1. Packages
  2. Okta
  3. API Docs
  4. app
  5. Saml
Okta v4.8.0 published on Saturday, Mar 2, 2024 by Pulumi

okta.app.Saml

Explore with Pulumi AI

okta logo
Okta v4.8.0 published on Saturday, Mar 2, 2024 by Pulumi

    This resource allows you to create and configure a SAML Application.

    During an apply if there is change in status the app will first be activated or deactivated in accordance with the status change. Then, all other arguments that changed will be applied.

    If you receive the error You do not have permission to access the feature you are requesting contact support and request feature flag ADVANCED_SSO be applied to your org.

    Example Usage

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Okta = Pulumi.Okta;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new Okta.App.Saml("example", new()
        {
            AttributeStatements = new[]
            {
                new Okta.App.Inputs.SamlAttributeStatementArgs
                {
                    FilterType = "REGEX",
                    FilterValue = ".*",
                    Name = "groups",
                    Type = "GROUP",
                },
            },
            Audience = "https://example.com/audience",
            AuthnContextClassRef = "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport",
            Destination = "https://example.com",
            DigestAlgorithm = "SHA256",
            HonorForceAuthn = false,
            Label = "example",
            Recipient = "https://example.com",
            ResponseSigned = true,
            SignatureAlgorithm = "RSA_SHA256",
            SsoUrl = "https://example.com",
            SubjectNameIdFormat = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
            SubjectNameIdTemplate = "${user.userName}",
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-okta/sdk/v4/go/okta/app"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := app.NewSaml(ctx, "example", &app.SamlArgs{
    			AttributeStatements: app.SamlAttributeStatementArray{
    				&app.SamlAttributeStatementArgs{
    					FilterType:  pulumi.String("REGEX"),
    					FilterValue: pulumi.String(".*"),
    					Name:        pulumi.String("groups"),
    					Type:        pulumi.String("GROUP"),
    				},
    			},
    			Audience:              pulumi.String("https://example.com/audience"),
    			AuthnContextClassRef:  pulumi.String("urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"),
    			Destination:           pulumi.String("https://example.com"),
    			DigestAlgorithm:       pulumi.String("SHA256"),
    			HonorForceAuthn:       pulumi.Bool(false),
    			Label:                 pulumi.String("example"),
    			Recipient:             pulumi.String("https://example.com"),
    			ResponseSigned:        pulumi.Bool(true),
    			SignatureAlgorithm:    pulumi.String("RSA_SHA256"),
    			SsoUrl:                pulumi.String("https://example.com"),
    			SubjectNameIdFormat:   pulumi.String("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"),
    			SubjectNameIdTemplate: pulumi.String("${user.userName}"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.okta.app.Saml;
    import com.pulumi.okta.app.SamlArgs;
    import com.pulumi.okta.app.inputs.SamlAttributeStatementArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new Saml("example", SamlArgs.builder()        
                .attributeStatements(SamlAttributeStatementArgs.builder()
                    .filterType("REGEX")
                    .filterValue(".*")
                    .name("groups")
                    .type("GROUP")
                    .build())
                .audience("https://example.com/audience")
                .authnContextClassRef("urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport")
                .destination("https://example.com")
                .digestAlgorithm("SHA256")
                .honorForceAuthn(false)
                .label("example")
                .recipient("https://example.com")
                .responseSigned(true)
                .signatureAlgorithm("RSA_SHA256")
                .ssoUrl("https://example.com")
                .subjectNameIdFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress")
                .subjectNameIdTemplate("${user.userName}")
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_okta as okta
    
    example = okta.app.Saml("example",
        attribute_statements=[okta.app.SamlAttributeStatementArgs(
            filter_type="REGEX",
            filter_value=".*",
            name="groups",
            type="GROUP",
        )],
        audience="https://example.com/audience",
        authn_context_class_ref="urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport",
        destination="https://example.com",
        digest_algorithm="SHA256",
        honor_force_authn=False,
        label="example",
        recipient="https://example.com",
        response_signed=True,
        signature_algorithm="RSA_SHA256",
        sso_url="https://example.com",
        subject_name_id_format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
        subject_name_id_template="${user.userName}")
    
    import * as pulumi from "@pulumi/pulumi";
    import * as okta from "@pulumi/okta";
    
    const example = new okta.app.Saml("example", {
        attributeStatements: [{
            filterType: "REGEX",
            filterValue: ".*",
            name: "groups",
            type: "GROUP",
        }],
        audience: "https://example.com/audience",
        authnContextClassRef: "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport",
        destination: "https://example.com",
        digestAlgorithm: "SHA256",
        honorForceAuthn: false,
        label: "example",
        recipient: "https://example.com",
        responseSigned: true,
        signatureAlgorithm: "RSA_SHA256",
        ssoUrl: "https://example.com",
        subjectNameIdFormat: "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
        subjectNameIdTemplate: "${user.userName}",
    });
    
    resources:
      example:
        type: okta:app:Saml
        properties:
          attributeStatements:
            - filterType: REGEX
              filterValue: .*
              name: groups
              type: GROUP
          audience: https://example.com/audience
          authnContextClassRef: urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
          destination: https://example.com
          digestAlgorithm: SHA256
          honorForceAuthn: false
          label: example
          recipient: https://example.com
          responseSigned: true
          signatureAlgorithm: RSA_SHA256
          ssoUrl: https://example.com
          subjectNameIdFormat: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
          subjectNameIdTemplate: ${user.userName}
    

    With inline hook

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Okta = Pulumi.Okta;
    
    return await Deployment.RunAsync(() => 
    {
        var testHook = new Okta.Inline.Hook("testHook", new()
        {
            Status = "ACTIVE",
            Type = "com.okta.saml.tokens.transform",
            Version = "1.0.2",
            Channel = 
            {
                { "type", "HTTP" },
                { "version", "1.0.0" },
                { "uri", "https://example.com/test1" },
                { "method", "POST" },
            },
            Auth = 
            {
                { "key", "Authorization" },
                { "type", "HEADER" },
                { "value", "secret" },
            },
        });
    
        var testSaml = new Okta.App.Saml("testSaml", new()
        {
            Label = "testAcc_replace_with_uuid",
            SsoUrl = "https://google.com",
            Recipient = "https://here.com",
            Destination = "https://its-about-the-journey.com",
            Audience = "https://audience.com",
            SubjectNameIdTemplate = "${user.userName}",
            SubjectNameIdFormat = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
            ResponseSigned = true,
            SignatureAlgorithm = "RSA_SHA256",
            DigestAlgorithm = "SHA256",
            HonorForceAuthn = false,
            AuthnContextClassRef = "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport",
            InlineHookId = testHook.Id,
            AttributeStatements = new[]
            {
                new Okta.App.Inputs.SamlAttributeStatementArgs
                {
                    Type = "GROUP",
                    Name = "groups",
                    FilterType = "REGEX",
                    FilterValue = ".*",
                },
            },
        }, new CustomResourceOptions
        {
            DependsOn = new[]
            {
                testHook,
            },
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-okta/sdk/v4/go/okta/app"
    	"github.com/pulumi/pulumi-okta/sdk/v4/go/okta/inline"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		testHook, err := inline.NewHook(ctx, "testHook", &inline.HookArgs{
    			Status:  pulumi.String("ACTIVE"),
    			Type:    pulumi.String("com.okta.saml.tokens.transform"),
    			Version: pulumi.String("1.0.2"),
    			Channel: pulumi.StringMap{
    				"type":    pulumi.String("HTTP"),
    				"version": pulumi.String("1.0.0"),
    				"uri":     pulumi.String("https://example.com/test1"),
    				"method":  pulumi.String("POST"),
    			},
    			Auth: pulumi.StringMap{
    				"key":   pulumi.String("Authorization"),
    				"type":  pulumi.String("HEADER"),
    				"value": pulumi.String("secret"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		_, err = app.NewSaml(ctx, "testSaml", &app.SamlArgs{
    			Label:                 pulumi.String("testAcc_replace_with_uuid"),
    			SsoUrl:                pulumi.String("https://google.com"),
    			Recipient:             pulumi.String("https://here.com"),
    			Destination:           pulumi.String("https://its-about-the-journey.com"),
    			Audience:              pulumi.String("https://audience.com"),
    			SubjectNameIdTemplate: pulumi.String("${user.userName}"),
    			SubjectNameIdFormat:   pulumi.String("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"),
    			ResponseSigned:        pulumi.Bool(true),
    			SignatureAlgorithm:    pulumi.String("RSA_SHA256"),
    			DigestAlgorithm:       pulumi.String("SHA256"),
    			HonorForceAuthn:       pulumi.Bool(false),
    			AuthnContextClassRef:  pulumi.String("urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"),
    			InlineHookId:          testHook.ID(),
    			AttributeStatements: app.SamlAttributeStatementArray{
    				&app.SamlAttributeStatementArgs{
    					Type:        pulumi.String("GROUP"),
    					Name:        pulumi.String("groups"),
    					FilterType:  pulumi.String("REGEX"),
    					FilterValue: pulumi.String(".*"),
    				},
    			},
    		}, pulumi.DependsOn([]pulumi.Resource{
    			testHook,
    		}))
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.okta.inline.Hook;
    import com.pulumi.okta.inline.HookArgs;
    import com.pulumi.okta.app.Saml;
    import com.pulumi.okta.app.SamlArgs;
    import com.pulumi.okta.app.inputs.SamlAttributeStatementArgs;
    import com.pulumi.resources.CustomResourceOptions;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var testHook = new Hook("testHook", HookArgs.builder()        
                .status("ACTIVE")
                .type("com.okta.saml.tokens.transform")
                .version("1.0.2")
                .channel(Map.ofEntries(
                    Map.entry("type", "HTTP"),
                    Map.entry("version", "1.0.0"),
                    Map.entry("uri", "https://example.com/test1"),
                    Map.entry("method", "POST")
                ))
                .auth(Map.ofEntries(
                    Map.entry("key", "Authorization"),
                    Map.entry("type", "HEADER"),
                    Map.entry("value", "secret")
                ))
                .build());
    
            var testSaml = new Saml("testSaml", SamlArgs.builder()        
                .label("testAcc_replace_with_uuid")
                .ssoUrl("https://google.com")
                .recipient("https://here.com")
                .destination("https://its-about-the-journey.com")
                .audience("https://audience.com")
                .subjectNameIdTemplate("${user.userName}")
                .subjectNameIdFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress")
                .responseSigned(true)
                .signatureAlgorithm("RSA_SHA256")
                .digestAlgorithm("SHA256")
                .honorForceAuthn(false)
                .authnContextClassRef("urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport")
                .inlineHookId(testHook.id())
                .attributeStatements(SamlAttributeStatementArgs.builder()
                    .type("GROUP")
                    .name("groups")
                    .filterType("REGEX")
                    .filterValue(".*")
                    .build())
                .build(), CustomResourceOptions.builder()
                    .dependsOn(testHook)
                    .build());
    
