIdentityProviderResult> InvokeAsync(GetDomainsIdentityProviderArgs args, InvokeOptions? opts = null)
public static Output<GetDomainsIdentityProviderResult> Invoke(GetDomainsIdentityProviderInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetDomainsIdentityProviderResult> getDomainsIdentityProvider(GetDomainsIdentityProviderArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet
fn::invoke:
function: oci:Identity/getDomainsIdentityProvider:getDomainsIdentityProvider
arguments:
# arguments dictionaryThe following arguments are supported:
- Idcs
Endpoint string The basic endpoint for the identity domain
- Identity
Provider stringId ID of the resource
- Attribute
Sets List<string> A multi-valued list of strings indicating the return type of attribute definition. The specified set of attributes can be fetched by the return type of the attribute. One or more values can be given together to fetch more than one group of attributes. If 'attributes' query parameter is also available, union of the two is fetched. Valid values - all, always, never, request, default. Values are case-insensitive.
- Attributes string
A comma-delimited string that specifies the names of resource attributes that should be returned in the response. By default, a response that contains resource attributes contains only attributes that are defined in the schema for that resource type as returned=always or returned=default. An attribute that is defined as returned=request is returned in a response only if the request specifies its name in the value of this query parameter. If a request specifies this query parameter, the response contains the attributes that this query parameter specifies, as well as any attribute that is defined as returned=always.
- string
The Authorization field value consists of credentials containing the authentication information of the user agent for the realm of the resource being requested.
- Resource
Type stringSchema Version An endpoint-specific schema version number to use in the Request. Allowed version values are Earliest Version or Latest Version as specified in each REST API endpoint description, or any sequential number inbetween. All schema attributes/body parameters are a part of version 1. After version 1, any attributes added or deprecated will be tagged with the version that they were added to or deprecated in. If no version is provided, the latest schema version is returned.
- Idcs
Endpoint string The basic endpoint for the identity domain
- Identity
Provider stringId ID of the resource
- Attribute
Sets []string A multi-valued list of strings indicating the return type of attribute definition. The specified set of attributes can be fetched by the return type of the attribute. One or more values can be given together to fetch more than one group of attributes. If 'attributes' query parameter is also available, union of the two is fetched. Valid values - all, always, never, request, default. Values are case-insensitive.
- Attributes string
A comma-delimited string that specifies the names of resource attributes that should be returned in the response. By default, a response that contains resource attributes contains only attributes that are defined in the schema for that resource type as returned=always or returned=default. An attribute that is defined as returned=request is returned in a response only if the request specifies its name in the value of this query parameter. If a request specifies this query parameter, the response contains the attributes that this query parameter specifies, as well as any attribute that is defined as returned=always.
- string
The Authorization field value consists of credentials containing the authentication information of the user agent for the realm of the resource being requested.
- Resource
Type stringSchema Version An endpoint-specific schema version number to use in the Request. Allowed version values are Earliest Version or Latest Version as specified in each REST API endpoint description, or any sequential number inbetween. All schema attributes/body parameters are a part of version 1. After version 1, any attributes added or deprecated will be tagged with the version that they were added to or deprecated in. If no version is provided, the latest schema version is returned.
- idcs
Endpoint String The basic endpoint for the identity domain
- identity
Provider StringId ID of the resource
- attribute
Sets List<String> A multi-valued list of strings indicating the return type of attribute definition. The specified set of attributes can be fetched by the return type of the attribute. One or more values can be given together to fetch more than one group of attributes. If 'attributes' query parameter is also available, union of the two is fetched. Valid values - all, always, never, request, default. Values are case-insensitive.
- attributes String
A comma-delimited string that specifies the names of resource attributes that should be returned in the response. By default, a response that contains resource attributes contains only attributes that are defined in the schema for that resource type as returned=always or returned=default. An attribute that is defined as returned=request is returned in a response only if the request specifies its name in the value of this query parameter. If a request specifies this query parameter, the response contains the attributes that this query parameter specifies, as well as any attribute that is defined as returned=always.
- String
The Authorization field value consists of credentials containing the authentication information of the user agent for the realm of the resource being requested.
- resource
Type StringSchema Version An endpoint-specific schema version number to use in the Request. Allowed version values are Earliest Version or Latest Version as specified in each REST API endpoint description, or any sequential number inbetween. All schema attributes/body parameters are a part of version 1. After version 1, any attributes added or deprecated will be tagged with the version that they were added to or deprecated in. If no version is provided, the latest schema version is returned.
- idcs
Endpoint string The basic endpoint for the identity domain
- identity
Provider stringId ID of the resource
- attribute
Sets string[] A multi-valued list of strings indicating the return type of attribute definition. The specified set of attributes can be fetched by the return type of the attribute. One or more values can be given together to fetch more than one group of attributes. If 'attributes' query parameter is also available, union of the two is fetched. Valid values - all, always, never, request, default. Values are case-insensitive.
- attributes string
A comma-delimited string that specifies the names of resource attributes that should be returned in the response. By default, a response that contains resource attributes contains only attributes that are defined in the schema for that resource type as returned=always or returned=default. An attribute that is defined as returned=request is returned in a response only if the request specifies its name in the value of this query parameter. If a request specifies this query parameter, the response contains the attributes that this query parameter specifies, as well as any attribute that is defined as returned=always.
- string
The Authorization field value consists of credentials containing the authentication information of the user agent for the realm of the resource being requested.
- resource
Type stringSchema Version An endpoint-specific schema version number to use in the Request. Allowed version values are Earliest Version or Latest Version as specified in each REST API endpoint description, or any sequential number inbetween. All schema attributes/body parameters are a part of version 1. After version 1, any attributes added or deprecated will be tagged with the version that they were added to or deprecated in. If no version is provided, the latest schema version is returned.
- idcs_
endpoint str The basic endpoint for the identity domain
- identity_
provider_ strid ID of the resource
- attribute_
sets Sequence[str] A multi-valued list of strings indicating the return type of attribute definition. The specified set of attributes can be fetched by the return type of the attribute. One or more values can be given together to fetch more than one group of attributes. If 'attributes' query parameter is also available, union of the two is fetched. Valid values - all, always, never, request, default. Values are case-insensitive.
- attributes str
A comma-delimited string that specifies the names of resource attributes that should be returned in the response. By default, a response that contains resource attributes contains only attributes that are defined in the schema for that resource type as returned=always or returned=default. An attribute that is defined as returned=request is returned in a response only if the request specifies its name in the value of this query parameter. If a request specifies this query parameter, the response contains the attributes that this query parameter specifies, as well as any attribute that is defined as returned=always.
- str
The Authorization field value consists of credentials containing the authentication information of the user agent for the realm of the resource being requested.
- resource_
type_ strschema_ version An endpoint-specific schema version number to use in the Request. Allowed version values are Earliest Version or Latest Version as specified in each REST API endpoint description, or any sequential number inbetween. All schema attributes/body parameters are a part of version 1. After version 1, any attributes added or deprecated will be tagged with the version that they were added to or deprecated in. If no version is provided, the latest schema version is returned.
- idcs
Endpoint String The basic endpoint for the identity domain
- identity
Provider StringId ID of the resource
- attribute
Sets List<String> A multi-valued list of strings indicating the return type of attribute definition. The specified set of attributes can be fetched by the return type of the attribute. One or more values can be given together to fetch more than one group of attributes. If 'attributes' query parameter is also available, union of the two is fetched. Valid values - all, always, never, request, default. Values are case-insensitive.
- attributes String
A comma-delimited string that specifies the names of resource attributes that should be returned in the response. By default, a response that contains resource attributes contains only attributes that are defined in the schema for that resource type as returned=always or returned=default. An attribute that is defined as returned=request is returned in a response only if the request specifies its name in the value of this query parameter. If a request specifies this query parameter, the response contains the attributes that this query parameter specifies, as well as any attribute that is defined as returned=always.
- String
The Authorization field value consists of credentials containing the authentication information of the user agent for the realm of the resource being requested.
- resource
Type StringSchema Version An endpoint-specific schema version number to use in the Request. Allowed version values are Earliest Version or Latest Version as specified in each REST API endpoint description, or any sequential number inbetween. All schema attributes/body parameters are a part of version 1. After version 1, any attributes added or deprecated will be tagged with the version that they were added to or deprecated in. If no version is provided, the latest schema version is returned.
getDomainsIdentityProvider Result
The following output properties are available:
- Assertion
Attribute string Assertion attribute name.
