okta.group.Role
Explore with Pulumi AI
Assigns Admin roles to Okta Groups. This resource allows you to assign Okta administrator roles to Okta Groups. This resource provides a one-to-one interface between the Okta group and the admin role.
Create Role Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Role(name: string, args: RoleArgs, opts?: CustomResourceOptions);
@overload
def Role(resource_name: str,
args: RoleArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Role(resource_name: str,
opts: Optional[ResourceOptions] = None,
group_id: Optional[str] = None,
role_type: Optional[str] = None,
disable_notifications: Optional[bool] = None,
resource_set_id: Optional[str] = None,
role_id: Optional[str] = None,
target_app_lists: Optional[Sequence[str]] = None,
target_group_lists: Optional[Sequence[str]] = None)
func NewRole(ctx *Context, name string, args RoleArgs, opts ...ResourceOption) (*Role, error)
public Role(string name, RoleArgs args, CustomResourceOptions? opts = null)
type: okta:group:Role
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args RoleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args RoleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args RoleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args RoleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args RoleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var roleResource = new Okta.Group.Role("roleResource", new()
{
GroupId = "string",
RoleType = "string",
DisableNotifications = false,
ResourceSetId = "string",
RoleId = "string",
TargetAppLists = new[]
{
"string",
},
TargetGroupLists = new[]
{
"string",
},
});
example, err := group.NewRole(ctx, "roleResource", &group.RoleArgs{
GroupId: pulumi.String("string"),
RoleType: pulumi.String("string"),
DisableNotifications: pulumi.Bool(false),
ResourceSetId: pulumi.String("string"),
RoleId: pulumi.String("string"),
TargetAppLists: pulumi.StringArray{
pulumi.String("string"),
},
TargetGroupLists: pulumi.StringArray{
pulumi.String("string"),
},
})
var roleResource = new Role("roleResource", RoleArgs.builder()
.groupId("string")
.roleType("string")
.disableNotifications(false)
.resourceSetId("string")
.roleId("string")
.targetAppLists("string")
.targetGroupLists("string")
.build());
role_resource = okta.group.Role("roleResource",
group_id="string",
role_type="string",
disable_notifications=False,
resource_set_id="string",
role_id="string",
target_app_lists=["string"],
target_group_lists=["string"])
const roleResource = new okta.group.Role("roleResource", {
groupId: "string",
roleType: "string",
disableNotifications: false,
resourceSetId: "string",
roleId: "string",
targetAppLists: ["string"],
targetGroupLists: ["string"],
});
type: okta:group:Role
properties:
disableNotifications: false
groupId: string
resourceSetId: string
roleId: string
roleType: string
targetAppLists:
- string
targetGroupLists:
- string
Role Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Role resource accepts the following input properties:
- Group
Id string - ID of group to attach admin roles to
- Role
Type string - Admin role assigned to the group. It can be any one of the following values: "API_ADMIN", "APP_ADMIN", "CUSTOM", "GROUP_MEMBERSHIP_ADMIN", "HELP_DESK_ADMIN", "MOBILE_ADMIN", "ORG_ADMIN", "READ_ONLY_ADMIN", "REPORT_ADMIN", "SUPER_ADMIN", "USER_ADMIN" . See API Docs. - "USER_ADMIN" is the Group Administrator.
- Disable
Notifications bool - When this setting is enabled, the admins won't receive any of the default Okta administrator emails. These admins also won't have access to contact Okta Support and open support cases on behalf of your org.
- Resource
Set stringId - Resource Set ID. Required for role_type =
CUSTOM
- Role
Id string - Role ID. Required for role_type =
CUSTOM
- Target
App List<string>Lists - A list of app names (name represents set of app instances, like 'salesforce' or 'facebook'), or a combination of app
name and app instance ID (like 'facebook.0oapsqQ6dv19pqyEo0g3') you would like as the targets of the admin role. - Only
supported when used with the role type
APP_ADMIN
. - Target
Group List<string>Lists - A list of group IDs you would like as the targets of the admin role. - Only supported when used with the role types:
GROUP_MEMBERSHIP_ADMIN
,HELP_DESK_ADMIN
, orUSER_ADMIN
.
