StrongDM v1.32.0 published on Monday, Oct 13, 2025 by Piers Karsenbarg
StrongDM v1.32.0 published on Monday, Oct 13, 2025 by Piers Karsenbarg
Accounts are users that have access to strongDM. The types of accounts are:
- Users: humans who are authenticated through username and password or SSO.
- Service Accounts: machines that are authenticated using a service token.
- Tokens are access keys with permissions that can be used for authentication.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as sdm from "@pierskarsenbarg/sdm";
const user_queries = sdm.getAccount({
email: "*@strongdm.com",
tags: {
env: "dev",
region: "us-west",
},
type: "user",
});
const api_key_queries = sdm.getAccount({
name: "*-dev",
type: "api",
});
const admin_token_queries = sdm.getAccount({
name: "*-prod",
type: "admin-token",
});
import pulumi
import pulumi_sdm as sdm
user_queries = sdm.get_account(email="*@strongdm.com",
tags={
"env": "dev",
"region": "us-west",
},
type="user")
api_key_queries = sdm.get_account(name="*-dev",
type="api")
admin_token_queries = sdm.get_account(name="*-prod",
type="admin-token")
package main
import (
"github.com/pierskarsenbarg/pulumi-sdm/sdk/go/sdm"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := sdm.LookupAccount(ctx, &sdm.LookupAccountArgs{
Email: pulumi.StringRef("*@strongdm.com"),
Tags: map[string]interface{}{
"env": "dev",
"region": "us-west",
},
Type: pulumi.StringRef("user"),
}, nil)
if err != nil {
return err
}
_, err = sdm.LookupAccount(ctx, &sdm.LookupAccountArgs{
Name: pulumi.StringRef("*-dev"),
Type: pulumi.StringRef("api"),
}, nil)
if err != nil {
return err
}
_, err = sdm.LookupAccount(ctx, &sdm.LookupAccountArgs{
Name: pulumi.StringRef("*-prod"),
Type: pulumi.StringRef("admin-token"),
}, nil)
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Sdm = Pulumi.Sdm;
return await Deployment.RunAsync(() =>
{
var user_queries = Sdm.GetAccount.Invoke(new()
{
Email = "*@strongdm.com",
Tags =
{
{ "env", "dev" },
{ "region", "us-west" },
},
Type = "user",
});
var api_key_queries = Sdm.GetAccount.Invoke(new()
{
Name = "*-dev",
Type = "api",
});
var admin_token_queries = Sdm.GetAccount.Invoke(new()
{
Name = "*-prod",
Type = "admin-token",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.sdm.SdmFunctions;
import com.pulumi.sdm.inputs.GetAccountArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var user-queries = SdmFunctions.getAccount(GetAccountArgs.builder()
.email("*@strongdm.com")
.tags(Map.ofEntries(
Map.entry("env", "dev"),
Map.entry("region", "us-west")
))
.type("user")
.build());
final var api-key-queries = SdmFunctions.getAccount(GetAccountArgs.builder()
.name("*-dev")
.type("api")
.build());
final var admin-token-queries = SdmFunctions.getAccount(GetAccountArgs.builder()
.name("*-prod")
.type("admin-token")
.build());
}
}
variables:
user-queries:
fn::invoke:
function: sdm:getAccount
arguments:
email: '*@strongdm.com'
tags:
env: dev
region: us-west
type: user
api-key-queries:
fn::invoke:
function: sdm:getAccount
arguments:
name: '*-dev'
type: api
admin-token-queries:
fn::invoke:
function: sdm:getAccount
arguments:
name: '*-prod'
type: admin-token
Using getAccount
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getAccount(args: GetAccountArgs, opts?: InvokeOptions): Promise<GetAccountResult>
function getAccountOutput(args: GetAccountOutputArgs, opts?: InvokeOptions): Output<GetAccountResult>def get_account(account_type: Optional[str] = None,
email: Optional[str] = None,
external_id: Optional[str] = None,
first_name: Optional[str] = None,
id: Optional[str] = None,
last_name: Optional[str] = None,
manager_id: Optional[str] = None,
name: Optional[str] = None,
permission_level: Optional[str] = None,
permissions: Optional[str] = None,
suspended: Optional[bool] = None,
tags: Optional[Mapping[str, str]] = None,
type: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetAccountResult
def get_account_output(account_type: Optional[pulumi.Input[str]] = None,
email: Optional[pulumi.Input[str]] = None,
external_id: Optional[pulumi.Input[str]] = None,
