Okta v4.15.0, Mar 7 25

Okta v4.15.0 published on Friday, Mar 7, 2025 by Pulumi

okta.app.Saml

Explore with Pulumi AI

Okta v4.15.0 published on Friday, Mar 7, 2025 by Pulumi

Create Saml Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new Saml(name: string, args: SamlArgs, opts?: CustomResourceOptions);

@overload
def Saml(resource_name: str,
         args: SamlArgs,
         opts: Optional[ResourceOptions] = None)

@overload
def Saml(resource_name: str,
         opts: Optional[ResourceOptions] = None,
         label: Optional[str] = None,
         inline_hook_id: Optional[str] = None,
         user_name_template_suffix: Optional[str] = None,
         acs_endpoints: Optional[Sequence[str]] = None,
         key_name: Optional[str] = None,
         app_links_json: Optional[str] = None,
         app_settings_json: Optional[str] = None,
         assertion_signed: Optional[bool] = None,
         attribute_statements: Optional[Sequence[SamlAttributeStatementArgs]] = None,
         audience: Optional[str] = None,
         authentication_policy: Optional[str] = None,
         authn_context_class_ref: Optional[str] = None,
         auto_submit_toolbar: Optional[bool] = None,
         default_relay_state: Optional[str] = None,
         destination: Optional[str] = None,
         digest_algorithm: Optional[str] = None,
         enduser_note: Optional[str] = None,
         hide_ios: Optional[bool] = None,
         accessibility_login_redirect_url: Optional[str] = None,
         honor_force_authn: Optional[bool] = None,
         idp_issuer: Optional[str] = None,
         implicit_assignment: Optional[bool] = None,
         accessibility_error_redirect_url: Optional[str] = None,
         admin_note: Optional[str] = None,
         accessibility_self_service: Optional[bool] = None,
         hide_web: Optional[bool] = None,
         logo: Optional[str] = None,
         preconfigured_app: Optional[str] = None,
         recipient: Optional[str] = None,
         request_compressed: Optional[bool] = None,
         response_signed: Optional[bool] = None,
         saml_signed_request_enabled: Optional[bool] = None,
         saml_version: Optional[str] = None,
         signature_algorithm: Optional[str] = None,
         single_logout_certificate: Optional[str] = None,
         single_logout_issuer: Optional[str] = None,
         single_logout_url: Optional[str] = None,
         sp_issuer: Optional[str] = None,
         sso_url: Optional[str] = None,
         status: Optional[str] = None,
         subject_name_id_format: Optional[str] = None,
         subject_name_id_template: Optional[str] = None,
         user_name_template: Optional[str] = None,
         user_name_template_push_status: Optional[str] = None,
         key_years_valid: Optional[int] = None,
         user_name_template_type: Optional[str] = None)

func NewSaml(ctx *Context, name string, args SamlArgs, opts ...ResourceOption) (*Saml, error)

public Saml(string name, SamlArgs args, CustomResourceOptions? opts = null)

public Saml(String name, SamlArgs args)
public Saml(String name, SamlArgs args, CustomResourceOptions options)

