getSaml

Okta v6.3.1, Mar 12 26

Viewing docs for Okta v6.3.1
published on Thursday, Mar 12, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-okta

Viewing docs for Okta v6.3.1
published on Thursday, Mar 12, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-okta

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as okta from "@pulumi/okta";

const example = okta.app.getSaml({
    label: "Example App",
});

import pulumi
import pulumi_okta as okta

example = okta.app.get_saml(label="Example App")

package main

import (
	"github.com/pulumi/pulumi-okta/sdk/v6/go/okta/app"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := app.LookupSaml(ctx, &app.LookupSamlArgs{
			Label: pulumi.StringRef("Example App"),
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Okta = Pulumi.Okta;

return await Deployment.RunAsync(() => 
{
    var example = Okta.App.GetSaml.Invoke(new()
    {
        Label = "Example App",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.okta.app.AppFunctions;
import com.pulumi.okta.app.inputs.GetSamlArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var example = AppFunctions.getSaml(GetSamlArgs.builder()
            .label("Example App")
            .build());

    }
}

variables:
  example:
    fn::invoke:
      function: okta:app:getSaml
      arguments:
        label: Example App

Using getSaml

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getSaml(args: GetSamlArgs, opts?: InvokeOptions): Promise<GetSamlResult>
function getSamlOutput(args: GetSamlOutputArgs, opts?: InvokeOptions): Output<GetSamlResult>

def get_saml(active_only: Optional[bool] = None,
             id: Optional[str] = None,
             label: Optional[str] = None,
             label_prefix: Optional[str] = None,
             request_compressed: Optional[bool] = None,
             skip_groups: Optional[bool] = None,
             skip_users: Optional[bool] = None,
             opts: Optional[InvokeOptions] = None) -> GetSamlResult
def get_saml_output(active_only: Optional[pulumi.Input[bool]] = None,
             id: Optional[pulumi.Input[str]] = None,
             label: Optional[pulumi.Input[str]] = None,
             label_prefix: Optional[pulumi.Input[str]] = None,
             request_compressed: Optional[pulumi.Input[bool]] = None,
             skip_groups: Optional[pulumi.Input[bool]] = None,
             skip_users: Optional[pulumi.Input[bool]] = None,
             opts: Optional[InvokeOptions] = None) -> Output[GetSamlResult]

func LookupSaml(ctx *Context, args *LookupSamlArgs, opts ...InvokeOption) (*LookupSamlResult, error)
func LookupSamlOutput(ctx *Context, args *LookupSamlOutputArgs, opts ...InvokeOption) LookupSamlResultOutput

> Note: This function is named LookupSaml in the Go SDK.

public static class GetSaml 
{
    public static Task<GetSamlResult> InvokeAsync(GetSamlArgs args, InvokeOptions? opts = null)
    public static Output<GetSamlResult> Invoke(GetSamlInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetSamlResult> getSaml(GetSamlArgs args, InvokeOptions options)
public static Output<GetSamlResult> getSaml(GetSamlArgs args, InvokeOptions options)

fn::invoke:
  function: okta:app/getSaml:getSaml
  arguments:
    # arguments dictionary

The following arguments are supported:

ActiveOnly bool: Search only ACTIVE applications.
Id string: Id of application to retrieve, conflicts with label and label_prefix.
Label string: The label of the app to retrieve, conflicts with label_prefix and id. Label uses the ?q=\n\n query parameter exposed by Okta's API. It should be noted that at this time this searches both name and label. This is used to avoid paginating through all applications.
LabelPrefix string: Label prefix of the app to retrieve, conflicts with label and id. This will tell the provider to do a starts with query as opposed to an equals query.
RequestCompressed bool: Denotes whether the request is compressed or not.
SkipGroups bool: Ignore groups sync. This is a temporary solution until 'groups' field is supported in all the app-like resources
Deprecated: Because groups has been removed, this attribute is a no op and will be removed
SkipUsers bool: Ignore users sync. This is a temporary solution until 'users' field is supported in all the app-like resources
Deprecated: Because users has been removed, this attribute is a no op and will be removed

