okta.app.Saml
This resource allows you to create and configure a SAML Application.
If you receive the error
You do not have permission to access the feature you are requestingcontact support and request feature flagADVANCED_SSObe applied to your org.
Example Usage
using System.Collections.Generic;
using Pulumi;
using Okta = Pulumi.Okta;
return await Deployment.RunAsync(() =>
{
var example = new Okta.App.Saml("example", new()
{
AttributeStatements = new[]
{
new Okta.App.Inputs.SamlAttributeStatementArgs
{
FilterType = "REGEX",
FilterValue = ".*",
Name = "groups",
Type = "GROUP",
},
},
Audience = "https://example.com/audience",
AuthnContextClassRef = "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport",
Destination = "https://example.com",
DigestAlgorithm = "SHA256",
HonorForceAuthn = false,
Label = "example",
Recipient = "https://example.com",
ResponseSigned = true,
SignatureAlgorithm = "RSA_SHA256",
SsoUrl = "https://example.com",
SubjectNameIdFormat = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
SubjectNameIdTemplate = "${user.userName}",
});
});
package main
import (
"github.com/pulumi/pulumi-okta/sdk/v3/go/okta/app"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := app.NewSaml(ctx, "example", &app.SamlArgs{
AttributeStatements: app.SamlAttributeStatementArray{
&app.SamlAttributeStatementArgs{
FilterType: pulumi.String("REGEX"),
FilterValue: pulumi.String(".*"),
Name: pulumi.String("groups"),
Type: pulumi.String("GROUP"),
},
},
Audience: pulumi.String("https://example.com/audience"),
AuthnContextClassRef: pulumi.String("urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"),
Destination: pulumi.String("https://example.com"),
DigestAlgorithm: pulumi.String("SHA256"),
HonorForceAuthn: pulumi.Bool(false),
Label: pulumi.String("example"),
Recipient: pulumi.String("https://example.com"),
ResponseSigned: pulumi.Bool(true),
SignatureAlgorithm: pulumi.String("RSA_SHA256"),
SsoUrl: pulumi.String("https://example.com"),
SubjectNameIdFormat: pulumi.String("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"),
SubjectNameIdTemplate: pulumi.String("${user.userName}"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.okta.app.Saml;
import com.pulumi.okta.app.SamlArgs;
import com.pulumi.okta.app.inputs.SamlAttributeStatementArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Saml("example", SamlArgs.builder()
.attributeStatements(SamlAttributeStatementArgs.builder()
.filterType("REGEX")
.filterValue(".*")
.name("groups")
.type("GROUP")
.build())
.audience("https://example.com/audience")
.authnContextClassRef("urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport")
.destination("https://example.com")
.digestAlgorithm("SHA256")
.honorForceAuthn(false)
.label("example")
.recipient("https://example.com")
.responseSigned(true)
.signatureAlgorithm("RSA_SHA256")
.ssoUrl("https://example.com")
.subjectNameIdFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress")
.subjectNameIdTemplate("${user.userName}")
.build());
}
}
import pulumi
import pulumi_okta as okta
example = okta.app.Saml("example",
attribute_statements=[okta.app.SamlAttributeStatementArgs(
filter_type="REGEX",
filter_value=".*",
name="groups",
type="GROUP",
)],
audience="https://example.com/audience",
authn_context_class_ref="urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport",
destination="https://example.com",
digest_algorithm="SHA256",
honor_force_authn=False,
label="example",
recipient="https://example.com",
response_signed=True,
signature_algorithm="RSA_SHA256",
sso_url="https://example.com",
subject_name_id_format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
subject_name_id_template="${user.userName}")
import * as pulumi from "@pulumi/pulumi";
import * as okta from "@pulumi/okta";
const example = new okta.app.Saml("example", {
attributeStatements: [{
filterType: "REGEX",
filterValue: ".*",
name: "groups",
type: "GROUP",
}],
audience: "https://example.com/audience",
authnContextClassRef: "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport",
destination: "https://example.com",
digestAlgorithm: "SHA256",
honorForceAuthn: false,
label: "example",
recipient: "https://example.com",
responseSigned: true,
signatureAlgorithm: "RSA_SHA256",
ssoUrl: "https://example.com",
subjectNameIdFormat: "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
subjectNameIdTemplate: "${user.userName}",
});
resources:
example:
type: okta:app:Saml
properties:
attributeStatements:
- filterType: REGEX
filterValue: .*
name: groups
type: GROUP
audience: https://example.com/audience
authnContextClassRef: urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
destination: https://example.com
digestAlgorithm: SHA256
honorForceAuthn: false
label: example
recipient: https://example.com
responseSigned: true
signatureAlgorithm: RSA_SHA256
ssoUrl: https://example.com
subjectNameIdFormat: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
subjectNameIdTemplate: ${user.userName}
With inline hook
using System.Collections.Generic;
using Pulumi;
using Okta = Pulumi.Okta;
return await Deployment.RunAsync(() =>
{
var testHook = new Okta.Inline.Hook("testHook", new()
{
Status = "ACTIVE",
Type = "com.okta.saml.tokens.transform",
Version = "1.0.2",
Channel =
{
{ "type", "HTTP" },
{ "version", "1.0.0" },
{ "uri", "https://example.com/test1" },
{ "method", "POST" },
},
Auth =
{
{ "key", "Authorization" },
{ "type", "HEADER" },
{ "value", "secret" },
},
});
var testSaml = new Okta.App.Saml("testSaml", new()
{
Label = "testAcc_replace_with_uuid",
SsoUrl = "https://google.com",
Recipient = "https://here.com",
Destination = "https://its-about-the-journey.com",
Audience = "https://audience.com",
SubjectNameIdTemplate = "${user.userName}",
SubjectNameIdFormat = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
ResponseSigned = true,
SignatureAlgorithm = "RSA_SHA256",
DigestAlgorithm = "SHA256",
HonorForceAuthn = false,
AuthnContextClassRef = "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport",
InlineHookId = testHook.Id,
AttributeStatements = new[]
{
new Okta.App.Inputs.SamlAttributeStatementArgs
{
Type = "GROUP",
Name = "groups",
FilterType = "REGEX",
FilterValue = ".*",
},
},
}, new CustomResourceOptions
{
DependsOn = new[]
{
testHook,
},
});
});
package main
import (
"github.com/pulumi/pulumi-okta/sdk/v3/go/okta/app"
"github.com/pulumi/pulumi-okta/sdk/v3/go/okta/inline"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
testHook, err := inline.NewHook(ctx, "testHook", &inline.HookArgs{
Status: pulumi.String("ACTIVE"),
Type: pulumi.String("com.okta.saml.tokens.transform"),
Version: pulumi.String("1.0.2"),
Channel: pulumi.StringMap{
"type": pulumi.String("HTTP"),
"version": pulumi.String("1.0.0"),
"uri": pulumi.String("https://example.com/test1"),
"method": pulumi.String("POST"),
},
Auth: pulumi.StringMap{
"key": pulumi.String("Authorization"),
"type": pulumi.String("HEADER"),
"value": pulumi.String("secret"),
},
})
if err != nil {
return err
}
_, err = app.NewSaml(ctx, "testSaml", &app.SamlArgs{
Label: pulumi.String("testAcc_replace_with_uuid"),
SsoUrl: pulumi.String("https://google.com"),
Recipient: pulumi.String("https://here.com"),
Destination: pulumi.String("https://its-about-the-journey.com"),
Audience: pulumi.String("https://audience.com"),
SubjectNameIdTemplate: pulumi.String("${user.userName}"),
SubjectNameIdFormat: pulumi.String("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"),
ResponseSigned: pulumi.Bool(true),
SignatureAlgorithm: pulumi.String("RSA_SHA256"),
DigestAlgorithm: pulumi.String("SHA256"),
HonorForceAuthn: pulumi.Bool(false),
AuthnContextClassRef: pulumi.String("urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"),
InlineHookId: testHook.ID(),
AttributeStatements: app.SamlAttributeStatementArray{
&app.SamlAttributeStatementArgs{
Type: pulumi.String("GROUP"),
Name: pulumi.String("groups"),
FilterType: pulumi.String("REGEX"),
FilterValue: pulumi.String(".*"),
},
},
}, pulumi.DependsOn([]pulumi.Resource{
testHook,
}))
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.okta.inline.Hook;
import com.pulumi.okta.inline.HookArgs;
import com.pulumi.okta.app.Saml;
import com.pulumi.okta.app.SamlArgs;
import com.pulumi.okta.app.inputs.SamlAttributeStatementArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var testHook = new Hook("testHook", HookArgs.builder()
.status("ACTIVE")
.type("com.okta.saml.tokens.transform")
.version("1.0.2")
.channel(Map.ofEntries(
Map.entry("type", "HTTP"),
Map.entry("version", "1.0.0"),
Map.entry("uri", "https://example.com/test1"),
Map.entry("method", "POST")
))
.auth(Map.ofEntries(
Map.entry("key", "Authorization"),
Map.entry("type", "HEADER"),
Map.entry("value", "secret")
))
.build());
var testSaml = new Saml("testSaml", SamlArgs.builder()
.label("testAcc_replace_with_uuid")
.ssoUrl("https://google.com")
.recipient("https://here.com")
.destination("https://its-about-the-journey.com")
.audience("https://audience.com")
.subjectNameIdTemplate("${user.userName}")
.subjectNameIdFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress")
.responseSigned(true)
.signatureAlgorithm("RSA_SHA256")
.digestAlgorithm("SHA256")
.honorForceAuthn(false)
.authnContextClassRef("urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport")
.inlineHookId(testHook.id())
.attributeStatements(SamlAttributeStatementArgs.builder()
.type("GROUP")
.name("groups")
.filterType("REGEX")
.filterValue(".*")
.build())
.build(), CustomResourceOptions.builder()
.dependsOn(testHook)
.build());
}
}
import pulumi
import pulumi_okta as okta
test_hook = okta.inline.Hook("testHook",
status="ACTIVE",
type="com.okta.saml.tokens.transform",
version="1.0.2",
channel={
"type": "HTTP",
"version": "1.0.0",
"uri": "https://example.com/test1",
"method": "POST",
},
auth={
"key": "Authorization",
"type": "HEADER",
"value": "secret",
})
test_saml = okta.app.Saml("testSaml",
label="testAcc_replace_with_uuid",
sso_url="https://google.com",
recipient="https://here.com",
destination="https://its-about-the-journey.com",
audience="https://audience.com",
subject_name_id_template="${user.userName}",
subject_name_id_format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
response_signed=True,
signature_algorithm="RSA_SHA256",
digest_algorithm="SHA256",
honor_force_authn=False,
authn_context_class_ref="urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport",
inline_hook_id=test_hook.id,
attribute_statements=[okta.app.SamlAttributeStatementArgs(
type="GROUP",
name="groups",
filter_type="REGEX",
filter_value=".*",
)],
opts=pulumi.ResourceOptions(depends_on=[test_hook]))
import * as pulumi from "@pulumi/pulumi";
import * as okta from "@pulumi/okta";
const testHook = new okta.inline.Hook("testHook", {
status: "ACTIVE",
type: "com.okta.saml.tokens.transform",
version: "1.0.2",
channel: {
type: "HTTP",
version: "1.0.0",
uri: "https://example.com/test1",
method: "POST",
},
auth: {
key: "Authorization",
type: "HEADER",
value: "secret",
},
});
const testSaml = new okta.app.Saml("testSaml", {
label: "testAcc_replace_with_uuid",
ssoUrl: "https://google.com",
recipient: "https://here.com",
destination: "https://its-about-the-journey.com",
audience: "https://audience.com",
subjectNameIdTemplate: "${user.userName}",
subjectNameIdFormat: "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
responseSigned: true,
signatureAlgorithm: "RSA_SHA256",
digestAlgorithm: "SHA256",
honorForceAuthn: false,
authnContextClassRef: "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport",
inlineHookId: testHook.id,
attributeStatements: [{
type: "GROUP",
name: "groups",
filterType: "REGEX",
filterValue: ".*",
