1. Packages
  2. Okta Provider
  3. API Docs
  4. group
  5. Role
Okta v4.11.3 published on Monday, Oct 21, 2024 by Pulumi

okta.group.Role

Explore with Pulumi AI

okta logo
Okta v4.11.3 published on Monday, Oct 21, 2024 by Pulumi

    Assigns Admin roles to Okta Groups. This resource allows you to assign Okta administrator roles to Okta Groups. This resource provides a one-to-one interface between the Okta group and the admin role.

    Create Role Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new Role(name: string, args: RoleArgs, opts?: CustomResourceOptions);
    @overload
    def Role(resource_name: str,
             args: RoleArgs,
             opts: Optional[ResourceOptions] = None)
    
    @overload
    def Role(resource_name: str,
             opts: Optional[ResourceOptions] = None,
             group_id: Optional[str] = None,
             role_type: Optional[str] = None,
             disable_notifications: Optional[bool] = None,
             resource_set_id: Optional[str] = None,
             role_id: Optional[str] = None,
             target_app_lists: Optional[Sequence[str]] = None,
             target_group_lists: Optional[Sequence[str]] = None)
    func NewRole(ctx *Context, name string, args RoleArgs, opts ...ResourceOption) (*Role, error)
    public Role(string name, RoleArgs args, CustomResourceOptions? opts = null)
    public Role(String name, RoleArgs args)
    public Role(String name, RoleArgs args, CustomResourceOptions options)
    
    type: okta:group:Role
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args RoleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args RoleArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args RoleArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args RoleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args RoleArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var roleResource = new Okta.Group.Role("roleResource", new()
    {
        GroupId = "string",
        RoleType = "string",
        DisableNotifications = false,
        ResourceSetId = "string",
        RoleId = "string",
        TargetAppLists = new[]
        {
            "string",
        },
        TargetGroupLists = new[]
        {
            "string",
        },
    });
    
    example, err := group.NewRole(ctx, "roleResource", &group.RoleArgs{
    	GroupId:              pulumi.String("string"),
    	RoleType:             pulumi.String("string"),
    	DisableNotifications: pulumi.Bool(false),
    	ResourceSetId:        pulumi.String("string"),
    	RoleId:               pulumi.String("string"),
    	TargetAppLists: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	TargetGroupLists: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    })
    
    var roleResource = new Role("roleResource", RoleArgs.builder()
        .groupId("string")
        .roleType("string")
        .disableNotifications(false)
        .resourceSetId("string")
        .roleId("string")
        .targetAppLists("string")
        .targetGroupLists("string")
        .build());
    
    role_resource = okta.group.Role("roleResource",
        group_id="string",
        role_type="string",
        disable_notifications=False,
        resource_set_id="string",
        role_id="string",
        target_app_lists=["string"],
        target_group_lists=["string"])
    
    const roleResource = new okta.group.Role("roleResource", {
        groupId: "string",
        roleType: "string",
        disableNotifications: false,
        resourceSetId: "string",
        roleId: "string",
        targetAppLists: ["string"],
        targetGroupLists: ["string"],
    });
    
    type: okta:group:Role
    properties:
        disableNotifications: false
        groupId: string
        resourceSetId: string
        roleId: string
        roleType: string
        targetAppLists:
            - string
        targetGroupLists:
            - string
    

    Role Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The Role resource accepts the following input properties:

    GroupId string
    ID of group to attach admin roles to
    RoleType string
    Admin role assigned to the group. It can be any one of the following values: "API_ADMIN", "APP_ADMIN", "CUSTOM", "GROUP_MEMBERSHIP_ADMIN", "HELP_DESK_ADMIN", "MOBILE_ADMIN", "ORG_ADMIN", "READ_ONLY_ADMIN", "REPORT_ADMIN", "SUPER_ADMIN", "USER_ADMIN" . See API Docs. - "USER_ADMIN" is the Group Administrator.
    DisableNotifications bool
    When this setting is enabled, the admins won't receive any of the default Okta administrator emails. These admins also won't have access to contact Okta Support and open support cases on behalf of your org.
    ResourceSetId string
    Resource Set ID. Required for role_type = CUSTOM
    RoleId string
    Role ID. Required for role_type = CUSTOM
    TargetAppLists List<string>
    A list of app names (name represents set of app instances, like 'salesforce' or 'facebook'), or a combination of app name and app instance ID (like 'facebook.0oapsqQ6dv19pqyEo0g3') you would like as the targets of the admin role. - Only supported when used with the role type APP_ADMIN.
    TargetGroupLists List<string>
    A list of group IDs you would like as the targets of the admin role. - Only supported when used with the role types: GROUP_MEMBERSHIP_ADMIN, HELP_DESK_ADMIN, or USER_ADMIN.
    GroupId string
    ID of group to attach admin roles to
    RoleType string
    Admin role assigned to the group. It can be any one of the following values: "API_ADMIN", "APP_ADMIN", "CUSTOM", "GROUP_MEMBERSHIP_ADMIN", "HELP_DESK_ADMIN", "MOBILE_ADMIN", "ORG_ADMIN", "READ_ONLY_ADMIN", "REPORT_ADMIN", "SUPER_ADMIN", "USER_ADMIN" . See API Docs. - "USER_ADMIN" is the Group Administrator.
    DisableNotifications bool
    When this setting is enabled, the admins won't receive any of the default Okta administrator emails. These admins also won't have access to contact Okta Support and open support cases on behalf of your org.
    ResourceSetId string
    Resource Set ID. Required for role_type = CUSTOM
    RoleId string
    Role ID. Required for role_type = CUSTOM
    TargetAppLists []string
    A list of app names (name represents set of app instances, like 'salesforce' or 'facebook'), or a combination of app name and app instance ID (like 'facebook.0oapsqQ6dv19pqyEo0g3') you would like as the targets of the admin role. - Only supported when used with the role type APP_ADMIN.
    TargetGroupLists []string
    A list of group IDs you would like as the targets of the admin role. - Only supported when used with the role types: GROUP_MEMBERSHIP_ADMIN, HELP_DESK_ADMIN, or USER_ADMIN.
    groupId String
    ID of group to attach admin roles to
    roleType String
    Admin role assigned to the group. It can be any one of the following values: "API_ADMIN", "APP_ADMIN", "CUSTOM", "GROUP_MEMBERSHIP_ADMIN", "HELP_DESK_ADMIN", "MOBILE_ADMIN", "ORG_ADMIN", "READ_ONLY_ADMIN", "REPORT_ADMIN", "SUPER_ADMIN", "USER_ADMIN" . See API Docs. - "USER_ADMIN" is the Group Administrator.
    disableNotifications Boolean
    When this setting is enabled, the admins won't receive any of the default Okta administrator emails. These admins also won't have access to contact Okta Support and open support cases on behalf of your org.
    resourceSetId String
    Resource Set ID. Required for role_type = CUSTOM
    roleId String
    Role ID. Required for role_type = CUSTOM
    targetAppLists List<String>
    A list of app names (name represents set of app instances, like 'salesforce' or 'facebook'), or a combination of app name and app instance ID (like 'facebook.0oapsqQ6dv19pqyEo0g3') you would like as the targets of the admin role. - Only supported when used with the role type APP_ADMIN.
    targetGroupLists List<String>
    A list of group IDs you would like as the targets of the admin role. - Only supported when used with the role types: GROUP_MEMBERSHIP_ADMIN, HELP_DESK_ADMIN, or USER_ADMIN.
    groupId string
    ID of group to attach admin roles to
