Viewing docs for Okta v6.4.0
published on Saturday, Mar 28, 2026 by Pulumi
published on Saturday, Mar 28, 2026 by Pulumi
Viewing docs for Okta v6.4.0
published on Saturday, Mar 28, 2026 by Pulumi
published on Saturday, Mar 28, 2026 by Pulumi
Get a federated claim for an Okta application.
Use this data source to retrieve information about a federated claim that has been configured for an application. Federated claims add custom claims to tokens produced for an application using Okta Expression Language.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as okta from "@pulumi/okta";
const example = okta.app.getFederatedClaim({
appId: "0oa1234567890abcdef",
id: "ofcu234567890abcdef",
});
export const claimExpression = example.then(example => example.expression);
import pulumi
import pulumi_okta as okta
example = okta.app.get_federated_claim(app_id="0oa1234567890abcdef",
id="ofcu234567890abcdef")
pulumi.export("claimExpression", example.expression)
package main
import (
"github.com/pulumi/pulumi-okta/sdk/v6/go/okta/app"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := app.LookupFederatedClaim(ctx, &app.LookupFederatedClaimArgs{
AppId: "0oa1234567890abcdef",
Id: "ofcu234567890abcdef",
}, nil)
if err != nil {
return err
}
ctx.Export("claimExpression", example.Expression)
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Okta = Pulumi.Okta;
return await Deployment.RunAsync(() =>
{
var example = Okta.App.GetFederatedClaim.Invoke(new()
{
AppId = "0oa1234567890abcdef",
Id = "ofcu234567890abcdef",
});
return new Dictionary<string, object?>
{
["claimExpression"] = example.Apply(getFederatedClaimResult => getFederatedClaimResult.Expression),
};
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.okta.app.AppFunctions;
import com.pulumi.okta.app.inputs.GetFederatedClaimArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var example = AppFunctions.getFederatedClaim(GetFederatedClaimArgs.builder()
.appId("0oa1234567890abcdef")
.id("ofcu234567890abcdef")
.build());
ctx.export("claimExpression", example.expression());
}
}
variables:
example:
fn::invoke:
function: okta:app:getFederatedClaim
arguments:
appId: 0oa1234567890abcdef
id: ofcu234567890abcdef
outputs:
claimExpression: ${example.expression}
Using with a Resource
import * as pulumi from "@pulumi/pulumi";
import * as okta from "@pulumi/okta";
const testApp = new okta.app.Saml("test_app", {
label: "example",
ssoUrl: "https://example.com",
recipient: "https://example.com",
destination: "https://example.com",
audience: "https://example.com/audience",
subjectNameIdTemplate: "${user.userName}",
subjectNameIdFormat: "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
responseSigned: true,
signatureAlgorithm: "RSA_SHA256",
digestAlgorithm: "SHA256",
});
const exampleFederatedClaim = new okta.app.FederatedClaim("example", {
appId: testApp.id,
name: "role_last_name",
expression: "user.profile.lastName",
});
const example = okta.app.getFederatedClaimOutput({
appId: testApp.id,
id: exampleFederatedClaim.id,
});
export const claimName = example.apply(example => example.name);
export const claimExpression = example.apply(example => example.expression);
import pulumi
import pulumi_okta as okta
test_app = okta.app.Saml("test_app",
label="example",
sso_url="https://example.com",
recipient="https://example.com",
destination="https://example.com",
audience="https://example.com/audience",
subject_name_id_template="${user.userName}",
subject_name_id_format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
response_signed=True,
signature_algorithm="RSA_SHA256",
digest_algorithm="SHA256")
example_federated_claim = okta.app.FederatedClaim("example",
app_id=test_app.id,
name="role_last_name",
expression="user.profile.lastName")
example = okta.app.get_federated_claim_output(app_id=test_app.id,
id=example_federated_claim.id)
pulumi.export("claimName", example.name)
pulumi.export("claimExpression", example.expression)
package main
import (
"github.com/pulumi/pulumi-okta/sdk/v6/go/okta/app"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