ActiveOnly bool: Search only ACTIVE applications.
Id string: Id of application to retrieve, conflicts with label and label_prefix.
Label string: The label of the app to retrieve, conflicts with label_prefix and id. Label uses the ?q=\n\n query parameter exposed by Okta's API. It should be noted that at this time this searches both name and label. This is used to avoid paginating through all applications.
LabelPrefix string: Label prefix of the app to retrieve, conflicts with label and id. This will tell the provider to do a starts with query as opposed to an equals query.
RequestCompressed bool: Denotes whether the request is compressed or not.
SkipGroups bool: Ignore groups sync. This is a temporary solution until 'groups' field is supported in all the app-like resources
Deprecated: Because groups has been removed, this attribute is a no op and will be removed
SkipUsers bool: Ignore users sync. This is a temporary solution until 'users' field is supported in all the app-like resources
Deprecated: Because users has been removed, this attribute is a no op and will be removed

activeOnly Boolean: Search only ACTIVE applications.
id String: Id of application to retrieve, conflicts with label and label_prefix.
label String: The label of the app to retrieve, conflicts with label_prefix and id. Label uses the ?q=\n\n query parameter exposed by Okta's API. It should be noted that at this time this searches both name and label. This is used to avoid paginating through all applications.
labelPrefix String: Label prefix of the app to retrieve, conflicts with label and id. This will tell the provider to do a starts with query as opposed to an equals query.
requestCompressed Boolean: Denotes whether the request is compressed or not.
skipGroups Boolean: Ignore groups sync. This is a temporary solution until 'groups' field is supported in all the app-like resources
Deprecated: Because groups has been removed, this attribute is a no op and will be removed
skipUsers Boolean: Ignore users sync. This is a temporary solution until 'users' field is supported in all the app-like resources
Deprecated: Because users has been removed, this attribute is a no op and will be removed

activeOnly boolean: Search only ACTIVE applications.
id string: Id of application to retrieve, conflicts with label and label_prefix.
label string: The label of the app to retrieve, conflicts with label_prefix and id. Label uses the ?q=\n\n query parameter exposed by Okta's API. It should be noted that at this time this searches both name and label. This is used to avoid paginating through all applications.
labelPrefix string: Label prefix of the app to retrieve, conflicts with label and id. This will tell the provider to do a starts with query as opposed to an equals query.
requestCompressed boolean: Denotes whether the request is compressed or not.
skipGroups boolean: Ignore groups sync. This is a temporary solution until 'groups' field is supported in all the app-like resources
Deprecated: Because groups has been removed, this attribute is a no op and will be removed
skipUsers boolean: Ignore users sync. This is a temporary solution until 'users' field is supported in all the app-like resources
Deprecated: Because users has been removed, this attribute is a no op and will be removed

active_only bool: Search only ACTIVE applications.
id str: Id of application to retrieve, conflicts with label and label_prefix.
label str: The label of the app to retrieve, conflicts with label_prefix and id. Label uses the ?q=\n\n query parameter exposed by Okta's API. It should be noted that at this time this searches both name and label. This is used to avoid paginating through all applications.
label_prefix str: Label prefix of the app to retrieve, conflicts with label and id. This will tell the provider to do a starts with query as opposed to an equals query.
request_compressed bool: Denotes whether the request is compressed or not.
skip_groups bool: Ignore groups sync. This is a temporary solution until 'groups' field is supported in all the app-like resources
Deprecated: Because groups has been removed, this attribute is a no op and will be removed
skip_users bool: Ignore users sync. This is a temporary solution until 'users' field is supported in all the app-like resources
Deprecated: Because users has been removed, this attribute is a no op and will be removed