    roleType string
    Admin role assigned to the group. It can be any one of the following values: "API_ADMIN", "APP_ADMIN", "CUSTOM", "GROUP_MEMBERSHIP_ADMIN", "HELP_DESK_ADMIN", "MOBILE_ADMIN", "ORG_ADMIN", "READ_ONLY_ADMIN", "REPORT_ADMIN", "SUPER_ADMIN", "USER_ADMIN" . See API Docs. - "USER_ADMIN" is the Group Administrator.
    disableNotifications boolean
    When this setting is enabled, the admins won't receive any of the default Okta administrator emails. These admins also won't have access to contact Okta Support and open support cases on behalf of your org.
    resourceSetId string
    Resource Set ID. Required for role_type = CUSTOM
    roleId string
    Role ID. Required for role_type = CUSTOM
    targetAppLists string[]
    A list of app names (name represents set of app instances, like 'salesforce' or 'facebook'), or a combination of app name and app instance ID (like 'facebook.0oapsqQ6dv19pqyEo0g3') you would like as the targets of the admin role. - Only supported when used with the role type APP_ADMIN.
    targetGroupLists string[]
    A list of group IDs you would like as the targets of the admin role. - Only supported when used with the role types: GROUP_MEMBERSHIP_ADMIN, HELP_DESK_ADMIN, or USER_ADMIN.
    group_id str
    ID of group to attach admin roles to
    role_type str
    Admin role assigned to the group. It can be any one of the following values: "API_ADMIN", "APP_ADMIN", "CUSTOM", "GROUP_MEMBERSHIP_ADMIN", "HELP_DESK_ADMIN", "MOBILE_ADMIN", "ORG_ADMIN", "READ_ONLY_ADMIN", "REPORT_ADMIN", "SUPER_ADMIN", "USER_ADMIN" . See API Docs. - "USER_ADMIN" is the Group Administrator.
    disable_notifications bool
    When this setting is enabled, the admins won't receive any of the default Okta administrator emails. These admins also won't have access to contact Okta Support and open support cases on behalf of your org.
    resource_set_id str
    Resource Set ID. Required for role_type = CUSTOM
    role_id str
    Role ID. Required for role_type = CUSTOM
    target_app_lists Sequence[str]
    A list of app names (name represents set of app instances, like 'salesforce' or 'facebook'), or a combination of app name and app instance ID (like 'facebook.0oapsqQ6dv19pqyEo0g3') you would like as the targets of the admin role. - Only supported when used with the role type APP_ADMIN.
    target_group_lists Sequence[str]
    A list of group IDs you would like as the targets of the admin role. - Only supported when used with the role types: GROUP_MEMBERSHIP_ADMIN, HELP_DESK_ADMIN, or USER_ADMIN.
    groupId String
    ID of group to attach admin roles to
    roleType String
    Admin role assigned to the group. It can be any one of the following values: "API_ADMIN", "APP_ADMIN", "CUSTOM", "GROUP_MEMBERSHIP_ADMIN", "HELP_DESK_ADMIN", "MOBILE_ADMIN", "ORG_ADMIN", "READ_ONLY_ADMIN", "REPORT_ADMIN", "SUPER_ADMIN", "USER_ADMIN" . See API Docs. - "USER_ADMIN" is the Group Administrator.
    disableNotifications Boolean
    When this setting is enabled, the admins won't receive any of the default Okta administrator emails. These admins also won't have access to contact Okta Support and open support cases on behalf of your org.
    resourceSetId String
    Resource Set ID. Required for role_type = CUSTOM
    roleId String
    Role ID. Required for role_type = CUSTOM
    targetAppLists List<String>
    A list of app names (name represents set of app instances, like 'salesforce' or 'facebook'), or a combination of app name and app instance ID (like 'facebook.0oapsqQ6dv19pqyEo0g3') you would like as the targets of the admin role. - Only supported when used with the role type APP_ADMIN.
    targetGroupLists List<String>
    A list of group IDs you would like as the targets of the admin role. - Only supported when used with the role types: GROUP_MEMBERSHIP_ADMIN, HELP_DESK_ADMIN, or USER_ADMIN.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Role resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing Role Resource