first_name: Optional[pulumi.Input[str]] = None,
id: Optional[pulumi.Input[str]] = None,
last_name: Optional[pulumi.Input[str]] = None,
manager_id: Optional[pulumi.Input[str]] = None,
name: Optional[pulumi.Input[str]] = None,
permission_level: Optional[pulumi.Input[str]] = None,
permissions: Optional[pulumi.Input[str]] = None,
suspended: Optional[pulumi.Input[bool]] = None,
tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
type: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetAccountResult]func LookupAccount(ctx *Context, args *LookupAccountArgs, opts ...InvokeOption) (*LookupAccountResult, error)
func LookupAccountOutput(ctx *Context, args *LookupAccountOutputArgs, opts ...InvokeOption) LookupAccountResultOutput> Note: This function is named LookupAccount in the Go SDK.
public static class GetAccount
{
public static Task<GetAccountResult> InvokeAsync(GetAccountArgs args, InvokeOptions? opts = null)
public static Output<GetAccountResult> Invoke(GetAccountInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetAccountResult> getAccount(GetAccountArgs args, InvokeOptions options)
public static Output<GetAccountResult> getAccount(GetAccountArgs args, InvokeOptions options)
fn::invoke:
function: sdm:index/getAccount:getAccount
arguments:
# arguments dictionaryThe following arguments are supported:
- Account
Type string - Corresponds to the type of token, e.g. api or admin-token.
- Email string
- The User's email address. Must be unique.
- External
Id string - External ID is an alternative unique ID this user is represented by within an external service.
- First
Name string - The User's first name.
- Id string
- Unique identifier of the User.
- Last
Name string - The User's last name.
- Manager
Id string - Manager ID is the ID of the user's manager. This field is empty when the user has no manager.
- Name string
- Unique human-readable name of the Token.
- Permission
Level string - PermissionLevel is the user's permission level e.g. admin, DBA, user.
- Permissions string
- Permissions assigned to the token, e.g. role:create.
- Suspended bool
- Reserved for future use. Always false for tokens.
- Dictionary<string, string>
- Tags is a map of key, value pairs.
- Type string
- a filter to select all items of a certain subtype. See the filter documentation for more information.
- Account
Type string - Corresponds to the type of token, e.g. api or admin-token.
- Email string
- The User's email address. Must be unique.
- External
Id string - External ID is an alternative unique ID this user is represented by within an external service.
- First
Name string - The User's first name.
- Id string
- Unique identifier of the User.
- Last
Name string - The User's last name.
- Manager
Id string - Manager ID is the ID of the user's manager. This field is empty when the user has no manager.
- Name string
- Unique human-readable name of the Token.
- Permission
Level string - PermissionLevel is the user's permission level e.g. admin, DBA, user.
- Permissions string
- Permissions assigned to the token, e.g. role:create.
- Suspended bool
- Reserved for future use. Always false for tokens.
- map[string]string
- Tags is a map of key, value pairs.
- Type string
- a filter to select all items of a certain subtype. See the filter documentation for more information.
- account
Type String - Corresponds to the type of token, e.g. api or admin-token.
- email String
- The User's email address. Must be unique.
- external
Id String - External ID is an alternative unique ID this user is represented by within an external service.
- first
Name String - The User's first name.
- id String
- Unique identifier of the User.
- last
Name String - The User's last name.
- manager
Id String - Manager ID is the ID of the user's manager. This field is empty when the user has no manager.
- name String
- Unique human-readable name of the Token.
- permission
Level String - PermissionLevel is the user's permission level e.g. admin, DBA, user.
- permissions String
- Permissions assigned to the token, e.g. role:create.