}],
}, {
dependsOn: [testHook],
});
resources:
testHook:
type: okta:inline:Hook
properties:
status: ACTIVE
type: com.okta.saml.tokens.transform
version: 1.0.2
channel:
type: HTTP
version: 1.0.0
uri: https://example.com/test1
method: POST
auth:
key: Authorization
type: HEADER
value: secret
testSaml:
type: okta:app:Saml
properties:
label: testAcc_replace_with_uuid
ssoUrl: https://google.com
recipient: https://here.com
destination: https://its-about-the-journey.com
audience: https://audience.com
subjectNameIdTemplate: ${user.userName}
subjectNameIdFormat: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
responseSigned: true
signatureAlgorithm: RSA_SHA256
digestAlgorithm: SHA256
honorForceAuthn: false
authnContextClassRef: urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
inlineHookId: ${testHook.id}
attributeStatements:
- type: GROUP
name: groups
filterType: REGEX
filterValue: .*
options:
dependson:
- ${testHook}
Pre-configured app with SAML 1.1 sign-on mode
using System.Collections.Generic;
using Pulumi;
using Okta = Pulumi.Okta;
return await Deployment.RunAsync(() =>
{
var test = new Okta.App.Saml("test", new()
{
AppSettingsJson = @"{
""groupFilter"": ""app1.*"",
""siteURL"": ""https://www.okta.com""
}
",
Label = "SharePoint (On-Premise)",
PreconfiguredApp = "sharepoint_onpremise",
SamlVersion = "1.1",
Status = "ACTIVE",
UserNameTemplate = "${source.login}",
UserNameTemplateType = "BUILT_IN",
});
});
package main
import (
"github.com/pulumi/pulumi-okta/sdk/v3/go/okta/app"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := app.NewSaml(ctx, "test", &app.SamlArgs{
AppSettingsJson: pulumi.String("{\n \"groupFilter\": \"app1.*\",\n \"siteURL\": \"https://www.okta.com\"\n}\n\n"),
Label: pulumi.String("SharePoint (On-Premise)"),
PreconfiguredApp: pulumi.String("sharepoint_onpremise"),
SamlVersion: pulumi.String("1.1"),
Status: pulumi.String("ACTIVE"),
UserNameTemplate: pulumi.String("${source.login}"),
UserNameTemplateType: pulumi.String("BUILT_IN"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.okta.app.Saml;
import com.pulumi.okta.app.SamlArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var test = new Saml("test", SamlArgs.builder()
.appSettingsJson("""
{
"groupFilter": "app1.*",
"siteURL": "https://www.okta.com"
}
""")
.label("SharePoint (On-Premise)")
.preconfiguredApp("sharepoint_onpremise")
.samlVersion("1.1")
.status("ACTIVE")
.userNameTemplate("${source.login}")
.userNameTemplateType("BUILT_IN")
.build());
}
}
import pulumi
import pulumi_okta as okta
test = okta.app.Saml("test",
app_settings_json="""{
"groupFilter": "app1.*",
"siteURL": "https://www.okta.com"
}
""",
label="SharePoint (On-Premise)",
preconfigured_app="sharepoint_onpremise",
saml_version="1.1",
status="ACTIVE",
user_name_template="${source.login}",
user_name_template_type="BUILT_IN")
import * as pulumi from "@pulumi/pulumi";
import * as okta from "@pulumi/okta";
const test = new okta.app.Saml("test", {
appSettingsJson: `{
"groupFilter": "app1.*",
"siteURL": "https://www.okta.com"
}
`,
label: "SharePoint (On-Premise)",
preconfiguredApp: "sharepoint_onpremise",
samlVersion: "1.1",
status: "ACTIVE",
userNameTemplate: "${source.login}",
userNameTemplateType: "BUILT_IN",
});
resources:
test:
type: okta:app:Saml
properties:
appSettingsJson: |+
{
"groupFilter": "app1.*",
"siteURL": "https://www.okta.com"
}
label: SharePoint (On-Premise)
preconfiguredApp: sharepoint_onpremise
samlVersion: '1.1'
status: ACTIVE
userNameTemplate: ${source.login}
userNameTemplateType: BUILT_IN
Pre-configured app with SAML 1.1 sign-on mode, app_settings_json and app_links_json
using System.Collections.Generic;
using Pulumi;
using Okta = Pulumi.Okta;
return await Deployment.RunAsync(() =>
{
var office365 = new Okta.App.Saml("office365", new()
{
AppLinksJson = @" {
""calendar"": false,
""crm"": false,
""delve"": false,
""excel"": false,
""forms"": false,
""mail"": false,
""newsfeed"": false,
""onedrive"": false,
""people"": false,
""planner"": false,
""powerbi"": false,
""powerpoint"": false,
""sites"": false,
""sway"": false,
""tasks"": false,
""teams"": false,
""video"": false,
""word"": false,
""yammer"": false,
""login"": true
}
",
AppSettingsJson = @" {
""wsFedConfigureType"": ""AUTO"",
""windowsTransportEnabled"": false,
""domain"": ""okta.com"",
""msftTenant"": ""okta"",
""domains"": [],
""requireAdminConsent"": false
}
",
Label = "Microsoft Office 365",
PreconfiguredApp = "office365",
SamlVersion = "1.1",
Status = "ACTIVE",
});
});
package main
import (
"github.com/pulumi/pulumi-okta/sdk/v3/go/okta/app"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := app.NewSaml(ctx, "office365", &app.SamlArgs{
AppLinksJson: pulumi.String(" {\n \"calendar\": false,\n \"crm\": false,\n \"delve\": false,\n \"excel\": false,\n \"forms\": false,\n \"mail\": false,\n \"newsfeed\": false,\n \"onedrive\": false,\n \"people\": false,\n \"planner\": false,\n \"powerbi\": false,\n \"powerpoint\": false,\n \"sites\": false,\n \"sway\": false,\n \"tasks\": false,\n \"teams\": false,\n \"video\": false,\n \"word\": false,\n \"yammer\": false,\n \"login\": true\n }\n\n"),
AppSettingsJson: pulumi.String(" {\n \"wsFedConfigureType\": \"AUTO\",\n \"windowsTransportEnabled\": false,\n \"domain\": \"okta.com\",\n \"msftTenant\": \"okta\",\n \"domains\": [],\n \"requireAdminConsent\": false\n }\n\n"),
Label: pulumi.String("Microsoft Office 365"),
PreconfiguredApp: pulumi.String("office365"),
SamlVersion: pulumi.String("1.1"),
Status: pulumi.String("ACTIVE"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.okta.app.Saml;
import com.pulumi.okta.app.SamlArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var office365 = new Saml("office365", SamlArgs.builder()
.appLinksJson("""
{
"calendar": false,
"crm": false,
"delve": false,
"excel": false,
"forms": false,
"mail": false,
"newsfeed": false,
"onedrive": false,
"people": false,
"planner": false,
"powerbi": false,
"powerpoint": false,
"sites": false,
"sway": false,
"tasks": false,
"teams": false,
"video": false,
"word": false,
"yammer": false,
"login": true
}
""")
.appSettingsJson("""
{
"wsFedConfigureType": "AUTO",
"windowsTransportEnabled": false,
"domain": "okta.com",
"msftTenant": "okta",
"domains": [],
"requireAdminConsent": false
}
""")
.label("Microsoft Office 365")
.preconfiguredApp("office365")
.samlVersion("1.1")
.status("ACTIVE")
.build());
}
}
import pulumi
import pulumi_okta as okta
office365 = okta.app.Saml("office365",
app_links_json=""" {
"calendar": false,
"crm": false,
"delve": false,
"excel": false,
"forms": false,
"mail": false,
"newsfeed": false,
"onedrive": false,
"people": false,
"planner": false,
"powerbi": false,
"powerpoint": false,
"sites": false,
"sway": false,
"tasks": false,
"teams": false,
"video": false,
"word": false,
"yammer": false,
"login": true
}
""",
app_settings_json=""" {
"wsFedConfigureType": "AUTO",
"windowsTransportEnabled": false,
"domain": "okta.com",
"msftTenant": "okta",
"domains": [],
"requireAdminConsent": false
}
""",
label="Microsoft Office 365",
preconfigured_app="office365",
saml_version="1.1",
status="ACTIVE")
import * as pulumi from "@pulumi/pulumi";
import * as okta from "@pulumi/okta";
const office365 = new okta.app.Saml("office365", {
appLinksJson: ` {
"calendar": false,
"crm": false,
"delve": false,
"excel": false,
"forms": false,
"mail": false,
"newsfeed": false,
"onedrive": false,
"people": false,
"planner": false,
"powerbi": false,
"powerpoint": false,
"sites": false,
"sway": false,
"tasks": false,
"teams": false,
"video": false,
"word": false,
"yammer": false,
"login": true
}
`,
appSettingsJson: ` {
"wsFedConfigureType": "AUTO",
"windowsTransportEnabled": false,
"domain": "okta.com",
"msftTenant": "okta",
"domains": [],
"requireAdminConsent": false
}
`,
label: "Microsoft Office 365",
preconfiguredApp: "office365",
samlVersion: "1.1",
status: "ACTIVE",
});
resources:
office365:
type: okta:app:Saml
properties:
appLinksJson: |2+
{
"calendar": false,
"crm": false,
"delve": false,
"excel": false,
"forms": false,
"mail": false,
"newsfeed": false,
"onedrive": false,
"people": false,
"planner": false,
"powerbi": false,
"powerpoint": false,
"sites": false,
"sway": false,
"tasks": false,
"teams": false,
"video": false,
"word": false,
"yammer": false,
"login": true
}
appSettingsJson: |2+
{
"wsFedConfigureType": "AUTO",
"windowsTransportEnabled": false,
"domain": "okta.com",
"msftTenant": "okta",
"domains": [],
"requireAdminConsent": false
}
label: Microsoft Office 365
preconfiguredApp: office365
samlVersion: '1.1'
status: ACTIVE
Create Saml Resource
new Saml(name: string, args: SamlArgs, opts?: CustomResourceOptions);@overload
def Saml(resource_name: str,
opts: Optional[ResourceOptions] = None,
accessibility_error_redirect_url: Optional[str] = None,
accessibility_login_redirect_url: Optional[str] = None,
accessibility_self_service: Optional[bool] = None,
acs_endpoints: Optional[Sequence[str]] = None,
admin_note: Optional[str] = None,
app_links_json: Optional[str] = None,
app_settings_json: Optional[str] = None,
assertion_signed: Optional[bool] = None,
attribute_statements: Optional[Sequence[SamlAttributeStatementArgs]] = None,
audience: Optional[str] = None,
authentication_policy: Optional[str] = None,
authn_context_class_ref: Optional[str] = None,
auto_submit_toolbar: Optional[bool] = None,
default_relay_state: Optional[str] = None,
destination: Optional[str] = None,
digest_algorithm: Optional[str] = None,
enduser_note: Optional[str] = None,
groups: Optional[Sequence[str]] = None,
hide_ios: Optional[bool] = None,
hide_web: Optional[bool] = None,
honor_force_authn: Optional[bool] = None,
idp_issuer: Optional[str] = None,
implicit_assignment: Optional[bool] = None,
inline_hook_id: Optional[str] = None,
key_name: Optional[str] = None,
key_years_valid: Optional[int] = None,
label: Optional[str] = None,
logo: Optional[str] = None,
preconfigured_app: Optional[str] = None,
recipient: Optional[str] = None,
request_compressed: Optional[bool] = None,
response_signed: Optional[bool] = None,
saml_signed_request_enabled: Optional[bool] = None,
saml_version: Optional[str] = None,
signature_algorithm: Optional[str] = None,
single_logout_certificate: Optional[str] = None,
single_logout_issuer: Optional[str] = None,
single_logout_url: Optional[str] = None,
skip_groups: Optional[bool] = None,
skip_users: Optional[bool] = None,
sp_issuer: Optional[str] = None,
sso_url: Optional[str] = None,
status: Optional[str] = None,
subject_name_id_format: Optional[str] = None,
subject_name_id_template: Optional[str] = None,
user_name_template: Optional[str] = None,
user_name_template_push_status: Optional[str] = None,
user_name_template_suffix: Optional[str] = None,
user_name_template_type: Optional[str] = None,
users: Optional[Sequence[SamlUserArgs]] = None)
@overload
def Saml(resource_name: str,
args: SamlArgs,
opts: Optional[ResourceOptions] = None)func NewSaml(ctx *Context, name string, args SamlArgs, opts ...ResourceOption) (*Saml, error)public Saml(string name, SamlArgs args, CustomResourceOptions? opts = null)type: okta:app:Saml
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args SamlArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args SamlArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args SamlArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args SamlArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args SamlArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Saml Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The Saml resource accepts the following input properties:
- Label string
label of application.