        }
    }
    
    import pulumi
    import pulumi_okta as okta
    
    test_hook = okta.inline.Hook("testHook",
        status="ACTIVE",
        type="com.okta.saml.tokens.transform",
        version="1.0.2",
        channel={
            "type": "HTTP",
            "version": "1.0.0",
            "uri": "https://example.com/test1",
            "method": "POST",
        },
        auth={
            "key": "Authorization",
            "type": "HEADER",
            "value": "secret",
        })
    test_saml = okta.app.Saml("testSaml",
        label="testAcc_replace_with_uuid",
        sso_url="https://google.com",
        recipient="https://here.com",
        destination="https://its-about-the-journey.com",
        audience="https://audience.com",
        subject_name_id_template="${user.userName}",
        subject_name_id_format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
        response_signed=True,
        signature_algorithm="RSA_SHA256",
        digest_algorithm="SHA256",
        honor_force_authn=False,
        authn_context_class_ref="urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport",
        inline_hook_id=test_hook.id,
        attribute_statements=[okta.app.SamlAttributeStatementArgs(
            type="GROUP",
            name="groups",
            filter_type="REGEX",
            filter_value=".*",
        )],
        opts=pulumi.ResourceOptions(depends_on=[test_hook]))
    
    import * as pulumi from "@pulumi/pulumi";
    import * as okta from "@pulumi/okta";
    
    const testHook = new okta.inline.Hook("testHook", {
        status: "ACTIVE",
        type: "com.okta.saml.tokens.transform",
        version: "1.0.2",
        channel: {
            type: "HTTP",
            version: "1.0.0",
            uri: "https://example.com/test1",
            method: "POST",
        },
        auth: {
            key: "Authorization",
            type: "HEADER",
            value: "secret",
        },
    });
    const testSaml = new okta.app.Saml("testSaml", {
        label: "testAcc_replace_with_uuid",
        ssoUrl: "https://google.com",
        recipient: "https://here.com",
        destination: "https://its-about-the-journey.com",
        audience: "https://audience.com",
        subjectNameIdTemplate: "${user.userName}",
        subjectNameIdFormat: "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
        responseSigned: true,
        signatureAlgorithm: "RSA_SHA256",
        digestAlgorithm: "SHA256",
        honorForceAuthn: false,
        authnContextClassRef: "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport",
        inlineHookId: testHook.id,
        attributeStatements: [{
            type: "GROUP",
            name: "groups",
            filterType: "REGEX",
            filterValue: ".*",
        }],
    }, {
        dependsOn: [testHook],
    });
    
    resources:
      testHook:
        type: okta:inline:Hook
        properties:
          status: ACTIVE
          type: com.okta.saml.tokens.transform
          version: 1.0.2
          channel:
            type: HTTP
            version: 1.0.0
            uri: https://example.com/test1
            method: POST
          auth:
            key: Authorization
            type: HEADER
            value: secret
      testSaml:
        type: okta:app:Saml
        properties:
          label: testAcc_replace_with_uuid
          ssoUrl: https://google.com
          recipient: https://here.com
          destination: https://its-about-the-journey.com
          audience: https://audience.com
          subjectNameIdTemplate: ${user.userName}
          subjectNameIdFormat: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
          responseSigned: true
          signatureAlgorithm: RSA_SHA256
          digestAlgorithm: SHA256
          honorForceAuthn: false
          authnContextClassRef: urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
          inlineHookId: ${testHook.id}
          attributeStatements:
            - type: GROUP
              name: groups
              filterType: REGEX
              filterValue: .*
        options:
          dependson:
            - ${testHook}
    

    Pre-configured app with SAML 1.1 sign-on mode

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Okta = Pulumi.Okta;
    
    return await Deployment.RunAsync(() => 
    {
        var test = new Okta.App.Saml("test", new()
        {
            AppSettingsJson = @"{
        ""groupFilter"": ""app1.*"",
        ""siteURL"": ""https://www.okta.com""
    }
    
    ",
            Label = "SharePoint (On-Premise)",
            PreconfiguredApp = "sharepoint_onpremise",
            SamlVersion = "1.1",
            Status = "ACTIVE",
            UserNameTemplate = "${source.login}",
            UserNameTemplateType = "BUILT_IN",
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-okta/sdk/v4/go/okta/app"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := app.NewSaml(ctx, "test", &app.SamlArgs{
    			AppSettingsJson: pulumi.String(`{
        "groupFilter": "app1.*",
        "siteURL": "https://www.okta.com"
    }
    
    `),
    			Label:                pulumi.String("SharePoint (On-Premise)"),
    			PreconfiguredApp:     pulumi.String("sharepoint_onpremise"),
    			SamlVersion:          pulumi.String("1.1"),
    			Status:               pulumi.String("ACTIVE"),
    			UserNameTemplate:     pulumi.String("${source.login}"),
    			UserNameTemplateType: pulumi.String("BUILT_IN"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.okta.app.Saml;
    import com.pulumi.okta.app.SamlArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var test = new Saml("test", SamlArgs.builder()        
                .appSettingsJson("""
    {
        "groupFilter": "app1.*",
        "siteURL": "https://www.okta.com"
    }
    
                """)
                .label("SharePoint (On-Premise)")
                .preconfiguredApp("sharepoint_onpremise")
                .samlVersion("1.1")
                .status("ACTIVE")
                .userNameTemplate("${source.login}")
                .userNameTemplateType("BUILT_IN")
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_okta as okta
    
    test = okta.app.Saml("test",
        app_settings_json="""{
        "groupFilter": "app1.*",
        "siteURL": "https://www.okta.com"
    }
    
    """,
        label="SharePoint (On-Premise)",
        preconfigured_app="sharepoint_onpremise",
        saml_version="1.1",
        status="ACTIVE",
        user_name_template="${source.login}",
        user_name_template_type="BUILT_IN")
    
    import * as pulumi from "@pulumi/pulumi";
    import * as okta from "@pulumi/okta";
    
    const test = new okta.app.Saml("test", {
        appSettingsJson: `{
        "groupFilter": "app1.*",
        "siteURL": "https://www.okta.com"
    }
    
    `,
        label: "SharePoint (On-Premise)",
        preconfiguredApp: "sharepoint_onpremise",
        samlVersion: "1.1",
        status: "ACTIVE",
        userNameTemplate: "${source.login}",
        userNameTemplateType: "BUILT_IN",
    });
    
    resources:
      test:
        type: okta:app:Saml
        properties:
          appSettingsJson: |+
            {
                "groupFilter": "app1.*",
                "siteURL": "https://www.okta.com"
            }        
    
          label: SharePoint (On-Premise)
          preconfiguredApp: sharepoint_onpremise
          samlVersion: '1.1'
          status: ACTIVE
          userNameTemplate: ${source.login}
          userNameTemplateType: BUILT_IN
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Okta = Pulumi.Okta;
    
    return await Deployment.RunAsync(() => 
    {
        var office365 = new Okta.App.Saml("office365", new()
        {
            AppLinksJson = @"  {
          ""calendar"": false,
          ""crm"": false,
          ""delve"": false,
          ""excel"": false,
          ""forms"": false,
          ""mail"": false,
          ""newsfeed"": false,
          ""onedrive"": false,
          ""people"": false,
          ""planner"": false,
          ""powerbi"": false,
          ""powerpoint"": false,
          ""sites"": false,
          ""sway"": false,
          ""tasks"": false,
          ""teams"": false,
          ""video"": false,
          ""word"": false,
          ""yammer"": false,
          ""login"": true
      }
    
    ",
            AppSettingsJson = @"    {
           ""wsFedConfigureType"": ""AUTO"",
           ""windowsTransportEnabled"": false,
           ""domain"": ""okta.com"",
           ""msftTenant"": ""okta"",
           ""domains"": [],
           ""requireAdminConsent"": false
        }
    
    ",
            Label = "Microsoft Office 365",
            PreconfiguredApp = "office365",
            SamlVersion = "1.1",
            Status = "ACTIVE",
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-okta/sdk/v4/go/okta/app"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := app.NewSaml(ctx, "office365", &app.SamlArgs{
    			AppLinksJson: pulumi.String(`  {
          "calendar": false,
          "crm": false,
          "delve": false,
          "excel": false,
          "forms": false,
          "mail": false,
          "newsfeed": false,
          "onedrive": false,
          "people": false,
          "planner": false,
          "powerbi": false,
          "powerpoint": false,
          "sites": false,
          "sway": false,
          "tasks": false,
          "teams": false,
          "video": false,
          "word": false,
          "yammer": false,
          "login": true
      }
    
    `),
    			AppSettingsJson: pulumi.String(`    {
           "wsFedConfigureType": "AUTO",
           "windowsTransportEnabled": false,
           "domain": "okta.com",
           "msftTenant": "okta",
           "domains": [],
           "requireAdminConsent": false
        }
    
    `),
    			Label:            pulumi.String("Microsoft Office 365"),
    			PreconfiguredApp: pulumi.String("office365"),
    			SamlVersion:      pulumi.String("1.1"),
    			Status:           pulumi.String("ACTIVE"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.okta.app.Saml;
    import com.pulumi.okta.app.SamlArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var office365 = new Saml("office365", SamlArgs.builder()        
                .appLinksJson("""
      {
          "calendar": false,
          "crm": false,
          "delve": false,
          "excel": false,
          "forms": false,
          "mail": false,
          "newsfeed": false,
          "onedrive": false,
          "people": false,
          "planner": false,
          "powerbi": false,
          "powerpoint": false,
          "sites": false,
          "sway": false,
          "tasks": false,
          "teams": false,
          "video": false,
          "word": false,
          "yammer": false,
          "login": true
      }
    
                """)
                .appSettingsJson("""
        {
           "wsFedConfigureType": "AUTO",
           "windowsTransportEnabled": false,
           "domain": "okta.com",
           "msftTenant": "okta",
           "domains": [],
           "requireAdminConsent": false
        }
    
                """)
                .label("Microsoft Office 365")
                .preconfiguredApp("office365")
                .samlVersion("1.1")
                .status("ACTIVE")
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_okta as okta
    
    office365 = okta.app.Saml("office365",
        app_links_json="""  {
          "calendar": false,
          "crm": false,
          "delve": false,
          "excel": false,
          "forms": false,
          "mail": false,
          "newsfeed": false,
          "onedrive": false,
          "people": false,
          "planner": false,
          "powerbi": false,
          "powerpoint": false,
          "sites": false,
          "sway": false,
          "tasks": false,
          "teams": false,
          "video": false,
          "word": false,
          "yammer": false,
          "login": true
      }
    
    """,
        app_settings_json="""    {
           "wsFedConfigureType": "AUTO",
           "windowsTransportEnabled": false,
           "domain": "okta.com",
           "msftTenant": "okta",
           "domains": [],
           "requireAdminConsent": false
        }
    
    """,
        label="Microsoft Office 365",
        preconfigured_app="office365",
        saml_version="1.1",
        status="ACTIVE")
    
    import * as pulumi from "@pulumi/pulumi";
    import * as okta from "@pulumi/okta";
    
    const office365 = new okta.app.Saml("office365", {
        appLinksJson: `  {
          "calendar": false,
          "crm": false,
          "delve": false,
          "excel": false,
          "forms": false,
          "mail": false,
          "newsfeed": false,
          "onedrive": false,
          "people": false,
          "planner": false,
          "powerbi": false,
          "powerpoint": false,
          "sites": false,
          "sway": false,
          "tasks": false,
          "teams": false,
          "video": false,
          "word": false,
          "yammer": false,
          "login": true
      }
    
    `,
        appSettingsJson: `    {
           "wsFedConfigureType": "AUTO",
           "windowsTransportEnabled": false,
           "domain": "okta.com",
           "msftTenant": "okta",
           "domains": [],
           "requireAdminConsent": false
        }
    