- Authn
Request stringBinding HTTP binding to use for authentication requests.
- Compartment
Ocid string Oracle Cloud Infrastructure Compartment Id (ocid) in which the resource lives.
- Correlation
Policies List<GetDomains Identity Provider Correlation Policy> Correlation policy
- Delete
In boolProgress A boolean flag indicating this resource in the process of being deleted. Usually set to true when synchronous deletion of the resource would take too long.
- Description string
Description
- Domain
Ocid string Oracle Cloud Infrastructure Domain Id (ocid) in which the resource lives.
- Enabled bool
Set to true to indicate Partner enabled.
- Encryption
Certificate string Encryption certificate
- External
Id string An identifier for the Resource as defined by the Service Consumer. The externalId may simplify identification of the Resource between Service Consumer and Service Provider by allowing the Consumer to refer to the Resource with its own identifier, obviating the need to store a local mapping between the local identifier of the Resource and the identifier used by the Service Provider. Each Resource MAY include a non-empty externalId value. The value of the externalId attribute is always issued by the Service Consumer and can never be specified by the Service Provider. The Service Provider MUST always interpret the externalId as scoped to the Service Consumer's tenant.
- Icon
Url string Identity Provider Icon URL.
- Id string
Unique identifier for the SCIM Resource as defined by the Service Provider. Each representation of the Resource MUST include a non-empty id value. This identifier MUST be unique across the Service Provider's entire set of Resources. It MUST be a stable, non-reassignable identifier that does not change when the same Resource is returned in subsequent requests. The value of the id attribute is always issued by the Service Provider and MUST never be specified by the Service Consumer. bulkId: is a reserved keyword and MUST NOT be used in the unique identifier.
- Idcs
Created List<GetBies Domains Identity Provider Idcs Created By> The User or App who created the Resource
- Idcs
Endpoint string - Idcs
Last List<GetModified Bies Domains Identity Provider Idcs Last Modified By> The User or App who modified the Resource
- Idcs
Last stringUpgraded In Release The release number when the resource was upgraded.
- Idcs
Prevented List<string>Operations Each value of this attribute specifies an operation that only an internal client may perform on this particular resource.
- Identity
Provider stringId - Idp
Sso stringUrl Identity Provider SSO URL
- Include
Signing boolCert In Signature Set to true to include the signing certificate in the signature.
- Jit
User List<GetProv Assigned Groups Domains Identity Provider Jit User Prov Assigned Group> Refers to every group of which a JIT-provisioned User should be a member. Just-in-Time user-provisioning applies this static list when jitUserProvGroupStaticListEnabled:true.
- Jit
User boolProv Attribute Update Enabled Set to true to indicate JIT User Creation is enabled
- Jit
User List<GetProv Attributes Domains Identity Provider Jit User Prov Attribute> Assertion To User Mapping
- Jit
User boolProv Create User Enabled Set to true to indicate JIT User Creation is enabled
- Jit
User boolProv Enabled Set to true to indicate JIT User Provisioning is enabled
- Jit
User boolProv Group Assertion Attribute Enabled Set to true to indicate JIT User Provisioning Groups should be assigned based on assertion attribute
- Jit
User stringProv Group Assignment Method The default value is 'Overwrite', which tells Just-In-Time user-provisioning to replace any current group-assignments for a User with those assigned by assertions and/or those assigned statically. Specify 'Merge' if you want Just-In-Time user-provisioning to combine its group-assignments with those the user already has.
- Jit
User stringProv Group Mapping Mode Property to indicate the mode of group mapping
- Jit
User List<GetProv Group Mappings Domains Identity Provider Jit User Prov Group Mapping> The list of mappings between the Identity Domain Group and the IDP group.
- Jit
User stringProv Group Saml Attribute Name Name of the assertion attribute containing the users groups
- Jit
User boolProv Group Static List Enabled Set to true to indicate JIT User Provisioning Groups should be assigned from a static list
- Jit
User boolProv Ignore Error On Absent Groups Set to true to indicate ignoring absence of group while provisioning
- Logout
Binding string HTTP binding to use for logout.
- Logout
Enabled bool Set to true to enable logout.
- Logout
Request stringUrl Logout request URL
- Logout
Response stringUrl Logout response URL
- Metadata string
Metadata
- Metas
List<Get
Domains Identity Provider Meta> A complex attribute that contains resource metadata. All sub-attributes are OPTIONAL.
- Name
Id stringFormat Default authentication request name ID format.
- Ocid string
Unique Oracle Cloud Infrastructure identifier for the SCIM Resource.
- Partner
Name string Unique name of the trusted Identity Provider.
- Partner
Provider stringId Provider ID
- Requested
Authentication List<string>Contexts SAML SP authentication type.
- Require
Force boolAuthn This SP requires requests SAML IdP to enforce re-authentication.
- Requires
Encrypted boolAssertion SAML SP must accept encrypted assertion only.
- Saml
Ho boolKrequired SAML SP HoK Enabled.
- Schemas List<string>
REQUIRED. The schemas attribute is an array of Strings which allows introspection of the supported schema version for a SCIM representation as well any schema extensions supported by that representation. Each String value must be a unique URI. This specification defines URIs for User, Group, and a standard "enterprise" extension. All representations of SCIM schema MUST include a non-zero value array with value(s) of the URIs supported by that representation. Duplicate values MUST NOT be included. Value order is not specified and MUST not impact behavior.
- Service
Instance stringIdentifier The serviceInstanceIdentifier of the App that hosts this IdP. This value will match the opcServiceInstanceGUID of any service-instance that the IdP represents.
- Shown
On boolLogin Page Set to true to indicate whether to show IdP in login page or not.
- Signature
Hash stringAlgorithm Signature hash algorithm.
- Signing
Certificate string Signing certificate
- Succinct
Id string Succinct ID
-
List<Get
Domains Identity Provider Tag> A list of tags on this resource.
- Tenancy
Ocid string Oracle Cloud Infrastructure Tenant Id (ocid) in which the resource lives.
- Tenant
Provider stringId The alternate Provider ID to be used as the Oracle Identity Cloud Service providerID (instead of the one in SamlSettings) when interacting with this IdP.
- Type string
Identity Provider Type
-
List<Get
Domains Identity Provider Urnietfparamsscimschemasoracleidcsextensionsocial Identity Provider> Social Identity Provider Extension Schema
- Urnietfparamsscimschemasoracleidcsextensionx509identity
Providers List<GetDomains Identity Provider Urnietfparamsscimschemasoracleidcsextensionx509identity Provider> X509 Identity Provider Extension Schema
- User
Mapping stringMethod User mapping method.
- User
Mapping stringStore Attribute This property specifies the userstore attribute value that must match the incoming assertion attribute value or the incoming nameid attribute value in order to identify the user during SSO.You can construct the userMappingStoreAttribute value by specifying attributes from the Oracle Identity Cloud Service Core Users schema. For examples of how to construct the userMappingStoreAttribute value, see the Example of a Request Body section of the Examples tab for the POST and PUT methods of the /IdentityProviders endpoint.
- Attribute
Sets List<string> - Attributes string
- string
- Resource
Type stringSchema Version
- Assertion
Attribute string Assertion attribute name.
- Authn
Request stringBinding HTTP binding to use for authentication requests.
- Compartment
Ocid string Oracle Cloud Infrastructure Compartment Id (ocid) in which the resource lives.
- Correlation
Policies []GetDomains Identity Provider Correlation Policy Correlation policy
- Delete
In boolProgress A boolean flag indicating this resource in the process of being deleted. Usually set to true when synchronous deletion of the resource would take too long.
- Description string
Description
- Domain
Ocid string Oracle Cloud Infrastructure Domain Id (ocid) in which the resource lives.
- Enabled bool
Set to true to indicate Partner enabled.
- Encryption
Certificate string Encryption certificate
- External
Id string An identifier for the Resource as defined by the Service Consumer. The externalId may simplify identification of the Resource between Service Consumer and Service Provider by allowing the Consumer to refer to the Resource with its own identifier, obviating the need to store a local mapping between the local identifier of the Resource and the identifier used by the Service Provider. Each Resource MAY include a non-empty externalId value. The value of the externalId attribute is always issued by the Service Consumer and can never be specified by the Service Provider. The Service Provider MUST always interpret the externalId as scoped to the Service Consumer's tenant.
