Viewing docs for sysdig 3.5.0
published on Friday, Mar 6, 2026 by sysdiglabs
published on Friday, Mar 6, 2026 by sysdiglabs
Viewing docs for sysdig 3.5.0
published on Friday, Mar 6, 2026 by sysdiglabs
published on Friday, Mar 6, 2026 by sysdiglabs
Example Usage
Basic Configuration with Metadata Discovery
import * as pulumi from "@pulumi/pulumi";
import * as sysdig from "@pulumi/sysdig";
const google = new sysdig.SsoOpenid("google", {
issuerUrl: "https://accounts.google.com",
clientId: "your-client-id.apps.googleusercontent.com",
clientSecret: "your-client-secret",
integrationName: "Google SSO",
isActive: true,
isSystem: false,
createUserOnLogin: true,
isMetadataDiscoveryEnabled: true,
});
import pulumi
import pulumi_sysdig as sysdig
google = sysdig.SsoOpenid("google",
issuer_url="https://accounts.google.com",
client_id="your-client-id.apps.googleusercontent.com",
client_secret="your-client-secret",
integration_name="Google SSO",
is_active=True,
is_system=False,
create_user_on_login=True,
is_metadata_discovery_enabled=True)
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/sysdig/v3/sysdig"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := sysdig.NewSsoOpenid(ctx, "google", &sysdig.SsoOpenidArgs{
IssuerUrl: pulumi.String("https://accounts.google.com"),
ClientId: pulumi.String("your-client-id.apps.googleusercontent.com"),
ClientSecret: pulumi.String("your-client-secret"),
IntegrationName: pulumi.String("Google SSO"),
IsActive: pulumi.Bool(true),
IsSystem: pulumi.Bool(false),
CreateUserOnLogin: pulumi.Bool(true),
IsMetadataDiscoveryEnabled: pulumi.Bool(true),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Sysdig = Pulumi.Sysdig;
return await Deployment.RunAsync(() =>
{
var google = new Sysdig.SsoOpenid("google", new()
{
IssuerUrl = "https://accounts.google.com",
ClientId = "your-client-id.apps.googleusercontent.com",
ClientSecret = "your-client-secret",
IntegrationName = "Google SSO",
IsActive = true,
IsSystem = false,
CreateUserOnLogin = true,
IsMetadataDiscoveryEnabled = true,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.sysdig.SsoOpenid;
import com.pulumi.sysdig.SsoOpenidArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var google = new SsoOpenid("google", SsoOpenidArgs.builder()
.issuerUrl("https://accounts.google.com")
.clientId("your-client-id.apps.googleusercontent.com")
.clientSecret("your-client-secret")
.integrationName("Google SSO")
.isActive(true)
.isSystem(false)
.createUserOnLogin(true)
.isMetadataDiscoveryEnabled(true)
.build());
}
}
resources:
google:
type: sysdig:SsoOpenid
properties:
issuerUrl: https://accounts.google.com
clientId: your-client-id.apps.googleusercontent.com
clientSecret: your-client-secret
integrationName: Google SSO
isActive: true
isSystem: false
createUserOnLogin: true
isMetadataDiscoveryEnabled: true
Configuration with Manual Metadata
When using an identity provider that doesn’t support metadata discovery, you can provide the metadata manually:
import * as pulumi from "@pulumi/pulumi";
import * as sysdig from "@pulumi/sysdig";
const customIdp = new sysdig.SsoOpenid("custom_idp", {
issuerUrl: "https://idp.example.com",
clientId: "your-client-id",
clientSecret: "your-client-secret",
integrationName: "Custom IDP",
isActive: true,
isSystem: false,
isMetadataDiscoveryEnabled: false,
metadata: {
issuer: "https://idp.example.com",
authorizationEndpoint: "https://idp.example.com/oauth2/authorize",
tokenEndpoint: "https://idp.example.com/oauth2/token",
jwksUri: "https://idp.example.com/.well-known/jwks.json",
tokenAuthMethod: "CLIENT_SECRET_BASIC",
endSessionEndpoint: "https://idp.example.com/oauth2/logout",
userInfoEndpoint: "https://idp.example.com/userinfo",
},
});
import pulumi
import pulumi_sysdig as sysdig
custom_idp = sysdig.SsoOpenid("custom_idp",
issuer_url="https://idp.example.com",
client_id="your-client-id",
client_secret="your-client-secret",
integration_name="Custom IDP",
is_active=True,
is_system=False,
is_metadata_discovery_enabled=False,
metadata={
"issuer": "https://idp.example.com",
"authorization_endpoint": "https://idp.example.com/oauth2/authorize",
"token_endpoint": "https://idp.example.com/oauth2/token",
"jwks_uri": "https://idp.example.com/.well-known/jwks.json",
"token_auth_method": "CLIENT_SECRET_BASIC",
"end_session_endpoint": "https://idp.example.com/oauth2/logout",
"user_info_endpoint": "https://idp.example.com/userinfo",
})
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/sysdig/v3/sysdig"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := sysdig.NewSsoOpenid(ctx, "custom_idp", &sysdig.SsoOpenidArgs{
IssuerUrl: pulumi.String("https://idp.example.com"),
ClientId: pulumi.String("your-client-id"),
ClientSecret: pulumi.String("your-client-secret"),
IntegrationName: pulumi.String("Custom IDP"),
