Google Cloud Native is in preview. Google Cloud Classic is fully supported.
google-native.cloudidentity/v1.InboundSsoAssignment
Explore with Pulumi AI
Google Cloud Native is in preview. Google Cloud Classic is fully supported.
Creates an InboundSsoAssignment for users and devices in a Customer
under a given Group
or OrgUnit
.
Auto-naming is currently not supported for this resource.
Create InboundSsoAssignment Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new InboundSsoAssignment(name: string, args?: InboundSsoAssignmentArgs, opts?: CustomResourceOptions);
@overload
def InboundSsoAssignment(resource_name: str,
args: Optional[InboundSsoAssignmentArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def InboundSsoAssignment(resource_name: str,
opts: Optional[ResourceOptions] = None,
customer: Optional[str] = None,
rank: Optional[int] = None,
saml_sso_info: Optional[SamlSsoInfoArgs] = None,
sign_in_behavior: Optional[SignInBehaviorArgs] = None,
sso_mode: Optional[InboundSsoAssignmentSsoMode] = None,
target_group: Optional[str] = None,
target_org_unit: Optional[str] = None)
func NewInboundSsoAssignment(ctx *Context, name string, args *InboundSsoAssignmentArgs, opts ...ResourceOption) (*InboundSsoAssignment, error)
public InboundSsoAssignment(string name, InboundSsoAssignmentArgs? args = null, CustomResourceOptions? opts = null)
public InboundSsoAssignment(String name, InboundSsoAssignmentArgs args)
public InboundSsoAssignment(String name, InboundSsoAssignmentArgs args, CustomResourceOptions options)
type: google-native:cloudidentity/v1:InboundSsoAssignment
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args InboundSsoAssignmentArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args InboundSsoAssignmentArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args InboundSsoAssignmentArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args InboundSsoAssignmentArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args InboundSsoAssignmentArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var inboundSsoAssignmentResource = new GoogleNative.CloudIdentity.V1.InboundSsoAssignment("inboundSsoAssignmentResource", new()
{
Customer = "string",
Rank = 0,
SamlSsoInfo = new GoogleNative.CloudIdentity.V1.Inputs.SamlSsoInfoArgs
{
InboundSamlSsoProfile = "string",
},
SignInBehavior = new GoogleNative.CloudIdentity.V1.Inputs.SignInBehaviorArgs
{
RedirectCondition = GoogleNative.CloudIdentity.V1.SignInBehaviorRedirectCondition.RedirectConditionUnspecified,
},
SsoMode = GoogleNative.CloudIdentity.V1.InboundSsoAssignmentSsoMode.SsoModeUnspecified,
TargetGroup = "string",
TargetOrgUnit = "string",
});
example, err := cloudidentity.NewInboundSsoAssignment(ctx, "inboundSsoAssignmentResource", &cloudidentity.InboundSsoAssignmentArgs{
Customer: pulumi.String("string"),
Rank: pulumi.Int(0),
SamlSsoInfo: &cloudidentity.SamlSsoInfoArgs{
InboundSamlSsoProfile: pulumi.String("string"),
},
SignInBehavior: &cloudidentity.SignInBehaviorArgs{
RedirectCondition: cloudidentity.SignInBehaviorRedirectConditionRedirectConditionUnspecified,
},
SsoMode: cloudidentity.InboundSsoAssignmentSsoModeSsoModeUnspecified,
TargetGroup: pulumi.String("string"),
TargetOrgUnit: pulumi.String("string"),
})
var inboundSsoAssignmentResource = new InboundSsoAssignment("inboundSsoAssignmentResource", InboundSsoAssignmentArgs.builder()
.customer("string")
.rank(0)
.samlSsoInfo(SamlSsoInfoArgs.builder()
.inboundSamlSsoProfile("string")
.build())
.signInBehavior(SignInBehaviorArgs.builder()
.redirectCondition("REDIRECT_CONDITION_UNSPECIFIED")
.build())
.ssoMode("SSO_MODE_UNSPECIFIED")
.targetGroup("string")
.targetOrgUnit("string")
.build());
inbound_sso_assignment_resource = google_native.cloudidentity.v1.InboundSsoAssignment("inboundSsoAssignmentResource",
customer="string",
rank=0,
saml_sso_info={
"inbound_saml_sso_profile": "string",
},
sign_in_behavior={
"redirect_condition": google_native.cloudidentity.v1.SignInBehaviorRedirectCondition.REDIRECT_CONDITION_UNSPECIFIED,
},
sso_mode=google_native.cloudidentity.v1.InboundSsoAssignmentSsoMode.SSO_MODE_UNSPECIFIED,
target_group="string",
target_org_unit="string")
