okta.user.User
Explore with Pulumi AI
Creates an Okta User.
This resource allows you to create and configure an Okta User.
Example Usage
Full profile:
import * as pulumi from "@pulumi/pulumi";
import * as okta from "@pulumi/okta";
const example = new okta.user.User("example", {
city: "New York",
costCenter: "10",
countryCode: "US",
department: "IT",
displayName: "Dr. John Smith",
division: "Acquisitions",
email: "john.smith@example.com",
employeeNumber: "111111",
firstName: "John",
honorificPrefix: "Dr.",
honorificSuffix: "Jr.",
lastName: "Smith",
locale: "en_US",
login: "john.smith@example.com",
manager: "Jimbo",
managerId: "222222",
middleName: "John",
mobilePhone: "1112223333",
nickName: "Johnny",
organization: "Testing Inc.",
postalAddress: "1234 Testing St.",
preferredLanguage: "en-us",
primaryPhone: "4445556666",
profileUrl: "https://www.example.com/profile",
secondEmail: "john.smith.fun@example.com",
state: "NY",
streetAddress: "5678 Testing Ave.",
timezone: "America/New_York",
title: "Director",
userType: "Employee",
zipCode: "11111",
});
import pulumi
import pulumi_okta as okta
example = okta.user.User("example",
city="New York",
cost_center="10",
country_code="US",
department="IT",
display_name="Dr. John Smith",
division="Acquisitions",
email="john.smith@example.com",
employee_number="111111",
first_name="John",
honorific_prefix="Dr.",
honorific_suffix="Jr.",
last_name="Smith",
locale="en_US",
login="john.smith@example.com",
manager="Jimbo",
manager_id="222222",
middle_name="John",
mobile_phone="1112223333",
nick_name="Johnny",
organization="Testing Inc.",
postal_address="1234 Testing St.",
preferred_language="en-us",
primary_phone="4445556666",
profile_url="https://www.example.com/profile",
second_email="john.smith.fun@example.com",
state="NY",
street_address="5678 Testing Ave.",
timezone="America/New_York",
title="Director",
user_type="Employee",
zip_code="11111")
package main
import (
"github.com/pulumi/pulumi-okta/sdk/v4/go/okta/user"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := user.NewUser(ctx, "example", &user.UserArgs{
City: pulumi.String("New York"),
CostCenter: pulumi.String("10"),
CountryCode: pulumi.String("US"),
Department: pulumi.String("IT"),
DisplayName: pulumi.String("Dr. John Smith"),
Division: pulumi.String("Acquisitions"),
Email: pulumi.String("john.smith@example.com"),
EmployeeNumber: pulumi.String("111111"),
FirstName: pulumi.String("John"),
HonorificPrefix: pulumi.String("Dr."),
HonorificSuffix: pulumi.String("Jr."),
LastName: pulumi.String("Smith"),
Locale: pulumi.String("en_US"),
Login: pulumi.String("john.smith@example.com"),
Manager: pulumi.String("Jimbo"),
ManagerId: pulumi.String("222222"),
MiddleName: pulumi.String("John"),
MobilePhone: pulumi.String("1112223333"),
NickName: pulumi.String("Johnny"),
Organization: pulumi.String("Testing Inc."),
PostalAddress: pulumi.String("1234 Testing St."),
PreferredLanguage: pulumi.String("en-us"),
PrimaryPhone: pulumi.String("4445556666"),
ProfileUrl: pulumi.String("https://www.example.com/profile"),
SecondEmail: pulumi.String("john.smith.fun@example.com"),
State: pulumi.String("NY"),
StreetAddress: pulumi.String("5678 Testing Ave."),
Timezone: pulumi.String("America/New_York"),
Title: pulumi.String("Director"),
UserType: pulumi.String("Employee"),
ZipCode: pulumi.String("11111"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Okta = Pulumi.Okta;
return await Deployment.RunAsync(() =>
{
var example = new Okta.User.User("example", new()
{
City = "New York",
CostCenter = "10",
CountryCode = "US",
Department = "IT",
DisplayName = "Dr. John Smith",
Division = "Acquisitions",
Email = "john.smith@example.com",
EmployeeNumber = "111111",
FirstName = "John",
HonorificPrefix = "Dr.",
HonorificSuffix = "Jr.",
LastName = "Smith",
Locale = "en_US",
Login = "john.smith@example.com",
Manager = "Jimbo",
ManagerId = "222222",
MiddleName = "John",
MobilePhone = "1112223333",
NickName = "Johnny",
Organization = "Testing Inc.",
PostalAddress = "1234 Testing St.",
PreferredLanguage = "en-us",
PrimaryPhone = "4445556666",
ProfileUrl = "https://www.example.com/profile",
SecondEmail = "john.smith.fun@example.com",
State = "NY",
StreetAddress = "5678 Testing Ave.",
Timezone = "America/New_York",
Title = "Director",
UserType = "Employee",
ZipCode = "11111",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.okta.user.User;
import com.pulumi.okta.user.UserArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new User("example", UserArgs.builder()
.city("New York")
.costCenter("10")
.countryCode("US")
.department("IT")
.displayName("Dr. John Smith")
.division("Acquisitions")
.email("john.smith@example.com")
.employeeNumber("111111")
.firstName("John")
.honorificPrefix("Dr.")
.honorificSuffix("Jr.")
.lastName("Smith")
.locale("en_US")
.login("john.smith@example.com")
.manager("Jimbo")
.managerId("222222")
.middleName("John")
.mobilePhone("1112223333")
.nickName("Johnny")
.organization("Testing Inc.")
.postalAddress("1234 Testing St.")
.preferredLanguage("en-us")
.primaryPhone("4445556666")
.profileUrl("https://www.example.com/profile")
.secondEmail("john.smith.fun@example.com")
.state("NY")
.streetAddress("5678 Testing Ave.")
.timezone("America/New_York")
.title("Director")
.userType("Employee")
.zipCode("11111")
.build());
}
}
resources:
example:
type: okta:user:User
properties:
city: New York
costCenter: '10'
countryCode: US
department: IT
displayName: Dr. John Smith
division: Acquisitions
email: john.smith@example.com
employeeNumber: '111111'
firstName: John
honorificPrefix: Dr.
honorificSuffix: Jr.
lastName: Smith
locale: en_US
login: john.smith@example.com
manager: Jimbo
managerId: '222222'
middleName: John
mobilePhone: '1112223333'
nickName: Johnny
organization: Testing Inc.
postalAddress: 1234 Testing St.
preferredLanguage: en-us
primaryPhone: '4445556666'
profileUrl: https://www.example.com/profile
secondEmail: john.smith.fun@example.com
state: NY
streetAddress: 5678 Testing Ave.
