Assigns Admin roles to Okta Groups. This resource allows you to assign Okta administrator roles to Okta Groups. This resource provides a one-to-one interface between the Okta group and the admin role.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as okta from "@pulumi/okta";
import * as std from "@pulumi/std";
const example = new okta.group.Role("example", {
groupId: "<group id>",
roleType: "READ_ONLY_ADMIN",
});
// Example for CUSTOM role
const test = new okta.group.Group("test", {
name: "testAcc_replace_with_uuid",
description: "testing",
});
const testResourceSet = new okta.ResourceSet("test", {
label: "test",
description: "testing, testing",
resources: [std.index.format({
input: "%s/api/v1/users",
args: ["https://tien-oie-2023-26-26.oktapreview.com"],
}).result],
});
const testAdminRoleCustom = new okta.AdminRoleCustom("test", {
label: "testt",
description: "testing, testing",
permissions: [
"okta.apps.assignment.manage",
"okta.users.manage",
"okta.apps.manage",
],
});
const testRole = new okta.group.Role("test", {
groupId: test.id,
roleId: testAdminRoleCustom.id,
resourceSetId: testResourceSet.id,
roleType: "CUSTOM",
});
import pulumi
import pulumi_okta as okta
import pulumi_std as std
example = okta.group.Role("example",
group_id="<group id>",
role_type="READ_ONLY_ADMIN")
# Example for CUSTOM role
test = okta.group.Group("test",
name="testAcc_replace_with_uuid",
description="testing")
test_resource_set = okta.ResourceSet("test",
label="test",
description="testing, testing",
resources=[std.index.format(input="%s/api/v1/users",
args=["https://tien-oie-2023-26-26.oktapreview.com"])["result"]])
test_admin_role_custom = okta.AdminRoleCustom("test",
label="testt",
description="testing, testing",
permissions=[
"okta.apps.assignment.manage",
"okta.users.manage",
"okta.apps.manage",
])
test_role = okta.group.Role("test",
group_id=test.id,
role_id=test_admin_role_custom.id,
resource_set_id=test_resource_set.id,
role_type="CUSTOM")
package main
import (
"github.com/pulumi/pulumi-okta/sdk/v6/go/okta"
"github.com/pulumi/pulumi-okta/sdk/v6/go/okta/group"
"github.com/pulumi/pulumi-std/sdk/go/std"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := group.NewRole(ctx, "example", &group.RoleArgs{
GroupId: pulumi.String("<group id>"),
RoleType: pulumi.String("READ_ONLY_ADMIN"),
})
if err != nil {
return err
}
// Example for CUSTOM role
test, err := group.NewGroup(ctx, "test", &group.GroupArgs{
Name: pulumi.String("testAcc_replace_with_uuid"),
Description: pulumi.String("testing"),
})
if err != nil {
return err
}
invokeFormat, err := std.Format(ctx, map[string]interface{}{
"input": "%s/api/v1/users",
"args": []string{
"https://tien-oie-2023-26-26.oktapreview.com",
},
}, nil)
if err != nil {
return err
}
testResourceSet, err := okta.NewResourceSet(ctx, "test", &okta.ResourceSetArgs{
Label: pulumi.String("test"),
Description: pulumi.String("testing, testing"),
Resources: pulumi.StringArray{
invokeFormat.Result,
},
})
if err != nil {
return err
}
testAdminRoleCustom, err := okta.NewAdminRoleCustom(ctx, "test", &okta.AdminRoleCustomArgs{
Label: pulumi.String("testt"),
Description: pulumi.String("testing, testing"),
Permissions: pulumi.StringArray{
pulumi.String("okta.apps.assignment.manage"),
pulumi.String("okta.users.manage"),
pulumi.String("okta.apps.manage"),
},
})
if err != nil {
return err
}
_, err = group.NewRole(ctx, "test", &group.RoleArgs{
GroupId: test.ID(),
RoleId: testAdminRoleCustom.ID(),
ResourceSetId: testResourceSet.ID(),
RoleType: pulumi.String("CUSTOM"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Okta = Pulumi.Okta;
using Std = Pulumi.Std;
return await Deployment.RunAsync(() =>
{
var example = new Okta.Group.Role("example", new()
{
GroupId = "<group id>",