    `,
        label: "Microsoft Office 365",
        preconfiguredApp: "office365",
        samlVersion: "1.1",
        status: "ACTIVE",
    });
    
    resources:
      office365:
        type: okta:app:Saml
        properties:
          appLinksJson: |2+
              {
                  "calendar": false,
                  "crm": false,
                  "delve": false,
                  "excel": false,
                  "forms": false,
                  "mail": false,
                  "newsfeed": false,
                  "onedrive": false,
                  "people": false,
                  "planner": false,
                  "powerbi": false,
                  "powerpoint": false,
                  "sites": false,
                  "sway": false,
                  "tasks": false,
                  "teams": false,
                  "video": false,
                  "word": false,
                  "yammer": false,
                  "login": true
              }
    
          appSettingsJson: |2+
                {
                   "wsFedConfigureType": "AUTO",
                   "windowsTransportEnabled": false,
                   "domain": "okta.com",
                   "msftTenant": "okta",
                   "domains": [],
                   "requireAdminConsent": false
                }
    
          label: Microsoft Office 365
          preconfiguredApp: office365
          samlVersion: '1.1'
          status: ACTIVE
    

    Create Saml Resource

    new Saml(name: string, args: SamlArgs, opts?: CustomResourceOptions);
    @overload
    def Saml(resource_name: str,
             opts: Optional[ResourceOptions] = None,
             accessibility_error_redirect_url: Optional[str] = None,
             accessibility_login_redirect_url: Optional[str] = None,
             accessibility_self_service: Optional[bool] = None,
             acs_endpoints: Optional[Sequence[str]] = None,
             admin_note: Optional[str] = None,
             app_links_json: Optional[str] = None,
             app_settings_json: Optional[str] = None,
             assertion_signed: Optional[bool] = None,
             attribute_statements: Optional[Sequence[SamlAttributeStatementArgs]] = None,
             audience: Optional[str] = None,
             authentication_policy: Optional[str] = None,
             authn_context_class_ref: Optional[str] = None,
             auto_submit_toolbar: Optional[bool] = None,
             default_relay_state: Optional[str] = None,
             destination: Optional[str] = None,
             digest_algorithm: Optional[str] = None,
             enduser_note: Optional[str] = None,
             hide_ios: Optional[bool] = None,
             hide_web: Optional[bool] = None,
             honor_force_authn: Optional[bool] = None,
             idp_issuer: Optional[str] = None,
             implicit_assignment: Optional[bool] = None,
             inline_hook_id: Optional[str] = None,
             key_name: Optional[str] = None,
             key_years_valid: Optional[int] = None,
             label: Optional[str] = None,
             logo: Optional[str] = None,
             preconfigured_app: Optional[str] = None,
             recipient: Optional[str] = None,
             request_compressed: Optional[bool] = None,
             response_signed: Optional[bool] = None,
             saml_signed_request_enabled: Optional[bool] = None,
             saml_version: Optional[str] = None,
             signature_algorithm: Optional[str] = None,
             single_logout_certificate: Optional[str] = None,
             single_logout_issuer: Optional[str] = None,
             single_logout_url: Optional[str] = None,
             sp_issuer: Optional[str] = None,
             sso_url: Optional[str] = None,
             status: Optional[str] = None,
             subject_name_id_format: Optional[str] = None,
             subject_name_id_template: Optional[str] = None,
             user_name_template: Optional[str] = None,
             user_name_template_push_status: Optional[str] = None,
             user_name_template_suffix: Optional[str] = None,
             user_name_template_type: Optional[str] = None)
    @overload
    def Saml(resource_name: str,
             args: SamlArgs,
             opts: Optional[ResourceOptions] = None)
    func NewSaml(ctx *Context, name string, args SamlArgs, opts ...ResourceOption) (*Saml, error)
    public Saml(string name, SamlArgs args, CustomResourceOptions? opts = null)
    public Saml(String name, SamlArgs args)
    public Saml(String name, SamlArgs args, CustomResourceOptions options)
    
    type: okta:app:Saml
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args SamlArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args SamlArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args SamlArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args SamlArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args SamlArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Saml Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The Saml resource accepts the following input properties:

    Label string
    label of application.
    AccessibilityErrorRedirectUrl string
    Custom error page URL.
    AccessibilityLoginRedirectUrl string
    Custom login page for this application.
    AccessibilitySelfService bool
    Enable self-service. Default is: false.
    AcsEndpoints List<string>
    An array of ACS endpoints. You can configure a maximum of 100 endpoints.
    AdminNote string
    Application notes for admins.
    AppLinksJson string
    Displays specific appLinks for the app. The value for each application link should be boolean.
    AppSettingsJson string
    Application settings in JSON format.
    AssertionSigned bool
    Determines whether the SAML assertion is digitally signed.
    AttributeStatements List<SamlAttributeStatement>
    List of SAML Attribute statements.
    Audience string
    Audience Restriction
    AuthenticationPolicy string
    The ID of the associated app_signon_policy. If this property is removed from the application the default sign-on-policy will be associated with this application.
    AuthnContextClassRef string
    Identifies the SAML authentication context class for the assertion’s authentication statement
    AutoSubmitToolbar bool
    Display auto submit toolbar. Default is: false
    DefaultRelayState string
    Identifies a specific application resource in an IDP initiated SSO scenario.
    Destination string
    Identifies the location where the SAML response is intended to be sent inside of the SAML assertion
    DigestAlgorithm string
    Determines the digest algorithm used to digitally sign the SAML assertion and response
    EnduserNote string
    Application notes for end users.
    HideIos bool
    Do not display application icon on mobile app. Default is: false
    HideWeb bool
    Do not display application icon to users. Default is: false
    HonorForceAuthn bool
    Prompt user to re-authenticate if SP asks for it. Default is: false
    IdpIssuer string
    SAML issuer ID.
    ImplicitAssignment bool
    Early Access Property. Enables Federation Broker Mode.
    InlineHookId string
    Saml Inline Hook associated with the application.
    KeyName string
    Certificate name. This modulates the rotation of keys. New name == new key. Required to be set with key_years_valid.
    KeyYearsValid int
    Number of years the certificate is valid (2 - 10 years).
    Logo string
    Local file path to the logo. The file must be in PNG, JPG, or GIF format, and less than 1 MB in size.
    PreconfiguredApp string
    name of application from the Okta Integration Network, if not included a custom app will be created. If not provided the following arguments are required:
    Recipient string
    The location where the app may present the SAML assertion.
    RequestCompressed bool
    Denotes whether the request is compressed or not.
    ResponseSigned bool
    Determines whether the SAML auth response message is digitally signed.
    SamlSignedRequestEnabled bool
    SAML Signed Request enabled
    SamlVersion string
    SAML version for the app's sign-on mode. Valid values are: "2.0" or "1.1". Default is "2.0".
    SignatureAlgorithm string
    Signature algorithm used ot digitally sign the assertion and response.
    SingleLogoutCertificate string
    x509 encoded certificate that the Service Provider uses to sign Single Logout requests. Note: should be provided without -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----, see official documentation.
    SingleLogoutIssuer string
    The issuer of the Service Provider that generates the Single Logout request.
    SingleLogoutUrl string
    The location where the logout response is sent.
    SpIssuer string
    SAML service provider issuer.
    SsoUrl string
    Single Sign-on Url.
    Status string
    status of application.
    SubjectNameIdFormat string
    Identifies the SAML processing rules.
    SubjectNameIdTemplate string
    Template for app user's username when a user is assigned to the app.
    UserNameTemplate string
    Username template. Default is: "${source.login}"
    UserNameTemplatePushStatus string
    Push username on update. Valid values: "PUSH" and "DONT_PUSH".
    UserNameTemplateSuffix string
    Username template suffix.
    UserNameTemplateType string
    Username template type. Default is: "BUILT_IN".
    Label string
    label of application.
    AccessibilityErrorRedirectUrl string
    Custom error page URL.
    AccessibilityLoginRedirectUrl string
    Custom login page for this application.
    AccessibilitySelfService bool
    Enable self-service. Default is: false.
    AcsEndpoints []string
    An array of ACS endpoints. You can configure a maximum of 100 endpoints.
    AdminNote string
    Application notes for admins.
    AppLinksJson string
    Displays specific appLinks for the app. The value for each application link should be boolean.
    AppSettingsJson string
    Application settings in JSON format.
    AssertionSigned bool
    Determines whether the SAML assertion is digitally signed.
    AttributeStatements []SamlAttributeStatementArgs
    List of SAML Attribute statements.
    Audience string
    Audience Restriction
    AuthenticationPolicy string
    The ID of the associated app_signon_policy. If this property is removed from the application the default sign-on-policy will be associated with this application.
    AuthnContextClassRef string
    Identifies the SAML authentication context class for the assertion’s authentication statement
    AutoSubmitToolbar bool
    Display auto submit toolbar. Default is: false
    DefaultRelayState string
    Identifies a specific application resource in an IDP initiated SSO scenario.
    Destination string
    Identifies the location where the SAML response is intended to be sent inside of the SAML assertion
    DigestAlgorithm string
    Determines the digest algorithm used to digitally sign the SAML assertion and response
    EnduserNote string
    Application notes for end users.
    HideIos bool
    Do not display application icon on mobile app. Default is: false
    HideWeb bool
    Do not display application icon to users. Default is: false
    HonorForceAuthn bool
    Prompt user to re-authenticate if SP asks for it. Default is: false
    IdpIssuer string
    SAML issuer ID.
    ImplicitAssignment bool
    Early Access Property. Enables Federation Broker Mode.
    InlineHookId string
    Saml Inline Hook associated with the application.
    KeyName string
    Certificate name. This modulates the rotation of keys. New name == new key. Required to be set with key_years_valid.
    KeyYearsValid int
    Number of years the certificate is valid (2 - 10 years).
    Logo string
    Local file path to the logo. The file must be in PNG, JPG, or GIF format, and less than 1 MB in size.
    PreconfiguredApp string
    name of application from the Okta Integration Network, if not included a custom app will be created. If not provided the following arguments are required:
    Recipient string
    The location where the app may present the SAML assertion.
    RequestCompressed bool
    Denotes whether the request is compressed or not.
    ResponseSigned bool
    Determines whether the SAML auth response message is digitally signed.
    SamlSignedRequestEnabled bool
    SAML Signed Request enabled
    SamlVersion string
    SAML version for the app's sign-on mode. Valid values are: "2.0" or "1.1". Default is "2.0".
    SignatureAlgorithm string
    Signature algorithm used ot digitally sign the assertion and response.
    SingleLogoutCertificate string
    x509 encoded certificate that the Service Provider uses to sign Single Logout requests. Note: should be provided without -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----, see official documentation.
    SingleLogoutIssuer string
    The issuer of the Service Provider that generates the Single Logout request.
    SingleLogoutUrl string
    The location where the logout response is sent.
    SpIssuer string
    SAML service provider issuer.
    SsoUrl string
    Single Sign-on Url.
    Status string
    status of application.
    SubjectNameIdFormat string
    Identifies the SAML processing rules.
    SubjectNameIdTemplate string
    Template for app user's username when a user is assigned to the app.
    UserNameTemplate string
    Username template. Default is: "${source.login}"
    UserNameTemplatePushStatus string
    Push username on update. Valid values: "PUSH" and "DONT_PUSH".
    UserNameTemplateSuffix string
    Username template suffix.
    UserNameTemplateType string
    Username template type. Default is: "BUILT_IN".
    label String
    label of application.
    accessibilityErrorRedirectUrl String
    Custom error page URL.
    accessibilityLoginRedirectUrl String
    Custom login page for this application.
    accessibilitySelfService Boolean
    Enable self-service. Default is: false.
    acsEndpoints List<String>
    An array of ACS endpoints. You can configure a maximum of 100 endpoints.
    adminNote String
    Application notes for admins.
    appLinksJson String
    Displays specific appLinks for the app. The value for each application link should be boolean.
    appSettingsJson String
    Application settings in JSON format.
    assertionSigned Boolean
    Determines whether the SAML assertion is digitally signed.
    attributeStatements List<SamlAttributeStatement>
    List of SAML Attribute statements.
    audience String
    Audience Restriction
    authenticationPolicy String
    The ID of the associated app_signon_policy. If this property is removed from the application the default sign-on-policy will be associated with this application.
    authnContextClassRef String
    Identifies the SAML authentication context class for the assertion’s authentication statement
    autoSubmitToolbar Boolean
    Display auto submit toolbar. Default is: false
    defaultRelayState String
    Identifies a specific application resource in an IDP initiated SSO scenario.
    destination String
    Identifies the location where the SAML response is intended to be sent inside of the SAML assertion
    digestAlgorithm String
    Determines the digest algorithm used to digitally sign the SAML assertion and response
    enduserNote String
    Application notes for end users.
    hideIos Boolean
    Do not display application icon on mobile app. Default is: false
    hideWeb Boolean
    Do not display application icon to users. Default is: false
    honorForceAuthn Boolean
    Prompt user to re-authenticate if SP asks for it. Default is: false
    idpIssuer String
    SAML issuer ID.
    implicitAssignment Boolean
    Early Access Property. Enables Federation Broker Mode.
    inlineHookId String
    Saml Inline Hook associated with the application.
    keyName String
    Certificate name. This modulates the rotation of keys. New name == new key. Required to be set with key_years_valid.
    keyYearsValid Integer
    Number of years the certificate is valid (2 - 10 years).
    logo String
    Local file path to the logo. The file must be in PNG, JPG, or GIF format, and less than 1 MB in size.
    preconfiguredApp String
    name of application from the Okta Integration Network, if not included a custom app will be created. If not provided the following arguments are required:
    recipient String
    The location where the app may present the SAML assertion.
    requestCompressed Boolean
    Denotes whether the request is compressed or not.
    responseSigned Boolean
    Determines whether the SAML auth response message is digitally signed.
    samlSignedRequestEnabled Boolean
    SAML Signed Request enabled
    samlVersion String
    SAML version for the app's sign-on mode. Valid values are: "2.0" or "1.1". Default is "2.0".
    signatureAlgorithm String
    Signature algorithm used ot digitally sign the assertion and response.
    singleLogoutCertificate String
    x509 encoded certificate that the Service Provider uses to sign Single Logout requests. Note: should be provided without -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----, see official documentation.
    singleLogoutIssuer String
    The issuer of the Service Provider that generates the Single Logout request.
    singleLogoutUrl String
    The location where the logout response is sent.
    spIssuer String
    SAML service provider issuer.
    ssoUrl String
    Single Sign-on Url.
    status String
    status of application.
    subjectNameIdFormat String
    Identifies the SAML processing rules.
    subjectNameIdTemplate String
    Template for app user's username when a user is assigned to the app.
    userNameTemplate String
    Username template. Default is: "${source.login}"
    userNameTemplatePushStatus String
    Push username on update. Valid values: "PUSH" and "DONT_PUSH".
    userNameTemplateSuffix String
    Username template suffix.
    userNameTemplateType String
    Username template type. Default is: "BUILT_IN".
    label string
    label of application.
    accessibilityErrorRedirectUrl string
    Custom error page URL.
    accessibilityLoginRedirectUrl string
    Custom login page for this application.
    accessibilitySelfService boolean
    Enable self-service. Default is: false.
    acsEndpoints string[]
    An array of ACS endpoints. You can configure a maximum of 100 endpoints.
    adminNote string
    Application notes for admins.
    appLinksJson string
    Displays specific appLinks for the app. The value for each application link should be boolean.
    appSettingsJson string
    Application settings in JSON format.
    assertionSigned boolean
    Determines whether the SAML assertion is digitally signed.
    attributeStatements SamlAttributeStatement[]
    List of SAML Attribute statements.
    audience string
    Audience Restriction
    authenticationPolicy string
    The ID of the associated app_signon_policy. If this property is removed from the application the default sign-on-policy will be associated with this application.
    authnContextClassRef string
    Identifies the SAML authentication context class for the assertion’s authentication statement
    autoSubmitToolbar boolean
    Display auto submit toolbar. Default is: false
    defaultRelayState string
    Identifies a specific application resource in an IDP initiated SSO scenario.
    destination string
    Identifies the location where the SAML response is intended to be sent inside of the SAML assertion
    digestAlgorithm string
    Determines the digest algorithm used to digitally sign the SAML assertion and response
    enduserNote string
    Application notes for end users.
    hideIos boolean
    Do not display application icon on mobile app. Default is: false
    hideWeb boolean
    Do not display application icon to users. Default is: false
    honorForceAuthn boolean
    Prompt user to re-authenticate if SP asks for it. Default is: false
    idpIssuer string
    SAML issuer ID.
    implicitAssignment boolean
    Early Access Property. Enables Federation Broker Mode.
    inlineHookId string
    Saml Inline Hook associated with the application.
    keyName string
    Certificate name. This modulates the rotation of keys. New name == new key. Required to be set with key_years_valid.
    keyYearsValid number
    Number of years the certificate is valid (2 - 10 years).
    logo string
    Local file path to the logo. The file must be in PNG, JPG, or GIF format, and less than 1 MB in size.
    preconfiguredApp string
    name of application from the Okta Integration Network, if not included a custom app will be created. If not provided the following arguments are required:
    recipient string
    The location where the app may present the SAML assertion.
    requestCompressed boolean
    Denotes whether the request is compressed or not.
    responseSigned boolean
    Determines whether the SAML auth response message is digitally signed.
    samlSignedRequestEnabled boolean
    SAML Signed Request enabled
    samlVersion string
    SAML version for the app's sign-on mode. Valid values are: "2.0" or "1.1". Default is "2.0".
    signatureAlgorithm string
    Signature algorithm used ot digitally sign the assertion and response.
    singleLogoutCertificate string
    x509 encoded certificate that the Service Provider uses to sign Single Logout requests. Note: should be provided without -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----, see official documentation.
    singleLogoutIssuer string
    The issuer of the Service Provider that generates the Single Logout request.
    singleLogoutUrl string
    The location where the logout response is sent.
    spIssuer string
    SAML service provider issuer.
    ssoUrl string
    Single Sign-on Url.
    status string
    status of application.
    subjectNameIdFormat string
    Identifies the SAML processing rules.
    subjectNameIdTemplate string
    Template for app user's username when a user is assigned to the app.
    userNameTemplate string
    Username template. Default is: "${source.login}"
    userNameTemplatePushStatus string
    Push username on update. Valid values: "PUSH" and "DONT_PUSH".
    userNameTemplateSuffix string
    Username template suffix.
    userNameTemplateType string
    Username template type. Default is: "BUILT_IN".
    label str
    label of application.
    accessibility_error_redirect_url str
    Custom error page URL.
    accessibility_login_redirect_url str
    Custom login page for this application.
    accessibility_self_service bool
    Enable self-service. Default is: false.
    acs_endpoints Sequence[str]
    An array of ACS endpoints. You can configure a maximum of 100 endpoints.
    admin_note str
    Application notes for admins.
    app_links_json str
    Displays specific appLinks for the app. The value for each application link should be boolean.
    app_settings_json str
    Application settings in JSON format.
    assertion_signed bool
    Determines whether the SAML assertion is digitally signed.
    attribute_statements Sequence[SamlAttributeStatementArgs]
    List of SAML Attribute statements.
    audience str
    Audience Restriction
    authentication_policy str
    The ID of the associated app_signon_policy. If this property is removed from the application the default sign-on-policy will be associated with this application.
    authn_context_class_ref str
    Identifies the SAML authentication context class for the assertion’s authentication statement
    auto_submit_toolbar bool
    Display auto submit toolbar. Default is: false
    default_relay_state str
    Identifies a specific application resource in an IDP initiated SSO scenario.
    destination str
    Identifies the location where the SAML response is intended to be sent inside of the SAML assertion
    digest_algorithm str
    Determines the digest algorithm used to digitally sign the SAML assertion and response
    enduser_note str
    Application notes for end users.
    hide_ios bool
    Do not display application icon on mobile app. Default is: false
    hide_web bool
    Do not display application icon to users. Default is: false
    honor_force_authn bool
    Prompt user to re-authenticate if SP asks for it. Default is: false
    idp_issuer str
    SAML issuer ID.
    implicit_assignment bool
    Early Access Property. Enables Federation Broker Mode.
    inline_hook_id str
    Saml Inline Hook associated with the application.
    key_name str
    Certificate name. This modulates the rotation of keys. New name == new key. Required to be set with key_years_valid.
    key_years_valid int
    Number of years the certificate is valid (2 - 10 years).
    logo str
    Local file path to the logo. The file must be in PNG, JPG, or GIF format, and less than 1 MB in size.
    preconfigured_app str
    name of application from the Okta Integration Network, if not included a custom app will be created. If not provided the following arguments are required:
    recipient str
    The location where the app may present the SAML assertion.
    request_compressed bool
    Denotes whether the request is compressed or not.
    response_signed bool
    Determines whether the SAML auth response message is digitally signed.
    saml_signed_request_enabled bool
    SAML Signed Request enabled
    saml_version str
    SAML version for the app's sign-on mode. Valid values are: "2.0" or "1.1". Default is "2.0".
    signature_algorithm str
    Signature algorithm used ot digitally sign the assertion and response.
    single_logout_certificate str
    x509 encoded certificate that the Service Provider uses to sign Single Logout requests. Note: should be provided without -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----, see official documentation.
    single_logout_issuer str
    The issuer of the Service Provider that generates the Single Logout request.
    single_logout_url str
    The location where the logout response is sent.
    sp_issuer str
    SAML service provider issuer.
    sso_url str
    Single Sign-on Url.
    status str
    status of application.
    subject_name_id_format str
    Identifies the SAML processing rules.
    subject_name_id_template str
    Template for app user's username when a user is assigned to the app.
    user_name_template str
    Username template. Default is: "${source.login}"
    user_name_template_push_status str
    Push username on update. Valid values: "PUSH" and "DONT_PUSH".
    user_name_template_suffix str
    Username template suffix.
    user_name_template_type str
    Username template type. Default is: "BUILT_IN".
    label String
    label of application.
    accessibilityErrorRedirectUrl String
    Custom error page URL.
    accessibilityLoginRedirectUrl String
    Custom login page for this application.
    accessibilitySelfService Boolean
    Enable self-service. Default is: false.
    acsEndpoints List<String>
    An array of ACS endpoints. You can configure a maximum of 100 endpoints.
    adminNote String
    Application notes for admins.
    appLinksJson String
    Displays specific appLinks for the app. The value for each application link should be boolean.
    appSettingsJson String
    Application settings in JSON format.
    assertionSigned Boolean
    Determines whether the SAML assertion is digitally signed.
    attributeStatements List<Property Map>
    List of SAML Attribute statements.
    audience String
    Audience Restriction
    authenticationPolicy String
    The ID of the associated app_signon_policy. If this property is removed from the application the default sign-on-policy will be associated with this application.
    authnContextClassRef String
    Identifies the SAML authentication context class for the assertion’s authentication statement
    autoSubmitToolbar Boolean
    Display auto submit toolbar. Default is: false
    defaultRelayState String
    Identifies a specific application resource in an IDP initiated SSO scenario.
    destination String
    Identifies the location where the SAML response is intended to be sent inside of the SAML assertion
    digestAlgorithm String
    Determines the digest algorithm used to digitally sign the SAML assertion and response
    enduserNote String
    Application notes for end users.
    hideIos Boolean
    Do not display application icon on mobile app. Default is: false
    hideWeb Boolean
    Do not display application icon to users. Default is: false
    honorForceAuthn Boolean
    Prompt user to re-authenticate if SP asks for it. Default is: false
    idpIssuer String
    SAML issuer ID.
    implicitAssignment Boolean
    Early Access Property. Enables Federation Broker Mode.
    inlineHookId String
    Saml Inline Hook associated with the application.
    keyName String
    Certificate name. This modulates the rotation of keys. New name == new key. Required to be set with key_years_valid.
    keyYearsValid Number
    Number of years the certificate is valid (2 - 10 years).
    logo String
    Local file path to the logo. The file must be in PNG, JPG, or GIF format, and less than 1 MB in size.
    preconfiguredApp String
    name of application from the Okta Integration Network, if not included a custom app will be created. If not provided the following arguments are required:
    recipient String
    The location where the app may present the SAML assertion.
    requestCompressed Boolean
    Denotes whether the request is compressed or not.
    responseSigned Boolean
    Determines whether the SAML auth response message is digitally signed.
    samlSignedRequestEnabled Boolean
    SAML Signed Request enabled
    samlVersion String
    SAML version for the app's sign-on mode. Valid values are: "2.0" or "1.1". Default is "2.0".
    signatureAlgorithm String
    Signature algorithm used ot digitally sign the assertion and response.
    singleLogoutCertificate String
    x509 encoded certificate that the Service Provider uses to sign Single Logout requests. Note: should be provided without -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----, see official documentation.
    singleLogoutIssuer String
    The issuer of the Service Provider that generates the Single Logout request.
    singleLogoutUrl String
    The location where the logout response is sent.
    spIssuer String
    SAML service provider issuer.
    ssoUrl String
    Single Sign-on Url.
    status String
    status of application.
    subjectNameIdFormat String
    Identifies the SAML processing rules.
    subjectNameIdTemplate String
    Template for app user's username when a user is assigned to the app.
    userNameTemplate String
    Username template. Default is: "${source.login}"
    userNameTemplatePushStatus String
    Push username on update. Valid values: "PUSH" and "DONT_PUSH".
    userNameTemplateSuffix String
    Username template suffix.
    userNameTemplateType String
    Username template type. Default is: "BUILT_IN".