timezone: America/New_York
title: Director
userType: Employee
zipCode: '11111'
With Password Inline Hook:
import * as pulumi from "@pulumi/pulumi";
import * as okta from "@pulumi/okta";
const test2 = new okta.user.User("test2", {
email: "example@example.com",
firstName: "John",
lastName: "Smith",
login: "example@example.com",
passwordInlineHook: "default",
});
import pulumi
import pulumi_okta as okta
test2 = okta.user.User("test2",
email="example@example.com",
first_name="John",
last_name="Smith",
login="example@example.com",
password_inline_hook="default")
package main
import (
"github.com/pulumi/pulumi-okta/sdk/v4/go/okta/user"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := user.NewUser(ctx, "test2", &user.UserArgs{
Email: pulumi.String("example@example.com"),
FirstName: pulumi.String("John"),
LastName: pulumi.String("Smith"),
Login: pulumi.String("example@example.com"),
PasswordInlineHook: pulumi.String("default"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Okta = Pulumi.Okta;
return await Deployment.RunAsync(() =>
{
var test2 = new Okta.User.User("test2", new()
{
Email = "example@example.com",
FirstName = "John",
LastName = "Smith",
Login = "example@example.com",
PasswordInlineHook = "default",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.okta.user.User;
import com.pulumi.okta.user.UserArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var test2 = new User("test2", UserArgs.builder()
.email("example@example.com")
.firstName("John")
.lastName("Smith")
.login("example@example.com")
.passwordInlineHook("default")
.build());
}
}
resources:
test2:
type: okta:user:User
properties:
email: example@example.com
firstName: John
lastName: Smith
login: example@example.com
passwordInlineHook: default
Create User Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new User(name: string, args: UserArgs, opts?: CustomResourceOptions);
@overload
def User(resource_name: str,
args: UserArgs,
opts: Optional[ResourceOptions] = None)
@overload
def User(resource_name: str,
opts: Optional[ResourceOptions] = None,
email: Optional[str] = None,
login: Optional[str] = None,
last_name: Optional[str] = None,
first_name: Optional[str] = None,
mobile_phone: Optional[str] = None,
user_type: Optional[str] = None,
display_name: Optional[str] = None,
division: Optional[str] = None,
custom_profile_attributes_to_ignores: Optional[Sequence[str]] = None,
employee_number: Optional[str] = None,
expire_password_on_create: Optional[bool] = None,
custom_profile_attributes: Optional[str] = None,
old_password: Optional[str] = None,
honorific_suffix: Optional[str] = None,
country_code: Optional[str] = None,
locale: Optional[str] = None,
cost_center: Optional[str] = None,
manager: Optional[str] = None,
manager_id: Optional[str] = None,
middle_name: Optional[str] = None,
city: Optional[str] = None,
nick_name: Optional[str] = None,
honorific_prefix: Optional[str] = None,
department: Optional[str] = None,
primary_phone: Optional[str] = None,
password_hash: Optional[UserPasswordHashArgs] = None,
password_inline_hook: Optional[str] = None,
postal_address: Optional[str] = None,
preferred_language: Optional[str] = None,
password: Optional[str] = None,
profile_url: Optional[str] = None,
recovery_answer: Optional[str] = None,
recovery_question: Optional[str] = None,
second_email: Optional[str] = None,
skip_roles: Optional[bool] = None,
state: Optional[str] = None,
status: Optional[str] = None,
street_address: Optional[str] = None,
timezone: Optional[str] = None,
title: Optional[str] = None,
organization: Optional[str] = None,
zip_code: Optional[str] = None)
func NewUser(ctx *Context, name string, args UserArgs, opts ...ResourceOption) (*User, error)
public User(string name, UserArgs args, CustomResourceOptions? opts = null)
type: okta:user:User
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args UserArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args UserArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args UserArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args UserArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args UserArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Example
The following reference example uses placeholder values for all input properties.
var oktaUserResource = new Okta.User.User("oktaUserResource", new()
{
Email = "string",
Login = "string",
LastName = "string",
FirstName = "string",
MobilePhone = "string",
UserType = "string",
DisplayName = "string",
Division = "string",
CustomProfileAttributesToIgnores = new[]
{
"string",
},
EmployeeNumber = "string",
ExpirePasswordOnCreate = false,
CustomProfileAttributes = "string",
OldPassword = "string",
HonorificSuffix = "string",
CountryCode = "string",
Locale = "string",
CostCenter = "string",
Manager = "string",
ManagerId = "string",
MiddleName = "string",
City = "string",
NickName = "string",
HonorificPrefix = "string",
Department = "string",
PrimaryPhone = "string",
PasswordHash = new Okta.User.Inputs.UserPasswordHashArgs
{
Algorithm = "string",
Value = "string",
Salt = "string",
SaltOrder = "string",
WorkFactor = 0,
},
PasswordInlineHook = "string",
PostalAddress = "string",
PreferredLanguage = "string",
Password = "string",
ProfileUrl = "string",
RecoveryAnswer = "string",
RecoveryQuestion = "string",
SecondEmail = "string",
State = "string",
Status = "string",
StreetAddress = "string",
Timezone = "string",
Title = "string",
Organization = "string",
ZipCode = "string",
});
example, err := user.NewUser(ctx, "oktaUserResource", &user.UserArgs{
Email: pulumi.String("string"),
Login: pulumi.String("string"),
LastName: pulumi.String("string"),
FirstName: pulumi.String("string"),
MobilePhone: pulumi.String("string"),
UserType: pulumi.String("string"),
DisplayName: pulumi.String("string"),
Division: pulumi.String("string"),
CustomProfileAttributesToIgnores: pulumi.StringArray{
pulumi.String("string"),
},
EmployeeNumber: pulumi.String("string"),
ExpirePasswordOnCreate: pulumi.Bool(false),
CustomProfileAttributes: pulumi.String("string"),
OldPassword: pulumi.String("string"),
HonorificSuffix: pulumi.String("string"),
CountryCode: pulumi.String("string"),
Locale: pulumi.String("string"),
CostCenter: pulumi.String("string"),
Manager: pulumi.String("string"),
ManagerId: pulumi.String("string"),
MiddleName: pulumi.String("string"),
City: pulumi.String("string"),
NickName: pulumi.String("string"),
HonorificPrefix: pulumi.String("string"),
Department: pulumi.String("string"),
PrimaryPhone: pulumi.String("string"),
PasswordHash: &user.UserPasswordHashArgs{
Algorithm: pulumi.String("string"),
Value: pulumi.String("string"),
Salt: pulumi.String("string"),
SaltOrder: pulumi.String("string"),
WorkFactor: pulumi.Int(0),
},
PasswordInlineHook: pulumi.String("string"),
PostalAddress: pulumi.String("string"),
PreferredLanguage: pulumi.String("string"),
Password: pulumi.String("string"),
ProfileUrl: pulumi.String("string"),
RecoveryAnswer: pulumi.String("string"),
RecoveryQuestion: pulumi.String("string"),
SecondEmail: pulumi.String("string"),
State: pulumi.String("string"),
Status: pulumi.String("string"),
StreetAddress: pulumi.String("string"),
Timezone: pulumi.String("string"),
Title: pulumi.String("string"),
Organization: pulumi.String("string"),
ZipCode: pulumi.String("string"),
})
var oktaUserResource = new User("oktaUserResource", UserArgs.builder()
.email("string")
.login("string")
.lastName("string")
.firstName("string")
.mobilePhone("string")
.userType("string")
.displayName("string")
.division("string")
.customProfileAttributesToIgnores("string")
.employeeNumber("string")
.expirePasswordOnCreate(false)
.customProfileAttributes("string")
.oldPassword("string")
.honorificSuffix("string")
.countryCode("string")
.locale("string")
.costCenter("string")
.manager("string")
.managerId("string")
.middleName("string")
.city("string")
.nickName("string")
.honorificPrefix("string")
.department("string")
.primaryPhone("string")
.passwordHash(UserPasswordHashArgs.builder()
.algorithm("string")
.value("string")
.salt("string")
.saltOrder("string")
.workFactor(0)
.build())
.passwordInlineHook("string")
.postalAddress("string")
.preferredLanguage("string")
.password("string")
.profileUrl("string")
.recoveryAnswer("string")
.recoveryQuestion("string")
.secondEmail("string")
.state("string")
.status("string")
.streetAddress("string")
.timezone("string")
.title("string")
.organization("string")
.zipCode("string")
.build());
okta_user_resource = okta.user.User("oktaUserResource",
email="string",
login="string",