IsActive: pulumi.Bool(true),
IsSystem: pulumi.Bool(false),
IsMetadataDiscoveryEnabled: pulumi.Bool(false),
Metadata: &sysdig.SsoOpenidMetadataArgs{
Issuer: pulumi.String("https://idp.example.com"),
AuthorizationEndpoint: pulumi.String("https://idp.example.com/oauth2/authorize"),
TokenEndpoint: pulumi.String("https://idp.example.com/oauth2/token"),
JwksUri: pulumi.String("https://idp.example.com/.well-known/jwks.json"),
TokenAuthMethod: pulumi.String("CLIENT_SECRET_BASIC"),
EndSessionEndpoint: pulumi.String("https://idp.example.com/oauth2/logout"),
UserInfoEndpoint: pulumi.String("https://idp.example.com/userinfo"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Sysdig = Pulumi.Sysdig;
return await Deployment.RunAsync(() =>
{
var customIdp = new Sysdig.SsoOpenid("custom_idp", new()
{
IssuerUrl = "https://idp.example.com",
ClientId = "your-client-id",
ClientSecret = "your-client-secret",
IntegrationName = "Custom IDP",
IsActive = true,
IsSystem = false,
IsMetadataDiscoveryEnabled = false,
Metadata = new Sysdig.Inputs.SsoOpenidMetadataArgs
{
Issuer = "https://idp.example.com",
AuthorizationEndpoint = "https://idp.example.com/oauth2/authorize",
TokenEndpoint = "https://idp.example.com/oauth2/token",
JwksUri = "https://idp.example.com/.well-known/jwks.json",
TokenAuthMethod = "CLIENT_SECRET_BASIC",
EndSessionEndpoint = "https://idp.example.com/oauth2/logout",
UserInfoEndpoint = "https://idp.example.com/userinfo",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.sysdig.SsoOpenid;
import com.pulumi.sysdig.SsoOpenidArgs;
import com.pulumi.sysdig.inputs.SsoOpenidMetadataArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var customIdp = new SsoOpenid("customIdp", SsoOpenidArgs.builder()
.issuerUrl("https://idp.example.com")
.clientId("your-client-id")
.clientSecret("your-client-secret")
.integrationName("Custom IDP")
.isActive(true)
.isSystem(false)
.isMetadataDiscoveryEnabled(false)
.metadata(SsoOpenidMetadataArgs.builder()
.issuer("https://idp.example.com")
.authorizationEndpoint("https://idp.example.com/oauth2/authorize")
.tokenEndpoint("https://idp.example.com/oauth2/token")
.jwksUri("https://idp.example.com/.well-known/jwks.json")
.tokenAuthMethod("CLIENT_SECRET_BASIC")
.endSessionEndpoint("https://idp.example.com/oauth2/logout")
.userInfoEndpoint("https://idp.example.com/userinfo")
.build())
.build());
}
}
resources:
customIdp:
type: sysdig:SsoOpenid
name: custom_idp
properties:
issuerUrl: https://idp.example.com
clientId: your-client-id
clientSecret: your-client-secret
integrationName: Custom IDP
isActive: true
isSystem: false
isMetadataDiscoveryEnabled: false
metadata:
issuer: https://idp.example.com
authorizationEndpoint: https://idp.example.com/oauth2/authorize
tokenEndpoint: https://idp.example.com/oauth2/token
jwksUri: https://idp.example.com/.well-known/jwks.json
tokenAuthMethod: CLIENT_SECRET_BASIC
endSessionEndpoint: https://idp.example.com/oauth2/logout
userInfoEndpoint: https://idp.example.com/userinfo
Configuration with Group Mapping and Additional Scopes
import * as pulumi from "@pulumi/pulumi";
import * as sysdig from "@pulumi/sysdig";
const okta = new sysdig.SsoOpenid("okta", {
issuerUrl: "https://your-org.okta.com",
clientId: "your-client-id",
clientSecret: "your-client-secret",
integrationName: "Okta SSO",
isActive: true,
isSystem: false,
createUserOnLogin: true,
isGroupMappingEnabled: true,
groupMappingAttributeName: "groups",
isSingleLogoutEnabled: true,
isAdditionalScopesCheckEnabled: true,
additionalScopes: [
"groups",
"profile",
"email",
],
});
import pulumi
import pulumi_sysdig as sysdig
okta = sysdig.SsoOpenid("okta",
issuer_url="https://your-org.okta.com",
client_id="your-client-id",
client_secret="your-client-secret",
integration_name="Okta SSO",
is_active=True,
is_system=False,
create_user_on_login=True,
is_group_mapping_enabled=True,
group_mapping_attribute_name="groups",
is_single_logout_enabled=True,
is_additional_scopes_check_enabled=True,
additional_scopes=[
"groups",
"profile",
"email",
])
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/sysdig/v3/sysdig"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := sysdig.NewSsoOpenid(ctx, "okta", &sysdig.SsoOpenidArgs{
IssuerUrl: pulumi.String("https://your-org.okta.com"),
ClientId: pulumi.String("your-client-id"),
ClientSecret: pulumi.String("your-client-secret"),
IntegrationName: pulumi.String("Okta SSO"),
IsActive: pulumi.Bool(true),
IsSystem: pulumi.Bool(false),
CreateUserOnLogin: pulumi.Bool(true),
IsGroupMappingEnabled: pulumi.Bool(true),
GroupMappingAttributeName: pulumi.String("groups"),
IsSingleLogoutEnabled: pulumi.Bool(true),
IsAdditionalScopesCheckEnabled: pulumi.Bool(true),
AdditionalScopes: pulumi.StringArray{
pulumi.String("groups"),
pulumi.String("profile"),