const inboundSsoAssignmentResource = new google_native.cloudidentity.v1.InboundSsoAssignment("inboundSsoAssignmentResource", {
customer: "string",
rank: 0,
samlSsoInfo: {
inboundSamlSsoProfile: "string",
},
signInBehavior: {
redirectCondition: google_native.cloudidentity.v1.SignInBehaviorRedirectCondition.RedirectConditionUnspecified,
},
ssoMode: google_native.cloudidentity.v1.InboundSsoAssignmentSsoMode.SsoModeUnspecified,
targetGroup: "string",
targetOrgUnit: "string",
});
type: google-native:cloudidentity/v1:InboundSsoAssignment
properties:
customer: string
rank: 0
samlSsoInfo:
inboundSamlSsoProfile: string
signInBehavior:
redirectCondition: REDIRECT_CONDITION_UNSPECIFIED
ssoMode: SSO_MODE_UNSPECIFIED
targetGroup: string
targetOrgUnit: string
InboundSsoAssignment Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The InboundSsoAssignment resource accepts the following input properties:
- Customer string
- Immutable. The customer. For example:
customers/C0123abc
. - Rank int
- Must be zero (which is the default value so it can be omitted) for assignments with
target_org_unit
set and must be greater-than-or-equal-to one for assignments withtarget_group
set. - Saml
Sso Pulumi.Info Google Native. Cloud Identity. V1. Inputs. Saml Sso Info - SAML SSO details. Must be set if and only if
sso_mode
is set toSAML_SSO
. - Sign
In Pulumi.Behavior Google Native. Cloud Identity. V1. Inputs. Sign In Behavior - Assertions about users assigned to an IdP will always be accepted from that IdP. This controls whether/when Google should redirect a user to the IdP. Unset (defaults) is the recommended configuration.
- Sso
Mode Pulumi.Google Native. Cloud Identity. V1. Inbound Sso Assignment Sso Mode - Inbound SSO behavior.
- Target
Group string - Immutable. Must be of the form
groups/{group}
. - Target
Org stringUnit - Immutable. Must be of the form
orgUnits/{org_unit}
.
- Customer string
- Immutable. The customer. For example:
customers/C0123abc
. - Rank int
- Must be zero (which is the default value so it can be omitted) for assignments with
target_org_unit
set and must be greater-than-or-equal-to one for assignments withtarget_group
set. - Saml
Sso SamlInfo Sso Info Args - SAML SSO details. Must be set if and only if
sso_mode
is set toSAML_SSO
. - Sign
In SignBehavior In Behavior Args - Assertions about users assigned to an IdP will always be accepted from that IdP. This controls whether/when Google should redirect a user to the IdP. Unset (defaults) is the recommended configuration.
- Sso
Mode InboundSso Assignment Sso Mode - Inbound SSO behavior.
- Target
Group string - Immutable. Must be of the form
groups/{group}
. - Target
Org stringUnit - Immutable. Must be of the form
orgUnits/{org_unit}
.
- customer String
- Immutable. The customer. For example:
customers/C0123abc
. - rank Integer
- Must be zero (which is the default value so it can be omitted) for assignments with
target_org_unit
set and must be greater-than-or-equal-to one for assignments withtarget_group
set. - saml
Sso SamlInfo Sso Info - SAML SSO details. Must be set if and only if
sso_mode
is set toSAML_SSO
. - sign
In SignBehavior In Behavior - Assertions about users assigned to an IdP will always be accepted from that IdP. This controls whether/when Google should redirect a user to the IdP. Unset (defaults) is the recommended configuration.
- sso
Mode InboundSso Assignment Sso Mode - Inbound SSO behavior.
- target
Group String - Immutable. Must be of the form
groups/{group}
. - target
Org StringUnit - Immutable. Must be of the form
orgUnits/{org_unit}
.
- customer string
- Immutable. The customer. For example:
customers/C0123abc
. - rank number
- Must be zero (which is the default value so it can be omitted) for assignments with
target_org_unit
set and must be greater-than-or-equal-to one for assignments withtarget_group
set. - saml
Sso SamlInfo Sso Info - SAML SSO details. Must be set if and only if
sso_mode
is set toSAML_SSO
. - sign
In SignBehavior In Behavior - Assertions about users assigned to an IdP will always be accepted from that IdP. This controls whether/when Google should redirect a user to the IdP. Unset (defaults) is the recommended configuration.
- sso
Mode InboundSso Assignment Sso Mode - Inbound SSO behavior.