activeOnly Boolean: Search only ACTIVE applications.
id String: Id of application to retrieve, conflicts with label and label_prefix.
label String: The label of the app to retrieve, conflicts with label_prefix and id. Label uses the ?q=\n\n query parameter exposed by Okta's API. It should be noted that at this time this searches both name and label. This is used to avoid paginating through all applications.
labelPrefix String: Label prefix of the app to retrieve, conflicts with label and id. This will tell the provider to do a starts with query as opposed to an equals query.
requestCompressed Boolean: Denotes whether the request is compressed or not.
skipGroups Boolean: Ignore groups sync. This is a temporary solution until 'groups' field is supported in all the app-like resources
Deprecated: Because groups has been removed, this attribute is a no op and will be removed
skipUsers Boolean: Ignore users sync. This is a temporary solution until 'users' field is supported in all the app-like resources
Deprecated: Because users has been removed, this attribute is a no op and will be removed

getSaml Result

The following output properties are available:

AccessibilityErrorRedirectUrl string: Custom error page URL
AccessibilityLoginRedirectUrl string: Custom login page URL
AccessibilitySelfService bool: Enable self service
AcsEndpoints List<string>: List of ACS endpoints for this SAML application
AppSettingsJson string: Application settings in JSON format
AssertionSigned bool: Determines whether the SAML assertion is digitally signed
AttributeStatements List<GetSamlAttributeStatement>
Audience string: Audience Restriction
AuthnContextClassRef string: Identifies the SAML authentication context class for the assertion’s authentication statement
AutoSubmitToolbar bool: Display auto submit toolbar
DefaultRelayState string: Identifies a specific application resource in an IDP initiated SSO scenario.
Destination string: Identifies the location where the SAML response is intended to be sent inside of the SAML assertion
DigestAlgorithm string: Determines the digest algorithm used to digitally sign the SAML assertion and response
Features List<string>: features to enable
Groups List<string>: Groups associated with the application
Deprecated: The groups field is now deprecated for the data source okta.app.Saml, please replace all uses of this with: okta.AppGroupAssignments
HideIos bool: Do not display application icon on mobile app
HideWeb bool: Do not display application icon to users
HonorForceAuthn bool: Prompt user to re-authenticate if SP asks for it
IdpIssuer string: SAML issuer ID
InlineHookId string: Saml Inline Hook setting
KeyId string: Certificate ID
Links string: Discoverable resources related to the app
Name string: Name of application.
Recipient string: The location where the app may present the SAML assertion
ResponseSigned bool: Determines whether the SAML auth response message is digitally signed
SamlSignedRequestEnabled bool: SAML Signed Request enabled
SignatureAlgorithm string: Signature algorithm used to digitally sign the assertion and response
SingleLogoutCertificate string: x509 encoded certificate that the Service Provider uses to sign Single Logout requests
SingleLogoutIssuer string: The issuer of the Service Provider that generates the Single Logout request
SingleLogoutUrl string: The location where the logout response is sent
SpIssuer string: SAML SP issuer ID
SsoUrl string: Single Sign On URL
Status string: Status of application.
SubjectNameIdFormat string: Identifies the SAML processing rules.
SubjectNameIdTemplate string: Template for app user's username when a user is assigned to the app
UserNameTemplate string: Username template
UserNameTemplatePushStatus string: Push username on update
UserNameTemplateSuffix string: Username template suffix
UserNameTemplateType string: Username template type
Users List<string>: Users associated with the application
Deprecated: The users field is now deprecated for the data source okta.app.Saml, please replace all uses of this with: okta.getAppUserAssignments
ActiveOnly bool: Search only ACTIVE applications.
Id string: Id of application to retrieve, conflicts with label and label_prefix.
Label string: The label of the app to retrieve, conflicts with label_prefix and id. Label uses the ?q=\n\n query parameter exposed by Okta's API. It should be noted that at this time this searches both name and label. This is used to avoid paginating through all applications.
LabelPrefix string: Label prefix of the app to retrieve, conflicts with label and id. This will tell the provider to do a starts with query as opposed to an equals query.
RequestCompressed bool: Denotes whether the request is compressed or not.
SkipGroups bool: Ignore groups sync. This is a temporary solution until 'groups' field is supported in all the app-like resources
Deprecated: Because groups has been removed, this attribute is a no op and will be removed
SkipUsers bool: Ignore users sync. This is a temporary solution until 'users' field is supported in all the app-like resources
Deprecated: Because users has been removed, this attribute is a no op and will be removed