- suspended Boolean
- Reserved for future use. Always false for tokens.
- Map<String,String>
- Tags is a map of key, value pairs.
- type String
- a filter to select all items of a certain subtype. See the filter documentation for more information.
- account
Type string - Corresponds to the type of token, e.g. api or admin-token.
- email string
- The User's email address. Must be unique.
- external
Id string - External ID is an alternative unique ID this user is represented by within an external service.
- first
Name string - The User's first name.
- id string
- Unique identifier of the User.
- last
Name string - The User's last name.
- manager
Id string - Manager ID is the ID of the user's manager. This field is empty when the user has no manager.
- name string
- Unique human-readable name of the Token.
- permission
Level string - PermissionLevel is the user's permission level e.g. admin, DBA, user.
- permissions string
- Permissions assigned to the token, e.g. role:create.
- suspended boolean
- Reserved for future use. Always false for tokens.
- {[key: string]: string}
- Tags is a map of key, value pairs.
- type string
- a filter to select all items of a certain subtype. See the filter documentation for more information.
- account_
type str - Corresponds to the type of token, e.g. api or admin-token.
- email str
- The User's email address. Must be unique.
- external_
id str - External ID is an alternative unique ID this user is represented by within an external service.
- first_
name str - The User's first name.
- id str
- Unique identifier of the User.
- last_
name str - The User's last name.
- manager_
id str - Manager ID is the ID of the user's manager. This field is empty when the user has no manager.
- name str
- Unique human-readable name of the Token.
- permission_
level str - PermissionLevel is the user's permission level e.g. admin, DBA, user.
- permissions str
- Permissions assigned to the token, e.g. role:create.
- suspended bool
- Reserved for future use. Always false for tokens.
- Mapping[str, str]
- Tags is a map of key, value pairs.
- type str
- a filter to select all items of a certain subtype. See the filter documentation for more information.
- account
Type String - Corresponds to the type of token, e.g. api or admin-token.
- email String
- The User's email address. Must be unique.
- external
Id String - External ID is an alternative unique ID this user is represented by within an external service.
- first
Name String - The User's first name.
- id String
- Unique identifier of the User.
- last
Name String - The User's last name.
- manager
Id String - Manager ID is the ID of the user's manager. This field is empty when the user has no manager.
- name String
- Unique human-readable name of the Token.
- permission
Level String - PermissionLevel is the user's permission level e.g. admin, DBA, user.
- permissions String
- Permissions assigned to the token, e.g. role:create.
- suspended Boolean
- Reserved for future use. Always false for tokens.
- Map<String>
- Tags is a map of key, value pairs.
- type String
- a filter to select all items of a certain subtype. See the filter documentation for more information.
getAccount Result
The following output properties are available:
- Accounts
List<Piers
Karsenbarg. Sdm. Outputs. Get Account Account> - A single element list containing a map, where each key lists one of the following objects:
- service:
- Ids List<string>
- a list of strings of ids of data sources that match the given arguments.
- Account
Type string - Corresponds to the type of token, e.g. api or admin-token.
- Email string
- The User's email address. Must be unique.
- External
Id string - External ID is an alternative unique ID this user is represented by within an external service.
- First
Name string - The User's first name.
- Id string
- Unique identifier of the User.
- Last
Name string - The User's last name.
- Manager
Id string - Manager ID is the ID of the user's manager. This field is empty when the user has no manager.
- Name string
- Unique human-readable name of the Token.
- Permission
Level string - PermissionLevel is the user's permission level e.g. admin, DBA, user.
- Permissions string
- Permissions assigned to the token, e.g. role:create.
- Suspended bool
- Suspended is a read only field for the User's suspended state.
- Dictionary<string, string>
- Tags is a map of key, value pairs.
- Type string
- Accounts
[]Get
Account Account - A single element list containing a map, where each key lists one of the following objects:
- service:
- Ids []string
- a list of strings of ids of data sources that match the given arguments.
- Account
Type string - Corresponds to the type of token, e.g. api or admin-token.
