Manages a federated claim for an Okta application.
Federated claims allow you to pass user information from Okta to your app integrations.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as okta from "@pulumi/okta";
const testApp = new okta.app.Saml("test_app", {
label: "example",
ssoUrl: "https://example.com",
recipient: "https://example.com",
destination: "https://example.com",
audience: "https://example.com/audience",
subjectNameIdTemplate: "${user.userName}",
subjectNameIdFormat: "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
responseSigned: true,
signatureAlgorithm: "RSA_SHA256",
digestAlgorithm: "SHA256",
});
const example = new okta.app.FederatedClaim("example", {
appId: testApp.id,
name: "role_last_name",
expression: "user.profile.lastName",
});
import pulumi
import pulumi_okta as okta
test_app = okta.app.Saml("test_app",
label="example",
sso_url="https://example.com",
recipient="https://example.com",
destination="https://example.com",
audience="https://example.com/audience",
subject_name_id_template="${user.userName}",
subject_name_id_format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
response_signed=True,
signature_algorithm="RSA_SHA256",
digest_algorithm="SHA256")
example = okta.app.FederatedClaim("example",
app_id=test_app.id,
name="role_last_name",
expression="user.profile.lastName")
package main
import (
"github.com/pulumi/pulumi-okta/sdk/v6/go/okta/app"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
testApp, err := app.NewSaml(ctx, "test_app", &app.SamlArgs{
Label: pulumi.String("example"),
SsoUrl: pulumi.String("https://example.com"),
Recipient: pulumi.String("https://example.com"),
Destination: pulumi.String("https://example.com"),
Audience: pulumi.String("https://example.com/audience"),
SubjectNameIdTemplate: pulumi.String("${user.userName}"),
SubjectNameIdFormat: pulumi.String("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"),
ResponseSigned: pulumi.Bool(true),
SignatureAlgorithm: pulumi.String("RSA_SHA256"),
DigestAlgorithm: pulumi.String("SHA256"),
})
if err != nil {
return err
}
_, err = app.NewFederatedClaim(ctx, "example", &app.FederatedClaimArgs{
AppId: testApp.ID(),
Name: pulumi.String("role_last_name"),
Expression: pulumi.String("user.profile.lastName"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Okta = Pulumi.Okta;
return await Deployment.RunAsync(() =>
{
var testApp = new Okta.App.Saml("test_app", new()
{
Label = "example",
SsoUrl = "https://example.com",
Recipient = "https://example.com",
Destination = "https://example.com",
Audience = "https://example.com/audience",
SubjectNameIdTemplate = "${user.userName}",
SubjectNameIdFormat = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
ResponseSigned = true,
SignatureAlgorithm = "RSA_SHA256",
DigestAlgorithm = "SHA256",
});
var example = new Okta.App.FederatedClaim("example", new()
{
AppId = testApp.Id,
Name = "role_last_name",
Expression = "user.profile.lastName",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.okta.app.Saml;
import com.pulumi.okta.app.SamlArgs;
import com.pulumi.okta.app.FederatedClaim;
import com.pulumi.okta.app.FederatedClaimArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var testApp = new Saml("testApp", SamlArgs.builder()
.label("example")
.ssoUrl("https://example.com")
.recipient("https://example.com")
.destination("https://example.com")
.audience("https://example.com/audience")
.subjectNameIdTemplate("${user.userName}")
.subjectNameIdFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress")
.responseSigned(true)
.signatureAlgorithm("RSA_SHA256")
.digestAlgorithm("SHA256")
.build());
var example = new FederatedClaim("example", FederatedClaimArgs.builder()
.appId(testApp.id())
.name("role_last_name")
.expression("user.profile.lastName")
.build());
}
}
resources:
testApp:
type: okta:app:Saml
name: test_app
properties:
label: example
ssoUrl: https://example.com
recipient: https://example.com
destination: https://example.com
audience: https://example.com/audience
subjectNameIdTemplate: $${user.userName}
subjectNameIdFormat: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
responseSigned: true
signatureAlgorithm: RSA_SHA256
digestAlgorithm: SHA256
example:
type: okta:app:FederatedClaim
properties:
appId: ${testApp.id}