- target
Group string - Immutable. Must be of the form
groups/{group}
. - target
Org stringUnit - Immutable. Must be of the form
orgUnits/{org_unit}
.
- customer str
- Immutable. The customer. For example:
customers/C0123abc
. - rank int
- Must be zero (which is the default value so it can be omitted) for assignments with
target_org_unit
set and must be greater-than-or-equal-to one for assignments withtarget_group
set. - saml_
sso_ Samlinfo Sso Info Args - SAML SSO details. Must be set if and only if
sso_mode
is set toSAML_SSO
. - sign_
in_ Signbehavior In Behavior Args - Assertions about users assigned to an IdP will always be accepted from that IdP. This controls whether/when Google should redirect a user to the IdP. Unset (defaults) is the recommended configuration.
- sso_
mode InboundSso Assignment Sso Mode - Inbound SSO behavior.
- target_
group str - Immutable. Must be of the form
groups/{group}
. - target_
org_ strunit - Immutable. Must be of the form
orgUnits/{org_unit}
.
- customer String
- Immutable. The customer. For example:
customers/C0123abc
. - rank Number
- Must be zero (which is the default value so it can be omitted) for assignments with
target_org_unit
set and must be greater-than-or-equal-to one for assignments withtarget_group
set. - saml
Sso Property MapInfo - SAML SSO details. Must be set if and only if
sso_mode
is set toSAML_SSO
. - sign
In Property MapBehavior - Assertions about users assigned to an IdP will always be accepted from that IdP. This controls whether/when Google should redirect a user to the IdP. Unset (defaults) is the recommended configuration.
- sso
Mode "SSO_MODE_UNSPECIFIED" | "SSO_OFF" | "SAML_SSO" | "DOMAIN_WIDE_SAML_IF_ENABLED" - Inbound SSO behavior.
- target
Group String - Immutable. Must be of the form
groups/{group}
. - target
Org StringUnit - Immutable. Must be of the form
orgUnits/{org_unit}
.
Outputs
All input properties are implicitly available as output properties. Additionally, the InboundSsoAssignment resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Name string
- Resource name of the Inbound SSO Assignment.
- Id string
- The provider-assigned unique ID for this managed resource.
- Name string
- Resource name of the Inbound SSO Assignment.
- id String
- The provider-assigned unique ID for this managed resource.
- name String
- Resource name of the Inbound SSO Assignment.
- id string
- The provider-assigned unique ID for this managed resource.
- name string
- Resource name of the Inbound SSO Assignment.
- id str
- The provider-assigned unique ID for this managed resource.
- name str
- Resource name of the Inbound SSO Assignment.
- id String
- The provider-assigned unique ID for this managed resource.
- name String
- Resource name of the Inbound SSO Assignment.
Supporting Types
InboundSsoAssignmentSsoMode, InboundSsoAssignmentSsoModeArgs
- Sso
Mode Unspecified - SSO_MODE_UNSPECIFIEDNot allowed.
- Sso
Off - SSO_OFFDisable SSO for the targeted users.
- Saml
Sso - SAML_SSOUse an external SAML Identity Provider for SSO for the targeted users.
- Domain
Wide Saml If Enabled - DOMAIN_WIDE_SAML_IF_ENABLEDUse the domain-wide SAML Identity Provider for the targeted users if one is configured; otherwise, this is equivalent to
SSO_OFF
. Note that this will also be equivalent toSSO_OFF
if/when support for domain-wide SAML is removed. Google may disallow this mode at that point and existing assignments with this mode may be automatically changed toSSO_OFF
.
- Inbound
Sso Assignment Sso Mode Sso Mode Unspecified - SSO_MODE_UNSPECIFIEDNot allowed.
- Inbound
Sso Assignment Sso Mode Sso Off - SSO_OFFDisable SSO for the targeted users.
- Inbound
Sso Assignment Sso Mode Saml Sso - SAML_SSOUse an external SAML Identity Provider for SSO for the targeted users.
- Inbound
Sso Assignment Sso Mode Domain Wide Saml If Enabled - DOMAIN_WIDE_SAML_IF_ENABLEDUse the domain-wide SAML Identity Provider for the targeted users if one is configured; otherwise, this is equivalent to
SSO_OFF
. Note that this will also be equivalent toSSO_OFF
if/when support for domain-wide SAML is removed. Google may disallow this mode at that point and existing assignments with this mode may be automatically changed toSSO_OFF
.
- Sso
Mode Unspecified - SSO_MODE_UNSPECIFIEDNot allowed.
- Sso
Off - SSO_OFFDisable SSO for the targeted users.
- Saml
Sso - SAML_SSOUse an external SAML Identity Provider for SSO for the targeted users.