last_name="string",
first_name="string",
mobile_phone="string",
user_type="string",
display_name="string",
division="string",
custom_profile_attributes_to_ignores=["string"],
employee_number="string",
expire_password_on_create=False,
custom_profile_attributes="string",
old_password="string",
honorific_suffix="string",
country_code="string",
locale="string",
cost_center="string",
manager="string",
manager_id="string",
middle_name="string",
city="string",
nick_name="string",
honorific_prefix="string",
department="string",
primary_phone="string",
password_hash=okta.user.UserPasswordHashArgs(
algorithm="string",
value="string",
salt="string",
salt_order="string",
work_factor=0,
),
password_inline_hook="string",
postal_address="string",
preferred_language="string",
password="string",
profile_url="string",
recovery_answer="string",
recovery_question="string",
second_email="string",
state="string",
status="string",
street_address="string",
timezone="string",
title="string",
organization="string",
zip_code="string")
const oktaUserResource = new okta.user.User("oktaUserResource", {
email: "string",
login: "string",
lastName: "string",
firstName: "string",
mobilePhone: "string",
userType: "string",
displayName: "string",
division: "string",
customProfileAttributesToIgnores: ["string"],
employeeNumber: "string",
expirePasswordOnCreate: false,
customProfileAttributes: "string",
oldPassword: "string",
honorificSuffix: "string",
countryCode: "string",
locale: "string",
costCenter: "string",
manager: "string",
managerId: "string",
middleName: "string",
city: "string",
nickName: "string",
honorificPrefix: "string",
department: "string",
primaryPhone: "string",
passwordHash: {
algorithm: "string",
value: "string",
salt: "string",
saltOrder: "string",
workFactor: 0,
},
passwordInlineHook: "string",
postalAddress: "string",
preferredLanguage: "string",
password: "string",
profileUrl: "string",
recoveryAnswer: "string",
recoveryQuestion: "string",
secondEmail: "string",
state: "string",
status: "string",
streetAddress: "string",
timezone: "string",
title: "string",
organization: "string",
zipCode: "string",
});
type: okta:user:User
properties:
city: string
costCenter: string
countryCode: string
customProfileAttributes: string
customProfileAttributesToIgnores:
- string
department: string
displayName: string
division: string
email: string
employeeNumber: string
expirePasswordOnCreate: false
firstName: string
honorificPrefix: string
honorificSuffix: string
lastName: string
locale: string
login: string
manager: string
managerId: string
middleName: string
mobilePhone: string
nickName: string
oldPassword: string
organization: string
password: string
passwordHash:
algorithm: string
salt: string
saltOrder: string
value: string
workFactor: 0
passwordInlineHook: string
postalAddress: string
preferredLanguage: string
primaryPhone: string
profileUrl: string
recoveryAnswer: string
recoveryQuestion: string
secondEmail: string
state: string
status: string
streetAddress: string
timezone: string
title: string
userType: string
zipCode: string
User Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The User resource accepts the following input properties:
- Email string
- User profile property.
- First
Name string - User's First Name, required by default.
- Last
Name string - User's Last Name, required by default.
- Login string
- User profile property.
- City string
- User profile property.
- Cost
Center string - User profile property.
- Country
Code string - User profile property.
- Custom
Profile stringAttributes - raw JSON containing all custom profile attributes.
- Custom
Profile List<string>Attributes To Ignores - List of custom_profile_attribute keys that should be excluded from being managed by Terraform. This is useful in situations where specific custom fields may contain sensitive information and should be managed outside of Terraform.
- Department string
- User profile property.
- Display
Name string - User profile property.
- Division string
- User profile property.
- Employee
Number string - User profile property.
- Expire
Password boolOn Create - If set to
true
, the user will have to change the password at the next login. This property will be used when user is being created and works only whenpassword
field is set. Default isfalse
. - Honorific
Prefix string - User profile property.
- Honorific
Suffix string - User profile property.
- Locale string
- User profile property.
- Manager string
- User profile property.
- Manager
Id string - User profile property.
- Middle
Name string - User profile property.
- Mobile
Phone string - User profile property.
- Nick
Name string - User profile property.
- Old
Password string - Old user password. IMPORTANT: Should be ONLY set in case the password was changed
outside the provider. After successful password change this field should be removed and
password
field should be used for further changes. - Organization string
- User profile property.
- Password string
- User password.
- Password
Hash UserPassword Hash - Specifies a hashed password to import into Okta.
- Password
Inline stringHook - Specifies that a Password Import Inline Hook should be triggered to handle verification
of the user's password the first time the user logs in. This allows an existing password to be imported into Okta directly
from some other store. When updating a user with a password hook the user must be in the
STAGED
status. Thepassword
field should not be specified when using Password Import Inline Hook. - Postal
Address string - User profile property.
- Preferred
Language string - User profile property.
- Primary
Phone string - User profile property.
- Profile
Url string - User profile property.
- Recovery
Answer string - User password recovery answer.
password hash
- (Optional) Specifies a hashed password to import into Okta. When updating a user with a hashed password the user must be in theSTAGED
status.algorithm"
- (Required) The algorithm used to generate the hash using the password (and salt, when applicable). Must be set to BCRYPT, SHA-512, SHA-256, SHA-1 or MD5.
- Recovery
Question string - User password recovery question.
- Second
Email string - User profile property.
- Skip
Roles bool - Do not populate user roles information (prevents additional API call)
- State string
- User profile property.
- Status string
- User profile property. Valid values are "ACTIVE", "DEPROVISIONED", "STAGED", "SUSPENDED"
- Street
Address string - User profile property.
- Timezone string
- User profile property.
- Title string
- User profile property.
- User
Type string - User profile property.
- Zip
Code string - User profile property.
- Email string
- User profile property.
- First
Name string - User's First Name, required by default.
- Last
Name string - User's Last Name, required by default.
- Login string
- User profile property.
- City string
- User profile property.
- Cost
Center string - User profile property.
- Country
Code string - User profile property.
- Custom
Profile stringAttributes - raw JSON containing all custom profile attributes.
- Custom
Profile []stringAttributes To Ignores - List of custom_profile_attribute keys that should be excluded from being managed by Terraform. This is useful in situations where specific custom fields may contain sensitive information and should be managed outside of Terraform.
- Department string
- User profile property.
- Display
Name string - User profile property.
- Division string
- User profile property.
- Employee
Number string - User profile property.
- Expire
Password boolOn Create - If set to
true
, the user will have to change the password at the next login. This property will be used when user is being created and works only whenpassword
field is set. Default isfalse
. - Honorific
Prefix string - User profile property.
- Honorific
Suffix string - User profile property.
- Locale string
- User profile property.
- Manager string
- User profile property.
- Manager
Id string - User profile property.
- Middle
Name string - User profile property.
- Mobile
Phone string - User profile property.
- Nick
Name string - User profile property.
- Old
Password string - Old user password. IMPORTANT: Should be ONLY set in case the password was changed
outside the provider. After successful password change this field should be removed and
password
field should be used for further changes. - Organization string
- User profile property.
- Password string
- User password.
- Password
Hash UserPassword Hash Args - Specifies a hashed password to import into Okta.