RoleType = "READ_ONLY_ADMIN",
});
// Example for CUSTOM role
var test = new Okta.Group.Group("test", new()
{
Name = "testAcc_replace_with_uuid",
Description = "testing",
});
var testResourceSet = new Okta.ResourceSet("test", new()
{
Label = "test",
Description = "testing, testing",
Resources = new[]
{
Std.Index.Format.Invoke(new()
{
Input = "%s/api/v1/users",
Args = new[]
{
"https://tien-oie-2023-26-26.oktapreview.com",
},
}).Result,
},
});
var testAdminRoleCustom = new Okta.AdminRoleCustom("test", new()
{
Label = "testt",
Description = "testing, testing",
Permissions = new[]
{
"okta.apps.assignment.manage",
"okta.users.manage",
"okta.apps.manage",
},
});
var testRole = new Okta.Group.Role("test", new()
{
GroupId = test.Id,
RoleId = testAdminRoleCustom.Id,
ResourceSetId = testResourceSet.Id,
RoleType = "CUSTOM",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.okta.group.Role;
import com.pulumi.okta.group.RoleArgs;
import com.pulumi.okta.group.Group;
import com.pulumi.okta.group.GroupArgs;
import com.pulumi.okta.ResourceSet;
import com.pulumi.okta.ResourceSetArgs;
import com.pulumi.std.StdFunctions;
import com.pulumi.okta.AdminRoleCustom;
import com.pulumi.okta.AdminRoleCustomArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Role("example", RoleArgs.builder()
.groupId("<group id>")
.roleType("READ_ONLY_ADMIN")
.build());
// Example for CUSTOM role
var test = new Group("test", GroupArgs.builder()
.name("testAcc_replace_with_uuid")
.description("testing")
.build());
var testResourceSet = new ResourceSet("testResourceSet", ResourceSetArgs.builder()
.label("test")
.description("testing, testing")
.resources(StdFunctions.format(Map.ofEntries(
Map.entry("input", "%s/api/v1/users"),
Map.entry("args", "https://tien-oie-2023-26-26.oktapreview.com")
)).result())
.build());
var testAdminRoleCustom = new AdminRoleCustom("testAdminRoleCustom", AdminRoleCustomArgs.builder()
.label("testt")
.description("testing, testing")
.permissions(
"okta.apps.assignment.manage",
"okta.users.manage",
"okta.apps.manage")
.build());
var testRole = new Role("testRole", RoleArgs.builder()
.groupId(test.id())
.roleId(testAdminRoleCustom.id())
.resourceSetId(testResourceSet.id())
.roleType("CUSTOM")
.build());
}
}
resources:
example:
type: okta:group:Role
properties:
groupId: <group id>
roleType: READ_ONLY_ADMIN
# Example for CUSTOM role
test:
type: okta:group:Group
properties:
name: testAcc_replace_with_uuid
description: testing
testResourceSet:
type: okta:ResourceSet
name: test
properties:
label: test
description: testing, testing
resources:
- fn::invoke:
function: std:format
arguments:
input: '%s/api/v1/users'
args:
- https://tien-oie-2023-26-26.oktapreview.com
return: result
testAdminRoleCustom:
type: okta:AdminRoleCustom
name: test
properties:
label: testt
description: testing, testing
permissions:
- okta.apps.assignment.manage
- okta.users.manage
- okta.apps.manage
testRole:
type: okta:group:Role
name: test
properties:
groupId: ${test.id}
roleId: ${testAdminRoleCustom.id}
resourceSetId: ${testResourceSet.id}
roleType: CUSTOM
Create Role Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Role(name: string, args: RoleArgs, opts?: CustomResourceOptions);@overload
def Role(resource_name: str,
args: RoleArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Role(resource_name: str,
opts: Optional[ResourceOptions] = None,
group_id: Optional[str] = None,
role_type: Optional[str] = None,
disable_notifications: Optional[bool] = None,
resource_set_id: Optional[str] = None,
role_id: Optional[str] = None,
target_app_lists: Optional[Sequence[str]] = None,
target_group_lists: Optional[Sequence[str]] = None)func NewRole(ctx *Context, name string, args RoleArgs, opts ...ResourceOption) (*Role, error)public Role(string name, RoleArgs args, CustomResourceOptions? opts = null)type: okta:group:Role