- Accessibility
Error stringRedirect Url Custom error page URL.
- Accessibility
Login stringRedirect Url Custom login page for this application.
- Accessibility
Self boolService Enable self-service. Default is:
false.- Acs
Endpoints List<string> An array of ACS endpoints. You can configure a maximum of 100 endpoints.
- Admin
Note string Application notes for admins.
- App
Links stringJson Displays specific appLinks for the app. The value for each application link should be boolean.
- App
Settings stringJson Application settings in JSON format.
- Assertion
Signed bool Determines whether the SAML assertion is digitally signed.
- Attribute
Statements List<SamlAttribute Statement Args> List of SAML Attribute statements.
- Audience string
Audience Restriction
- Authentication
Policy string The ID of the associated
app_signon_policy. If this property is removed from the application thedefaultsign-on-policy will be associated with this application.- Authn
Context stringClass Ref Identifies the SAML authentication context class for the assertion’s authentication statement
- Auto
Submit boolToolbar Display auto submit toolbar. Default is:
false- Default
Relay stringState Identifies a specific application resource in an IDP initiated SSO scenario.
- Destination string
Identifies the location where the SAML response is intended to be sent inside of the SAML assertion
- Digest
Algorithm string Determines the digest algorithm used to digitally sign the SAML assertion and response
- Enduser
Note string Application notes for end users.
- Groups List<string>
Groups associated with the application.
The direct configuration of groups in this app resource is deprecated, please ensure you use the resource
okta_app_group_assignmentsfor this functionality.- Hide
Ios bool Do not display application icon on mobile app. Default is:
false- Hide
Web bool Do not display application icon to users. Default is:
false- Honor
Force boolAuthn Prompt user to re-authenticate if SP asks for it. Default is:
false- Idp
Issuer string SAML issuer ID.
- Implicit
Assignment bool Early Access Property. Enables Federation Broker Mode. When this mode is enabled,
usersandgroupsarguments are ignored.- Inline
Hook stringId Saml Inline Hook associated with the application.
- Key
Name string Certificate name. This modulates the rotation of keys. New name == new key. Required to be set with
key_years_valid.- Key
Years intValid Number of years the certificate is valid (2 - 10 years).
- Logo string
Local file path to the logo. The file must be in PNG, JPG, or GIF format, and less than 1 MB in size.
- Preconfigured
App string name of application from the Okta Integration Network, if not included a custom app will be created. If not provided the following arguments are required:
- Recipient string
The location where the app may present the SAML assertion.
- Request
Compressed bool Denotes whether the request is compressed or not.
- Response
Signed bool Determines whether the SAML auth response message is digitally signed.
- Saml
Signed boolRequest Enabled SAML Signed Request enabled
- Saml
Version string SAML version for the app's sign-on mode. Valid values are:
"2.0"or"1.1". Default is"2.0".- Signature
Algorithm string Signature algorithm used ot digitally sign the assertion and response.
- Single
Logout stringCertificate x509 encoded certificate that the Service Provider uses to sign Single Logout requests. Note: should be provided without
-----BEGIN CERTIFICATE-----and-----END CERTIFICATE-----, see official documentation.- Single
Logout stringIssuer The issuer of the Service Provider that generates the Single Logout request.
- Single
Logout stringUrl The location where the logout response is sent.
- Skip
Groups bool Indicator that allows the app to skip
groupssync (it can also be provided during import). Default isfalse.- Skip
Users bool Indicator that allows the app to skip
userssync (it can also be provided during import). Default isfalse.- Sp
Issuer string SAML service provider issuer.
- Sso
Url string Single Sign-on Url.
- Status string
status of application.
- Subject
Name stringId Format Identifies the SAML processing rules.
- Subject
Name stringId Template Template for app user's username when a user is assigned to the app.
- User
Name stringTemplate Username template. Default is:
"${source.login}"- User
Name stringTemplate Push Status Push username on update. Valid values:
"PUSH"and"DONT_PUSH".- User
Name stringTemplate Suffix Username template suffix.
- User
Name stringTemplate Type Username template type. Default is:
"BUILT_IN".- Users
List<Saml
User Args> Users associated with the application.
The direct configuration of users in this app resource is deprecated, please ensure you use the resource
okta_app_userfor this functionality.
- Label string
label of application.
- Accessibility
Error stringRedirect Url Custom error page URL.
- Accessibility
Login stringRedirect Url Custom login page for this application.
- Accessibility
Self boolService Enable self-service. Default is:
false.- Acs
Endpoints []string An array of ACS endpoints. You can configure a maximum of 100 endpoints.
- Admin
Note string Application notes for admins.
- App
Links stringJson Displays specific appLinks for the app. The value for each application link should be boolean.
- App
Settings stringJson Application settings in JSON format.
- Assertion
Signed bool Determines whether the SAML assertion is digitally signed.
- Attribute
Statements []SamlAttribute Statement Args List of SAML Attribute statements.
- Audience string
Audience Restriction
- Authentication
Policy string The ID of the associated
app_signon_policy. If this property is removed from the application thedefaultsign-on-policy will be associated with this application.- Authn
Context stringClass Ref Identifies the SAML authentication context class for the assertion’s authentication statement
- Auto
Submit boolToolbar Display auto submit toolbar. Default is:
false- Default
Relay stringState Identifies a specific application resource in an IDP initiated SSO scenario.
- Destination string
Identifies the location where the SAML response is intended to be sent inside of the SAML assertion
- Digest
Algorithm string Determines the digest algorithm used to digitally sign the SAML assertion and response
- Enduser
Note string Application notes for end users.
- Groups []string
Groups associated with the application.
The direct configuration of groups in this app resource is deprecated, please ensure you use the resource
okta_app_group_assignmentsfor this functionality.- Hide
Ios bool Do not display application icon on mobile app. Default is:
false- Hide
Web bool Do not display application icon to users. Default is:
false- Honor
Force boolAuthn Prompt user to re-authenticate if SP asks for it. Default is:
false- Idp
Issuer string SAML issuer ID.
- Implicit
Assignment bool Early Access Property. Enables Federation Broker Mode. When this mode is enabled,
usersandgroupsarguments are ignored.- Inline
Hook stringId Saml Inline Hook associated with the application.
- Key
Name string Certificate name. This modulates the rotation of keys. New name == new key. Required to be set with
key_years_valid.- Key
Years intValid Number of years the certificate is valid (2 - 10 years).
- Logo string
Local file path to the logo. The file must be in PNG, JPG, or GIF format, and less than 1 MB in size.
- Preconfigured
App string name of application from the Okta Integration Network, if not included a custom app will be created. If not provided the following arguments are required:
- Recipient string
The location where the app may present the SAML assertion.
- Request
Compressed bool Denotes whether the request is compressed or not.
- Response
Signed bool Determines whether the SAML auth response message is digitally signed.
- Saml
Signed boolRequest Enabled SAML Signed Request enabled
- Saml
Version string SAML version for the app's sign-on mode. Valid values are:
"2.0"or"1.1". Default is"2.0".- Signature
Algorithm string Signature algorithm used ot digitally sign the assertion and response.
- Single
Logout stringCertificate x509 encoded certificate that the Service Provider uses to sign Single Logout requests. Note: should be provided without
-----BEGIN CERTIFICATE-----and-----END CERTIFICATE-----, see official documentation.- Single
Logout stringIssuer The issuer of the Service Provider that generates the Single Logout request.
- Single
Logout stringUrl The location where the logout response is sent.
- Skip
Groups bool Indicator that allows the app to skip
groupssync (it can also be provided during import). Default isfalse.- Skip
Users bool Indicator that allows the app to skip
userssync (it can also be provided during import). Default isfalse.- Sp
Issuer string SAML service provider issuer.
- Sso
Url string Single Sign-on Url.
- Status string
status of application.
- Subject
Name stringId Format Identifies the SAML processing rules.
- Subject
Name stringId Template Template for app user's username when a user is assigned to the app.
- User
Name stringTemplate Username template. Default is:
"${source.login}"- User
Name stringTemplate Push Status Push username on update. Valid values:
"PUSH"and"DONT_PUSH".- User
Name stringTemplate Suffix Username template suffix.
- User
Name stringTemplate Type Username template type. Default is:
"BUILT_IN".- Users
[]Saml
User Args Users associated with the application.
The direct configuration of users in this app resource is deprecated, please ensure you use the resource
okta_app_userfor this functionality.
- label String
label of application.
- accessibility
Error StringRedirect Url Custom error page URL.
- accessibility
Login StringRedirect Url Custom login page for this application.
- accessibility
Self BooleanService Enable self-service. Default is:
false.- acs
Endpoints List<String> An array of ACS endpoints. You can configure a maximum of 100 endpoints.
- admin
Note String Application notes for admins.
- app
Links StringJson Displays specific appLinks for the app. The value for each application link should be boolean.
- app
Settings StringJson Application settings in JSON format.
- assertion
Signed Boolean Determines whether the SAML assertion is digitally signed.
- attribute
Statements List<SamlAttribute Statement Args> List of SAML Attribute statements.
- audience String
Audience Restriction
- authentication
Policy String The ID of the associated
app_signon_policy. If this property is removed from the application thedefaultsign-on-policy will be associated with this application.- authn
Context StringClass Ref Identifies the SAML authentication context class for the assertion’s authentication statement
- auto
Submit BooleanToolbar Display auto submit toolbar. Default is:
false- default
Relay StringState Identifies a specific application resource in an IDP initiated SSO scenario.
- destination String
Identifies the location where the SAML response is intended to be sent inside of the SAML assertion
- digest
Algorithm String Determines the digest algorithm used to digitally sign the SAML assertion and response
- enduser
Note String Application notes for end users.
- groups List<String>
Groups associated with the application.
The direct configuration of groups in this app resource is deprecated, please ensure you use the resource
okta_app_group_assignmentsfor this functionality.- hide
Ios Boolean Do not display application icon on mobile app. Default is:
false- hide
Web Boolean Do not display application icon to users. Default is:
false- honor
Force BooleanAuthn Prompt user to re-authenticate if SP asks for it. Default is:
false- idp
Issuer String SAML issuer ID.
- implicit
Assignment Boolean Early Access Property. Enables Federation Broker Mode. When this mode is enabled,
usersandgroupsarguments are ignored.- inline
Hook StringId Saml Inline Hook associated with the application.
- key
Name String Certificate name. This modulates the rotation of keys. New name == new key. Required to be set with
key_years_valid.- key
Years IntegerValid Number of years the certificate is valid (2 - 10 years).
- logo String
Local file path to the logo. The file must be in PNG, JPG, or GIF format, and less than 1 MB in size.
- preconfigured
App String name of application from the Okta Integration Network, if not included a custom app will be created. If not provided the following arguments are required:
- recipient String
The location where the app may present the SAML assertion.