- Password
Inline stringHook - Specifies that a Password Import Inline Hook should be triggered to handle verification
of the user's password the first time the user logs in. This allows an existing password to be imported into Okta directly
from some other store. When updating a user with a password hook the user must be in the
STAGED
status. Thepassword
field should not be specified when using Password Import Inline Hook. - Postal
Address string - User profile property.
- Preferred
Language string - User profile property.
- Primary
Phone string - User profile property.
- Profile
Url string - User profile property.
- Recovery
Answer string - User password recovery answer.
password hash
- (Optional) Specifies a hashed password to import into Okta. When updating a user with a hashed password the user must be in theSTAGED
status.algorithm"
- (Required) The algorithm used to generate the hash using the password (and salt, when applicable). Must be set to BCRYPT, SHA-512, SHA-256, SHA-1 or MD5.
- Recovery
Question string - User password recovery question.
- Second
Email string - User profile property.
- Skip
Roles bool - Do not populate user roles information (prevents additional API call)
- State string
- User profile property.
- Status string
- User profile property. Valid values are "ACTIVE", "DEPROVISIONED", "STAGED", "SUSPENDED"
- Street
Address string - User profile property.
- Timezone string
- User profile property.
- Title string
- User profile property.
- User
Type string - User profile property.
- Zip
Code string - User profile property.
- email String
- User profile property.
- first
Name String - User's First Name, required by default.
- last
Name String - User's Last Name, required by default.
- login String
- User profile property.
- city String
- User profile property.
- cost
Center String - User profile property.
- country
Code String - User profile property.
- custom
Profile StringAttributes - raw JSON containing all custom profile attributes.
- custom
Profile List<String>Attributes To Ignores - List of custom_profile_attribute keys that should be excluded from being managed by Terraform. This is useful in situations where specific custom fields may contain sensitive information and should be managed outside of Terraform.
- department String
- User profile property.
- display
Name String - User profile property.
- division String
- User profile property.
- employee
Number String - User profile property.
- expire
Password BooleanOn Create - If set to
true
, the user will have to change the password at the next login. This property will be used when user is being created and works only whenpassword
field is set. Default isfalse
. - honorific
Prefix String - User profile property.
- honorific
Suffix String - User profile property.
- locale String
- User profile property.
- manager String
- User profile property.
- manager
Id String - User profile property.
- middle
Name String - User profile property.
- mobile
Phone String - User profile property.
- nick
Name String - User profile property.
- old
Password String - Old user password. IMPORTANT: Should be ONLY set in case the password was changed
outside the provider. After successful password change this field should be removed and
password
field should be used for further changes. - organization String
- User profile property.
- password String
- User password.
- password
Hash UserPassword Hash - Specifies a hashed password to import into Okta.
- password
Inline StringHook - Specifies that a Password Import Inline Hook should be triggered to handle verification
of the user's password the first time the user logs in. This allows an existing password to be imported into Okta directly
from some other store. When updating a user with a password hook the user must be in the
STAGED
status. Thepassword
field should not be specified when using Password Import Inline Hook. - postal
Address String - User profile property.
- preferred
Language String - User profile property.
- primary
Phone String - User profile property.
- profile
Url String - User profile property.
- recovery
Answer String - User password recovery answer.
password hash
- (Optional) Specifies a hashed password to import into Okta. When updating a user with a hashed password the user must be in theSTAGED
status.algorithm"
- (Required) The algorithm used to generate the hash using the password (and salt, when applicable). Must be set to BCRYPT, SHA-512, SHA-256, SHA-1 or MD5.
- recovery
Question String - User password recovery question.
- second
Email String - User profile property.
- skip
Roles Boolean - Do not populate user roles information (prevents additional API call)
- state String
- User profile property.
- status String
- User profile property. Valid values are "ACTIVE", "DEPROVISIONED", "STAGED", "SUSPENDED"
- street
Address String - User profile property.
- timezone String
- User profile property.
- title String
- User profile property.
- user
Type String - User profile property.
- zip
Code String - User profile property.
- email string
- User profile property.
- first
Name string - User's First Name, required by default.
- last
Name string - User's Last Name, required by default.
- login string
- User profile property.
- city string
- User profile property.
- cost
Center string - User profile property.
- country
Code string - User profile property.
- custom
Profile stringAttributes - raw JSON containing all custom profile attributes.
- custom
Profile string[]Attributes To Ignores - List of custom_profile_attribute keys that should be excluded from being managed by Terraform. This is useful in situations where specific custom fields may contain sensitive information and should be managed outside of Terraform.
- department string
- User profile property.
- display
Name string - User profile property.
- division string
- User profile property.
- employee
Number string - User profile property.
- expire
Password booleanOn Create - If set to
true
, the user will have to change the password at the next login. This property will be used when user is being created and works only whenpassword
field is set. Default isfalse
. - honorific
Prefix string - User profile property.
- honorific
Suffix string - User profile property.
- locale string
- User profile property.
- manager string
- User profile property.
- manager
Id string - User profile property.
- middle
Name string - User profile property.
- mobile
Phone string - User profile property.
- nick
Name string - User profile property.
- old
Password string - Old user password. IMPORTANT: Should be ONLY set in case the password was changed
outside the provider. After successful password change this field should be removed and
password
field should be used for further changes. - organization string
- User profile property.
- password string
- User password.
- password
Hash UserPassword Hash - Specifies a hashed password to import into Okta.
- password
Inline stringHook - Specifies that a Password Import Inline Hook should be triggered to handle verification
of the user's password the first time the user logs in. This allows an existing password to be imported into Okta directly
from some other store. When updating a user with a password hook the user must be in the
STAGED
status. Thepassword
field should not be specified when using Password Import Inline Hook. - postal
Address string - User profile property.
- preferred
Language string - User profile property.
- primary
Phone string - User profile property.
- profile
Url string - User profile property.
- recovery
Answer string - User password recovery answer.
password hash
- (Optional) Specifies a hashed password to import into Okta. When updating a user with a hashed password the user must be in theSTAGED
status.algorithm"
- (Required) The algorithm used to generate the hash using the password (and salt, when applicable). Must be set to BCRYPT, SHA-512, SHA-256, SHA-1 or MD5.
- recovery
Question string - User password recovery question.
- second
Email string - User profile property.
- skip
Roles boolean - Do not populate user roles information (prevents additional API call)
- state string
- User profile property.
- status string
- User profile property. Valid values are "ACTIVE", "DEPROVISIONED", "STAGED", "SUSPENDED"
- street
Address string - User profile property.
- timezone string
- User profile property.
- title string
- User profile property.
- user
Type string - User profile property.
- zip
Code string - User profile property.
- email str
- User profile property.
- first_
name str - User's First Name, required by default.
- last_
name str - User's Last Name, required by default.
- login str
- User profile property.
- city str
- User profile property.
- cost_
center str - User profile property.
- country_
code str - User profile property.
- custom_
profile_ strattributes - raw JSON containing all custom profile attributes.
- custom_
profile_ Sequence[str]attributes_ to_ ignores - List of custom_profile_attribute keys that should be excluded from being managed by Terraform. This is useful in situations where specific custom fields may contain sensitive information and should be managed outside of Terraform.
- department str
- User profile property.
- display_
name str - User profile property.
- division str
- User profile property.
- employee_
number str - User profile property.
- expire_
password_ boolon_ create - If set to
true
, the user will have to change the password at the next login. This property will be used when user is being created and works only whenpassword
field is set. Default isfalse
. - honorific_
prefix str - User profile property.