testApp, err := app.NewSaml(ctx, "test_app", &app.SamlArgs{
Label: pulumi.String("example"),
SsoUrl: pulumi.String("https://example.com"),
Recipient: pulumi.String("https://example.com"),
Destination: pulumi.String("https://example.com"),
Audience: pulumi.String("https://example.com/audience"),
SubjectNameIdTemplate: pulumi.String("${user.userName}"),
SubjectNameIdFormat: pulumi.String("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"),
ResponseSigned: pulumi.Bool(true),
SignatureAlgorithm: pulumi.String("RSA_SHA256"),
DigestAlgorithm: pulumi.String("SHA256"),
})
if err != nil {
return err
}
exampleFederatedClaim, err := app.NewFederatedClaim(ctx, "example", &app.FederatedClaimArgs{
AppId: testApp.ID(),
Name: pulumi.String("role_last_name"),
Expression: pulumi.String("user.profile.lastName"),
})
if err != nil {
return err
}
example := app.LookupFederatedClaimOutput(ctx, app.GetFederatedClaimOutputArgs{
AppId: testApp.ID(),
Id: exampleFederatedClaim.ID(),
}, nil)
ctx.Export("claimName", example.ApplyT(func(example app.GetFederatedClaimResult) (*string, error) {
return &example.Name, nil
}).(pulumi.StringPtrOutput))
ctx.Export("claimExpression", example.ApplyT(func(example app.GetFederatedClaimResult) (*string, error) {
return &example.Expression, nil
}).(pulumi.StringPtrOutput))
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Okta = Pulumi.Okta;
return await Deployment.RunAsync(() =>
{
var testApp = new Okta.App.Saml("test_app", new()
{
Label = "example",
SsoUrl = "https://example.com",
Recipient = "https://example.com",
Destination = "https://example.com",
Audience = "https://example.com/audience",
SubjectNameIdTemplate = "${user.userName}",
SubjectNameIdFormat = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
ResponseSigned = true,
SignatureAlgorithm = "RSA_SHA256",
DigestAlgorithm = "SHA256",
});
var exampleFederatedClaim = new Okta.App.FederatedClaim("example", new()
{
AppId = testApp.Id,
Name = "role_last_name",
Expression = "user.profile.lastName",
});
var example = Okta.App.GetFederatedClaim.Invoke(new()
{
AppId = testApp.Id,
Id = exampleFederatedClaim.Id,
});
return new Dictionary<string, object?>
{
["claimName"] = example.Apply(getFederatedClaimResult => getFederatedClaimResult.Name),
["claimExpression"] = example.Apply(getFederatedClaimResult => getFederatedClaimResult.Expression),
};
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.okta.app.Saml;
import com.pulumi.okta.app.SamlArgs;
import com.pulumi.okta.app.FederatedClaim;
import com.pulumi.okta.app.FederatedClaimArgs;
import com.pulumi.okta.app.AppFunctions;
import com.pulumi.okta.app.inputs.GetFederatedClaimArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var testApp = new Saml("testApp", SamlArgs.builder()
.label("example")
.ssoUrl("https://example.com")
.recipient("https://example.com")
.destination("https://example.com")
.audience("https://example.com/audience")
.subjectNameIdTemplate("${user.userName}")
.subjectNameIdFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress")
.responseSigned(true)
.signatureAlgorithm("RSA_SHA256")
.digestAlgorithm("SHA256")
.build());
var exampleFederatedClaim = new FederatedClaim("exampleFederatedClaim", FederatedClaimArgs.builder()
.appId(testApp.id())
.name("role_last_name")
.expression("user.profile.lastName")
.build());
final var example = AppFunctions.getFederatedClaim(GetFederatedClaimArgs.builder()
.appId(testApp.id())
.id(exampleFederatedClaim.id())
.build());
ctx.export("claimName", example.applyValue(_example -> _example.name()));
ctx.export("claimExpression", example.applyValue(_example -> _example.expression()));
}
}
resources:
testApp:
type: okta:app:Saml
name: test_app
properties:
label: example
ssoUrl: https://example.com
recipient: https://example.com
destination: https://example.com
audience: https://example.com/audience
subjectNameIdTemplate: $${user.userName}
subjectNameIdFormat: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
responseSigned: true
signatureAlgorithm: RSA_SHA256
digestAlgorithm: SHA256