- Email string
- The User's email address. Must be unique.
- External
Id string - External ID is an alternative unique ID this user is represented by within an external service.
- First
Name string - The User's first name.
- Id string
- Unique identifier of the User.
- Last
Name string - The User's last name.
- Manager
Id string - Manager ID is the ID of the user's manager. This field is empty when the user has no manager.
- Name string
- Unique human-readable name of the Token.
- Permission
Level string - PermissionLevel is the user's permission level e.g. admin, DBA, user.
- Permissions string
- Permissions assigned to the token, e.g. role:create.
- Suspended bool
- Suspended is a read only field for the User's suspended state.
- map[string]string
- Tags is a map of key, value pairs.
- Type string
- accounts
List<Get
Account Account> - A single element list containing a map, where each key lists one of the following objects:
- service:
- ids List<String>
- a list of strings of ids of data sources that match the given arguments.
- account
Type String - Corresponds to the type of token, e.g. api or admin-token.
- email String
- The User's email address. Must be unique.
- external
Id String - External ID is an alternative unique ID this user is represented by within an external service.
- first
Name String - The User's first name.
- id String
- Unique identifier of the User.
- last
Name String - The User's last name.
- manager
Id String - Manager ID is the ID of the user's manager. This field is empty when the user has no manager.
- name String
- Unique human-readable name of the Token.
- permission
Level String - PermissionLevel is the user's permission level e.g. admin, DBA, user.
- permissions String
- Permissions assigned to the token, e.g. role:create.
- suspended Boolean
- Suspended is a read only field for the User's suspended state.
- Map<String,String>
- Tags is a map of key, value pairs.
- type String
- accounts
Get
Account Account[] - A single element list containing a map, where each key lists one of the following objects:
- service:
- ids string[]
- a list of strings of ids of data sources that match the given arguments.
- account
Type string - Corresponds to the type of token, e.g. api or admin-token.
- email string
- The User's email address. Must be unique.
- external
Id string - External ID is an alternative unique ID this user is represented by within an external service.
- first
Name string - The User's first name.
- id string
- Unique identifier of the User.
- last
Name string - The User's last name.
- manager
Id string - Manager ID is the ID of the user's manager. This field is empty when the user has no manager.
- name string
- Unique human-readable name of the Token.
- permission
Level string - PermissionLevel is the user's permission level e.g. admin, DBA, user.
- permissions string
- Permissions assigned to the token, e.g. role:create.
- suspended boolean
- Suspended is a read only field for the User's suspended state.
- {[key: string]: string}
- Tags is a map of key, value pairs.
- type string
- accounts
Sequence[Get
Account Account] - A single element list containing a map, where each key lists one of the following objects:
- service:
- ids Sequence[str]
- a list of strings of ids of data sources that match the given arguments.
- account_
type str - Corresponds to the type of token, e.g. api or admin-token.
- email str
- The User's email address. Must be unique.
- external_
id str - External ID is an alternative unique ID this user is represented by within an external service.
- first_
name str - The User's first name.
- id str
- Unique identifier of the User.
- last_
name str - The User's last name.
- manager_
id str - Manager ID is the ID of the user's manager. This field is empty when the user has no manager.
- name str
- Unique human-readable name of the Token.
- permission_
level str - PermissionLevel is the user's permission level e.g. admin, DBA, user.
- permissions str
- Permissions assigned to the token, e.g. role:create.
- suspended bool
- Suspended is a read only field for the User's suspended state.
- Mapping[str, str]
- Tags is a map of key, value pairs.
- type str
- accounts List<Property Map>
- A single element list containing a map, where each key lists one of the following objects:
- service:
- ids List<String>
- a list of strings of ids of data sources that match the given arguments.
- account
Type String - Corresponds to the type of token, e.g. api or admin-token.
- email String
- The User's email address. Must be unique.
- external
Id String - External ID is an alternative unique ID this user is represented by within an external service.
- first
Name String - The User's first name.
- id String
- Unique identifier of the User.
- last
Name String - The User's last name.
- manager
Id String - Manager ID is the ID of the user's manager. This field is empty when the user has no manager.