- honorific_
suffix str - User profile property.
- locale str
- User profile property.
- manager str
- User profile property.
- manager_
id str - User profile property.
- middle_
name str - User profile property.
- mobile_
phone str - User profile property.
- nick_
name str - User profile property.
- old_
password str - Old user password. IMPORTANT: Should be ONLY set in case the password was changed
outside the provider. After successful password change this field should be removed and
password
field should be used for further changes. - organization str
- User profile property.
- password str
- User password.
- password_
hash UserPassword Hash Args - Specifies a hashed password to import into Okta.
- password_
inline_ strhook - Specifies that a Password Import Inline Hook should be triggered to handle verification
of the user's password the first time the user logs in. This allows an existing password to be imported into Okta directly
from some other store. When updating a user with a password hook the user must be in the
STAGED
status. Thepassword
field should not be specified when using Password Import Inline Hook. - postal_
address str - User profile property.
- preferred_
language str - User profile property.
- primary_
phone str - User profile property.
- profile_
url str - User profile property.
- recovery_
answer str - User password recovery answer.
password hash
- (Optional) Specifies a hashed password to import into Okta. When updating a user with a hashed password the user must be in theSTAGED
status.algorithm"
- (Required) The algorithm used to generate the hash using the password (and salt, when applicable). Must be set to BCRYPT, SHA-512, SHA-256, SHA-1 or MD5.
- recovery_
question str - User password recovery question.
- second_
email str - User profile property.
- skip_
roles bool - Do not populate user roles information (prevents additional API call)
- state str
- User profile property.
- status str
- User profile property. Valid values are "ACTIVE", "DEPROVISIONED", "STAGED", "SUSPENDED"
- street_
address str - User profile property.
- timezone str
- User profile property.
- title str
- User profile property.
- user_
type str - User profile property.
- zip_
code str - User profile property.
- email String
- User profile property.
- first
Name String - User's First Name, required by default.
- last
Name String - User's Last Name, required by default.
- login String
- User profile property.
- city String
- User profile property.
- cost
Center String - User profile property.
- country
Code String - User profile property.
- custom
Profile StringAttributes - raw JSON containing all custom profile attributes.
- custom
Profile List<String>Attributes To Ignores - List of custom_profile_attribute keys that should be excluded from being managed by Terraform. This is useful in situations where specific custom fields may contain sensitive information and should be managed outside of Terraform.
- department String
- User profile property.
- display
Name String - User profile property.
- division String
- User profile property.
- employee
Number String - User profile property.
- expire
Password BooleanOn Create - If set to
true
, the user will have to change the password at the next login. This property will be used when user is being created and works only whenpassword
field is set. Default isfalse
. - honorific
Prefix String - User profile property.
- honorific
Suffix String - User profile property.
- locale String
- User profile property.
- manager String
- User profile property.
- manager
Id String - User profile property.
- middle
Name String - User profile property.
- mobile
Phone String - User profile property.
- nick
Name String - User profile property.
- old
Password String - Old user password. IMPORTANT: Should be ONLY set in case the password was changed
outside the provider. After successful password change this field should be removed and
password
field should be used for further changes. - organization String
- User profile property.
- password String
- User password.
- password
Hash Property Map - Specifies a hashed password to import into Okta.
- password
Inline StringHook - Specifies that a Password Import Inline Hook should be triggered to handle verification
of the user's password the first time the user logs in. This allows an existing password to be imported into Okta directly
from some other store. When updating a user with a password hook the user must be in the
STAGED
status. Thepassword
field should not be specified when using Password Import Inline Hook. - postal
Address String - User profile property.
- preferred
Language String - User profile property.
- primary
Phone String - User profile property.
- profile
Url String - User profile property.
- recovery
Answer String - User password recovery answer.
password hash
- (Optional) Specifies a hashed password to import into Okta. When updating a user with a hashed password the user must be in theSTAGED
status.algorithm"
- (Required) The algorithm used to generate the hash using the password (and salt, when applicable). Must be set to BCRYPT, SHA-512, SHA-256, SHA-1 or MD5.
- recovery
Question String - User password recovery question.
- second
Email String - User profile property.
- skip
Roles Boolean - Do not populate user roles information (prevents additional API call)
- state String
- User profile property.
- status String
- User profile property. Valid values are "ACTIVE", "DEPROVISIONED", "STAGED", "SUSPENDED"
- street
Address String - User profile property.
- timezone String
- User profile property.
- title String
- User profile property.
- user
Type String - User profile property.
- zip
Code String - User profile property.
Outputs
All input properties are implicitly available as output properties. Additionally, the User resource produces the following output properties:
- id str
- The provider-assigned unique ID for this managed resource.
- raw_
status str - The raw status of the User in Okta - (status is mapped)
Look up Existing User Resource
Get an existing User resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: UserState, opts?: CustomResourceOptions): User
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
city: Optional[str] = None,
cost_center: Optional[str] = None,
country_code: Optional[str] = None,
custom_profile_attributes: Optional[str] = None,
custom_profile_attributes_to_ignores: Optional[Sequence[str]] = None,
department: Optional[str] = None,
display_name: Optional[str] = None,
division: Optional[str] = None,
email: Optional[str] = None,
employee_number: Optional[str] = None,
expire_password_on_create: Optional[bool] = None,
first_name: Optional[str] = None,
honorific_prefix: Optional[str] = None,
honorific_suffix: Optional[str] = None,
last_name: Optional[str] = None,
locale: Optional[str] = None,
login: Optional[str] = None,
manager: Optional[str] = None,
manager_id: Optional[str] = None,
middle_name: Optional[str] = None,
mobile_phone: Optional[str] = None,
nick_name: Optional[str] = None,
old_password: Optional[str] = None,
organization: Optional[str] = None,
password: Optional[str] = None,
password_hash: Optional[UserPasswordHashArgs] = None,
password_inline_hook: Optional[str] = None,
postal_address: Optional[str] = None,
preferred_language: Optional[str] = None,
primary_phone: Optional[str] = None,
profile_url: Optional[str] = None,
raw_status: Optional[str] = None,
recovery_answer: Optional[str] = None,
recovery_question: Optional[str] = None,
second_email: Optional[str] = None,
skip_roles: Optional[bool] = None,
state: Optional[str] = None,
status: Optional[str] = None,
street_address: Optional[str] = None,
timezone: Optional[str] = None,
title: Optional[str] = None,
user_type: Optional[str] = None,
zip_code: Optional[str] = None) -> User
func GetUser(ctx *Context, name string, id IDInput, state *UserState, opts ...ResourceOption) (*User, error)
public static User Get(string name, Input<string> id, UserState? state, CustomResourceOptions? opts = null)
public static User get(String name, Output<String> id, UserState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- City string
- User profile property.
- Cost
Center string - User profile property.
- Country
Code string - User profile property.
- Custom
Profile stringAttributes - raw JSON containing all custom profile attributes.
- Custom
Profile List<string>Attributes To Ignores - List of custom_profile_attribute keys that should be excluded from being managed by Terraform. This is useful in situations where specific custom fields may contain sensitive information and should be managed outside of Terraform.
- Department string
- User profile property.
- Display
Name string - User profile property.
- Division string
- User profile property.
- Email string
- User profile property.
- Employee
Number string - User profile property.
- Expire
Password boolOn Create - If set to
true
, the user will have to change the password at the next login. This property will be used when user is being created and works only whenpassword
field is set. Default isfalse
. - First
Name string - User's First Name, required by default.