- Group
Id string - ID of group to attach admin roles to
- Role
Type string - Admin role assigned to the group. It can be any one of the following values: "API_ADMIN", "APP_ADMIN", "CUSTOM", "GROUP_MEMBERSHIP_ADMIN", "HELP_DESK_ADMIN", "MOBILE_ADMIN", "ORG_ADMIN", "READ_ONLY_ADMIN", "REPORT_ADMIN", "SUPER_ADMIN", "USER_ADMIN" . See API Docs. - "USER_ADMIN" is the Group Administrator.
- Disable
Notifications bool - When this setting is enabled, the admins won't receive any of the default Okta administrator emails. These admins also won't have access to contact Okta Support and open support cases on behalf of your org.
- Resource
Set stringId - Resource Set ID. Required for role_type =
CUSTOM
- Role
Id string - Role ID. Required for role_type =
CUSTOM
- Target
App []stringLists - A list of app names (name represents set of app instances, like 'salesforce' or 'facebook'), or a combination of app
name and app instance ID (like 'facebook.0oapsqQ6dv19pqyEo0g3') you would like as the targets of the admin role. - Only
supported when used with the role type
APP_ADMIN
. - Target
Group []stringLists - A list of group IDs you would like as the targets of the admin role. - Only supported when used with the role types:
GROUP_MEMBERSHIP_ADMIN
,HELP_DESK_ADMIN
, orUSER_ADMIN
.
- group
Id String - ID of group to attach admin roles to
- role
Type String - Admin role assigned to the group. It can be any one of the following values: "API_ADMIN", "APP_ADMIN", "CUSTOM", "GROUP_MEMBERSHIP_ADMIN", "HELP_DESK_ADMIN", "MOBILE_ADMIN", "ORG_ADMIN", "READ_ONLY_ADMIN", "REPORT_ADMIN", "SUPER_ADMIN", "USER_ADMIN" . See API Docs. - "USER_ADMIN" is the Group Administrator.
- disable
Notifications Boolean - When this setting is enabled, the admins won't receive any of the default Okta administrator emails. These admins also won't have access to contact Okta Support and open support cases on behalf of your org.
- resource
Set StringId - Resource Set ID. Required for role_type =
CUSTOM
- role
Id String - Role ID. Required for role_type =
CUSTOM
- target
App List<String>Lists - A list of app names (name represents set of app instances, like 'salesforce' or 'facebook'), or a combination of app
name and app instance ID (like 'facebook.0oapsqQ6dv19pqyEo0g3') you would like as the targets of the admin role. - Only
supported when used with the role type
APP_ADMIN
. - target
Group List<String>Lists - A list of group IDs you would like as the targets of the admin role. - Only supported when used with the role types:
GROUP_MEMBERSHIP_ADMIN
,HELP_DESK_ADMIN
, orUSER_ADMIN
.
- group
Id string - ID of group to attach admin roles to
- role
Type string - Admin role assigned to the group. It can be any one of the following values: "API_ADMIN", "APP_ADMIN", "CUSTOM", "GROUP_MEMBERSHIP_ADMIN", "HELP_DESK_ADMIN", "MOBILE_ADMIN", "ORG_ADMIN", "READ_ONLY_ADMIN", "REPORT_ADMIN", "SUPER_ADMIN", "USER_ADMIN" . See API Docs. - "USER_ADMIN" is the Group Administrator.
- disable
Notifications boolean - When this setting is enabled, the admins won't receive any of the default Okta administrator emails. These admins also won't have access to contact Okta Support and open support cases on behalf of your org.
- resource
Set stringId - Resource Set ID. Required for role_type =
CUSTOM
- role
Id string - Role ID. Required for role_type =
CUSTOM
- target
App string[]Lists - A list of app names (name represents set of app instances, like 'salesforce' or 'facebook'), or a combination of app
name and app instance ID (like 'facebook.0oapsqQ6dv19pqyEo0g3') you would like as the targets of the admin role. - Only
supported when used with the role type
APP_ADMIN
. - target
Group string[]Lists - A list of group IDs you would like as the targets of the admin role. - Only supported when used with the role types:
GROUP_MEMBERSHIP_ADMIN
,HELP_DESK_ADMIN
, orUSER_ADMIN
.