- Icon
Url string Identity Provider Icon URL.
- Id string
Unique identifier for the SCIM Resource as defined by the Service Provider. Each representation of the Resource MUST include a non-empty id value. This identifier MUST be unique across the Service Provider's entire set of Resources. It MUST be a stable, non-reassignable identifier that does not change when the same Resource is returned in subsequent requests. The value of the id attribute is always issued by the Service Provider and MUST never be specified by the Service Consumer. bulkId: is a reserved keyword and MUST NOT be used in the unique identifier.
- Idcs
Created []GetBies Domains Identity Provider Idcs Created By The User or App who created the Resource
- Idcs
Endpoint string - Idcs
Last []GetModified Bies Domains Identity Provider Idcs Last Modified By The User or App who modified the Resource
- Idcs
Last stringUpgraded In Release The release number when the resource was upgraded.
- Idcs
Prevented []stringOperations Each value of this attribute specifies an operation that only an internal client may perform on this particular resource.
- Identity
Provider stringId - Idp
Sso stringUrl Identity Provider SSO URL
- Include
Signing boolCert In Signature Set to true to include the signing certificate in the signature.
- Jit
User []GetProv Assigned Groups Domains Identity Provider Jit User Prov Assigned Group Refers to every group of which a JIT-provisioned User should be a member. Just-in-Time user-provisioning applies this static list when jitUserProvGroupStaticListEnabled:true.
- Jit
User boolProv Attribute Update Enabled Set to true to indicate JIT User Creation is enabled
- Jit
User []GetProv Attributes Domains Identity Provider Jit User Prov Attribute Assertion To User Mapping
- Jit
User boolProv Create User Enabled Set to true to indicate JIT User Creation is enabled
- Jit
User boolProv Enabled Set to true to indicate JIT User Provisioning is enabled
- Jit
User boolProv Group Assertion Attribute Enabled Set to true to indicate JIT User Provisioning Groups should be assigned based on assertion attribute
- Jit
User stringProv Group Assignment Method The default value is 'Overwrite', which tells Just-In-Time user-provisioning to replace any current group-assignments for a User with those assigned by assertions and/or those assigned statically. Specify 'Merge' if you want Just-In-Time user-provisioning to combine its group-assignments with those the user already has.
- Jit
User stringProv Group Mapping Mode Property to indicate the mode of group mapping
- Jit
User []GetProv Group Mappings Domains Identity Provider Jit User Prov Group Mapping The list of mappings between the Identity Domain Group and the IDP group.
- Jit
User stringProv Group Saml Attribute Name Name of the assertion attribute containing the users groups
- Jit
User boolProv Group Static List Enabled Set to true to indicate JIT User Provisioning Groups should be assigned from a static list
- Jit
User boolProv Ignore Error On Absent Groups Set to true to indicate ignoring absence of group while provisioning
- Logout
Binding string HTTP binding to use for logout.
- Logout
Enabled bool Set to true to enable logout.
- Logout
Request stringUrl Logout request URL
- Logout
Response stringUrl Logout response URL
- Metadata string
Metadata
- Metas
[]Get
Domains Identity Provider Meta A complex attribute that contains resource metadata. All sub-attributes are OPTIONAL.
- Name
Id stringFormat Default authentication request name ID format.
- Ocid string
Unique Oracle Cloud Infrastructure identifier for the SCIM Resource.
- Partner
Name string Unique name of the trusted Identity Provider.
- Partner
Provider stringId Provider ID
- Requested
Authentication []stringContexts SAML SP authentication type.
- Require
Force boolAuthn This SP requires requests SAML IdP to enforce re-authentication.
- Requires
Encrypted boolAssertion SAML SP must accept encrypted assertion only.
- Saml
Ho boolKrequired SAML SP HoK Enabled.
- Schemas []string
REQUIRED. The schemas attribute is an array of Strings which allows introspection of the supported schema version for a SCIM representation as well any schema extensions supported by that representation. Each String value must be a unique URI. This specification defines URIs for User, Group, and a standard "enterprise" extension. All representations of SCIM schema MUST include a non-zero value array with value(s) of the URIs supported by that representation. Duplicate values MUST NOT be included. Value order is not specified and MUST not impact behavior.
- Service
Instance stringIdentifier The serviceInstanceIdentifier of the App that hosts this IdP. This value will match the opcServiceInstanceGUID of any service-instance that the IdP represents.
- Shown
On boolLogin Page Set to true to indicate whether to show IdP in login page or not.
- Signature
Hash stringAlgorithm Signature hash algorithm.
- Signing
Certificate string Signing certificate
- Succinct
Id string Succinct ID
-
[]Get
Domains Identity Provider Tag A list of tags on this resource.
- Tenancy
Ocid string Oracle Cloud Infrastructure Tenant Id (ocid) in which the resource lives.
- Tenant
Provider stringId The alternate Provider ID to be used as the Oracle Identity Cloud Service providerID (instead of the one in SamlSettings) when interacting with this IdP.
- Type string
Identity Provider Type
-
[]Get
Domains Identity Provider Urnietfparamsscimschemasoracleidcsextensionsocial Identity Provider Social Identity Provider Extension Schema
- Urnietfparamsscimschemasoracleidcsextensionx509identity
Providers []GetDomains Identity Provider Urnietfparamsscimschemasoracleidcsextensionx509identity Provider X509 Identity Provider Extension Schema
- User
Mapping stringMethod User mapping method.
- User
Mapping stringStore Attribute This property specifies the userstore attribute value that must match the incoming assertion attribute value or the incoming nameid attribute value in order to identify the user during SSO.You can construct the userMappingStoreAttribute value by specifying attributes from the Oracle Identity Cloud Service Core Users schema. For examples of how to construct the userMappingStoreAttribute value, see the Example of a Request Body section of the Examples tab for the POST and PUT methods of the /IdentityProviders endpoint.
- Attribute
Sets []string - Attributes string
- string
- Resource
Type stringSchema Version
- assertion
Attribute String Assertion attribute name.
- authn
Request StringBinding HTTP binding to use for authentication requests.
- compartment
Ocid String Oracle Cloud Infrastructure Compartment Id (ocid) in which the resource lives.
- correlation
Policies List<GetDomains Provider Correlation Policy> Correlation policy
- delete
In BooleanProgress A boolean flag indicating this resource in the process of being deleted. Usually set to true when synchronous deletion of the resource would take too long.
- description String
Description
- domain
Ocid String Oracle Cloud Infrastructure Domain Id (ocid) in which the resource lives.
- enabled Boolean
Set to true to indicate Partner enabled.
- encryption
Certificate String Encryption certificate
- external
Id String An identifier for the Resource as defined by the Service Consumer. The externalId may simplify identification of the Resource between Service Consumer and Service Provider by allowing the Consumer to refer to the Resource with its own identifier, obviating the need to store a local mapping between the local identifier of the Resource and the identifier used by the Service Provider. Each Resource MAY include a non-empty externalId value. The value of the externalId attribute is always issued by the Service Consumer and can never be specified by the Service Provider. The Service Provider MUST always interpret the externalId as scoped to the Service Consumer's tenant.
- icon
Url String Identity Provider Icon URL.
- id String
Unique identifier for the SCIM Resource as defined by the Service Provider. Each representation of the Resource MUST include a non-empty id value. This identifier MUST be unique across the Service Provider's entire set of Resources. It MUST be a stable, non-reassignable identifier that does not change when the same Resource is returned in subsequent requests. The value of the id attribute is always issued by the Service Provider and MUST never be specified by the Service Consumer. bulkId: is a reserved keyword and MUST NOT be used in the unique identifier.
- idcs
Created List<GetBies Domains Provider Idcs Created By> The User or App who created the Resource
- idcs
Endpoint String - idcs
Last List<GetModified Bies Domains Provider Idcs Last Modified By> The User or App who modified the Resource
- idcs
Last StringUpgraded In Release The release number when the resource was upgraded.
- idcs
Prevented List<String>Operations Each value of this attribute specifies an operation that only an internal client may perform on this particular resource.
- identity
Provider StringId - idp
Sso StringUrl Identity Provider SSO URL
- include
Signing BooleanCert In Signature Set to true to include the signing certificate in the signature.