pulumi.String("email"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Sysdig = Pulumi.Sysdig;
return await Deployment.RunAsync(() =>
{
var okta = new Sysdig.SsoOpenid("okta", new()
{
IssuerUrl = "https://your-org.okta.com",
ClientId = "your-client-id",
ClientSecret = "your-client-secret",
IntegrationName = "Okta SSO",
IsActive = true,
IsSystem = false,
CreateUserOnLogin = true,
IsGroupMappingEnabled = true,
GroupMappingAttributeName = "groups",
IsSingleLogoutEnabled = true,
IsAdditionalScopesCheckEnabled = true,
AdditionalScopes = new[]
{
"groups",
"profile",
"email",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.sysdig.SsoOpenid;
import com.pulumi.sysdig.SsoOpenidArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var okta = new SsoOpenid("okta", SsoOpenidArgs.builder()
.issuerUrl("https://your-org.okta.com")
.clientId("your-client-id")
.clientSecret("your-client-secret")
.integrationName("Okta SSO")
.isActive(true)
.isSystem(false)
.createUserOnLogin(true)
.isGroupMappingEnabled(true)
.groupMappingAttributeName("groups")
.isSingleLogoutEnabled(true)
.isAdditionalScopesCheckEnabled(true)
.additionalScopes(
"groups",
"profile",
"email")
.build());
}
}
resources:
okta:
type: sysdig:SsoOpenid
properties:
issuerUrl: https://your-org.okta.com
clientId: your-client-id
clientSecret: your-client-secret
integrationName: Okta SSO
isActive: true
isSystem: false
createUserOnLogin: true
isGroupMappingEnabled: true
groupMappingAttributeName: groups
isSingleLogoutEnabled: true
isAdditionalScopesCheckEnabled: true
additionalScopes:
- groups
- profile
- email
Create SsoOpenid Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new SsoOpenid(name: string, args: SsoOpenidArgs, opts?: CustomResourceOptions);@overload
def SsoOpenid(resource_name: str,
args: SsoOpenidArgs,
opts: Optional[ResourceOptions] = None)
@overload
def SsoOpenid(resource_name: str,
opts: Optional[ResourceOptions] = None,
issuer_url: Optional[str] = None,
client_id: Optional[str] = None,
client_secret: Optional[str] = None,
group_mapping_attribute_name: Optional[str] = None,
is_single_logout_enabled: Optional[bool] = None,
integration_name: Optional[str] = None,
is_active: Optional[bool] = None,
is_additional_scopes_check_enabled: Optional[bool] = None,
is_group_mapping_enabled: Optional[bool] = None,
is_metadata_discovery_enabled: Optional[bool] = None,
additional_scopes: Optional[Sequence[str]] = None,
is_system: Optional[bool] = None,
create_user_on_login: Optional[bool] = None,
metadata: Optional[SsoOpenidMetadataArgs] = None,
product: Optional[str] = None,
sso_openid_id: Optional[str] = None,
timeouts: Optional[SsoOpenidTimeoutsArgs] = None)func NewSsoOpenid(ctx *Context, name string, args SsoOpenidArgs, opts ...ResourceOption) (*SsoOpenid, error)public SsoOpenid(string name, SsoOpenidArgs args, CustomResourceOptions? opts = null)
public SsoOpenid(String name, SsoOpenidArgs args)
public SsoOpenid(String name, SsoOpenidArgs args, CustomResourceOptions options)
type: sysdig:SsoOpenid
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args SsoOpenidArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args SsoOpenidArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args SsoOpenidArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args SsoOpenidArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args SsoOpenidArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var ssoOpenidResource = new Sysdig.SsoOpenid("ssoOpenidResource", new()
{
IssuerUrl = "string",
ClientId = "string",
ClientSecret = "string",
GroupMappingAttributeName = "string",
IsSingleLogoutEnabled = false,
IntegrationName = "string",
IsActive = false,
IsAdditionalScopesCheckEnabled = false,
IsGroupMappingEnabled = false,
IsMetadataDiscoveryEnabled = false,
AdditionalScopes = new[]
{
"string",
},
IsSystem = false,
CreateUserOnLogin = false,
Metadata = new Sysdig.Inputs.SsoOpenidMetadataArgs
{
AuthorizationEndpoint = "string",
Issuer = "string",
JwksUri = "string",
TokenAuthMethod = "string",
TokenEndpoint = "string",
EndSessionEndpoint = "string",
UserInfoEndpoint = "string",
},
Product = "string",
SsoOpenidId = "string",
Timeouts = new Sysdig.Inputs.SsoOpenidTimeoutsArgs
{
Create = "string",
Delete = "string",
Read = "string",
Update = "string",
},
});
example, err := sysdig.NewSsoOpenid(ctx, "ssoOpenidResource", &sysdig.SsoOpenidArgs{
IssuerUrl: pulumi.String("string"),
ClientId: pulumi.String("string"),
ClientSecret: pulumi.String("string"),
GroupMappingAttributeName: pulumi.String("string"),
IsSingleLogoutEnabled: pulumi.Bool(false),
IntegrationName: pulumi.String("string"),
IsActive: pulumi.Bool(false),
IsAdditionalScopesCheckEnabled: pulumi.Bool(false),
IsGroupMappingEnabled: pulumi.Bool(false),