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Saml resource produces the following output properties:

    Certificate string
    The raw signing certificate.
    EmbedUrl string
    Url that can be used to embed this application into another portal.
    EntityKey string
    Entity ID, the ID portion of the entity_url.
    EntityUrl string
    Entity URL for instance http://www.okta.com/exk1fcia6d6EMsf331d8.
    Features List<string>
    features enabled. Notice: you can't currently configure provisioning features via the API.
    HttpPostBinding string
    urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Post location from the SAML metadata.
    HttpRedirectBinding string
    urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect location from the SAML metadata.
    Id string
    The provider-assigned unique ID for this managed resource.
    KeyId string
    Certificate key ID.
    Keys List<SamlKey>
    An array of all key credentials for the application. Format of each entry is as follows:
    LogoUrl string
    Direct link of application logo.
    Metadata string
    The raw SAML metadata in XML.
    MetadataUrl string
    SAML xml metadata URL.
    Name string
    The name of the attribute statement.
    SignOnMode string
    Sign-on mode of application.
    Certificate string
    The raw signing certificate.
    EmbedUrl string
    Url that can be used to embed this application into another portal.
    EntityKey string
    Entity ID, the ID portion of the entity_url.
    EntityUrl string
    Entity URL for instance http://www.okta.com/exk1fcia6d6EMsf331d8.
    Features []string
    features enabled. Notice: you can't currently configure provisioning features via the API.
    HttpPostBinding string
    urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Post location from the SAML metadata.
    HttpRedirectBinding string
    urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect location from the SAML metadata.
    Id string
    The provider-assigned unique ID for this managed resource.
    KeyId string
    Certificate key ID.
    Keys []SamlKey
    An array of all key credentials for the application. Format of each entry is as follows:
    LogoUrl string
    Direct link of application logo.
    Metadata string
    The raw SAML metadata in XML.
    MetadataUrl string
    SAML xml metadata URL.
    Name string
    The name of the attribute statement.
    SignOnMode string
    Sign-on mode of application.
    certificate String
    The raw signing certificate.
    embedUrl String
    Url that can be used to embed this application into another portal.
    entityKey String
    Entity ID, the ID portion of the entity_url.
    entityUrl String
    Entity URL for instance http://www.okta.com/exk1fcia6d6EMsf331d8.
    features List<String>
    features enabled. Notice: you can't currently configure provisioning features via the API.
    httpPostBinding String
    urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Post location from the SAML metadata.
    httpRedirectBinding String
    urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect location from the SAML metadata.
    id String
    The provider-assigned unique ID for this managed resource.
    keyId String
    Certificate key ID.
    keys List<SamlKey>
    An array of all key credentials for the application. Format of each entry is as follows:
    logoUrl String
    Direct link of application logo.
    metadata String
    The raw SAML metadata in XML.
    metadataUrl String
    SAML xml metadata URL.
    name String
    The name of the attribute statement.
    signOnMode String
    Sign-on mode of application.
    certificate string
    The raw signing certificate.
    embedUrl string
    Url that can be used to embed this application into another portal.
    entityKey string
    Entity ID, the ID portion of the entity_url.
    entityUrl string
    Entity URL for instance http://www.okta.com/exk1fcia6d6EMsf331d8.
    features string[]
    features enabled. Notice: you can't currently configure provisioning features via the API.
    httpPostBinding string
    urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Post location from the SAML metadata.
    httpRedirectBinding string
    urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect location from the SAML metadata.
    id string
    The provider-assigned unique ID for this managed resource.
    keyId string
    Certificate key ID.
    keys SamlKey[]
    An array of all key credentials for the application. Format of each entry is as follows:
    logoUrl string
    Direct link of application logo.
    metadata string
    The raw SAML metadata in XML.
    metadataUrl string
    SAML xml metadata URL.
    name string
    The name of the attribute statement.
    signOnMode string
    Sign-on mode of application.
    certificate str
    The raw signing certificate.
    embed_url str
    Url that can be used to embed this application into another portal.
    entity_key str
    Entity ID, the ID portion of the entity_url.
    entity_url str
    Entity URL for instance http://www.okta.com/exk1fcia6d6EMsf331d8.
    features Sequence[str]
    features enabled. Notice: you can't currently configure provisioning features via the API.
    http_post_binding str
    urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Post location from the SAML metadata.
    http_redirect_binding str
    urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect location from the SAML metadata.
    id str
    The provider-assigned unique ID for this managed resource.
    key_id str
    Certificate key ID.
    keys Sequence[SamlKey]
    An array of all key credentials for the application. Format of each entry is as follows:
    logo_url str
    Direct link of application logo.
    metadata str
    The raw SAML metadata in XML.
    metadata_url str
    SAML xml metadata URL.
    name str
    The name of the attribute statement.
    sign_on_mode str
    Sign-on mode of application.
    certificate String
    The raw signing certificate.
    embedUrl String
    Url that can be used to embed this application into another portal.
    entityKey String
    Entity ID, the ID portion of the entity_url.
    entityUrl String
    Entity URL for instance http://www.okta.com/exk1fcia6d6EMsf331d8.
    features List<String>
    features enabled. Notice: you can't currently configure provisioning features via the API.
    httpPostBinding String
    urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Post location from the SAML metadata.
    httpRedirectBinding String
    urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect location from the SAML metadata.
    id String
    The provider-assigned unique ID for this managed resource.
    keyId String
    Certificate key ID.
    keys List<Property Map>
    An array of all key credentials for the application. Format of each entry is as follows:
    logoUrl String
    Direct link of application logo.
    metadata String
    The raw SAML metadata in XML.
    metadataUrl String
    SAML xml metadata URL.
    name String
    The name of the attribute statement.
    signOnMode String
    Sign-on mode of application.