exampleFederatedClaim:
type: okta:app:FederatedClaim
name: example
properties:
appId: ${testApp.id}
name: role_last_name
expression: user.profile.lastName
variables:
example:
fn::invoke:
function: okta:app:getFederatedClaim
arguments:
appId: ${testApp.id}
id: ${exampleFederatedClaim.id}
outputs:
claimName: ${example.name}
claimExpression: ${example.expression}
Using getFederatedClaim
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getFederatedClaim(args: GetFederatedClaimArgs, opts?: InvokeOptions): Promise<GetFederatedClaimResult>
function getFederatedClaimOutput(args: GetFederatedClaimOutputArgs, opts?: InvokeOptions): Output<GetFederatedClaimResult>def get_federated_claim(app_id: Optional[str] = None,
id: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetFederatedClaimResult
def get_federated_claim_output(app_id: Optional[pulumi.Input[str]] = None,
id: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetFederatedClaimResult]func LookupFederatedClaim(ctx *Context, args *LookupFederatedClaimArgs, opts ...InvokeOption) (*LookupFederatedClaimResult, error)
func LookupFederatedClaimOutput(ctx *Context, args *LookupFederatedClaimOutputArgs, opts ...InvokeOption) LookupFederatedClaimResultOutput> Note: This function is named LookupFederatedClaim in the Go SDK.
public static class GetFederatedClaim
{
public static Task<GetFederatedClaimResult> InvokeAsync(GetFederatedClaimArgs args, InvokeOptions? opts = null)
public static Output<GetFederatedClaimResult> Invoke(GetFederatedClaimInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetFederatedClaimResult> getFederatedClaim(GetFederatedClaimArgs args, InvokeOptions options)
public static Output<GetFederatedClaimResult> getFederatedClaim(GetFederatedClaimArgs args, InvokeOptions options)
fn::invoke:
function: okta:app/getFederatedClaim:getFederatedClaim
arguments:
# arguments dictionaryThe following arguments are supported:
getFederatedClaim Result
The following output properties are available:
- App
Id string - The ID of the application that the federated claim belongs to.
- Expression string
- The Okta Expression Language expression to be evaluated at runtime.
- Id string
- The unique identifier for the federated claim.
- Name string
- The name of the claim to be used in the produced token.
- App
Id string - The ID of the application that the federated claim belongs to.
- Expression string
- The Okta Expression Language expression to be evaluated at runtime.
- Id string
- The unique identifier for the federated claim.
- Name string
- The name of the claim to be used in the produced token.
- app
Id String - The ID of the application that the federated claim belongs to.
- expression String
- The Okta Expression Language expression to be evaluated at runtime.
- id String
- The unique identifier for the federated claim.
- name String
- The name of the claim to be used in the produced token.
- app
Id string - The ID of the application that the federated claim belongs to.
- expression string
- The Okta Expression Language expression to be evaluated at runtime.
- id string
- The unique identifier for the federated claim.
- name string
- The name of the claim to be used in the produced token.
- app_
id str - The ID of the application that the federated claim belongs to.
- expression str
- The Okta Expression Language expression to be evaluated at runtime.
- id str
- The unique identifier for the federated claim.
- name str
- The name of the claim to be used in the produced token.
- app
Id String - The ID of the application that the federated claim belongs to.
- expression String
- The Okta Expression Language expression to be evaluated at runtime.
- id String
- The unique identifier for the federated claim.
- name String
- The name of the claim to be used in the produced token.
Package Details
- Repository
- Okta pulumi/pulumi-okta
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
oktaTerraform Provider.
Viewing docs for Okta v6.4.0
published on Saturday, Mar 28, 2026 by Pulumi
published on Saturday, Mar 28, 2026 by Pulumi
