1. Packages
  2. Juniper Mist
  3. API Docs
  4. org
  5. Sso
Juniper Mist v0.1.1 published on Monday, Nov 4, 2024 by Pulumi

junipermist.org.Sso

Explore with Pulumi AI

junipermist logo
Juniper Mist v0.1.1 published on Monday, Nov 4, 2024 by Pulumi

    This resource manages Org API Tokens. Org API token is a unique identifier used by an application to authenticate and access a service’s API. These tokens are used to authenticate requests made to the API server and ensure secure access to the API. They are not bound to any specific user and provide access to the organization as a whole. Organization tokens support different privileges and can only be used for the specific organization they are generated for. Rate limiting is done on an individual token basis, so if one token reaches its rate limit, it does not impact other tokens.

    The SSO Metadata can be retrieved with the junipermist.org.getSsoMetadata data source.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as junipermist from "@pulumi/juniper-mist";
    
    const ssoAdminOne = new junipermist.org.Sso("sso_admin_one", {
        orgId: terraformTest.id,
        name: "sso_admin_one",
        customLogoutUrl: "https://idp.com/logout",
        idpCert: "-----BEGIN CERTIFICATE-----MIIF0jC .../fSCGx7-----END CERTIFICATE-----",
        idpSignAlgo: "sha512",
        idpSsoUrl: "https://idp.com/login",
        issuer: "my_idp_issuer",
        nameidFormat: "email",
    });
    
    import pulumi
    import pulumi_juniper_mist as junipermist
    
    sso_admin_one = junipermist.org.Sso("sso_admin_one",
        org_id=terraform_test["id"],
        name="sso_admin_one",
        custom_logout_url="https://idp.com/logout",
        idp_cert="-----BEGIN CERTIFICATE-----MIIF0jC .../fSCGx7-----END CERTIFICATE-----",
        idp_sign_algo="sha512",
        idp_sso_url="https://idp.com/login",
        issuer="my_idp_issuer",
        nameid_format="email")
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-junipermist/sdk/go/junipermist/org"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := org.NewSso(ctx, "sso_admin_one", &org.SsoArgs{
    			OrgId:           pulumi.Any(terraformTest.Id),
    			Name:            pulumi.String("sso_admin_one"),
    			CustomLogoutUrl: pulumi.String("https://idp.com/logout"),
    			IdpCert:         pulumi.String("-----BEGIN CERTIFICATE-----MIIF0jC .../fSCGx7-----END CERTIFICATE-----"),
    			IdpSignAlgo:     pulumi.String("sha512"),
    			IdpSsoUrl:       pulumi.String("https://idp.com/login"),
    			Issuer:          pulumi.String("my_idp_issuer"),
    			NameidFormat:    pulumi.String("email"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using JuniperMist = Pulumi.JuniperMist;
    
    return await Deployment.RunAsync(() => 
    {
        var ssoAdminOne = new JuniperMist.Org.Sso("sso_admin_one", new()
        {
            OrgId = terraformTest.Id,
            Name = "sso_admin_one",
            CustomLogoutUrl = "https://idp.com/logout",
            IdpCert = "-----BEGIN CERTIFICATE-----MIIF0jC .../fSCGx7-----END CERTIFICATE-----",
            IdpSignAlgo = "sha512",
            IdpSsoUrl = "https://idp.com/login",
            Issuer = "my_idp_issuer",
            NameidFormat = "email",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.junipermist.org.Sso;
    import com.pulumi.junipermist.org.SsoArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var ssoAdminOne = new Sso("ssoAdminOne", SsoArgs.builder()
                .orgId(terraformTest.id())
                .name("sso_admin_one")
                .customLogoutUrl("https://idp.com/logout")
                .idpCert("-----BEGIN CERTIFICATE-----MIIF0jC .../fSCGx7-----END CERTIFICATE-----")
                .idpSignAlgo("sha512")
                .idpSsoUrl("https://idp.com/login")
                .issuer("my_idp_issuer")
                .nameidFormat("email")
                .build());
    
        }
    }
    
    resources:
      ssoAdminOne:
        type: junipermist:org:Sso
        name: sso_admin_one
        properties:
          orgId: ${terraformTest.id}
          name: sso_admin_one
          customLogoutUrl: https://idp.com/logout
          idpCert: '-----BEGIN CERTIFICATE-----MIIF0jC .../fSCGx7-----END CERTIFICATE-----'
          idpSignAlgo: sha512
          idpSsoUrl: https://idp.com/login
          issuer: my_idp_issuer
          nameidFormat: email
    