    Look up Existing Saml Resource

    Get an existing Saml resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: SamlState, opts?: CustomResourceOptions): Saml
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            accessibility_error_redirect_url: Optional[str] = None,
            accessibility_login_redirect_url: Optional[str] = None,
            accessibility_self_service: Optional[bool] = None,
            acs_endpoints: Optional[Sequence[str]] = None,
            admin_note: Optional[str] = None,
            app_links_json: Optional[str] = None,
            app_settings_json: Optional[str] = None,
            assertion_signed: Optional[bool] = None,
            attribute_statements: Optional[Sequence[SamlAttributeStatementArgs]] = None,
            audience: Optional[str] = None,
            authentication_policy: Optional[str] = None,
            authn_context_class_ref: Optional[str] = None,
            auto_submit_toolbar: Optional[bool] = None,
            certificate: Optional[str] = None,
            default_relay_state: Optional[str] = None,
            destination: Optional[str] = None,
            digest_algorithm: Optional[str] = None,
            embed_url: Optional[str] = None,
            enduser_note: Optional[str] = None,
            entity_key: Optional[str] = None,
            entity_url: Optional[str] = None,
            features: Optional[Sequence[str]] = None,
            hide_ios: Optional[bool] = None,
            hide_web: Optional[bool] = None,
            honor_force_authn: Optional[bool] = None,
            http_post_binding: Optional[str] = None,
            http_redirect_binding: Optional[str] = None,
            idp_issuer: Optional[str] = None,
            implicit_assignment: Optional[bool] = None,
            inline_hook_id: Optional[str] = None,
            key_id: Optional[str] = None,
            key_name: Optional[str] = None,
            key_years_valid: Optional[int] = None,
            keys: Optional[Sequence[SamlKeyArgs]] = None,
            label: Optional[str] = None,
            logo: Optional[str] = None,
            logo_url: Optional[str] = None,
            metadata: Optional[str] = None,
            metadata_url: Optional[str] = None,
            name: Optional[str] = None,
            preconfigured_app: Optional[str] = None,
            recipient: Optional[str] = None,
            request_compressed: Optional[bool] = None,
            response_signed: Optional[bool] = None,
            saml_signed_request_enabled: Optional[bool] = None,
            saml_version: Optional[str] = None,
            sign_on_mode: Optional[str] = None,
            signature_algorithm: Optional[str] = None,
            single_logout_certificate: Optional[str] = None,
            single_logout_issuer: Optional[str] = None,
            single_logout_url: Optional[str] = None,
            sp_issuer: Optional[str] = None,
            sso_url: Optional[str] = None,
            status: Optional[str] = None,
            subject_name_id_format: Optional[str] = None,
            subject_name_id_template: Optional[str] = None,
            user_name_template: Optional[str] = None,
            user_name_template_push_status: Optional[str] = None,
            user_name_template_suffix: Optional[str] = None,
            user_name_template_type: Optional[str] = None) -> Saml
    func GetSaml(ctx *Context, name string, id IDInput, state *SamlState, opts ...ResourceOption) (*Saml, error)
    public static Saml Get(string name, Input<string> id, SamlState? state, CustomResourceOptions? opts = null)
    public static Saml get(String name, Output<String> id, SamlState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AccessibilityErrorRedirectUrl string
    Custom error page URL.
    AccessibilityLoginRedirectUrl string
    Custom login page for this application.
    AccessibilitySelfService bool
    Enable self-service. Default is: false.
    AcsEndpoints List<string>
    An array of ACS endpoints. You can configure a maximum of 100 endpoints.
    AdminNote string
    Application notes for admins.
    AppLinksJson string
    Displays specific appLinks for the app. The value for each application link should be boolean.
    AppSettingsJson string
    Application settings in JSON format.
    AssertionSigned bool
    Determines whether the SAML assertion is digitally signed.
    AttributeStatements List<SamlAttributeStatement>
    List of SAML Attribute statements.
    Audience string
    Audience Restriction
    AuthenticationPolicy string
    The ID of the associated app_signon_policy. If this property is removed from the application the default sign-on-policy will be associated with this application.
    AuthnContextClassRef string
    Identifies the SAML authentication context class for the assertion’s authentication statement
    AutoSubmitToolbar bool
    Display auto submit toolbar. Default is: false
    Certificate string
    The raw signing certificate.
    DefaultRelayState string
    Identifies a specific application resource in an IDP initiated SSO scenario.
    Destination string
    Identifies the location where the SAML response is intended to be sent inside of the SAML assertion
    DigestAlgorithm string
    Determines the digest algorithm used to digitally sign the SAML assertion and response
    EmbedUrl string
    Url that can be used to embed this application into another portal.
    EnduserNote string
    Application notes for end users.
    EntityKey string
    Entity ID, the ID portion of the entity_url.
    EntityUrl string
    Entity URL for instance http://www.okta.com/exk1fcia6d6EMsf331d8.
    Features List<string>
    features enabled. Notice: you can't currently configure provisioning features via the API.
    HideIos bool
    Do not display application icon on mobile app. Default is: false
    HideWeb bool
    Do not display application icon to users. Default is: false
    HonorForceAuthn bool
    Prompt user to re-authenticate if SP asks for it. Default is: false
    HttpPostBinding string
    urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Post location from the SAML metadata.
    HttpRedirectBinding string
    urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect location from the SAML metadata.
    IdpIssuer string
    SAML issuer ID.
    ImplicitAssignment bool
    Early Access Property. Enables Federation Broker Mode.
    InlineHookId string
    Saml Inline Hook associated with the application.
    KeyId string
    Certificate key ID.
    KeyName string
    Certificate name. This modulates the rotation of keys. New name == new key. Required to be set with key_years_valid.
    KeyYearsValid int
    Number of years the certificate is valid (2 - 10 years).
    Keys List<SamlKey>
    An array of all key credentials for the application. Format of each entry is as follows:
    Label string
    label of application.
    Logo string
    Local file path to the logo. The file must be in PNG, JPG, or GIF format, and less than 1 MB in size.
    LogoUrl string
    Direct link of application logo.
    Metadata string
    The raw SAML metadata in XML.
    MetadataUrl string
    SAML xml metadata URL.
    Name string
    The name of the attribute statement.
    PreconfiguredApp string
    name of application from the Okta Integration Network, if not included a custom app will be created. If not provided the following arguments are required:
    Recipient string
    The location where the app may present the SAML assertion.
    RequestCompressed bool
    Denotes whether the request is compressed or not.
    ResponseSigned bool
    Determines whether the SAML auth response message is digitally signed.
    SamlSignedRequestEnabled bool
    SAML Signed Request enabled
    SamlVersion string
    SAML version for the app's sign-on mode. Valid values are: "2.0" or "1.1". Default is "2.0".
    SignOnMode string
    Sign-on mode of application.
    SignatureAlgorithm string
    Signature algorithm used ot digitally sign the assertion and response.
    SingleLogoutCertificate string
    x509 encoded certificate that the Service Provider uses to sign Single Logout requests. Note: should be provided without -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----, see official documentation.
    SingleLogoutIssuer string
    The issuer of the Service Provider that generates the Single Logout request.
    SingleLogoutUrl string
    The location where the logout response is sent.
    SpIssuer string
    SAML service provider issuer.
    SsoUrl string
    Single Sign-on Url.
    Status string
    status of application.
    SubjectNameIdFormat string
    Identifies the SAML processing rules.
    SubjectNameIdTemplate string
    Template for app user's username when a user is assigned to the app.
    UserNameTemplate string
    Username template. Default is: "${source.login}"
    UserNameTemplatePushStatus string
    Push username on update. Valid values: "PUSH" and "DONT_PUSH".
    UserNameTemplateSuffix string
    Username template suffix.
    UserNameTemplateType string
    Username template type. Default is: "BUILT_IN".
    AccessibilityErrorRedirectUrl string
    Custom error page URL.
    AccessibilityLoginRedirectUrl string
    Custom login page for this application.
    AccessibilitySelfService bool
    Enable self-service. Default is: false.
    AcsEndpoints []string
    An array of ACS endpoints. You can configure a maximum of 100 endpoints.
    AdminNote string
    Application notes for admins.
    AppLinksJson string
    Displays specific appLinks for the app. The value for each application link should be boolean.
    AppSettingsJson string
    Application settings in JSON format.
    AssertionSigned bool
    Determines whether the SAML assertion is digitally signed.
    AttributeStatements []SamlAttributeStatementArgs
    List of SAML Attribute statements.
    Audience string
    Audience Restriction
    AuthenticationPolicy string
    The ID of the associated app_signon_policy. If this property is removed from the application the default sign-on-policy will be associated with this application.
    AuthnContextClassRef string
    Identifies the SAML authentication context class for the assertion’s authentication statement
    AutoSubmitToolbar bool
    Display auto submit toolbar. Default is: false
    Certificate string
    The raw signing certificate.
    DefaultRelayState string
    Identifies a specific application resource in an IDP initiated SSO scenario.
    Destination string
    Identifies the location where the SAML response is intended to be sent inside of the SAML assertion
    DigestAlgorithm string
    Determines the digest algorithm used to digitally sign the SAML assertion and response
    EmbedUrl string
    Url that can be used to embed this application into another portal.
    EnduserNote string
    Application notes for end users.
    EntityKey string
    Entity ID, the ID portion of the entity_url.
    EntityUrl string
    Entity URL for instance http://www.okta.com/exk1fcia6d6EMsf331d8.
    Features []string
    features enabled. Notice: you can't currently configure provisioning features via the API.
    HideIos bool
    Do not display application icon on mobile app. Default is: false
    HideWeb bool
    Do not display application icon to users. Default is: false
    HonorForceAuthn bool
    Prompt user to re-authenticate if SP asks for it. Default is: false
    HttpPostBinding string
    urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Post location from the SAML metadata.
    HttpRedirectBinding string
    urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect location from the SAML metadata.
    IdpIssuer string
    SAML issuer ID.
    ImplicitAssignment bool
    Early Access Property. Enables Federation Broker Mode.
    InlineHookId string
    Saml Inline Hook associated with the application.
    KeyId string
    Certificate key ID.
    KeyName string
    Certificate name. This modulates the rotation of keys. New name == new key. Required to be set with key_years_valid.
    KeyYearsValid int
    Number of years the certificate is valid (2 - 10 years).
    Keys []SamlKeyArgs
    An array of all key credentials for the application. Format of each entry is as follows:
    Label string
    label of application.
    Logo string
    Local file path to the logo. The file must be in PNG, JPG, or GIF format, and less than 1 MB in size.
    LogoUrl string
    Direct link of application logo.
    Metadata string
    The raw SAML metadata in XML.
    MetadataUrl string
    SAML xml metadata URL.
    Name string
    The name of the attribute statement.
    PreconfiguredApp string
    name of application from the Okta Integration Network, if not included a custom app will be created. If not provided the following arguments are required:
    Recipient string
    The location where the app may present the SAML assertion.
    RequestCompressed bool
    Denotes whether the request is compressed or not.
    ResponseSigned bool
    Determines whether the SAML auth response message is digitally signed.
    SamlSignedRequestEnabled bool
    SAML Signed Request enabled
    SamlVersion string
    SAML version for the app's sign-on mode. Valid values are: "2.0" or "1.1". Default is "2.0".
    SignOnMode string
    Sign-on mode of application.
    SignatureAlgorithm string
    Signature algorithm used ot digitally sign the assertion and response.
    SingleLogoutCertificate string
    x509 encoded certificate that the Service Provider uses to sign Single Logout requests. Note: should be provided without -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----, see official documentation.
    SingleLogoutIssuer string
    The issuer of the Service Provider that generates the Single Logout request.
    SingleLogoutUrl string
    The location where the logout response is sent.
    SpIssuer string
    SAML service provider issuer.
    SsoUrl string
    Single Sign-on Url.
    Status string
    status of application.
    SubjectNameIdFormat string
    Identifies the SAML processing rules.
    SubjectNameIdTemplate string
    Template for app user's username when a user is assigned to the app.
    UserNameTemplate string
    Username template. Default is: "${source.login}"
    UserNameTemplatePushStatus string
    Push username on update. Valid values: "PUSH" and "DONT_PUSH".
    UserNameTemplateSuffix string
    Username template suffix.
    UserNameTemplateType string
    Username template type. Default is: "BUILT_IN".
    accessibilityErrorRedirectUrl String
    Custom error page URL.
    accessibilityLoginRedirectUrl String
    Custom login page for this application.
    accessibilitySelfService Boolean
    Enable self-service. Default is: false.
    acsEndpoints List<String>
    An array of ACS endpoints. You can configure a maximum of 100 endpoints.
    adminNote String
    Application notes for admins.
    appLinksJson String
    Displays specific appLinks for the app. The value for each application link should be boolean.
    appSettingsJson String
    Application settings in JSON format.
    assertionSigned Boolean
    Determines whether the SAML assertion is digitally signed.
    attributeStatements List<SamlAttributeStatement>
    List of SAML Attribute statements.
    audience String
    Audience Restriction
    authenticationPolicy String
    The ID of the associated app_signon_policy. If this property is removed from the application the default sign-on-policy will be associated with this application.
    authnContextClassRef String
    Identifies the SAML authentication context class for the assertion’s authentication statement
    autoSubmitToolbar Boolean
    Display auto submit toolbar. Default is: false
    certificate String
    The raw signing certificate.
    defaultRelayState String
    Identifies a specific application resource in an IDP initiated SSO scenario.
    destination String
    Identifies the location where the SAML response is intended to be sent inside of the SAML assertion
    digestAlgorithm String
    Determines the digest algorithm used to digitally sign the SAML assertion and response
    embedUrl String
    Url that can be used to embed this application into another portal.
    enduserNote String
    Application notes for end users.
    entityKey String
    Entity ID, the ID portion of the entity_url.
    entityUrl String
    Entity URL for instance http://www.okta.com/exk1fcia6d6EMsf331d8.
    features List<String>
    features enabled. Notice: you can't currently configure provisioning features via the API.
    hideIos Boolean
    Do not display application icon on mobile app. Default is: false
    hideWeb Boolean
    Do not display application icon to users. Default is: false
    honorForceAuthn Boolean
    Prompt user to re-authenticate if SP asks for it. Default is: false
    httpPostBinding String
    urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Post location from the SAML metadata.
    httpRedirectBinding String
    urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect location from the SAML metadata.
    idpIssuer String
    SAML issuer ID.
    implicitAssignment Boolean
    Early Access Property. Enables Federation Broker Mode.
    inlineHookId String
    Saml Inline Hook associated with the application.
    keyId String
    Certificate key ID.
    keyName String
    Certificate name. This modulates the rotation of keys. New name == new key. Required to be set with key_years_valid.
    keyYearsValid Integer
    Number of years the certificate is valid (2 - 10 years).
    keys List<SamlKey>
    An array of all key credentials for the application. Format of each entry is as follows:
    label String
    label of application.
    logo String
    Local file path to the logo. The file must be in PNG, JPG, or GIF format, and less than 1 MB in size.
    logoUrl String
    Direct link of application logo.
    metadata String
    The raw SAML metadata in XML.
    metadataUrl String
    SAML xml metadata URL.
    name String
    The name of the attribute statement.
    preconfiguredApp String
