okta.app.Saml
Explore with Pulumi AI
This resource allows you to create and configure a SAML Application.
During an apply if there is change in ‘status’ the app will first be activated or deactivated in accordance with the ‘status’ change. Then, all other arguments that changed will be applied.
If you receive the error ‘You do not have permission to access the feature you are requesting’ contact support and request feature flag ‘ADVANCED_SSO’ be applied to your org.
Create Saml Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Saml(name: string, args: SamlArgs, opts?: CustomResourceOptions);
@overload
def Saml(resource_name: str,
args: SamlArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Saml(resource_name: str,
opts: Optional[ResourceOptions] = None,
label: Optional[str] = None,
inline_hook_id: Optional[str] = None,
user_name_template_suffix: Optional[str] = None,
acs_endpoints: Optional[Sequence[str]] = None,
key_name: Optional[str] = None,
app_links_json: Optional[str] = None,
app_settings_json: Optional[str] = None,
assertion_signed: Optional[bool] = None,
attribute_statements: Optional[Sequence[SamlAttributeStatementArgs]] = None,
audience: Optional[str] = None,
authentication_policy: Optional[str] = None,
authn_context_class_ref: Optional[str] = None,
auto_submit_toolbar: Optional[bool] = None,
default_relay_state: Optional[str] = None,
destination: Optional[str] = None,
digest_algorithm: Optional[str] = None,
enduser_note: Optional[str] = None,
hide_ios: Optional[bool] = None,
accessibility_login_redirect_url: Optional[str] = None,
honor_force_authn: Optional[bool] = None,
idp_issuer: Optional[str] = None,
implicit_assignment: Optional[bool] = None,
accessibility_error_redirect_url: Optional[str] = None,
admin_note: Optional[str] = None,
accessibility_self_service: Optional[bool] = None,
hide_web: Optional[bool] = None,
logo: Optional[str] = None,
preconfigured_app: Optional[str] = None,
recipient: Optional[str] = None,
request_compressed: Optional[bool] = None,
response_signed: Optional[bool] = None,
saml_signed_request_enabled: Optional[bool] = None,
saml_version: Optional[str] = None,
signature_algorithm: Optional[str] = None,
single_logout_certificate: Optional[str] = None,
single_logout_issuer: Optional[str] = None,
single_logout_url: Optional[str] = None,
sp_issuer: Optional[str] = None,
sso_url: Optional[str] = None,
status: Optional[str] = None,
subject_name_id_format: Optional[str] = None,
subject_name_id_template: Optional[str] = None,
user_name_template: Optional[str] = None,
user_name_template_push_status: Optional[str] = None,
key_years_valid: Optional[int] = None,
user_name_template_type: Optional[str] = None)
func NewSaml(ctx *Context, name string, args SamlArgs, opts ...ResourceOption) (*Saml, error)
public Saml(string name, SamlArgs args, CustomResourceOptions? opts = null)
type: okta:app:Saml
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args SamlArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args SamlArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args SamlArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args SamlArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args SamlArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var samlResource = new Okta.App.Saml("samlResource", new()
{
Label = "string",
InlineHookId = "string",
UserNameTemplateSuffix = "string",
AcsEndpoints = new[]
{
"string",
},
KeyName = "string",
AppLinksJson = "string",
AppSettingsJson = "string",
AssertionSigned = false,
AttributeStatements = new[]
{
new Okta.App.Inputs.SamlAttributeStatementArgs
{
Name = "string",
FilterType = "string",
FilterValue = "string",
Namespace = "string",
Type = "string",
Values = new[]
{
"string",
},
},
},
Audience = "string",
AuthenticationPolicy = "string",
AuthnContextClassRef = "string",
AutoSubmitToolbar = false,
DefaultRelayState = "string",
Destination = "string",
DigestAlgorithm = "string",
EnduserNote = "string",
HideIos = false,
AccessibilityLoginRedirectUrl = "string",
HonorForceAuthn = false,
IdpIssuer = "string",
ImplicitAssignment = false,
AccessibilityErrorRedirectUrl = "string",
AdminNote = "string",
AccessibilitySelfService = false,
HideWeb = false,
Logo = "string",
PreconfiguredApp = "string",
Recipient = "string",
RequestCompressed = false,
ResponseSigned = false,
SamlSignedRequestEnabled = false,
SamlVersion = "string",
SignatureAlgorithm = "string",
SingleLogoutCertificate = "string",
SingleLogoutIssuer = "string",
SingleLogoutUrl = "string",
SpIssuer = "string",
SsoUrl = "string",
Status = "string",
SubjectNameIdFormat = "string",
SubjectNameIdTemplate = "string",
UserNameTemplate = "string",
UserNameTemplatePushStatus = "string",
KeyYearsValid = 0,
UserNameTemplateType = "string",
});
example, err := app.NewSaml(ctx, "samlResource", &app.SamlArgs{
Label: pulumi.String("string"),
InlineHookId: pulumi.String("string"),
UserNameTemplateSuffix: pulumi.String("string"),
AcsEndpoints: pulumi.StringArray{
pulumi.String("string"),
},
KeyName: pulumi.String("string"),
AppLinksJson: pulumi.String("string"),
AppSettingsJson: pulumi.String("string"),
AssertionSigned: pulumi.Bool(false),
AttributeStatements: app.SamlAttributeStatementArray{
&app.SamlAttributeStatementArgs{
Name: pulumi.String("string"),
FilterType: pulumi.String("string"),
FilterValue: pulumi.String("string"),
Namespace: pulumi.String("string"),
Type: pulumi.String("string"),
Values: pulumi.StringArray{
pulumi.String("string"),
},
},
},
Audience: pulumi.String("string"),
AuthenticationPolicy: pulumi.String("string"),
AuthnContextClassRef: pulumi.String("string"),
AutoSubmitToolbar: pulumi.Bool(false),
DefaultRelayState: pulumi.String("string"),
Destination: pulumi.String("string"),
DigestAlgorithm: pulumi.String("string"),
EnduserNote: pulumi.String("string"),
HideIos: pulumi.Bool(false),
AccessibilityLoginRedirectUrl: pulumi.String("string"),
HonorForceAuthn: pulumi.Bool(false),
IdpIssuer: pulumi.String("string"),
ImplicitAssignment: pulumi.Bool(false),
AccessibilityErrorRedirectUrl: pulumi.String("string"),
AdminNote: pulumi.String("string"),
AccessibilitySelfService: pulumi.Bool(false),
HideWeb: pulumi.Bool(false),
Logo: pulumi.String("string"),
PreconfiguredApp: pulumi.String("string"),
Recipient: pulumi.String("string"),
RequestCompressed: pulumi.Bool(false),
ResponseSigned: pulumi.Bool(false),
SamlSignedRequestEnabled: pulumi.Bool(false),
SamlVersion: pulumi.String("string"),
SignatureAlgorithm: pulumi.String("string"),
SingleLogoutCertificate: pulumi.String("string"),
SingleLogoutIssuer: pulumi.String("string"),
SingleLogoutUrl: pulumi.String("string"),
SpIssuer: pulumi.String("string"),
SsoUrl: pulumi.String("string"),
Status: pulumi.String("string"),
SubjectNameIdFormat: pulumi.String("string"),
SubjectNameIdTemplate: pulumi.String("string"),
UserNameTemplate: pulumi.String("string"),
UserNameTemplatePushStatus: pulumi.String("string"),
KeyYearsValid: pulumi.Int(0),
UserNameTemplateType: pulumi.String("string"),
})
var samlResource = new Saml("samlResource", SamlArgs.builder()
.label("string")
.inlineHookId("string")
.userNameTemplateSuffix("string")
.acsEndpoints("string")
.keyName("string")
.appLinksJson("string")
.appSettingsJson("string")
.assertionSigned(false)
.attributeStatements(SamlAttributeStatementArgs.builder()
.name("string")
.filterType("string")
.filterValue("string")
.namespace("string")
.type("string")
.values("string")
.build())
.audience("string")
.authenticationPolicy("string")
.authnContextClassRef("string")
.autoSubmitToolbar(false)
.defaultRelayState("string")
.destination("string")
.digestAlgorithm("string")
.enduserNote("string")
.hideIos(false)
.accessibilityLoginRedirectUrl("string")
.honorForceAuthn(false)
.idpIssuer("string")
.implicitAssignment(false)
.accessibilityErrorRedirectUrl("string")
.adminNote("string")
.accessibilitySelfService(false)
.hideWeb(false)
.logo("string")
.preconfiguredApp("string")
.recipient("string")
.requestCompressed(false)
.responseSigned(false)
.samlSignedRequestEnabled(false)
.samlVersion("string")
.signatureAlgorithm("string")
.singleLogoutCertificate("string")
.singleLogoutIssuer("string")
.singleLogoutUrl("string")
.spIssuer("string")
.ssoUrl("string")
.status("string")
.subjectNameIdFormat("string")
.subjectNameIdTemplate("string")
.userNameTemplate("string")
.userNameTemplatePushStatus("string")
.keyYearsValid(0)
.userNameTemplateType("string")
.build());
saml_resource = okta.app.Saml("samlResource",
label="string",
inline_hook_id="string",
user_name_template_suffix="string",
acs_endpoints=["string"],
key_name="string",
app_links_json="string",
app_settings_json="string",
assertion_signed=False,
attribute_statements=[{
"name": "string",
"filter_type": "string",
"filter_value": "string",
"namespace": "string",
"type": "string",
"values": ["string"],
}],
audience="string",
authentication_policy="string",
authn_context_class_ref="string",
auto_submit_toolbar=False,
default_relay_state="string",
destination="string",
digest_algorithm="string",
enduser_note="string",
hide_ios=False,
accessibility_login_redirect_url="string",
honor_force_authn=False,
idp_issuer="string",
implicit_assignment=False,
accessibility_error_redirect_url="string",
admin_note="string",
accessibility_self_service=False,
hide_web=False,
logo="string",
preconfigured_app="string",
recipient="string",
request_compressed=False,
response_signed=False,
saml_signed_request_enabled=False,
saml_version="string",
signature_algorithm="string",
single_logout_certificate="string",