- jit
User List<GetProv Assigned Groups Domains Provider Jit User Prov Assigned Group> Refers to every group of which a JIT-provisioned User should be a member. Just-in-Time user-provisioning applies this static list when jitUserProvGroupStaticListEnabled:true.
- jit
User BooleanProv Attribute Update Enabled Set to true to indicate JIT User Creation is enabled
- jit
User List<GetProv Attributes Domains Provider Jit User Prov Attribute> Assertion To User Mapping
- jit
User BooleanProv Create User Enabled Set to true to indicate JIT User Creation is enabled
- jit
User BooleanProv Enabled Set to true to indicate JIT User Provisioning is enabled
- jit
User BooleanProv Group Assertion Attribute Enabled Set to true to indicate JIT User Provisioning Groups should be assigned based on assertion attribute
- jit
User StringProv Group Assignment Method The default value is 'Overwrite', which tells Just-In-Time user-provisioning to replace any current group-assignments for a User with those assigned by assertions and/or those assigned statically. Specify 'Merge' if you want Just-In-Time user-provisioning to combine its group-assignments with those the user already has.
- jit
User StringProv Group Mapping Mode Property to indicate the mode of group mapping
- jit
User List<GetProv Group Mappings Domains Provider Jit User Prov Group Mapping> The list of mappings between the Identity Domain Group and the IDP group.
- jit
User StringProv Group Saml Attribute Name Name of the assertion attribute containing the users groups
- jit
User BooleanProv Group Static List Enabled Set to true to indicate JIT User Provisioning Groups should be assigned from a static list
- jit
User BooleanProv Ignore Error On Absent Groups Set to true to indicate ignoring absence of group while provisioning
- logout
Binding String HTTP binding to use for logout.
- logout
Enabled Boolean Set to true to enable logout.
- logout
Request StringUrl Logout request URL
- logout
Response StringUrl Logout response URL
- metadata String
Metadata
- metas
List<Get
Domains Provider Meta> A complex attribute that contains resource metadata. All sub-attributes are OPTIONAL.
- name
Id StringFormat Default authentication request name ID format.
- ocid String
Unique Oracle Cloud Infrastructure identifier for the SCIM Resource.
- partner
Name String Unique name of the trusted Identity Provider.
- partner
Provider StringId Provider ID
- requested
Authentication List<String>Contexts SAML SP authentication type.
- require
Force BooleanAuthn This SP requires requests SAML IdP to enforce re-authentication.
- requires
Encrypted BooleanAssertion SAML SP must accept encrypted assertion only.
- saml
Ho BooleanKrequired SAML SP HoK Enabled.
- schemas List<String>
REQUIRED. The schemas attribute is an array of Strings which allows introspection of the supported schema version for a SCIM representation as well any schema extensions supported by that representation. Each String value must be a unique URI. This specification defines URIs for User, Group, and a standard "enterprise" extension. All representations of SCIM schema MUST include a non-zero value array with value(s) of the URIs supported by that representation. Duplicate values MUST NOT be included. Value order is not specified and MUST not impact behavior.
- service
Instance StringIdentifier The serviceInstanceIdentifier of the App that hosts this IdP. This value will match the opcServiceInstanceGUID of any service-instance that the IdP represents.
- shown
On BooleanLogin Page Set to true to indicate whether to show IdP in login page or not.
- signature
Hash StringAlgorithm Signature hash algorithm.
- signing
Certificate String Signing certificate
- succinct
Id String Succinct ID
-
List<Get
Domains Provider Tag> A list of tags on this resource.
- tenancy
Ocid String Oracle Cloud Infrastructure Tenant Id (ocid) in which the resource lives.
- tenant
Provider StringId The alternate Provider ID to be used as the Oracle Identity Cloud Service providerID (instead of the one in SamlSettings) when interacting with this IdP.
- type String
Identity Provider Type
-
List<Get
Domains Provider Urnietfparamsscimschemasoracleidcsextensionsocial Provider> Social Identity Provider Extension Schema
- urnietfparamsscimschemasoracleidcsextensionx509identity
Providers List<GetDomains Provider Urnietfparamsscimschemasoracleidcsextensionx509identity Provider> X509 Identity Provider Extension Schema
- user
Mapping StringMethod User mapping method.
- user
Mapping StringStore Attribute This property specifies the userstore attribute value that must match the incoming assertion attribute value or the incoming nameid attribute value in order to identify the user during SSO.You can construct the userMappingStoreAttribute value by specifying attributes from the Oracle Identity Cloud Service Core Users schema. For examples of how to construct the userMappingStoreAttribute value, see the Example of a Request Body section of the Examples tab for the POST and PUT methods of the /IdentityProviders endpoint.
- attribute
Sets List<String> - attributes String
- String
- resource
Type StringSchema Version
- assertion
Attribute string Assertion attribute name.
- authn
Request stringBinding HTTP binding to use for authentication requests.
- compartment
Ocid string Oracle Cloud Infrastructure Compartment Id (ocid) in which the resource lives.
- correlation
Policies GetDomains Identity Provider Correlation Policy[] Correlation policy
- delete
In booleanProgress A boolean flag indicating this resource in the process of being deleted. Usually set to true when synchronous deletion of the resource would take too long.
- description string
Description
- domain
Ocid string Oracle Cloud Infrastructure Domain Id (ocid) in which the resource lives.
- enabled boolean
Set to true to indicate Partner enabled.
- encryption
Certificate string Encryption certificate
- external
Id string An identifier for the Resource as defined by the Service Consumer. The externalId may simplify identification of the Resource between Service Consumer and Service Provider by allowing the Consumer to refer to the Resource with its own identifier, obviating the need to store a local mapping between the local identifier of the Resource and the identifier used by the Service Provider. Each Resource MAY include a non-empty externalId value. The value of the externalId attribute is always issued by the Service Consumer and can never be specified by the Service Provider. The Service Provider MUST always interpret the externalId as scoped to the Service Consumer's tenant.
- icon
Url string Identity Provider Icon URL.
- id string
Unique identifier for the SCIM Resource as defined by the Service Provider. Each representation of the Resource MUST include a non-empty id value. This identifier MUST be unique across the Service Provider's entire set of Resources. It MUST be a stable, non-reassignable identifier that does not change when the same Resource is returned in subsequent requests. The value of the id attribute is always issued by the Service Provider and MUST never be specified by the Service Consumer. bulkId: is a reserved keyword and MUST NOT be used in the unique identifier.
- idcs
Created GetBies Domains Identity Provider Idcs Created By[] The User or App who created the Resource
- idcs
Endpoint string - idcs
Last GetModified Bies Domains Identity Provider Idcs Last Modified By[] The User or App who modified the Resource
- idcs
Last stringUpgraded In Release The release number when the resource was upgraded.
- idcs
Prevented string[]Operations Each value of this attribute specifies an operation that only an internal client may perform on this particular resource.
- identity
Provider stringId - idp
Sso stringUrl Identity Provider SSO URL
- include
Signing booleanCert In Signature Set to true to include the signing certificate in the signature.
- jit
User GetProv Assigned Groups Domains Identity Provider Jit User Prov Assigned Group[] Refers to every group of which a JIT-provisioned User should be a member. Just-in-Time user-provisioning applies this static list when jitUserProvGroupStaticListEnabled:true.
- jit
User booleanProv Attribute Update Enabled Set to true to indicate JIT User Creation is enabled
- jit
User GetProv Attributes Domains Identity Provider Jit User Prov Attribute[] Assertion To User Mapping
- jit
User booleanProv Create User Enabled Set to true to indicate JIT User Creation is enabled
- jit
User booleanProv Enabled Set to true to indicate JIT User Provisioning is enabled
- jit
User booleanProv Group Assertion Attribute Enabled Set to true to indicate JIT User Provisioning Groups should be assigned based on assertion attribute
- jit
User stringProv Group Assignment Method The default value is 'Overwrite', which tells Just-In-Time user-provisioning to replace any current group-assignments for a User with those assigned by assertions and/or those assigned statically. Specify 'Merge' if you want Just-In-Time user-provisioning to combine its group-assignments with those the user already has.
- jit
User stringProv Group Mapping Mode Property to indicate the mode of group mapping
- jit
User GetProv Group Mappings Domains Identity Provider Jit User Prov Group Mapping[] The list of mappings between the Identity Domain Group and the IDP group.