- group_
id str - ID of group to attach admin roles to
- role_
type str - Admin role assigned to the group. It can be any one of the following values: "API_ADMIN", "APP_ADMIN", "CUSTOM", "GROUP_MEMBERSHIP_ADMIN", "HELP_DESK_ADMIN", "MOBILE_ADMIN", "ORG_ADMIN", "READ_ONLY_ADMIN", "REPORT_ADMIN", "SUPER_ADMIN", "USER_ADMIN" . See API Docs. - "USER_ADMIN" is the Group Administrator.
- disable_
notifications bool - When this setting is enabled, the admins won't receive any of the default Okta administrator emails. These admins also won't have access to contact Okta Support and open support cases on behalf of your org.
- resource_
set_ strid - Resource Set ID. Required for role_type =
CUSTOM
- role_
id str - Role ID. Required for role_type =
CUSTOM
- target_
app_ Sequence[str]lists - A list of app names (name represents set of app instances, like 'salesforce' or 'facebook'), or a combination of app
name and app instance ID (like 'facebook.0oapsqQ6dv19pqyEo0g3') you would like as the targets of the admin role. - Only
supported when used with the role type
APP_ADMIN
. - target_
group_ Sequence[str]lists - A list of group IDs you would like as the targets of the admin role. - Only supported when used with the role types:
GROUP_MEMBERSHIP_ADMIN
,HELP_DESK_ADMIN
, orUSER_ADMIN
.
- group
Id String - ID of group to attach admin roles to
- role
Type String - Admin role assigned to the group. It can be any one of the following values: "API_ADMIN", "APP_ADMIN", "CUSTOM", "GROUP_MEMBERSHIP_ADMIN", "HELP_DESK_ADMIN", "MOBILE_ADMIN", "ORG_ADMIN", "READ_ONLY_ADMIN", "REPORT_ADMIN", "SUPER_ADMIN", "USER_ADMIN" . See API Docs. - "USER_ADMIN" is the Group Administrator.
- disable
Notifications Boolean - When this setting is enabled, the admins won't receive any of the default Okta administrator emails. These admins also won't have access to contact Okta Support and open support cases on behalf of your org.
- resource
Set StringId - Resource Set ID. Required for role_type =
CUSTOM
- role
Id String - Role ID. Required for role_type =
CUSTOM
- target
App List<String>Lists - A list of app names (name represents set of app instances, like 'salesforce' or 'facebook'), or a combination of app
name and app instance ID (like 'facebook.0oapsqQ6dv19pqyEo0g3') you would like as the targets of the admin role. - Only
supported when used with the role type
APP_ADMIN
. - target
Group List<String>Lists - A list of group IDs you would like as the targets of the admin role. - Only supported when used with the role types:
GROUP_MEMBERSHIP_ADMIN
,HELP_DESK_ADMIN
, orUSER_ADMIN
.
Outputs
All input properties are implicitly available as output properties. Additionally, the Role resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing Role Resource
Get an existing Role resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: RoleState, opts?: CustomResourceOptions): Role
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
disable_notifications: Optional[bool] = None,
group_id: Optional[str] = None,
resource_set_id: Optional[str] = None,
role_id: Optional[str] = None,
role_type: Optional[str] = None,
target_app_lists: Optional[Sequence[str]] = None,
target_group_lists: Optional[Sequence[str]] = None) -> Role
func GetRole(ctx *Context, name string, id IDInput, state *RoleState, opts ...ResourceOption) (*Role, error)
public static Role Get(string name, Input<string> id, RoleState? state, CustomResourceOptions? opts = null)
public static Role get(String name, Output<String> id, RoleState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Disable
Notifications bool - When this setting is enabled, the admins won't receive any of the default Okta administrator emails. These admins also won't have access to contact Okta Support and open support cases on behalf of your org.