- name String
- Unique human-readable name of the Token.
- permission
Level String - PermissionLevel is the user's permission level e.g. admin, DBA, user.
- permissions String
- Permissions assigned to the token, e.g. role:create.
- suspended Boolean
- Suspended is a read only field for the User's suspended state.
- Map<String>
- Tags is a map of key, value pairs.
- type String
Supporting Types
GetAccountAccount
- Services
List<Piers
Karsenbarg. Sdm. Inputs. Get Account Account Service> - A Service is a service account that can connect to resources they are granted directly, or granted via roles. Services are typically automated jobs.
- Tokens
List<Piers
Karsenbarg. Sdm. Inputs. Get Account Account Token> - A Token is an account providing tokenized access for automation or integration use. Tokens include admin tokens, API keys, and SCIM tokens.
- Users
List<Piers
Karsenbarg. Sdm. Inputs. Get Account Account User> - A User can connect to resources they are granted directly, or granted via roles.
- Services
[]Get
Account Account Service - A Service is a service account that can connect to resources they are granted directly, or granted via roles. Services are typically automated jobs.
- Tokens
[]Get
Account Account Token - A Token is an account providing tokenized access for automation or integration use. Tokens include admin tokens, API keys, and SCIM tokens.
- Users
[]Get
Account Account User - A User can connect to resources they are granted directly, or granted via roles.
- services
List<Get
Account Account Service> - A Service is a service account that can connect to resources they are granted directly, or granted via roles. Services are typically automated jobs.
- tokens
List<Get
Account Account Token> - A Token is an account providing tokenized access for automation or integration use. Tokens include admin tokens, API keys, and SCIM tokens.
- users
List<Get
Account Account User> - A User can connect to resources they are granted directly, or granted via roles.
- services
Get
Account Account Service[] - A Service is a service account that can connect to resources they are granted directly, or granted via roles. Services are typically automated jobs.
- tokens
Get
Account Account Token[] - A Token is an account providing tokenized access for automation or integration use. Tokens include admin tokens, API keys, and SCIM tokens.
- users
Get
Account Account User[] - A User can connect to resources they are granted directly, or granted via roles.
- services
Sequence[Get
Account Account Service] - A Service is a service account that can connect to resources they are granted directly, or granted via roles. Services are typically automated jobs.
- tokens
Sequence[Get
Account Account Token] - A Token is an account providing tokenized access for automation or integration use. Tokens include admin tokens, API keys, and SCIM tokens.
- users
Sequence[Get
Account Account User] - A User can connect to resources they are granted directly, or granted via roles.
- services List<Property Map>
- A Service is a service account that can connect to resources they are granted directly, or granted via roles. Services are typically automated jobs.
- tokens List<Property Map>
- A Token is an account providing tokenized access for automation or integration use. Tokens include admin tokens, API keys, and SCIM tokens.
- users List<Property Map>
- A User can connect to resources they are granted directly, or granted via roles.
GetAccountAccountService
GetAccountAccountToken
- Account
Type string - Corresponds to the type of token, e.g. api or admin-token.
- Deadline string
- The timestamp when the Token will expire.
- Duration string
- Duration from token creation to expiration.
- Id string
- Unique identifier of the User.
- Name string
- Unique human-readable name of the Token.
- Permissions List<string>
- Permissions assigned to the token, e.g. role:create.
- Rekeyed string
- The timestamp when the Token was last rekeyed.
- Suspended bool
- Reserved for future use. Always false for tokens.
- Dictionary<string, string>
- Tags is a map of key, value pairs.
- Account
Type string - Corresponds to the type of token, e.g. api or admin-token.
- Deadline string
- The timestamp when the Token will expire.
- Duration string
- Duration from token creation to expiration.
- Id string
- Unique identifier of the User.
- Name string
- Unique human-readable name of the Token.
- Permissions []string
- Permissions assigned to the token, e.g. role:create.
- Rekeyed string
- The timestamp when the Token was last rekeyed.
- Suspended bool
- Reserved for future use. Always false for tokens.
