1. Packages
  2. Okta Provider
  3. API Docs
  4. app
  5. Saml
Okta v4.11.3 published on Monday, Oct 21, 2024 by Pulumi

okta.app.Saml

Explore with Pulumi AI

okta logo
Okta v4.11.3 published on Monday, Oct 21, 2024 by Pulumi

    This resource allows you to create and configure a SAML Application.

    During an apply if there is change in ‘status’ the app will first be activated or deactivated in accordance with the ‘status’ change. Then, all other arguments that changed will be applied.

    If you receive the error ‘You do not have permission to access the feature you are requesting’ contact support and request feature flag ‘ADVANCED_SSO’ be applied to your org.

    Create Saml Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new Saml(name: string, args: SamlArgs, opts?: CustomResourceOptions);
    @overload
    def Saml(resource_name: str,
             args: SamlArgs,
             opts: Optional[ResourceOptions] = None)
    
    @overload
    def Saml(resource_name: str,
             opts: Optional[ResourceOptions] = None,
             label: Optional[str] = None,
             inline_hook_id: Optional[str] = None,
             user_name_template_suffix: Optional[str] = None,
             acs_endpoints: Optional[Sequence[str]] = None,
             key_name: Optional[str] = None,
             app_links_json: Optional[str] = None,
             app_settings_json: Optional[str] = None,
             assertion_signed: Optional[bool] = None,
             attribute_statements: Optional[Sequence[SamlAttributeStatementArgs]] = None,
             audience: Optional[str] = None,
             authentication_policy: Optional[str] = None,
             authn_context_class_ref: Optional[str] = None,
             auto_submit_toolbar: Optional[bool] = None,
             default_relay_state: Optional[str] = None,
             destination: Optional[str] = None,
             digest_algorithm: Optional[str] = None,
             enduser_note: Optional[str] = None,
             hide_ios: Optional[bool] = None,
             accessibility_login_redirect_url: Optional[str] = None,
             honor_force_authn: Optional[bool] = None,
             idp_issuer: Optional[str] = None,
             implicit_assignment: Optional[bool] = None,
             accessibility_error_redirect_url: Optional[str] = None,
             admin_note: Optional[str] = None,
             accessibility_self_service: Optional[bool] = None,
             hide_web: Optional[bool] = None,
             logo: Optional[str] = None,
             preconfigured_app: Optional[str] = None,
             recipient: Optional[str] = None,
             request_compressed: Optional[bool] = None,
             response_signed: Optional[bool] = None,
             saml_signed_request_enabled: Optional[bool] = None,
             saml_version: Optional[str] = None,
             signature_algorithm: Optional[str] = None,
             single_logout_certificate: Optional[str] = None,
             single_logout_issuer: Optional[str] = None,
             single_logout_url: Optional[str] = None,
             sp_issuer: Optional[str] = None,
             sso_url: Optional[str] = None,
             status: Optional[str] = None,
             subject_name_id_format: Optional[str] = None,
             subject_name_id_template: Optional[str] = None,
             user_name_template: Optional[str] = None,
             user_name_template_push_status: Optional[str] = None,
             key_years_valid: Optional[int] = None,
             user_name_template_type: Optional[str] = None)
    func NewSaml(ctx *Context, name string, args SamlArgs, opts ...ResourceOption) (*Saml, error)
    public Saml(string name, SamlArgs args, CustomResourceOptions? opts = null)
    public Saml(String name, SamlArgs args)
    public Saml(String name, SamlArgs args, CustomResourceOptions options)
    
    type: okta:app:Saml
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args SamlArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args SamlArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args SamlArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args SamlArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args SamlArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var samlResource = new Okta.App.Saml("samlResource", new()
    {
        Label = "string",
        InlineHookId = "string",
        UserNameTemplateSuffix = "string",
        AcsEndpoints = new[]
        {
            "string",
        },
        KeyName = "string",
        AppLinksJson = "string",
        AppSettingsJson = "string",
        AssertionSigned = false,
        AttributeStatements = new[]
        {
            new Okta.App.Inputs.SamlAttributeStatementArgs
            {
                Name = "string",
                FilterType = "string",
                FilterValue = "string",
                Namespace = "string",
                Type = "string",
                Values = new[]
                {
                    "string",
                },
            },
        },
        Audience = "string",
        AuthenticationPolicy = "string",
        AuthnContextClassRef = "string",
        AutoSubmitToolbar = false,
        DefaultRelayState = "string",
        Destination = "string",
        DigestAlgorithm = "string",
        EnduserNote = "string",
        HideIos = false,
        AccessibilityLoginRedirectUrl = "string",
        HonorForceAuthn = false,
        IdpIssuer = "string",
        ImplicitAssignment = false,
        AccessibilityErrorRedirectUrl = "string",
        AdminNote = "string",
        AccessibilitySelfService = false,
        HideWeb = false,
        Logo = "string",
        PreconfiguredApp = "string",
        Recipient = "string",
        RequestCompressed = false,
        ResponseSigned = false,
        SamlSignedRequestEnabled = false,
        SamlVersion = "string",
        SignatureAlgorithm = "string",
        SingleLogoutCertificate = "string",
        SingleLogoutIssuer = "string",
        SingleLogoutUrl = "string",
        SpIssuer = "string",
        SsoUrl = "string",
        Status = "string",
        SubjectNameIdFormat = "string",
        SubjectNameIdTemplate = "string",
        UserNameTemplate = "string",
        UserNameTemplatePushStatus = "string",
        KeyYearsValid = 0,
        UserNameTemplateType = "string",
    });
    
    example, err := app.NewSaml(ctx, "samlResource", &app.SamlArgs{
    	Label:                  pulumi.String("string"),
    	InlineHookId:           pulumi.String("string"),
    	UserNameTemplateSuffix: pulumi.String("string"),
    	AcsEndpoints: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	KeyName:         pulumi.String("string"),
    	AppLinksJson:    pulumi.String("string"),
    	AppSettingsJson: pulumi.String("string"),
    	AssertionSigned: pulumi.Bool(false),
    	AttributeStatements: app.SamlAttributeStatementArray{
    		&app.SamlAttributeStatementArgs{
    			Name:        pulumi.String("string"),
    			FilterType:  pulumi.String("string"),
    			FilterValue: pulumi.String("string"),
    			Namespace:   pulumi.String("string"),
    			Type:        pulumi.String("string"),
    			Values: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    		},
    	},
    	Audience:                      pulumi.String("string"),
    	AuthenticationPolicy:          pulumi.String("string"),
    	AuthnContextClassRef:          pulumi.String("string"),
    	AutoSubmitToolbar:             pulumi.Bool(false),
    	DefaultRelayState:             pulumi.String("string"),
    	Destination:                   pulumi.String("string"),
    	DigestAlgorithm:               pulumi.String("string"),
    	EnduserNote:                   pulumi.String("string"),
    	HideIos:                       pulumi.Bool(false),
    	AccessibilityLoginRedirectUrl: pulumi.String("string"),
    	HonorForceAuthn:               pulumi.Bool(false),
    	IdpIssuer:                     pulumi.String("string"),
    	ImplicitAssignment:            pulumi.Bool(false),
    	AccessibilityErrorRedirectUrl: pulumi.String("string"),
    	AdminNote:                     pulumi.String("string"),
    	AccessibilitySelfService:      pulumi.Bool(false),
    	HideWeb:                       pulumi.Bool(false),
    	Logo:                          pulumi.String("string"),
    	PreconfiguredApp:              pulumi.String("string"),
    	Recipient:                     pulumi.String("string"),
    	RequestCompressed:             pulumi.Bool(false),
    	ResponseSigned:                pulumi.Bool(false),
    	SamlSignedRequestEnabled:      pulumi.Bool(false),
    	SamlVersion:                   pulumi.String("string"),
    	SignatureAlgorithm:            pulumi.String("string"),
    	SingleLogoutCertificate:       pulumi.String("string"),
    	SingleLogoutIssuer:            pulumi.String("string"),
    	SingleLogoutUrl:               pulumi.String("string"),
    	SpIssuer:                      pulumi.String("string"),
    	SsoUrl:                        pulumi.String("string"),
    	Status:                        pulumi.String("string"),
    	SubjectNameIdFormat:           pulumi.String("string"),
    	SubjectNameIdTemplate:         pulumi.String("string"),
    	UserNameTemplate:              pulumi.String("string"),
    	UserNameTemplatePushStatus:    pulumi.String("string"),
    	KeyYearsValid:                 pulumi.Int(0),
    	UserNameTemplateType:          pulumi.String("string"),
    })
    
    var samlResource = new Saml("samlResource", SamlArgs.builder()
        .label("string")
        .inlineHookId("string")
        .userNameTemplateSuffix("string")
        .acsEndpoints("string")
        .keyName("string")
        .appLinksJson("string")
        .appSettingsJson("string")
        .assertionSigned(false)
        .attributeStatements(SamlAttributeStatementArgs.builder()
            .name("string")
            .filterType("string")
            .filterValue("string")
            .namespace("string")
            .type("string")
            .values("string")
            .build())
        .audience("string")
        .authenticationPolicy("string")
        .authnContextClassRef("string")
        .autoSubmitToolbar(false)
        .defaultRelayState("string")
        .destination("string")
        .digestAlgorithm("string")
        .enduserNote("string")
        .hideIos(false)
        .accessibilityLoginRedirectUrl("string")
        .honorForceAuthn(false)
        .idpIssuer("string")
        .implicitAssignment(false)
        .accessibilityErrorRedirectUrl("string")
        .adminNote("string")
        .accessibilitySelfService(false)
        .hideWeb(false)
        .logo("string")
        .preconfiguredApp("string")
        .recipient("string")
        .requestCompressed(false)
        .responseSigned(false)
        .samlSignedRequestEnabled(false)
        .samlVersion("string")
        .signatureAlgorithm("string")
        .singleLogoutCertificate("string")
        .singleLogoutIssuer("string")
        .singleLogoutUrl("string")
        .spIssuer("string")
        .ssoUrl("string")
        .status("string")
        .subjectNameIdFormat("string")
        .subjectNameIdTemplate("string")
        .userNameTemplate("string")
        .userNameTemplatePushStatus("string")
        .keyYearsValid(0)
        .userNameTemplateType("string")
        .build());
    