IsMetadataDiscoveryEnabled: pulumi.Bool(false),
AdditionalScopes: pulumi.StringArray{
pulumi.String("string"),
},
IsSystem: pulumi.Bool(false),
CreateUserOnLogin: pulumi.Bool(false),
Metadata: &sysdig.SsoOpenidMetadataArgs{
AuthorizationEndpoint: pulumi.String("string"),
Issuer: pulumi.String("string"),
JwksUri: pulumi.String("string"),
TokenAuthMethod: pulumi.String("string"),
TokenEndpoint: pulumi.String("string"),
EndSessionEndpoint: pulumi.String("string"),
UserInfoEndpoint: pulumi.String("string"),
},
Product: pulumi.String("string"),
SsoOpenidId: pulumi.String("string"),
Timeouts: &sysdig.SsoOpenidTimeoutsArgs{
Create: pulumi.String("string"),
Delete: pulumi.String("string"),
Read: pulumi.String("string"),
Update: pulumi.String("string"),
},
})
var ssoOpenidResource = new SsoOpenid("ssoOpenidResource", SsoOpenidArgs.builder()
.issuerUrl("string")
.clientId("string")
.clientSecret("string")
.groupMappingAttributeName("string")
.isSingleLogoutEnabled(false)
.integrationName("string")
.isActive(false)
.isAdditionalScopesCheckEnabled(false)
.isGroupMappingEnabled(false)
.isMetadataDiscoveryEnabled(false)
.additionalScopes("string")
.isSystem(false)
.createUserOnLogin(false)
.metadata(SsoOpenidMetadataArgs.builder()
.authorizationEndpoint("string")
.issuer("string")
.jwksUri("string")
.tokenAuthMethod("string")
.tokenEndpoint("string")
.endSessionEndpoint("string")
.userInfoEndpoint("string")
.build())
.product("string")
.ssoOpenidId("string")
.timeouts(SsoOpenidTimeoutsArgs.builder()
.create("string")
.delete("string")
.read("string")
.update("string")
.build())
.build());
sso_openid_resource = sysdig.SsoOpenid("ssoOpenidResource",
issuer_url="string",
client_id="string",
client_secret="string",
group_mapping_attribute_name="string",
is_single_logout_enabled=False,
integration_name="string",
is_active=False,
is_additional_scopes_check_enabled=False,
is_group_mapping_enabled=False,
is_metadata_discovery_enabled=False,
additional_scopes=["string"],
is_system=False,
create_user_on_login=False,
metadata={
"authorization_endpoint": "string",
"issuer": "string",
"jwks_uri": "string",
"token_auth_method": "string",
"token_endpoint": "string",
"end_session_endpoint": "string",
"user_info_endpoint": "string",
},
product="string",
sso_openid_id="string",
timeouts={
"create": "string",
"delete": "string",
"read": "string",
"update": "string",
})
const ssoOpenidResource = new sysdig.SsoOpenid("ssoOpenidResource", {
issuerUrl: "string",
clientId: "string",
clientSecret: "string",
groupMappingAttributeName: "string",
isSingleLogoutEnabled: false,
integrationName: "string",
isActive: false,
isAdditionalScopesCheckEnabled: false,
isGroupMappingEnabled: false,
isMetadataDiscoveryEnabled: false,
additionalScopes: ["string"],
isSystem: false,
createUserOnLogin: false,
metadata: {
authorizationEndpoint: "string",
issuer: "string",
jwksUri: "string",
tokenAuthMethod: "string",
tokenEndpoint: "string",
endSessionEndpoint: "string",
userInfoEndpoint: "string",
},
product: "string",
ssoOpenidId: "string",
timeouts: {
create: "string",
"delete": "string",
read: "string",
update: "string",
},
});
type: sysdig:SsoOpenid
properties:
additionalScopes:
- string
clientId: string
clientSecret: string
createUserOnLogin: false
groupMappingAttributeName: string
integrationName: string
isActive: false
isAdditionalScopesCheckEnabled: false
isGroupMappingEnabled: false
isMetadataDiscoveryEnabled: false
isSingleLogoutEnabled: false
isSystem: false
issuerUrl: string
metadata:
authorizationEndpoint: string
endSessionEndpoint: string
issuer: string
jwksUri: string
tokenAuthMethod: string
tokenEndpoint: string
userInfoEndpoint: string
product: string
ssoOpenidId: string
timeouts:
create: string
delete: string
read: string
update: string
SsoOpenid Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The SsoOpenid resource accepts the following input properties:
- Client
Id string - The OAuth 2.0 client ID
- Client
Secret string - The OAuth 2.0 client secret
- Issuer
Url string - The OpenID Connect issuer URL (e.g., https://accounts.google.com)
- Additional
Scopes List<string> - Additional OAuth scopes to request
- Create
User boolOn Login - Whether to create a new user upon first login
- Group
Mapping stringAttribute Name - The attribute name for group mapping
- Integration
Name string - A name to distinguish different SSO integrations (cannot be changed after creation)
- Is
Active bool - Whether the SSO configuration is active
- Is
Additional boolScopes Check Enabled - Whether additional scopes check is enabled
- Is
Group boolMapping Enabled - Whether group mapping is enabled
- Is
Metadata boolDiscovery Enabled - Whether to use automatic metadata discovery from the issuer URL
- Is
Single boolLogout Enabled - Whether single logout is enabled