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args RoleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args RoleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args RoleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args RoleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args RoleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var roleResource = new Okta.Group.Role("roleResource", new()
{
GroupId = "string",
RoleType = "string",
DisableNotifications = false,
ResourceSetId = "string",
RoleId = "string",
TargetAppLists = new[]
{
"string",
},
TargetGroupLists = new[]
{
"string",
},
});
example, err := group.NewRole(ctx, "roleResource", &group.RoleArgs{
GroupId: pulumi.String("string"),
RoleType: pulumi.String("string"),
DisableNotifications: pulumi.Bool(false),
ResourceSetId: pulumi.String("string"),
RoleId: pulumi.String("string"),
TargetAppLists: pulumi.StringArray{
pulumi.String("string"),
},
TargetGroupLists: pulumi.StringArray{
pulumi.String("string"),
},
})
var roleResource = new Role("roleResource", RoleArgs.builder()
.groupId("string")
.roleType("string")
.disableNotifications(false)
.resourceSetId("string")
.roleId("string")
.targetAppLists("string")
.targetGroupLists("string")
.build());
role_resource = okta.group.Role("roleResource",
group_id="string",
role_type="string",
disable_notifications=False,
resource_set_id="string",
role_id="string",
target_app_lists=["string"],
target_group_lists=["string"])
const roleResource = new okta.group.Role("roleResource", {
groupId: "string",
roleType: "string",
disableNotifications: false,
resourceSetId: "string",
roleId: "string",
targetAppLists: ["string"],
targetGroupLists: ["string"],
});
type: okta:group:Role
properties:
disableNotifications: false
groupId: string
resourceSetId: string
roleId: string
roleType: string
targetAppLists:
- string
targetGroupLists:
- string
Role Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Role resource accepts the following input properties:
- Group
Id string - ID of group to attach admin roles to
- Role
Type string - Admin role assigned to the group. It can be any one of the following values: "API_ADMIN", "APP_ADMIN", "CUSTOM", "GROUP_MEMBERSHIP_ADMIN", "HELP_DESK_ADMIN", "MOBILE_ADMIN", "ORG_ADMIN", "READ_ONLY_ADMIN", "REPORT_ADMIN", "SUPER_ADMIN", "USER_ADMIN" . See API Docs. - "USER_ADMIN" is the Group Administrator.
- Disable
Notifications bool - When this setting is enabled, the admins won't receive any of the default Okta administrator emails. These admins also won't have access to contact Okta Support and open support cases on behalf of your org.
- Resource
Set stringId - Resource Set ID. Required for role_type =
CUSTOM - Role
Id string - Role ID. Required for role_type =
CUSTOM - Target
App List<string>Lists - A list of app names (name represents set of app instances, like 'salesforce' or 'facebook'), or a combination of app name and app instance ID (like 'facebook.0oapsqQ6dv19pqyEo0g3') you would like as the targets of the admin role. - Only supported when used with the role type
APP_ADMIN. - Target
Group List<string>Lists - A list of group IDs you would like as the targets of the admin role. - Only supported when used with the role types:
GROUP_MEMBERSHIP_ADMIN,HELP_DESK_ADMIN, orUSER_ADMIN.
- Group
Id string - ID of group to attach admin roles to
- Role
Type string - Admin role assigned to the group. It can be any one of the following values: "API_ADMIN", "APP_ADMIN", "CUSTOM", "GROUP_MEMBERSHIP_ADMIN", "HELP_DESK_ADMIN", "MOBILE_ADMIN", "ORG_ADMIN", "READ_ONLY_ADMIN", "REPORT_ADMIN", "SUPER_ADMIN", "USER_ADMIN" . See API Docs. - "USER_ADMIN" is the Group Administrator.