    saml_resource = okta.app.Saml("samlResource",
        label="string",
        inline_hook_id="string",
        user_name_template_suffix="string",
        acs_endpoints=["string"],
        key_name="string",
        app_links_json="string",
        app_settings_json="string",
        assertion_signed=False,
        attribute_statements=[{
            "name": "string",
            "filter_type": "string",
            "filter_value": "string",
            "namespace": "string",
            "type": "string",
            "values": ["string"],
        }],
        audience="string",
        authentication_policy="string",
        authn_context_class_ref="string",
        auto_submit_toolbar=False,
        default_relay_state="string",
        destination="string",
        digest_algorithm="string",
        enduser_note="string",
        hide_ios=False,
        accessibility_login_redirect_url="string",
        honor_force_authn=False,
        idp_issuer="string",
        implicit_assignment=False,
        accessibility_error_redirect_url="string",
        admin_note="string",
        accessibility_self_service=False,
        hide_web=False,
        logo="string",
        preconfigured_app="string",
        recipient="string",
        request_compressed=False,
        response_signed=False,
        saml_signed_request_enabled=False,
        saml_version="string",
        signature_algorithm="string",
        single_logout_certificate="string",
        single_logout_issuer="string",
        single_logout_url="string",
        sp_issuer="string",
        sso_url="string",
        status="string",
        subject_name_id_format="string",
        subject_name_id_template="string",
        user_name_template="string",
        user_name_template_push_status="string",
        key_years_valid=0,
        user_name_template_type="string")
    
    const samlResource = new okta.app.Saml("samlResource", {
        label: "string",
        inlineHookId: "string",
        userNameTemplateSuffix: "string",
        acsEndpoints: ["string"],
        keyName: "string",
        appLinksJson: "string",
        appSettingsJson: "string",
        assertionSigned: false,
        attributeStatements: [{
            name: "string",
            filterType: "string",
            filterValue: "string",
            namespace: "string",
            type: "string",
            values: ["string"],
        }],
        audience: "string",
        authenticationPolicy: "string",
        authnContextClassRef: "string",
        autoSubmitToolbar: false,
        defaultRelayState: "string",
        destination: "string",
        digestAlgorithm: "string",
        enduserNote: "string",
        hideIos: false,
        accessibilityLoginRedirectUrl: "string",
        honorForceAuthn: false,
        idpIssuer: "string",
        implicitAssignment: false,
        accessibilityErrorRedirectUrl: "string",
        adminNote: "string",
        accessibilitySelfService: false,
        hideWeb: false,
        logo: "string",
        preconfiguredApp: "string",
        recipient: "string",
        requestCompressed: false,
        responseSigned: false,
        samlSignedRequestEnabled: false,
        samlVersion: "string",
        signatureAlgorithm: "string",
        singleLogoutCertificate: "string",
        singleLogoutIssuer: "string",
        singleLogoutUrl: "string",
        spIssuer: "string",
        ssoUrl: "string",
        status: "string",
        subjectNameIdFormat: "string",
        subjectNameIdTemplate: "string",
        userNameTemplate: "string",
        userNameTemplatePushStatus: "string",
        keyYearsValid: 0,
        userNameTemplateType: "string",
    });
    
    type: okta:app:Saml
    properties:
        accessibilityErrorRedirectUrl: string
        accessibilityLoginRedirectUrl: string
        accessibilitySelfService: false
        acsEndpoints:
            - string
        adminNote: string
        appLinksJson: string
        appSettingsJson: string
        assertionSigned: false
        attributeStatements:
            - filterType: string
              filterValue: string
              name: string
              namespace: string
              type: string
              values:
                - string
        audience: string
        authenticationPolicy: string
        authnContextClassRef: string
        autoSubmitToolbar: false
        defaultRelayState: string
        destination: string
        digestAlgorithm: string
        enduserNote: string
        hideIos: false
        hideWeb: false
        honorForceAuthn: false
        idpIssuer: string
        implicitAssignment: false
        inlineHookId: string
        keyName: string
        keyYearsValid: 0
        label: string
        logo: string
        preconfiguredApp: string
        recipient: string
        requestCompressed: false
        responseSigned: false
        samlSignedRequestEnabled: false
        samlVersion: string
        signatureAlgorithm: string
        singleLogoutCertificate: string
        singleLogoutIssuer: string
        singleLogoutUrl: string
        spIssuer: string
        ssoUrl: string
        status: string
        subjectNameIdFormat: string
        subjectNameIdTemplate: string
        userNameTemplate: string
        userNameTemplatePushStatus: string
        userNameTemplateSuffix: string
        userNameTemplateType: string
    

    Saml Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The Saml resource accepts the following input properties:

    Label string
    The Application's display name.
    AccessibilityErrorRedirectUrl string
    Custom error page URL
    AccessibilityLoginRedirectUrl string
    Custom login page URL
    AccessibilitySelfService bool
    Enable self service. Default is false
    AcsEndpoints List<string>
    An array of ACS endpoints. You can configure a maximum of 100 endpoints.
    AdminNote string
    Application notes for admins.
    AppLinksJson string
    Displays specific appLinks for the app. The value for each application link should be boolean.
    AppSettingsJson string
    Application settings in JSON format
    AssertionSigned bool
    Determines whether the SAML assertion is digitally signed
    AttributeStatements List<SamlAttributeStatement>
    Audience string
    Audience Restriction
    AuthenticationPolicy string
    The ID of the associated app_signon_policy. If this property is removed from the application the default sign-on-policy will be associated with this application.y
    AuthnContextClassRef string
    Identifies the SAML authentication context class for the assertion’s authentication statement
    AutoSubmitToolbar bool
    Display auto submit toolbar. Default is: false
    DefaultRelayState string
    Identifies a specific application resource in an IDP initiated SSO scenario.
    Destination string
    Identifies the location where the SAML response is intended to be sent inside of the SAML assertion
    DigestAlgorithm string
    Determines the digest algorithm used to digitally sign the SAML assertion and response
    EnduserNote string
    Application notes for end users.
    HideIos bool
    Do not display application icon on mobile app
    HideWeb bool
    Do not display application icon to users
    HonorForceAuthn bool
    Prompt user to re-authenticate if SP asks for it. Default is: false
    IdpIssuer string
    SAML issuer ID
    ImplicitAssignment bool
    Early Access Property. Enable Federation Broker Mode.
    InlineHookId string
    Saml Inline Hook setting
    KeyName string
    Certificate name. This modulates the rotation of keys. New name == new key. Required to be set with key_years_valid
    KeyYearsValid int
    Number of years the certificate is valid (2 - 10 years).
    Logo string
    Local file path to the logo. The file must be in PNG, JPG, or GIF format, and less than 1 MB in size.
    PreconfiguredApp string
    Name of application from the Okta Integration Network. For instance 'slack'. If not included a custom app will be created. If not provided the following arguments are required: 'ssourl' 'recipient' 'destination' 'audience' 'subjectnameidtemplate' 'subjectnameidformat' 'signaturealgorithm' 'digestalgorithm' 'authncontextclassref'
    Recipient string
    The location where the app may present the SAML assertion
    RequestCompressed bool
    Denotes whether the request is compressed or not.
    ResponseSigned bool
    Determines whether the SAML auth response message is digitally signed
    SamlSignedRequestEnabled bool
    SAML Signed Request enabled
    SamlVersion string
    SAML version for the app's sign-on mode. Valid values are: 2.0 or 1.1. Default is 2.0
    SignatureAlgorithm string
    Signature algorithm used to digitally sign the assertion and response
    SingleLogoutCertificate string
    x509 encoded certificate that the Service Provider uses to sign Single Logout requests. Note: should be provided without -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----, see official documentation.
    SingleLogoutIssuer string
    The issuer of the Service Provider that generates the Single Logout request
    SingleLogoutUrl string
    The location where the logout response is sent
    SpIssuer string
    SAML SP issuer ID
    SsoUrl string
    Single Sign On URL
    Status string
    Status of application. By default, it is ACTIVE
    SubjectNameIdFormat string
    Identifies the SAML processing rules.
    SubjectNameIdTemplate string
    Template for app user's username when a user is assigned to the app
    UserNameTemplate string
    Username template. Default: ${source.login}
    UserNameTemplatePushStatus string
    Push username on update. Valid values: PUSH and DONT_PUSH
    UserNameTemplateSuffix string
    Username template suffix
    UserNameTemplateType string
    Username template type. Default: BUILT_IN
    Label string
    The Application's display name.
    AccessibilityErrorRedirectUrl string
    Custom error page URL
    AccessibilityLoginRedirectUrl string
    Custom login page URL
    AccessibilitySelfService bool
    Enable self service. Default is false
    AcsEndpoints []string
    An array of ACS endpoints. You can configure a maximum of 100 endpoints.
    AdminNote string
    Application notes for admins.
    AppLinksJson string
    Displays specific appLinks for the app. The value for each application link should be boolean.
    AppSettingsJson string
    Application settings in JSON format
    AssertionSigned bool
    Determines whether the SAML assertion is digitally signed
    AttributeStatements []SamlAttributeStatementArgs
    Audience string
    Audience Restriction
    AuthenticationPolicy string
    The ID of the associated app_signon_policy. If this property is removed from the application the default sign-on-policy will be associated with this application.y
    AuthnContextClassRef string
    Identifies the SAML authentication context class for the assertion’s authentication statement
    AutoSubmitToolbar bool
    Display auto submit toolbar. Default is: false
    DefaultRelayState string
    Identifies a specific application resource in an IDP initiated SSO scenario.
    Destination string
    Identifies the location where the SAML response is intended to be sent inside of the SAML assertion
    DigestAlgorithm string
    Determines the digest algorithm used to digitally sign the SAML assertion and response
    EnduserNote string
    Application notes for end users.
    HideIos bool
    Do not display application icon on mobile app
    HideWeb bool
    Do not display application icon to users
    HonorForceAuthn bool
    Prompt user to re-authenticate if SP asks for it. Default is: false
    IdpIssuer string
    SAML issuer ID
    ImplicitAssignment bool
    Early Access Property. Enable Federation Broker Mode.
    InlineHookId string
    Saml Inline Hook setting
    KeyName string
    Certificate name. This modulates the rotation of keys. New name == new key. Required to be set with key_years_valid
    KeyYearsValid int
    Number of years the certificate is valid (2 - 10 years).
    Logo string
    Local file path to the logo. The file must be in PNG, JPG, or GIF format, and less than 1 MB in size.
    PreconfiguredApp string
    Name of application from the Okta Integration Network. For instance 'slack'. If not included a custom app will be created. If not provided the following arguments are required: 'ssourl' 'recipient' 'destination' 'audience' 'subjectnameidtemplate' 'subjectnameidformat' 'signaturealgorithm' 'digestalgorithm' 'authncontextclassref'
    Recipient string
    The location where the app may present the SAML assertion
    RequestCompressed bool
    Denotes whether the request is compressed or not.
    ResponseSigned bool
    Determines whether the SAML auth response message is digitally signed
    SamlSignedRequestEnabled bool
    SAML Signed Request enabled
    SamlVersion string
    SAML version for the app's sign-on mode. Valid values are: 2.0 or 1.1. Default is 2.0
    SignatureAlgorithm string
    Signature algorithm used to digitally sign the assertion and response
    SingleLogoutCertificate string
    x509 encoded certificate that the Service Provider uses to sign Single Logout requests. Note: should be provided without -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----, see official documentation.
    SingleLogoutIssuer string
    The issuer of the Service Provider that generates the Single Logout request
    SingleLogoutUrl string
    The location where the logout response is sent
    SpIssuer string
    SAML SP issuer ID
    SsoUrl string
    Single Sign On URL
    Status string
    Status of application. By default, it is ACTIVE
    SubjectNameIdFormat string
    Identifies the SAML processing rules.
    SubjectNameIdTemplate string
    Template for app user's username when a user is assigned to the app
    UserNameTemplate string
    Username template. Default: ${source.login}
    UserNameTemplatePushStatus string
    Push username on update. Valid values: PUSH and DONT_PUSH
    UserNameTemplateSuffix string
    Username template suffix
    UserNameTemplateType string
    Username template type. Default: BUILT_IN
    label String
    The Application's display name.
    accessibilityErrorRedirectUrl String
    Custom error page URL
    accessibilityLoginRedirectUrl String
    Custom login page URL
    accessibilitySelfService Boolean
    Enable self service. Default is false
    acsEndpoints List<String>
    An array of ACS endpoints. You can configure a maximum of 100 endpoints.
    adminNote String
    Application notes for admins.
    appLinksJson String
    Displays specific appLinks for the app. The value for each application link should be boolean.
    appSettingsJson String
    Application settings in JSON format
    assertionSigned Boolean
    Determines whether the SAML assertion is digitally signed
    attributeStatements List<SamlAttributeStatement>
    audience String
    Audience Restriction
    authenticationPolicy String
    The ID of the associated app_signon_policy. If this property is removed from the application the default sign-on-policy will be associated with this application.y
    authnContextClassRef String
    Identifies the SAML authentication context class for the assertion’s authentication statement
    autoSubmitToolbar Boolean
    Display auto submit toolbar. Default is: false
    defaultRelayState String
    Identifies a specific application resource in an IDP initiated SSO scenario.
    destination String
    Identifies the location where the SAML response is intended to be sent inside of the SAML assertion
    digestAlgorithm String
    Determines the digest algorithm used to digitally sign the SAML assertion and response
    enduserNote String
    Application notes for end users.
    hideIos Boolean
    Do not display application icon on mobile app
    hideWeb Boolean
    Do not display application icon to users
    honorForceAuthn Boolean
    Prompt user to re-authenticate if SP asks for it. Default is: false
    idpIssuer String
    SAML issuer ID
    implicitAssignment Boolean
    Early Access Property. Enable Federation Broker Mode.
    inlineHookId String
    Saml Inline Hook setting
    keyName String
    Certificate name. This modulates the rotation of keys. New name == new key. Required to be set with key_years_valid
    keyYearsValid Integer
    Number of years the certificate is valid (2 - 10 years).
    logo String
    Local file path to the logo. The file must be in PNG, JPG, or GIF format, and less than 1 MB in size.
    preconfiguredApp String
    Name of application from the Okta Integration Network. For instance 'slack'. If not included a custom app will be created. If not provided the following arguments are required: 'ssourl' 'recipient' 'destination' 'audience' 'subjectnameidtemplate' 'subjectnameidformat' 'signaturealgorithm' 'digestalgorithm' 'authncontextclassref'
    recipient String
    The location where the app may present the SAML assertion
    requestCompressed Boolean
    Denotes whether the request is compressed or not.
    responseSigned Boolean
    Determines whether the SAML auth response message is digitally signed
    samlSignedRequestEnabled Boolean
    SAML Signed Request enabled
    samlVersion String
    SAML version for the app's sign-on mode. Valid values are: 2.0 or 1.1. Default is 2.0
    signatureAlgorithm String
    Signature algorithm used to digitally sign the assertion and response
    singleLogoutCertificate String
    x509 encoded certificate that the Service Provider uses to sign Single Logout requests. Note: should be provided without -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----, see official documentation.
    singleLogoutIssuer String
    The issuer of the Service Provider that generates the Single Logout request
    singleLogoutUrl String
    The location where the logout response is sent
    spIssuer String
    SAML SP issuer ID
    ssoUrl String
    Single Sign On URL
    status String
    Status of application. By default, it is ACTIVE
    subjectNameIdFormat String
    Identifies the SAML processing rules.
    subjectNameIdTemplate String
    Template for app user's username when a user is assigned to the app
    userNameTemplate String
    Username template. Default: ${source.login}
    userNameTemplatePushStatus String
    Push username on update. Valid values: PUSH and DONT_PUSH
    userNameTemplateSuffix String
    Username template suffix
    userNameTemplateType String
    Username template type. Default: BUILT_IN