single_logout_issuer="string",
single_logout_url="string",
sp_issuer="string",
sso_url="string",
status="string",
subject_name_id_format="string",
subject_name_id_template="string",
user_name_template="string",
user_name_template_push_status="string",
key_years_valid=0,
user_name_template_type="string")
const samlResource = new okta.app.Saml("samlResource", {
label: "string",
inlineHookId: "string",
userNameTemplateSuffix: "string",
acsEndpoints: ["string"],
keyName: "string",
appLinksJson: "string",
appSettingsJson: "string",
assertionSigned: false,
attributeStatements: [{
name: "string",
filterType: "string",
filterValue: "string",
namespace: "string",
type: "string",
values: ["string"],
}],
audience: "string",
authenticationPolicy: "string",
authnContextClassRef: "string",
autoSubmitToolbar: false,
defaultRelayState: "string",
destination: "string",
digestAlgorithm: "string",
enduserNote: "string",
hideIos: false,
accessibilityLoginRedirectUrl: "string",
honorForceAuthn: false,
idpIssuer: "string",
implicitAssignment: false,
accessibilityErrorRedirectUrl: "string",
adminNote: "string",
accessibilitySelfService: false,
hideWeb: false,
logo: "string",
preconfiguredApp: "string",
recipient: "string",
requestCompressed: false,
responseSigned: false,
samlSignedRequestEnabled: false,
samlVersion: "string",
signatureAlgorithm: "string",
singleLogoutCertificate: "string",
singleLogoutIssuer: "string",
singleLogoutUrl: "string",
spIssuer: "string",
ssoUrl: "string",
status: "string",
subjectNameIdFormat: "string",
subjectNameIdTemplate: "string",
userNameTemplate: "string",
userNameTemplatePushStatus: "string",
keyYearsValid: 0,
userNameTemplateType: "string",
});
type: okta:app:Saml
properties:
accessibilityErrorRedirectUrl: string
accessibilityLoginRedirectUrl: string
accessibilitySelfService: false
acsEndpoints:
- string
adminNote: string
appLinksJson: string
appSettingsJson: string
assertionSigned: false
attributeStatements:
- filterType: string
filterValue: string
name: string
namespace: string
type: string
values:
- string
audience: string
authenticationPolicy: string
authnContextClassRef: string
autoSubmitToolbar: false
defaultRelayState: string
destination: string
digestAlgorithm: string
enduserNote: string
hideIos: false
hideWeb: false
honorForceAuthn: false
idpIssuer: string
implicitAssignment: false
inlineHookId: string
keyName: string
keyYearsValid: 0
label: string
logo: string
preconfiguredApp: string
recipient: string
requestCompressed: false
responseSigned: false
samlSignedRequestEnabled: false
samlVersion: string
signatureAlgorithm: string
singleLogoutCertificate: string
singleLogoutIssuer: string
singleLogoutUrl: string
spIssuer: string
ssoUrl: string
status: string
subjectNameIdFormat: string
subjectNameIdTemplate: string
userNameTemplate: string
userNameTemplatePushStatus: string
userNameTemplateSuffix: string
userNameTemplateType: string
Saml Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Saml resource accepts the following input properties:
- Label string
- The Application's display name.
- Accessibility
Error stringRedirect Url - Custom error page URL
- Accessibility
Login stringRedirect Url - Custom login page URL
- Accessibility
Self boolService - Enable self service. Default is
false
- Acs
Endpoints List<string> - An array of ACS endpoints. You can configure a maximum of 100 endpoints.
- Admin
Note string - Application notes for admins.
- App
Links stringJson - Displays specific appLinks for the app. The value for each application link should be boolean.
- App
Settings stringJson - Application settings in JSON format
- Assertion
Signed bool - Determines whether the SAML assertion is digitally signed
- Attribute
Statements List<SamlAttribute Statement> - Audience string
- Audience Restriction
- Authentication
Policy string - The ID of the associated
app_signon_policy
. If this property is removed from the application thedefault
sign-on-policy will be associated with this application.y - Authn
Context stringClass Ref - Identifies the SAML authentication context class for the assertion’s authentication statement
- Auto
Submit boolToolbar - Display auto submit toolbar. Default is:
false
- Default
Relay stringState - Identifies a specific application resource in an IDP initiated SSO scenario.
- Destination string
- Identifies the location where the SAML response is intended to be sent inside of the SAML assertion
- Digest
Algorithm string - Determines the digest algorithm used to digitally sign the SAML assertion and response
- Enduser
Note string - Application notes for end users.
- Hide
Ios bool - Do not display application icon on mobile app
- Hide
Web bool - Do not display application icon to users
- Honor
Force boolAuthn - Prompt user to re-authenticate if SP asks for it. Default is:
false
- Idp
Issuer string - SAML issuer ID
- Implicit
Assignment bool - Early Access Property. Enable Federation Broker Mode.
- Inline
Hook stringId - Saml Inline Hook setting
- Key
Name string - Certificate name. This modulates the rotation of keys. New name == new key. Required to be set with
key_years_valid
- Key
Years intValid - Number of years the certificate is valid (2 - 10 years).
- Logo string
- Local file path to the logo. The file must be in PNG, JPG, or GIF format, and less than 1 MB in size.
- Preconfigured
App string - Name of application from the Okta Integration Network. For instance 'slack'. If not included a custom app will be created. If not provided the following arguments are required: 'ssourl' 'recipient' 'destination' 'audience' 'subjectnameidtemplate' 'subjectnameidformat' 'signaturealgorithm' 'digestalgorithm' 'authncontextclassref'
- Recipient string
- The location where the app may present the SAML assertion
- Request
Compressed bool - Denotes whether the request is compressed or not.
- Response
Signed bool - Determines whether the SAML auth response message is digitally signed
- Saml
Signed boolRequest Enabled - SAML Signed Request enabled
- Saml
Version string - SAML version for the app's sign-on mode. Valid values are:
2.0
or1.1
. Default is2.0
- Signature
Algorithm string - Signature algorithm used to digitally sign the assertion and response
- Single
Logout stringCertificate - x509 encoded certificate that the Service Provider uses to sign Single Logout requests. Note: should be provided without
-----BEGIN CERTIFICATE-----
and-----END CERTIFICATE-----
, see official documentation. - Single
Logout stringIssuer - The issuer of the Service Provider that generates the Single Logout request
- Single
Logout stringUrl - The location where the logout response is sent
- Sp
Issuer string - SAML SP issuer ID
- Sso
Url string - Single Sign On URL
- Status string
- Status of application. By default, it is
ACTIVE
- Subject
Name stringId Format - Identifies the SAML processing rules.
- Subject
Name stringId Template - Template for app user's username when a user is assigned to the app
- User
Name stringTemplate - Username template. Default:
${source.login}
- User
Name stringTemplate Push Status - Push username on update. Valid values:
PUSH
andDONT_PUSH
- User
Name stringTemplate Suffix - Username template suffix
- User
Name stringTemplate Type - Username template type. Default:
BUILT_IN
- Label string
- The Application's display name.
- Accessibility
Error stringRedirect Url - Custom error page URL
- Accessibility
Login stringRedirect Url - Custom login page URL
- Accessibility
Self boolService - Enable self service. Default is
false
- Acs
Endpoints []string - An array of ACS endpoints. You can configure a maximum of 100 endpoints.
- Admin
Note string - Application notes for admins.
- App
Links stringJson - Displays specific appLinks for the app. The value for each application link should be boolean.
- App
Settings stringJson - Application settings in JSON format
- Assertion
Signed bool - Determines whether the SAML assertion is digitally signed
- Attribute
Statements []SamlAttribute Statement Args - Audience string
- Audience Restriction
- Authentication
Policy string - The ID of the associated
app_signon_policy
. If this property is removed from the application thedefault
sign-on-policy will be associated with this application.y - Authn
Context stringClass Ref - Identifies the SAML authentication context class for the assertion’s authentication statement
- Auto
Submit boolToolbar - Display auto submit toolbar. Default is:
false
- Default
Relay stringState - Identifies a specific application resource in an IDP initiated SSO scenario.
- Destination string
- Identifies the location where the SAML response is intended to be sent inside of the SAML assertion
- Digest
Algorithm string - Determines the digest algorithm used to digitally sign the SAML assertion and response
- Enduser
Note string - Application notes for end users.
- Hide
Ios bool - Do not display application icon on mobile app
- Hide
Web bool - Do not display application icon to users
- Honor
Force boolAuthn - Prompt user to re-authenticate if SP asks for it. Default is:
false
- Idp
Issuer string - SAML issuer ID
- Implicit
Assignment bool - Early Access Property. Enable Federation Broker Mode.
- Inline
Hook stringId - Saml Inline Hook setting
- Key
Name string - Certificate name. This modulates the rotation of keys. New name == new key. Required to be set with
key_years_valid
- Key
Years intValid - Number of years the certificate is valid (2 - 10 years).
- Logo string
- Local file path to the logo. The file must be in PNG, JPG, or GIF format, and less than 1 MB in size.