    name of application from the Okta Integration Network, if not included a custom app will be created. If not provided the following arguments are required:
    recipient String
    The location where the app may present the SAML assertion.
    requestCompressed Boolean
    Denotes whether the request is compressed or not.
    responseSigned Boolean
    Determines whether the SAML auth response message is digitally signed.
    samlSignedRequestEnabled Boolean
    SAML Signed Request enabled
    samlVersion String
    SAML version for the app's sign-on mode. Valid values are: "2.0" or "1.1". Default is "2.0".
    signOnMode String
    Sign-on mode of application.
    signatureAlgorithm String
    Signature algorithm used ot digitally sign the assertion and response.
    singleLogoutCertificate String
    x509 encoded certificate that the Service Provider uses to sign Single Logout requests. Note: should be provided without -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----, see official documentation.
    singleLogoutIssuer String
    The issuer of the Service Provider that generates the Single Logout request.
    singleLogoutUrl String
    The location where the logout response is sent.
    spIssuer String
    SAML service provider issuer.
    ssoUrl String
    Single Sign-on Url.
    status String
    status of application.
    subjectNameIdFormat String
    Identifies the SAML processing rules.
    subjectNameIdTemplate String
    Template for app user's username when a user is assigned to the app.
    userNameTemplate String
    Username template. Default is: "${source.login}"
    userNameTemplatePushStatus String
    Push username on update. Valid values: "PUSH" and "DONT_PUSH".
    userNameTemplateSuffix String
    Username template suffix.
    userNameTemplateType String
    Username template type. Default is: "BUILT_IN".
    accessibilityErrorRedirectUrl string
    Custom error page URL.
    accessibilityLoginRedirectUrl string
    Custom login page for this application.
    accessibilitySelfService boolean
    Enable self-service. Default is: false.
    acsEndpoints string[]
    An array of ACS endpoints. You can configure a maximum of 100 endpoints.
    adminNote string
    Application notes for admins.
    appLinksJson string
    Displays specific appLinks for the app. The value for each application link should be boolean.
    appSettingsJson string
    Application settings in JSON format.
    assertionSigned boolean
    Determines whether the SAML assertion is digitally signed.
    attributeStatements SamlAttributeStatement[]
    List of SAML Attribute statements.
    audience string
    Audience Restriction
    authenticationPolicy string
    The ID of the associated app_signon_policy. If this property is removed from the application the default sign-on-policy will be associated with this application.
    authnContextClassRef string
    Identifies the SAML authentication context class for the assertion’s authentication statement
    autoSubmitToolbar boolean
    Display auto submit toolbar. Default is: false
    certificate string
    The raw signing certificate.
    defaultRelayState string
    Identifies a specific application resource in an IDP initiated SSO scenario.
    destination string
    Identifies the location where the SAML response is intended to be sent inside of the SAML assertion
    digestAlgorithm string
    Determines the digest algorithm used to digitally sign the SAML assertion and response
    embedUrl string
    Url that can be used to embed this application into another portal.
    enduserNote string
    Application notes for end users.
    entityKey string
    Entity ID, the ID portion of the entity_url.
    entityUrl string
    Entity URL for instance http://www.okta.com/exk1fcia6d6EMsf331d8.
    features string[]
    features enabled. Notice: you can't currently configure provisioning features via the API.
    hideIos boolean
    Do not display application icon on mobile app. Default is: false
    hideWeb boolean
    Do not display application icon to users. Default is: false
    honorForceAuthn boolean
    Prompt user to re-authenticate if SP asks for it. Default is: false
    httpPostBinding string
    urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Post location from the SAML metadata.
    httpRedirectBinding string
    urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect location from the SAML metadata.
    idpIssuer string
    SAML issuer ID.
    implicitAssignment boolean
    Early Access Property. Enables Federation Broker Mode.
    inlineHookId string
    Saml Inline Hook associated with the application.
    keyId string
    Certificate key ID.
    keyName string
    Certificate name. This modulates the rotation of keys. New name == new key. Required to be set with key_years_valid.
    keyYearsValid number
    Number of years the certificate is valid (2 - 10 years).
    keys SamlKey[]
    An array of all key credentials for the application. Format of each entry is as follows:
    label string
    label of application.
    logo string
    Local file path to the logo. The file must be in PNG, JPG, or GIF format, and less than 1 MB in size.
    logoUrl string
    Direct link of application logo.
    metadata string
    The raw SAML metadata in XML.
    metadataUrl string
    SAML xml metadata URL.
    name string
    The name of the attribute statement.
    preconfiguredApp string
    name of application from the Okta Integration Network, if not included a custom app will be created. If not provided the following arguments are required:
    recipient string
    The location where the app may present the SAML assertion.
    requestCompressed boolean
    Denotes whether the request is compressed or not.
    responseSigned boolean
    Determines whether the SAML auth response message is digitally signed.
    samlSignedRequestEnabled boolean
    SAML Signed Request enabled
    samlVersion string
    SAML version for the app's sign-on mode. Valid values are: "2.0" or "1.1". Default is "2.0".
    signOnMode string
    Sign-on mode of application.
    signatureAlgorithm string
    Signature algorithm used ot digitally sign the assertion and response.
    singleLogoutCertificate string
    x509 encoded certificate that the Service Provider uses to sign Single Logout requests. Note: should be provided without -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----, see official documentation.
    singleLogoutIssuer string
    The issuer of the Service Provider that generates the Single Logout request.
    singleLogoutUrl string
    The location where the logout response is sent.
    spIssuer string
    SAML service provider issuer.
    ssoUrl string
    Single Sign-on Url.
    status string
    status of application.
    subjectNameIdFormat string
    Identifies the SAML processing rules.
    subjectNameIdTemplate string
    Template for app user's username when a user is assigned to the app.
    userNameTemplate string
    Username template. Default is: "${source.login}"
    userNameTemplatePushStatus string
    Push username on update. Valid values: "PUSH" and "DONT_PUSH".
    userNameTemplateSuffix string
    Username template suffix.
    userNameTemplateType string
    Username template type. Default is: "BUILT_IN".
    accessibility_error_redirect_url str
    Custom error page URL.
    accessibility_login_redirect_url str
    Custom login page for this application.
    accessibility_self_service bool
    Enable self-service. Default is: false.
    acs_endpoints Sequence[str]
    An array of ACS endpoints. You can configure a maximum of 100 endpoints.
    admin_note str
    Application notes for admins.
    app_links_json str
    Displays specific appLinks for the app. The value for each application link should be boolean.
    app_settings_json str
    Application settings in JSON format.
    assertion_signed bool
    Determines whether the SAML assertion is digitally signed.
    attribute_statements Sequence[SamlAttributeStatementArgs]
    List of SAML Attribute statements.
    audience str
    Audience Restriction
    authentication_policy str
    The ID of the associated app_signon_policy. If this property is removed from the application the default sign-on-policy will be associated with this application.
    authn_context_class_ref str
    Identifies the SAML authentication context class for the assertion’s authentication statement
    auto_submit_toolbar bool
    Display auto submit toolbar. Default is: false
    certificate str
    The raw signing certificate.
    default_relay_state str
    Identifies a specific application resource in an IDP initiated SSO scenario.
    destination str
    Identifies the location where the SAML response is intended to be sent inside of the SAML assertion
    digest_algorithm str
    Determines the digest algorithm used to digitally sign the SAML assertion and response
    embed_url str
    Url that can be used to embed this application into another portal.
    enduser_note str
    Application notes for end users.
    entity_key str
    Entity ID, the ID portion of the entity_url.
    entity_url str
    Entity URL for instance http://www.okta.com/exk1fcia6d6EMsf331d8.
    features Sequence[str]
    features enabled. Notice: you can't currently configure provisioning features via the API.
    hide_ios bool
    Do not display application icon on mobile app. Default is: false
    hide_web bool
    Do not display application icon to users. Default is: false
    honor_force_authn bool
    Prompt user to re-authenticate if SP asks for it. Default is: false
    http_post_binding str
    urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Post location from the SAML metadata.
    http_redirect_binding str
    urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect location from the SAML metadata.
    idp_issuer str
    SAML issuer ID.
    implicit_assignment bool
    Early Access Property. Enables Federation Broker Mode.
    inline_hook_id str
    Saml Inline Hook associated with the application.
    key_id str
    Certificate key ID.
    key_name str
    Certificate name. This modulates the rotation of keys. New name == new key. Required to be set with key_years_valid.
    key_years_valid int
    Number of years the certificate is valid (2 - 10 years).
    keys Sequence[SamlKeyArgs]
    An array of all key credentials for the application. Format of each entry is as follows:
    label str
    label of application.
    logo str
    Local file path to the logo. The file must be in PNG, JPG, or GIF format, and less than 1 MB in size.
    logo_url str
    Direct link of application logo.
    metadata str
    The raw SAML metadata in XML.
    metadata_url str
    SAML xml metadata URL.
    name str
    The name of the attribute statement.
    preconfigured_app str
    name of application from the Okta Integration Network, if not included a custom app will be created. If not provided the following arguments are required:
    recipient str
    The location where the app may present the SAML assertion.
    request_compressed bool
    Denotes whether the request is compressed or not.
    response_signed bool
    Determines whether the SAML auth response message is digitally signed.
    saml_signed_request_enabled bool
    SAML Signed Request enabled
    saml_version str
    SAML version for the app's sign-on mode. Valid values are: "2.0" or "1.1". Default is "2.0".
    sign_on_mode str
    Sign-on mode of application.
    signature_algorithm str
    Signature algorithm used ot digitally sign the assertion and response.
    single_logout_certificate str
    x509 encoded certificate that the Service Provider uses to sign Single Logout requests. Note: should be provided without -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----, see official documentation.
    single_logout_issuer str
    The issuer of the Service Provider that generates the Single Logout request.
    single_logout_url str
    The location where the logout response is sent.
    sp_issuer str
    SAML service provider issuer.
    sso_url str
    Single Sign-on Url.
    status str
    status of application.
    subject_name_id_format str
    Identifies the SAML processing rules.
    subject_name_id_template str
    Template for app user's username when a user is assigned to the app.
    user_name_template str
    Username template. Default is: "${source.login}"
    user_name_template_push_status str
    Push username on update. Valid values: "PUSH" and "DONT_PUSH".
    user_name_template_suffix str
    Username template suffix.
    user_name_template_type str
    Username template type. Default is: "BUILT_IN".
    accessibilityErrorRedirectUrl String
    Custom error page URL.
    accessibilityLoginRedirectUrl String
    Custom login page for this application.
    accessibilitySelfService Boolean
    Enable self-service. Default is: false.
    acsEndpoints List<String>
    An array of ACS endpoints. You can configure a maximum of 100 endpoints.
    adminNote String
    Application notes for admins.
    appLinksJson String
    Displays specific appLinks for the app. The value for each application link should be boolean.
    appSettingsJson String
    Application settings in JSON format.
    assertionSigned Boolean
    Determines whether the SAML assertion is digitally signed.
    attributeStatements List<Property Map>
    List of SAML Attribute statements.
    audience String
    Audience Restriction
    authenticationPolicy String
    The ID of the associated app_signon_policy. If this property is removed from the application the default sign-on-policy will be associated with this application.
    authnContextClassRef String
    Identifies the SAML authentication context class for the assertion’s authentication statement
    autoSubmitToolbar Boolean
    Display auto submit toolbar. Default is: false
    certificate String
    The raw signing certificate.
    defaultRelayState String
    Identifies a specific application resource in an IDP initiated SSO scenario.
    destination String
    Identifies the location where the SAML response is intended to be sent inside of the SAML assertion
    digestAlgorithm String
    Determines the digest algorithm used to digitally sign the SAML assertion and response
    embedUrl String
    Url that can be used to embed this application into another portal.
    enduserNote String
    Application notes for end users.
    entityKey String
    Entity ID, the ID portion of the entity_url.
    entityUrl String
    Entity URL for instance http://www.okta.com/exk1fcia6d6EMsf331d8.
    features List<String>
    features enabled. Notice: you can't currently configure provisioning features via the API.
    hideIos Boolean
    Do not display application icon on mobile app. Default is: false
    hideWeb Boolean
    Do not display application icon to users. Default is: false
    honorForceAuthn Boolean
    Prompt user to re-authenticate if SP asks for it. Default is: false
    httpPostBinding String
    urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Post location from the SAML metadata.
    httpRedirectBinding String
    urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect location from the SAML metadata.
    idpIssuer String
    SAML issuer ID.
    implicitAssignment Boolean
    Early Access Property. Enables Federation Broker Mode.
    inlineHookId String
    Saml Inline Hook associated with the application.
    keyId String
    Certificate key ID.
    keyName String
    Certificate name. This modulates the rotation of keys. New name == new key. Required to be set with key_years_valid.
    keyYearsValid Number
    Number of years the certificate is valid (2 - 10 years).
    keys List<Property Map>
    An array of all key credentials for the application. Format of each entry is as follows:
    label String
    label of application.
    logo String
    Local file path to the logo. The file must be in PNG, JPG, or GIF format, and less than 1 MB in size.
    logoUrl String
    Direct link of application logo.
    metadata String
    The raw SAML metadata in XML.
    metadataUrl String
    SAML xml metadata URL.
    name String
    The name of the attribute statement.
    preconfiguredApp String
    name of application from the Okta Integration Network, if not included a custom app will be created. If not provided the following arguments are required:
    recipient String
    The location where the app may present the SAML assertion.
    requestCompressed Boolean
    Denotes whether the request is compressed or not.
    responseSigned Boolean
    Determines whether the SAML auth response message is digitally signed.
    samlSignedRequestEnabled Boolean
    SAML Signed Request enabled
    samlVersion String
    SAML version for the app's sign-on mode. Valid values are: "2.0" or "1.1". Default is "2.0".
    signOnMode String
    Sign-on mode of application.
    signatureAlgorithm String
    Signature algorithm used ot digitally sign the assertion and response.
    singleLogoutCertificate String
    x509 encoded certificate that the Service Provider uses to sign Single Logout requests. Note: should be provided without -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----, see official documentation.
    singleLogoutIssuer String
    The issuer of the Service Provider that generates the Single Logout request.
    singleLogoutUrl String
    The location where the logout response is sent.
    spIssuer String
    SAML service provider issuer.
    ssoUrl String
    Single Sign-on Url.
    status String
    status of application.
    subjectNameIdFormat String
    Identifies the SAML processing rules.
    subjectNameIdTemplate String
    Template for app user's username when a user is assigned to the app.
    userNameTemplate String
    Username template. Default is: "${source.login}"
    userNameTemplatePushStatus String
    Push username on update. Valid values: "PUSH" and "DONT_PUSH".
    userNameTemplateSuffix String
    Username template suffix.
    userNameTemplateType String
    Username template type. Default is: "BUILT_IN".