type: okta:app:Saml
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args SamlArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args SamlArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args SamlArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args SamlArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args SamlArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var samlResource = new Okta.App.Saml("samlResource", new()
{
    Label = "string",
    InlineHookId = "string",
    UserNameTemplateSuffix = "string",
    AcsEndpoints = new[]
    {
        "string",
    },
    KeyName = "string",
    AppLinksJson = "string",
    AppSettingsJson = "string",
    AssertionSigned = false,
    AttributeStatements = new[]
    {
        new Okta.App.Inputs.SamlAttributeStatementArgs
        {
            Name = "string",
            FilterType = "string",
            FilterValue = "string",
            Namespace = "string",
            Type = "string",
            Values = new[]
            {
                "string",
            },
        },
    },
    Audience = "string",
    AuthenticationPolicy = "string",
    AuthnContextClassRef = "string",
    AutoSubmitToolbar = false,
    DefaultRelayState = "string",
    Destination = "string",
    DigestAlgorithm = "string",
    EnduserNote = "string",
    HideIos = false,
    AccessibilityLoginRedirectUrl = "string",
    HonorForceAuthn = false,
    IdpIssuer = "string",
    ImplicitAssignment = false,
    AccessibilityErrorRedirectUrl = "string",
    AdminNote = "string",
    AccessibilitySelfService = false,
    HideWeb = false,
    Logo = "string",
    PreconfiguredApp = "string",
    Recipient = "string",
    RequestCompressed = false,
    ResponseSigned = false,
    SamlSignedRequestEnabled = false,
    SamlVersion = "string",
    SignatureAlgorithm = "string",
    SingleLogoutCertificate = "string",
    SingleLogoutIssuer = "string",
    SingleLogoutUrl = "string",
    SpIssuer = "string",
    SsoUrl = "string",
    Status = "string",
    SubjectNameIdFormat = "string",
    SubjectNameIdTemplate = "string",
    UserNameTemplate = "string",
    UserNameTemplatePushStatus = "string",
    KeyYearsValid = 0,
    UserNameTemplateType = "string",
});

example, err := app.NewSaml(ctx, "samlResource", &app.SamlArgs{
	Label:                  pulumi.String("string"),
	InlineHookId:           pulumi.String("string"),
	UserNameTemplateSuffix: pulumi.String("string"),
	AcsEndpoints: pulumi.StringArray{
		pulumi.String("string"),
	},
	KeyName:         pulumi.String("string"),
	AppLinksJson:    pulumi.String("string"),
	AppSettingsJson: pulumi.String("string"),
	AssertionSigned: pulumi.Bool(false),
	AttributeStatements: app.SamlAttributeStatementArray{
		&app.SamlAttributeStatementArgs{
			Name:        pulumi.String("string"),
			FilterType:  pulumi.String("string"),
			FilterValue: pulumi.String("string"),
			Namespace:   pulumi.String("string"),
			Type:        pulumi.String("string"),
			Values: pulumi.StringArray{
				pulumi.String("string"),
			},
		},
	},
	Audience:                      pulumi.String("string"),
	AuthenticationPolicy:          pulumi.String("string"),
	AuthnContextClassRef:          pulumi.String("string"),
	AutoSubmitToolbar:             pulumi.Bool(false),
	DefaultRelayState:             pulumi.String("string"),
	Destination:                   pulumi.String("string"),
	DigestAlgorithm:               pulumi.String("string"),
	EnduserNote:                   pulumi.String("string"),
	HideIos:                       pulumi.Bool(false),
	AccessibilityLoginRedirectUrl: pulumi.String("string"),
	HonorForceAuthn:               pulumi.Bool(false),
	IdpIssuer:                     pulumi.String("string"),
	ImplicitAssignment:            pulumi.Bool(false),
	AccessibilityErrorRedirectUrl: pulumi.String("string"),
	AdminNote:                     pulumi.String("string"),
	AccessibilitySelfService:      pulumi.Bool(false),
	HideWeb:                       pulumi.Bool(false),
	Logo:                          pulumi.String("string"),
	PreconfiguredApp:              pulumi.String("string"),
	Recipient:                     pulumi.String("string"),
	RequestCompressed:             pulumi.Bool(false),
	ResponseSigned:                pulumi.Bool(false),
	SamlSignedRequestEnabled:      pulumi.Bool(false),
	SamlVersion:                   pulumi.String("string"),
	SignatureAlgorithm:            pulumi.String("string"),
	SingleLogoutCertificate:       pulumi.String("string"),
	SingleLogoutIssuer:            pulumi.String("string"),
	SingleLogoutUrl:               pulumi.String("string"),
	SpIssuer:                      pulumi.String("string"),
	SsoUrl:                        pulumi.String("string"),
	Status:                        pulumi.String("string"),
	SubjectNameIdFormat:           pulumi.String("string"),
	SubjectNameIdTemplate:         pulumi.String("string"),
	UserNameTemplate:              pulumi.String("string"),
	UserNameTemplatePushStatus:    pulumi.String("string"),
	KeyYearsValid:                 pulumi.Int(0),
	UserNameTemplateType:          pulumi.String("string"),
})