- Preconfigured
App string - Name of application from the Okta Integration Network. For instance 'slack'. If not included a custom app will be created. If not provided the following arguments are required: 'ssourl' 'recipient' 'destination' 'audience' 'subjectnameidtemplate' 'subjectnameidformat' 'signaturealgorithm' 'digestalgorithm' 'authncontextclassref'
- Recipient string
- The location where the app may present the SAML assertion
- Request
Compressed bool - Denotes whether the request is compressed or not.
- Response
Signed bool - Determines whether the SAML auth response message is digitally signed
- Saml
Signed boolRequest Enabled - SAML Signed Request enabled
- Saml
Version string - SAML version for the app's sign-on mode. Valid values are:
2.0
or1.1
. Default is2.0
- Signature
Algorithm string - Signature algorithm used to digitally sign the assertion and response
- Single
Logout stringCertificate - x509 encoded certificate that the Service Provider uses to sign Single Logout requests. Note: should be provided without
-----BEGIN CERTIFICATE-----
and-----END CERTIFICATE-----
, see official documentation. - Single
Logout stringIssuer - The issuer of the Service Provider that generates the Single Logout request
- Single
Logout stringUrl - The location where the logout response is sent
- Sp
Issuer string - SAML SP issuer ID
- Sso
Url string - Single Sign On URL
- Status string
- Status of application. By default, it is
ACTIVE
- Subject
Name stringId Format - Identifies the SAML processing rules.
- Subject
Name stringId Template - Template for app user's username when a user is assigned to the app
- User
Name stringTemplate - Username template. Default:
${source.login}
- User
Name stringTemplate Push Status - Push username on update. Valid values:
PUSH
andDONT_PUSH
- User
Name stringTemplate Suffix - Username template suffix
- User
Name stringTemplate Type - Username template type. Default:
BUILT_IN
- label String
- The Application's display name.
- accessibility
Error StringRedirect Url - Custom error page URL
- accessibility
Login StringRedirect Url - Custom login page URL
- accessibility
Self BooleanService - Enable self service. Default is
false
- acs
Endpoints List<String> - An array of ACS endpoints. You can configure a maximum of 100 endpoints.
- admin
Note String - Application notes for admins.
- app
Links StringJson - Displays specific appLinks for the app. The value for each application link should be boolean.
- app
Settings StringJson - Application settings in JSON format
- assertion
Signed Boolean - Determines whether the SAML assertion is digitally signed
- attribute
Statements List<SamlAttribute Statement> - audience String
- Audience Restriction
- authentication
Policy String - The ID of the associated
app_signon_policy
. If this property is removed from the application thedefault
sign-on-policy will be associated with this application.y - authn
Context StringClass Ref - Identifies the SAML authentication context class for the assertion’s authentication statement
- auto
Submit BooleanToolbar - Display auto submit toolbar. Default is:
false
- default
Relay StringState - Identifies a specific application resource in an IDP initiated SSO scenario.
- destination String
- Identifies the location where the SAML response is intended to be sent inside of the SAML assertion
- digest
Algorithm String - Determines the digest algorithm used to digitally sign the SAML assertion and response
- enduser
Note String - Application notes for end users.
- hide
Ios Boolean - Do not display application icon on mobile app
- hide
Web Boolean - Do not display application icon to users
- honor
Force BooleanAuthn - Prompt user to re-authenticate if SP asks for it. Default is:
false
- idp
Issuer String - SAML issuer ID
- implicit
Assignment Boolean - Early Access Property. Enable Federation Broker Mode.
- inline
Hook StringId - Saml Inline Hook setting
- key
Name String - Certificate name. This modulates the rotation of keys. New name == new key. Required to be set with
key_years_valid
- key
Years IntegerValid - Number of years the certificate is valid (2 - 10 years).
- logo String
- Local file path to the logo. The file must be in PNG, JPG, or GIF format, and less than 1 MB in size.
- preconfigured
App String - Name of application from the Okta Integration Network. For instance 'slack'. If not included a custom app will be created. If not provided the following arguments are required: 'ssourl' 'recipient' 'destination' 'audience' 'subjectnameidtemplate' 'subjectnameidformat' 'signaturealgorithm' 'digestalgorithm' 'authncontextclassref'
- recipient String
- The location where the app may present the SAML assertion
- request
Compressed Boolean - Denotes whether the request is compressed or not.
- response
Signed Boolean - Determines whether the SAML auth response message is digitally signed
- saml
Signed BooleanRequest Enabled - SAML Signed Request enabled
- saml
Version String - SAML version for the app's sign-on mode. Valid values are:
2.0
or1.1
. Default is2.0
- signature
Algorithm String - Signature algorithm used to digitally sign the assertion and response
- single
Logout StringCertificate - x509 encoded certificate that the Service Provider uses to sign Single Logout requests. Note: should be provided without
-----BEGIN CERTIFICATE-----
and-----END CERTIFICATE-----
, see official documentation. - single
Logout StringIssuer - The issuer of the Service Provider that generates the Single Logout request
- single
Logout StringUrl - The location where the logout response is sent
- sp
Issuer String - SAML SP issuer ID
- sso
Url String - Single Sign On URL
- status String
- Status of application. By default, it is
ACTIVE
- subject
Name StringId Format - Identifies the SAML processing rules.
- subject
Name StringId Template - Template for app user's username when a user is assigned to the app
- user
Name StringTemplate - Username template. Default:
${source.login}
- user
Name StringTemplate Push Status - Push username on update. Valid values:
PUSH
andDONT_PUSH
- user
Name StringTemplate Suffix - Username template suffix
- user
Name StringTemplate Type - Username template type. Default:
BUILT_IN
- label string
- The Application's display name.
- accessibility
Error stringRedirect Url - Custom error page URL
- accessibility
Login stringRedirect Url - Custom login page URL
- accessibility
Self booleanService - Enable self service. Default is
false
- acs
Endpoints string[] - An array of ACS endpoints. You can configure a maximum of 100 endpoints.
- admin
Note string - Application notes for admins.
- app
Links stringJson - Displays specific appLinks for the app. The value for each application link should be boolean.
- app
Settings stringJson - Application settings in JSON format
- assertion
Signed boolean - Determines whether the SAML assertion is digitally signed
- attribute
Statements SamlAttribute Statement[] - audience string
- Audience Restriction
- authentication
Policy string - The ID of the associated
app_signon_policy
. If this property is removed from the application thedefault
sign-on-policy will be associated with this application.y - authn
Context stringClass Ref - Identifies the SAML authentication context class for the assertion’s authentication statement
- auto
Submit booleanToolbar - Display auto submit toolbar. Default is:
false
- default
Relay stringState - Identifies a specific application resource in an IDP initiated SSO scenario.
- destination string
- Identifies the location where the SAML response is intended to be sent inside of the SAML assertion
- digest
Algorithm string - Determines the digest algorithm used to digitally sign the SAML assertion and response
- enduser
Note string - Application notes for end users.
- hide
Ios boolean - Do not display application icon on mobile app
- hide
Web boolean - Do not display application icon to users
- honor
Force booleanAuthn - Prompt user to re-authenticate if SP asks for it. Default is:
false
- idp
Issuer string - SAML issuer ID
- implicit
Assignment boolean - Early Access Property. Enable Federation Broker Mode.
- inline
Hook stringId - Saml Inline Hook setting
- key
Name string - Certificate name. This modulates the rotation of keys. New name == new key. Required to be set with
key_years_valid
- key
Years numberValid - Number of years the certificate is valid (2 - 10 years).
- logo string
- Local file path to the logo. The file must be in PNG, JPG, or GIF format, and less than 1 MB in size.
- preconfigured
App string - Name of application from the Okta Integration Network. For instance 'slack'. If not included a custom app will be created. If not provided the following arguments are required: 'ssourl' 'recipient' 'destination' 'audience' 'subjectnameidtemplate' 'subjectnameidformat' 'signaturealgorithm' 'digestalgorithm' 'authncontextclassref'
- recipient string
- The location where the app may present the SAML assertion
- request
Compressed boolean - Denotes whether the request is compressed or not.
- response
Signed boolean - Determines whether the SAML auth response message is digitally signed
- saml
Signed booleanRequest Enabled - SAML Signed Request enabled
- saml
Version string - SAML version for the app's sign-on mode. Valid values are:
2.0
or1.1
. Default is2.0
- signature
Algorithm string - Signature algorithm used to digitally sign the assertion and response
- single
Logout stringCertificate - x509 encoded certificate that the Service Provider uses to sign Single Logout requests. Note: should be provided without
-----BEGIN CERTIFICATE-----
and-----END CERTIFICATE-----
, see official documentation. - single
Logout stringIssuer - The issuer of the Service Provider that generates the Single Logout request
- single
Logout stringUrl - The location where the logout response is sent
- sp
Issuer string - SAML SP issuer ID
- sso
Url string - Single Sign On URL
- status string
- Status of application. By default, it is
ACTIVE
- subject
Name stringId Format - Identifies the SAML processing rules.
- subject
Name stringId Template - Template for app user's username when a user is assigned to the app
- user
Name stringTemplate - Username template. Default:
${source.login}
- user
Name stringTemplate Push Status - Push username on update. Valid values:
PUSH
andDONT_PUSH
- user
Name stringTemplate Suffix - Username template suffix
- user
Name stringTemplate Type - Username template type. Default:
BUILT_IN
- label str
- The Application's display name.
- accessibility_
error_ strredirect_ url - Custom error page URL
- accessibility_
login_ strredirect_ url - Custom login page URL
- accessibility_
self_ boolservice - Enable self service. Default is
false
- acs_
endpoints Sequence[str] - An array of ACS endpoints. You can configure a maximum of 100 endpoints.
- admin_
note str - Application notes for admins.
- app_
links_ strjson - Displays specific appLinks for the app. The value for each application link should be boolean.