- jit
User stringProv Group Saml Attribute Name Name of the assertion attribute containing the users groups
- jit
User booleanProv Group Static List Enabled Set to true to indicate JIT User Provisioning Groups should be assigned from a static list
- jit
User booleanProv Ignore Error On Absent Groups Set to true to indicate ignoring absence of group while provisioning
- logout
Binding string HTTP binding to use for logout.
- logout
Enabled boolean Set to true to enable logout.
- logout
Request stringUrl Logout request URL
- logout
Response stringUrl Logout response URL
- metadata string
Metadata
- metas
Get
Domains Identity Provider Meta[] A complex attribute that contains resource metadata. All sub-attributes are OPTIONAL.
- name
Id stringFormat Default authentication request name ID format.
- ocid string
Unique Oracle Cloud Infrastructure identifier for the SCIM Resource.
- partner
Name string Unique name of the trusted Identity Provider.
- partner
Provider stringId Provider ID
- requested
Authentication string[]Contexts SAML SP authentication type.
- require
Force booleanAuthn This SP requires requests SAML IdP to enforce re-authentication.
- requires
Encrypted booleanAssertion SAML SP must accept encrypted assertion only.
- saml
Ho booleanKrequired SAML SP HoK Enabled.
- schemas string[]
REQUIRED. The schemas attribute is an array of Strings which allows introspection of the supported schema version for a SCIM representation as well any schema extensions supported by that representation. Each String value must be a unique URI. This specification defines URIs for User, Group, and a standard "enterprise" extension. All representations of SCIM schema MUST include a non-zero value array with value(s) of the URIs supported by that representation. Duplicate values MUST NOT be included. Value order is not specified and MUST not impact behavior.
- service
Instance stringIdentifier The serviceInstanceIdentifier of the App that hosts this IdP. This value will match the opcServiceInstanceGUID of any service-instance that the IdP represents.
- shown
On booleanLogin Page Set to true to indicate whether to show IdP in login page or not.
- signature
Hash stringAlgorithm Signature hash algorithm.
- signing
Certificate string Signing certificate
- succinct
Id string Succinct ID
-
Get
Domains Identity Provider Tag[] A list of tags on this resource.
- tenancy
Ocid string Oracle Cloud Infrastructure Tenant Id (ocid) in which the resource lives.
- tenant
Provider stringId The alternate Provider ID to be used as the Oracle Identity Cloud Service providerID (instead of the one in SamlSettings) when interacting with this IdP.
- type string
Identity Provider Type
-
Get
Domains Identity Provider Urnietfparamsscimschemasoracleidcsextensionsocial Identity Provider[] Social Identity Provider Extension Schema
- urnietfparamsscimschemasoracleidcsextensionx509identity
Providers GetDomains Identity Provider Urnietfparamsscimschemasoracleidcsextensionx509identity Provider[] X509 Identity Provider Extension Schema
- user
Mapping stringMethod User mapping method.
- user
Mapping stringStore Attribute This property specifies the userstore attribute value that must match the incoming assertion attribute value or the incoming nameid attribute value in order to identify the user during SSO.You can construct the userMappingStoreAttribute value by specifying attributes from the Oracle Identity Cloud Service Core Users schema. For examples of how to construct the userMappingStoreAttribute value, see the Example of a Request Body section of the Examples tab for the POST and PUT methods of the /IdentityProviders endpoint.
- attribute
Sets string[] - attributes string
- string
- resource
Type stringSchema Version
- assertion_
attribute str Assertion attribute name.
- authn_
request_ strbinding HTTP binding to use for authentication requests.
- compartment_
ocid str Oracle Cloud Infrastructure Compartment Id (ocid) in which the resource lives.
- correlation_
policies GetDomains Identity Provider Correlation Policy] Correlation policy
- delete_
in_ boolprogress A boolean flag indicating this resource in the process of being deleted. Usually set to true when synchronous deletion of the resource would take too long.
- description str
Description
- domain_
ocid str Oracle Cloud Infrastructure Domain Id (ocid) in which the resource lives.
- enabled bool
Set to true to indicate Partner enabled.
- encryption_
certificate str Encryption certificate
- external_
id str An identifier for the Resource as defined by the Service Consumer. The externalId may simplify identification of the Resource between Service Consumer and Service Provider by allowing the Consumer to refer to the Resource with its own identifier, obviating the need to store a local mapping between the local identifier of the Resource and the identifier used by the Service Provider. Each Resource MAY include a non-empty externalId value. The value of the externalId attribute is always issued by the Service Consumer and can never be specified by the Service Provider. The Service Provider MUST always interpret the externalId as scoped to the Service Consumer's tenant.
- icon_
url str Identity Provider Icon URL.
- id str
Unique identifier for the SCIM Resource as defined by the Service Provider. Each representation of the Resource MUST include a non-empty id value. This identifier MUST be unique across the Service Provider's entire set of Resources. It MUST be a stable, non-reassignable identifier that does not change when the same Resource is returned in subsequent requests. The value of the id attribute is always issued by the Service Provider and MUST never be specified by the Service Consumer. bulkId: is a reserved keyword and MUST NOT be used in the unique identifier.
- idcs_
created_ Getbies Domains Identity Provider Idcs Created By] The User or App who created the Resource
- idcs_
endpoint str - idcs_
last_ Getmodified_ bies Domains Identity Provider Idcs Last Modified By] The User or App who modified the Resource
- idcs_
last_ strupgraded_ in_ release The release number when the resource was upgraded.
- idcs_
prevented_ Sequence[str]operations Each value of this attribute specifies an operation that only an internal client may perform on this particular resource.
- identity_
provider_ strid - idp_
sso_ strurl Identity Provider SSO URL
- include_
signing_ boolcert_ in_ signature Set to true to include the signing certificate in the signature.
- jit_
user_ Getprov_ assigned_ groups Domains Identity Provider Jit User Prov Assigned Group] Refers to every group of which a JIT-provisioned User should be a member. Just-in-Time user-provisioning applies this static list when jitUserProvGroupStaticListEnabled:true.
- jit_
user_ boolprov_ attribute_ update_ enabled Set to true to indicate JIT User Creation is enabled
- jit_
user_ Getprov_ attributes Domains Identity Provider Jit User Prov Attribute] Assertion To User Mapping
- jit_
user_ boolprov_ create_ user_ enabled Set to true to indicate JIT User Creation is enabled
- jit_
user_ boolprov_ enabled Set to true to indicate JIT User Provisioning is enabled
- jit_
user_ boolprov_ group_ assertion_ attribute_ enabled Set to true to indicate JIT User Provisioning Groups should be assigned based on assertion attribute
- jit_
user_ strprov_ group_ assignment_ method The default value is 'Overwrite', which tells Just-In-Time user-provisioning to replace any current group-assignments for a User with those assigned by assertions and/or those assigned statically. Specify 'Merge' if you want Just-In-Time user-provisioning to combine its group-assignments with those the user already has.
- jit_
user_ strprov_ group_ mapping_ mode Property to indicate the mode of group mapping
- jit_
user_ Getprov_ group_ mappings Domains Identity Provider Jit User Prov Group Mapping] The list of mappings between the Identity Domain Group and the IDP group.
- jit_
user_ strprov_ group_ saml_ attribute_ name Name of the assertion attribute containing the users groups
- jit_
user_ boolprov_ group_ static_ list_ enabled Set to true to indicate JIT User Provisioning Groups should be assigned from a static list
- jit_
user_ boolprov_ ignore_ error_ on_ absent_ groups Set to true to indicate ignoring absence of group while provisioning
- logout_
binding str HTTP binding to use for logout.
- logout_
enabled bool Set to true to enable logout.
- logout_
request_ strurl Logout request URL
- logout_
response_ strurl Logout response URL
- metadata str
Metadata
- metas
Get
Domains Identity Provider Meta] A complex attribute that contains resource metadata. All sub-attributes are OPTIONAL.
- name_
id_ strformat Default authentication request name ID format.
- ocid str
Unique Oracle Cloud Infrastructure identifier for the SCIM Resource.
- partner_
name str Unique name of the trusted Identity Provider.
- partner_
provider_ strid Provider ID
- requested_
authentication_ Sequence[str]contexts SAML SP authentication type.
- require_
force_ boolauthn This SP requires requests SAML IdP to enforce re-authentication.