AccessibilityErrorRedirectUrl string: Custom error page URL
AccessibilityLoginRedirectUrl string: Custom login page URL
AccessibilitySelfService bool: Enable self service
AcsEndpoints []string: List of ACS endpoints for this SAML application
AppSettingsJson string: Application settings in JSON format
AssertionSigned bool: Determines whether the SAML assertion is digitally signed
AttributeStatements []GetSamlAttributeStatement
Audience string: Audience Restriction
AuthnContextClassRef string: Identifies the SAML authentication context class for the assertion’s authentication statement
AutoSubmitToolbar bool: Display auto submit toolbar
DefaultRelayState string: Identifies a specific application resource in an IDP initiated SSO scenario.
Destination string: Identifies the location where the SAML response is intended to be sent inside of the SAML assertion
DigestAlgorithm string: Determines the digest algorithm used to digitally sign the SAML assertion and response
Features []string: features to enable
Groups []string: Groups associated with the application
Deprecated: The groups field is now deprecated for the data source okta.app.Saml, please replace all uses of this with: okta.AppGroupAssignments
HideIos bool: Do not display application icon on mobile app
HideWeb bool: Do not display application icon to users
HonorForceAuthn bool: Prompt user to re-authenticate if SP asks for it
IdpIssuer string: SAML issuer ID
InlineHookId string: Saml Inline Hook setting
KeyId string: Certificate ID
Links string: Discoverable resources related to the app
Name string: Name of application.
Recipient string: The location where the app may present the SAML assertion
ResponseSigned bool: Determines whether the SAML auth response message is digitally signed
SamlSignedRequestEnabled bool: SAML Signed Request enabled
SignatureAlgorithm string: Signature algorithm used to digitally sign the assertion and response
SingleLogoutCertificate string: x509 encoded certificate that the Service Provider uses to sign Single Logout requests
SingleLogoutIssuer string: The issuer of the Service Provider that generates the Single Logout request
SingleLogoutUrl string: The location where the logout response is sent
SpIssuer string: SAML SP issuer ID
SsoUrl string: Single Sign On URL
Status string: Status of application.
SubjectNameIdFormat string: Identifies the SAML processing rules.
SubjectNameIdTemplate string: Template for app user's username when a user is assigned to the app
UserNameTemplate string: Username template
UserNameTemplatePushStatus string: Push username on update
UserNameTemplateSuffix string: Username template suffix
UserNameTemplateType string: Username template type
Users []string: Users associated with the application
Deprecated: The users field is now deprecated for the data source okta.app.Saml, please replace all uses of this with: okta.getAppUserAssignments
ActiveOnly bool: Search only ACTIVE applications.
Id string: Id of application to retrieve, conflicts with label and label_prefix.
Label string: The label of the app to retrieve, conflicts with label_prefix and id. Label uses the ?q=\n\n query parameter exposed by Okta's API. It should be noted that at this time this searches both name and label. This is used to avoid paginating through all applications.
LabelPrefix string: Label prefix of the app to retrieve, conflicts with label and id. This will tell the provider to do a starts with query as opposed to an equals query.
RequestCompressed bool: Denotes whether the request is compressed or not.
SkipGroups bool: Ignore groups sync. This is a temporary solution until 'groups' field is supported in all the app-like resources
Deprecated: Because groups has been removed, this attribute is a no op and will be removed
SkipUsers bool: Ignore users sync. This is a temporary solution until 'users' field is supported in all the app-like resources
Deprecated: Because users has been removed, this attribute is a no op and will be removed