- app_
settings_ strjson - Application settings in JSON format
- assertion_
signed bool - Determines whether the SAML assertion is digitally signed
- attribute_
statements Sequence[SamlAttribute Statement Args] - audience str
- Audience Restriction
- authentication_
policy str - The ID of the associated
app_signon_policy
. If this property is removed from the application thedefault
sign-on-policy will be associated with this application.y - authn_
context_ strclass_ ref - Identifies the SAML authentication context class for the assertion’s authentication statement
- auto_
submit_ booltoolbar - Display auto submit toolbar. Default is:
false
- default_
relay_ strstate - Identifies a specific application resource in an IDP initiated SSO scenario.
- destination str
- Identifies the location where the SAML response is intended to be sent inside of the SAML assertion
- digest_
algorithm str - Determines the digest algorithm used to digitally sign the SAML assertion and response
- enduser_
note str - Application notes for end users.
- hide_
ios bool - Do not display application icon on mobile app
- hide_
web bool - Do not display application icon to users
- honor_
force_ boolauthn - Prompt user to re-authenticate if SP asks for it. Default is:
false
- idp_
issuer str - SAML issuer ID
- implicit_
assignment bool - Early Access Property. Enable Federation Broker Mode.
- inline_
hook_ strid - Saml Inline Hook setting
- key_
name str - Certificate name. This modulates the rotation of keys. New name == new key. Required to be set with
key_years_valid
- key_
years_ intvalid - Number of years the certificate is valid (2 - 10 years).
- logo str
- Local file path to the logo. The file must be in PNG, JPG, or GIF format, and less than 1 MB in size.
- preconfigured_
app str - Name of application from the Okta Integration Network. For instance 'slack'. If not included a custom app will be created. If not provided the following arguments are required: 'ssourl' 'recipient' 'destination' 'audience' 'subjectnameidtemplate' 'subjectnameidformat' 'signaturealgorithm' 'digestalgorithm' 'authncontextclassref'
- recipient str
- The location where the app may present the SAML assertion
- request_
compressed bool - Denotes whether the request is compressed or not.
- response_
signed bool - Determines whether the SAML auth response message is digitally signed
- saml_
signed_ boolrequest_ enabled - SAML Signed Request enabled
- saml_
version str - SAML version for the app's sign-on mode. Valid values are:
2.0
or1.1
. Default is2.0
- signature_
algorithm str - Signature algorithm used to digitally sign the assertion and response
- single_
logout_ strcertificate - x509 encoded certificate that the Service Provider uses to sign Single Logout requests. Note: should be provided without
-----BEGIN CERTIFICATE-----
and-----END CERTIFICATE-----
, see official documentation. - single_
logout_ strissuer - The issuer of the Service Provider that generates the Single Logout request
- single_
logout_ strurl - The location where the logout response is sent
- sp_
issuer str - SAML SP issuer ID
- sso_
url str - Single Sign On URL
- status str
- Status of application. By default, it is
ACTIVE
- subject_
name_ strid_ format - Identifies the SAML processing rules.
- subject_
name_ strid_ template - Template for app user's username when a user is assigned to the app
- user_
name_ strtemplate - Username template. Default:
${source.login}
- user_
name_ strtemplate_ push_ status - Push username on update. Valid values:
PUSH
andDONT_PUSH
- user_
name_ strtemplate_ suffix - Username template suffix
- user_
name_ strtemplate_ type - Username template type. Default:
BUILT_IN
- label String
- The Application's display name.
- accessibility
Error StringRedirect Url - Custom error page URL
- accessibility
Login StringRedirect Url - Custom login page URL
- accessibility
Self BooleanService - Enable self service. Default is
false
- acs
Endpoints List<String> - An array of ACS endpoints. You can configure a maximum of 100 endpoints.
- admin
Note String - Application notes for admins.
- app
Links StringJson - Displays specific appLinks for the app. The value for each application link should be boolean.
- app
Settings StringJson - Application settings in JSON format
- assertion
Signed Boolean - Determines whether the SAML assertion is digitally signed
- attribute
Statements List<Property Map> - audience String
- Audience Restriction
- authentication
Policy String - The ID of the associated
app_signon_policy
. If this property is removed from the application thedefault
sign-on-policy will be associated with this application.y - authn
Context StringClass Ref - Identifies the SAML authentication context class for the assertion’s authentication statement
- auto
Submit BooleanToolbar - Display auto submit toolbar. Default is:
false
- default
Relay StringState - Identifies a specific application resource in an IDP initiated SSO scenario.
- destination String
- Identifies the location where the SAML response is intended to be sent inside of the SAML assertion
- digest
Algorithm String - Determines the digest algorithm used to digitally sign the SAML assertion and response
- enduser
Note String - Application notes for end users.
- hide
Ios Boolean - Do not display application icon on mobile app
- hide
Web Boolean - Do not display application icon to users
- honor
Force BooleanAuthn - Prompt user to re-authenticate if SP asks for it. Default is:
false
- idp
Issuer String - SAML issuer ID
- implicit
Assignment Boolean - Early Access Property. Enable Federation Broker Mode.
- inline
Hook StringId - Saml Inline Hook setting
- key
Name String - Certificate name. This modulates the rotation of keys. New name == new key. Required to be set with
key_years_valid
- key
Years NumberValid - Number of years the certificate is valid (2 - 10 years).
- logo String
- Local file path to the logo. The file must be in PNG, JPG, or GIF format, and less than 1 MB in size.
- preconfigured
App String - Name of application from the Okta Integration Network. For instance 'slack'. If not included a custom app will be created. If not provided the following arguments are required: 'ssourl' 'recipient' 'destination' 'audience' 'subjectnameidtemplate' 'subjectnameidformat' 'signaturealgorithm' 'digestalgorithm' 'authncontextclassref'
- recipient String
- The location where the app may present the SAML assertion
- request
Compressed Boolean - Denotes whether the request is compressed or not.
- response
Signed Boolean - Determines whether the SAML auth response message is digitally signed
- saml
Signed BooleanRequest Enabled - SAML Signed Request enabled
- saml
Version String - SAML version for the app's sign-on mode. Valid values are:
2.0
or1.1
. Default is2.0
- signature
Algorithm String - Signature algorithm used to digitally sign the assertion and response
- single
Logout StringCertificate - x509 encoded certificate that the Service Provider uses to sign Single Logout requests. Note: should be provided without
-----BEGIN CERTIFICATE-----
and-----END CERTIFICATE-----
, see official documentation. - single
Logout StringIssuer - The issuer of the Service Provider that generates the Single Logout request
- single
Logout StringUrl - The location where the logout response is sent
- sp
Issuer String - SAML SP issuer ID
- sso
Url String - Single Sign On URL
- status String
- Status of application. By default, it is
ACTIVE
- subject
Name StringId Format - Identifies the SAML processing rules.
- subject
Name StringId Template - Template for app user's username when a user is assigned to the app
- user
Name StringTemplate - Username template. Default:
${source.login}
- user
Name StringTemplate Push Status - Push username on update. Valid values:
PUSH
andDONT_PUSH
- user
Name StringTemplate Suffix - Username template suffix
- user
Name StringTemplate Type - Username template type. Default:
BUILT_IN
Outputs
All input properties are implicitly available as output properties. Additionally, the Saml resource produces the following output properties:
- Certificate string
- cert from SAML XML metadata payload
- Embed
Url string - The url that can be used to embed this application in other portals.
- Entity
Key string - Entity ID, the ID portion of the entity_url
- Entity
Url string - Entity URL for instance http://www.okta.com/exk1fcia6d6EMsf331d8
- Features List<string>
- features to enable
- Http
Post stringBinding - urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Post location from the SAML metadata.
- Http
Redirect stringBinding - urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect location from the SAML metadata.
- Id string
- The provider-assigned unique ID for this managed resource.
- Key
Id string - Certificate ID
- Keys
List<Saml
Key> - Application keys
- Logo
Url string - URL of the application's logo
- Metadata string
- SAML xml metadata payload
- Metadata
Url string - SAML xml metadata URL
- Name string
- Name of the app.
- Sign
On stringMode - Sign on mode of application.
- Certificate string
- cert from SAML XML metadata payload
- Embed
Url string - The url that can be used to embed this application in other portals.
- Entity
Key string - Entity ID, the ID portion of the entity_url
- Entity
Url string - Entity URL for instance http://www.okta.com/exk1fcia6d6EMsf331d8
- Features []string
- features to enable
- Http
Post stringBinding - urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Post location from the SAML metadata.
- Http
Redirect stringBinding - urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect location from the SAML metadata.
- Id string
- The provider-assigned unique ID for this managed resource.
- Key
Id string - Certificate ID
- Keys
[]Saml
Key - Application keys
- Logo
Url string - URL of the application's logo
- Metadata string
- SAML xml metadata payload
- Metadata
Url string - SAML xml metadata URL
- Name string
- Name of the app.
- Sign
On stringMode - Sign on mode of application.
- certificate String
- cert from SAML XML metadata payload
- embed
Url String - The url that can be used to embed this application in other portals.
- entity
Key String - Entity ID, the ID portion of the entity_url
- entity
Url String - Entity URL for instance http://www.okta.com/exk1fcia6d6EMsf331d8
- features List<String>
- features to enable
- http
Post StringBinding - urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Post location from the SAML metadata.
- http
Redirect StringBinding - urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect location from the SAML metadata.
- id String
- The provider-assigned unique ID for this managed resource.
- key
Id String - Certificate ID
- keys
List<Saml
Key> - Application keys
- logo
Url String - URL of the application's logo
- metadata String
- SAML xml metadata payload
- metadata
Url String - SAML xml metadata URL
- name String
- Name of the app.
- sign
On StringMode - Sign on mode of application.