- Honorific
Prefix string - User profile property.
- Honorific
Suffix string - User profile property.
- Last
Name string - User's Last Name, required by default.
- Locale string
- User profile property.
- Login string
- User profile property.
- Manager string
- User profile property.
- Manager
Id string - User profile property.
- Middle
Name string - User profile property.
- Mobile
Phone string - User profile property.
- Nick
Name string - User profile property.
- Old
Password string - Old user password. IMPORTANT: Should be ONLY set in case the password was changed
outside the provider. After successful password change this field should be removed and
password
field should be used for further changes. - Organization string
- User profile property.
- Password string
- User password.
- Password
Hash UserPassword Hash - Specifies a hashed password to import into Okta.
- Password
Inline stringHook - Specifies that a Password Import Inline Hook should be triggered to handle verification
of the user's password the first time the user logs in. This allows an existing password to be imported into Okta directly
from some other store. When updating a user with a password hook the user must be in the
STAGED
status. Thepassword
field should not be specified when using Password Import Inline Hook. - Postal
Address string - User profile property.
- Preferred
Language string - User profile property.
- Primary
Phone string - User profile property.
- Profile
Url string - User profile property.
- Raw
Status string - The raw status of the User in Okta - (status is mapped)
- Recovery
Answer string - User password recovery answer.
password hash
- (Optional) Specifies a hashed password to import into Okta. When updating a user with a hashed password the user must be in theSTAGED
status.algorithm"
- (Required) The algorithm used to generate the hash using the password (and salt, when applicable). Must be set to BCRYPT, SHA-512, SHA-256, SHA-1 or MD5.
- Recovery
Question string - User password recovery question.
- Second
Email string - User profile property.
- Skip
Roles bool - Do not populate user roles information (prevents additional API call)
- State string
- User profile property.
- Status string
- User profile property. Valid values are "ACTIVE", "DEPROVISIONED", "STAGED", "SUSPENDED"
- Street
Address string - User profile property.
- Timezone string
- User profile property.
- Title string
- User profile property.
- User
Type string - User profile property.
- Zip
Code string - User profile property.
- City string
- User profile property.
- Cost
Center string - User profile property.
- Country
Code string - User profile property.
- Custom
Profile stringAttributes - raw JSON containing all custom profile attributes.
- Custom
Profile []stringAttributes To Ignores - List of custom_profile_attribute keys that should be excluded from being managed by Terraform. This is useful in situations where specific custom fields may contain sensitive information and should be managed outside of Terraform.
- Department string
- User profile property.
- Display
Name string - User profile property.
- Division string
- User profile property.
- Email string
- User profile property.
- Employee
Number string - User profile property.
- Expire
Password boolOn Create - If set to
true
, the user will have to change the password at the next login. This property will be used when user is being created and works only whenpassword
field is set. Default isfalse
. - First
Name string - User's First Name, required by default.
- Honorific
Prefix string - User profile property.
- Honorific
Suffix string - User profile property.
- Last
Name string - User's Last Name, required by default.
- Locale string
- User profile property.
- Login string
- User profile property.
- Manager string
- User profile property.
- Manager
Id string - User profile property.
- Middle
Name string - User profile property.
- Mobile
Phone string - User profile property.
- Nick
Name string - User profile property.
- Old
Password string - Old user password. IMPORTANT: Should be ONLY set in case the password was changed
outside the provider. After successful password change this field should be removed and
password
field should be used for further changes. - Organization string
- User profile property.
- Password string
- User password.
- Password
Hash UserPassword Hash Args - Specifies a hashed password to import into Okta.
- Password
Inline stringHook - Specifies that a Password Import Inline Hook should be triggered to handle verification
of the user's password the first time the user logs in. This allows an existing password to be imported into Okta directly
from some other store. When updating a user with a password hook the user must be in the
STAGED
status. Thepassword
field should not be specified when using Password Import Inline Hook. - Postal
Address string - User profile property.
- Preferred
Language string - User profile property.
- Primary
Phone string - User profile property.
- Profile
Url string - User profile property.
- Raw
Status string - The raw status of the User in Okta - (status is mapped)
- Recovery
Answer string - User password recovery answer.
password hash
- (Optional) Specifies a hashed password to import into Okta. When updating a user with a hashed password the user must be in theSTAGED
status.algorithm"
- (Required) The algorithm used to generate the hash using the password (and salt, when applicable). Must be set to BCRYPT, SHA-512, SHA-256, SHA-1 or MD5.
- Recovery
Question string - User password recovery question.
- Second
Email string - User profile property.
- Skip
Roles bool - Do not populate user roles information (prevents additional API call)
- State string
- User profile property.
- Status string
- User profile property. Valid values are "ACTIVE", "DEPROVISIONED", "STAGED", "SUSPENDED"
- Street
Address string - User profile property.
- Timezone string
- User profile property.
- Title string
- User profile property.
- User
Type string - User profile property.
- Zip
Code string - User profile property.
- city String
- User profile property.
- cost
Center String - User profile property.
- country
Code String - User profile property.
- custom
Profile StringAttributes - raw JSON containing all custom profile attributes.
- custom
Profile List<String>Attributes To Ignores - List of custom_profile_attribute keys that should be excluded from being managed by Terraform. This is useful in situations where specific custom fields may contain sensitive information and should be managed outside of Terraform.
- department String
- User profile property.
- display
Name String - User profile property.
- division String
- User profile property.
- email String
- User profile property.
- employee
Number String - User profile property.
- expire
Password BooleanOn Create - If set to
true
, the user will have to change the password at the next login. This property will be used when user is being created and works only whenpassword
field is set. Default isfalse
. - first
Name String - User's First Name, required by default.
- honorific
Prefix String - User profile property.
- honorific
Suffix String - User profile property.
- last
Name String - User's Last Name, required by default.
- locale String
- User profile property.
- login String
- User profile property.
- manager String
- User profile property.
- manager
Id String - User profile property.
- middle
Name String - User profile property.
- mobile
Phone String - User profile property.
- nick
Name String - User profile property.
- old
Password String - Old user password. IMPORTANT: Should be ONLY set in case the password was changed
outside the provider. After successful password change this field should be removed and
password
field should be used for further changes. - organization String
- User profile property.
- password String
- User password.
- password
Hash UserPassword Hash - Specifies a hashed password to import into Okta.
- password
Inline StringHook - Specifies that a Password Import Inline Hook should be triggered to handle verification
of the user's password the first time the user logs in. This allows an existing password to be imported into Okta directly
from some other store. When updating a user with a password hook the user must be in the
STAGED
status. Thepassword
field should not be specified when using Password Import Inline Hook. - postal
Address String - User profile property.
- preferred
Language String - User profile property.
- primary
Phone String - User profile property.
- profile
Url String - User profile property.
- raw
Status String - The raw status of the User in Okta - (status is mapped)
- recovery
Answer String - User password recovery answer.
password hash
- (Optional) Specifies a hashed password to import into Okta. When updating a user with a hashed password the user must be in theSTAGED
status.algorithm"
- (Required) The algorithm used to generate the hash using the password (and salt, when applicable). Must be set to BCRYPT, SHA-512, SHA-256, SHA-1 or MD5.
- recovery
Question String - User password recovery question.
- second
Email String - User profile property.
- skip
Roles Boolean - Do not populate user roles information (prevents additional API call)
- state String
- User profile property.
- status String
- User profile property. Valid values are "ACTIVE", "DEPROVISIONED", "STAGED", "SUSPENDED"
- street
Address String - User profile property.