name: role_last_name
expression: user.profile.lastName
Multiple Claims Example
import * as pulumi from "@pulumi/pulumi";
import * as okta from "@pulumi/okta";
const testApp = new okta.app.Saml("test_app", {
label: "example",
ssoUrl: "https://example.com",
recipient: "https://example.com",
destination: "https://example.com",
audience: "https://example.com/audience",
subjectNameIdTemplate: "${user.userName}",
subjectNameIdFormat: "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
responseSigned: true,
signatureAlgorithm: "RSA_SHA256",
digestAlgorithm: "SHA256",
});
const lastName = new okta.app.FederatedClaim("last_name", {
appId: testApp.id,
name: "lastName",
expression: "user.profile.lastName",
});
const firstName = new okta.app.FederatedClaim("first_name", {
appId: testApp.id,
name: "firstName",
expression: "user.profile.firstName",
});
const department = new okta.app.FederatedClaim("department", {
appId: testApp.id,
name: "department",
expression: "user.profile.department",
});
import pulumi
import pulumi_okta as okta
test_app = okta.app.Saml("test_app",
label="example",
sso_url="https://example.com",
recipient="https://example.com",
destination="https://example.com",
audience="https://example.com/audience",
subject_name_id_template="${user.userName}",
subject_name_id_format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
response_signed=True,
signature_algorithm="RSA_SHA256",
digest_algorithm="SHA256")
last_name = okta.app.FederatedClaim("last_name",
app_id=test_app.id,
name="lastName",
expression="user.profile.lastName")
first_name = okta.app.FederatedClaim("first_name",
app_id=test_app.id,
name="firstName",
expression="user.profile.firstName")
department = okta.app.FederatedClaim("department",
app_id=test_app.id,
name="department",
expression="user.profile.department")
package main
import (
"github.com/pulumi/pulumi-okta/sdk/v6/go/okta/app"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
testApp, err := app.NewSaml(ctx, "test_app", &app.SamlArgs{
Label: pulumi.String("example"),
SsoUrl: pulumi.String("https://example.com"),
Recipient: pulumi.String("https://example.com"),
Destination: pulumi.String("https://example.com"),
Audience: pulumi.String("https://example.com/audience"),
SubjectNameIdTemplate: pulumi.String("${user.userName}"),
SubjectNameIdFormat: pulumi.String("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"),
ResponseSigned: pulumi.Bool(true),
SignatureAlgorithm: pulumi.String("RSA_SHA256"),
DigestAlgorithm: pulumi.String("SHA256"),
})
if err != nil {
return err
}
_, err = app.NewFederatedClaim(ctx, "last_name", &app.FederatedClaimArgs{
AppId: testApp.ID(),
Name: pulumi.String("lastName"),
Expression: pulumi.String("user.profile.lastName"),
})
if err != nil {
return err
}
_, err = app.NewFederatedClaim(ctx, "first_name", &app.FederatedClaimArgs{
AppId: testApp.ID(),
Name: pulumi.String("firstName"),
Expression: pulumi.String("user.profile.firstName"),
})
if err != nil {
return err
}
_, err = app.NewFederatedClaim(ctx, "department", &app.FederatedClaimArgs{
AppId: testApp.ID(),
Name: pulumi.String("department"),
Expression: pulumi.String("user.profile.department"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Okta = Pulumi.Okta;
return await Deployment.RunAsync(() =>
{
var testApp = new Okta.App.Saml("test_app", new()
{
Label = "example",
SsoUrl = "https://example.com",
Recipient = "https://example.com",
Destination = "https://example.com",
Audience = "https://example.com/audience",
SubjectNameIdTemplate = "${user.userName}",
SubjectNameIdFormat = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
ResponseSigned = true,
SignatureAlgorithm = "RSA_SHA256",
DigestAlgorithm = "SHA256",
});
var lastName = new Okta.App.FederatedClaim("last_name", new()
{
AppId = testApp.Id,
Name = "lastName",
Expression = "user.profile.lastName",
});
var firstName = new Okta.App.FederatedClaim("first_name", new()
{
AppId = testApp.Id,
Name = "firstName",
Expression = "user.profile.firstName",
});
var department = new Okta.App.FederatedClaim("department", new()
{
AppId = testApp.Id,
Name = "department",
Expression = "user.profile.department",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.okta.app.Saml;
import com.pulumi.okta.app.SamlArgs;