var samlResource = new Saml("samlResource", SamlArgs.builder()
    .label("string")
    .inlineHookId("string")
    .userNameTemplateSuffix("string")
    .acsEndpoints("string")
    .keyName("string")
    .appLinksJson("string")
    .appSettingsJson("string")
    .assertionSigned(false)
    .attributeStatements(SamlAttributeStatementArgs.builder()
        .name("string")
        .filterType("string")
        .filterValue("string")
        .namespace("string")
        .type("string")
        .values("string")
        .build())
    .audience("string")
    .authenticationPolicy("string")
    .authnContextClassRef("string")
    .autoSubmitToolbar(false)
    .defaultRelayState("string")
    .destination("string")
    .digestAlgorithm("string")
    .enduserNote("string")
    .hideIos(false)
    .accessibilityLoginRedirectUrl("string")
    .honorForceAuthn(false)
    .idpIssuer("string")
    .implicitAssignment(false)
    .accessibilityErrorRedirectUrl("string")
    .adminNote("string")
    .accessibilitySelfService(false)
    .hideWeb(false)
    .logo("string")
    .preconfiguredApp("string")
    .recipient("string")
    .requestCompressed(false)
    .responseSigned(false)
    .samlSignedRequestEnabled(false)
    .samlVersion("string")
    .signatureAlgorithm("string")
    .singleLogoutCertificate("string")
    .singleLogoutIssuer("string")
    .singleLogoutUrl("string")
    .spIssuer("string")
    .ssoUrl("string")
    .status("string")
    .subjectNameIdFormat("string")
    .subjectNameIdTemplate("string")
    .userNameTemplate("string")
    .userNameTemplatePushStatus("string")
    .keyYearsValid(0)
    .userNameTemplateType("string")
    .build());

saml_resource = okta.app.Saml("samlResource",
    label="string",
    inline_hook_id="string",
    user_name_template_suffix="string",
    acs_endpoints=["string"],
    key_name="string",
    app_links_json="string",
    app_settings_json="string",
    assertion_signed=False,
    attribute_statements=[{
        "name": "string",
        "filter_type": "string",
        "filter_value": "string",
        "namespace": "string",
        "type": "string",
        "values": ["string"],
    }],
    audience="string",
    authentication_policy="string",
    authn_context_class_ref="string",
    auto_submit_toolbar=False,
    default_relay_state="string",
    destination="string",
    digest_algorithm="string",
    enduser_note="string",
    hide_ios=False,
    accessibility_login_redirect_url="string",
    honor_force_authn=False,
    idp_issuer="string",
    implicit_assignment=False,
    accessibility_error_redirect_url="string",
    admin_note="string",
    accessibility_self_service=False,
    hide_web=False,
    logo="string",
    preconfigured_app="string",
    recipient="string",
    request_compressed=False,
    response_signed=False,
    saml_signed_request_enabled=False,
    saml_version="string",
    signature_algorithm="string",
    single_logout_certificate="string",
    single_logout_issuer="string",
    single_logout_url="string",
    sp_issuer="string",
    sso_url="string",
    status="string",
    subject_name_id_format="string",
    subject_name_id_template="string",
    user_name_template="string",
    user_name_template_push_status="string",
    key_years_valid=0,
    user_name_template_type="string")