    Create Sso Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new Sso(name: string, args: SsoArgs, opts?: CustomResourceOptions);
    @overload
    def Sso(resource_name: str,
            args: SsoArgs,
            opts: Optional[ResourceOptions] = None)
    
    @overload
    def Sso(resource_name: str,
            opts: Optional[ResourceOptions] = None,
            issuer: Optional[str] = None,
            org_id: Optional[str] = None,
            idp_cert: Optional[str] = None,
            idp_sign_algo: Optional[str] = None,
            idp_sso_url: Optional[str] = None,
            custom_logout_url: Optional[str] = None,
            default_role: Optional[str] = None,
            name: Optional[str] = None,
            role_attr_extraction: Optional[str] = None,
            ignore_unmatched_roles: Optional[bool] = None,
            nameid_format: Optional[str] = None,
            role_attr_from: Optional[str] = None,
            scim_enabled: Optional[bool] = None,
            scim_secret_token: Optional[str] = None)
    func NewSso(ctx *Context, name string, args SsoArgs, opts ...ResourceOption) (*Sso, error)
    public Sso(string name, SsoArgs args, CustomResourceOptions? opts = null)
    public Sso(String name, SsoArgs args)
    public Sso(String name, SsoArgs args, CustomResourceOptions options)
    
    type: junipermist:org:Sso
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args SsoArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args SsoArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args SsoArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args SsoArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args SsoArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var ssoResource = new JuniperMist.Org.Sso("ssoResource", new()
    {
        Issuer = "string",
        OrgId = "string",
        IdpCert = "string",
        IdpSignAlgo = "string",
        IdpSsoUrl = "string",
        CustomLogoutUrl = "string",
        DefaultRole = "string",
        Name = "string",
        RoleAttrExtraction = "string",
        IgnoreUnmatchedRoles = false,
        NameidFormat = "string",
        RoleAttrFrom = "string",
        ScimEnabled = false,
        ScimSecretToken = "string",
    });
    
    example, err := org.NewSso(ctx, "ssoResource", &org.SsoArgs{
    	Issuer:               pulumi.String("string"),
    	OrgId:                pulumi.String("string"),
    	IdpCert:              pulumi.String("string"),
    	IdpSignAlgo:          pulumi.String("string"),
    	IdpSsoUrl:            pulumi.String("string"),
    	CustomLogoutUrl:      pulumi.String("string"),
    	DefaultRole:          pulumi.String("string"),
    	Name:                 pulumi.String("string"),
    	RoleAttrExtraction:   pulumi.String("string"),
    	IgnoreUnmatchedRoles: pulumi.Bool(false),
    	NameidFormat:         pulumi.String("string"),
    	RoleAttrFrom:         pulumi.String("string"),
    	ScimEnabled:          pulumi.Bool(false),
    	ScimSecretToken:      pulumi.String("string"),
    })
    
    var ssoResource = new Sso("ssoResource", SsoArgs.builder()
        .issuer("string")
        .orgId("string")
        .idpCert("string")
        .idpSignAlgo("string")
        .idpSsoUrl("string")
        .customLogoutUrl("string")
        .defaultRole("string")
        .name("string")
        .roleAttrExtraction("string")
        .ignoreUnmatchedRoles(false)
        .nameidFormat("string")
        .roleAttrFrom("string")
        .scimEnabled(false)
        .scimSecretToken("string")
        .build());
    
    sso_resource = junipermist.org.Sso("ssoResource",
        issuer="string",
        org_id="string",
        idp_cert="string",
        idp_sign_algo="string",
        idp_sso_url="string",
        custom_logout_url="string",
        default_role="string",
        name="string",
        role_attr_extraction="string",
        ignore_unmatched_roles=False,
        nameid_format="string",
        role_attr_from="string",
        scim_enabled=False,
        scim_secret_token="string")
    
    const ssoResource = new junipermist.org.Sso("ssoResource", {
        issuer: "string",
        orgId: "string",
        idpCert: "string",
        idpSignAlgo: "string",
        idpSsoUrl: "string",
        customLogoutUrl: "string",
        defaultRole: "string",
        name: "string",
        roleAttrExtraction: "string",
        ignoreUnmatchedRoles: false,
        nameidFormat: "string",
        roleAttrFrom: "string",
        scimEnabled: false,
        scimSecretToken: "string",
    });
    
    type: junipermist:org:Sso
    properties:
        customLogoutUrl: string
        defaultRole: string
        idpCert: string
        idpSignAlgo: string
        idpSsoUrl: string
        ignoreUnmatchedRoles: false
        issuer: string
        name: string
        nameidFormat: string
        orgId: string
        roleAttrExtraction: string
        roleAttrFrom: string
        scimEnabled: false
        scimSecretToken: string
    