accessibilityErrorRedirectUrl String: Custom error page URL
accessibilityLoginRedirectUrl String: Custom login page URL
accessibilitySelfService Boolean: Enable self service
acsEndpoints List<String>: List of ACS endpoints for this SAML application
appSettingsJson String: Application settings in JSON format
assertionSigned Boolean: Determines whether the SAML assertion is digitally signed
attributeStatements List<GetSamlAttributeStatement>
audience String: Audience Restriction
authnContextClassRef String: Identifies the SAML authentication context class for the assertion’s authentication statement
autoSubmitToolbar Boolean: Display auto submit toolbar
defaultRelayState String: Identifies a specific application resource in an IDP initiated SSO scenario.
destination String: Identifies the location where the SAML response is intended to be sent inside of the SAML assertion
digestAlgorithm String: Determines the digest algorithm used to digitally sign the SAML assertion and response
features List<String>: features to enable
groups List<String>: Groups associated with the application
Deprecated: The groups field is now deprecated for the data source okta.app.Saml, please replace all uses of this with: okta.AppGroupAssignments
hideIos Boolean: Do not display application icon on mobile app
hideWeb Boolean: Do not display application icon to users
honorForceAuthn Boolean: Prompt user to re-authenticate if SP asks for it
idpIssuer String: SAML issuer ID
inlineHookId String: Saml Inline Hook setting
keyId String: Certificate ID
links String: Discoverable resources related to the app
name String: Name of application.
recipient String: The location where the app may present the SAML assertion
responseSigned Boolean: Determines whether the SAML auth response message is digitally signed
samlSignedRequestEnabled Boolean: SAML Signed Request enabled
signatureAlgorithm String: Signature algorithm used to digitally sign the assertion and response
singleLogoutCertificate String: x509 encoded certificate that the Service Provider uses to sign Single Logout requests
singleLogoutIssuer String: The issuer of the Service Provider that generates the Single Logout request
singleLogoutUrl String: The location where the logout response is sent
spIssuer String: SAML SP issuer ID
ssoUrl String: Single Sign On URL
status String: Status of application.
subjectNameIdFormat String: Identifies the SAML processing rules.
subjectNameIdTemplate String: Template for app user's username when a user is assigned to the app
userNameTemplate String: Username template
userNameTemplatePushStatus String: Push username on update
userNameTemplateSuffix String: Username template suffix
userNameTemplateType String: Username template type
users List<String>: Users associated with the application
Deprecated: The users field is now deprecated for the data source okta.app.Saml, please replace all uses of this with: okta.getAppUserAssignments
activeOnly Boolean: Search only ACTIVE applications.
id String: Id of application to retrieve, conflicts with label and label_prefix.
label String: The label of the app to retrieve, conflicts with label_prefix and id. Label uses the ?q=\n\n query parameter exposed by Okta's API. It should be noted that at this time this searches both name and label. This is used to avoid paginating through all applications.
labelPrefix String: Label prefix of the app to retrieve, conflicts with label and id. This will tell the provider to do a starts with query as opposed to an equals query.
requestCompressed Boolean: Denotes whether the request is compressed or not.
skipGroups Boolean: Ignore groups sync. This is a temporary solution until 'groups' field is supported in all the app-like resources
Deprecated: Because groups has been removed, this attribute is a no op and will be removed
skipUsers Boolean: Ignore users sync. This is a temporary solution until 'users' field is supported in all the app-like resources
Deprecated: Because users has been removed, this attribute is a no op and will be removed