- certificate string
- cert from SAML XML metadata payload
- embed
Url string - The url that can be used to embed this application in other portals.
- entity
Key string - Entity ID, the ID portion of the entity_url
- entity
Url string - Entity URL for instance http://www.okta.com/exk1fcia6d6EMsf331d8
- features string[]
- features to enable
- http
Post stringBinding - urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Post location from the SAML metadata.
- http
Redirect stringBinding - urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect location from the SAML metadata.
- id string
- The provider-assigned unique ID for this managed resource.
- key
Id string - Certificate ID
- keys
Saml
Key[] - Application keys
- logo
Url string - URL of the application's logo
- metadata string
- SAML xml metadata payload
- metadata
Url string - SAML xml metadata URL
- name string
- Name of the app.
- sign
On stringMode - Sign on mode of application.
- certificate str
- cert from SAML XML metadata payload
- embed_
url str - The url that can be used to embed this application in other portals.
- entity_
key str - Entity ID, the ID portion of the entity_url
- entity_
url str - Entity URL for instance http://www.okta.com/exk1fcia6d6EMsf331d8
- features Sequence[str]
- features to enable
- http_
post_ strbinding - urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Post location from the SAML metadata.
- http_
redirect_ strbinding - urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect location from the SAML metadata.
- id str
- The provider-assigned unique ID for this managed resource.
- key_
id str - Certificate ID
- keys
Sequence[Saml
Key] - Application keys
- logo_
url str - URL of the application's logo
- metadata str
- SAML xml metadata payload
- metadata_
url str - SAML xml metadata URL
- name str
- Name of the app.
- sign_
on_ strmode - Sign on mode of application.
- certificate String
- cert from SAML XML metadata payload
- embed
Url String - The url that can be used to embed this application in other portals.
- entity
Key String - Entity ID, the ID portion of the entity_url
- entity
Url String - Entity URL for instance http://www.okta.com/exk1fcia6d6EMsf331d8
- features List<String>
- features to enable
- http
Post StringBinding - urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Post location from the SAML metadata.
- http
Redirect StringBinding - urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect location from the SAML metadata.
- id String
- The provider-assigned unique ID for this managed resource.
- key
Id String - Certificate ID
- keys List<Property Map>
- Application keys
- logo
Url String - URL of the application's logo
- metadata String
- SAML xml metadata payload
- metadata
Url String - SAML xml metadata URL
- name String
- Name of the app.
- sign
On StringMode - Sign on mode of application.
Look up Existing Saml Resource
Get an existing Saml resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: SamlState, opts?: CustomResourceOptions): Saml
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
accessibility_error_redirect_url: Optional[str] = None,
accessibility_login_redirect_url: Optional[str] = None,
accessibility_self_service: Optional[bool] = None,
acs_endpoints: Optional[Sequence[str]] = None,
admin_note: Optional[str] = None,
app_links_json: Optional[str] = None,
app_settings_json: Optional[str] = None,
assertion_signed: Optional[bool] = None,
attribute_statements: Optional[Sequence[SamlAttributeStatementArgs]] = None,
audience: Optional[str] = None,
authentication_policy: Optional[str] = None,
authn_context_class_ref: Optional[str] = None,
auto_submit_toolbar: Optional[bool] = None,
certificate: Optional[str] = None,
default_relay_state: Optional[str] = None,
destination: Optional[str] = None,
digest_algorithm: Optional[str] = None,
embed_url: Optional[str] = None,
enduser_note: Optional[str] = None,
entity_key: Optional[str] = None,
entity_url: Optional[str] = None,
features: Optional[Sequence[str]] = None,
hide_ios: Optional[bool] = None,
hide_web: Optional[bool] = None,
honor_force_authn: Optional[bool] = None,
http_post_binding: Optional[str] = None,
http_redirect_binding: Optional[str] = None,
idp_issuer: Optional[str] = None,
implicit_assignment: Optional[bool] = None,
inline_hook_id: Optional[str] = None,
key_id: Optional[str] = None,
key_name: Optional[str] = None,
key_years_valid: Optional[int] = None,
keys: Optional[Sequence[SamlKeyArgs]] = None,
label: Optional[str] = None,
logo: Optional[str] = None,
logo_url: Optional[str] = None,
metadata: Optional[str] = None,
metadata_url: Optional[str] = None,
name: Optional[str] = None,
preconfigured_app: Optional[str] = None,
recipient: Optional[str] = None,
request_compressed: Optional[bool] = None,
response_signed: Optional[bool] = None,
saml_signed_request_enabled: Optional[bool] = None,
saml_version: Optional[str] = None,
sign_on_mode: Optional[str] = None,
signature_algorithm: Optional[str] = None,
single_logout_certificate: Optional[str] = None,
single_logout_issuer: Optional[str] = None,
single_logout_url: Optional[str] = None,
sp_issuer: Optional[str] = None,
sso_url: Optional[str] = None,
status: Optional[str] = None,
subject_name_id_format: Optional[str] = None,
subject_name_id_template: Optional[str] = None,
user_name_template: Optional[str] = None,
user_name_template_push_status: Optional[str] = None,
user_name_template_suffix: Optional[str] = None,
user_name_template_type: Optional[str] = None) -> Saml
func GetSaml(ctx *Context, name string, id IDInput, state *SamlState, opts ...ResourceOption) (*Saml, error)
public static Saml Get(string name, Input<string> id, SamlState? state, CustomResourceOptions? opts = null)
public static Saml get(String name, Output<String> id, SamlState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Accessibility
Error stringRedirect Url - Custom error page URL
- Accessibility
Login stringRedirect Url - Custom login page URL
- Accessibility
Self boolService - Enable self service. Default is
false
- Acs
Endpoints List<string> - An array of ACS endpoints. You can configure a maximum of 100 endpoints.
- Admin
Note string - Application notes for admins.
- App
Links stringJson - Displays specific appLinks for the app. The value for each application link should be boolean.
- App
Settings stringJson - Application settings in JSON format
- Assertion
Signed bool - Determines whether the SAML assertion is digitally signed
- Attribute
Statements List<SamlAttribute Statement> - Audience string
- Audience Restriction
- Authentication
Policy string - The ID of the associated
app_signon_policy
. If this property is removed from the application thedefault
sign-on-policy will be associated with this application.y - Authn
Context stringClass Ref - Identifies the SAML authentication context class for the assertion’s authentication statement
- Auto
Submit boolToolbar - Display auto submit toolbar. Default is:
false
- Certificate string
- cert from SAML XML metadata payload
- Default
Relay stringState - Identifies a specific application resource in an IDP initiated SSO scenario.
- Destination string
- Identifies the location where the SAML response is intended to be sent inside of the SAML assertion
- Digest
Algorithm string - Determines the digest algorithm used to digitally sign the SAML assertion and response
- Embed
Url string - The url that can be used to embed this application in other portals.
- Enduser
Note string - Application notes for end users.
- Entity
Key string - Entity ID, the ID portion of the entity_url
- Entity
Url string - Entity URL for instance http://www.okta.com/exk1fcia6d6EMsf331d8
- Features List<string>
- features to enable
- Hide
Ios bool - Do not display application icon on mobile app
- Hide
Web bool - Do not display application icon to users
- Honor
Force boolAuthn - Prompt user to re-authenticate if SP asks for it. Default is:
false
- Http
Post stringBinding - urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Post location from the SAML metadata.
- Http
Redirect stringBinding - urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect location from the SAML metadata.
- Idp
Issuer string - SAML issuer ID
- Implicit
Assignment bool - Early Access Property. Enable Federation Broker Mode.
- Inline
Hook stringId - Saml Inline Hook setting
- Key
Id string - Certificate ID
- Key
Name string - Certificate name. This modulates the rotation of keys. New name == new key. Required to be set with
key_years_valid
- Key
Years intValid - Number of years the certificate is valid (2 - 10 years).
- Keys
List<Saml
Key> - Application keys
- Label string
- The Application's display name.
- Logo string
- Local file path to the logo. The file must be in PNG, JPG, or GIF format, and less than 1 MB in size.
- Logo
Url string - URL of the application's logo
- Metadata string
- SAML xml metadata payload
- Metadata
Url string - SAML xml metadata URL
- Name string
- Name of the app.
- Preconfigured
App string - Name of application from the Okta Integration Network. For instance 'slack'. If not included a custom app will be created. If not provided the following arguments are required: 'ssourl' 'recipient' 'destination' 'audience' 'subjectnameidtemplate' 'subjectnameidformat' 'signaturealgorithm' 'digestalgorithm' 'authncontextclassref'
- Recipient string
- The location where the app may present the SAML assertion
- Request
Compressed bool - Denotes whether the request is compressed or not.
- Response
Signed bool - Determines whether the SAML auth response message is digitally signed
- Saml
Signed boolRequest Enabled - SAML Signed Request enabled
- Saml
Version string - SAML version for the app's sign-on mode. Valid values are:
2.0
or1.1
. Default is2.0
- Sign
On stringMode - Sign on mode of application.
- Signature
Algorithm string - Signature algorithm used to digitally sign the assertion and response
- Single
Logout stringCertificate - x509 encoded certificate that the Service Provider uses to sign Single Logout requests. Note: should be provided without
-----BEGIN CERTIFICATE-----
and-----END CERTIFICATE-----
, see official documentation. - Single
Logout stringIssuer - The issuer of the Service Provider that generates the Single Logout request
- Single
Logout stringUrl - The location where the logout response is sent
- Sp
Issuer string - SAML SP issuer ID
- Sso
Url string - Single Sign On URL
- Status string
- Status of application. By default, it is
ACTIVE
- Subject
Name stringId Format - Identifies the SAML processing rules.