    Sso Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The Sso resource accepts the following input properties:

    IdpCert string
    IDP Cert (used to verify the signed response)
    IdpSignAlgo string
    Signing algorithm for SAML Assertion. enum sha1, sha256, sha384, sha512
    IdpSsoUrl string
    IDP Single-Sign-On URL
    Issuer string
    IDP issuer URL
    OrgId string
    CustomLogoutUrl string
    a URL we will redirect the user after user logout from Mist (for some IdP which supports a custom logout URL that is different from SP-initiated SLO process)
    DefaultRole string
    default role to assign if there’s no match. By default, an assertion is treated as invalid when there’s no role matched
    IgnoreUnmatchedRoles bool
    ignore any unmatched roles provided in assertion. By default, an assertion is treated as invalid for any unmatched role
    Name string
    name
    NameidFormat string
    enum: email, unspecified
    RoleAttrExtraction string
    custom role attribute parsing scheme\n\nSupported Role Parsing Schemes\nNameSchemecnThe expected role attribute format in SAML Assertion is “CN=cn,OU=ou1,OU=ou2,…”CN (the key) is case insensitive and exactly 1 CN is expected (or the entire entry will be ignored)E.g. if role attribute is “CN=cn,OU=ou1,OU=ou2” then parsed role value is “cn”
    RoleAttrFrom string
    name of the attribute in SAML Assertion to extract role from. Default: Role
    ScimEnabled bool
    if idp_type==oauth, indicates if SCIM provisioning is enabled for the OAuth IDP
    ScimSecretToken string
    if idp_type==oauth, scim_secret_token (generated by caller, crypto-random) is used as the Bearer token in the Authorization header of SCIM provisioning requests by the IDP
    IdpCert string
    IDP Cert (used to verify the signed response)
    IdpSignAlgo string
    Signing algorithm for SAML Assertion. enum sha1, sha256, sha384, sha512
    IdpSsoUrl string
    IDP Single-Sign-On URL
    Issuer string
    IDP issuer URL
    OrgId string
    CustomLogoutUrl string
    a URL we will redirect the user after user logout from Mist (for some IdP which supports a custom logout URL that is different from SP-initiated SLO process)
    DefaultRole string
    default role to assign if there’s no match. By default, an assertion is treated as invalid when there’s no role matched
    IgnoreUnmatchedRoles bool
    ignore any unmatched roles provided in assertion. By default, an assertion is treated as invalid for any unmatched role
    Name string
    name
    NameidFormat string
    enum: email, unspecified
    RoleAttrExtraction string
    custom role attribute parsing scheme\n\nSupported Role Parsing Schemes\nNameSchemecnThe expected role attribute format in SAML Assertion is “CN=cn,OU=ou1,OU=ou2,…”CN (the key) is case insensitive and exactly 1 CN is expected (or the entire entry will be ignored)E.g. if role attribute is “CN=cn,OU=ou1,OU=ou2” then parsed role value is “cn”
    RoleAttrFrom string
    name of the attribute in SAML Assertion to extract role from. Default: Role
    ScimEnabled bool
    if idp_type==oauth, indicates if SCIM provisioning is enabled for the OAuth IDP
    ScimSecretToken string
    if idp_type==oauth, scim_secret_token (generated by caller, crypto-random) is used as the Bearer token in the Authorization header of SCIM provisioning requests by the IDP
    idpCert String
    IDP Cert (used to verify the signed response)
    idpSignAlgo String
    Signing algorithm for SAML Assertion. enum sha1, sha256, sha384, sha512
    idpSsoUrl String
    IDP Single-Sign-On URL
    issuer String
    IDP issuer URL
    orgId String
    customLogoutUrl String
    a URL we will redirect the user after user logout from Mist (for some IdP which supports a custom logout URL that is different from SP-initiated SLO process)
    defaultRole String
    default role to assign if there’s no match. By default, an assertion is treated as invalid when there’s no role matched
    ignoreUnmatchedRoles Boolean
    ignore any unmatched roles provided in assertion. By default, an assertion is treated as invalid for any unmatched role
    name String
    name
    nameidFormat String
    enum: email, unspecified
    roleAttrExtraction String
    custom role attribute parsing scheme\n\nSupported Role Parsing Schemes\nNameSchemecnThe expected role attribute format in SAML Assertion is “CN=cn,OU=ou1,OU=ou2,…”CN (the key) is case insensitive and exactly 1 CN is expected (or the entire entry will be ignored)E.g. if role attribute is “CN=cn,OU=ou1,OU=ou2” then parsed role value is “cn”
    roleAttrFrom String
    name of the attribute in SAML Assertion to extract role from. Default: Role
    scimEnabled Boolean
    if idp_type==oauth, indicates if SCIM provisioning is enabled for the OAuth IDP
    scimSecretToken String
    if idp_type==oauth, scim_secret_token (generated by caller, crypto-random) is used as the Bearer token in the Authorization header of SCIM provisioning requests by the IDP