import com.pulumi.okta.app.FederatedClaim;
import com.pulumi.okta.app.FederatedClaimArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var testApp = new Saml("testApp", SamlArgs.builder()
.label("example")
.ssoUrl("https://example.com")
.recipient("https://example.com")
.destination("https://example.com")
.audience("https://example.com/audience")
.subjectNameIdTemplate("${user.userName}")
.subjectNameIdFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress")
.responseSigned(true)
.signatureAlgorithm("RSA_SHA256")
.digestAlgorithm("SHA256")
.build());
var lastName = new FederatedClaim("lastName", FederatedClaimArgs.builder()
.appId(testApp.id())
.name("lastName")
.expression("user.profile.lastName")
.build());
var firstName = new FederatedClaim("firstName", FederatedClaimArgs.builder()
.appId(testApp.id())
.name("firstName")
.expression("user.profile.firstName")
.build());
var department = new FederatedClaim("department", FederatedClaimArgs.builder()
.appId(testApp.id())
.name("department")
.expression("user.profile.department")
.build());
}
}
resources:
testApp:
type: okta:app:Saml
name: test_app
properties:
label: example
ssoUrl: https://example.com
recipient: https://example.com
destination: https://example.com
audience: https://example.com/audience
subjectNameIdTemplate: $${user.userName}
subjectNameIdFormat: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
responseSigned: true
signatureAlgorithm: RSA_SHA256
digestAlgorithm: SHA256
lastName:
type: okta:app:FederatedClaim
name: last_name
properties:
appId: ${testApp.id}
name: lastName
expression: user.profile.lastName
firstName:
type: okta:app:FederatedClaim
name: first_name
properties:
appId: ${testApp.id}
name: firstName
expression: user.profile.firstName
department:
type: okta:app:FederatedClaim
properties:
appId: ${testApp.id}
name: department
expression: user.profile.department
Create FederatedClaim Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new FederatedClaim(name: string, args: FederatedClaimArgs, opts?: CustomResourceOptions);@overload
def FederatedClaim(resource_name: str,
args: FederatedClaimArgs,
opts: Optional[ResourceOptions] = None)
@overload
def FederatedClaim(resource_name: str,
opts: Optional[ResourceOptions] = None,
app_id: Optional[str] = None,
expression: Optional[str] = None,
name: Optional[str] = None)func NewFederatedClaim(ctx *Context, name string, args FederatedClaimArgs, opts ...ResourceOption) (*FederatedClaim, error)public FederatedClaim(string name, FederatedClaimArgs args, CustomResourceOptions? opts = null)
public FederatedClaim(String name, FederatedClaimArgs args)
public FederatedClaim(String name, FederatedClaimArgs args, CustomResourceOptions options)
type: okta:app:FederatedClaim
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args FederatedClaimArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args FederatedClaimArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args FederatedClaimArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args FederatedClaimArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args FederatedClaimArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var federatedClaimResource = new Okta.App.FederatedClaim("federatedClaimResource", new()
{
AppId = "string",
Expression = "string",
Name = "string",
});
example, err := app.NewFederatedClaim(ctx, "federatedClaimResource", &app.FederatedClaimArgs{
AppId: pulumi.String("string"),
Expression: pulumi.String("string"),
Name: pulumi.String("string"),
})
var federatedClaimResource = new FederatedClaim("federatedClaimResource", FederatedClaimArgs.builder()
.appId("string")
.expression("string")
.name("string")
.build());
federated_claim_resource = okta.app.FederatedClaim("federatedClaimResource",
app_id="string",
expression="string",
name="string")
const federatedClaimResource = new okta.app.FederatedClaim("federatedClaimResource", {
appId: "string",
expression: "string",
name: "string",
});
type: okta:app:FederatedClaim
properties:
appId: string
expression: string
name: string
FederatedClaim Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The FederatedClaim resource accepts the following input properties:
- App
Id string - The ID of the application to add the federated claim to.