- requires_
encrypted_ boolassertion SAML SP must accept encrypted assertion only.
- saml_
ho_ boolkrequired SAML SP HoK Enabled.
- schemas Sequence[str]
REQUIRED. The schemas attribute is an array of Strings which allows introspection of the supported schema version for a SCIM representation as well any schema extensions supported by that representation. Each String value must be a unique URI. This specification defines URIs for User, Group, and a standard "enterprise" extension. All representations of SCIM schema MUST include a non-zero value array with value(s) of the URIs supported by that representation. Duplicate values MUST NOT be included. Value order is not specified and MUST not impact behavior.
- service_
instance_ stridentifier The serviceInstanceIdentifier of the App that hosts this IdP. This value will match the opcServiceInstanceGUID of any service-instance that the IdP represents.
- shown_
on_ boollogin_ page Set to true to indicate whether to show IdP in login page or not.
- signature_
hash_ stralgorithm Signature hash algorithm.
- signing_
certificate str Signing certificate
- succinct_
id str Succinct ID
-
Get
Domains Identity Provider Tag] A list of tags on this resource.
- tenancy_
ocid str Oracle Cloud Infrastructure Tenant Id (ocid) in which the resource lives.
- tenant_
provider_ strid The alternate Provider ID to be used as the Oracle Identity Cloud Service providerID (instead of the one in SamlSettings) when interacting with this IdP.
- type str
Identity Provider Type
-
Get
Domains Identity Provider Urnietfparamsscimschemasoracleidcsextensionsocial Identity Provider] Social Identity Provider Extension Schema
- urnietfparamsscimschemasoracleidcsextensionx509identity_
providers GetDomains Identity Provider Urnietfparamsscimschemasoracleidcsextensionx509identity Provider] X509 Identity Provider Extension Schema
- user_
mapping_ strmethod User mapping method.
- user_
mapping_ strstore_ attribute This property specifies the userstore attribute value that must match the incoming assertion attribute value or the incoming nameid attribute value in order to identify the user during SSO.You can construct the userMappingStoreAttribute value by specifying attributes from the Oracle Identity Cloud Service Core Users schema. For examples of how to construct the userMappingStoreAttribute value, see the Example of a Request Body section of the Examples tab for the POST and PUT methods of the /IdentityProviders endpoint.
- attribute_
sets Sequence[str] - attributes str
- str
- resource_
type_ strschema_ version
- assertion
Attribute String Assertion attribute name.
- authn
Request StringBinding HTTP binding to use for authentication requests.
- compartment
Ocid String Oracle Cloud Infrastructure Compartment Id (ocid) in which the resource lives.
- correlation
Policies List<Property Map> Correlation policy
- delete
In BooleanProgress A boolean flag indicating this resource in the process of being deleted. Usually set to true when synchronous deletion of the resource would take too long.
- description String
Description
- domain
Ocid String Oracle Cloud Infrastructure Domain Id (ocid) in which the resource lives.
- enabled Boolean
Set to true to indicate Partner enabled.
- encryption
Certificate String Encryption certificate
- external
Id String An identifier for the Resource as defined by the Service Consumer. The externalId may simplify identification of the Resource between Service Consumer and Service Provider by allowing the Consumer to refer to the Resource with its own identifier, obviating the need to store a local mapping between the local identifier of the Resource and the identifier used by the Service Provider. Each Resource MAY include a non-empty externalId value. The value of the externalId attribute is always issued by the Service Consumer and can never be specified by the Service Provider. The Service Provider MUST always interpret the externalId as scoped to the Service Consumer's tenant.
- icon
Url String Identity Provider Icon URL.
- id String
Unique identifier for the SCIM Resource as defined by the Service Provider. Each representation of the Resource MUST include a non-empty id value. This identifier MUST be unique across the Service Provider's entire set of Resources. It MUST be a stable, non-reassignable identifier that does not change when the same Resource is returned in subsequent requests. The value of the id attribute is always issued by the Service Provider and MUST never be specified by the Service Consumer. bulkId: is a reserved keyword and MUST NOT be used in the unique identifier.
- idcs
Created List<Property Map>Bies The User or App who created the Resource
- idcs
Endpoint String - idcs
Last List<Property Map>Modified Bies The User or App who modified the Resource
- idcs
Last StringUpgraded In Release The release number when the resource was upgraded.
- idcs
Prevented List<String>Operations Each value of this attribute specifies an operation that only an internal client may perform on this particular resource.
- identity
Provider StringId - idp
Sso StringUrl Identity Provider SSO URL
- include
Signing BooleanCert In Signature Set to true to include the signing certificate in the signature.
- jit
User List<Property Map>Prov Assigned Groups Refers to every group of which a JIT-provisioned User should be a member. Just-in-Time user-provisioning applies this static list when jitUserProvGroupStaticListEnabled:true.
- jit
User BooleanProv Attribute Update Enabled Set to true to indicate JIT User Creation is enabled
- jit
User List<Property Map>Prov Attributes Assertion To User Mapping
- jit
User BooleanProv Create User Enabled Set to true to indicate JIT User Creation is enabled
- jit
User BooleanProv Enabled Set to true to indicate JIT User Provisioning is enabled
- jit
User BooleanProv Group Assertion Attribute Enabled Set to true to indicate JIT User Provisioning Groups should be assigned based on assertion attribute
- jit
User StringProv Group Assignment Method The default value is 'Overwrite', which tells Just-In-Time user-provisioning to replace any current group-assignments for a User with those assigned by assertions and/or those assigned statically. Specify 'Merge' if you want Just-In-Time user-provisioning to combine its group-assignments with those the user already has.
- jit
User StringProv Group Mapping Mode Property to indicate the mode of group mapping
- jit
User List<Property Map>Prov Group Mappings The list of mappings between the Identity Domain Group and the IDP group.
- jit
User StringProv Group Saml Attribute Name Name of the assertion attribute containing the users groups
- jit
User BooleanProv Group Static List Enabled Set to true to indicate JIT User Provisioning Groups should be assigned from a static list
- jit
User BooleanProv Ignore Error On Absent Groups Set to true to indicate ignoring absence of group while provisioning
- logout
Binding String HTTP binding to use for logout.
- logout
Enabled Boolean Set to true to enable logout.
- logout
Request StringUrl Logout request URL
- logout
Response StringUrl Logout response URL
- metadata String
Metadata
- metas List<Property Map>
A complex attribute that contains resource metadata. All sub-attributes are OPTIONAL.
- name
Id StringFormat Default authentication request name ID format.
- ocid String
Unique Oracle Cloud Infrastructure identifier for the SCIM Resource.
- partner
Name String Unique name of the trusted Identity Provider.
- partner
Provider StringId Provider ID
- requested
Authentication List<String>Contexts SAML SP authentication type.
- require
Force BooleanAuthn This SP requires requests SAML IdP to enforce re-authentication.
- requires
Encrypted BooleanAssertion SAML SP must accept encrypted assertion only.
- saml
Ho BooleanKrequired SAML SP HoK Enabled.
- schemas List<String>
REQUIRED. The schemas attribute is an array of Strings which allows introspection of the supported schema version for a SCIM representation as well any schema extensions supported by that representation. Each String value must be a unique URI. This specification defines URIs for User, Group, and a standard "enterprise" extension. All representations of SCIM schema MUST include a non-zero value array with value(s) of the URIs supported by that representation. Duplicate values MUST NOT be included. Value order is not specified and MUST not impact behavior.
- service
Instance StringIdentifier The serviceInstanceIdentifier of the App that hosts this IdP. This value will match the opcServiceInstanceGUID of any service-instance that the IdP represents.
- shown
On BooleanLogin Page Set to true to indicate whether to show IdP in login page or not.
- signature
Hash StringAlgorithm Signature hash algorithm.
- signing
Certificate String Signing certificate
- succinct
Id String Succinct ID
- List<Property Map>
A list of tags on this resource.
- tenancy
Ocid String Oracle Cloud Infrastructure Tenant Id (ocid) in which the resource lives.
- tenant
Provider StringId The alternate Provider ID to be used as the Oracle Identity Cloud Service providerID (instead of the one in SamlSettings) when interacting with this IdP.
- type String
Identity Provider Type
- List<Property Map>
Social Identity Provider Extension Schema
- urnietfparamsscimschemasoracleidcsextensionx509identity
Providers List<Property Map> X509 Identity Provider Extension Schema
- user
Mapping StringMethod User mapping method.