- request
Compressed Boolean Denotes whether the request is compressed or not.
- response
Signed Boolean Determines whether the SAML auth response message is digitally signed.
- saml
Signed BooleanRequest Enabled SAML Signed Request enabled
- saml
Version String SAML version for the app's sign-on mode. Valid values are:
"2.0"or"1.1". Default is"2.0".- signature
Algorithm String Signature algorithm used ot digitally sign the assertion and response.
- single
Logout StringCertificate x509 encoded certificate that the Service Provider uses to sign Single Logout requests. Note: should be provided without
-----BEGIN CERTIFICATE-----and-----END CERTIFICATE-----, see official documentation.- single
Logout StringIssuer The issuer of the Service Provider that generates the Single Logout request.
- single
Logout StringUrl The location where the logout response is sent.
- skip
Groups Boolean Indicator that allows the app to skip
groupssync (it can also be provided during import). Default isfalse.- skip
Users Boolean Indicator that allows the app to skip
userssync (it can also be provided during import). Default isfalse.- sp
Issuer String SAML service provider issuer.
- sso
Url String Single Sign-on Url.
- status String
status of application.
- subject
Name StringId Format Identifies the SAML processing rules.
- subject
Name StringId Template Template for app user's username when a user is assigned to the app.
- user
Name StringTemplate Username template. Default is:
"${source.login}"- user
Name StringTemplate Push Status Push username on update. Valid values:
"PUSH"and"DONT_PUSH".- user
Name StringTemplate Suffix Username template suffix.
- user
Name StringTemplate Type Username template type. Default is:
"BUILT_IN".- users
List<Saml
User Args> Users associated with the application.
The direct configuration of users in this app resource is deprecated, please ensure you use the resource
okta_app_userfor this functionality.
- label string
label of application.
- accessibility
Error stringRedirect Url Custom error page URL.
- accessibility
Login stringRedirect Url Custom login page for this application.
- accessibility
Self booleanService Enable self-service. Default is:
false.- acs
Endpoints string[] An array of ACS endpoints. You can configure a maximum of 100 endpoints.
- admin
Note string Application notes for admins.
- app
Links stringJson Displays specific appLinks for the app. The value for each application link should be boolean.
- app
Settings stringJson Application settings in JSON format.
- assertion
Signed boolean Determines whether the SAML assertion is digitally signed.
- attribute
Statements SamlAttribute Statement Args[] List of SAML Attribute statements.
- audience string
Audience Restriction
- authentication
Policy string The ID of the associated
app_signon_policy. If this property is removed from the application thedefaultsign-on-policy will be associated with this application.- authn
Context stringClass Ref Identifies the SAML authentication context class for the assertion’s authentication statement
- auto
Submit booleanToolbar Display auto submit toolbar. Default is:
false- default
Relay stringState Identifies a specific application resource in an IDP initiated SSO scenario.
- destination string
Identifies the location where the SAML response is intended to be sent inside of the SAML assertion
- digest
Algorithm string Determines the digest algorithm used to digitally sign the SAML assertion and response
- enduser
Note string Application notes for end users.
- groups string[]
Groups associated with the application.
The direct configuration of groups in this app resource is deprecated, please ensure you use the resource
okta_app_group_assignmentsfor this functionality.- hide
Ios boolean Do not display application icon on mobile app. Default is:
false- hide
Web boolean Do not display application icon to users. Default is:
false- honor
Force booleanAuthn Prompt user to re-authenticate if SP asks for it. Default is:
false- idp
Issuer string SAML issuer ID.
- implicit
Assignment boolean Early Access Property. Enables Federation Broker Mode. When this mode is enabled,
usersandgroupsarguments are ignored.- inline
Hook stringId Saml Inline Hook associated with the application.
- key
Name string Certificate name. This modulates the rotation of keys. New name == new key. Required to be set with
key_years_valid.- key
Years numberValid Number of years the certificate is valid (2 - 10 years).
- logo string
Local file path to the logo. The file must be in PNG, JPG, or GIF format, and less than 1 MB in size.
- preconfigured
App string name of application from the Okta Integration Network, if not included a custom app will be created. If not provided the following arguments are required:
- recipient string
The location where the app may present the SAML assertion.
- request
Compressed boolean Denotes whether the request is compressed or not.
- response
Signed boolean Determines whether the SAML auth response message is digitally signed.
- saml
Signed booleanRequest Enabled SAML Signed Request enabled
- saml
Version string SAML version for the app's sign-on mode. Valid values are:
"2.0"or"1.1". Default is"2.0".- signature
Algorithm string Signature algorithm used ot digitally sign the assertion and response.
- single
Logout stringCertificate x509 encoded certificate that the Service Provider uses to sign Single Logout requests. Note: should be provided without
-----BEGIN CERTIFICATE-----and-----END CERTIFICATE-----, see official documentation.- single
Logout stringIssuer The issuer of the Service Provider that generates the Single Logout request.
- single
Logout stringUrl The location where the logout response is sent.
- skip
Groups boolean Indicator that allows the app to skip
groupssync (it can also be provided during import). Default isfalse.- skip
Users boolean Indicator that allows the app to skip
userssync (it can also be provided during import). Default isfalse.- sp
Issuer string SAML service provider issuer.
- sso
Url string Single Sign-on Url.
- status string
status of application.
- subject
Name stringId Format Identifies the SAML processing rules.
- subject
Name stringId Template Template for app user's username when a user is assigned to the app.
- user
Name stringTemplate Username template. Default is:
"${source.login}"- user
Name stringTemplate Push Status Push username on update. Valid values:
"PUSH"and"DONT_PUSH".- user
Name stringTemplate Suffix Username template suffix.
- user
Name stringTemplate Type Username template type. Default is:
"BUILT_IN".- users
Saml
User Args[] Users associated with the application.
The direct configuration of users in this app resource is deprecated, please ensure you use the resource
okta_app_userfor this functionality.
- label str
label of application.
- accessibility_
error_ strredirect_ url Custom error page URL.
- accessibility_
login_ strredirect_ url Custom login page for this application.
- accessibility_
self_ boolservice Enable self-service. Default is:
false.- acs_
endpoints Sequence[str] An array of ACS endpoints. You can configure a maximum of 100 endpoints.
- admin_
note str Application notes for admins.
- app_
links_ strjson Displays specific appLinks for the app. The value for each application link should be boolean.
- app_
settings_ strjson Application settings in JSON format.
- assertion_
signed bool Determines whether the SAML assertion is digitally signed.
- attribute_
statements Sequence[SamlAttribute Statement Args] List of SAML Attribute statements.
- audience str
Audience Restriction
- authentication_
policy str The ID of the associated
app_signon_policy. If this property is removed from the application thedefaultsign-on-policy will be associated with this application.- authn_
context_ strclass_ ref Identifies the SAML authentication context class for the assertion’s authentication statement
- auto_
submit_ booltoolbar Display auto submit toolbar. Default is:
false- default_
relay_ strstate Identifies a specific application resource in an IDP initiated SSO scenario.
- destination str
Identifies the location where the SAML response is intended to be sent inside of the SAML assertion
- digest_
algorithm str Determines the digest algorithm used to digitally sign the SAML assertion and response
- enduser_
note str Application notes for end users.
- groups Sequence[str]
Groups associated with the application.
The direct configuration of groups in this app resource is deprecated, please ensure you use the resource
okta_app_group_assignmentsfor this functionality.- hide_
ios bool Do not display application icon on mobile app. Default is:
false- hide_
web bool Do not display application icon to users. Default is:
false- honor_
force_ boolauthn Prompt user to re-authenticate if SP asks for it. Default is:
false- idp_
issuer str SAML issuer ID.
- implicit_
assignment bool Early Access Property. Enables Federation Broker Mode. When this mode is enabled,
usersandgroupsarguments are ignored.- inline_
hook_ strid Saml Inline Hook associated with the application.
- key_
name str Certificate name. This modulates the rotation of keys. New name == new key. Required to be set with
key_years_valid.- key_
years_ intvalid Number of years the certificate is valid (2 - 10 years).
- logo str
Local file path to the logo. The file must be in PNG, JPG, or GIF format, and less than 1 MB in size.
- preconfigured_
app str name of application from the Okta Integration Network, if not included a custom app will be created. If not provided the following arguments are required:
- recipient str
The location where the app may present the SAML assertion.
- request_
compressed bool Denotes whether the request is compressed or not.
- response_
signed bool Determines whether the SAML auth response message is digitally signed.
- saml_
signed_ boolrequest_ enabled SAML Signed Request enabled
- saml_
version str SAML version for the app's sign-on mode. Valid values are:
"2.0"or"1.1". Default is"2.0".- signature_
algorithm str Signature algorithm used ot digitally sign the assertion and response.
- single_
logout_ strcertificate x509 encoded certificate that the Service Provider uses to sign Single Logout requests. Note: should be provided without
-----BEGIN CERTIFICATE-----and-----END CERTIFICATE-----, see official documentation.- single_
logout_ strissuer The issuer of the Service Provider that generates the Single Logout request.
- single_
logout_ strurl The location where the logout response is sent.
- skip_
groups bool Indicator that allows the app to skip
groupssync (it can also be provided during import). Default isfalse.- skip_
users bool Indicator that allows the app to skip
userssync (it can also be provided during import). Default isfalse.- sp_
issuer str SAML service provider issuer.
- sso_
url str Single Sign-on Url.
- status str
status of application.
- subject_
name_ strid_ format Identifies the SAML processing rules.
- subject_
name_ strid_ template Template for app user's username when a user is assigned to the app.
- user_
name_ strtemplate Username template. Default is:
"${source.login}"- user_
name_ strtemplate_ push_ status Push username on update. Valid values:
"PUSH"and"DONT_PUSH".- user_
name_ strtemplate_ suffix Username template suffix.
- user_
name_ strtemplate_ type Username template type. Default is:
"BUILT_IN".- users
Sequence[Saml
User Args] Users associated with the application.
The direct configuration of users in this app resource is deprecated, please ensure you use the resource
okta_app_userfor this functionality.
- label String
label of application.
- accessibility
Error StringRedirect Url Custom error page URL.
- accessibility
Login StringRedirect Url Custom login page for this application.
- accessibility
Self BooleanService Enable self-service. Default is:
false.- acs
Endpoints List<String> An array of ACS endpoints. You can configure a maximum of 100 endpoints.
- admin
Note String Application notes for admins.
- app
Links StringJson Displays specific appLinks for the app. The value for each application link should be boolean.
- app
Settings StringJson Application settings in JSON format.
- assertion
Signed Boolean Determines whether the SAML assertion is digitally signed.
- attribute
Statements List<Property Map> List of SAML Attribute statements.
- audience String
Audience Restriction
- authentication
Policy String The ID of the associated
app_signon_policy. If this property is removed from the application thedefaultsign-on-policy will be associated with this application.- authn
Context StringClass Ref Identifies the SAML authentication context class for the assertion’s authentication statement
- auto
Submit BooleanToolbar Display auto submit toolbar. Default is:
false- default
Relay StringState Identifies a specific application resource in an IDP initiated SSO scenario.
- destination String
Identifies the location where the SAML response is intended to be sent inside of the SAML assertion
- digest
Algorithm String Determines the digest algorithm used to digitally sign the SAML assertion and response
- enduser
Note String Application notes for end users.
- groups List<String>
Groups associated with the application.
The direct configuration of groups in this app resource is deprecated, please ensure you use the resource
okta_app_group_assignmentsfor this functionality.- hide
Ios Boolean Do not display application icon on mobile app. Default is:
false- hide
Web Boolean Do not display application icon to users. Default is:
false- honor
Force BooleanAuthn Prompt user to re-authenticate if SP asks for it. Default is:
false- idp
Issuer String SAML issuer ID.
- implicit
Assignment Boolean Early Access Property. Enables Federation Broker Mode. When this mode is enabled,
usersandgroupsarguments are ignored.- inline
Hook StringId Saml Inline Hook associated with the application.