accessibilityErrorRedirectUrl string: Custom error page URL
accessibilityLoginRedirectUrl string: Custom login page URL
accessibilitySelfService boolean: Enable self service
acsEndpoints string[]: List of ACS endpoints for this SAML application
appSettingsJson string: Application settings in JSON format
assertionSigned boolean: Determines whether the SAML assertion is digitally signed
attributeStatements GetSamlAttributeStatement[]
audience string: Audience Restriction
authnContextClassRef string: Identifies the SAML authentication context class for the assertion’s authentication statement
autoSubmitToolbar boolean: Display auto submit toolbar
defaultRelayState string: Identifies a specific application resource in an IDP initiated SSO scenario.
destination string: Identifies the location where the SAML response is intended to be sent inside of the SAML assertion
digestAlgorithm string: Determines the digest algorithm used to digitally sign the SAML assertion and response
features string[]: features to enable
groups string[]: Groups associated with the application
Deprecated: The groups field is now deprecated for the data source okta.app.Saml, please replace all uses of this with: okta.AppGroupAssignments
hideIos boolean: Do not display application icon on mobile app
hideWeb boolean: Do not display application icon to users
honorForceAuthn boolean: Prompt user to re-authenticate if SP asks for it
idpIssuer string: SAML issuer ID
inlineHookId string: Saml Inline Hook setting
keyId string: Certificate ID
links string: Discoverable resources related to the app
name string: Name of application.
recipient string: The location where the app may present the SAML assertion
responseSigned boolean: Determines whether the SAML auth response message is digitally signed
samlSignedRequestEnabled boolean: SAML Signed Request enabled
signatureAlgorithm string: Signature algorithm used to digitally sign the assertion and response
singleLogoutCertificate string: x509 encoded certificate that the Service Provider uses to sign Single Logout requests
singleLogoutIssuer string: The issuer of the Service Provider that generates the Single Logout request
singleLogoutUrl string: The location where the logout response is sent
spIssuer string: SAML SP issuer ID
ssoUrl string: Single Sign On URL
status string: Status of application.
subjectNameIdFormat string: Identifies the SAML processing rules.
subjectNameIdTemplate string: Template for app user's username when a user is assigned to the app
userNameTemplate string: Username template
userNameTemplatePushStatus string: Push username on update
userNameTemplateSuffix string: Username template suffix
userNameTemplateType string: Username template type
users string[]: Users associated with the application
Deprecated: The users field is now deprecated for the data source okta.app.Saml, please replace all uses of this with: okta.getAppUserAssignments
activeOnly boolean: Search only ACTIVE applications.
id string: Id of application to retrieve, conflicts with label and label_prefix.
label string: The label of the app to retrieve, conflicts with label_prefix and id. Label uses the ?q=\n\n query parameter exposed by Okta's API. It should be noted that at this time this searches both name and label. This is used to avoid paginating through all applications.
labelPrefix string: Label prefix of the app to retrieve, conflicts with label and id. This will tell the provider to do a starts with query as opposed to an equals query.
requestCompressed boolean: Denotes whether the request is compressed or not.
skipGroups boolean: Ignore groups sync. This is a temporary solution until 'groups' field is supported in all the app-like resources
Deprecated: Because groups has been removed, this attribute is a no op and will be removed
skipUsers boolean: Ignore users sync. This is a temporary solution until 'users' field is supported in all the app-like resources
Deprecated: Because users has been removed, this attribute is a no op and will be removed