    idpCert string
    IDP Cert (used to verify the signed response)
    idpSignAlgo string
    Signing algorithm for SAML Assertion. enum sha1, sha256, sha384, sha512
    idpSsoUrl string
    IDP Single-Sign-On URL
    issuer string
    IDP issuer URL
    orgId string
    customLogoutUrl string
    a URL we will redirect the user after user logout from Mist (for some IdP which supports a custom logout URL that is different from SP-initiated SLO process)
    defaultRole string
    default role to assign if there’s no match. By default, an assertion is treated as invalid when there’s no role matched
    ignoreUnmatchedRoles boolean
    ignore any unmatched roles provided in assertion. By default, an assertion is treated as invalid for any unmatched role
    name string
    name
    nameidFormat string
    enum: email, unspecified
    roleAttrExtraction string
    custom role attribute parsing scheme\n\nSupported Role Parsing Schemes\nNameSchemecnThe expected role attribute format in SAML Assertion is “CN=cn,OU=ou1,OU=ou2,…”CN (the key) is case insensitive and exactly 1 CN is expected (or the entire entry will be ignored)E.g. if role attribute is “CN=cn,OU=ou1,OU=ou2” then parsed role value is “cn”
    roleAttrFrom string
    name of the attribute in SAML Assertion to extract role from. Default: Role
    scimEnabled boolean
    if idp_type==oauth, indicates if SCIM provisioning is enabled for the OAuth IDP
    scimSecretToken string
    if idp_type==oauth, scim_secret_token (generated by caller, crypto-random) is used as the Bearer token in the Authorization header of SCIM provisioning requests by the IDP
    idp_cert str
    IDP Cert (used to verify the signed response)
    idp_sign_algo str
    Signing algorithm for SAML Assertion. enum sha1, sha256, sha384, sha512
    idp_sso_url str
    IDP Single-Sign-On URL
    issuer str
    IDP issuer URL
    org_id str
    custom_logout_url str
    a URL we will redirect the user after user logout from Mist (for some IdP which supports a custom logout URL that is different from SP-initiated SLO process)
    default_role str
    default role to assign if there’s no match. By default, an assertion is treated as invalid when there’s no role matched
    ignore_unmatched_roles bool
    ignore any unmatched roles provided in assertion. By default, an assertion is treated as invalid for any unmatched role
    name str
    name
    nameid_format str
    enum: email, unspecified
    role_attr_extraction str
    custom role attribute parsing scheme\n\nSupported Role Parsing Schemes\nNameSchemecnThe expected role attribute format in SAML Assertion is “CN=cn,OU=ou1,OU=ou2,…”CN (the key) is case insensitive and exactly 1 CN is expected (or the entire entry will be ignored)E.g. if role attribute is “CN=cn,OU=ou1,OU=ou2” then parsed role value is “cn”
    role_attr_from str
    name of the attribute in SAML Assertion to extract role from. Default: Role
    scim_enabled bool
    if idp_type==oauth, indicates if SCIM provisioning is enabled for the OAuth IDP
    scim_secret_token str
    if idp_type==oauth, scim_secret_token (generated by caller, crypto-random) is used as the Bearer token in the Authorization header of SCIM provisioning requests by the IDP
    idpCert String
    IDP Cert (used to verify the signed response)
    idpSignAlgo String
    Signing algorithm for SAML Assertion. enum sha1, sha256, sha384, sha512
    idpSsoUrl String
    IDP Single-Sign-On URL
    issuer String
    IDP issuer URL
    orgId String
    customLogoutUrl String
    a URL we will redirect the user after user logout from Mist (for some IdP which supports a custom logout URL that is different from SP-initiated SLO process)
    defaultRole String
    default role to assign if there’s no match. By default, an assertion is treated as invalid when there’s no role matched
    ignoreUnmatchedRoles Boolean
    ignore any unmatched roles provided in assertion. By default, an assertion is treated as invalid for any unmatched role
    name String
    name
    nameidFormat String
    enum: email, unspecified
    roleAttrExtraction String
    custom role attribute parsing scheme\n\nSupported Role Parsing Schemes\nNameSchemecnThe expected role attribute format in SAML Assertion is “CN=cn,OU=ou1,OU=ou2,…”CN (the key) is case insensitive and exactly 1 CN is expected (or the entire entry will be ignored)E.g. if role attribute is “CN=cn,OU=ou1,OU=ou2” then parsed role value is “cn”
    roleAttrFrom String
    name of the attribute in SAML Assertion to extract role from. Default: Role
    scimEnabled Boolean
    if idp_type==oauth, indicates if SCIM provisioning is enabled for the OAuth IDP
    scimSecretToken String
    if idp_type==oauth, scim_secret_token (generated by caller, crypto-random) is used as the Bearer token in the Authorization header of SCIM provisioning requests by the IDP