- Subject
Name stringId Template - Template for app user's username when a user is assigned to the app
- User
Name stringTemplate - Username template. Default:
${source.login}
- User
Name stringTemplate Push Status - Push username on update. Valid values:
PUSH
andDONT_PUSH
- User
Name stringTemplate Suffix - Username template suffix
- User
Name stringTemplate Type - Username template type. Default:
BUILT_IN
- Accessibility
Error stringRedirect Url - Custom error page URL
- Accessibility
Login stringRedirect Url - Custom login page URL
- Accessibility
Self boolService - Enable self service. Default is
false
- Acs
Endpoints []string - An array of ACS endpoints. You can configure a maximum of 100 endpoints.
- Admin
Note string - Application notes for admins.
- App
Links stringJson - Displays specific appLinks for the app. The value for each application link should be boolean.
- App
Settings stringJson - Application settings in JSON format
- Assertion
Signed bool - Determines whether the SAML assertion is digitally signed
- Attribute
Statements []SamlAttribute Statement Args - Audience string
- Audience Restriction
- Authentication
Policy string - The ID of the associated
app_signon_policy
. If this property is removed from the application thedefault
sign-on-policy will be associated with this application.y - Authn
Context stringClass Ref - Identifies the SAML authentication context class for the assertion’s authentication statement
- Auto
Submit boolToolbar - Display auto submit toolbar. Default is:
false
- Certificate string
- cert from SAML XML metadata payload
- Default
Relay stringState - Identifies a specific application resource in an IDP initiated SSO scenario.
- Destination string
- Identifies the location where the SAML response is intended to be sent inside of the SAML assertion
- Digest
Algorithm string - Determines the digest algorithm used to digitally sign the SAML assertion and response
- Embed
Url string - The url that can be used to embed this application in other portals.
- Enduser
Note string - Application notes for end users.
- Entity
Key string - Entity ID, the ID portion of the entity_url
- Entity
Url string - Entity URL for instance http://www.okta.com/exk1fcia6d6EMsf331d8
- Features []string
- features to enable
- Hide
Ios bool - Do not display application icon on mobile app
- Hide
Web bool - Do not display application icon to users
- Honor
Force boolAuthn - Prompt user to re-authenticate if SP asks for it. Default is:
false
- Http
Post stringBinding - urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Post location from the SAML metadata.
- Http
Redirect stringBinding - urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect location from the SAML metadata.
- Idp
Issuer string - SAML issuer ID
- Implicit
Assignment bool - Early Access Property. Enable Federation Broker Mode.
- Inline
Hook stringId - Saml Inline Hook setting
- Key
Id string - Certificate ID
- Key
Name string - Certificate name. This modulates the rotation of keys. New name == new key. Required to be set with
key_years_valid
- Key
Years intValid - Number of years the certificate is valid (2 - 10 years).
- Keys
[]Saml
Key Args - Application keys
- Label string
- The Application's display name.
- Logo string
- Local file path to the logo. The file must be in PNG, JPG, or GIF format, and less than 1 MB in size.
- Logo
Url string - URL of the application's logo
- Metadata string
- SAML xml metadata payload
- Metadata
Url string - SAML xml metadata URL
- Name string
- Name of the app.
- Preconfigured
App string - Name of application from the Okta Integration Network. For instance 'slack'. If not included a custom app will be created. If not provided the following arguments are required: 'ssourl' 'recipient' 'destination' 'audience' 'subjectnameidtemplate' 'subjectnameidformat' 'signaturealgorithm' 'digestalgorithm' 'authncontextclassref'
- Recipient string
- The location where the app may present the SAML assertion
- Request
Compressed bool - Denotes whether the request is compressed or not.
- Response
Signed bool - Determines whether the SAML auth response message is digitally signed
- Saml
Signed boolRequest Enabled - SAML Signed Request enabled
- Saml
Version string - SAML version for the app's sign-on mode. Valid values are:
2.0
or1.1
. Default is2.0
- Sign
On stringMode - Sign on mode of application.
- Signature
Algorithm string - Signature algorithm used to digitally sign the assertion and response
- Single
Logout stringCertificate - x509 encoded certificate that the Service Provider uses to sign Single Logout requests. Note: should be provided without
-----BEGIN CERTIFICATE-----
and-----END CERTIFICATE-----
, see official documentation. - Single
Logout stringIssuer - The issuer of the Service Provider that generates the Single Logout request
- Single
Logout stringUrl - The location where the logout response is sent
- Sp
Issuer string - SAML SP issuer ID
- Sso
Url string - Single Sign On URL
- Status string
- Status of application. By default, it is
ACTIVE
- Subject
Name stringId Format - Identifies the SAML processing rules.
- Subject
Name stringId Template - Template for app user's username when a user is assigned to the app
- User
Name stringTemplate - Username template. Default:
${source.login}
- User
Name stringTemplate Push Status - Push username on update. Valid values:
PUSH
andDONT_PUSH
- User
Name stringTemplate Suffix - Username template suffix
- User
Name stringTemplate Type - Username template type. Default:
BUILT_IN
- accessibility
Error StringRedirect Url - Custom error page URL
- accessibility
Login StringRedirect Url - Custom login page URL
- accessibility
Self BooleanService - Enable self service. Default is
false
- acs
Endpoints List<String> - An array of ACS endpoints. You can configure a maximum of 100 endpoints.
- admin
Note String - Application notes for admins.
- app
Links StringJson - Displays specific appLinks for the app. The value for each application link should be boolean.
- app
Settings StringJson - Application settings in JSON format
- assertion
Signed Boolean - Determines whether the SAML assertion is digitally signed
- attribute
Statements List<SamlAttribute Statement> - audience String
- Audience Restriction
- authentication
Policy String - The ID of the associated
app_signon_policy
. If this property is removed from the application thedefault
sign-on-policy will be associated with this application.y - authn
Context StringClass Ref - Identifies the SAML authentication context class for the assertion’s authentication statement
- auto
Submit BooleanToolbar - Display auto submit toolbar. Default is:
false
- certificate String
- cert from SAML XML metadata payload
- default
Relay StringState - Identifies a specific application resource in an IDP initiated SSO scenario.
- destination String
- Identifies the location where the SAML response is intended to be sent inside of the SAML assertion
- digest
Algorithm String - Determines the digest algorithm used to digitally sign the SAML assertion and response
- embed
Url String - The url that can be used to embed this application in other portals.
- enduser
Note String - Application notes for end users.
- entity
Key String - Entity ID, the ID portion of the entity_url
- entity
Url String - Entity URL for instance http://www.okta.com/exk1fcia6d6EMsf331d8
- features List<String>
- features to enable
- hide
Ios Boolean - Do not display application icon on mobile app
- hide
Web Boolean - Do not display application icon to users
- honor
Force BooleanAuthn - Prompt user to re-authenticate if SP asks for it. Default is:
false
- http
Post StringBinding - urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Post location from the SAML metadata.
- http
Redirect StringBinding - urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect location from the SAML metadata.
- idp
Issuer String - SAML issuer ID
- implicit
Assignment Boolean - Early Access Property. Enable Federation Broker Mode.
- inline
Hook StringId - Saml Inline Hook setting
- key
Id String - Certificate ID
- key
Name String - Certificate name. This modulates the rotation of keys. New name == new key. Required to be set with
key_years_valid
- key
Years IntegerValid - Number of years the certificate is valid (2 - 10 years).
- keys
List<Saml
Key> - Application keys
- label String
- The Application's display name.
- logo String
- Local file path to the logo. The file must be in PNG, JPG, or GIF format, and less than 1 MB in size.
- logo
Url String - URL of the application's logo
- metadata String
- SAML xml metadata payload
- metadata
Url String - SAML xml metadata URL
- name String
- Name of the app.
- preconfigured
App String - Name of application from the Okta Integration Network. For instance 'slack'. If not included a custom app will be created. If not provided the following arguments are required: 'ssourl' 'recipient' 'destination' 'audience' 'subjectnameidtemplate' 'subjectnameidformat' 'signaturealgorithm' 'digestalgorithm' 'authncontextclassref'
- recipient String
- The location where the app may present the SAML assertion
- request
Compressed Boolean - Denotes whether the request is compressed or not.
- response
Signed Boolean - Determines whether the SAML auth response message is digitally signed
- saml
Signed BooleanRequest Enabled - SAML Signed Request enabled
- saml
Version String - SAML version for the app's sign-on mode. Valid values are:
2.0
or1.1
. Default is2.0
- sign
On StringMode - Sign on mode of application.
- signature
Algorithm String - Signature algorithm used to digitally sign the assertion and response
- single
Logout StringCertificate - x509 encoded certificate that the Service Provider uses to sign Single Logout requests. Note: should be provided without
-----BEGIN CERTIFICATE-----
and-----END CERTIFICATE-----
, see official documentation. - single
Logout StringIssuer - The issuer of the Service Provider that generates the Single Logout request
- single
Logout StringUrl - The location where the logout response is sent
- sp
Issuer String - SAML SP issuer ID
- sso
Url String - Single Sign On URL
- status String
- Status of application. By default, it is
ACTIVE
- subject
Name StringId Format - Identifies the SAML processing rules.
- subject
Name StringId Template - Template for app user's username when a user is assigned to the app
- user
Name StringTemplate - Username template. Default:
${source.login}
- user
Name StringTemplate Push Status - Push username on update. Valid values:
PUSH
andDONT_PUSH
- user
Name StringTemplate Suffix - Username template suffix
- user
Name StringTemplate Type - Username template type. Default:
BUILT_IN
- accessibility
Error stringRedirect Url - Custom error page URL
- accessibility
Login stringRedirect Url - Custom login page URL
- accessibility
Self booleanService - Enable self service. Default is
false
- acs
Endpoints string[] - An array of ACS endpoints. You can configure a maximum of 100 endpoints.