const samlResource = new okta.app.Saml("samlResource", {
    label: "string",
    inlineHookId: "string",
    userNameTemplateSuffix: "string",
    acsEndpoints: ["string"],
    keyName: "string",
    appLinksJson: "string",
    appSettingsJson: "string",
    assertionSigned: false,
    attributeStatements: [{
        name: "string",
        filterType: "string",
        filterValue: "string",
        namespace: "string",
        type: "string",
        values: ["string"],
    }],
    audience: "string",
    authenticationPolicy: "string",
    authnContextClassRef: "string",
    autoSubmitToolbar: false,
    defaultRelayState: "string",
    destination: "string",
    digestAlgorithm: "string",
    enduserNote: "string",
    hideIos: false,
    accessibilityLoginRedirectUrl: "string",
    honorForceAuthn: false,
    idpIssuer: "string",
    implicitAssignment: false,
    accessibilityErrorRedirectUrl: "string",
    adminNote: "string",
    accessibilitySelfService: false,
    hideWeb: false,
    logo: "string",
    preconfiguredApp: "string",
    recipient: "string",
    requestCompressed: false,
    responseSigned: false,
    samlSignedRequestEnabled: false,
    samlVersion: "string",
    signatureAlgorithm: "string",
    singleLogoutCertificate: "string",
    singleLogoutIssuer: "string",
    singleLogoutUrl: "string",
    spIssuer: "string",
    ssoUrl: "string",
    status: "string",
    subjectNameIdFormat: "string",
    subjectNameIdTemplate: "string",
    userNameTemplate: "string",
    userNameTemplatePushStatus: "string",
    keyYearsValid: 0,
    userNameTemplateType: "string",
});

type: okta:app:Saml
properties:
    accessibilityErrorRedirectUrl: string
    accessibilityLoginRedirectUrl: string
    accessibilitySelfService: false
    acsEndpoints:
        - string
    adminNote: string
    appLinksJson: string
    appSettingsJson: string
    assertionSigned: false
    attributeStatements:
        - filterType: string
          filterValue: string
          name: string
          namespace: string
          type: string
          values:
            - string
    audience: string
    authenticationPolicy: string
    authnContextClassRef: string
    autoSubmitToolbar: false
    defaultRelayState: string
    destination: string
    digestAlgorithm: string
    enduserNote: string
    hideIos: false
    hideWeb: false
    honorForceAuthn: false
    idpIssuer: string
    implicitAssignment: false
    inlineHookId: string
    keyName: string
    keyYearsValid: 0
    label: string
    logo: string
    preconfiguredApp: string
    recipient: string
    requestCompressed: false
    responseSigned: false
    samlSignedRequestEnabled: false
    samlVersion: string
    signatureAlgorithm: string
    singleLogoutCertificate: string
    singleLogoutIssuer: string
    singleLogoutUrl: string
    spIssuer: string
    ssoUrl: string
    status: string
    subjectNameIdFormat: string
    subjectNameIdTemplate: string
    userNameTemplate: string
    userNameTemplatePushStatus: string
    userNameTemplateSuffix: string
    userNameTemplateType: string

Saml Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The Saml resource accepts the following input properties:

Label string: The Application's display name.
AccessibilityErrorRedirectUrl string: Custom error page URL
AccessibilityLoginRedirectUrl string: Custom login page URL
AccessibilitySelfService bool: Enable self service. Default is false
AcsEndpoints List<string>: An array of ACS endpoints. You can configure a maximum of 100 endpoints.
AdminNote string: Application notes for admins.
AppLinksJson string: Displays specific appLinks for the app. The value for each application link should be boolean.
AppSettingsJson string: Application settings in JSON format
AssertionSigned bool: Determines whether the SAML assertion is digitally signed
AttributeStatements List<SamlAttributeStatement>
Audience string: Audience Restriction
AuthenticationPolicy string: The ID of the associated app_signon_policy. If this property is removed from the application the default sign-on-policy will be associated with this application.y
AuthnContextClassRef string: Identifies the SAML authentication context class for the assertion’s authentication statement
AutoSubmitToolbar bool: Display auto submit toolbar. Default is: false
DefaultRelayState string: Identifies a specific application resource in an IDP initiated SSO scenario.
Destination string: Identifies the location where the SAML response is intended to be sent inside of the SAML assertion
DigestAlgorithm string: Determines the digest algorithm used to digitally sign the SAML assertion and response
EnduserNote string: Application notes for end users.
HideIos bool: Do not display application icon on mobile app
HideWeb bool: Do not display application icon to users
HonorForceAuthn bool: Prompt user to re-authenticate if SP asks for it. Default is: false
IdpIssuer string: SAML issuer ID
ImplicitAssignment bool: Early Access Property. Enable Federation Broker Mode.
InlineHookId string: Saml Inline Hook setting
KeyName string: Certificate name. This modulates the rotation of keys. New name == new key. Required to be set with key_years_valid
KeyYearsValid int: Number of years the certificate is valid (2 - 10 years).
Logo string: Local file path to the logo. The file must be in PNG, JPG, or GIF format, and less than 1 MB in size.
PreconfiguredApp string: Name of application from the Okta Integration Network. For instance 'slack'. If not included a custom app will be created. If not provided the following arguments are required: 'ssourl' 'recipient' 'destination' 'audience' 'subjectnameidtemplate' 'subjectnameidformat' 'signaturealgorithm' 'digestalgorithm' 'authncontextclassref'
Recipient string: The location where the app may present the SAML assertion
RequestCompressed bool: Denotes whether the request is compressed or not.
ResponseSigned bool: Determines whether the SAML auth response message is digitally signed
SamlSignedRequestEnabled bool: SAML Signed Request enabled
SamlVersion string: SAML version for the app's sign-on mode. Valid values are: 2.0 or 1.1. Default is 2.0
SignatureAlgorithm string: Signature algorithm used to digitally sign the assertion and response
SingleLogoutCertificate string: x509 encoded certificate that the Service Provider uses to sign Single Logout requests. Note: should be provided without -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----, see official documentation.
SingleLogoutIssuer string: The issuer of the Service Provider that generates the Single Logout request
SingleLogoutUrl string: The location where the logout response is sent
SpIssuer string: SAML SP issuer ID
SsoUrl string: Single Sign On URL
Status string: Status of application. By default, it is ACTIVE
SubjectNameIdFormat string: Identifies the SAML processing rules.
SubjectNameIdTemplate string: Template for app user's username when a user is assigned to the app
UserNameTemplate string: Username template. Default: ${source.login}
UserNameTemplatePushStatus string: Push username on update. Valid values: PUSH and DONT_PUSH
UserNameTemplateSuffix string: Username template suffix
UserNameTemplateType string: Username template type. Default: BUILT_IN