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Sso resource produces the following output properties:

    Domain string
    random string generated during the SSO creation and used to generate the SAML URLs: * ACS URL = /api/v1/saml/{domain}/login (e.g. https://api.mist.com/api/v1/saml/s4t5vwv8/login) * Single Logout URL = /api/v1/saml/{domain}/logout (e.g. https://api.mist.com/api/v1/saml/s4t5vwv8/logout)
    Id string
    The provider-assigned unique ID for this managed resource.
    Domain string
    random string generated during the SSO creation and used to generate the SAML URLs: * ACS URL = /api/v1/saml/{domain}/login (e.g. https://api.mist.com/api/v1/saml/s4t5vwv8/login) * Single Logout URL = /api/v1/saml/{domain}/logout (e.g. https://api.mist.com/api/v1/saml/s4t5vwv8/logout)
    Id string
    The provider-assigned unique ID for this managed resource.
    domain String
    random string generated during the SSO creation and used to generate the SAML URLs: * ACS URL = /api/v1/saml/{domain}/login (e.g. https://api.mist.com/api/v1/saml/s4t5vwv8/login) * Single Logout URL = /api/v1/saml/{domain}/logout (e.g. https://api.mist.com/api/v1/saml/s4t5vwv8/logout)
    id String
    The provider-assigned unique ID for this managed resource.
    domain string
    random string generated during the SSO creation and used to generate the SAML URLs: * ACS URL = /api/v1/saml/{domain}/login (e.g. https://api.mist.com/api/v1/saml/s4t5vwv8/login) * Single Logout URL = /api/v1/saml/{domain}/logout (e.g. https://api.mist.com/api/v1/saml/s4t5vwv8/logout)
    id string
    The provider-assigned unique ID for this managed resource.
    domain str
    random string generated during the SSO creation and used to generate the SAML URLs: * ACS URL = /api/v1/saml/{domain}/login (e.g. https://api.mist.com/api/v1/saml/s4t5vwv8/login) * Single Logout URL = /api/v1/saml/{domain}/logout (e.g. https://api.mist.com/api/v1/saml/s4t5vwv8/logout)
    id str
    The provider-assigned unique ID for this managed resource.
    domain String
    random string generated during the SSO creation and used to generate the SAML URLs: * ACS URL = /api/v1/saml/{domain}/login (e.g. https://api.mist.com/api/v1/saml/s4t5vwv8/login) * Single Logout URL = /api/v1/saml/{domain}/logout (e.g. https://api.mist.com/api/v1/saml/s4t5vwv8/logout)
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing Sso Resource