- Disable
Notifications bool - When this setting is enabled, the admins won't receive any of the default Okta administrator emails. These admins also won't have access to contact Okta Support and open support cases on behalf of your org.
- Resource
Set stringId - Resource Set ID. Required for role_type =
CUSTOM - Role
Id string - Role ID. Required for role_type =
CUSTOM - Target
App []stringLists - A list of app names (name represents set of app instances, like 'salesforce' or 'facebook'), or a combination of app name and app instance ID (like 'facebook.0oapsqQ6dv19pqyEo0g3') you would like as the targets of the admin role. - Only supported when used with the role type
APP_ADMIN. - Target
Group []stringLists - A list of group IDs you would like as the targets of the admin role. - Only supported when used with the role types:
GROUP_MEMBERSHIP_ADMIN,HELP_DESK_ADMIN, orUSER_ADMIN.
- group
Id String - ID of group to attach admin roles to
- role
Type String - Admin role assigned to the group. It can be any one of the following values: "API_ADMIN", "APP_ADMIN", "CUSTOM", "GROUP_MEMBERSHIP_ADMIN", "HELP_DESK_ADMIN", "MOBILE_ADMIN", "ORG_ADMIN", "READ_ONLY_ADMIN", "REPORT_ADMIN", "SUPER_ADMIN", "USER_ADMIN" . See API Docs. - "USER_ADMIN" is the Group Administrator.
- disable
Notifications Boolean - When this setting is enabled, the admins won't receive any of the default Okta administrator emails. These admins also won't have access to contact Okta Support and open support cases on behalf of your org.
- resource
Set StringId - Resource Set ID. Required for role_type =
CUSTOM - role
Id String - Role ID. Required for role_type =
CUSTOM - target
App List<String>Lists - A list of app names (name represents set of app instances, like 'salesforce' or 'facebook'), or a combination of app name and app instance ID (like 'facebook.0oapsqQ6dv19pqyEo0g3') you would like as the targets of the admin role. - Only supported when used with the role type
APP_ADMIN. - target
Group List<String>Lists - A list of group IDs you would like as the targets of the admin role. - Only supported when used with the role types:
GROUP_MEMBERSHIP_ADMIN,HELP_DESK_ADMIN, orUSER_ADMIN.
- group
Id string - ID of group to attach admin roles to
- role
Type string - Admin role assigned to the group. It can be any one of the following values: "API_ADMIN", "APP_ADMIN", "CUSTOM", "GROUP_MEMBERSHIP_ADMIN", "HELP_DESK_ADMIN", "MOBILE_ADMIN", "ORG_ADMIN", "READ_ONLY_ADMIN", "REPORT_ADMIN", "SUPER_ADMIN", "USER_ADMIN" . See API Docs. - "USER_ADMIN" is the Group Administrator.
- disable
Notifications boolean - When this setting is enabled, the admins won't receive any of the default Okta administrator emails. These admins also won't have access to contact Okta Support and open support cases on behalf of your org.
- resource
Set stringId - Resource Set ID. Required for role_type =
CUSTOM - role
Id string - Role ID. Required for role_type =
CUSTOM - target
App string[]Lists - A list of app names (name represents set of app instances, like 'salesforce' or 'facebook'), or a combination of app name and app instance ID (like 'facebook.0oapsqQ6dv19pqyEo0g3') you would like as the targets of the admin role. - Only supported when used with the role type
APP_ADMIN. - target
Group string[]Lists - A list of group IDs you would like as the targets of the admin role. - Only supported when used with the role types:
GROUP_MEMBERSHIP_ADMIN,HELP_DESK_ADMIN, orUSER_ADMIN.