- Is
System bool - Whether this is a system SSO configuration (Only applicable to on-prem installations)
- Metadata
Sso
Openid Metadata - Manual metadata configuration (required when is_metadata_discovery_enabled is false)
- Product string
- The Sysdig product (monitor or secure)
- Sso
Openid stringId - Timeouts
Sso
Openid Timeouts
- Client
Id string - The OAuth 2.0 client ID
- Client
Secret string - The OAuth 2.0 client secret
- Issuer
Url string - The OpenID Connect issuer URL (e.g., https://accounts.google.com)
- Additional
Scopes []string - Additional OAuth scopes to request
- Create
User boolOn Login - Whether to create a new user upon first login
- Group
Mapping stringAttribute Name - The attribute name for group mapping
- Integration
Name string - A name to distinguish different SSO integrations (cannot be changed after creation)
- Is
Active bool - Whether the SSO configuration is active
- Is
Additional boolScopes Check Enabled - Whether additional scopes check is enabled
- Is
Group boolMapping Enabled - Whether group mapping is enabled
- Is
Metadata boolDiscovery Enabled - Whether to use automatic metadata discovery from the issuer URL
- Is
Single boolLogout Enabled - Whether single logout is enabled
- Is
System bool - Whether this is a system SSO configuration (Only applicable to on-prem installations)
- Metadata
Sso
Openid Metadata Args - Manual metadata configuration (required when is_metadata_discovery_enabled is false)
- Product string
- The Sysdig product (monitor or secure)
- Sso
Openid stringId - Timeouts
Sso
Openid Timeouts Args
- client
Id String - The OAuth 2.0 client ID
- client
Secret String - The OAuth 2.0 client secret
- issuer
Url String - The OpenID Connect issuer URL (e.g., https://accounts.google.com)
- additional
Scopes List<String> - Additional OAuth scopes to request
- create
User BooleanOn Login - Whether to create a new user upon first login
- group
Mapping StringAttribute Name - The attribute name for group mapping
- integration
Name String - A name to distinguish different SSO integrations (cannot be changed after creation)
- is
Active Boolean - Whether the SSO configuration is active
- is
Additional BooleanScopes Check Enabled - Whether additional scopes check is enabled
- is
Group BooleanMapping Enabled - Whether group mapping is enabled
- is
Metadata BooleanDiscovery Enabled - Whether to use automatic metadata discovery from the issuer URL
- is
Single BooleanLogout Enabled - Whether single logout is enabled
- is
System Boolean - Whether this is a system SSO configuration (Only applicable to on-prem installations)
- metadata
Sso
Openid Metadata - Manual metadata configuration (required when is_metadata_discovery_enabled is false)
- product String
- The Sysdig product (monitor or secure)
- sso
Openid StringId - timeouts
Sso
Openid Timeouts
- client
Id string - The OAuth 2.0 client ID
- client
Secret string - The OAuth 2.0 client secret
- issuer
Url string - The OpenID Connect issuer URL (e.g., https://accounts.google.com)
- additional
Scopes string[] - Additional OAuth scopes to request
- create
User booleanOn Login - Whether to create a new user upon first login
- group
Mapping stringAttribute Name - The attribute name for group mapping
- integration
Name string - A name to distinguish different SSO integrations (cannot be changed after creation)
- is
Active boolean - Whether the SSO configuration is active
- is
Additional booleanScopes Check Enabled - Whether additional scopes check is enabled
- is
Group booleanMapping Enabled - Whether group mapping is enabled
- is
Metadata booleanDiscovery Enabled - Whether to use automatic metadata discovery from the issuer URL
- is
Single booleanLogout Enabled - Whether single logout is enabled
- is
System boolean - Whether this is a system SSO configuration (Only applicable to on-prem installations)
- metadata
Sso
Openid Metadata - Manual metadata configuration (required when is_metadata_discovery_enabled is false)
- product string
- The Sysdig product (monitor or secure)
- sso
Openid stringId - timeouts
Sso
Openid Timeouts
- client_
id str - The OAuth 2.0 client ID
- client_
secret str - The OAuth 2.0 client secret
- issuer_
url str - The OpenID Connect issuer URL (e.g., https://accounts.google.com)
- additional_
scopes Sequence[str] - Additional OAuth scopes to request
- create_
user_ boolon_ login - Whether to create a new user upon first login
- group_
mapping_ strattribute_ name - The attribute name for group mapping
- integration_
name str - A name to distinguish different SSO integrations (cannot be changed after creation)
- is_
active bool - Whether the SSO configuration is active
- is_
additional_ boolscopes_ check_ enabled - Whether additional scopes check is enabled