Label string: The Application's display name.
AccessibilityErrorRedirectUrl string: Custom error page URL
AccessibilityLoginRedirectUrl string: Custom login page URL
AccessibilitySelfService bool: Enable self service. Default is false
AcsEndpoints []string: An array of ACS endpoints. You can configure a maximum of 100 endpoints.
AdminNote string: Application notes for admins.
AppLinksJson string: Displays specific appLinks for the app. The value for each application link should be boolean.
AppSettingsJson string: Application settings in JSON format
AssertionSigned bool: Determines whether the SAML assertion is digitally signed
AttributeStatements []SamlAttributeStatementArgs
Audience string: Audience Restriction
AuthenticationPolicy string: The ID of the associated app_signon_policy. If this property is removed from the application the default sign-on-policy will be associated with this application.y
AuthnContextClassRef string: Identifies the SAML authentication context class for the assertion’s authentication statement
AutoSubmitToolbar bool: Display auto submit toolbar. Default is: false
DefaultRelayState string: Identifies a specific application resource in an IDP initiated SSO scenario.
Destination string: Identifies the location where the SAML response is intended to be sent inside of the SAML assertion
DigestAlgorithm string: Determines the digest algorithm used to digitally sign the SAML assertion and response
EnduserNote string: Application notes for end users.
HideIos bool: Do not display application icon on mobile app
HideWeb bool: Do not display application icon to users
HonorForceAuthn bool: Prompt user to re-authenticate if SP asks for it. Default is: false
IdpIssuer string: SAML issuer ID
ImplicitAssignment bool: Early Access Property. Enable Federation Broker Mode.
InlineHookId string: Saml Inline Hook setting
KeyName string: Certificate name. This modulates the rotation of keys. New name == new key. Required to be set with key_years_valid
KeyYearsValid int: Number of years the certificate is valid (2 - 10 years).
Logo string: Local file path to the logo. The file must be in PNG, JPG, or GIF format, and less than 1 MB in size.
PreconfiguredApp string: Name of application from the Okta Integration Network. For instance 'slack'. If not included a custom app will be created. If not provided the following arguments are required: 'ssourl' 'recipient' 'destination' 'audience' 'subjectnameidtemplate' 'subjectnameidformat' 'signaturealgorithm' 'digestalgorithm' 'authncontextclassref'
Recipient string: The location where the app may present the SAML assertion
RequestCompressed bool: Denotes whether the request is compressed or not.
ResponseSigned bool: Determines whether the SAML auth response message is digitally signed
SamlSignedRequestEnabled bool: SAML Signed Request enabled
SamlVersion string: SAML version for the app's sign-on mode. Valid values are: 2.0 or 1.1. Default is 2.0
SignatureAlgorithm string: Signature algorithm used to digitally sign the assertion and response
SingleLogoutCertificate string: x509 encoded certificate that the Service Provider uses to sign Single Logout requests. Note: should be provided without -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----, see official documentation.
SingleLogoutIssuer string: The issuer of the Service Provider that generates the Single Logout request
SingleLogoutUrl string: The location where the logout response is sent
SpIssuer string: SAML SP issuer ID
SsoUrl string: Single Sign On URL
Status string: Status of application. By default, it is ACTIVE
SubjectNameIdFormat string: Identifies the SAML processing rules.
SubjectNameIdTemplate string: Template for app user's username when a user is assigned to the app
UserNameTemplate string: Username template. Default: ${source.login}
UserNameTemplatePushStatus string: Push username on update. Valid values: PUSH and DONT_PUSH
UserNameTemplateSuffix string: Username template suffix
UserNameTemplateType string: Username template type. Default: BUILT_IN