- admin
Note string - Application notes for admins.
- app
Links stringJson - Displays specific appLinks for the app. The value for each application link should be boolean.
- app
Settings stringJson - Application settings in JSON format
- assertion
Signed boolean - Determines whether the SAML assertion is digitally signed
- attribute
Statements SamlAttribute Statement[] - audience string
- Audience Restriction
- authentication
Policy string - The ID of the associated
app_signon_policy
. If this property is removed from the application thedefault
sign-on-policy will be associated with this application.y - authn
Context stringClass Ref - Identifies the SAML authentication context class for the assertion’s authentication statement
- auto
Submit booleanToolbar - Display auto submit toolbar. Default is:
false
- certificate string
- cert from SAML XML metadata payload
- default
Relay stringState - Identifies a specific application resource in an IDP initiated SSO scenario.
- destination string
- Identifies the location where the SAML response is intended to be sent inside of the SAML assertion
- digest
Algorithm string - Determines the digest algorithm used to digitally sign the SAML assertion and response
- embed
Url string - The url that can be used to embed this application in other portals.
- enduser
Note string - Application notes for end users.
- entity
Key string - Entity ID, the ID portion of the entity_url
- entity
Url string - Entity URL for instance http://www.okta.com/exk1fcia6d6EMsf331d8
- features string[]
- features to enable
- hide
Ios boolean - Do not display application icon on mobile app
- hide
Web boolean - Do not display application icon to users
- honor
Force booleanAuthn - Prompt user to re-authenticate if SP asks for it. Default is:
false
- http
Post stringBinding - urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Post location from the SAML metadata.
- http
Redirect stringBinding - urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect location from the SAML metadata.
- idp
Issuer string - SAML issuer ID
- implicit
Assignment boolean - Early Access Property. Enable Federation Broker Mode.
- inline
Hook stringId - Saml Inline Hook setting
- key
Id string - Certificate ID
- key
Name string - Certificate name. This modulates the rotation of keys. New name == new key. Required to be set with
key_years_valid
- key
Years numberValid - Number of years the certificate is valid (2 - 10 years).
- keys
Saml
Key[] - Application keys
- label string
- The Application's display name.
- logo string
- Local file path to the logo. The file must be in PNG, JPG, or GIF format, and less than 1 MB in size.
- logo
Url string - URL of the application's logo
- metadata string
- SAML xml metadata payload
- metadata
Url string - SAML xml metadata URL
- name string
- Name of the app.
- preconfigured
App string - Name of application from the Okta Integration Network. For instance 'slack'. If not included a custom app will be created. If not provided the following arguments are required: 'ssourl' 'recipient' 'destination' 'audience' 'subjectnameidtemplate' 'subjectnameidformat' 'signaturealgorithm' 'digestalgorithm' 'authncontextclassref'
- recipient string
- The location where the app may present the SAML assertion
- request
Compressed boolean - Denotes whether the request is compressed or not.
- response
Signed boolean - Determines whether the SAML auth response message is digitally signed
- saml
Signed booleanRequest Enabled - SAML Signed Request enabled
- saml
Version string - SAML version for the app's sign-on mode. Valid values are:
2.0
or1.1
. Default is2.0
- sign
On stringMode - Sign on mode of application.
- signature
Algorithm string - Signature algorithm used to digitally sign the assertion and response
- single
Logout stringCertificate - x509 encoded certificate that the Service Provider uses to sign Single Logout requests. Note: should be provided without
-----BEGIN CERTIFICATE-----
and-----END CERTIFICATE-----
, see official documentation. - single
Logout stringIssuer - The issuer of the Service Provider that generates the Single Logout request
- single
Logout stringUrl - The location where the logout response is sent
- sp
Issuer string - SAML SP issuer ID
- sso
Url string - Single Sign On URL
- status string
- Status of application. By default, it is
ACTIVE
- subject
Name stringId Format - Identifies the SAML processing rules.
- subject
Name stringId Template - Template for app user's username when a user is assigned to the app
- user
Name stringTemplate - Username template. Default:
${source.login}
- user
Name stringTemplate Push Status - Push username on update. Valid values:
PUSH
andDONT_PUSH
- user
Name stringTemplate Suffix - Username template suffix
- user
Name stringTemplate Type - Username template type. Default:
BUILT_IN
- accessibility_
error_ strredirect_ url - Custom error page URL
- accessibility_
login_ strredirect_ url - Custom login page URL
- accessibility_
self_ boolservice - Enable self service. Default is
false
- acs_
endpoints Sequence[str] - An array of ACS endpoints. You can configure a maximum of 100 endpoints.
- admin_
note str - Application notes for admins.
- app_
links_ strjson - Displays specific appLinks for the app. The value for each application link should be boolean.
- app_
settings_ strjson - Application settings in JSON format
- assertion_
signed bool - Determines whether the SAML assertion is digitally signed
- attribute_
statements Sequence[SamlAttribute Statement Args] - audience str
- Audience Restriction
- authentication_
policy str - The ID of the associated
app_signon_policy
. If this property is removed from the application thedefault
sign-on-policy will be associated with this application.y - authn_
context_ strclass_ ref - Identifies the SAML authentication context class for the assertion’s authentication statement
- auto_
submit_ booltoolbar - Display auto submit toolbar. Default is:
false
- certificate str
- cert from SAML XML metadata payload
- default_
relay_ strstate - Identifies a specific application resource in an IDP initiated SSO scenario.
- destination str
- Identifies the location where the SAML response is intended to be sent inside of the SAML assertion
- digest_
algorithm str - Determines the digest algorithm used to digitally sign the SAML assertion and response
- embed_
url str - The url that can be used to embed this application in other portals.
- enduser_
note str - Application notes for end users.
- entity_
key str - Entity ID, the ID portion of the entity_url
- entity_
url str - Entity URL for instance http://www.okta.com/exk1fcia6d6EMsf331d8
- features Sequence[str]
- features to enable
- hide_
ios bool - Do not display application icon on mobile app
- hide_
web bool - Do not display application icon to users
- honor_
force_ boolauthn - Prompt user to re-authenticate if SP asks for it. Default is:
false
- http_
post_ strbinding - urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Post location from the SAML metadata.
- http_
redirect_ strbinding - urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect location from the SAML metadata.
- idp_
issuer str - SAML issuer ID
- implicit_
assignment bool - Early Access Property. Enable Federation Broker Mode.
- inline_
hook_ strid - Saml Inline Hook setting
- key_
id str - Certificate ID
- key_
name str - Certificate name. This modulates the rotation of keys. New name == new key. Required to be set with
key_years_valid
- key_
years_ intvalid - Number of years the certificate is valid (2 - 10 years).
- keys
Sequence[Saml
Key Args] - Application keys
- label str
- The Application's display name.
- logo str
- Local file path to the logo. The file must be in PNG, JPG, or GIF format, and less than 1 MB in size.
- logo_
url str - URL of the application's logo
- metadata str
- SAML xml metadata payload
- metadata_
url str - SAML xml metadata URL
- name str
- Name of the app.
- preconfigured_
app str - Name of application from the Okta Integration Network. For instance 'slack'. If not included a custom app will be created. If not provided the following arguments are required: 'ssourl' 'recipient' 'destination' 'audience' 'subjectnameidtemplate' 'subjectnameidformat' 'signaturealgorithm' 'digestalgorithm' 'authncontextclassref'
- recipient str
- The location where the app may present the SAML assertion
- request_
compressed bool - Denotes whether the request is compressed or not.
- response_
signed bool - Determines whether the SAML auth response message is digitally signed
- saml_
signed_ boolrequest_ enabled - SAML Signed Request enabled
- saml_
version str - SAML version for the app's sign-on mode. Valid values are:
2.0
or1.1
. Default is2.0
- sign_
on_ strmode - Sign on mode of application.
- signature_
algorithm str - Signature algorithm used to digitally sign the assertion and response
- single_
logout_ strcertificate - x509 encoded certificate that the Service Provider uses to sign Single Logout requests. Note: should be provided without
-----BEGIN CERTIFICATE-----
and-----END CERTIFICATE-----
, see official documentation. - single_
logout_ strissuer - The issuer of the Service Provider that generates the Single Logout request
- single_
logout_ strurl - The location where the logout response is sent
- sp_
issuer str - SAML SP issuer ID
- sso_
url str - Single Sign On URL
- status str
- Status of application. By default, it is
ACTIVE
- subject_
name_ strid_ format - Identifies the SAML processing rules.
- subject_
name_ strid_ template - Template for app user's username when a user is assigned to the app
- user_
name_ strtemplate - Username template. Default:
${source.login}
- user_
name_ strtemplate_ push_ status - Push username on update. Valid values:
PUSH
andDONT_PUSH
- user_
name_ strtemplate_ suffix - Username template suffix
- user_
name_ strtemplate_ type - Username template type. Default:
BUILT_IN
- accessibility
Error StringRedirect Url - Custom error page URL
- accessibility
Login StringRedirect Url - Custom login page URL
- accessibility
Self BooleanService - Enable self service. Default is
false
- acs
Endpoints List<String> - An array of ACS endpoints. You can configure a maximum of 100 endpoints.
- admin
Note String - Application notes for admins.
- app
Links StringJson - Displays specific appLinks for the app. The value for each application link should be boolean.