- is_
group_ boolmapping_ enabled - Whether group mapping is enabled
- is_
metadata_ booldiscovery_ enabled - Whether to use automatic metadata discovery from the issuer URL
- is_
single_ boollogout_ enabled - Whether single logout is enabled
- is_
system bool - Whether this is a system SSO configuration (Only applicable to on-prem installations)
- metadata
Sso
Openid Metadata Args - Manual metadata configuration (required when is_metadata_discovery_enabled is false)
- product str
- The Sysdig product (monitor or secure)
- sso_
openid_ strid - timeouts
Sso
Openid Timeouts Args
- client
Id String - The OAuth 2.0 client ID
- client
Secret String - The OAuth 2.0 client secret
- issuer
Url String - The OpenID Connect issuer URL (e.g., https://accounts.google.com)
- additional
Scopes List<String> - Additional OAuth scopes to request
- create
User BooleanOn Login - Whether to create a new user upon first login
- group
Mapping StringAttribute Name - The attribute name for group mapping
- integration
Name String - A name to distinguish different SSO integrations (cannot be changed after creation)
- is
Active Boolean - Whether the SSO configuration is active
- is
Additional BooleanScopes Check Enabled - Whether additional scopes check is enabled
- is
Group BooleanMapping Enabled - Whether group mapping is enabled
- is
Metadata BooleanDiscovery Enabled - Whether to use automatic metadata discovery from the issuer URL
- is
Single BooleanLogout Enabled - Whether single logout is enabled
- is
System Boolean - Whether this is a system SSO configuration (Only applicable to on-prem installations)
- metadata Property Map
- Manual metadata configuration (required when is_metadata_discovery_enabled is false)
- product String
- The Sysdig product (monitor or secure)
- sso
Openid StringId - timeouts Property Map
Outputs
All input properties are implicitly available as output properties. Additionally, the SsoOpenid resource produces the following output properties:
Look up Existing SsoOpenid Resource
Get an existing SsoOpenid resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: SsoOpenidState, opts?: CustomResourceOptions): SsoOpenid@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
additional_scopes: Optional[Sequence[str]] = None,
client_id: Optional[str] = None,
client_secret: Optional[str] = None,
create_user_on_login: Optional[bool] = None,
group_mapping_attribute_name: Optional[str] = None,
integration_name: Optional[str] = None,
is_active: Optional[bool] = None,
is_additional_scopes_check_enabled: Optional[bool] = None,
is_group_mapping_enabled: Optional[bool] = None,
is_metadata_discovery_enabled: Optional[bool] = None,
is_single_logout_enabled: Optional[bool] = None,
is_system: Optional[bool] = None,
issuer_url: Optional[str] = None,
metadata: Optional[SsoOpenidMetadataArgs] = None,
product: Optional[str] = None,
sso_openid_id: Optional[str] = None,
timeouts: Optional[SsoOpenidTimeoutsArgs] = None,
version: Optional[float] = None) -> SsoOpenidfunc GetSsoOpenid(ctx *Context, name string, id IDInput, state *SsoOpenidState, opts ...ResourceOption) (*SsoOpenid, error)public static SsoOpenid Get(string name, Input<string> id, SsoOpenidState? state, CustomResourceOptions? opts = null)public static SsoOpenid get(String name, Output<String> id, SsoOpenidState state, CustomResourceOptions options)resources: _: type: sysdig:SsoOpenid get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Additional
Scopes List<string> - Additional OAuth scopes to request
- Client
Id string - The OAuth 2.0 client ID
- Client
Secret string - The OAuth 2.0 client secret
- Create
User boolOn Login - Whether to create a new user upon first login
- Group
Mapping stringAttribute Name - The attribute name for group mapping
- Integration
Name string - A name to distinguish different SSO integrations (cannot be changed after creation)
- Is
Active bool - Whether the SSO configuration is active
- Is
Additional boolScopes Check Enabled - Whether additional scopes check is enabled
- Is
Group boolMapping Enabled - Whether group mapping is enabled
- Is
Metadata boolDiscovery Enabled - Whether to use automatic metadata discovery from the issuer URL
- Is
Single boolLogout Enabled - Whether single logout is enabled
- Is
System bool - Whether this is a system SSO configuration (Only applicable to on-prem installations)
- Issuer
Url string - The OpenID Connect issuer URL (e.g., https://accounts.google.com)
- Metadata
Sso
Openid Metadata - Manual metadata configuration (required when is_metadata_discovery_enabled is false)
- Product string
- The Sysdig product (monitor or secure)
- Sso
Openid stringId - Timeouts
Sso
Openid Timeouts - Version double
- The version of the SSO configuration (used for optimistic locking).