    Supporting Types

    SamlAttributeStatement, SamlAttributeStatementArgs

    Name string
    The name of the attribute statement.
    FilterType string
    Type of group attribute filter. Valid values are: "STARTS_WITH", "EQUALS", "CONTAINS", or "REGEX"
    FilterValue string
    Filter value to use.
    Namespace string
    The attribute namespace. It can be set to "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified", "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", or "urn:oasis:names:tc:SAML:2.0:attrname-format:basic".
    Type string
    The type of attribute statement value. Valid values are: "EXPRESSION" or "GROUP". Default is "EXPRESSION".
    Values List<string>
    Array of values to use.
    Name string
    The name of the attribute statement.
    FilterType string
    Type of group attribute filter. Valid values are: "STARTS_WITH", "EQUALS", "CONTAINS", or "REGEX"
    FilterValue string
    Filter value to use.
    Namespace string
    The attribute namespace. It can be set to "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified", "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", or "urn:oasis:names:tc:SAML:2.0:attrname-format:basic".
    Type string
    The type of attribute statement value. Valid values are: "EXPRESSION" or "GROUP". Default is "EXPRESSION".
    Values []string
    Array of values to use.
    name String
    The name of the attribute statement.
    filterType String
    Type of group attribute filter. Valid values are: "STARTS_WITH", "EQUALS", "CONTAINS", or "REGEX"
    filterValue String
    Filter value to use.
    namespace String
    The attribute namespace. It can be set to "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified", "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", or "urn:oasis:names:tc:SAML:2.0:attrname-format:basic".
    type String
    The type of attribute statement value. Valid values are: "EXPRESSION" or "GROUP". Default is "EXPRESSION".
    values List<String>
    Array of values to use.
    name string
    The name of the attribute statement.
    filterType string
    Type of group attribute filter. Valid values are: "STARTS_WITH", "EQUALS", "CONTAINS", or "REGEX"
    filterValue string
    Filter value to use.
    namespace string
    The attribute namespace. It can be set to "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified", "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", or "urn:oasis:names:tc:SAML:2.0:attrname-format:basic".
    type string
    The type of attribute statement value. Valid values are: "EXPRESSION" or "GROUP". Default is "EXPRESSION".
    values string[]
    Array of values to use.
    name str
    The name of the attribute statement.
    filter_type str
    Type of group attribute filter. Valid values are: "STARTS_WITH", "EQUALS", "CONTAINS", or "REGEX"
    filter_value str
    Filter value to use.
    namespace str
    The attribute namespace. It can be set to "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified", "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", or "urn:oasis:names:tc:SAML:2.0:attrname-format:basic".
    type str
    The type of attribute statement value. Valid values are: "EXPRESSION" or "GROUP". Default is "EXPRESSION".
    values Sequence[str]
    Array of values to use.
    name String
    The name of the attribute statement.
    filterType String
    Type of group attribute filter. Valid values are: "STARTS_WITH", "EQUALS", "CONTAINS", or "REGEX"
    filterValue String
    Filter value to use.
    namespace String
    The attribute namespace. It can be set to "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified", "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", or "urn:oasis:names:tc:SAML:2.0:attrname-format:basic".
    type String
    The type of attribute statement value. Valid values are: "EXPRESSION" or "GROUP". Default is "EXPRESSION".
    values List<String>
    Array of values to use.

    SamlKey, SamlKeyArgs

    Created string
    Date created.
    E string
    RSA exponent.
    ExpiresAt string
    Date the key expires.
    Kid string
    Key ID.
    Kty string
    Identifies the cryptographic algorithm family used with the key.
    LastUpdated string
    Date the key was last updated.
    N string
    RSA modulus.
    Use string
    Intended use of the public key.
    X5cs List<string>
    X.509 certificate chain.
    X5tS256 string
    X.509 certificate SHA-256 thumbprint.
    Created string
    Date created.
    E string
    RSA exponent.
    ExpiresAt string
    Date the key expires.
    Kid string
    Key ID.
    Kty string
    Identifies the cryptographic algorithm family used with the key.
    LastUpdated string
    Date the key was last updated.
    N string
    RSA modulus.
    Use string
    Intended use of the public key.
    X5cs []string
    X.509 certificate chain.
    X5tS256 string
    X.509 certificate SHA-256 thumbprint.
    created String
    Date created.
    e String
    RSA exponent.
    expiresAt String
    Date the key expires.
    kid String
    Key ID.
    kty String
    Identifies the cryptographic algorithm family used with the key.
    lastUpdated String
    Date the key was last updated.
    n String
    RSA modulus.
    use String
    Intended use of the public key.
    x5cs List<String>
    X.509 certificate chain.
    x5tS256 String
    X.509 certificate SHA-256 thumbprint.
    created string
    Date created.
    e string
    RSA exponent.
    expiresAt string
    Date the key expires.
    kid string
    Key ID.
    kty string
    Identifies the cryptographic algorithm family used with the key.
    lastUpdated string
    Date the key was last updated.
    n string
    RSA modulus.
    use string
    Intended use of the public key.
    x5cs string[]
    X.509 certificate chain.
    x5tS256 string
    X.509 certificate SHA-256 thumbprint.
    created str
    Date created.
    e str
    RSA exponent.
    expires_at str
    Date the key expires.
    kid str
    Key ID.
    kty str
    Identifies the cryptographic algorithm family used with the key.
    last_updated str
    Date the key was last updated.
    n str
    RSA modulus.
    use str
    Intended use of the public key.
    x5cs Sequence[str]
    X.509 certificate chain.
    x5t_s256 str
    X.509 certificate SHA-256 thumbprint.
    created String
    Date created.
    e String
    RSA exponent.
    expiresAt String
    Date the key expires.
    kid String
    Key ID.
    kty String
    Identifies the cryptographic algorithm family used with the key.
    lastUpdated String
    Date the key was last updated.
    n String
    RSA modulus.
    use String
    Intended use of the public key.
    x5cs List<String>
    X.509 certificate chain.
    x5tS256 String
    X.509 certificate SHA-256 thumbprint.

    Import

    A SAML App can be imported via the Okta ID.

    $ pulumi import okta:app/saml:Saml example &#60;app id&#62;
    

    Package Details

    Repository
    Okta pulumi/pulumi-okta
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the okta Terraform Provider.
    okta logo
    Okta v4.8.0 published on Saturday, Mar 2, 2024 by Pulumi