    Get an existing Role resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: RoleState, opts?: CustomResourceOptions): Role
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            disable_notifications: Optional[bool] = None,
            group_id: Optional[str] = None,
            resource_set_id: Optional[str] = None,
            role_id: Optional[str] = None,
            role_type: Optional[str] = None,
            target_app_lists: Optional[Sequence[str]] = None,
            target_group_lists: Optional[Sequence[str]] = None) -> Role
    func GetRole(ctx *Context, name string, id IDInput, state *RoleState, opts ...ResourceOption) (*Role, error)
    public static Role Get(string name, Input<string> id, RoleState? state, CustomResourceOptions? opts = null)
    public static Role get(String name, Output<String> id, RoleState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    DisableNotifications bool
    When this setting is enabled, the admins won't receive any of the default Okta administrator emails. These admins also won't have access to contact Okta Support and open support cases on behalf of your org.
    GroupId string
    ID of group to attach admin roles to
    ResourceSetId string
    Resource Set ID. Required for role_type = CUSTOM
    RoleId string
    Role ID. Required for role_type = CUSTOM
    RoleType string
    Admin role assigned to the group. It can be any one of the following values: "API_ADMIN", "APP_ADMIN", "CUSTOM", "GROUP_MEMBERSHIP_ADMIN", "HELP_DESK_ADMIN", "MOBILE_ADMIN", "ORG_ADMIN", "READ_ONLY_ADMIN", "REPORT_ADMIN", "SUPER_ADMIN", "USER_ADMIN" . See API Docs. - "USER_ADMIN" is the Group Administrator.
    TargetAppLists List<string>
    A list of app names (name represents set of app instances, like 'salesforce' or 'facebook'), or a combination of app name and app instance ID (like 'facebook.0oapsqQ6dv19pqyEo0g3') you would like as the targets of the admin role. - Only supported when used with the role type APP_ADMIN.
    TargetGroupLists List<string>
    A list of group IDs you would like as the targets of the admin role. - Only supported when used with the role types: GROUP_MEMBERSHIP_ADMIN, HELP_DESK_ADMIN, or USER_ADMIN.
    DisableNotifications bool
    When this setting is enabled, the admins won't receive any of the default Okta administrator emails. These admins also won't have access to contact Okta Support and open support cases on behalf of your org.
    GroupId string
    ID of group to attach admin roles to
    ResourceSetId string
    Resource Set ID. Required for role_type = CUSTOM
    RoleId string
    Role ID. Required for role_type = CUSTOM
    RoleType string
    Admin role assigned to the group. It can be any one of the following values: "API_ADMIN", "APP_ADMIN", "CUSTOM", "GROUP_MEMBERSHIP_ADMIN", "HELP_DESK_ADMIN", "MOBILE_ADMIN", "ORG_ADMIN", "READ_ONLY_ADMIN", "REPORT_ADMIN", "SUPER_ADMIN", "USER_ADMIN" . See API Docs. - "USER_ADMIN" is the Group Administrator.
    TargetAppLists []string
    A list of app names (name represents set of app instances, like 'salesforce' or 'facebook'), or a combination of app name and app instance ID (like 'facebook.0oapsqQ6dv19pqyEo0g3') you would like as the targets of the admin role. - Only supported when used with the role type APP_ADMIN.
    TargetGroupLists []string
    A list of group IDs you would like as the targets of the admin role. - Only supported when used with the role types: GROUP_MEMBERSHIP_ADMIN, HELP_DESK_ADMIN, or USER_ADMIN.
    disableNotifications Boolean
    When this setting is enabled, the admins won't receive any of the default Okta administrator emails. These admins also won't have access to contact Okta Support and open support cases on behalf of your org.
    groupId String
    ID of group to attach admin roles to
    resourceSetId String
    Resource Set ID. Required for role_type = CUSTOM
    roleId String
    Role ID. Required for role_type = CUSTOM
    roleType String
    Admin role assigned to the group. It can be any one of the following values: "API_ADMIN", "APP_ADMIN", "CUSTOM", "GROUP_MEMBERSHIP_ADMIN", "HELP_DESK_ADMIN", "MOBILE_ADMIN", "ORG_ADMIN", "READ_ONLY_ADMIN", "REPORT_ADMIN", "SUPER_ADMIN", "USER_ADMIN" . See API Docs. - "USER_ADMIN" is the Group Administrator.
    targetAppLists List<String>
    A list of app names (name represents set of app instances, like 'salesforce' or 'facebook'), or a combination of app name and app instance ID (like 'facebook.0oapsqQ6dv19pqyEo0g3') you would like as the targets of the admin role. - Only supported when used with the role type APP_ADMIN.