    label string
    The Application's display name.
    accessibilityErrorRedirectUrl string
    Custom error page URL
    accessibilityLoginRedirectUrl string
    Custom login page URL
    accessibilitySelfService boolean
    Enable self service. Default is false
    acsEndpoints string[]
    An array of ACS endpoints. You can configure a maximum of 100 endpoints.
    adminNote string
    Application notes for admins.
    appLinksJson string
    Displays specific appLinks for the app. The value for each application link should be boolean.
    appSettingsJson string
    Application settings in JSON format
    assertionSigned boolean
    Determines whether the SAML assertion is digitally signed
    attributeStatements SamlAttributeStatement[]
    audience string
    Audience Restriction
    authenticationPolicy string
    The ID of the associated app_signon_policy. If this property is removed from the application the default sign-on-policy will be associated with this application.y
    authnContextClassRef string
    Identifies the SAML authentication context class for the assertion’s authentication statement
    autoSubmitToolbar boolean
    Display auto submit toolbar. Default is: false
    defaultRelayState string
    Identifies a specific application resource in an IDP initiated SSO scenario.
    destination string
    Identifies the location where the SAML response is intended to be sent inside of the SAML assertion
    digestAlgorithm string
    Determines the digest algorithm used to digitally sign the SAML assertion and response
    enduserNote string
    Application notes for end users.
    hideIos boolean
    Do not display application icon on mobile app
    hideWeb boolean
    Do not display application icon to users
    honorForceAuthn boolean
    Prompt user to re-authenticate if SP asks for it. Default is: false
    idpIssuer string
    SAML issuer ID
    implicitAssignment boolean
    Early Access Property. Enable Federation Broker Mode.
    inlineHookId string
    Saml Inline Hook setting
    keyName string
    Certificate name. This modulates the rotation of keys. New name == new key. Required to be set with key_years_valid
    keyYearsValid number
    Number of years the certificate is valid (2 - 10 years).
    logo string
    Local file path to the logo. The file must be in PNG, JPG, or GIF format, and less than 1 MB in size.
    preconfiguredApp string
    Name of application from the Okta Integration Network. For instance 'slack'. If not included a custom app will be created. If not provided the following arguments are required: 'ssourl' 'recipient' 'destination' 'audience' 'subjectnameidtemplate' 'subjectnameidformat' 'signaturealgorithm' 'digestalgorithm' 'authncontextclassref'
    recipient string
    The location where the app may present the SAML assertion
    requestCompressed boolean
    Denotes whether the request is compressed or not.
    responseSigned boolean
    Determines whether the SAML auth response message is digitally signed
    samlSignedRequestEnabled boolean
    SAML Signed Request enabled
    samlVersion string
    SAML version for the app's sign-on mode. Valid values are: 2.0 or 1.1. Default is 2.0
    signatureAlgorithm string
    Signature algorithm used to digitally sign the assertion and response
    singleLogoutCertificate string
    x509 encoded certificate that the Service Provider uses to sign Single Logout requests. Note: should be provided without -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----, see official documentation.
    singleLogoutIssuer string
    The issuer of the Service Provider that generates the Single Logout request
    singleLogoutUrl string
    The location where the logout response is sent
    spIssuer string
    SAML SP issuer ID
    ssoUrl string
    Single Sign On URL
    status string
    Status of application. By default, it is ACTIVE
    subjectNameIdFormat string
    Identifies the SAML processing rules.
    subjectNameIdTemplate string
    Template for app user's username when a user is assigned to the app
    userNameTemplate string
    Username template. Default: ${source.login}
    userNameTemplatePushStatus string
    Push username on update. Valid values: PUSH and DONT_PUSH
    userNameTemplateSuffix string
    Username template suffix
    userNameTemplateType string
    Username template type. Default: BUILT_IN
    label str
    The Application's display name.
    accessibility_error_redirect_url str
    Custom error page URL
    accessibility_login_redirect_url str
    Custom login page URL
    accessibility_self_service bool
    Enable self service. Default is false
    acs_endpoints Sequence[str]
    An array of ACS endpoints. You can configure a maximum of 100 endpoints.
    admin_note str
    Application notes for admins.
    app_links_json str
    Displays specific appLinks for the app. The value for each application link should be boolean.
    app_settings_json str
    Application settings in JSON format
    assertion_signed bool
    Determines whether the SAML assertion is digitally signed
    attribute_statements Sequence[SamlAttributeStatementArgs]
    audience str
    Audience Restriction
    authentication_policy str
    The ID of the associated app_signon_policy. If this property is removed from the application the default sign-on-policy will be associated with this application.y
    authn_context_class_ref str
    Identifies the SAML authentication context class for the assertion’s authentication statement
    auto_submit_toolbar bool
    Display auto submit toolbar. Default is: false
    default_relay_state str
    Identifies a specific application resource in an IDP initiated SSO scenario.
    destination str
    Identifies the location where the SAML response is intended to be sent inside of the SAML assertion
    digest_algorithm str
    Determines the digest algorithm used to digitally sign the SAML assertion and response
    enduser_note str
    Application notes for end users.
    hide_ios bool
    Do not display application icon on mobile app
    hide_web bool
    Do not display application icon to users
    honor_force_authn bool
    Prompt user to re-authenticate if SP asks for it. Default is: false
    idp_issuer str
    SAML issuer ID
    implicit_assignment bool
    Early Access Property. Enable Federation Broker Mode.
    inline_hook_id str
    Saml Inline Hook setting
    key_name str
    Certificate name. This modulates the rotation of keys. New name == new key. Required to be set with key_years_valid
    key_years_valid int
    Number of years the certificate is valid (2 - 10 years).
    logo str
    Local file path to the logo. The file must be in PNG, JPG, or GIF format, and less than 1 MB in size.
    preconfigured_app str
    Name of application from the Okta Integration Network. For instance 'slack'. If not included a custom app will be created. If not provided the following arguments are required: 'ssourl' 'recipient' 'destination' 'audience' 'subjectnameidtemplate' 'subjectnameidformat' 'signaturealgorithm' 'digestalgorithm' 'authncontextclassref'
    recipient str
    The location where the app may present the SAML assertion
    request_compressed bool
    Denotes whether the request is compressed or not.
    response_signed bool
    Determines whether the SAML auth response message is digitally signed
    saml_signed_request_enabled bool
    SAML Signed Request enabled
    saml_version str
    SAML version for the app's sign-on mode. Valid values are: 2.0 or 1.1. Default is 2.0
    signature_algorithm str
    Signature algorithm used to digitally sign the assertion and response
    single_logout_certificate str
    x509 encoded certificate that the Service Provider uses to sign Single Logout requests. Note: should be provided without -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----, see official documentation.
    single_logout_issuer str
    The issuer of the Service Provider that generates the Single Logout request
    single_logout_url str
    The location where the logout response is sent
    sp_issuer str
    SAML SP issuer ID
    sso_url str
    Single Sign On URL
    status str
    Status of application. By default, it is ACTIVE
    subject_name_id_format str
    Identifies the SAML processing rules.
    subject_name_id_template str
    Template for app user's username when a user is assigned to the app
    user_name_template str
    Username template. Default: ${source.login}
    user_name_template_push_status str
    Push username on update. Valid values: PUSH and DONT_PUSH
    user_name_template_suffix str
    Username template suffix
    user_name_template_type str
    Username template type. Default: BUILT_IN
    label String
    The Application's display name.
    accessibilityErrorRedirectUrl String
    Custom error page URL
    accessibilityLoginRedirectUrl String
    Custom login page URL
    accessibilitySelfService Boolean
    Enable self service. Default is false
    acsEndpoints List<String>
    An array of ACS endpoints. You can configure a maximum of 100 endpoints.
    adminNote String
    Application notes for admins.
    appLinksJson String
    Displays specific appLinks for the app. The value for each application link should be boolean.
    appSettingsJson String
    Application settings in JSON format
    assertionSigned Boolean
    Determines whether the SAML assertion is digitally signed
    attributeStatements List<Property Map>
    audience String
    Audience Restriction
    authenticationPolicy String
    The ID of the associated app_signon_policy. If this property is removed from the application the default sign-on-policy will be associated with this application.y
    authnContextClassRef String
    Identifies the SAML authentication context class for the assertion’s authentication statement
    autoSubmitToolbar Boolean
    Display auto submit toolbar. Default is: false
    defaultRelayState String
    Identifies a specific application resource in an IDP initiated SSO scenario.
    destination String
    Identifies the location where the SAML response is intended to be sent inside of the SAML assertion
    digestAlgorithm String
    Determines the digest algorithm used to digitally sign the SAML assertion and response
    enduserNote String
    Application notes for end users.
    hideIos Boolean
    Do not display application icon on mobile app
    hideWeb Boolean
    Do not display application icon to users
    honorForceAuthn Boolean
    Prompt user to re-authenticate if SP asks for it. Default is: false
    idpIssuer String
    SAML issuer ID
    implicitAssignment Boolean
    Early Access Property. Enable Federation Broker Mode.
    inlineHookId String
    Saml Inline Hook setting
    keyName String
    Certificate name. This modulates the rotation of keys. New name == new key. Required to be set with key_years_valid
    keyYearsValid Number
    Number of years the certificate is valid (2 - 10 years).
    logo String
    Local file path to the logo. The file must be in PNG, JPG, or GIF format, and less than 1 MB in size.
    preconfiguredApp String
    Name of application from the Okta Integration Network. For instance 'slack'. If not included a custom app will be created. If not provided the following arguments are required: 'ssourl' 'recipient' 'destination' 'audience' 'subjectnameidtemplate' 'subjectnameidformat' 'signaturealgorithm' 'digestalgorithm' 'authncontextclassref'
    recipient String
    The location where the app may present the SAML assertion
    requestCompressed Boolean
    Denotes whether the request is compressed or not.
    responseSigned Boolean
    Determines whether the SAML auth response message is digitally signed
    samlSignedRequestEnabled Boolean
    SAML Signed Request enabled
    samlVersion String
    SAML version for the app's sign-on mode. Valid values are: 2.0 or 1.1. Default is 2.0
    signatureAlgorithm String
    Signature algorithm used to digitally sign the assertion and response
    singleLogoutCertificate String
    x509 encoded certificate that the Service Provider uses to sign Single Logout requests. Note: should be provided without -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----, see official documentation.
    singleLogoutIssuer String
    The issuer of the Service Provider that generates the Single Logout request
    singleLogoutUrl String
    The location where the logout response is sent
    spIssuer String
    SAML SP issuer ID
    ssoUrl String
    Single Sign On URL
    status String
    Status of application. By default, it is ACTIVE
    subjectNameIdFormat String
    Identifies the SAML processing rules.
    subjectNameIdTemplate String
    Template for app user's username when a user is assigned to the app
    userNameTemplate String
    Username template. Default: ${source.login}
    userNameTemplatePushStatus String
    Push username on update. Valid values: PUSH and DONT_PUSH
    userNameTemplateSuffix String
    Username template suffix
    userNameTemplateType String
    Username template type. Default: BUILT_IN