    Get an existing Sso resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: SsoState, opts?: CustomResourceOptions): Sso
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            custom_logout_url: Optional[str] = None,
            default_role: Optional[str] = None,
            domain: Optional[str] = None,
            idp_cert: Optional[str] = None,
            idp_sign_algo: Optional[str] = None,
            idp_sso_url: Optional[str] = None,
            ignore_unmatched_roles: Optional[bool] = None,
            issuer: Optional[str] = None,
            name: Optional[str] = None,
            nameid_format: Optional[str] = None,
            org_id: Optional[str] = None,
            role_attr_extraction: Optional[str] = None,
            role_attr_from: Optional[str] = None,
            scim_enabled: Optional[bool] = None,
            scim_secret_token: Optional[str] = None) -> Sso
    func GetSso(ctx *Context, name string, id IDInput, state *SsoState, opts ...ResourceOption) (*Sso, error)
    public static Sso Get(string name, Input<string> id, SsoState? state, CustomResourceOptions? opts = null)
    public static Sso get(String name, Output<String> id, SsoState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    CustomLogoutUrl string
    a URL we will redirect the user after user logout from Mist (for some IdP which supports a custom logout URL that is different from SP-initiated SLO process)
    DefaultRole string
    default role to assign if there’s no match. By default, an assertion is treated as invalid when there’s no role matched
    Domain string
    random string generated during the SSO creation and used to generate the SAML URLs: * ACS URL = /api/v1/saml/{domain}/login (e.g. https://api.mist.com/api/v1/saml/s4t5vwv8/login) * Single Logout URL = /api/v1/saml/{domain}/logout (e.g. https://api.mist.com/api/v1/saml/s4t5vwv8/logout)
    IdpCert string
    IDP Cert (used to verify the signed response)
    IdpSignAlgo string
    Signing algorithm for SAML Assertion. enum sha1, sha256, sha384, sha512
    IdpSsoUrl string
    IDP Single-Sign-On URL
    IgnoreUnmatchedRoles bool
    ignore any unmatched roles provided in assertion. By default, an assertion is treated as invalid for any unmatched role
    Issuer string
    IDP issuer URL
    Name string
    name
    NameidFormat string
    enum: email, unspecified
    OrgId string
    RoleAttrExtraction string
    custom role attribute parsing scheme\n\nSupported Role Parsing Schemes\nNameSchemecnThe expected role attribute format in SAML Assertion is “CN=cn,OU=ou1,OU=ou2,…”CN (the key) is case insensitive and exactly 1 CN is expected (or the entire entry will be ignored)E.g. if role attribute is “CN=cn,OU=ou1,OU=ou2” then parsed role value is “cn”
    RoleAttrFrom string
    name of the attribute in SAML Assertion to extract role from. Default: Role
    ScimEnabled bool
    if idp_type==oauth, indicates if SCIM provisioning is enabled for the OAuth IDP
    ScimSecretToken string
    if idp_type==oauth, scim_secret_token (generated by caller, crypto-random) is used as the Bearer token in the Authorization header of SCIM provisioning requests by the IDP
    CustomLogoutUrl string
    a URL we will redirect the user after user logout from Mist (for some IdP which supports a custom logout URL that is different from SP-initiated SLO process)
    DefaultRole string
    default role to assign if there’s no match. By default, an assertion is treated as invalid when there’s no role matched
    Domain string
    random string generated during the SSO creation and used to generate the SAML URLs: * ACS URL = /api/v1/saml/{domain}/login (e.g. https://api.mist.com/api/v1/saml/s4t5vwv8/login) * Single Logout URL = /api/v1/saml/{domain}/logout (e.g. https://api.mist.com/api/v1/saml/s4t5vwv8/logout)
    IdpCert string
    IDP Cert (used to verify the signed response)
    IdpSignAlgo string
    Signing algorithm for SAML Assertion. enum sha1, sha256, sha384, sha512
    IdpSsoUrl string
    IDP Single-Sign-On URL
    IgnoreUnmatchedRoles bool
    ignore any unmatched roles provided in assertion. By default, an assertion is treated as invalid for any unmatched role
    Issuer string
    IDP issuer URL
    Name string
    name
    NameidFormat string
    enum: email, unspecified
    OrgId string
    RoleAttrExtraction string