    targetGroupLists List<String>
    A list of group IDs you would like as the targets of the admin role. - Only supported when used with the role types: GROUP_MEMBERSHIP_ADMIN, HELP_DESK_ADMIN, or USER_ADMIN.
    disableNotifications boolean
    When this setting is enabled, the admins won't receive any of the default Okta administrator emails. These admins also won't have access to contact Okta Support and open support cases on behalf of your org.
    groupId string
    ID of group to attach admin roles to
    resourceSetId string
    Resource Set ID. Required for role_type = CUSTOM
    roleId string
    Role ID. Required for role_type = CUSTOM
    roleType string
    Admin role assigned to the group. It can be any one of the following values: "API_ADMIN", "APP_ADMIN", "CUSTOM", "GROUP_MEMBERSHIP_ADMIN", "HELP_DESK_ADMIN", "MOBILE_ADMIN", "ORG_ADMIN", "READ_ONLY_ADMIN", "REPORT_ADMIN", "SUPER_ADMIN", "USER_ADMIN" . See API Docs. - "USER_ADMIN" is the Group Administrator.
    targetAppLists string[]
    A list of app names (name represents set of app instances, like 'salesforce' or 'facebook'), or a combination of app name and app instance ID (like 'facebook.0oapsqQ6dv19pqyEo0g3') you would like as the targets of the admin role. - Only supported when used with the role type APP_ADMIN.
    targetGroupLists string[]
    A list of group IDs you would like as the targets of the admin role. - Only supported when used with the role types: GROUP_MEMBERSHIP_ADMIN, HELP_DESK_ADMIN, or USER_ADMIN.
    disable_notifications bool
    When this setting is enabled, the admins won't receive any of the default Okta administrator emails. These admins also won't have access to contact Okta Support and open support cases on behalf of your org.
    group_id str
    ID of group to attach admin roles to
    resource_set_id str
    Resource Set ID. Required for role_type = CUSTOM
    role_id str
    Role ID. Required for role_type = CUSTOM
    role_type str
    Admin role assigned to the group. It can be any one of the following values: "API_ADMIN", "APP_ADMIN", "CUSTOM", "GROUP_MEMBERSHIP_ADMIN", "HELP_DESK_ADMIN", "MOBILE_ADMIN", "ORG_ADMIN", "READ_ONLY_ADMIN", "REPORT_ADMIN", "SUPER_ADMIN", "USER_ADMIN" . See API Docs. - "USER_ADMIN" is the Group Administrator.
    target_app_lists Sequence[str]
    A list of app names (name represents set of app instances, like 'salesforce' or 'facebook'), or a combination of app name and app instance ID (like 'facebook.0oapsqQ6dv19pqyEo0g3') you would like as the targets of the admin role. - Only supported when used with the role type APP_ADMIN.
    target_group_lists Sequence[str]
    A list of group IDs you would like as the targets of the admin role. - Only supported when used with the role types: GROUP_MEMBERSHIP_ADMIN, HELP_DESK_ADMIN, or USER_ADMIN.
    disableNotifications Boolean
    When this setting is enabled, the admins won't receive any of the default Okta administrator emails. These admins also won't have access to contact Okta Support and open support cases on behalf of your org.
    groupId String
    ID of group to attach admin roles to
    resourceSetId String
    Resource Set ID. Required for role_type = CUSTOM
    roleId String
    Role ID. Required for role_type = CUSTOM
    roleType String
    Admin role assigned to the group. It can be any one of the following values: "API_ADMIN", "APP_ADMIN", "CUSTOM", "GROUP_MEMBERSHIP_ADMIN", "HELP_DESK_ADMIN", "MOBILE_ADMIN", "ORG_ADMIN", "READ_ONLY_ADMIN", "REPORT_ADMIN", "SUPER_ADMIN", "USER_ADMIN" . See API Docs. - "USER_ADMIN" is the Group Administrator.
    targetAppLists List<String>
    A list of app names (name represents set of app instances, like 'salesforce' or 'facebook'), or a combination of app name and app instance ID (like 'facebook.0oapsqQ6dv19pqyEo0g3') you would like as the targets of the admin role. - Only supported when used with the role type APP_ADMIN.
    targetGroupLists List<String>
    A list of group IDs you would like as the targets of the admin role. - Only supported when used with the role types: GROUP_MEMBERSHIP_ADMIN, HELP_DESK_ADMIN, or USER_ADMIN.

    Import

    $ pulumi import okta:group/role:Role example <group_id>/<role_id>
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Okta pulumi/pulumi-okta
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the okta Terraform Provider.
    okta logo
    Okta v4.11.3 published on Monday, Oct 21, 2024 by Pulumi