- user
Mapping StringStore Attribute This property specifies the userstore attribute value that must match the incoming assertion attribute value or the incoming nameid attribute value in order to identify the user during SSO.You can construct the userMappingStoreAttribute value by specifying attributes from the Oracle Identity Cloud Service Core Users schema. For examples of how to construct the userMappingStoreAttribute value, see the Example of a Request Body section of the Examples tab for the POST and PUT methods of the /IdentityProviders endpoint.
- attribute
Sets List<String> - attributes String
- String
- resource
Type StringSchema Version
Supporting Types
GetDomainsIdentityProviderCorrelationPolicy
GetDomainsIdentityProviderIdcsCreatedBy
GetDomainsIdentityProviderIdcsLastModifiedBy
GetDomainsIdentityProviderJitUserProvAssignedGroup
GetDomainsIdentityProviderJitUserProvAttribute
GetDomainsIdentityProviderJitUserProvGroupMapping
GetDomainsIdentityProviderMeta
- Created string
The DateTime the Resource was added to the Service Provider
- Last
Modified string The most recent DateTime that the details of this Resource were updated at the Service Provider. If this Resource has never been modified since its initial creation, the value MUST be the same as the value of created. The attribute MUST be a DateTime.
- Location string
The URI of the Resource being returned. This value MUST be the same as the Location HTTP response header.
- Resource
Type string Name of the resource type of the resource--for example, Users or Groups
- Version string
The version of the Resource being returned. This value must be the same as the ETag HTTP response header.
- Created string
The DateTime the Resource was added to the Service Provider
- Last
Modified string The most recent DateTime that the details of this Resource were updated at the Service Provider. If this Resource has never been modified since its initial creation, the value MUST be the same as the value of created. The attribute MUST be a DateTime.
- Location string
The URI of the Resource being returned. This value MUST be the same as the Location HTTP response header.
- Resource
Type string Name of the resource type of the resource--for example, Users or Groups
- Version string
The version of the Resource being returned. This value must be the same as the ETag HTTP response header.
- created String
The DateTime the Resource was added to the Service Provider
- last
Modified String The most recent DateTime that the details of this Resource were updated at the Service Provider. If this Resource has never been modified since its initial creation, the value MUST be the same as the value of created. The attribute MUST be a DateTime.
- location String
The URI of the Resource being returned. This value MUST be the same as the Location HTTP response header.
- resource
Type String Name of the resource type of the resource--for example, Users or Groups
- version String
The version of the Resource being returned. This value must be the same as the ETag HTTP response header.
- created string
The DateTime the Resource was added to the Service Provider
- last
Modified string The most recent DateTime that the details of this Resource were updated at the Service Provider. If this Resource has never been modified since its initial creation, the value MUST be the same as the value of created. The attribute MUST be a DateTime.
- location string
The URI of the Resource being returned. This value MUST be the same as the Location HTTP response header.
- resource
Type string Name of the resource type of the resource--for example, Users or Groups
- version string
The version of the Resource being returned. This value must be the same as the ETag HTTP response header.
- created str
The DateTime the Resource was added to the Service Provider
- last_
modified str The most recent DateTime that the details of this Resource were updated at the Service Provider. If this Resource has never been modified since its initial creation, the value MUST be the same as the value of created. The attribute MUST be a DateTime.
- location str
The URI of the Resource being returned. This value MUST be the same as the Location HTTP response header.
- resource_
type str Name of the resource type of the resource--for example, Users or Groups
- version str
The version of the Resource being returned. This value must be the same as the ETag HTTP response header.
- created String
The DateTime the Resource was added to the Service Provider
- last
Modified String The most recent DateTime that the details of this Resource were updated at the Service Provider. If this Resource has never been modified since its initial creation, the value MUST be the same as the value of created. The attribute MUST be a DateTime.
- location String
The URI of the Resource being returned. This value MUST be the same as the Location HTTP response header.
- resource
Type String Name of the resource type of the resource--for example, Users or Groups
- version String
The version of the Resource being returned. This value must be the same as the ETag HTTP response header.
GetDomainsIdentityProviderTag
GetDomainsIdentityProviderUrnietfparamsscimschemasoracleidcsextensionsocialIdentityProvider
- Access
Token stringUrl Social IDP Access token URL
- Account
Linking boolEnabled Whether account linking is enabled
- Admin
Scopes List<string> Admin scope to request
- Authz
Url string Social IDP Authorization URL
- Client
Credential boolIn Payload Whether the client credential is contained in payload
- Clock
Skew intIn Seconds Social IDP allowed clock skew time
- Consumer
Key string Social IDP Client Application Client ID
- Consumer
Secret string Social IDP Client Application Client Secret
- Discovery
Url string Discovery URL
- Id
Attribute string Id attribute used for account linking
- Profile
Url string Social IDP User profile URL
- Redirect
Url string redirect URL for social idp
- Registration
Enabled bool Whether registration is enabled
- Scopes List<string>
Scope to request
- Service
Provider stringName Service Provider Name
- Status string
Status
- Access
Token stringUrl Social IDP Access token URL
- Account
Linking boolEnabled Whether account linking is enabled
- Admin
Scopes []string Admin scope to request
- Authz
Url string Social IDP Authorization URL
- Client
Credential boolIn Payload Whether the client credential is contained in payload
- Clock
Skew intIn Seconds Social IDP allowed clock skew time
- Consumer
Key string Social IDP Client Application Client ID
- Consumer
Secret string Social IDP Client Application Client Secret
- Discovery
Url string Discovery URL
- Id
Attribute string Id attribute used for account linking
- Profile
Url string Social IDP User profile URL
- Redirect
Url string redirect URL for social idp
- Registration
Enabled bool Whether registration is enabled
- Scopes []string
Scope to request
- Service
Provider stringName Service Provider Name
- Status string
Status
- access
Token StringUrl Social IDP Access token URL
- account
Linking BooleanEnabled Whether account linking is enabled
- admin
Scopes List<String> Admin scope to request
- authz
Url String Social IDP Authorization URL
- client
Credential BooleanIn Payload Whether the client credential is contained in payload
- clock
Skew IntegerIn Seconds Social IDP allowed clock skew time
- consumer
Key String Social IDP Client Application Client ID
- consumer
Secret String Social IDP Client Application Client Secret
- discovery
Url String Discovery URL
- id
Attribute String Id attribute used for account linking
- profile
Url String Social IDP User profile URL
- redirect
Url String redirect URL for social idp
- registration
Enabled Boolean Whether registration is enabled
- scopes List<String>
Scope to request
- service
Provider StringName Service Provider Name
- status String
Status
- access
Token stringUrl Social IDP Access token URL
- account
Linking booleanEnabled Whether account linking is enabled
- admin
Scopes string[] Admin scope to request
- authz
Url string Social IDP Authorization URL
- client
Credential booleanIn Payload Whether the client credential is contained in payload
- clock
Skew numberIn Seconds Social IDP allowed clock skew time
- consumer
Key string Social IDP Client Application Client ID
- consumer
Secret string Social IDP Client Application Client Secret
- discovery
Url string Discovery URL
- id
Attribute string Id attribute used for account linking
- profile
Url string Social IDP User profile URL
- redirect
Url string redirect URL for social idp
- registration
Enabled boolean Whether registration is enabled
- scopes string[]
Scope to request
- service
Provider stringName Service Provider Name
- status string
Status
- access_
token_ strurl Social IDP Access token URL
- account_
linking_ boolenabled Whether account linking is enabled
- admin_
scopes Sequence[str] Admin scope to request
- authz_
url str Social IDP Authorization URL
- client_
credential_ boolin_ payload Whether the client credential is contained in payload
- clock_
skew_ intin_ seconds Social IDP allowed clock skew time
- consumer_
key str Social IDP Client Application Client ID
- consumer_
secret str Social IDP Client Application Client Secret
- discovery_
url str Discovery URL
- id_
attribute str Id attribute used for account linking
- profile_
url str Social IDP User profile URL
- redirect_
url str redirect URL for social idp
- registration_
enabled bool Whether registration is enabled
- scopes Sequence[str]
Scope to request
- service_
provider_ strname Service Provider Name
- status str
Status
- access
Token StringUrl Social IDP Access token URL
- account
Linking BooleanEnabled Whether account linking is enabled
- admin
Scopes List<String> Admin scope to request
- authz
Url String Social IDP Authorization URL
- client
Credential BooleanIn Payload Whether the client credential is contained in payload
- clock
Skew NumberIn Seconds Social IDP allowed clock skew time
- consumer
Key String Social IDP Client Application Client ID
- consumer
Secret String Social IDP Client Application Client Secret
- discovery
Url String Discovery URL
- id
Attribute String Id attribute used for account linking
- profile
Url String Social IDP User profile URL
- redirect
Url String redirect URL for social idp
- registration
Enabled Boolean Whether registration is enabled
- scopes List<String>
Scope to request
- service
Provider StringName Service Provider Name
- status String
Status
GetDomainsIdentityProviderUrnietfparamsscimschemasoracleidcsextensionx509identityProvider
- Cert
Match stringAttribute X509 Certificate Matching Attribute
- Crl
Check boolOn Ocsp Failure Enabled Fallback on CRL Validation if OCSP fails.