    custom role attribute parsing scheme\n\nSupported Role Parsing Schemes\nNameSchemecnThe expected role attribute format in SAML Assertion is “CN=cn,OU=ou1,OU=ou2,…”CN (the key) is case insensitive and exactly 1 CN is expected (or the entire entry will be ignored)E.g. if role attribute is “CN=cn,OU=ou1,OU=ou2” then parsed role value is “cn”
    RoleAttrFrom string
    name of the attribute in SAML Assertion to extract role from. Default: Role
    ScimEnabled bool
    if idp_type==oauth, indicates if SCIM provisioning is enabled for the OAuth IDP
    ScimSecretToken string
    if idp_type==oauth, scim_secret_token (generated by caller, crypto-random) is used as the Bearer token in the Authorization header of SCIM provisioning requests by the IDP
    customLogoutUrl String
    a URL we will redirect the user after user logout from Mist (for some IdP which supports a custom logout URL that is different from SP-initiated SLO process)
    defaultRole String
    default role to assign if there’s no match. By default, an assertion is treated as invalid when there’s no role matched
    domain String
    random string generated during the SSO creation and used to generate the SAML URLs: * ACS URL = /api/v1/saml/{domain}/login (e.g. https://api.mist.com/api/v1/saml/s4t5vwv8/login) * Single Logout URL = /api/v1/saml/{domain}/logout (e.g. https://api.mist.com/api/v1/saml/s4t5vwv8/logout)
    idpCert String
    IDP Cert (used to verify the signed response)
    idpSignAlgo String
    Signing algorithm for SAML Assertion. enum sha1, sha256, sha384, sha512
    idpSsoUrl String
    IDP Single-Sign-On URL
    ignoreUnmatchedRoles Boolean
    ignore any unmatched roles provided in assertion. By default, an assertion is treated as invalid for any unmatched role
    issuer String
    IDP issuer URL
    name String
    name
    nameidFormat String
    enum: email, unspecified
    orgId String
    roleAttrExtraction String
    custom role attribute parsing scheme\n\nSupported Role Parsing Schemes\nNameSchemecnThe expected role attribute format in SAML Assertion is “CN=cn,OU=ou1,OU=ou2,…”CN (the key) is case insensitive and exactly 1 CN is expected (or the entire entry will be ignored)E.g. if role attribute is “CN=cn,OU=ou1,OU=ou2” then parsed role value is “cn”
    roleAttrFrom String
    name of the attribute in SAML Assertion to extract role from. Default: Role
    scimEnabled Boolean
    if idp_type==oauth, indicates if SCIM provisioning is enabled for the OAuth IDP
    scimSecretToken String
    if idp_type==oauth, scim_secret_token (generated by caller, crypto-random) is used as the Bearer token in the Authorization header of SCIM provisioning requests by the IDP
    customLogoutUrl string
    a URL we will redirect the user after user logout from Mist (for some IdP which supports a custom logout URL that is different from SP-initiated SLO process)
    defaultRole string
    default role to assign if there’s no match. By default, an assertion is treated as invalid when there’s no role matched
    domain string
    random string generated during the SSO creation and used to generate the SAML URLs: * ACS URL = /api/v1/saml/{domain}/login (e.g. https://api.mist.com/api/v1/saml/s4t5vwv8/login) * Single Logout URL = /api/v1/saml/{domain}/logout (e.g. https://api.mist.com/api/v1/saml/s4t5vwv8/logout)
    idpCert string
    IDP Cert (used to verify the signed response)
    idpSignAlgo string
    Signing algorithm for SAML Assertion. enum sha1, sha256, sha384, sha512
    idpSsoUrl string
    IDP Single-Sign-On URL
    ignoreUnmatchedRoles boolean
    ignore any unmatched roles provided in assertion. By default, an assertion is treated as invalid for any unmatched role
    issuer string
    IDP issuer URL
    name string
    name
    nameidFormat string
    enum: email, unspecified
    orgId string
    roleAttrExtraction string
    custom role attribute parsing scheme\n\nSupported Role Parsing Schemes\nNameSchemecnThe expected role attribute format in SAML Assertion is “CN=cn,OU=ou1,OU=ou2,…”CN (the key) is case insensitive and exactly 1 CN is expected (or the entire entry will be ignored)E.g. if role attribute is “CN=cn,OU=ou1,OU=ou2” then parsed role value is “cn”
    roleAttrFrom string
    name of the attribute in SAML Assertion to extract role from. Default: Role
    scimEnabled boolean
    if idp_type==oauth, indicates if SCIM provisioning is enabled for the OAuth IDP
    scimSecretToken string
    if idp_type==oauth, scim_secret_token (generated by caller, crypto-random) is used as the Bearer token in the Authorization header of SCIM provisioning requests by the IDP