- key
Name String Certificate name. This modulates the rotation of keys. New name == new key. Required to be set with
key_years_valid.- key
Years NumberValid Number of years the certificate is valid (2 - 10 years).
- logo String
Local file path to the logo. The file must be in PNG, JPG, or GIF format, and less than 1 MB in size.
- preconfigured
App String name of application from the Okta Integration Network, if not included a custom app will be created. If not provided the following arguments are required:
- recipient String
The location where the app may present the SAML assertion.
- request
Compressed Boolean Denotes whether the request is compressed or not.
- response
Signed Boolean Determines whether the SAML auth response message is digitally signed.
- saml
Signed BooleanRequest Enabled SAML Signed Request enabled
- saml
Version String SAML version for the app's sign-on mode. Valid values are:
"2.0"or"1.1". Default is"2.0".- signature
Algorithm String Signature algorithm used ot digitally sign the assertion and response.
- single
Logout StringCertificate x509 encoded certificate that the Service Provider uses to sign Single Logout requests. Note: should be provided without
-----BEGIN CERTIFICATE-----and-----END CERTIFICATE-----, see official documentation.- single
Logout StringIssuer The issuer of the Service Provider that generates the Single Logout request.
- single
Logout StringUrl The location where the logout response is sent.
- skip
Groups Boolean Indicator that allows the app to skip
groupssync (it can also be provided during import). Default isfalse.- skip
Users Boolean Indicator that allows the app to skip
userssync (it can also be provided during import). Default isfalse.- sp
Issuer String SAML service provider issuer.
- sso
Url String Single Sign-on Url.
- status String
status of application.
- subject
Name StringId Format Identifies the SAML processing rules.
- subject
Name StringId Template Template for app user's username when a user is assigned to the app.
- user
Name StringTemplate Username template. Default is:
"${source.login}"- user
Name StringTemplate Push Status Push username on update. Valid values:
"PUSH"and"DONT_PUSH".- user
Name StringTemplate Suffix Username template suffix.
- user
Name StringTemplate Type Username template type. Default is:
"BUILT_IN".- users List<Property Map>
Users associated with the application.
The direct configuration of users in this app resource is deprecated, please ensure you use the resource
okta_app_userfor this functionality.
Outputs
All input properties are implicitly available as output properties. Additionally, the Saml resource produces the following output properties:
- Certificate string
The raw signing certificate.
- Embed
Url string Url that can be used to embed this application into another portal.
- Entity
Key string Entity ID, the ID portion of the
entity_url.- Entity
Url string Entity URL for instance http://www.okta.com/exk1fcia6d6EMsf331d8.
- Features List<string>
features enabled. Notice: you can't currently configure provisioning features via the API.
- Http
Post stringBinding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Postlocation from the SAML metadata.- Http
Redirect stringBinding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirectlocation from the SAML metadata.- Id string
The provider-assigned unique ID for this managed resource.
- Key
Id string Certificate key ID.
- Keys
List<Saml
Key> An array of all key credentials for the application. Format of each entry is as follows:
- Logo
Url string Direct link of application logo.
- Metadata string
The raw SAML metadata in XML.
- Metadata
Url string SAML xml metadata URL.
- Name string
The name of the attribute statement.
- Sign
On stringMode Sign-on mode of application.
- Certificate string
The raw signing certificate.
- Embed
Url string Url that can be used to embed this application into another portal.
- Entity
Key string Entity ID, the ID portion of the
entity_url.- Entity
Url string Entity URL for instance http://www.okta.com/exk1fcia6d6EMsf331d8.
- Features []string
features enabled. Notice: you can't currently configure provisioning features via the API.
- Http
Post stringBinding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Postlocation from the SAML metadata.- Http
Redirect stringBinding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirectlocation from the SAML metadata.- Id string
The provider-assigned unique ID for this managed resource.
- Key
Id string Certificate key ID.
- Keys
[]Saml
Key An array of all key credentials for the application. Format of each entry is as follows:
- Logo
Url string Direct link of application logo.
- Metadata string
The raw SAML metadata in XML.
- Metadata
Url string SAML xml metadata URL.
- Name string
The name of the attribute statement.
- Sign
On stringMode Sign-on mode of application.
- certificate String
The raw signing certificate.
- embed
Url String Url that can be used to embed this application into another portal.
- entity
Key String Entity ID, the ID portion of the
entity_url.- entity
Url String Entity URL for instance http://www.okta.com/exk1fcia6d6EMsf331d8.
- features List<String>
features enabled. Notice: you can't currently configure provisioning features via the API.
- http
Post StringBinding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Postlocation from the SAML metadata.- http
Redirect StringBinding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirectlocation from the SAML metadata.- id String
The provider-assigned unique ID for this managed resource.
- key
Id String Certificate key ID.
- keys
List<Saml
Key> An array of all key credentials for the application. Format of each entry is as follows:
- logo
Url String Direct link of application logo.
- metadata String
The raw SAML metadata in XML.
- metadata
Url String SAML xml metadata URL.
- name String
The name of the attribute statement.
- sign
On StringMode Sign-on mode of application.
- certificate string
The raw signing certificate.
- embed
Url string Url that can be used to embed this application into another portal.
- entity
Key string Entity ID, the ID portion of the
entity_url.- entity
Url string Entity URL for instance http://www.okta.com/exk1fcia6d6EMsf331d8.
- features string[]
features enabled. Notice: you can't currently configure provisioning features via the API.
- http
Post stringBinding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Postlocation from the SAML metadata.- http
Redirect stringBinding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirectlocation from the SAML metadata.- id string
The provider-assigned unique ID for this managed resource.
- key
Id string Certificate key ID.
- keys
Saml
Key[] An array of all key credentials for the application. Format of each entry is as follows:
- logo
Url string Direct link of application logo.
- metadata string
The raw SAML metadata in XML.
- metadata
Url string SAML xml metadata URL.
- name string
The name of the attribute statement.
- sign
On stringMode Sign-on mode of application.
- certificate str
The raw signing certificate.
- embed_
url str Url that can be used to embed this application into another portal.
- entity_
key str Entity ID, the ID portion of the
entity_url.- entity_
url str Entity URL for instance http://www.okta.com/exk1fcia6d6EMsf331d8.
- features Sequence[str]
features enabled. Notice: you can't currently configure provisioning features via the API.
- http_
post_ strbinding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Postlocation from the SAML metadata.- http_
redirect_ strbinding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirectlocation from the SAML metadata.- id str
The provider-assigned unique ID for this managed resource.
- key_
id str Certificate key ID.
- keys
Sequence[Saml
Key] An array of all key credentials for the application. Format of each entry is as follows:
- logo_
url str Direct link of application logo.
- metadata str
The raw SAML metadata in XML.
- metadata_
url str SAML xml metadata URL.
- name str
The name of the attribute statement.
- sign_
on_ strmode Sign-on mode of application.
- certificate String
The raw signing certificate.
- embed
Url String Url that can be used to embed this application into another portal.
- entity
Key String Entity ID, the ID portion of the
entity_url.- entity
Url String Entity URL for instance http://www.okta.com/exk1fcia6d6EMsf331d8.
- features List<String>
features enabled. Notice: you can't currently configure provisioning features via the API.
- http
Post StringBinding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Postlocation from the SAML metadata.- http
Redirect StringBinding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirectlocation from the SAML metadata.- id String
The provider-assigned unique ID for this managed resource.
- key
Id String Certificate key ID.
- keys List<Property Map>
An array of all key credentials for the application. Format of each entry is as follows:
- logo
Url String Direct link of application logo.
- metadata String
The raw SAML metadata in XML.
- metadata
Url String SAML xml metadata URL.
- name String
The name of the attribute statement.
- sign
On StringMode Sign-on mode of application.
Look up Existing Saml Resource
Get an existing Saml resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: SamlState, opts?: CustomResourceOptions): Saml@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
accessibility_error_redirect_url: Optional[str] = None,
accessibility_login_redirect_url: Optional[str] = None,
accessibility_self_service: Optional[bool] = None,
acs_endpoints: Optional[Sequence[str]] = None,
admin_note: Optional[str] = None,
app_links_json: Optional[str] = None,
app_settings_json: Optional[str] = None,
assertion_signed: Optional[bool] = None,
attribute_statements: Optional[Sequence[SamlAttributeStatementArgs]] = None,
audience: Optional[str] = None,
authentication_policy: Optional[str] = None,
authn_context_class_ref: Optional[str] = None,
auto_submit_toolbar: Optional[bool] = None,
certificate: Optional[str] = None,
default_relay_state: Optional[str] = None,
destination: Optional[str] = None,
digest_algorithm: Optional[str] = None,
embed_url: Optional[str] = None,
enduser_note: Optional[str] = None,
entity_key: Optional[str] = None,
entity_url: Optional[str] = None,
features: Optional[Sequence[str]] = None,
groups: Optional[Sequence[str]] = None,
hide_ios: Optional[bool] = None,
hide_web: Optional[bool] = None,
honor_force_authn: Optional[bool] = None,
http_post_binding: Optional[str] = None,
http_redirect_binding: Optional[str] = None,
idp_issuer: Optional[str] = None,
implicit_assignment: Optional[bool] = None,
inline_hook_id: Optional[str] = None,
key_id: Optional[str] = None,
key_name: Optional[str] = None,
key_years_valid: Optional[int] = None,
keys: Optional[Sequence[SamlKeyArgs]] = None,
label: Optional[str] = None,
logo: Optional[str] = None,
logo_url: Optional[str] = None,
metadata: Optional[str] = None,
metadata_url: Optional[str] = None,
name: Optional[str] = None,
preconfigured_app: Optional[str] = None,
recipient: Optional[str] = None,
request_compressed: Optional[bool] = None,
response_signed: Optional[bool] = None,
saml_signed_request_enabled: Optional[bool] = None,
saml_version: Optional[str] = None,
sign_on_mode: Optional[str] = None,
signature_algorithm: Optional[str] = None,
single_logout_certificate: Optional[str] = None,
single_logout_issuer: Optional[str] = None,
single_logout_url: Optional[str] = None,
skip_groups: Optional[bool] = None,
skip_users: Optional[bool] = None,
sp_issuer: Optional[str] = None,
sso_url: Optional[str] = None,
status: Optional[str] = None,
subject_name_id_format: Optional[str] = None,
subject_name_id_template: Optional[str] = None,
user_name_template: Optional[str] = None,
user_name_template_push_status: Optional[str] = None,
user_name_template_suffix: Optional[str] = None,
user_name_template_type: Optional[str] = None,
users: Optional[Sequence[SamlUserArgs]] = None) -> Samlfunc GetSaml(ctx *Context, name string, id IDInput, state *SamlState, opts ...ResourceOption) (*Saml, error)public static Saml Get(string name, Input<string> id, SamlState? state, CustomResourceOptions? opts = null)public static Saml get(String name, Output<String> id, SamlState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Accessibility
Error stringRedirect Url Custom error page URL.
- Accessibility
Login stringRedirect Url Custom login page for this application.
- Accessibility
Self boolService Enable self-service. Default is:
false.- Acs
Endpoints List<string> An array of ACS endpoints. You can configure a maximum of 100 endpoints.
- Admin
Note string Application notes for admins.
- App
Links stringJson Displays specific appLinks for the app. The value for each application link should be boolean.
- App
Settings stringJson Application settings in JSON format.
- Assertion
Signed bool Determines whether the SAML assertion is digitally signed.
- Attribute
Statements List<SamlAttribute Statement Args> List of SAML Attribute statements.
- Audience string
Audience Restriction
- Authentication
Policy string The ID of the associated
app_signon_policy. If this property is removed from the application thedefaultsign-on-policy will be associated with this application.- Authn
Context stringClass Ref Identifies the SAML authentication context class for the assertion’s authentication statement
- Auto
Submit boolToolbar Display auto submit toolbar. Default is:
false- Certificate string
The raw signing certificate.