- app
Settings StringJson - Application settings in JSON format
- assertion
Signed Boolean - Determines whether the SAML assertion is digitally signed
- attribute
Statements List<Property Map> - audience String
- Audience Restriction
- authentication
Policy String - The ID of the associated
app_signon_policy
. If this property is removed from the application thedefault
sign-on-policy will be associated with this application.y - authn
Context StringClass Ref - Identifies the SAML authentication context class for the assertion’s authentication statement
- auto
Submit BooleanToolbar - Display auto submit toolbar. Default is:
false
- certificate String
- cert from SAML XML metadata payload
- default
Relay StringState - Identifies a specific application resource in an IDP initiated SSO scenario.
- destination String
- Identifies the location where the SAML response is intended to be sent inside of the SAML assertion
- digest
Algorithm String - Determines the digest algorithm used to digitally sign the SAML assertion and response
- embed
Url String - The url that can be used to embed this application in other portals.
- enduser
Note String - Application notes for end users.
- entity
Key String - Entity ID, the ID portion of the entity_url
- entity
Url String - Entity URL for instance http://www.okta.com/exk1fcia6d6EMsf331d8
- features List<String>
- features to enable
- hide
Ios Boolean - Do not display application icon on mobile app
- hide
Web Boolean - Do not display application icon to users
- honor
Force BooleanAuthn - Prompt user to re-authenticate if SP asks for it. Default is:
false
- http
Post StringBinding - urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Post location from the SAML metadata.
- http
Redirect StringBinding - urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect location from the SAML metadata.
- idp
Issuer String - SAML issuer ID
- implicit
Assignment Boolean - Early Access Property. Enable Federation Broker Mode.
- inline
Hook StringId - Saml Inline Hook setting
- key
Id String - Certificate ID
- key
Name String - Certificate name. This modulates the rotation of keys. New name == new key. Required to be set with
key_years_valid
- key
Years NumberValid - Number of years the certificate is valid (2 - 10 years).
- keys List<Property Map>
- Application keys
- label String
- The Application's display name.
- logo String
- Local file path to the logo. The file must be in PNG, JPG, or GIF format, and less than 1 MB in size.
- logo
Url String - URL of the application's logo
- metadata String
- SAML xml metadata payload
- metadata
Url String - SAML xml metadata URL
- name String
- Name of the app.
- preconfigured
App String - Name of application from the Okta Integration Network. For instance 'slack'. If not included a custom app will be created. If not provided the following arguments are required: 'ssourl' 'recipient' 'destination' 'audience' 'subjectnameidtemplate' 'subjectnameidformat' 'signaturealgorithm' 'digestalgorithm' 'authncontextclassref'
- recipient String
- The location where the app may present the SAML assertion
- request
Compressed Boolean - Denotes whether the request is compressed or not.
- response
Signed Boolean - Determines whether the SAML auth response message is digitally signed
- saml
Signed BooleanRequest Enabled - SAML Signed Request enabled
- saml
Version String - SAML version for the app's sign-on mode. Valid values are:
2.0
or1.1
. Default is2.0
- sign
On StringMode - Sign on mode of application.
- signature
Algorithm String - Signature algorithm used to digitally sign the assertion and response
- single
Logout StringCertificate - x509 encoded certificate that the Service Provider uses to sign Single Logout requests. Note: should be provided without
-----BEGIN CERTIFICATE-----
and-----END CERTIFICATE-----
, see official documentation. - single
Logout StringIssuer - The issuer of the Service Provider that generates the Single Logout request
- single
Logout StringUrl - The location where the logout response is sent
- sp
Issuer String - SAML SP issuer ID
- sso
Url String - Single Sign On URL
- status String
- Status of application. By default, it is
ACTIVE
- subject
Name StringId Format - Identifies the SAML processing rules.
- subject
Name StringId Template - Template for app user's username when a user is assigned to the app
- user
Name StringTemplate - Username template. Default:
${source.login}
- user
Name StringTemplate Push Status - Push username on update. Valid values:
PUSH
andDONT_PUSH
- user
Name StringTemplate Suffix - Username template suffix
- user
Name StringTemplate Type - Username template type. Default:
BUILT_IN
Supporting Types
SamlAttributeStatement, SamlAttributeStatementArgs
- Name string
- The reference name of the attribute statement
- Filter
Type string - Type of group attribute filter. Valid values are:
STARTS_WITH
,EQUALS
,CONTAINS
, orREGEX
- Filter
Value string - Filter value to use
- Namespace string
- The attribute namespace. It can be set to
urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified
,urn:oasis:names:tc:SAML:2.0:attrname-format:uri
, orurn:oasis:names:tc:SAML:2.0:attrname-format:basic
- Type string
- The type of attribute statements object
- Values List<string>
- Name string
- The reference name of the attribute statement
- Filter
Type string - Type of group attribute filter. Valid values are:
STARTS_WITH
,EQUALS
,CONTAINS
, orREGEX
- Filter
Value string - Filter value to use
- Namespace string
- The attribute namespace. It can be set to
urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified
,urn:oasis:names:tc:SAML:2.0:attrname-format:uri
, orurn:oasis:names:tc:SAML:2.0:attrname-format:basic
- Type string
- The type of attribute statements object
- Values []string
- name String
- The reference name of the attribute statement
- filter
Type String - Type of group attribute filter. Valid values are:
STARTS_WITH
,EQUALS
,CONTAINS
, orREGEX
- filter
Value String - Filter value to use
- namespace String
- The attribute namespace. It can be set to
urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified
,urn:oasis:names:tc:SAML:2.0:attrname-format:uri
, orurn:oasis:names:tc:SAML:2.0:attrname-format:basic
- type String
- The type of attribute statements object
- values List<String>
- name string
- The reference name of the attribute statement
- filter
Type string - Type of group attribute filter. Valid values are:
STARTS_WITH
,EQUALS
,CONTAINS
, orREGEX
- filter
Value string - Filter value to use
- namespace string
- The attribute namespace. It can be set to
urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified
,urn:oasis:names:tc:SAML:2.0:attrname-format:uri
, orurn:oasis:names:tc:SAML:2.0:attrname-format:basic
- type string
- The type of attribute statements object
- values string[]
- name str
- The reference name of the attribute statement
- filter_
type str - Type of group attribute filter. Valid values are:
STARTS_WITH
,EQUALS
,CONTAINS
, orREGEX
- filter_
value str - Filter value to use
- namespace str
- The attribute namespace. It can be set to
urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified
,urn:oasis:names:tc:SAML:2.0:attrname-format:uri
, orurn:oasis:names:tc:SAML:2.0:attrname-format:basic
- type str
- The type of attribute statements object
- values Sequence[str]
- name String
- The reference name of the attribute statement
- filter
Type String - Type of group attribute filter. Valid values are:
STARTS_WITH
,EQUALS
,CONTAINS
, orREGEX
- filter
Value String - Filter value to use
- namespace String
- The attribute namespace. It can be set to
urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified
,urn:oasis:names:tc:SAML:2.0:attrname-format:uri
, orurn:oasis:names:tc:SAML:2.0:attrname-format:basic
- type String
- The type of attribute statements object
- values List<String>
SamlKey, SamlKeyArgs
- Created string
- Created date
- E string
- RSA exponent
- Expires
At string - Expiration date
- Kid string
- Key ID
- Kty string
- Key type. Identifies the cryptographic algorithm family used with the key.
- Last
Updated string - Last updated date
- N string
- RSA modulus
- Use string
- Intended use of the public key.
- X5cs List<string>
- X.509 Certificate Chain
- X5t
S256 string - X.509 certificate SHA-256 thumbprint
- Created string
- Created date
- E string
- RSA exponent
- Expires
At string - Expiration date
- Kid string
- Key ID
- Kty string
- Key type. Identifies the cryptographic algorithm family used with the key.
- Last
Updated string - Last updated date
- N string
- RSA modulus
- Use string
- Intended use of the public key.
- X5cs []string
- X.509 Certificate Chain
- X5t
S256 string - X.509 certificate SHA-256 thumbprint
- created String
- Created date
- e String
- RSA exponent
- expires
At String - Expiration date
- kid String
- Key ID
- kty String
- Key type. Identifies the cryptographic algorithm family used with the key.
- last
Updated String - Last updated date
- n String
- RSA modulus
- use String
- Intended use of the public key.
- x5cs List<String>
- X.509 Certificate Chain
- x5t
S256 String - X.509 certificate SHA-256 thumbprint
- created string
- Created date
- e string
- RSA exponent
- expires
At string - Expiration date
- kid string
- Key ID
- kty string
- Key type. Identifies the cryptographic algorithm family used with the key.
- last
Updated string - Last updated date
- n string
- RSA modulus
- use string
- Intended use of the public key.
- x5cs string[]
- X.509 Certificate Chain
- x5t
S256 string - X.509 certificate SHA-256 thumbprint
- created str
- Created date
- e str
- RSA exponent
- expires_
at str - Expiration date
- kid str
- Key ID
- kty str
- Key type. Identifies the cryptographic algorithm family used with the key.
- last_
updated str - Last updated date
- n str
- RSA modulus
- use str
- Intended use of the public key.
- x5cs Sequence[str]
- X.509 Certificate Chain
- x5t_
s256 str - X.509 certificate SHA-256 thumbprint
- created String
- Created date
- e String
- RSA exponent
- expires
At String - Expiration date
- kid String
- Key ID
- kty String
- Key type. Identifies the cryptographic algorithm family used with the key.
- last
Updated String - Last updated date
- n String
- RSA modulus
- use String
- Intended use of the public key.
- x5cs List<String>
- X.509 Certificate Chain
- x5t
S256 String - X.509 certificate SHA-256 thumbprint
Import
$ pulumi import okta:app/saml:Saml example <app_id>
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Okta pulumi/pulumi-okta
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
okta
Terraform Provider.