- group_
id str - ID of group to attach admin roles to
- role_
type str - Admin role assigned to the group. It can be any one of the following values: "API_ADMIN", "APP_ADMIN", "CUSTOM", "GROUP_MEMBERSHIP_ADMIN", "HELP_DESK_ADMIN", "MOBILE_ADMIN", "ORG_ADMIN", "READ_ONLY_ADMIN", "REPORT_ADMIN", "SUPER_ADMIN", "USER_ADMIN" . See API Docs. - "USER_ADMIN" is the Group Administrator.
- disable_
notifications bool - When this setting is enabled, the admins won't receive any of the default Okta administrator emails. These admins also won't have access to contact Okta Support and open support cases on behalf of your org.
- resource_
set_ strid - Resource Set ID. Required for role_type =
CUSTOM - role_
id str - Role ID. Required for role_type =
CUSTOM - target_
app_ Sequence[str]lists - A list of app names (name represents set of app instances, like 'salesforce' or 'facebook'), or a combination of app name and app instance ID (like 'facebook.0oapsqQ6dv19pqyEo0g3') you would like as the targets of the admin role. - Only supported when used with the role type
APP_ADMIN. - target_
group_ Sequence[str]lists - A list of group IDs you would like as the targets of the admin role. - Only supported when used with the role types:
GROUP_MEMBERSHIP_ADMIN,HELP_DESK_ADMIN, orUSER_ADMIN.
- group
Id String - ID of group to attach admin roles to
- role
Type String - Admin role assigned to the group. It can be any one of the following values: "API_ADMIN", "APP_ADMIN", "CUSTOM", "GROUP_MEMBERSHIP_ADMIN", "HELP_DESK_ADMIN", "MOBILE_ADMIN", "ORG_ADMIN", "READ_ONLY_ADMIN", "REPORT_ADMIN", "SUPER_ADMIN", "USER_ADMIN" . See API Docs. - "USER_ADMIN" is the Group Administrator.
- disable
Notifications Boolean - When this setting is enabled, the admins won't receive any of the default Okta administrator emails. These admins also won't have access to contact Okta Support and open support cases on behalf of your org.
- resource
Set StringId - Resource Set ID. Required for role_type =
CUSTOM - role
Id String - Role ID. Required for role_type =
CUSTOM - target
App List<String>Lists - A list of app names (name represents set of app instances, like 'salesforce' or 'facebook'), or a combination of app name and app instance ID (like 'facebook.0oapsqQ6dv19pqyEo0g3') you would like as the targets of the admin role. - Only supported when used with the role type
APP_ADMIN. - target
Group List<String>Lists - A list of group IDs you would like as the targets of the admin role. - Only supported when used with the role types:
GROUP_MEMBERSHIP_ADMIN,HELP_DESK_ADMIN, orUSER_ADMIN.
Outputs
All input properties are implicitly available as output properties. Additionally, the Role resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing Role Resource
Get an existing Role resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: RoleState, opts?: CustomResourceOptions): Role@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
disable_notifications: Optional[bool] = None,
group_id: Optional[str] = None,
resource_set_id: Optional[str] = None,
role_id: Optional[str] = None,
role_type: Optional[str] = None,
target_app_lists: Optional[Sequence[str]] = None,
target_group_lists: Optional[Sequence[str]] = None) -> Rolefunc GetRole(ctx *Context, name string, id IDInput, state *RoleState, opts ...ResourceOption) (*Role, error)public static Role Get(string name, Input<string> id, RoleState? state, CustomResourceOptions? opts = null)public static Role get(String name, Output<String> id, RoleState state, CustomResourceOptions options)resources: _: type: okta:group:Role get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Disable
Notifications bool - When this setting is enabled, the admins won't receive any of the default Okta administrator emails. These admins also won't have access to contact Okta Support and open support cases on behalf of your org.
- Group
Id string - ID of group to attach admin roles to
- Resource
Set stringId - Resource Set ID. Required for role_type =
CUSTOM - Role
Id string - Role ID. Required for role_type =
CUSTOM - Role
Type string - Admin role assigned to the group. It can be any one of the following values: "API_ADMIN", "APP_ADMIN", "CUSTOM", "GROUP_MEMBERSHIP_ADMIN", "HELP_DESK_ADMIN", "MOBILE_ADMIN", "ORG_ADMIN", "READ_ONLY_ADMIN", "REPORT_ADMIN", "SUPER_ADMIN", "USER_ADMIN" . See API Docs. - "USER_ADMIN" is the Group Administrator.