- timezone String
- User profile property.
- title String
- User profile property.
- user
Type String - User profile property.
- zip
Code String - User profile property.
- city string
- User profile property.
- cost
Center string - User profile property.
- country
Code string - User profile property.
- custom
Profile stringAttributes - raw JSON containing all custom profile attributes.
- custom
Profile string[]Attributes To Ignores - List of custom_profile_attribute keys that should be excluded from being managed by Terraform. This is useful in situations where specific custom fields may contain sensitive information and should be managed outside of Terraform.
- department string
- User profile property.
- display
Name string - User profile property.
- division string
- User profile property.
- email string
- User profile property.
- employee
Number string - User profile property.
- expire
Password booleanOn Create - If set to
true
, the user will have to change the password at the next login. This property will be used when user is being created and works only whenpassword
field is set. Default isfalse
. - first
Name string - User's First Name, required by default.
- honorific
Prefix string - User profile property.
- honorific
Suffix string - User profile property.
- last
Name string - User's Last Name, required by default.
- locale string
- User profile property.
- login string
- User profile property.
- manager string
- User profile property.
- manager
Id string - User profile property.
- middle
Name string - User profile property.
- mobile
Phone string - User profile property.
- nick
Name string - User profile property.
- old
Password string - Old user password. IMPORTANT: Should be ONLY set in case the password was changed
outside the provider. After successful password change this field should be removed and
password
field should be used for further changes. - organization string
- User profile property.
- password string
- User password.
- password
Hash UserPassword Hash - Specifies a hashed password to import into Okta.
- password
Inline stringHook - Specifies that a Password Import Inline Hook should be triggered to handle verification
of the user's password the first time the user logs in. This allows an existing password to be imported into Okta directly
from some other store. When updating a user with a password hook the user must be in the
STAGED
status. Thepassword
field should not be specified when using Password Import Inline Hook. - postal
Address string - User profile property.
- preferred
Language string - User profile property.
- primary
Phone string - User profile property.
- profile
Url string - User profile property.
- raw
Status string - The raw status of the User in Okta - (status is mapped)
- recovery
Answer string - User password recovery answer.
password hash
- (Optional) Specifies a hashed password to import into Okta. When updating a user with a hashed password the user must be in theSTAGED
status.algorithm"
- (Required) The algorithm used to generate the hash using the password (and salt, when applicable). Must be set to BCRYPT, SHA-512, SHA-256, SHA-1 or MD5.
- recovery
Question string - User password recovery question.
- second
Email string - User profile property.
- skip
Roles boolean - Do not populate user roles information (prevents additional API call)
- state string
- User profile property.
- status string
- User profile property. Valid values are "ACTIVE", "DEPROVISIONED", "STAGED", "SUSPENDED"
- street
Address string - User profile property.
- timezone string
- User profile property.
- title string
- User profile property.
- user
Type string - User profile property.
- zip
Code string - User profile property.
- city str
- User profile property.
- cost_
center str - User profile property.
- country_
code str - User profile property.
- custom_
profile_ strattributes - raw JSON containing all custom profile attributes.
- custom_
profile_ Sequence[str]attributes_ to_ ignores - List of custom_profile_attribute keys that should be excluded from being managed by Terraform. This is useful in situations where specific custom fields may contain sensitive information and should be managed outside of Terraform.
- department str
- User profile property.
- display_
name str - User profile property.
- division str
- User profile property.
- email str
- User profile property.
- employee_
number str - User profile property.
- expire_
password_ boolon_ create - If set to
true
, the user will have to change the password at the next login. This property will be used when user is being created and works only whenpassword
field is set. Default isfalse
. - first_
name str - User's First Name, required by default.
- honorific_
prefix str - User profile property.
- honorific_
suffix str - User profile property.
- last_
name str - User's Last Name, required by default.
- locale str
- User profile property.
- login str
- User profile property.
- manager str
- User profile property.
- manager_
id str - User profile property.
- middle_
name str - User profile property.
- mobile_
phone str - User profile property.
- nick_
name str - User profile property.
- old_
password str - Old user password. IMPORTANT: Should be ONLY set in case the password was changed
outside the provider. After successful password change this field should be removed and
password
field should be used for further changes. - organization str
- User profile property.
- password str
- User password.
- password_
hash UserPassword Hash Args - Specifies a hashed password to import into Okta.
- password_
inline_ strhook - Specifies that a Password Import Inline Hook should be triggered to handle verification
of the user's password the first time the user logs in. This allows an existing password to be imported into Okta directly
from some other store. When updating a user with a password hook the user must be in the
STAGED
status. Thepassword
field should not be specified when using Password Import Inline Hook. - postal_
address str - User profile property.
- preferred_
language str - User profile property.
- primary_
phone str - User profile property.
- profile_
url str - User profile property.
- raw_
status str - The raw status of the User in Okta - (status is mapped)
- recovery_
answer str - User password recovery answer.
password hash
- (Optional) Specifies a hashed password to import into Okta. When updating a user with a hashed password the user must be in theSTAGED
status.algorithm"
- (Required) The algorithm used to generate the hash using the password (and salt, when applicable). Must be set to BCRYPT, SHA-512, SHA-256, SHA-1 or MD5.
- recovery_
question str - User password recovery question.
- second_
email str - User profile property.
- skip_
roles bool - Do not populate user roles information (prevents additional API call)
- state str
- User profile property.
- status str
- User profile property. Valid values are "ACTIVE", "DEPROVISIONED", "STAGED", "SUSPENDED"
- street_
address str - User profile property.
- timezone str
- User profile property.
- title str
- User profile property.
- user_
type str - User profile property.
- zip_
code str - User profile property.
- city String
- User profile property.
- cost
Center String - User profile property.
- country
Code String - User profile property.
- custom
Profile StringAttributes - raw JSON containing all custom profile attributes.
- custom
Profile List<String>Attributes To Ignores - List of custom_profile_attribute keys that should be excluded from being managed by Terraform. This is useful in situations where specific custom fields may contain sensitive information and should be managed outside of Terraform.
- department String
- User profile property.
- display
Name String - User profile property.
- division String
- User profile property.
- email String
- User profile property.
- employee
Number String - User profile property.
- expire
Password BooleanOn Create - If set to
true
, the user will have to change the password at the next login. This property will be used when user is being created and works only whenpassword
field is set. Default isfalse
. - first
Name String - User's First Name, required by default.
- honorific
Prefix String - User profile property.
- honorific
Suffix String - User profile property.
- last
Name String - User's Last Name, required by default.
- locale String
- User profile property.
- login String
- User profile property.
- manager String
- User profile property.
- manager
Id String - User profile property.
- middle
Name String - User profile property.
- mobile
Phone String - User profile property.
- nick
Name String - User profile property.
- old
Password String - Old user password. IMPORTANT: Should be ONLY set in case the password was changed
outside the provider. After successful password change this field should be removed and
password
field should be used for further changes. - organization String
- User profile property.
- password String
- User password.
- password
Hash Property Map - Specifies a hashed password to import into Okta.
- password
Inline StringHook - Specifies that a Password Import Inline Hook should be triggered to handle verification
of the user's password the first time the user logs in. This allows an existing password to be imported into Okta directly
from some other store. When updating a user with a password hook the user must be in the
STAGED
status. Thepassword
field should not be specified when using Password Import Inline Hook. - postal
Address String - User profile property.
- preferred
Language String - User profile property.
- primary
Phone String - User profile property.