- map[string]string
- Tags is a map of key, value pairs.
- account
Type String - Corresponds to the type of token, e.g. api or admin-token.
- deadline String
- The timestamp when the Token will expire.
- duration String
- Duration from token creation to expiration.
- id String
- Unique identifier of the User.
- name String
- Unique human-readable name of the Token.
- permissions List<String>
- Permissions assigned to the token, e.g. role:create.
- rekeyed String
- The timestamp when the Token was last rekeyed.
- suspended Boolean
- Reserved for future use. Always false for tokens.
- Map<String,String>
- Tags is a map of key, value pairs.
- account
Type string - Corresponds to the type of token, e.g. api or admin-token.
- deadline string
- The timestamp when the Token will expire.
- duration string
- Duration from token creation to expiration.
- id string
- Unique identifier of the User.
- name string
- Unique human-readable name of the Token.
- permissions string[]
- Permissions assigned to the token, e.g. role:create.
- rekeyed string
- The timestamp when the Token was last rekeyed.
- suspended boolean
- Reserved for future use. Always false for tokens.
- {[key: string]: string}
- Tags is a map of key, value pairs.
- account_
type str - Corresponds to the type of token, e.g. api or admin-token.
- deadline str
- The timestamp when the Token will expire.
- duration str
- Duration from token creation to expiration.
- id str
- Unique identifier of the User.
- name str
- Unique human-readable name of the Token.
- permissions Sequence[str]
- Permissions assigned to the token, e.g. role:create.
- rekeyed str
- The timestamp when the Token was last rekeyed.
- suspended bool
- Reserved for future use. Always false for tokens.
- Mapping[str, str]
- Tags is a map of key, value pairs.
- account
Type String - Corresponds to the type of token, e.g. api or admin-token.
- deadline String
- The timestamp when the Token will expire.
- duration String
- Duration from token creation to expiration.
- id String
- Unique identifier of the User.
- name String
- Unique human-readable name of the Token.
- permissions List<String>
- Permissions assigned to the token, e.g. role:create.
- rekeyed String
- The timestamp when the Token was last rekeyed.
- suspended Boolean
- Reserved for future use. Always false for tokens.
- Map<String>
- Tags is a map of key, value pairs.
GetAccountAccountUser
- Managed
By string - Managed By is a read only field for what service manages this user, e.g. StrongDM, Okta, Azure.
- Resolved
Manager stringId - Resolved Manager ID is the ID of the user's manager derived from the manager_id, if present, or from the SCIM metadata. This is a read-only field that's only populated for get and list.
- Scim string
- SCIM contains the raw SCIM metadata for the user. This is a read-only field.
- Suspended bool
- Reserved for future use. Always false for tokens.
- Email string
- The User's email address. Must be unique.
- External
Id string - External ID is an alternative unique ID this user is represented by within an external service.
- First
Name string - The User's first name.
- Id string
- Unique identifier of the User.
- Last
Name string - The User's last name.
- Manager
Id string - Manager ID is the ID of the user's manager. This field is empty when the user has no manager.
- Permission
Level string - PermissionLevel is the user's permission level e.g. admin, DBA, user.
- Dictionary<string, string>
- Tags is a map of key, value pairs.
- Managed
By string - Managed By is a read only field for what service manages this user, e.g. StrongDM, Okta, Azure.
- Resolved
Manager stringId - Resolved Manager ID is the ID of the user's manager derived from the manager_id, if present, or from the SCIM metadata. This is a read-only field that's only populated for get and list.
- Scim string
- SCIM contains the raw SCIM metadata for the user. This is a read-only field.
- Suspended bool
- Reserved for future use. Always false for tokens.
- Email string
- The User's email address. Must be unique.
- External
Id string - External ID is an alternative unique ID this user is represented by within an external service.
- First
Name string - The User's first name.
- Id string
- Unique identifier of the User.
- Last
Name string - The User's last name.
- Manager
Id string - Manager ID is the ID of the user's manager. This field is empty when the user has no manager.