- Target
App List<string>Lists - A list of app names (name represents set of app instances, like 'salesforce' or 'facebook'), or a combination of app name and app instance ID (like 'facebook.0oapsqQ6dv19pqyEo0g3') you would like as the targets of the admin role. - Only supported when used with the role type
APP_ADMIN. - Target
Group List<string>Lists - A list of group IDs you would like as the targets of the admin role. - Only supported when used with the role types:
GROUP_MEMBERSHIP_ADMIN,HELP_DESK_ADMIN, orUSER_ADMIN.
- Disable
Notifications bool - When this setting is enabled, the admins won't receive any of the default Okta administrator emails. These admins also won't have access to contact Okta Support and open support cases on behalf of your org.
- Group
Id string - ID of group to attach admin roles to
- Resource
Set stringId - Resource Set ID. Required for role_type =
CUSTOM - Role
Id string - Role ID. Required for role_type =
CUSTOM - Role
Type string - Admin role assigned to the group. It can be any one of the following values: "API_ADMIN", "APP_ADMIN", "CUSTOM", "GROUP_MEMBERSHIP_ADMIN", "HELP_DESK_ADMIN", "MOBILE_ADMIN", "ORG_ADMIN", "READ_ONLY_ADMIN", "REPORT_ADMIN", "SUPER_ADMIN", "USER_ADMIN" . See API Docs. - "USER_ADMIN" is the Group Administrator.
- Target
App []stringLists - A list of app names (name represents set of app instances, like 'salesforce' or 'facebook'), or a combination of app name and app instance ID (like 'facebook.0oapsqQ6dv19pqyEo0g3') you would like as the targets of the admin role. - Only supported when used with the role type
APP_ADMIN. - Target
Group []stringLists - A list of group IDs you would like as the targets of the admin role. - Only supported when used with the role types:
GROUP_MEMBERSHIP_ADMIN,HELP_DESK_ADMIN, orUSER_ADMIN.
- disable
Notifications Boolean - When this setting is enabled, the admins won't receive any of the default Okta administrator emails. These admins also won't have access to contact Okta Support and open support cases on behalf of your org.
- group
Id String - ID of group to attach admin roles to
- resource
Set StringId - Resource Set ID. Required for role_type =
CUSTOM - role
Id String - Role ID. Required for role_type =
CUSTOM - role
Type String - Admin role assigned to the group. It can be any one of the following values: "API_ADMIN", "APP_ADMIN", "CUSTOM", "GROUP_MEMBERSHIP_ADMIN", "HELP_DESK_ADMIN", "MOBILE_ADMIN", "ORG_ADMIN", "READ_ONLY_ADMIN", "REPORT_ADMIN", "SUPER_ADMIN", "USER_ADMIN" . See API Docs. - "USER_ADMIN" is the Group Administrator.
- target
App List<String>Lists - A list of app names (name represents set of app instances, like 'salesforce' or 'facebook'), or a combination of app name and app instance ID (like 'facebook.0oapsqQ6dv19pqyEo0g3') you would like as the targets of the admin role. - Only supported when used with the role type
APP_ADMIN. - target
Group List<String>Lists - A list of group IDs you would like as the targets of the admin role. - Only supported when used with the role types:
GROUP_MEMBERSHIP_ADMIN,HELP_DESK_ADMIN, orUSER_ADMIN.
- disable
Notifications boolean - When this setting is enabled, the admins won't receive any of the default Okta administrator emails. These admins also won't have access to contact Okta Support and open support cases on behalf of your org.