accessibility_error_redirect_url str: Custom error page URL
accessibility_login_redirect_url str: Custom login page URL
accessibility_self_service bool: Enable self service
acs_endpoints Sequence[str]: List of ACS endpoints for this SAML application
app_settings_json str: Application settings in JSON format
assertion_signed bool: Determines whether the SAML assertion is digitally signed
attribute_statements Sequence[GetSamlAttributeStatement]
audience str: Audience Restriction
authn_context_class_ref str: Identifies the SAML authentication context class for the assertion’s authentication statement
auto_submit_toolbar bool: Display auto submit toolbar
default_relay_state str: Identifies a specific application resource in an IDP initiated SSO scenario.
destination str: Identifies the location where the SAML response is intended to be sent inside of the SAML assertion
digest_algorithm str: Determines the digest algorithm used to digitally sign the SAML assertion and response
features Sequence[str]: features to enable
groups Sequence[str]: Groups associated with the application
Deprecated: The groups field is now deprecated for the data source okta.app.Saml, please replace all uses of this with: okta.AppGroupAssignments
hide_ios bool: Do not display application icon on mobile app
hide_web bool: Do not display application icon to users
honor_force_authn bool: Prompt user to re-authenticate if SP asks for it
idp_issuer str: SAML issuer ID
inline_hook_id str: Saml Inline Hook setting
key_id str: Certificate ID
links str: Discoverable resources related to the app
name str: Name of application.
recipient str: The location where the app may present the SAML assertion
response_signed bool: Determines whether the SAML auth response message is digitally signed
saml_signed_request_enabled bool: SAML Signed Request enabled
signature_algorithm str: Signature algorithm used to digitally sign the assertion and response
single_logout_certificate str: x509 encoded certificate that the Service Provider uses to sign Single Logout requests
single_logout_issuer str: The issuer of the Service Provider that generates the Single Logout request
single_logout_url str: The location where the logout response is sent
sp_issuer str: SAML SP issuer ID
sso_url str: Single Sign On URL
status str: Status of application.
subject_name_id_format str: Identifies the SAML processing rules.
subject_name_id_template str: Template for app user's username when a user is assigned to the app
user_name_template str: Username template
user_name_template_push_status str: Push username on update
user_name_template_suffix str: Username template suffix
user_name_template_type str: Username template type
users Sequence[str]: Users associated with the application
Deprecated: The users field is now deprecated for the data source okta.app.Saml, please replace all uses of this with: okta.getAppUserAssignments
active_only bool: Search only ACTIVE applications.
id str: Id of application to retrieve, conflicts with label and label_prefix.
label str: The label of the app to retrieve, conflicts with label_prefix and id. Label uses the ?q=\n\n query parameter exposed by Okta's API. It should be noted that at this time this searches both name and label. This is used to avoid paginating through all applications.
label_prefix str: Label prefix of the app to retrieve, conflicts with label and id. This will tell the provider to do a starts with query as opposed to an equals query.
request_compressed bool: Denotes whether the request is compressed or not.
skip_groups bool: Ignore groups sync. This is a temporary solution until 'groups' field is supported in all the app-like resources
Deprecated: Because groups has been removed, this attribute is a no op and will be removed
skip_users bool: Ignore users sync. This is a temporary solution until 'users' field is supported in all the app-like resources
Deprecated: Because users has been removed, this attribute is a no op and will be removed