- Group
Id string - ID of group to attach admin roles to
- Resource
Set stringId - Resource Set ID. Required for role_type =
CUSTOM
- Role
Id string - Role ID. Required for role_type =
CUSTOM
- Role
Type string - Admin role assigned to the group. It can be any one of the following values: "API_ADMIN", "APP_ADMIN", "CUSTOM", "GROUP_MEMBERSHIP_ADMIN", "HELP_DESK_ADMIN", "MOBILE_ADMIN", "ORG_ADMIN", "READ_ONLY_ADMIN", "REPORT_ADMIN", "SUPER_ADMIN", "USER_ADMIN" . See API Docs. - "USER_ADMIN" is the Group Administrator.
- Target
App List<string>Lists - A list of app names (name represents set of app instances, like 'salesforce' or 'facebook'), or a combination of app
name and app instance ID (like 'facebook.0oapsqQ6dv19pqyEo0g3') you would like as the targets of the admin role. - Only
supported when used with the role type
APP_ADMIN
. - Target
Group List<string>Lists - A list of group IDs you would like as the targets of the admin role. - Only supported when used with the role types:
GROUP_MEMBERSHIP_ADMIN
,HELP_DESK_ADMIN
, orUSER_ADMIN
.
- Disable
Notifications bool - When this setting is enabled, the admins won't receive any of the default Okta administrator emails. These admins also won't have access to contact Okta Support and open support cases on behalf of your org.
- Group
Id string - ID of group to attach admin roles to
- Resource
Set stringId - Resource Set ID. Required for role_type =
CUSTOM
- Role
Id string - Role ID. Required for role_type =
CUSTOM
- Role
Type string - Admin role assigned to the group. It can be any one of the following values: "API_ADMIN", "APP_ADMIN", "CUSTOM", "GROUP_MEMBERSHIP_ADMIN", "HELP_DESK_ADMIN", "MOBILE_ADMIN", "ORG_ADMIN", "READ_ONLY_ADMIN", "REPORT_ADMIN", "SUPER_ADMIN", "USER_ADMIN" . See API Docs. - "USER_ADMIN" is the Group Administrator.
- Target
App []stringLists - A list of app names (name represents set of app instances, like 'salesforce' or 'facebook'), or a combination of app
name and app instance ID (like 'facebook.0oapsqQ6dv19pqyEo0g3') you would like as the targets of the admin role. - Only
supported when used with the role type
APP_ADMIN
. - Target
Group []stringLists - A list of group IDs you would like as the targets of the admin role. - Only supported when used with the role types:
GROUP_MEMBERSHIP_ADMIN
,HELP_DESK_ADMIN
, orUSER_ADMIN
.
- disable
Notifications Boolean - When this setting is enabled, the admins won't receive any of the default Okta administrator emails. These admins also won't have access to contact Okta Support and open support cases on behalf of your org.
- group
Id String - ID of group to attach admin roles to
- resource
Set StringId - Resource Set ID. Required for role_type =
CUSTOM
- role
Id String - Role ID. Required for role_type =
CUSTOM
- role
Type String - Admin role assigned to the group. It can be any one of the following values: "API_ADMIN", "APP_ADMIN", "CUSTOM", "GROUP_MEMBERSHIP_ADMIN", "HELP_DESK_ADMIN", "MOBILE_ADMIN", "ORG_ADMIN", "READ_ONLY_ADMIN", "REPORT_ADMIN", "SUPER_ADMIN", "USER_ADMIN" . See API Docs. - "USER_ADMIN" is the Group Administrator.
- target
App List<String>Lists - A list of app names (name represents set of app instances, like 'salesforce' or 'facebook'), or a combination of app
name and app instance ID (like 'facebook.0oapsqQ6dv19pqyEo0g3') you would like as the targets of the admin role. - Only
supported when used with the role type
APP_ADMIN
. - target
Group List<String>Lists - A list of group IDs you would like as the targets of the admin role. - Only supported when used with the role types:
GROUP_MEMBERSHIP_ADMIN
,HELP_DESK_ADMIN
, orUSER_ADMIN
.
- disable
Notifications boolean - When this setting is enabled, the admins won't receive any of the default Okta administrator emails. These admins also won't have access to contact Okta Support and open support cases on behalf of your org.