- Additional
Scopes []string - Additional OAuth scopes to request
- Client
Id string - The OAuth 2.0 client ID
- Client
Secret string - The OAuth 2.0 client secret
- Create
User boolOn Login - Whether to create a new user upon first login
- Group
Mapping stringAttribute Name - The attribute name for group mapping
- Integration
Name string - A name to distinguish different SSO integrations (cannot be changed after creation)
- Is
Active bool - Whether the SSO configuration is active
- Is
Additional boolScopes Check Enabled - Whether additional scopes check is enabled
- Is
Group boolMapping Enabled - Whether group mapping is enabled
- Is
Metadata boolDiscovery Enabled - Whether to use automatic metadata discovery from the issuer URL
- Is
Single boolLogout Enabled - Whether single logout is enabled
- Is
System bool - Whether this is a system SSO configuration (Only applicable to on-prem installations)
- Issuer
Url string - The OpenID Connect issuer URL (e.g., https://accounts.google.com)
- Metadata
Sso
Openid Metadata Args - Manual metadata configuration (required when is_metadata_discovery_enabled is false)
- Product string
- The Sysdig product (monitor or secure)
- Sso
Openid stringId - Timeouts
Sso
Openid Timeouts Args - Version float64
- The version of the SSO configuration (used for optimistic locking).
- additional
Scopes List<String> - Additional OAuth scopes to request
- client
Id String - The OAuth 2.0 client ID
- client
Secret String - The OAuth 2.0 client secret
- create
User BooleanOn Login - Whether to create a new user upon first login
- group
Mapping StringAttribute Name - The attribute name for group mapping
- integration
Name String - A name to distinguish different SSO integrations (cannot be changed after creation)
- is
Active Boolean - Whether the SSO configuration is active
- is
Additional BooleanScopes Check Enabled - Whether additional scopes check is enabled
- is
Group BooleanMapping Enabled - Whether group mapping is enabled
- is
Metadata BooleanDiscovery Enabled - Whether to use automatic metadata discovery from the issuer URL
- is
Single BooleanLogout Enabled - Whether single logout is enabled
- is
System Boolean - Whether this is a system SSO configuration (Only applicable to on-prem installations)
- issuer
Url String - The OpenID Connect issuer URL (e.g., https://accounts.google.com)
- metadata
Sso
Openid Metadata - Manual metadata configuration (required when is_metadata_discovery_enabled is false)
- product String
- The Sysdig product (monitor or secure)
- sso
Openid StringId - timeouts
Sso
Openid Timeouts - version Double
- The version of the SSO configuration (used for optimistic locking).
- additional
Scopes string[] - Additional OAuth scopes to request
- client
Id string - The OAuth 2.0 client ID
- client
Secret string - The OAuth 2.0 client secret
- create
User booleanOn Login - Whether to create a new user upon first login
- group
Mapping stringAttribute Name - The attribute name for group mapping
- integration
Name string - A name to distinguish different SSO integrations (cannot be changed after creation)
- is
Active boolean - Whether the SSO configuration is active
- is
Additional booleanScopes Check Enabled - Whether additional scopes check is enabled
- is
Group booleanMapping Enabled - Whether group mapping is enabled
- is
Metadata booleanDiscovery Enabled - Whether to use automatic metadata discovery from the issuer URL
- is
Single booleanLogout Enabled - Whether single logout is enabled
- is
System boolean - Whether this is a system SSO configuration (Only applicable to on-prem installations)
- issuer
Url string - The OpenID Connect issuer URL (e.g., https://accounts.google.com)
- metadata
Sso
Openid Metadata - Manual metadata configuration (required when is_metadata_discovery_enabled is false)
- product string
- The Sysdig product (monitor or secure)
- sso
Openid stringId - timeouts
Sso
Openid Timeouts - version number
- The version of the SSO configuration (used for optimistic locking).
- additional_
scopes Sequence[str] - Additional OAuth scopes to request
- client_
id str - The OAuth 2.0 client ID
- client_
secret str - The OAuth 2.0 client secret
- create_
user_ boolon_ login - Whether to create a new user upon first login
- group_
mapping_ strattribute_ name - The attribute name for group mapping
- integration_
name str - A name to distinguish different SSO integrations (cannot be changed after creation)
- is_
active bool - Whether the SSO configuration is active
- is_
additional_ boolscopes_ check_ enabled - Whether additional scopes check is enabled
- is_
group_ boolmapping_ enabled - Whether group mapping is enabled
- is_
metadata_ booldiscovery_ enabled - Whether to use automatic metadata discovery from the issuer URL
- is_
single_ boollogout_ enabled - Whether single logout is enabled
- is_
system bool - Whether this is a system SSO configuration (Only applicable to on-prem installations)
- issuer_
url str - The OpenID Connect issuer URL (e.g., https://accounts.google.com)
- metadata
Sso
Openid Metadata Args - Manual metadata configuration (required when is_metadata_discovery_enabled is false)
- product str
- The Sysdig product (monitor or secure)
- sso_
openid_ strid - timeouts
Sso
Openid Timeouts Args - version float
- The version of the SSO configuration (used for optimistic locking).