- Default
Relay stringState Identifies a specific application resource in an IDP initiated SSO scenario.
- Destination string
Identifies the location where the SAML response is intended to be sent inside of the SAML assertion
- Digest
Algorithm string Determines the digest algorithm used to digitally sign the SAML assertion and response
- Embed
Url string Url that can be used to embed this application into another portal.
- Enduser
Note string Application notes for end users.
- Entity
Key string Entity ID, the ID portion of the
entity_url.- Entity
Url string Entity URL for instance http://www.okta.com/exk1fcia6d6EMsf331d8.
- Features List<string>
features enabled. Notice: you can't currently configure provisioning features via the API.
- Groups List<string>
Groups associated with the application.
The direct configuration of groups in this app resource is deprecated, please ensure you use the resource
okta_app_group_assignmentsfor this functionality.- Hide
Ios bool Do not display application icon on mobile app. Default is:
false- Hide
Web bool Do not display application icon to users. Default is:
false- Honor
Force boolAuthn Prompt user to re-authenticate if SP asks for it. Default is:
false- Http
Post stringBinding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Postlocation from the SAML metadata.- Http
Redirect stringBinding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirectlocation from the SAML metadata.- Idp
Issuer string SAML issuer ID.
- Implicit
Assignment bool Early Access Property. Enables Federation Broker Mode. When this mode is enabled,
usersandgroupsarguments are ignored.- Inline
Hook stringId Saml Inline Hook associated with the application.
- Key
Id string Certificate key ID.
- Key
Name string Certificate name. This modulates the rotation of keys. New name == new key. Required to be set with
key_years_valid.- Key
Years intValid Number of years the certificate is valid (2 - 10 years).
- Keys
List<Saml
Key Args> An array of all key credentials for the application. Format of each entry is as follows:
- Label string
label of application.
- Logo string
Local file path to the logo. The file must be in PNG, JPG, or GIF format, and less than 1 MB in size.
- Logo
Url string Direct link of application logo.
- Metadata string
The raw SAML metadata in XML.
- Metadata
Url string SAML xml metadata URL.
- Name string
The name of the attribute statement.
- Preconfigured
App string name of application from the Okta Integration Network, if not included a custom app will be created. If not provided the following arguments are required:
- Recipient string
The location where the app may present the SAML assertion.
- Request
Compressed bool Denotes whether the request is compressed or not.
- Response
Signed bool Determines whether the SAML auth response message is digitally signed.
- Saml
Signed boolRequest Enabled SAML Signed Request enabled
- Saml
Version string SAML version for the app's sign-on mode. Valid values are:
"2.0"or"1.1". Default is"2.0".- Sign
On stringMode Sign-on mode of application.
- Signature
Algorithm string Signature algorithm used ot digitally sign the assertion and response.
- Single
Logout stringCertificate x509 encoded certificate that the Service Provider uses to sign Single Logout requests. Note: should be provided without
-----BEGIN CERTIFICATE-----and-----END CERTIFICATE-----, see official documentation.- Single
Logout stringIssuer The issuer of the Service Provider that generates the Single Logout request.
- Single
Logout stringUrl The location where the logout response is sent.
- Skip
Groups bool Indicator that allows the app to skip
groupssync (it can also be provided during import). Default isfalse.- Skip
Users bool Indicator that allows the app to skip
userssync (it can also be provided during import). Default isfalse.- Sp
Issuer string SAML service provider issuer.
- Sso
Url string Single Sign-on Url.
- Status string
status of application.
- Subject
Name stringId Format Identifies the SAML processing rules.
- Subject
Name stringId Template Template for app user's username when a user is assigned to the app.
- User
Name stringTemplate Username template. Default is:
"${source.login}"- User
Name stringTemplate Push Status Push username on update. Valid values:
"PUSH"and"DONT_PUSH".- User
Name stringTemplate Suffix Username template suffix.
- User
Name stringTemplate Type Username template type. Default is:
"BUILT_IN".- Users
List<Saml
User Args> Users associated with the application.
The direct configuration of users in this app resource is deprecated, please ensure you use the resource
okta_app_userfor this functionality.
- Accessibility
Error stringRedirect Url Custom error page URL.
- Accessibility
Login stringRedirect Url Custom login page for this application.
- Accessibility
Self boolService Enable self-service. Default is:
false.- Acs
Endpoints []string An array of ACS endpoints. You can configure a maximum of 100 endpoints.
- Admin
Note string Application notes for admins.
- App
Links stringJson Displays specific appLinks for the app. The value for each application link should be boolean.
- App
Settings stringJson Application settings in JSON format.
- Assertion
Signed bool Determines whether the SAML assertion is digitally signed.
- Attribute
Statements []SamlAttribute Statement Args List of SAML Attribute statements.
- Audience string
Audience Restriction
- Authentication
Policy string The ID of the associated
app_signon_policy. If this property is removed from the application thedefaultsign-on-policy will be associated with this application.- Authn
Context stringClass Ref Identifies the SAML authentication context class for the assertion’s authentication statement
- Auto
Submit boolToolbar Display auto submit toolbar. Default is:
false- Certificate string
The raw signing certificate.
- Default
Relay stringState Identifies a specific application resource in an IDP initiated SSO scenario.
- Destination string
Identifies the location where the SAML response is intended to be sent inside of the SAML assertion
- Digest
Algorithm string Determines the digest algorithm used to digitally sign the SAML assertion and response
- Embed
Url string Url that can be used to embed this application into another portal.
- Enduser
Note string Application notes for end users.
- Entity
Key string Entity ID, the ID portion of the
entity_url.- Entity
Url string Entity URL for instance http://www.okta.com/exk1fcia6d6EMsf331d8.
- Features []string
features enabled. Notice: you can't currently configure provisioning features via the API.
- Groups []string
Groups associated with the application.
The direct configuration of groups in this app resource is deprecated, please ensure you use the resource
okta_app_group_assignmentsfor this functionality.- Hide
Ios bool Do not display application icon on mobile app. Default is:
false- Hide
Web bool Do not display application icon to users. Default is:
false- Honor
Force boolAuthn Prompt user to re-authenticate if SP asks for it. Default is:
false- Http
Post stringBinding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Postlocation from the SAML metadata.- Http
Redirect stringBinding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirectlocation from the SAML metadata.- Idp
Issuer string SAML issuer ID.
- Implicit
Assignment bool Early Access Property. Enables Federation Broker Mode. When this mode is enabled,
usersandgroupsarguments are ignored.- Inline
Hook stringId Saml Inline Hook associated with the application.
- Key
Id string Certificate key ID.
- Key
Name string Certificate name. This modulates the rotation of keys. New name == new key. Required to be set with
key_years_valid.- Key
Years intValid Number of years the certificate is valid (2 - 10 years).
- Keys
[]Saml
Key Args An array of all key credentials for the application. Format of each entry is as follows:
- Label string
label of application.
- Logo string
Local file path to the logo. The file must be in PNG, JPG, or GIF format, and less than 1 MB in size.
- Logo
Url string Direct link of application logo.
- Metadata string
The raw SAML metadata in XML.
- Metadata
Url string SAML xml metadata URL.
- Name string
The name of the attribute statement.
- Preconfigured
App string name of application from the Okta Integration Network, if not included a custom app will be created. If not provided the following arguments are required:
- Recipient string
The location where the app may present the SAML assertion.
- Request
Compressed bool Denotes whether the request is compressed or not.
- Response
Signed bool Determines whether the SAML auth response message is digitally signed.
- Saml
Signed boolRequest Enabled SAML Signed Request enabled
- Saml
Version string SAML version for the app's sign-on mode. Valid values are:
"2.0"or"1.1". Default is"2.0".- Sign
On stringMode Sign-on mode of application.
- Signature
Algorithm string Signature algorithm used ot digitally sign the assertion and response.
- Single
Logout stringCertificate x509 encoded certificate that the Service Provider uses to sign Single Logout requests. Note: should be provided without
-----BEGIN CERTIFICATE-----and-----END CERTIFICATE-----, see official documentation.- Single
Logout stringIssuer The issuer of the Service Provider that generates the Single Logout request.
- Single
Logout stringUrl The location where the logout response is sent.
- Skip
Groups bool Indicator that allows the app to skip
groupssync (it can also be provided during import). Default isfalse.- Skip
Users bool Indicator that allows the app to skip
userssync (it can also be provided during import). Default isfalse.- Sp
Issuer string SAML service provider issuer.
- Sso
Url string Single Sign-on Url.
- Status string
status of application.
- Subject
Name stringId Format Identifies the SAML processing rules.
- Subject
Name stringId Template Template for app user's username when a user is assigned to the app.
- User
Name stringTemplate Username template. Default is:
"${source.login}"- User
Name stringTemplate Push Status Push username on update. Valid values:
"PUSH"and"DONT_PUSH".- User
Name stringTemplate Suffix Username template suffix.
- User
Name stringTemplate Type Username template type. Default is:
"BUILT_IN".- Users
[]Saml
User Args Users associated with the application.
The direct configuration of users in this app resource is deprecated, please ensure you use the resource
okta_app_userfor this functionality.
- accessibility
Error StringRedirect Url Custom error page URL.
- accessibility
Login StringRedirect Url Custom login page for this application.
- accessibility
Self BooleanService Enable self-service. Default is:
false.- acs
Endpoints List<String> An array of ACS endpoints. You can configure a maximum of 100 endpoints.
- admin
Note String Application notes for admins.
- app
Links StringJson Displays specific appLinks for the app. The value for each application link should be boolean.
- app
Settings StringJson Application settings in JSON format.
- assertion
Signed Boolean Determines whether the SAML assertion is digitally signed.
- attribute
Statements List<SamlAttribute Statement Args> List of SAML Attribute statements.
- audience String
Audience Restriction
- authentication
Policy String The ID of the associated
app_signon_policy. If this property is removed from the application thedefaultsign-on-policy will be associated with this application.- authn
Context StringClass Ref Identifies the SAML authentication context class for the assertion’s authentication statement
- auto
Submit BooleanToolbar Display auto submit toolbar. Default is:
false- certificate String
The raw signing certificate.
- default
Relay StringState Identifies a specific application resource in an IDP initiated SSO scenario.
- destination String
Identifies the location where the SAML response is intended to be sent inside of the SAML assertion
- digest
Algorithm String Determines the digest algorithm used to digitally sign the SAML assertion and response
- embed
Url String Url that can be used to embed this application into another portal.
- enduser
Note String Application notes for end users.
- entity
Key String Entity ID, the ID portion of the
entity_url.- entity
Url String Entity URL for instance http://www.okta.com/exk1fcia6d6EMsf331d8.
- features List<String>
features enabled. Notice: you can't currently configure provisioning features via the API.
- groups List<String>
Groups associated with the application.
The direct configuration of groups in this app resource is deprecated, please ensure you use the resource
okta_app_group_assignmentsfor this functionality.- hide
Ios Boolean Do not display application icon on mobile app. Default is:
false- hide
Web Boolean Do not display application icon to users. Default is:
false- honor
Force BooleanAuthn Prompt user to re-authenticate if SP asks for it. Default is:
false- http
Post StringBinding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Postlocation from the SAML metadata.- http
Redirect StringBinding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirectlocation from the SAML metadata.- idp
Issuer String SAML issuer ID.
- implicit
Assignment Boolean Early Access Property. Enables Federation Broker Mode. When this mode is enabled,
usersandgroupsarguments are ignored.- inline
Hook StringId Saml Inline Hook associated with the application.
- key
Id String Certificate key ID.
- key
Name String Certificate name. This modulates the rotation of keys. New name == new key. Required to be set with
key_years_valid.- key
Years IntegerValid Number of years the certificate is valid (2 - 10 years).
- keys
List<Saml
Key Args> An array of all key credentials for the application. Format of each entry is as follows:
- label String
label of application.