- Domain
Wide Saml If Enabled - DOMAIN_WIDE_SAML_IF_ENABLEDUse the domain-wide SAML Identity Provider for the targeted users if one is configured; otherwise, this is equivalent to
SSO_OFF
. Note that this will also be equivalent toSSO_OFF
if/when support for domain-wide SAML is removed. Google may disallow this mode at that point and existing assignments with this mode may be automatically changed toSSO_OFF
.
- Sso
Mode Unspecified - SSO_MODE_UNSPECIFIEDNot allowed.
- Sso
Off - SSO_OFFDisable SSO for the targeted users.
- Saml
Sso - SAML_SSOUse an external SAML Identity Provider for SSO for the targeted users.
- Domain
Wide Saml If Enabled - DOMAIN_WIDE_SAML_IF_ENABLEDUse the domain-wide SAML Identity Provider for the targeted users if one is configured; otherwise, this is equivalent to
SSO_OFF
. Note that this will also be equivalent toSSO_OFF
if/when support for domain-wide SAML is removed. Google may disallow this mode at that point and existing assignments with this mode may be automatically changed toSSO_OFF
.
- SSO_MODE_UNSPECIFIED
- SSO_MODE_UNSPECIFIEDNot allowed.
- SSO_OFF
- SSO_OFFDisable SSO for the targeted users.
- SAML_SSO
- SAML_SSOUse an external SAML Identity Provider for SSO for the targeted users.
- DOMAIN_WIDE_SAML_IF_ENABLED
- DOMAIN_WIDE_SAML_IF_ENABLEDUse the domain-wide SAML Identity Provider for the targeted users if one is configured; otherwise, this is equivalent to
SSO_OFF
. Note that this will also be equivalent toSSO_OFF
if/when support for domain-wide SAML is removed. Google may disallow this mode at that point and existing assignments with this mode may be automatically changed toSSO_OFF
.
- "SSO_MODE_UNSPECIFIED"
- SSO_MODE_UNSPECIFIEDNot allowed.
- "SSO_OFF"
- SSO_OFFDisable SSO for the targeted users.
- "SAML_SSO"
- SAML_SSOUse an external SAML Identity Provider for SSO for the targeted users.
- "DOMAIN_WIDE_SAML_IF_ENABLED"
- DOMAIN_WIDE_SAML_IF_ENABLEDUse the domain-wide SAML Identity Provider for the targeted users if one is configured; otherwise, this is equivalent to
SSO_OFF
. Note that this will also be equivalent toSSO_OFF
if/when support for domain-wide SAML is removed. Google may disallow this mode at that point and existing assignments with this mode may be automatically changed toSSO_OFF
.
SamlSsoInfo, SamlSsoInfoArgs
- Inbound
Saml stringSso Profile - Name of the
InboundSamlSsoProfile
to use. Must be of the forminboundSamlSsoProfiles/{inbound_saml_sso_profile}
.
- Inbound
Saml stringSso Profile - Name of the
InboundSamlSsoProfile
to use. Must be of the forminboundSamlSsoProfiles/{inbound_saml_sso_profile}
.
- inbound
Saml StringSso Profile - Name of the
InboundSamlSsoProfile
to use. Must be of the forminboundSamlSsoProfiles/{inbound_saml_sso_profile}
.
- inbound
Saml stringSso Profile - Name of the
InboundSamlSsoProfile
to use. Must be of the forminboundSamlSsoProfiles/{inbound_saml_sso_profile}
.
- inbound_
saml_ strsso_ profile - Name of the
InboundSamlSsoProfile
to use. Must be of the forminboundSamlSsoProfiles/{inbound_saml_sso_profile}
.
- inbound
Saml StringSso Profile - Name of the
InboundSamlSsoProfile
to use. Must be of the forminboundSamlSsoProfiles/{inbound_saml_sso_profile}
.
SamlSsoInfoResponse, SamlSsoInfoResponseArgs
- Inbound
Saml stringSso Profile - Name of the
InboundSamlSsoProfile
to use. Must be of the forminboundSamlSsoProfiles/{inbound_saml_sso_profile}
.
- Inbound
Saml stringSso Profile - Name of the
InboundSamlSsoProfile
to use. Must be of the forminboundSamlSsoProfiles/{inbound_saml_sso_profile}
.
- inbound
Saml StringSso Profile - Name of the
InboundSamlSsoProfile
to use. Must be of the forminboundSamlSsoProfiles/{inbound_saml_sso_profile}
.