- additional
Scopes List<String> - Additional OAuth scopes to request
- client
Id String - The OAuth 2.0 client ID
- client
Secret String - The OAuth 2.0 client secret
- create
User BooleanOn Login - Whether to create a new user upon first login
- group
Mapping StringAttribute Name - The attribute name for group mapping
- integration
Name String - A name to distinguish different SSO integrations (cannot be changed after creation)
- is
Active Boolean - Whether the SSO configuration is active
- is
Additional BooleanScopes Check Enabled - Whether additional scopes check is enabled
- is
Group BooleanMapping Enabled - Whether group mapping is enabled
- is
Metadata BooleanDiscovery Enabled - Whether to use automatic metadata discovery from the issuer URL
- is
Single BooleanLogout Enabled - Whether single logout is enabled
- is
System Boolean - Whether this is a system SSO configuration (Only applicable to on-prem installations)
- issuer
Url String - The OpenID Connect issuer URL (e.g., https://accounts.google.com)
- metadata Property Map
- Manual metadata configuration (required when is_metadata_discovery_enabled is false)
- product String
- The Sysdig product (monitor or secure)
- sso
Openid StringId - timeouts Property Map
- version Number
- The version of the SSO configuration (used for optimistic locking).
Supporting Types
SsoOpenidMetadata, SsoOpenidMetadataArgs
- string
- The authorization endpoint URL.
- Issuer string
- The issuer identifier.
- Jwks
Uri string - The JWKS URI for token verification.
- Token
Auth stringMethod - The token authentication method. Valid values are
CLIENT_SECRET_BASICorCLIENT_SECRET_POST. - Token
Endpoint string - The token endpoint URL.
- End
Session stringEndpoint - The end session endpoint URL for logout.
- User
Info stringEndpoint - The user info endpoint URL.
- string
- The authorization endpoint URL.
- Issuer string
- The issuer identifier.
- Jwks
Uri string - The JWKS URI for token verification.
- Token
Auth stringMethod - The token authentication method. Valid values are
CLIENT_SECRET_BASICorCLIENT_SECRET_POST. - Token
Endpoint string - The token endpoint URL.
- End
Session stringEndpoint - The end session endpoint URL for logout.
- User
Info stringEndpoint - The user info endpoint URL.
- String
- The authorization endpoint URL.
- issuer String
- The issuer identifier.
- jwks
Uri String - The JWKS URI for token verification.
- token
Auth StringMethod - The token authentication method. Valid values are
CLIENT_SECRET_BASICorCLIENT_SECRET_POST. - token
Endpoint String - The token endpoint URL.
- end
Session StringEndpoint - The end session endpoint URL for logout.
- user
Info StringEndpoint - The user info endpoint URL.
- string
- The authorization endpoint URL.
- issuer string
- The issuer identifier.
- jwks
Uri string - The JWKS URI for token verification.
- token
Auth stringMethod - The token authentication method. Valid values are
CLIENT_SECRET_BASICorCLIENT_SECRET_POST. - token
Endpoint string - The token endpoint URL.
- end
Session stringEndpoint - The end session endpoint URL for logout.
- user
Info stringEndpoint - The user info endpoint URL.
- str
- The authorization endpoint URL.
- issuer str
- The issuer identifier.
- jwks_
uri str - The JWKS URI for token verification.
- token_
auth_ strmethod - The token authentication method. Valid values are
CLIENT_SECRET_BASICorCLIENT_SECRET_POST. - token_
endpoint str - The token endpoint URL.
- end_
session_ strendpoint - The end session endpoint URL for logout.
- user_
info_ strendpoint - The user info endpoint URL.
- String
- The authorization endpoint URL.
- issuer String
- The issuer identifier.
- jwks
Uri String - The JWKS URI for token verification.
- token
Auth StringMethod - The token authentication method. Valid values are
CLIENT_SECRET_BASICorCLIENT_SECRET_POST. - token
Endpoint String - The token endpoint URL.
- end
Session StringEndpoint - The end session endpoint URL for logout.
- user
Info StringEndpoint - The user info endpoint URL.
SsoOpenidTimeouts, SsoOpenidTimeoutsArgs
Import
Sysdig SSO OpenID configurations can be imported using the ID, e.g.
$ pulumi import sysdig:index/ssoOpenid:SsoOpenid example 12345
For system-level SSO configurations (on-prem), prefix the ID with system/:
$ pulumi import sysdig:index/ssoOpenid:SsoOpenid example system/12345
~> Note: The client_secret attribute cannot be imported and must be set in the configuration after import.
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- sysdig sysdiglabs/terraform-provider-sysdig
- License
- Notes
- This Pulumi package is based on the
sysdigTerraform Provider.
Viewing docs for sysdig 3.5.0
published on Friday, Mar 6, 2026 by sysdiglabs
published on Friday, Mar 6, 2026 by sysdiglabs