- profile
Url String - User profile property.
- raw
Status String - The raw status of the User in Okta - (status is mapped)
- recovery
Answer String - User password recovery answer.
password hash
- (Optional) Specifies a hashed password to import into Okta. When updating a user with a hashed password the user must be in theSTAGED
status.algorithm"
- (Required) The algorithm used to generate the hash using the password (and salt, when applicable). Must be set to BCRYPT, SHA-512, SHA-256, SHA-1 or MD5.
- recovery
Question String - User password recovery question.
- second
Email String - User profile property.
- skip
Roles Boolean - Do not populate user roles information (prevents additional API call)
- state String
- User profile property.
- status String
- User profile property. Valid values are "ACTIVE", "DEPROVISIONED", "STAGED", "SUSPENDED"
- street
Address String - User profile property.
- timezone String
- User profile property.
- title String
- User profile property.
- user
Type String - User profile property.
- zip
Code String - User profile property.
Supporting Types
UserPasswordHash, UserPasswordHashArgs
- Algorithm string
- The algorithm used to generate the hash using the password
- Value string
- For SHA-512, SHA-256, SHA-1, MD5, this is the actual base64-encoded hash of the password (and salt, if used). This is the Base64 encoded value of the SHA-512/SHA-256/SHA-1/MD5 digest that was computed by either pre-fixing or post-fixing the salt to the password, depending on the saltOrder. If a salt was not used in the source system, then this should just be the Base64 encoded value of the password's SHA-512/SHA-256/SHA-1/MD5 digest. For BCRYPT, This is the actual radix64-encoded hashed password.
- Salt string
- Only required for salted hashes. For BCRYPT, this specifies the radix64-encoded salt used to generate the hash, which must be 22 characters long. For other salted hashes, this specifies the base64-encoded salt used to generate the hash.
- Salt
Order string - Specifies whether salt was pre- or postfixed to the password before hashing. Only required for salted algorithms.
- Work
Factor int - Governs the strength of the hash and the time required to compute it. Only required for BCRYPT algorithm. Minimum value is 1, and maximum is 20.
- Algorithm string
- The algorithm used to generate the hash using the password
- Value string
- For SHA-512, SHA-256, SHA-1, MD5, this is the actual base64-encoded hash of the password (and salt, if used). This is the Base64 encoded value of the SHA-512/SHA-256/SHA-1/MD5 digest that was computed by either pre-fixing or post-fixing the salt to the password, depending on the saltOrder. If a salt was not used in the source system, then this should just be the Base64 encoded value of the password's SHA-512/SHA-256/SHA-1/MD5 digest. For BCRYPT, This is the actual radix64-encoded hashed password.
- Salt string
- Only required for salted hashes. For BCRYPT, this specifies the radix64-encoded salt used to generate the hash, which must be 22 characters long. For other salted hashes, this specifies the base64-encoded salt used to generate the hash.
- Salt
Order string - Specifies whether salt was pre- or postfixed to the password before hashing. Only required for salted algorithms.
- Work
Factor int - Governs the strength of the hash and the time required to compute it. Only required for BCRYPT algorithm. Minimum value is 1, and maximum is 20.
- algorithm String
- The algorithm used to generate the hash using the password
- value String
- For SHA-512, SHA-256, SHA-1, MD5, this is the actual base64-encoded hash of the password (and salt, if used). This is the Base64 encoded value of the SHA-512/SHA-256/SHA-1/MD5 digest that was computed by either pre-fixing or post-fixing the salt to the password, depending on the saltOrder. If a salt was not used in the source system, then this should just be the Base64 encoded value of the password's SHA-512/SHA-256/SHA-1/MD5 digest. For BCRYPT, This is the actual radix64-encoded hashed password.
- salt String
- Only required for salted hashes. For BCRYPT, this specifies the radix64-encoded salt used to generate the hash, which must be 22 characters long. For other salted hashes, this specifies the base64-encoded salt used to generate the hash.
- salt
Order String - Specifies whether salt was pre- or postfixed to the password before hashing. Only required for salted algorithms.
- work
Factor Integer - Governs the strength of the hash and the time required to compute it. Only required for BCRYPT algorithm. Minimum value is 1, and maximum is 20.
- algorithm string
- The algorithm used to generate the hash using the password
- value string
- For SHA-512, SHA-256, SHA-1, MD5, this is the actual base64-encoded hash of the password (and salt, if used). This is the Base64 encoded value of the SHA-512/SHA-256/SHA-1/MD5 digest that was computed by either pre-fixing or post-fixing the salt to the password, depending on the saltOrder. If a salt was not used in the source system, then this should just be the Base64 encoded value of the password's SHA-512/SHA-256/SHA-1/MD5 digest. For BCRYPT, This is the actual radix64-encoded hashed password.
- salt string
- Only required for salted hashes. For BCRYPT, this specifies the radix64-encoded salt used to generate the hash, which must be 22 characters long. For other salted hashes, this specifies the base64-encoded salt used to generate the hash.
- salt
Order string - Specifies whether salt was pre- or postfixed to the password before hashing. Only required for salted algorithms.
- work
Factor number - Governs the strength of the hash and the time required to compute it. Only required for BCRYPT algorithm. Minimum value is 1, and maximum is 20.
- algorithm str
- The algorithm used to generate the hash using the password
- value str
- For SHA-512, SHA-256, SHA-1, MD5, this is the actual base64-encoded hash of the password (and salt, if used). This is the Base64 encoded value of the SHA-512/SHA-256/SHA-1/MD5 digest that was computed by either pre-fixing or post-fixing the salt to the password, depending on the saltOrder. If a salt was not used in the source system, then this should just be the Base64 encoded value of the password's SHA-512/SHA-256/SHA-1/MD5 digest. For BCRYPT, This is the actual radix64-encoded hashed password.
- salt str
- Only required for salted hashes. For BCRYPT, this specifies the radix64-encoded salt used to generate the hash, which must be 22 characters long. For other salted hashes, this specifies the base64-encoded salt used to generate the hash.
- salt_
order str - Specifies whether salt was pre- or postfixed to the password before hashing. Only required for salted algorithms.
- work_
factor int - Governs the strength of the hash and the time required to compute it. Only required for BCRYPT algorithm. Minimum value is 1, and maximum is 20.
- algorithm String
- The algorithm used to generate the hash using the password
- value String
- For SHA-512, SHA-256, SHA-1, MD5, this is the actual base64-encoded hash of the password (and salt, if used). This is the Base64 encoded value of the SHA-512/SHA-256/SHA-1/MD5 digest that was computed by either pre-fixing or post-fixing the salt to the password, depending on the saltOrder. If a salt was not used in the source system, then this should just be the Base64 encoded value of the password's SHA-512/SHA-256/SHA-1/MD5 digest. For BCRYPT, This is the actual radix64-encoded hashed password.
- salt String
- Only required for salted hashes. For BCRYPT, this specifies the radix64-encoded salt used to generate the hash, which must be 22 characters long. For other salted hashes, this specifies the base64-encoded salt used to generate the hash.
- salt
Order String - Specifies whether salt was pre- or postfixed to the password before hashing. Only required for salted algorithms.
- work
Factor Number - Governs the strength of the hash and the time required to compute it. Only required for BCRYPT algorithm. Minimum value is 1, and maximum is 20.
Import
An Okta User can be imported via the ID.
$ pulumi import okta:user/user:User example <user id>
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Okta pulumi/pulumi-okta
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
okta
Terraform Provider.