- Crl
Enabled bool Set to true to enable CRL Validation
- Crl
Location string CRL Location URL
- Crl
Reload intDuration Fetch the CRL contents every X minutes
- Ocsp
Allow boolUnknown Response Status Allow access if OCSP response is UNKNOWN or OCSP Responder does not respond within the timeout duration
- Ocsp
Enable boolSigned Response Describes if the OCSP response is signed
- Ocsp
Enabled bool Set to true to enable OCSP Validation
- Ocsp
Responder stringUrl This property specifies OCSP Responder URL.
- Ocsp
Revalidate intTime Revalidate OCSP status for user after X hours
- Ocsp
Server stringName This property specifies the OCSP Server alias name
- Ocsp
Trust List<string>Cert Chains OCSP Trusted Certificate Chain
- Other
Cert stringMatch Attribute Check for specific conditions of other certificate attributes
- Signing
Certificate List<string>Chains Certificate alias list to create a chain for the incoming client certificate
- User
Match stringAttribute This property specifies the userstore attribute value that must match the incoming certificate attribute.
- Cert
Match stringAttribute X509 Certificate Matching Attribute
- Crl
Check boolOn Ocsp Failure Enabled Fallback on CRL Validation if OCSP fails.
- Crl
Enabled bool Set to true to enable CRL Validation
- Crl
Location string CRL Location URL
- Crl
Reload intDuration Fetch the CRL contents every X minutes
- Ocsp
Allow boolUnknown Response Status Allow access if OCSP response is UNKNOWN or OCSP Responder does not respond within the timeout duration
- Ocsp
Enable boolSigned Response Describes if the OCSP response is signed
- Ocsp
Enabled bool Set to true to enable OCSP Validation
- Ocsp
Responder stringUrl This property specifies OCSP Responder URL.
- Ocsp
Revalidate intTime Revalidate OCSP status for user after X hours
- Ocsp
Server stringName This property specifies the OCSP Server alias name
- Ocsp
Trust []stringCert Chains OCSP Trusted Certificate Chain
- Other
Cert stringMatch Attribute Check for specific conditions of other certificate attributes
- Signing
Certificate []stringChains Certificate alias list to create a chain for the incoming client certificate
- User
Match stringAttribute This property specifies the userstore attribute value that must match the incoming certificate attribute.
- cert
Match StringAttribute X509 Certificate Matching Attribute
- crl
Check BooleanOn Ocsp Failure Enabled Fallback on CRL Validation if OCSP fails.
- crl
Enabled Boolean Set to true to enable CRL Validation
- crl
Location String CRL Location URL
- crl
Reload IntegerDuration Fetch the CRL contents every X minutes
- ocsp
Allow BooleanUnknown Response Status Allow access if OCSP response is UNKNOWN or OCSP Responder does not respond within the timeout duration
- ocsp
Enable BooleanSigned Response Describes if the OCSP response is signed
- ocsp
Enabled Boolean Set to true to enable OCSP Validation
- ocsp
Responder StringUrl This property specifies OCSP Responder URL.
- ocsp
Revalidate IntegerTime Revalidate OCSP status for user after X hours
- ocsp
Server StringName This property specifies the OCSP Server alias name
- ocsp
Trust List<String>Cert Chains OCSP Trusted Certificate Chain
- other
Cert StringMatch Attribute Check for specific conditions of other certificate attributes
- signing
Certificate List<String>Chains Certificate alias list to create a chain for the incoming client certificate
- user
Match StringAttribute This property specifies the userstore attribute value that must match the incoming certificate attribute.
- cert
Match stringAttribute X509 Certificate Matching Attribute
- crl
Check booleanOn Ocsp Failure Enabled Fallback on CRL Validation if OCSP fails.
- crl
Enabled boolean Set to true to enable CRL Validation
- crl
Location string CRL Location URL
- crl
Reload numberDuration Fetch the CRL contents every X minutes
- ocsp
Allow booleanUnknown Response Status Allow access if OCSP response is UNKNOWN or OCSP Responder does not respond within the timeout duration
- ocsp
Enable booleanSigned Response Describes if the OCSP response is signed
- ocsp
Enabled boolean Set to true to enable OCSP Validation
- ocsp
Responder stringUrl This property specifies OCSP Responder URL.
- ocsp
Revalidate numberTime Revalidate OCSP status for user after X hours
- ocsp
Server stringName This property specifies the OCSP Server alias name
- ocsp
Trust string[]Cert Chains OCSP Trusted Certificate Chain
- other
Cert stringMatch Attribute Check for specific conditions of other certificate attributes
- signing
Certificate string[]Chains Certificate alias list to create a chain for the incoming client certificate
- user
Match stringAttribute This property specifies the userstore attribute value that must match the incoming certificate attribute.
- cert_
match_ strattribute X509 Certificate Matching Attribute
- crl_
check_ boolon_ ocsp_ failure_ enabled Fallback on CRL Validation if OCSP fails.
- crl_
enabled bool Set to true to enable CRL Validation
- crl_
location str CRL Location URL
- crl_
reload_ intduration Fetch the CRL contents every X minutes
- ocsp_
allow_ boolunknown_ response_ status Allow access if OCSP response is UNKNOWN or OCSP Responder does not respond within the timeout duration
- ocsp_
enable_ boolsigned_ response Describes if the OCSP response is signed
- ocsp_
enabled bool Set to true to enable OCSP Validation
- ocsp_
responder_ strurl This property specifies OCSP Responder URL.
- ocsp_
revalidate_ inttime Revalidate OCSP status for user after X hours
- ocsp_
server_ strname This property specifies the OCSP Server alias name
- ocsp_
trust_ Sequence[str]cert_ chains OCSP Trusted Certificate Chain
- other_
cert_ strmatch_ attribute Check for specific conditions of other certificate attributes
- signing_
certificate_ Sequence[str]chains Certificate alias list to create a chain for the incoming client certificate
- user_
match_ strattribute This property specifies the userstore attribute value that must match the incoming certificate attribute.
- cert
Match StringAttribute X509 Certificate Matching Attribute
- crl
Check BooleanOn Ocsp Failure Enabled Fallback on CRL Validation if OCSP fails.
- crl
Enabled Boolean Set to true to enable CRL Validation
- crl
Location String CRL Location URL
- crl
Reload NumberDuration Fetch the CRL contents every X minutes
- ocsp
Allow BooleanUnknown Response Status Allow access if OCSP response is UNKNOWN or OCSP Responder does not respond within the timeout duration
- ocsp
Enable BooleanSigned Response Describes if the OCSP response is signed
- ocsp
Enabled Boolean Set to true to enable OCSP Validation
- ocsp
Responder StringUrl This property specifies OCSP Responder URL.
- ocsp
Revalidate NumberTime Revalidate OCSP status for user after X hours
- ocsp
Server StringName This property specifies the OCSP Server alias name
- ocsp
Trust List<String>Cert Chains OCSP Trusted Certificate Chain
- other
Cert StringMatch Attribute Check for specific conditions of other certificate attributes
- signing
Certificate List<String>Chains Certificate alias list to create a chain for the incoming client certificate
- user
Match StringAttribute This property specifies the userstore attribute value that must match the incoming certificate attribute.
Package Details
- Repository
- oci pulumi/pulumi-oci
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
ociTerraform Provider.