- group
Id string - ID of group to attach admin roles to
- resource
Set stringId - Resource Set ID. Required for role_type =
CUSTOM
- role
Id string - Role ID. Required for role_type =
CUSTOM
- role
Type string - Admin role assigned to the group. It can be any one of the following values: "API_ADMIN", "APP_ADMIN", "CUSTOM", "GROUP_MEMBERSHIP_ADMIN", "HELP_DESK_ADMIN", "MOBILE_ADMIN", "ORG_ADMIN", "READ_ONLY_ADMIN", "REPORT_ADMIN", "SUPER_ADMIN", "USER_ADMIN" . See API Docs. - "USER_ADMIN" is the Group Administrator.
- target
App string[]Lists - A list of app names (name represents set of app instances, like 'salesforce' or 'facebook'), or a combination of app
name and app instance ID (like 'facebook.0oapsqQ6dv19pqyEo0g3') you would like as the targets of the admin role. - Only
supported when used with the role type
APP_ADMIN
. - target
Group string[]Lists - A list of group IDs you would like as the targets of the admin role. - Only supported when used with the role types:
GROUP_MEMBERSHIP_ADMIN
,HELP_DESK_ADMIN
, orUSER_ADMIN
.
- disable_
notifications bool - When this setting is enabled, the admins won't receive any of the default Okta administrator emails. These admins also won't have access to contact Okta Support and open support cases on behalf of your org.
- group_
id str - ID of group to attach admin roles to
- resource_
set_ strid - Resource Set ID. Required for role_type =
CUSTOM
- role_
id str - Role ID. Required for role_type =
CUSTOM
- role_
type str - Admin role assigned to the group. It can be any one of the following values: "API_ADMIN", "APP_ADMIN", "CUSTOM", "GROUP_MEMBERSHIP_ADMIN", "HELP_DESK_ADMIN", "MOBILE_ADMIN", "ORG_ADMIN", "READ_ONLY_ADMIN", "REPORT_ADMIN", "SUPER_ADMIN", "USER_ADMIN" . See API Docs. - "USER_ADMIN" is the Group Administrator.
- target_
app_ Sequence[str]lists - A list of app names (name represents set of app instances, like 'salesforce' or 'facebook'), or a combination of app
name and app instance ID (like 'facebook.0oapsqQ6dv19pqyEo0g3') you would like as the targets of the admin role. - Only
supported when used with the role type
APP_ADMIN
. - target_
group_ Sequence[str]lists - A list of group IDs you would like as the targets of the admin role. - Only supported when used with the role types:
GROUP_MEMBERSHIP_ADMIN
,HELP_DESK_ADMIN
, orUSER_ADMIN
.
- disable
Notifications Boolean - When this setting is enabled, the admins won't receive any of the default Okta administrator emails. These admins also won't have access to contact Okta Support and open support cases on behalf of your org.
- group
Id String - ID of group to attach admin roles to
- resource
Set StringId - Resource Set ID. Required for role_type =
CUSTOM
- role
Id String - Role ID. Required for role_type =
CUSTOM
- role
Type String - Admin role assigned to the group. It can be any one of the following values: "API_ADMIN", "APP_ADMIN", "CUSTOM", "GROUP_MEMBERSHIP_ADMIN", "HELP_DESK_ADMIN", "MOBILE_ADMIN", "ORG_ADMIN", "READ_ONLY_ADMIN", "REPORT_ADMIN", "SUPER_ADMIN", "USER_ADMIN" . See API Docs. - "USER_ADMIN" is the Group Administrator.
- target
App List<String>Lists - A list of app names (name represents set of app instances, like 'salesforce' or 'facebook'), or a combination of app
name and app instance ID (like 'facebook.0oapsqQ6dv19pqyEo0g3') you would like as the targets of the admin role. - Only
supported when used with the role type
APP_ADMIN
. - target
Group List<String>Lists - A list of group IDs you would like as the targets of the admin role. - Only supported when used with the role types:
GROUP_MEMBERSHIP_ADMIN
,HELP_DESK_ADMIN
, orUSER_ADMIN
.
Import
$ pulumi import okta:group/role:Role example <group_id>/<role_id>
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Okta pulumi/pulumi-okta
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
okta
Terraform Provider.