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Saml resource produces the following output properties:

    Certificate string
    cert from SAML XML metadata payload
    EmbedUrl string
    The url that can be used to embed this application in other portals.
    EntityKey string
    Entity ID, the ID portion of the entity_url
    EntityUrl string
    Entity URL for instance http://www.okta.com/exk1fcia6d6EMsf331d8
    Features List<string>
    features to enable
    HttpPostBinding string
    urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Post location from the SAML metadata.
    HttpRedirectBinding string
    urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect location from the SAML metadata.
    Id string
    The provider-assigned unique ID for this managed resource.
    KeyId string
    Certificate ID
    Keys List<SamlKey>
    Application keys
    LogoUrl string
    URL of the application's logo
    Metadata string
    SAML xml metadata payload
    MetadataUrl string
    SAML xml metadata URL
    Name string
    Name of the app.
    SignOnMode string
    Sign on mode of application.
    Certificate string
    cert from SAML XML metadata payload
    EmbedUrl string
    The url that can be used to embed this application in other portals.
    EntityKey string
    Entity ID, the ID portion of the entity_url
    EntityUrl string
    Entity URL for instance http://www.okta.com/exk1fcia6d6EMsf331d8
    Features []string
    features to enable
    HttpPostBinding string
    urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Post location from the SAML metadata.
    HttpRedirectBinding string
    urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect location from the SAML metadata.
    Id string
    The provider-assigned unique ID for this managed resource.
    KeyId string
    Certificate ID
    Keys []SamlKey
    Application keys
    LogoUrl string
    URL of the application's logo
    Metadata string
    SAML xml metadata payload
    MetadataUrl string
    SAML xml metadata URL
    Name string
    Name of the app.
    SignOnMode string
    Sign on mode of application.
    certificate String
    cert from SAML XML metadata payload
    embedUrl String
    The url that can be used to embed this application in other portals.
    entityKey String
    Entity ID, the ID portion of the entity_url
    entityUrl String
    Entity URL for instance http://www.okta.com/exk1fcia6d6EMsf331d8
    features List<String>
    features to enable
    httpPostBinding String
    urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Post location from the SAML metadata.
    httpRedirectBinding String
    urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect location from the SAML metadata.
    id String
    The provider-assigned unique ID for this managed resource.
    keyId String
    Certificate ID
    keys List<SamlKey>
    Application keys
    logoUrl String
    URL of the application's logo
    metadata String
    SAML xml metadata payload
    metadataUrl String
    SAML xml metadata URL
    name String
    Name of the app.
    signOnMode String
    Sign on mode of application.
    certificate string
    cert from SAML XML metadata payload
    embedUrl string
    The url that can be used to embed this application in other portals.
    entityKey string
    Entity ID, the ID portion of the entity_url
    entityUrl string
    Entity URL for instance http://www.okta.com/exk1fcia6d6EMsf331d8
    features string[]
    features to enable
    httpPostBinding string
    urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Post location from the SAML metadata.
    httpRedirectBinding string
    urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect location from the SAML metadata.
    id string
    The provider-assigned unique ID for this managed resource.
    keyId string
    Certificate ID
    keys SamlKey[]
    Application keys
    logoUrl string
    URL of the application's logo
    metadata string
    SAML xml metadata payload
    metadataUrl string
    SAML xml metadata URL
    name string
    Name of the app.
    signOnMode string
    Sign on mode of application.
    certificate str
    cert from SAML XML metadata payload
    embed_url str
    The url that can be used to embed this application in other portals.
    entity_key str
    Entity ID, the ID portion of the entity_url
    entity_url str
    Entity URL for instance http://www.okta.com/exk1fcia6d6EMsf331d8
    features Sequence[str]
    features to enable
    http_post_binding str
    urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Post location from the SAML metadata.
    http_redirect_binding str
    urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect location from the SAML metadata.
    id str
    The provider-assigned unique ID for this managed resource.
    key_id str
    Certificate ID
    keys Sequence[SamlKey]
    Application keys
    logo_url str
    URL of the application's logo
    metadata str
    SAML xml metadata payload
    metadata_url str
    SAML xml metadata URL
    name str
    Name of the app.
    sign_on_mode str
    Sign on mode of application.
    certificate String
    cert from SAML XML metadata payload
    embedUrl String
    The url that can be used to embed this application in other portals.
    entityKey String
    Entity ID, the ID portion of the entity_url
    entityUrl String
    Entity URL for instance http://www.okta.com/exk1fcia6d6EMsf331d8
    features List<String>
    features to enable
    httpPostBinding String
    urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Post location from the SAML metadata.
    httpRedirectBinding String
    urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect location from the SAML metadata.
    id String
    The provider-assigned unique ID for this managed resource.
    keyId String
    Certificate ID
    keys List<Property Map>
    Application keys
    logoUrl String
    URL of the application's logo
    metadata String
    SAML xml metadata payload
    metadataUrl String
    SAML xml metadata URL
    name String
    Name of the app.
    signOnMode String
    Sign on mode of application.