    custom_logout_url str
    a URL we will redirect the user after user logout from Mist (for some IdP which supports a custom logout URL that is different from SP-initiated SLO process)
    default_role str
    default role to assign if there’s no match. By default, an assertion is treated as invalid when there’s no role matched
    domain str
    random string generated during the SSO creation and used to generate the SAML URLs: * ACS URL = /api/v1/saml/{domain}/login (e.g. https://api.mist.com/api/v1/saml/s4t5vwv8/login) * Single Logout URL = /api/v1/saml/{domain}/logout (e.g. https://api.mist.com/api/v1/saml/s4t5vwv8/logout)
    idp_cert str
    IDP Cert (used to verify the signed response)
    idp_sign_algo str
    Signing algorithm for SAML Assertion. enum sha1, sha256, sha384, sha512
    idp_sso_url str
    IDP Single-Sign-On URL
    ignore_unmatched_roles bool
    ignore any unmatched roles provided in assertion. By default, an assertion is treated as invalid for any unmatched role
    issuer str
    IDP issuer URL
    name str
    name
    nameid_format str
    enum: email, unspecified
    org_id str
    role_attr_extraction str
    custom role attribute parsing scheme\n\nSupported Role Parsing Schemes\nNameSchemecnThe expected role attribute format in SAML Assertion is “CN=cn,OU=ou1,OU=ou2,…”CN (the key) is case insensitive and exactly 1 CN is expected (or the entire entry will be ignored)E.g. if role attribute is “CN=cn,OU=ou1,OU=ou2” then parsed role value is “cn”
    role_attr_from str
    name of the attribute in SAML Assertion to extract role from. Default: Role
    scim_enabled bool
    if idp_type==oauth, indicates if SCIM provisioning is enabled for the OAuth IDP
    scim_secret_token str
    if idp_type==oauth, scim_secret_token (generated by caller, crypto-random) is used as the Bearer token in the Authorization header of SCIM provisioning requests by the IDP
    customLogoutUrl String
    a URL we will redirect the user after user logout from Mist (for some IdP which supports a custom logout URL that is different from SP-initiated SLO process)
    defaultRole String
    default role to assign if there’s no match. By default, an assertion is treated as invalid when there’s no role matched
    domain String
    random string generated during the SSO creation and used to generate the SAML URLs: * ACS URL = /api/v1/saml/{domain}/login (e.g. https://api.mist.com/api/v1/saml/s4t5vwv8/login) * Single Logout URL = /api/v1/saml/{domain}/logout (e.g. https://api.mist.com/api/v1/saml/s4t5vwv8/logout)
    idpCert String
    IDP Cert (used to verify the signed response)
    idpSignAlgo String
    Signing algorithm for SAML Assertion. enum sha1, sha256, sha384, sha512
    idpSsoUrl String
    IDP Single-Sign-On URL
    ignoreUnmatchedRoles Boolean
    ignore any unmatched roles provided in assertion. By default, an assertion is treated as invalid for any unmatched role
    issuer String
    IDP issuer URL
    name String
    name
    nameidFormat String
    enum: email, unspecified
    orgId String
    roleAttrExtraction String
    custom role attribute parsing scheme\n\nSupported Role Parsing Schemes\nNameSchemecnThe expected role attribute format in SAML Assertion is “CN=cn,OU=ou1,OU=ou2,…”CN (the key) is case insensitive and exactly 1 CN is expected (or the entire entry will be ignored)E.g. if role attribute is “CN=cn,OU=ou1,OU=ou2” then parsed role value is “cn”
    roleAttrFrom String
    name of the attribute in SAML Assertion to extract role from. Default: Role
    scimEnabled Boolean
    if idp_type==oauth, indicates if SCIM provisioning is enabled for the OAuth IDP
    scimSecretToken String
    if idp_type==oauth, scim_secret_token (generated by caller, crypto-random) is used as the Bearer token in the Authorization header of SCIM provisioning requests by the IDP

    Import

    Using pulumi import, import mist_org_sso with:

    Org PSK can be imported by specifying the org_id and the sso_id

    $ pulumi import junipermist:org/sso:Sso sso_admin_one 17b46405-3a6d-4715-8bb4-6bb6d06f316a.d3c42998-9012-4859-9743-6b9bee475309
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    junipermist pulumi/pulumi-junipermist
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the mist Terraform Provider.
    junipermist logo
    Juniper Mist v0.1.1 published on Monday, Nov 4, 2024 by Pulumi