- logo String
Local file path to the logo. The file must be in PNG, JPG, or GIF format, and less than 1 MB in size.
- logo
Url String Direct link of application logo.
- metadata String
The raw SAML metadata in XML.
- metadata
Url String SAML xml metadata URL.
- name String
The name of the attribute statement.
- preconfigured
App String name of application from the Okta Integration Network, if not included a custom app will be created. If not provided the following arguments are required:
- recipient String
The location where the app may present the SAML assertion.
- request
Compressed Boolean Denotes whether the request is compressed or not.
- response
Signed Boolean Determines whether the SAML auth response message is digitally signed.
- saml
Signed BooleanRequest Enabled SAML Signed Request enabled
- saml
Version String SAML version for the app's sign-on mode. Valid values are:
"2.0"or"1.1". Default is"2.0".- sign
On StringMode Sign-on mode of application.
- signature
Algorithm String Signature algorithm used ot digitally sign the assertion and response.
- single
Logout StringCertificate x509 encoded certificate that the Service Provider uses to sign Single Logout requests. Note: should be provided without
-----BEGIN CERTIFICATE-----and-----END CERTIFICATE-----, see official documentation.- single
Logout StringIssuer The issuer of the Service Provider that generates the Single Logout request.
- single
Logout StringUrl The location where the logout response is sent.
- skip
Groups Boolean Indicator that allows the app to skip
groupssync (it can also be provided during import). Default isfalse.- skip
Users Boolean Indicator that allows the app to skip
userssync (it can also be provided during import). Default isfalse.- sp
Issuer String SAML service provider issuer.
- sso
Url String Single Sign-on Url.
- status String
status of application.
- subject
Name StringId Format Identifies the SAML processing rules.
- subject
Name StringId Template Template for app user's username when a user is assigned to the app.
- user
Name StringTemplate Username template. Default is:
"${source.login}"- user
Name StringTemplate Push Status Push username on update. Valid values:
"PUSH"and"DONT_PUSH".- user
Name StringTemplate Suffix Username template suffix.
- user
Name StringTemplate Type Username template type. Default is:
"BUILT_IN".- users
List<Saml
User Args> Users associated with the application.
The direct configuration of users in this app resource is deprecated, please ensure you use the resource
okta_app_userfor this functionality.
- accessibility
Error stringRedirect Url Custom error page URL.
- accessibility
Login stringRedirect Url Custom login page for this application.
- accessibility
Self booleanService Enable self-service. Default is:
false.- acs
Endpoints string[] An array of ACS endpoints. You can configure a maximum of 100 endpoints.
- admin
Note string Application notes for admins.
- app
Links stringJson Displays specific appLinks for the app. The value for each application link should be boolean.
- app
Settings stringJson Application settings in JSON format.
- assertion
Signed boolean Determines whether the SAML assertion is digitally signed.
- attribute
Statements SamlAttribute Statement Args[] List of SAML Attribute statements.
- audience string
Audience Restriction
- authentication
Policy string The ID of the associated
app_signon_policy. If this property is removed from the application thedefaultsign-on-policy will be associated with this application.- authn
Context stringClass Ref Identifies the SAML authentication context class for the assertion’s authentication statement
- auto
Submit booleanToolbar Display auto submit toolbar. Default is:
false- certificate string
The raw signing certificate.
- default
Relay stringState Identifies a specific application resource in an IDP initiated SSO scenario.
- destination string
Identifies the location where the SAML response is intended to be sent inside of the SAML assertion
- digest
Algorithm string Determines the digest algorithm used to digitally sign the SAML assertion and response
- embed
Url string Url that can be used to embed this application into another portal.
- enduser
Note string Application notes for end users.
- entity
Key string Entity ID, the ID portion of the
entity_url.- entity
Url string Entity URL for instance http://www.okta.com/exk1fcia6d6EMsf331d8.
- features string[]
features enabled. Notice: you can't currently configure provisioning features via the API.
- groups string[]
Groups associated with the application.
The direct configuration of groups in this app resource is deprecated, please ensure you use the resource
okta_app_group_assignmentsfor this functionality.- hide
Ios boolean Do not display application icon on mobile app. Default is:
false- hide
Web boolean Do not display application icon to users. Default is:
false- honor
Force booleanAuthn Prompt user to re-authenticate if SP asks for it. Default is:
false- http
Post stringBinding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Postlocation from the SAML metadata.- http
Redirect stringBinding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirectlocation from the SAML metadata.- idp
Issuer string SAML issuer ID.
- implicit
Assignment boolean Early Access Property. Enables Federation Broker Mode. When this mode is enabled,
usersandgroupsarguments are ignored.- inline
Hook stringId Saml Inline Hook associated with the application.
- key
Id string Certificate key ID.
- key
Name string Certificate name. This modulates the rotation of keys. New name == new key. Required to be set with
key_years_valid.- key
Years numberValid Number of years the certificate is valid (2 - 10 years).
- keys
Saml
Key Args[] An array of all key credentials for the application. Format of each entry is as follows:
- label string
label of application.
- logo string
Local file path to the logo. The file must be in PNG, JPG, or GIF format, and less than 1 MB in size.
- logo
Url string Direct link of application logo.
- metadata string
The raw SAML metadata in XML.
- metadata
Url string SAML xml metadata URL.
- name string
The name of the attribute statement.
- preconfigured
App string name of application from the Okta Integration Network, if not included a custom app will be created. If not provided the following arguments are required:
- recipient string
The location where the app may present the SAML assertion.
- request
Compressed boolean Denotes whether the request is compressed or not.
- response
Signed boolean Determines whether the SAML auth response message is digitally signed.
- saml
Signed booleanRequest Enabled SAML Signed Request enabled
- saml
Version string SAML version for the app's sign-on mode. Valid values are:
"2.0"or"1.1". Default is"2.0".- sign
On stringMode Sign-on mode of application.
- signature
Algorithm string Signature algorithm used ot digitally sign the assertion and response.
- single
Logout stringCertificate x509 encoded certificate that the Service Provider uses to sign Single Logout requests. Note: should be provided without
-----BEGIN CERTIFICATE-----and-----END CERTIFICATE-----, see official documentation.- single
Logout stringIssuer The issuer of the Service Provider that generates the Single Logout request.
- single
Logout stringUrl The location where the logout response is sent.
- skip
Groups boolean Indicator that allows the app to skip
groupssync (it can also be provided during import). Default isfalse.- skip
Users boolean Indicator that allows the app to skip
userssync (it can also be provided during import). Default isfalse.- sp
Issuer string SAML service provider issuer.
- sso
Url string Single Sign-on Url.
- status string
status of application.
- subject
Name stringId Format Identifies the SAML processing rules.
- subject
Name stringId Template Template for app user's username when a user is assigned to the app.
- user
Name stringTemplate Username template. Default is:
"${source.login}"- user
Name stringTemplate Push Status Push username on update. Valid values:
"PUSH"and"DONT_PUSH".- user
Name stringTemplate Suffix Username template suffix.
- user
Name stringTemplate Type Username template type. Default is:
"BUILT_IN".- users
Saml
User Args[] Users associated with the application.
The direct configuration of users in this app resource is deprecated, please ensure you use the resource
okta_app_userfor this functionality.
- accessibility_
error_ strredirect_ url Custom error page URL.
- accessibility_
login_ strredirect_ url Custom login page for this application.
- accessibility_
self_ boolservice Enable self-service. Default is:
false.- acs_
endpoints Sequence[str] An array of ACS endpoints. You can configure a maximum of 100 endpoints.
- admin_
note str Application notes for admins.
- app_
links_ strjson Displays specific appLinks for the app. The value for each application link should be boolean.
- app_
settings_ strjson Application settings in JSON format.
- assertion_
signed bool Determines whether the SAML assertion is digitally signed.
- attribute_
statements Sequence[SamlAttribute Statement Args] List of SAML Attribute statements.
- audience str
Audience Restriction
- authentication_
policy str The ID of the associated
app_signon_policy. If this property is removed from the application thedefaultsign-on-policy will be associated with this application.- authn_
context_ strclass_ ref Identifies the SAML authentication context class for the assertion’s authentication statement
- auto_
submit_ booltoolbar Display auto submit toolbar. Default is:
false- certificate str
The raw signing certificate.
- default_
relay_ strstate Identifies a specific application resource in an IDP initiated SSO scenario.
- destination str
Identifies the location where the SAML response is intended to be sent inside of the SAML assertion
- digest_
algorithm str Determines the digest algorithm used to digitally sign the SAML assertion and response
- embed_
url str Url that can be used to embed this application into another portal.
- enduser_
note str Application notes for end users.
- entity_
key str Entity ID, the ID portion of the
entity_url.- entity_
url str Entity URL for instance http://www.okta.com/exk1fcia6d6EMsf331d8.
- features Sequence[str]
features enabled. Notice: you can't currently configure provisioning features via the API.
- groups Sequence[str]
Groups associated with the application.
The direct configuration of groups in this app resource is deprecated, please ensure you use the resource
okta_app_group_assignmentsfor this functionality.- hide_
ios bool Do not display application icon on mobile app. Default is:
false- hide_
web bool Do not display application icon to users. Default is:
false- honor_
force_ boolauthn Prompt user to re-authenticate if SP asks for it. Default is:
false- http_
post_ strbinding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Postlocation from the SAML metadata.- http_
redirect_ strbinding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirectlocation from the SAML metadata.- idp_
issuer str SAML issuer ID.
- implicit_
assignment bool Early Access Property. Enables Federation Broker Mode. When this mode is enabled,
usersandgroupsarguments are ignored.- inline_
hook_ strid Saml Inline Hook associated with the application.
- key_
id str Certificate key ID.
- key_
name str Certificate name. This modulates the rotation of keys. New name == new key. Required to be set with
key_years_valid.- key_
years_ intvalid Number of years the certificate is valid (2 - 10 years).
- keys
Sequence[Saml
Key Args] An array of all key credentials for the application. Format of each entry is as follows:
- label str
label of application.
- logo str
Local file path to the logo. The file must be in PNG, JPG, or GIF format, and less than 1 MB in size.
- logo_
url str Direct link of application logo.
- metadata str
The raw SAML metadata in XML.
- metadata_
url str SAML xml metadata URL.
- name str
The name of the attribute statement.
- preconfigured_
app str name of application from the Okta Integration Network, if not included a custom app will be created. If not provided the following arguments are required:
- recipient str
The location where the app may present the SAML assertion.
- request_
compressed bool Denotes whether the request is compressed or not.
- response_
signed bool Determines whether the SAML auth response message is digitally signed.
- saml_
signed_ boolrequest_ enabled SAML Signed Request enabled
- saml_
version str SAML version for the app's sign-on mode. Valid values are:
"2.0"or"1.1". Default is"2.0".- sign_
on_ strmode Sign-on mode of application.
- signature_
algorithm str Signature algorithm used ot digitally sign the assertion and response.
- single_
logout_ strcertificate x509 encoded certificate that the Service Provider uses to sign Single Logout requests. Note: should be provided without
-----BEGIN CERTIFICATE-----and-----END CERTIFICATE-----, see official documentation.- single_
logout_ strissuer The issuer of the Service Provider that generates the Single Logout request.
- single_
logout_ strurl The location where the logout response is sent.
- skip_
groups bool Indicator that allows the app to skip
groupssync (it can also be provided during import). Default isfalse.- skip_
users bool Indicator that allows the app to skip
userssync (it can also be provided during import). Default isfalse.- sp_
issuer str SAML service provider issuer.
- sso_
url str Single Sign-on Url.
- status str
status of application.
- subject_
name_ strid_ format Identifies the SAML processing rules.
- subject_
name_ strid_ template Template for app user's username when a user is assigned to the app.