    Look up Existing Saml Resource

    Get an existing Saml resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: SamlState, opts?: CustomResourceOptions): Saml
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            accessibility_error_redirect_url: Optional[str] = None,
            accessibility_login_redirect_url: Optional[str] = None,
            accessibility_self_service: Optional[bool] = None,
            acs_endpoints: Optional[Sequence[str]] = None,
            admin_note: Optional[str] = None,
            app_links_json: Optional[str] = None,
            app_settings_json: Optional[str] = None,
            assertion_signed: Optional[bool] = None,
            attribute_statements: Optional[Sequence[SamlAttributeStatementArgs]] = None,
            audience: Optional[str] = None,
            authentication_policy: Optional[str] = None,
            authn_context_class_ref: Optional[str] = None,
            auto_submit_toolbar: Optional[bool] = None,
            certificate: Optional[str] = None,
            default_relay_state: Optional[str] = None,
            destination: Optional[str] = None,
            digest_algorithm: Optional[str] = None,
            embed_url: Optional[str] = None,
            enduser_note: Optional[str] = None,
            entity_key: Optional[str] = None,
            entity_url: Optional[str] = None,
            features: Optional[Sequence[str]] = None,
            hide_ios: Optional[bool] = None,
            hide_web: Optional[bool] = None,
            honor_force_authn: Optional[bool] = None,
            http_post_binding: Optional[str] = None,
            http_redirect_binding: Optional[str] = None,
            idp_issuer: Optional[str] = None,
            implicit_assignment: Optional[bool] = None,
            inline_hook_id: Optional[str] = None,
            key_id: Optional[str] = None,
            key_name: Optional[str] = None,
            key_years_valid: Optional[int] = None,
            keys: Optional[Sequence[SamlKeyArgs]] = None,
            label: Optional[str] = None,
            logo: Optional[str] = None,
            logo_url: Optional[str] = None,
            metadata: Optional[str] = None,
            metadata_url: Optional[str] = None,
            name: Optional[str] = None,
            preconfigured_app: Optional[str] = None,
            recipient: Optional[str] = None,
            request_compressed: Optional[bool] = None,
            response_signed: Optional[bool] = None,
            saml_signed_request_enabled: Optional[bool] = None,
            saml_version: Optional[str] = None,
            sign_on_mode: Optional[str] = None,
            signature_algorithm: Optional[str] = None,
            single_logout_certificate: Optional[str] = None,
            single_logout_issuer: Optional[str] = None,
            single_logout_url: Optional[str] = None,
            sp_issuer: Optional[str] = None,
            sso_url: Optional[str] = None,
            status: Optional[str] = None,
            subject_name_id_format: Optional[str] = None,
            subject_name_id_template: Optional[str] = None,
            user_name_template: Optional[str] = None,
            user_name_template_push_status: Optional[str] = None,
            user_name_template_suffix: Optional[str] = None,
            user_name_template_type: Optional[str] = None) -> Saml
    func GetSaml(ctx *Context, name string, id IDInput, state *SamlState, opts ...ResourceOption) (*Saml, error)
    public static Saml Get(string name, Input<string> id, SamlState? state, CustomResourceOptions? opts = null)
    public static Saml get(String name, Output<String> id, SamlState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AccessibilityErrorRedirectUrl string
    Custom error page URL
    AccessibilityLoginRedirectUrl string
    Custom login page URL
    AccessibilitySelfService bool
    Enable self service. Default is false
    AcsEndpoints List<string>
    An array of ACS endpoints. You can configure a maximum of 100 endpoints.
    AdminNote string
    Application notes for admins.
    AppLinksJson string
    Displays specific appLinks for the app. The value for each application link should be boolean.
    AppSettingsJson string
    Application settings in JSON format
    AssertionSigned bool
    Determines whether the SAML assertion is digitally signed
    AttributeStatements List<SamlAttributeStatement>
    Audience string
    Audience Restriction
    AuthenticationPolicy string
    The ID of the associated app_signon_policy. If this property is removed from the application the default sign-on-policy will be associated with this application.y
    AuthnContextClassRef string
    Identifies the SAML authentication context class for the assertion’s authentication statement
    AutoSubmitToolbar bool
    Display auto submit toolbar. Default is: false
    Certificate string
    cert from SAML XML metadata payload
    DefaultRelayState string
    Identifies a specific application resource in an IDP initiated SSO scenario.
    Destination string
    Identifies the location where the SAML response is intended to be sent inside of the SAML assertion
    DigestAlgorithm string
    Determines the digest algorithm used to digitally sign the SAML assertion and response
    EmbedUrl string
    The url that can be used to embed this application in other portals.
    EnduserNote string
    Application notes for end users.
    EntityKey string
    Entity ID, the ID portion of the entity_url
    EntityUrl string
    Entity URL for instance http://www.okta.com/exk1fcia6d6EMsf331d8
    Features List<string>
    features to enable
    HideIos bool
    Do not display application icon on mobile app
    HideWeb bool
    Do not display application icon to users
    HonorForceAuthn bool
    Prompt user to re-authenticate if SP asks for it. Default is: false
    HttpPostBinding string
    urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Post location from the SAML metadata.
    HttpRedirectBinding string
    urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect location from the SAML metadata.
    IdpIssuer string
    SAML issuer ID
    ImplicitAssignment bool
    Early Access Property. Enable Federation Broker Mode.
    InlineHookId string
    Saml Inline Hook setting
    KeyId string
    Certificate ID
    KeyName string
    Certificate name. This modulates the rotation of keys. New name == new key. Required to be set with key_years_valid
    KeyYearsValid int
    Number of years the certificate is valid (2 - 10 years).
    Keys List<SamlKey>
    Application keys
    Label string
    The Application's display name.
    Logo string
    Local file path to the logo. The file must be in PNG, JPG, or GIF format, and less than 1 MB in size.
    LogoUrl string
    URL of the application's logo
    Metadata string
    SAML xml metadata payload
    MetadataUrl string
    SAML xml metadata URL
    Name string
    Name of the app.
    PreconfiguredApp string
    Name of application from the Okta Integration Network. For instance 'slack'. If not included a custom app will be created. If not provided the following arguments are required: 'ssourl' 'recipient' 'destination' 'audience' 'subjectnameidtemplate' 'subjectnameidformat' 'signaturealgorithm' 'digestalgorithm' 'authncontextclassref'
    Recipient string
    The location where the app may present the SAML assertion
    RequestCompressed bool
    Denotes whether the request is compressed or not.
    ResponseSigned bool
    Determines whether the SAML auth response message is digitally signed
    SamlSignedRequestEnabled bool
    SAML Signed Request enabled
    SamlVersion string
    SAML version for the app's sign-on mode. Valid values are: 2.0 or 1.1. Default is 2.0
    SignOnMode string
    Sign on mode of application.
    SignatureAlgorithm string
    Signature algorithm used to digitally sign the assertion and response
    SingleLogoutCertificate string
    x509 encoded certificate that the Service Provider uses to sign Single Logout requests. Note: should be provided without -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----, see official documentation.
    SingleLogoutIssuer string
    The issuer of the Service Provider that generates the Single Logout request
    SingleLogoutUrl string
    The location where the logout response is sent
    SpIssuer string
    SAML SP issuer ID
    SsoUrl string
    Single Sign On URL
    Status string
    Status of application. By default, it is ACTIVE
    SubjectNameIdFormat string
    Identifies the SAML processing rules.
    SubjectNameIdTemplate string
    Template for app user's username when a user is assigned to the app
    UserNameTemplate string
    Username template. Default: ${source.login}
    UserNameTemplatePushStatus string
    Push username on update. Valid values: PUSH and DONT_PUSH
    UserNameTemplateSuffix string
    Username template suffix
    UserNameTemplateType string
    Username template type. Default: BUILT_IN
    AccessibilityErrorRedirectUrl string
    Custom error page URL
    AccessibilityLoginRedirectUrl string
    Custom login page URL
    AccessibilitySelfService bool
    Enable self service. Default is false
    AcsEndpoints []string
    An array of ACS endpoints. You can configure a maximum of 100 endpoints.
    AdminNote string
    Application notes for admins.
    AppLinksJson string
    Displays specific appLinks for the app. The value for each application link should be boolean.
    AppSettingsJson string
    Application settings in JSON format
    AssertionSigned bool
    Determines whether the SAML assertion is digitally signed
    AttributeStatements []SamlAttributeStatementArgs
    Audience string
    Audience Restriction
    AuthenticationPolicy string
    The ID of the associated app_signon_policy. If this property is removed from the application the default sign-on-policy will be associated with this application.y
    AuthnContextClassRef string
    Identifies the SAML authentication context class for the assertion’s authentication statement
    AutoSubmitToolbar bool
    Display auto submit toolbar. Default is: false
    Certificate string
    cert from SAML XML metadata payload
    DefaultRelayState string
    Identifies a specific application resource in an IDP initiated SSO scenario.
    Destination string
    Identifies the location where the SAML response is intended to be sent inside of the SAML assertion
    DigestAlgorithm string
    Determines the digest algorithm used to digitally sign the SAML assertion and response
    EmbedUrl string
    The url that can be used to embed this application in other portals.
    EnduserNote string
    Application notes for end users.
    EntityKey string
    Entity ID, the ID portion of the entity_url
    EntityUrl string
    Entity URL for instance http://www.okta.com/exk1fcia6d6EMsf331d8
    Features []string
    features to enable
    HideIos bool
    Do not display application icon on mobile app
    HideWeb bool
    Do not display application icon to users
    HonorForceAuthn bool
    Prompt user to re-authenticate if SP asks for it. Default is: false
    HttpPostBinding string
    urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Post location from the SAML metadata.
    HttpRedirectBinding string
    urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect location from the SAML metadata.
    IdpIssuer string
    SAML issuer ID
    ImplicitAssignment bool
    Early Access Property. Enable Federation Broker Mode.
    InlineHookId string
    Saml Inline Hook setting
    KeyId string
    Certificate ID
    KeyName string
    Certificate name. This modulates the rotation of keys. New name == new key. Required to be set with key_years_valid
    KeyYearsValid int
    Number of years the certificate is valid (2 - 10 years).
    Keys []SamlKeyArgs
    Application keys
    Label string
    The Application's display name.
    Logo string
    Local file path to the logo. The file must be in PNG, JPG, or GIF format, and less than 1 MB in size.
    LogoUrl string
    URL of the application's logo
    Metadata string
    SAML xml metadata payload
    MetadataUrl string
    SAML xml metadata URL
    Name string
    Name of the app.
    PreconfiguredApp string
    Name of application from the Okta Integration Network. For instance 'slack'. If not included a custom app will be created. If not provided the following arguments are required: 'ssourl' 'recipient' 'destination' 'audience' 'subjectnameidtemplate' 'subjectnameidformat' 'signaturealgorithm' 'digestalgorithm' 'authncontextclassref'
    Recipient string
    The location where the app may present the SAML assertion
    RequestCompressed bool
    Denotes whether the request is compressed or not.
    ResponseSigned bool
    Determines whether the SAML auth response message is digitally signed
    SamlSignedRequestEnabled bool
    SAML Signed Request enabled
    SamlVersion string
    SAML version for the app's sign-on mode. Valid values are: 2.0 or 1.1. Default is 2.0
    SignOnMode string
    Sign on mode of application.
    SignatureAlgorithm string
    Signature algorithm used to digitally sign the assertion and response
    SingleLogoutCertificate string
    x509 encoded certificate that the Service Provider uses to sign Single Logout requests. Note: should be provided without -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----, see official documentation.
    SingleLogoutIssuer string
    The issuer of the Service Provider that generates the Single Logout request
    SingleLogoutUrl string
    The location where the logout response is sent
    SpIssuer string
    SAML SP issuer ID
    SsoUrl string
    Single Sign On URL
    Status string
    Status of application. By default, it is ACTIVE
    SubjectNameIdFormat string
    Identifies the SAML processing rules.
    SubjectNameIdTemplate string
    Template for app user's username when a user is assigned to the app
    UserNameTemplate string
    Username template. Default: ${source.login}
    UserNameTemplatePushStatus string
    Push username on update. Valid values: PUSH and DONT_PUSH
    UserNameTemplateSuffix string
    Username template suffix
    UserNameTemplateType string
    Username template type. Default: BUILT_IN
    accessibilityErrorRedirectUrl String
    Custom error page URL
    accessibilityLoginRedirectUrl String
    Custom login page URL
    accessibilitySelfService Boolean
    Enable self service. Default is false
    acsEndpoints List<String>
    An array of ACS endpoints. You can configure a maximum of 100 endpoints.
    adminNote String
    Application notes for admins.
    appLinksJson String
    Displays specific appLinks for the app. The value for each application link should be boolean.
    appSettingsJson String
    Application settings in JSON format
    assertionSigned Boolean
    Determines whether the SAML assertion is digitally signed
    attributeStatements List<SamlAttributeStatement>
    audience String
    Audience Restriction
    authenticationPolicy String
    The ID of the associated app_signon_policy. If this property is removed from the application the default sign-on-policy will be associated with this application.y
    authnContextClassRef String
    Identifies the SAML authentication context class for the assertion’s authentication statement
    autoSubmitToolbar Boolean
    Display auto submit toolbar. Default is: false
    certificate String
    cert from SAML XML metadata payload
    defaultRelayState String
    Identifies a specific application resource in an IDP initiated SSO scenario.
    destination String
    Identifies the location where the SAML response is intended to be sent inside of the SAML assertion
    digestAlgorithm String
    Determines the digest algorithm used to digitally sign the SAML assertion and response
    embedUrl String
    The url that can be used to embed this application in other portals.
    enduserNote String
    Application notes for end users.
    entityKey String
    Entity ID, the ID portion of the entity_url
    entityUrl String
    Entity URL for instance http://www.okta.com/exk1fcia6d6EMsf331d8
    features List<String>
    features to enable
    hideIos Boolean
    Do not display application icon on mobile app
    hideWeb Boolean
    Do not display application icon to users
    honorForceAuthn Boolean
    Prompt user to re-authenticate if SP asks for it. Default is: false
    httpPostBinding String
    urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Post location from the SAML metadata.
    httpRedirectBinding String
    urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect location from the SAML metadata.
    idpIssuer String
    SAML issuer ID
    implicitAssignment Boolean
    Early Access Property. Enable Federation Broker Mode.
    inlineHookId String
    Saml Inline Hook setting
    keyId String
    Certificate ID
    keyName String
    Certificate name. This modulates the rotation of keys. New name == new key. Required to be set with key_years_valid
    keyYearsValid Integer
    Number of years the certificate is valid (2 - 10 years).
    keys List<SamlKey>
    Application keys
    label String
    The Application's display name.
    logo String
    Local file path to the logo. The file must be in PNG, JPG, or GIF format, and less than 1 MB in size.
    logoUrl String
    URL of the application's logo
    metadata String
    SAML xml metadata payload
    metadataUrl String
    SAML xml metadata URL
    name String
    Name of the app.
    preconfiguredApp String