- group
Id string - ID of group to attach admin roles to
- resource
Set stringId - Resource Set ID. Required for role_type =
CUSTOM - role
Id string - Role ID. Required for role_type =
CUSTOM - role
Type string - Admin role assigned to the group. It can be any one of the following values: "API_ADMIN", "APP_ADMIN", "CUSTOM", "GROUP_MEMBERSHIP_ADMIN", "HELP_DESK_ADMIN", "MOBILE_ADMIN", "ORG_ADMIN", "READ_ONLY_ADMIN", "REPORT_ADMIN", "SUPER_ADMIN", "USER_ADMIN" . See API Docs. - "USER_ADMIN" is the Group Administrator.
- target
App string[]Lists - A list of app names (name represents set of app instances, like 'salesforce' or 'facebook'), or a combination of app name and app instance ID (like 'facebook.0oapsqQ6dv19pqyEo0g3') you would like as the targets of the admin role. - Only supported when used with the role type
APP_ADMIN. - target
Group string[]Lists - A list of group IDs you would like as the targets of the admin role. - Only supported when used with the role types:
GROUP_MEMBERSHIP_ADMIN,HELP_DESK_ADMIN, orUSER_ADMIN.
- disable_
notifications bool - When this setting is enabled, the admins won't receive any of the default Okta administrator emails. These admins also won't have access to contact Okta Support and open support cases on behalf of your org.
- group_
id str - ID of group to attach admin roles to
- resource_
set_ strid - Resource Set ID. Required for role_type =
CUSTOM - role_
id str - Role ID. Required for role_type =
CUSTOM - role_
type str - Admin role assigned to the group. It can be any one of the following values: "API_ADMIN", "APP_ADMIN", "CUSTOM", "GROUP_MEMBERSHIP_ADMIN", "HELP_DESK_ADMIN", "MOBILE_ADMIN", "ORG_ADMIN", "READ_ONLY_ADMIN", "REPORT_ADMIN", "SUPER_ADMIN", "USER_ADMIN" . See API Docs. - "USER_ADMIN" is the Group Administrator.
- target_
app_ Sequence[str]lists - A list of app names (name represents set of app instances, like 'salesforce' or 'facebook'), or a combination of app name and app instance ID (like 'facebook.0oapsqQ6dv19pqyEo0g3') you would like as the targets of the admin role. - Only supported when used with the role type
APP_ADMIN. - target_
group_ Sequence[str]lists - A list of group IDs you would like as the targets of the admin role. - Only supported when used with the role types:
GROUP_MEMBERSHIP_ADMIN,HELP_DESK_ADMIN, orUSER_ADMIN.
- disable
Notifications Boolean - When this setting is enabled, the admins won't receive any of the default Okta administrator emails. These admins also won't have access to contact Okta Support and open support cases on behalf of your org.
- group
Id String - ID of group to attach admin roles to
- resource
Set StringId - Resource Set ID. Required for role_type =
CUSTOM - role
Id String - Role ID. Required for role_type =
CUSTOM - role
Type String - Admin role assigned to the group. It can be any one of the following values: "API_ADMIN", "APP_ADMIN", "CUSTOM", "GROUP_MEMBERSHIP_ADMIN", "HELP_DESK_ADMIN", "MOBILE_ADMIN", "ORG_ADMIN", "READ_ONLY_ADMIN", "REPORT_ADMIN", "SUPER_ADMIN", "USER_ADMIN" . See API Docs. - "USER_ADMIN" is the Group Administrator.
- target
App List<String>Lists - A list of app names (name represents set of app instances, like 'salesforce' or 'facebook'), or a combination of app name and app instance ID (like 'facebook.0oapsqQ6dv19pqyEo0g3') you would like as the targets of the admin role. - Only supported when used with the role type
APP_ADMIN. - target
Group List<String>Lists - A list of group IDs you would like as the targets of the admin role. - Only supported when used with the role types:
GROUP_MEMBERSHIP_ADMIN,HELP_DESK_ADMIN, orUSER_ADMIN.
Import
$ pulumi import okta:group/role:Role example <group_id>/<role_id>
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Okta pulumi/pulumi-okta
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
oktaTerraform Provider.