- user_
name_ strtemplate Username template. Default is:
"${source.login}"- user_
name_ strtemplate_ push_ status Push username on update. Valid values:
"PUSH"and"DONT_PUSH".- user_
name_ strtemplate_ suffix Username template suffix.
- user_
name_ strtemplate_ type Username template type. Default is:
"BUILT_IN".- users
Sequence[Saml
User Args] Users associated with the application.
The direct configuration of users in this app resource is deprecated, please ensure you use the resource
okta_app_userfor this functionality.
- accessibility
Error StringRedirect Url Custom error page URL.
- accessibility
Login StringRedirect Url Custom login page for this application.
- accessibility
Self BooleanService Enable self-service. Default is:
false.- acs
Endpoints List<String> An array of ACS endpoints. You can configure a maximum of 100 endpoints.
- admin
Note String Application notes for admins.
- app
Links StringJson Displays specific appLinks for the app. The value for each application link should be boolean.
- app
Settings StringJson Application settings in JSON format.
- assertion
Signed Boolean Determines whether the SAML assertion is digitally signed.
- attribute
Statements List<Property Map> List of SAML Attribute statements.
- audience String
Audience Restriction
- authentication
Policy String The ID of the associated
app_signon_policy. If this property is removed from the application thedefaultsign-on-policy will be associated with this application.- authn
Context StringClass Ref Identifies the SAML authentication context class for the assertion’s authentication statement
- auto
Submit BooleanToolbar Display auto submit toolbar. Default is:
false- certificate String
The raw signing certificate.
- default
Relay StringState Identifies a specific application resource in an IDP initiated SSO scenario.
- destination String
Identifies the location where the SAML response is intended to be sent inside of the SAML assertion
- digest
Algorithm String Determines the digest algorithm used to digitally sign the SAML assertion and response
- embed
Url String Url that can be used to embed this application into another portal.
- enduser
Note String Application notes for end users.
- entity
Key String Entity ID, the ID portion of the
entity_url.- entity
Url String Entity URL for instance http://www.okta.com/exk1fcia6d6EMsf331d8.
- features List<String>
features enabled. Notice: you can't currently configure provisioning features via the API.
- groups List<String>
Groups associated with the application.
The direct configuration of groups in this app resource is deprecated, please ensure you use the resource
okta_app_group_assignmentsfor this functionality.- hide
Ios Boolean Do not display application icon on mobile app. Default is:
false- hide
Web Boolean Do not display application icon to users. Default is:
false- honor
Force BooleanAuthn Prompt user to re-authenticate if SP asks for it. Default is:
false- http
Post StringBinding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Postlocation from the SAML metadata.- http
Redirect StringBinding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirectlocation from the SAML metadata.- idp
Issuer String SAML issuer ID.
- implicit
Assignment Boolean Early Access Property. Enables Federation Broker Mode. When this mode is enabled,
usersandgroupsarguments are ignored.- inline
Hook StringId Saml Inline Hook associated with the application.
- key
Id String Certificate key ID.
- key
Name String Certificate name. This modulates the rotation of keys. New name == new key. Required to be set with
key_years_valid.- key
Years NumberValid Number of years the certificate is valid (2 - 10 years).
- keys List<Property Map>
An array of all key credentials for the application. Format of each entry is as follows:
- label String
label of application.
- logo String
Local file path to the logo. The file must be in PNG, JPG, or GIF format, and less than 1 MB in size.
- logo
Url String Direct link of application logo.
- metadata String
The raw SAML metadata in XML.
- metadata
Url String SAML xml metadata URL.
- name String
The name of the attribute statement.
- preconfigured
App String name of application from the Okta Integration Network, if not included a custom app will be created. If not provided the following arguments are required:
- recipient String
The location where the app may present the SAML assertion.
- request
Compressed Boolean Denotes whether the request is compressed or not.
- response
Signed Boolean Determines whether the SAML auth response message is digitally signed.
- saml
Signed BooleanRequest Enabled SAML Signed Request enabled
- saml
Version String SAML version for the app's sign-on mode. Valid values are:
"2.0"or"1.1". Default is"2.0".- sign
On StringMode Sign-on mode of application.
- signature
Algorithm String Signature algorithm used ot digitally sign the assertion and response.
- single
Logout StringCertificate x509 encoded certificate that the Service Provider uses to sign Single Logout requests. Note: should be provided without
-----BEGIN CERTIFICATE-----and-----END CERTIFICATE-----, see official documentation.- single
Logout StringIssuer The issuer of the Service Provider that generates the Single Logout request.
- single
Logout StringUrl The location where the logout response is sent.
- skip
Groups Boolean Indicator that allows the app to skip
groupssync (it can also be provided during import). Default isfalse.- skip
Users Boolean Indicator that allows the app to skip
userssync (it can also be provided during import). Default isfalse.- sp
Issuer String SAML service provider issuer.
- sso
Url String Single Sign-on Url.
- status String
status of application.
- subject
Name StringId Format Identifies the SAML processing rules.
- subject
Name StringId Template Template for app user's username when a user is assigned to the app.
- user
Name StringTemplate Username template. Default is:
"${source.login}"- user
Name StringTemplate Push Status Push username on update. Valid values:
"PUSH"and"DONT_PUSH".- user
Name StringTemplate Suffix Username template suffix.
- user
Name StringTemplate Type Username template type. Default is:
"BUILT_IN".- users List<Property Map>
Users associated with the application.
The direct configuration of users in this app resource is deprecated, please ensure you use the resource
okta_app_userfor this functionality.
Supporting Types
SamlAttributeStatement
- Name string
The name of the attribute statement.
- Filter
Type string Type of group attribute filter. Valid values are:
"STARTS_WITH","EQUALS","CONTAINS", or"REGEX"- Filter
Value string Filter value to use.
- Namespace string
The attribute namespace. It can be set to
"urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified","urn:oasis:names:tc:SAML:2.0:attrname-format:uri", or"urn:oasis:names:tc:SAML:2.0:attrname-format:basic".- Type string
The type of attribute statement value. Valid values are:
"EXPRESSION"or"GROUP". Default is"EXPRESSION".- Values List<string>
Array of values to use.
- Name string
The name of the attribute statement.
- Filter
Type string Type of group attribute filter. Valid values are:
"STARTS_WITH","EQUALS","CONTAINS", or"REGEX"- Filter
Value string Filter value to use.
- Namespace string
The attribute namespace. It can be set to
"urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified","urn:oasis:names:tc:SAML:2.0:attrname-format:uri", or"urn:oasis:names:tc:SAML:2.0:attrname-format:basic".- Type string
The type of attribute statement value. Valid values are:
"EXPRESSION"or"GROUP". Default is"EXPRESSION".- Values []string
Array of values to use.
- name String
The name of the attribute statement.
- filter
Type String Type of group attribute filter. Valid values are:
"STARTS_WITH","EQUALS","CONTAINS", or"REGEX"- filter
Value String Filter value to use.
- namespace String
The attribute namespace. It can be set to
"urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified","urn:oasis:names:tc:SAML:2.0:attrname-format:uri", or"urn:oasis:names:tc:SAML:2.0:attrname-format:basic".- type String
The type of attribute statement value. Valid values are:
"EXPRESSION"or"GROUP". Default is"EXPRESSION".- values List<String>
Array of values to use.
- name string
The name of the attribute statement.
- filter
Type string Type of group attribute filter. Valid values are:
"STARTS_WITH","EQUALS","CONTAINS", or"REGEX"- filter
Value string Filter value to use.
- namespace string
The attribute namespace. It can be set to
"urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified","urn:oasis:names:tc:SAML:2.0:attrname-format:uri", or"urn:oasis:names:tc:SAML:2.0:attrname-format:basic".- type string
The type of attribute statement value. Valid values are:
"EXPRESSION"or"GROUP". Default is"EXPRESSION".- values string[]
Array of values to use.
- name str
The name of the attribute statement.
- filter_
type str Type of group attribute filter. Valid values are:
"STARTS_WITH","EQUALS","CONTAINS", or"REGEX"- filter_
value str Filter value to use.
- namespace str
The attribute namespace. It can be set to
"urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified","urn:oasis:names:tc:SAML:2.0:attrname-format:uri", or"urn:oasis:names:tc:SAML:2.0:attrname-format:basic".- type str
The type of attribute statement value. Valid values are:
"EXPRESSION"or"GROUP". Default is"EXPRESSION".- values Sequence[str]
Array of values to use.
- name String
The name of the attribute statement.
- filter
Type String Type of group attribute filter. Valid values are:
"STARTS_WITH","EQUALS","CONTAINS", or"REGEX"- filter
Value String Filter value to use.
- namespace String
The attribute namespace. It can be set to
"urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified","urn:oasis:names:tc:SAML:2.0:attrname-format:uri", or"urn:oasis:names:tc:SAML:2.0:attrname-format:basic".- type String
The type of attribute statement value. Valid values are:
"EXPRESSION"or"GROUP". Default is"EXPRESSION".- values List<String>
Array of values to use.
SamlKey
- Created string
Date created.
- E string
RSA exponent.
- Expires
At string Date the key expires.
- Kid string
Key ID.
- Kty string
Identifies the cryptographic algorithm family used with the key.
- Last
Updated string Date the key was last updated.
- N string
RSA modulus.
- Use string
Intended use of the public key.
- X5cs List<string>
X.509 certificate chain.
- X5t
S256 string X.509 certificate SHA-256 thumbprint.
- Created string
Date created.
- E string
RSA exponent.
- Expires
At string Date the key expires.
- Kid string
Key ID.
- Kty string
Identifies the cryptographic algorithm family used with the key.
- Last
Updated string Date the key was last updated.
- N string
RSA modulus.
- Use string
Intended use of the public key.
- X5cs []string
X.509 certificate chain.
- X5t
S256 string X.509 certificate SHA-256 thumbprint.
- created String
Date created.
- e String
RSA exponent.
- expires
At String Date the key expires.
- kid String
Key ID.
- kty String
Identifies the cryptographic algorithm family used with the key.
- last
Updated String Date the key was last updated.
- n String
RSA modulus.
- use String
Intended use of the public key.
- x5cs List<String>
X.509 certificate chain.
- x5t
S256 String X.509 certificate SHA-256 thumbprint.
- created string
Date created.
- e string
RSA exponent.
- expires
At string Date the key expires.
- kid string
Key ID.
- kty string
Identifies the cryptographic algorithm family used with the key.
- last
Updated string Date the key was last updated.
- n string
RSA modulus.
- use string
Intended use of the public key.
- x5cs string[]
X.509 certificate chain.
- x5t
S256 string X.509 certificate SHA-256 thumbprint.
- created str
Date created.
- e str
RSA exponent.
- expires_
at str Date the key expires.
- kid str
Key ID.
- kty str
Identifies the cryptographic algorithm family used with the key.
- last_
updated str Date the key was last updated.
- n str
RSA modulus.
- use str
Intended use of the public key.
- x5cs Sequence[str]
X.509 certificate chain.
- x5t_
s256 str X.509 certificate SHA-256 thumbprint.
- created String
Date created.
- e String
RSA exponent.
- expires
At String Date the key expires.
- kid String
Key ID.
- kty String
Identifies the cryptographic algorithm family used with the key.
- last
Updated String Date the key was last updated.
- n String
RSA modulus.
- use String
Intended use of the public key.
- x5cs List<String>
X.509 certificate chain.
- x5t
S256 String X.509 certificate SHA-256 thumbprint.
SamlUser
Import
A SAML App can be imported via the Okta ID.
$ pulumi import okta:app/saml:Saml example <app id>
It’s also possible to import app without groups or/and users. In this case ID may look like this
$ pulumi import okta:app/saml:Saml example <app id>/skip_users
$ pulumi import okta:app/saml:Saml example <app id>/skip_users/skip_groups
$ pulumi import okta:app/saml:Saml example <app id>/skip_groups
Package Details
- Repository
- Okta pulumi/pulumi-okta
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
oktaTerraform Provider.