- Permission
Level string - PermissionLevel is the user's permission level e.g. admin, DBA, user.
- map[string]string
- Tags is a map of key, value pairs.
- managed
By String - Managed By is a read only field for what service manages this user, e.g. StrongDM, Okta, Azure.
- resolved
Manager StringId - Resolved Manager ID is the ID of the user's manager derived from the manager_id, if present, or from the SCIM metadata. This is a read-only field that's only populated for get and list.
- scim String
- SCIM contains the raw SCIM metadata for the user. This is a read-only field.
- suspended Boolean
- Reserved for future use. Always false for tokens.
- email String
- The User's email address. Must be unique.
- external
Id String - External ID is an alternative unique ID this user is represented by within an external service.
- first
Name String - The User's first name.
- id String
- Unique identifier of the User.
- last
Name String - The User's last name.
- manager
Id String - Manager ID is the ID of the user's manager. This field is empty when the user has no manager.
- permission
Level String - PermissionLevel is the user's permission level e.g. admin, DBA, user.
- Map<String,String>
- Tags is a map of key, value pairs.
- managed
By string - Managed By is a read only field for what service manages this user, e.g. StrongDM, Okta, Azure.
- resolved
Manager stringId - Resolved Manager ID is the ID of the user's manager derived from the manager_id, if present, or from the SCIM metadata. This is a read-only field that's only populated for get and list.
- scim string
- SCIM contains the raw SCIM metadata for the user. This is a read-only field.
- suspended boolean
- Reserved for future use. Always false for tokens.
- email string
- The User's email address. Must be unique.
- external
Id string - External ID is an alternative unique ID this user is represented by within an external service.
- first
Name string - The User's first name.
- id string
- Unique identifier of the User.
- last
Name string - The User's last name.
- manager
Id string - Manager ID is the ID of the user's manager. This field is empty when the user has no manager.
- permission
Level string - PermissionLevel is the user's permission level e.g. admin, DBA, user.
- {[key: string]: string}
- Tags is a map of key, value pairs.
- managed_
by str - Managed By is a read only field for what service manages this user, e.g. StrongDM, Okta, Azure.
- resolved_
manager_ strid - Resolved Manager ID is the ID of the user's manager derived from the manager_id, if present, or from the SCIM metadata. This is a read-only field that's only populated for get and list.
- scim str
- SCIM contains the raw SCIM metadata for the user. This is a read-only field.
- suspended bool
- Reserved for future use. Always false for tokens.
- email str
- The User's email address. Must be unique.
- external_
id str - External ID is an alternative unique ID this user is represented by within an external service.
- first_
name str - The User's first name.
- id str
- Unique identifier of the User.
- last_
name str - The User's last name.
- manager_
id str - Manager ID is the ID of the user's manager. This field is empty when the user has no manager.
- permission_
level str - PermissionLevel is the user's permission level e.g. admin, DBA, user.
- Mapping[str, str]
- Tags is a map of key, value pairs.
- managed
By String - Managed By is a read only field for what service manages this user, e.g. StrongDM, Okta, Azure.
- resolved
Manager StringId - Resolved Manager ID is the ID of the user's manager derived from the manager_id, if present, or from the SCIM metadata. This is a read-only field that's only populated for get and list.
- scim String
- SCIM contains the raw SCIM metadata for the user. This is a read-only field.
- suspended Boolean
- Reserved for future use. Always false for tokens.
- email String
- The User's email address. Must be unique.
- external
Id String - External ID is an alternative unique ID this user is represented by within an external service.
- first
Name String - The User's first name.
- id String
- Unique identifier of the User.
- last
Name String - The User's last name.
- manager
Id String - Manager ID is the ID of the user's manager. This field is empty when the user has no manager.
- permission
Level String - PermissionLevel is the user's permission level e.g. admin, DBA, user.
- Map<String>
- Tags is a map of key, value pairs.
Package Details
- Repository
- sdm pierskarsenbarg/pulumi-sdm
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
sdmTerraform Provider.
StrongDM v1.32.0 published on Monday, Oct 13, 2025 by Piers Karsenbarg