- Expression string
- The Okta Expression Language expression to be evaluated at runtime. See Okta Expression Language for more information.
- Name string
- The name of the claim to be used in the produced token.
- App
Id string - The ID of the application to add the federated claim to.
- Expression string
- The Okta Expression Language expression to be evaluated at runtime. See Okta Expression Language for more information.
- Name string
- The name of the claim to be used in the produced token.
- app
Id String - The ID of the application to add the federated claim to.
- expression String
- The Okta Expression Language expression to be evaluated at runtime. See Okta Expression Language for more information.
- name String
- The name of the claim to be used in the produced token.
- app
Id string - The ID of the application to add the federated claim to.
- expression string
- The Okta Expression Language expression to be evaluated at runtime. See Okta Expression Language for more information.
- name string
- The name of the claim to be used in the produced token.
- app_
id str - The ID of the application to add the federated claim to.
- expression str
- The Okta Expression Language expression to be evaluated at runtime. See Okta Expression Language for more information.
- name str
- The name of the claim to be used in the produced token.
- app
Id String - The ID of the application to add the federated claim to.
- expression String
- The Okta Expression Language expression to be evaluated at runtime. See Okta Expression Language for more information.
- name String
- The name of the claim to be used in the produced token.
Outputs
All input properties are implicitly available as output properties. Additionally, the FederatedClaim resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing FederatedClaim Resource
Get an existing FederatedClaim resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: FederatedClaimState, opts?: CustomResourceOptions): FederatedClaim@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
app_id: Optional[str] = None,
expression: Optional[str] = None,
name: Optional[str] = None) -> FederatedClaimfunc GetFederatedClaim(ctx *Context, name string, id IDInput, state *FederatedClaimState, opts ...ResourceOption) (*FederatedClaim, error)public static FederatedClaim Get(string name, Input<string> id, FederatedClaimState? state, CustomResourceOptions? opts = null)public static FederatedClaim get(String name, Output<String> id, FederatedClaimState state, CustomResourceOptions options)resources: _: type: okta:app:FederatedClaim get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- App
Id string - The ID of the application to add the federated claim to.
- Expression string
- The Okta Expression Language expression to be evaluated at runtime. See Okta Expression Language for more information.
- Name string
- The name of the claim to be used in the produced token.
- App
Id string - The ID of the application to add the federated claim to.
- Expression string
- The Okta Expression Language expression to be evaluated at runtime. See Okta Expression Language for more information.
- Name string
- The name of the claim to be used in the produced token.
- app
Id String - The ID of the application to add the federated claim to.
- expression String
- The Okta Expression Language expression to be evaluated at runtime. See Okta Expression Language for more information.
- name String
- The name of the claim to be used in the produced token.
- app
Id string - The ID of the application to add the federated claim to.
- expression string
- The Okta Expression Language expression to be evaluated at runtime. See Okta Expression Language for more information.
- name string
- The name of the claim to be used in the produced token.
- app_
id str - The ID of the application to add the federated claim to.
- expression str
- The Okta Expression Language expression to be evaluated at runtime. See Okta Expression Language for more information.
- name str
- The name of the claim to be used in the produced token.
- app
Id String - The ID of the application to add the federated claim to.
- expression String
- The Okta Expression Language expression to be evaluated at runtime. See Okta Expression Language for more information.
- name String
- The name of the claim to be used in the produced token.
Import
An app federated claim can be imported using the format app_id/id:
$ pulumi import okta:app/federatedClaim:FederatedClaim example <app_id>/<id>
Example:
$ pulumi import okta:app/federatedClaim:FederatedClaim example 0oa1234567890abcdef/clm1234567890abcdef
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Okta pulumi/pulumi-okta
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
oktaTerraform Provider.