    Name of application from the Okta Integration Network. For instance 'slack'. If not included a custom app will be created. If not provided the following arguments are required: 'ssourl' 'recipient' 'destination' 'audience' 'subjectnameidtemplate' 'subjectnameidformat' 'signaturealgorithm' 'digestalgorithm' 'authncontextclassref'
    recipient String
    The location where the app may present the SAML assertion
    requestCompressed Boolean
    Denotes whether the request is compressed or not.
    responseSigned Boolean
    Determines whether the SAML auth response message is digitally signed
    samlSignedRequestEnabled Boolean
    SAML Signed Request enabled
    samlVersion String
    SAML version for the app's sign-on mode. Valid values are: 2.0 or 1.1. Default is 2.0
    signOnMode String
    Sign on mode of application.
    signatureAlgorithm String
    Signature algorithm used to digitally sign the assertion and response
    singleLogoutCertificate String
    x509 encoded certificate that the Service Provider uses to sign Single Logout requests. Note: should be provided without -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----, see official documentation.
    singleLogoutIssuer String
    The issuer of the Service Provider that generates the Single Logout request
    singleLogoutUrl String
    The location where the logout response is sent
    spIssuer String
    SAML SP issuer ID
    ssoUrl String
    Single Sign On URL
    status String
    Status of application. By default, it is ACTIVE
    subjectNameIdFormat String
    Identifies the SAML processing rules.
    subjectNameIdTemplate String
    Template for app user's username when a user is assigned to the app
    userNameTemplate String
    Username template. Default: ${source.login}
    userNameTemplatePushStatus String
    Push username on update. Valid values: PUSH and DONT_PUSH
    userNameTemplateSuffix String
    Username template suffix
    userNameTemplateType String
    Username template type. Default: BUILT_IN
    accessibilityErrorRedirectUrl string
    Custom error page URL
    accessibilityLoginRedirectUrl string
    Custom login page URL
    accessibilitySelfService boolean
    Enable self service. Default is false
    acsEndpoints string[]
    An array of ACS endpoints. You can configure a maximum of 100 endpoints.
    adminNote string
    Application notes for admins.
    appLinksJson string
    Displays specific appLinks for the app. The value for each application link should be boolean.
    appSettingsJson string
    Application settings in JSON format
    assertionSigned boolean
    Determines whether the SAML assertion is digitally signed
    attributeStatements SamlAttributeStatement[]
    audience string
    Audience Restriction
    authenticationPolicy string
    The ID of the associated app_signon_policy. If this property is removed from the application the default sign-on-policy will be associated with this application.y
    authnContextClassRef string
    Identifies the SAML authentication context class for the assertion’s authentication statement
    autoSubmitToolbar boolean
    Display auto submit toolbar. Default is: false
    certificate string
    cert from SAML XML metadata payload
    defaultRelayState string
    Identifies a specific application resource in an IDP initiated SSO scenario.
    destination string
    Identifies the location where the SAML response is intended to be sent inside of the SAML assertion
    digestAlgorithm string
    Determines the digest algorithm used to digitally sign the SAML assertion and response
    embedUrl string
    The url that can be used to embed this application in other portals.
    enduserNote string
    Application notes for end users.
    entityKey string
    Entity ID, the ID portion of the entity_url
    entityUrl string
    Entity URL for instance http://www.okta.com/exk1fcia6d6EMsf331d8
    features string[]
    features to enable
    hideIos boolean
    Do not display application icon on mobile app
    hideWeb boolean
    Do not display application icon to users
    honorForceAuthn boolean
    Prompt user to re-authenticate if SP asks for it. Default is: false
    httpPostBinding string
    urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Post location from the SAML metadata.
    httpRedirectBinding string
    urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect location from the SAML metadata.
    idpIssuer string
    SAML issuer ID
    implicitAssignment boolean
    Early Access Property. Enable Federation Broker Mode.
    inlineHookId string
    Saml Inline Hook setting
    keyId string
    Certificate ID
    keyName string
    Certificate name. This modulates the rotation of keys. New name == new key. Required to be set with key_years_valid
    keyYearsValid number
    Number of years the certificate is valid (2 - 10 years).
    keys SamlKey[]
    Application keys
    label string
    The Application's display name.
    logo string
    Local file path to the logo. The file must be in PNG, JPG, or GIF format, and less than 1 MB in size.
    logoUrl string
    URL of the application's logo
    metadata string
    SAML xml metadata payload
    metadataUrl string
    SAML xml metadata URL
    name string
    Name of the app.
    preconfiguredApp string
    Name of application from the Okta Integration Network. For instance 'slack'. If not included a custom app will be created. If not provided the following arguments are required: 'ssourl' 'recipient' 'destination' 'audience' 'subjectnameidtemplate' 'subjectnameidformat' 'signaturealgorithm' 'digestalgorithm' 'authncontextclassref'
    recipient string
    The location where the app may present the SAML assertion
    requestCompressed boolean
    Denotes whether the request is compressed or not.
    responseSigned boolean
    Determines whether the SAML auth response message is digitally signed
    samlSignedRequestEnabled boolean
    SAML Signed Request enabled
    samlVersion string
    SAML version for the app's sign-on mode. Valid values are: 2.0 or 1.1. Default is 2.0
    signOnMode string
    Sign on mode of application.
    signatureAlgorithm string
    Signature algorithm used to digitally sign the assertion and response
    singleLogoutCertificate string
    x509 encoded certificate that the Service Provider uses to sign Single Logout requests. Note: should be provided without -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----, see official documentation.
    singleLogoutIssuer string
    The issuer of the Service Provider that generates the Single Logout request
    singleLogoutUrl string
    The location where the logout response is sent
    spIssuer string
    SAML SP issuer ID
    ssoUrl string
    Single Sign On URL
    status string
    Status of application. By default, it is ACTIVE
    subjectNameIdFormat string
    Identifies the SAML processing rules.
    subjectNameIdTemplate string
    Template for app user's username when a user is assigned to the app
    userNameTemplate string
    Username template. Default: ${source.login}
    userNameTemplatePushStatus string
    Push username on update. Valid values: PUSH and DONT_PUSH
    userNameTemplateSuffix string
    Username template suffix
    userNameTemplateType string
    Username template type. Default: BUILT_IN
    accessibility_error_redirect_url str
    Custom error page URL
    accessibility_login_redirect_url str
    Custom login page URL
    accessibility_self_service bool
    Enable self service. Default is false
    acs_endpoints Sequence[str]
    An array of ACS endpoints. You can configure a maximum of 100 endpoints.
    admin_note str
    Application notes for admins.
    app_links_json str
    Displays specific appLinks for the app. The value for each application link should be boolean.
    app_settings_json str
    Application settings in JSON format
    assertion_signed bool
    Determines whether the SAML assertion is digitally signed
    attribute_statements Sequence[SamlAttributeStatementArgs]
    audience str
    Audience Restriction
    authentication_policy str
    The ID of the associated app_signon_policy. If this property is removed from the application the default sign-on-policy will be associated with this application.y
    authn_context_class_ref str
    Identifies the SAML authentication context class for the assertion’s authentication statement
    auto_submit_toolbar bool
    Display auto submit toolbar. Default is: false
    certificate str
    cert from SAML XML metadata payload
    default_relay_state str
    Identifies a specific application resource in an IDP initiated SSO scenario.
    destination str
    Identifies the location where the SAML response is intended to be sent inside of the SAML assertion
    digest_algorithm str
    Determines the digest algorithm used to digitally sign the SAML assertion and response
    embed_url str
    The url that can be used to embed this application in other portals.
    enduser_note str
    Application notes for end users.
    entity_key str
    Entity ID, the ID portion of the entity_url
    entity_url str
    Entity URL for instance http://www.okta.com/exk1fcia6d6EMsf331d8
    features Sequence[str]
    features to enable
    hide_ios bool
    Do not display application icon on mobile app
    hide_web bool
    Do not display application icon to users
    honor_force_authn bool
    Prompt user to re-authenticate if SP asks for it. Default is: false
    http_post_binding str
    urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Post location from the SAML metadata.
    http_redirect_binding str
    urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect location from the SAML metadata.
    idp_issuer str
    SAML issuer ID
    implicit_assignment bool
    Early Access Property. Enable Federation Broker Mode.
    inline_hook_id str
    Saml Inline Hook setting
    key_id str
    Certificate ID
    key_name str
    Certificate name. This modulates the rotation of keys. New name == new key. Required to be set with key_years_valid
    key_years_valid int
    Number of years the certificate is valid (2 - 10 years).
    keys Sequence[SamlKeyArgs]
    Application keys
    label str
    The Application's display name.
    logo str
    Local file path to the logo. The file must be in PNG, JPG, or GIF format, and less than 1 MB in size.
    logo_url str
    URL of the application's logo
    metadata str
    SAML xml metadata payload
    metadata_url str
    SAML xml metadata URL
    name str
    Name of the app.
    preconfigured_app str
    Name of application from the Okta Integration Network. For instance 'slack'. If not included a custom app will be created. If not provided the following arguments are required: 'ssourl' 'recipient' 'destination' 'audience' 'subjectnameidtemplate' 'subjectnameidformat' 'signaturealgorithm' 'digestalgorithm' 'authncontextclassref'
    recipient str
    The location where the app may present the SAML assertion
    request_compressed bool
    Denotes whether the request is compressed or not.
    response_signed bool
    Determines whether the SAML auth response message is digitally signed
    saml_signed_request_enabled bool
    SAML Signed Request enabled
    saml_version str
    SAML version for the app's sign-on mode. Valid values are: 2.0 or 1.1. Default is 2.0
    sign_on_mode str
    Sign on mode of application.
    signature_algorithm str
    Signature algorithm used to digitally sign the assertion and response
    single_logout_certificate str
    x509 encoded certificate that the Service Provider uses to sign Single Logout requests. Note: should be provided without -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----, see official documentation.
    single_logout_issuer str
    The issuer of the Service Provider that generates the Single Logout request
    single_logout_url str
    The location where the logout response is sent
    sp_issuer str
    SAML SP issuer ID
    sso_url str
    Single Sign On URL
    status str
    Status of application. By default, it is ACTIVE
    subject_name_id_format str
    Identifies the SAML processing rules.
    subject_name_id_template str
    Template for app user's username when a user is assigned to the app
    user_name_template str
    Username template. Default: ${source.login}
    user_name_template_push_status str
    Push username on update. Valid values: PUSH and DONT_PUSH
    user_name_template_suffix str
    Username template suffix
    user_name_template_type str
    Username template type. Default: BUILT_IN
    accessibilityErrorRedirectUrl String
    Custom error page URL
    accessibilityLoginRedirectUrl String
    Custom login page URL
    accessibilitySelfService Boolean
    Enable self service. Default is false
    acsEndpoints List<String>
    An array of ACS endpoints. You can configure a maximum of 100 endpoints.
    adminNote String
    Application notes for admins.
    appLinksJson String
    Displays specific appLinks for the app. The value for each application link should be boolean.
    appSettingsJson String
    Application settings in JSON format
    assertionSigned Boolean
    Determines whether the SAML assertion is digitally signed
    attributeStatements List<Property Map>
    audience String
    Audience Restriction
    authenticationPolicy String
    The ID of the associated app_signon_policy. If this property is removed from the application the default sign-on-policy will be associated with this application.y
    authnContextClassRef String
    Identifies the SAML authentication context class for the assertion’s authentication statement
    autoSubmitToolbar Boolean
    Display auto submit toolbar. Default is: false
    certificate String
    cert from SAML XML metadata payload
    defaultRelayState String
    Identifies a specific application resource in an IDP initiated SSO scenario.
    destination String
    Identifies the location where the SAML response is intended to be sent inside of the SAML assertion
    digestAlgorithm String
    Determines the digest algorithm used to digitally sign the SAML assertion and response
    embedUrl String
    The url that can be used to embed this application in other portals.
    enduserNote String
    Application notes for end users.
    entityKey String
    Entity ID, the ID portion of the entity_url
    entityUrl String
    Entity URL for instance http://www.okta.com/exk1fcia6d6EMsf331d8
    features List<String>
    features to enable
    hideIos Boolean
    Do not display application icon on mobile app
    hideWeb Boolean
    Do not display application icon to users
    honorForceAuthn Boolean
    Prompt user to re-authenticate if SP asks for it. Default is: false
    httpPostBinding String
    urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Post location from the SAML metadata.
    httpRedirectBinding String
    urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect location from the SAML metadata.
    idpIssuer String
    SAML issuer ID
    implicitAssignment Boolean
    Early Access Property. Enable Federation Broker Mode.
    inlineHookId String
    Saml Inline Hook setting
    keyId String
    Certificate ID
    keyName String
    Certificate name. This modulates the rotation of keys. New name == new key. Required to be set with key_years_valid
    keyYearsValid Number
    Number of years the certificate is valid (2 - 10 years).
    keys List<Property Map>
    Application keys
    label String
    The Application's display name.
    logo String
    Local file path to the logo. The file must be in PNG, JPG, or GIF format, and less than 1 MB in size.
    logoUrl String
    URL of the application's logo
    metadata String
    SAML xml metadata payload
    metadataUrl String
    SAML xml metadata URL
    name String
    Name of the app.
    preconfiguredApp String
    Name of application from the Okta Integration Network. For instance 'slack'. If not included a custom app will be created. If not provided the following arguments are required: 'ssourl' 'recipient' 'destination' 'audience' 'subjectnameidtemplate' 'subjectnameidformat' 'signaturealgorithm' 'digestalgorithm' 'authncontextclassref'
    recipient String
    The location where the app may present the SAML assertion
    requestCompressed Boolean
    Denotes whether the request is compressed or not.
    responseSigned Boolean
    Determines whether the SAML auth response message is digitally signed
    samlSignedRequestEnabled Boolean
    SAML Signed Request enabled
    samlVersion String
    SAML version for the app's sign-on mode. Valid values are: 2.0 or 1.1. Default is 2.0
    signOnMode String
    Sign on mode of application.
    signatureAlgorithm String
    Signature algorithm used to digitally sign the assertion and response
    singleLogoutCertificate String
    x509 encoded certificate that the Service Provider uses to sign Single Logout requests. Note: should be provided without -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----, see official documentation.
    singleLogoutIssuer String
    The issuer of the Service Provider that generates the Single Logout request
    singleLogoutUrl String
    The location where the logout response is sent
    spIssuer String
    SAML SP issuer ID
    ssoUrl String
    Single Sign On URL
    status String
    Status of application. By default, it is ACTIVE
    subjectNameIdFormat String
    Identifies the SAML processing rules.
    subjectNameIdTemplate String
    Template for app user's username when a user is assigned to the app
    userNameTemplate String
    Username template. Default: ${source.login}
    userNameTemplatePushStatus String
    Push username on update. Valid values: PUSH and DONT_PUSH
    userNameTemplateSuffix String
    Username template suffix
    userNameTemplateType String
    Username template type. Default: BUILT_IN