accessibilityErrorRedirectUrl String: Custom error page URL
accessibilityLoginRedirectUrl String: Custom login page URL
accessibilitySelfService Boolean: Enable self service
acsEndpoints List<String>: List of ACS endpoints for this SAML application
appSettingsJson String: Application settings in JSON format
assertionSigned Boolean: Determines whether the SAML assertion is digitally signed
attributeStatements List<Property Map>
audience String: Audience Restriction
authnContextClassRef String: Identifies the SAML authentication context class for the assertion’s authentication statement
autoSubmitToolbar Boolean: Display auto submit toolbar
defaultRelayState String: Identifies a specific application resource in an IDP initiated SSO scenario.
destination String: Identifies the location where the SAML response is intended to be sent inside of the SAML assertion
digestAlgorithm String: Determines the digest algorithm used to digitally sign the SAML assertion and response
features List<String>: features to enable
groups List<String>: Groups associated with the application
Deprecated: The groups field is now deprecated for the data source okta.app.Saml, please replace all uses of this with: okta.AppGroupAssignments
hideIos Boolean: Do not display application icon on mobile app
hideWeb Boolean: Do not display application icon to users
honorForceAuthn Boolean: Prompt user to re-authenticate if SP asks for it
idpIssuer String: SAML issuer ID
inlineHookId String: Saml Inline Hook setting
keyId String: Certificate ID
links String: Discoverable resources related to the app
name String: Name of application.
recipient String: The location where the app may present the SAML assertion
responseSigned Boolean: Determines whether the SAML auth response message is digitally signed
samlSignedRequestEnabled Boolean: SAML Signed Request enabled
signatureAlgorithm String: Signature algorithm used to digitally sign the assertion and response
singleLogoutCertificate String: x509 encoded certificate that the Service Provider uses to sign Single Logout requests
singleLogoutIssuer String: The issuer of the Service Provider that generates the Single Logout request
singleLogoutUrl String: The location where the logout response is sent
spIssuer String: SAML SP issuer ID
ssoUrl String: Single Sign On URL
status String: Status of application.
subjectNameIdFormat String: Identifies the SAML processing rules.
subjectNameIdTemplate String: Template for app user's username when a user is assigned to the app
userNameTemplate String: Username template
userNameTemplatePushStatus String: Push username on update
userNameTemplateSuffix String: Username template suffix
userNameTemplateType String: Username template type
users List<String>: Users associated with the application
Deprecated: The users field is now deprecated for the data source okta.app.Saml, please replace all uses of this with: okta.getAppUserAssignments
activeOnly Boolean: Search only ACTIVE applications.
id String: Id of application to retrieve, conflicts with label and label_prefix.
label String: The label of the app to retrieve, conflicts with label_prefix and id. Label uses the ?q=\n\n query parameter exposed by Okta's API. It should be noted that at this time this searches both name and label. This is used to avoid paginating through all applications.
labelPrefix String: Label prefix of the app to retrieve, conflicts with label and id. This will tell the provider to do a starts with query as opposed to an equals query.
requestCompressed Boolean: Denotes whether the request is compressed or not.
skipGroups Boolean: Ignore groups sync. This is a temporary solution until 'groups' field is supported in all the app-like resources
Deprecated: Because groups has been removed, this attribute is a no op and will be removed
skipUsers Boolean: Ignore users sync. This is a temporary solution until 'users' field is supported in all the app-like resources
Deprecated: Because users has been removed, this attribute is a no op and will be removed

Supporting Types

GetSamlAttributeStatement

FilterType string: Type of group attribute filter
FilterValue string: Filter value to use
Name string: The reference name of the attribute statement
Namespace string: The name format of the attribute
Type string: The type of attribute statements object
Values List<string>

FilterType string: Type of group attribute filter
FilterValue string: Filter value to use
Name string: The reference name of the attribute statement
Namespace string: The name format of the attribute
Type string: The type of attribute statements object
Values []string

filterType String: Type of group attribute filter
filterValue String: Filter value to use
name String: The reference name of the attribute statement
namespace String: The name format of the attribute
type String: The type of attribute statements object
values List<String>

filterType string: Type of group attribute filter
filterValue string: Filter value to use
name string: The reference name of the attribute statement
namespace string: The name format of the attribute
type string: The type of attribute statements object
values string[]

filter_type str: Type of group attribute filter
filter_value str: Filter value to use
name str: The reference name of the attribute statement
namespace str: The name format of the attribute
type str: The type of attribute statements object
values Sequence[str]

filterType String: Type of group attribute filter
filterValue String: Filter value to use
name String: The reference name of the attribute statement
namespace String: The name format of the attribute
type String: The type of attribute statements object
values List<String>

Package Details

Repository: Okta pulumi/pulumi-okta
License: Apache-2.0
Notes: This Pulumi package is based on the okta Terraform Provider.

Viewing docs for Okta v6.3.1
published on Thursday, Mar 12, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-okta

okta.app.getSaml

On this page

On this page

Example Usage

Using getSaml

getSaml Result

Supporting Types

GetSamlAttributeStatement

Package Details

On this page

On this page