- inbound
Saml stringSso Profile - Name of the
InboundSamlSsoProfile
to use. Must be of the forminboundSamlSsoProfiles/{inbound_saml_sso_profile}
.
- inbound_
saml_ strsso_ profile - Name of the
InboundSamlSsoProfile
to use. Must be of the forminboundSamlSsoProfiles/{inbound_saml_sso_profile}
.
- inbound
Saml StringSso Profile - Name of the
InboundSamlSsoProfile
to use. Must be of the forminboundSamlSsoProfiles/{inbound_saml_sso_profile}
.
SignInBehavior, SignInBehaviorArgs
- Redirect
Condition Pulumi.Google Native. Cloud Identity. V1. Sign In Behavior Redirect Condition - When to redirect sign-ins to the IdP.
- Redirect
Condition SignIn Behavior Redirect Condition - When to redirect sign-ins to the IdP.
- redirect
Condition SignIn Behavior Redirect Condition - When to redirect sign-ins to the IdP.
- redirect
Condition SignIn Behavior Redirect Condition - When to redirect sign-ins to the IdP.
- redirect_
condition SignIn Behavior Redirect Condition - When to redirect sign-ins to the IdP.
- redirect
Condition "REDIRECT_CONDITION_UNSPECIFIED" | "NEVER" - When to redirect sign-ins to the IdP.
SignInBehaviorRedirectCondition, SignInBehaviorRedirectConditionArgs
- Redirect
Condition Unspecified - REDIRECT_CONDITION_UNSPECIFIEDDefault and means "always"
- Never
- NEVERSign-in flows where the user is prompted for their identity will not redirect to the IdP (so the user will most likely be prompted by Google for a password), but special flows like IdP-initiated SAML and sign-in following automatic redirection to the IdP by domain-specific service URLs will accept the IdP's assertion of the user's identity.
- Sign
In Behavior Redirect Condition Redirect Condition Unspecified - REDIRECT_CONDITION_UNSPECIFIEDDefault and means "always"
- Sign
In Behavior Redirect Condition Never - NEVERSign-in flows where the user is prompted for their identity will not redirect to the IdP (so the user will most likely be prompted by Google for a password), but special flows like IdP-initiated SAML and sign-in following automatic redirection to the IdP by domain-specific service URLs will accept the IdP's assertion of the user's identity.
- Redirect
Condition Unspecified - REDIRECT_CONDITION_UNSPECIFIEDDefault and means "always"
- Never
- NEVERSign-in flows where the user is prompted for their identity will not redirect to the IdP (so the user will most likely be prompted by Google for a password), but special flows like IdP-initiated SAML and sign-in following automatic redirection to the IdP by domain-specific service URLs will accept the IdP's assertion of the user's identity.
- Redirect
Condition Unspecified - REDIRECT_CONDITION_UNSPECIFIEDDefault and means "always"
- Never
- NEVERSign-in flows where the user is prompted for their identity will not redirect to the IdP (so the user will most likely be prompted by Google for a password), but special flows like IdP-initiated SAML and sign-in following automatic redirection to the IdP by domain-specific service URLs will accept the IdP's assertion of the user's identity.
- REDIRECT_CONDITION_UNSPECIFIED
- REDIRECT_CONDITION_UNSPECIFIEDDefault and means "always"
- NEVER
- NEVERSign-in flows where the user is prompted for their identity will not redirect to the IdP (so the user will most likely be prompted by Google for a password), but special flows like IdP-initiated SAML and sign-in following automatic redirection to the IdP by domain-specific service URLs will accept the IdP's assertion of the user's identity.
- "REDIRECT_CONDITION_UNSPECIFIED"
- REDIRECT_CONDITION_UNSPECIFIEDDefault and means "always"
- "NEVER"
- NEVERSign-in flows where the user is prompted for their identity will not redirect to the IdP (so the user will most likely be prompted by Google for a password), but special flows like IdP-initiated SAML and sign-in following automatic redirection to the IdP by domain-specific service URLs will accept the IdP's assertion of the user's identity.
SignInBehaviorResponse, SignInBehaviorResponseArgs
- Redirect
Condition string - When to redirect sign-ins to the IdP.
- Redirect
Condition string - When to redirect sign-ins to the IdP.
- redirect
Condition String - When to redirect sign-ins to the IdP.
- redirect
Condition string - When to redirect sign-ins to the IdP.
- redirect_
condition str - When to redirect sign-ins to the IdP.
- redirect
Condition String - When to redirect sign-ins to the IdP.
Package Details
- Repository
- Google Cloud Native pulumi/pulumi-google-native
- License
- Apache-2.0
Google Cloud Native is in preview. Google Cloud Classic is fully supported.