    Supporting Types

    SamlAttributeStatement, SamlAttributeStatementArgs

    Name string
    The reference name of the attribute statement
    FilterType string
    Type of group attribute filter. Valid values are: STARTS_WITH, EQUALS, CONTAINS, or REGEX
    FilterValue string
    Filter value to use
    Namespace string
    The attribute namespace. It can be set to urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified, urn:oasis:names:tc:SAML:2.0:attrname-format:uri, or urn:oasis:names:tc:SAML:2.0:attrname-format:basic
    Type string
    The type of attribute statements object
    Values List<string>
    Name string
    The reference name of the attribute statement
    FilterType string
    Type of group attribute filter. Valid values are: STARTS_WITH, EQUALS, CONTAINS, or REGEX
    FilterValue string
    Filter value to use
    Namespace string
    The attribute namespace. It can be set to urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified, urn:oasis:names:tc:SAML:2.0:attrname-format:uri, or urn:oasis:names:tc:SAML:2.0:attrname-format:basic
    Type string
    The type of attribute statements object
    Values []string
    name String
    The reference name of the attribute statement
    filterType String
    Type of group attribute filter. Valid values are: STARTS_WITH, EQUALS, CONTAINS, or REGEX
    filterValue String
    Filter value to use
    namespace String
    The attribute namespace. It can be set to urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified, urn:oasis:names:tc:SAML:2.0:attrname-format:uri, or urn:oasis:names:tc:SAML:2.0:attrname-format:basic
    type String
    The type of attribute statements object
    values List<String>
    name string
    The reference name of the attribute statement
    filterType string
    Type of group attribute filter. Valid values are: STARTS_WITH, EQUALS, CONTAINS, or REGEX
    filterValue string
    Filter value to use
    namespace string
    The attribute namespace. It can be set to urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified, urn:oasis:names:tc:SAML:2.0:attrname-format:uri, or urn:oasis:names:tc:SAML:2.0:attrname-format:basic
    type string
    The type of attribute statements object
    values string[]
    name str
    The reference name of the attribute statement
    filter_type str
    Type of group attribute filter. Valid values are: STARTS_WITH, EQUALS, CONTAINS, or REGEX
    filter_value str
    Filter value to use
    namespace str
    The attribute namespace. It can be set to urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified, urn:oasis:names:tc:SAML:2.0:attrname-format:uri, or urn:oasis:names:tc:SAML:2.0:attrname-format:basic
    type str
    The type of attribute statements object
    values Sequence[str]
    name String
    The reference name of the attribute statement
    filterType String
    Type of group attribute filter. Valid values are: STARTS_WITH, EQUALS, CONTAINS, or REGEX
    filterValue String
    Filter value to use
    namespace String
    The attribute namespace. It can be set to urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified, urn:oasis:names:tc:SAML:2.0:attrname-format:uri, or urn:oasis:names:tc:SAML:2.0:attrname-format:basic
    type String
    The type of attribute statements object
    values List<String>

    SamlKey, SamlKeyArgs

    Created string
    Created date
    E string
    RSA exponent
    ExpiresAt string
    Expiration date
    Kid string
    Key ID
    Kty string
    Key type. Identifies the cryptographic algorithm family used with the key.
    LastUpdated string
    Last updated date
    N string
    RSA modulus
    Use string
    Intended use of the public key.
    X5cs List<string>
    X.509 Certificate Chain
    X5tS256 string
    X.509 certificate SHA-256 thumbprint
    Created string
    Created date
    E string
    RSA exponent
    ExpiresAt string
    Expiration date
    Kid string
    Key ID
    Kty string
    Key type. Identifies the cryptographic algorithm family used with the key.
    LastUpdated string
    Last updated date
    N string
    RSA modulus
    Use string
    Intended use of the public key.
    X5cs []string
    X.509 Certificate Chain
    X5tS256 string
    X.509 certificate SHA-256 thumbprint
    created String
    Created date
    e String
    RSA exponent
    expiresAt String
    Expiration date
    kid String
    Key ID
    kty String
    Key type. Identifies the cryptographic algorithm family used with the key.
    lastUpdated String
    Last updated date
    n String
    RSA modulus
    use String
    Intended use of the public key.
    x5cs List<String>
    X.509 Certificate Chain
    x5tS256 String
    X.509 certificate SHA-256 thumbprint
    created string
    Created date
    e string
    RSA exponent
    expiresAt string
    Expiration date
    kid string
    Key ID
    kty string
    Key type. Identifies the cryptographic algorithm family used with the key.
    lastUpdated string
    Last updated date
    n string
    RSA modulus
    use string
    Intended use of the public key.
    x5cs string[]
    X.509 Certificate Chain
    x5tS256 string
    X.509 certificate SHA-256 thumbprint
    created str
    Created date
    e str
    RSA exponent
    expires_at str
    Expiration date
    kid str
    Key ID
    kty str
    Key type. Identifies the cryptographic algorithm family used with the key.
    last_updated str
    Last updated date
    n str
    RSA modulus
    use str
    Intended use of the public key.
    x5cs Sequence[str]
    X.509 Certificate Chain
    x5t_s256 str
    X.509 certificate SHA-256 thumbprint
    created String
    Created date
    e String
    RSA exponent
    expiresAt String
    Expiration date
    kid String
    Key ID
    kty String
    Key type. Identifies the cryptographic algorithm family used with the key.
    lastUpdated String
    Last updated date
    n String
    RSA modulus
    use String
    Intended use of the public key.
    x5cs List<String>
    X.509 Certificate Chain
    x5tS256 String
    X.509 certificate SHA-256 thumbprint

    Import

    $ pulumi import okta:app/saml:Saml example <app_id>
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Okta pulumi/pulumi-okta
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the okta Terraform Provider.
    okta logo
    Okta v4.11.3 published on Monday, Oct 21, 2024 by Pulumi