label String: The Application's display name.
accessibilityErrorRedirectUrl String: Custom error page URL
accessibilityLoginRedirectUrl String: Custom login page URL
accessibilitySelfService Boolean: Enable self service. Default is false
acsEndpoints List<String>: An array of ACS endpoints. You can configure a maximum of 100 endpoints.
adminNote String: Application notes for admins.
appLinksJson String: Displays specific appLinks for the app. The value for each application link should be boolean.
appSettingsJson String: Application settings in JSON format
assertionSigned Boolean: Determines whether the SAML assertion is digitally signed
attributeStatements List<SamlAttributeStatement>
audience String: Audience Restriction
authenticationPolicy String: The ID of the associated app_signon_policy. If this property is removed from the application the default sign-on-policy will be associated with this application.y
authnContextClassRef String: Identifies the SAML authentication context class for the assertion’s authentication statement
autoSubmitToolbar Boolean: Display auto submit toolbar. Default is: false
defaultRelayState String: Identifies a specific application resource in an IDP initiated SSO scenario.
destination String: Identifies the location where the SAML response is intended to be sent inside of the SAML assertion
digestAlgorithm String: Determines the digest algorithm used to digitally sign the SAML assertion and response
enduserNote String: Application notes for end users.
hideIos Boolean: Do not display application icon on mobile app
hideWeb Boolean: Do not display application icon to users
honorForceAuthn Boolean: Prompt user to re-authenticate if SP asks for it. Default is: false
idpIssuer String: SAML issuer ID
implicitAssignment Boolean: Early Access Property. Enable Federation Broker Mode.
inlineHookId String: Saml Inline Hook setting
keyName String: Certificate name. This modulates the rotation of keys. New name == new key. Required to be set with key_years_valid
keyYearsValid Integer: Number of years the certificate is valid (2 - 10 years).
logo String: Local file path to the logo. The file must be in PNG, JPG, or GIF format, and less than 1 MB in size.
preconfiguredApp String: Name of application from the Okta Integration Network. For instance 'slack'. If not included a custom app will be created. If not provided the following arguments are required: 'ssourl' 'recipient' 'destination' 'audience' 'subjectnameidtemplate' 'subjectnameidformat' 'signaturealgorithm' 'digestalgorithm' 'authncontextclassref'
recipient String: The location where the app may present the SAML assertion
requestCompressed Boolean: Denotes whether the request is compressed or not.
responseSigned Boolean: Determines whether the SAML auth response message is digitally signed
samlSignedRequestEnabled Boolean: SAML Signed Request enabled
samlVersion String: SAML version for the app's sign-on mode. Valid values are: 2.0 or 1.1. Default is 2.0
signatureAlgorithm String: Signature algorithm used to digitally sign the assertion and response
singleLogoutCertificate String: x509 encoded certificate that the Service Provider uses to sign Single Logout requests. Note: should be provided without -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----, see official documentation.
singleLogoutIssuer String: The issuer of the Service Provider that generates the Single Logout request
singleLogoutUrl String: The location where the logout response is sent
spIssuer String: SAML SP issuer ID
ssoUrl String: Single Sign On URL
status String: Status of application. By default, it is ACTIVE
subjectNameIdFormat String: Identifies the SAML processing rules.
subjectNameIdTemplate String: Template for app user's username when a user is assigned to the app
userNameTemplate String: Username template. Default: ${source.login}
userNameTemplatePushStatus String: Push username on update. Valid values: PUSH and DONT_PUSH
userNameTemplateSuffix String: Username template suffix
userNameTemplateType String: Username template type. Default: BUILT_IN

label string: The Application's display name.
accessibilityErrorRedirectUrl string: Custom error page URL
accessibilityLoginRedirectUrl string: Custom login page URL
accessibilitySelfService boolean: Enable self service. Default is false
acsEndpoints string[]: An array of ACS endpoints. You can configure a maximum of 100 endpoints.
adminNote string: Application notes for admins.
appLinksJson string: Displays specific appLinks for the app. The value for each application link should be boolean.
appSettingsJson string: Application settings in JSON format
assertionSigned boolean: Determines whether the SAML assertion is digitally signed
attributeStatements SamlAttributeStatement[]
audience string: Audience Restriction
authenticationPolicy string: The ID of the associated app_signon_policy. If this property is removed from the application the default sign-on-policy will be associated with this application.y
authnContextClassRef string: Identifies the SAML authentication context class for the assertion’s authentication statement
autoSubmitToolbar boolean: Display auto submit toolbar. Default is: false
defaultRelayState string: Identifies a specific application resource in an IDP initiated SSO scenario.
destination string: Identifies the location where the SAML response is intended to be sent inside of the SAML assertion
digestAlgorithm string: Determines the digest algorithm used to digitally sign the SAML assertion and response
enduserNote string: Application notes for end users.
hideIos boolean: Do not display application icon on mobile app
hideWeb boolean: Do not display application icon to users
honorForceAuthn boolean: Prompt user to re-authenticate if SP asks for it. Default is: false
idpIssuer string: SAML issuer ID
implicitAssignment boolean: Early Access Property. Enable Federation Broker Mode.
inlineHookId string: Saml Inline Hook setting
keyName string: Certificate name. This modulates the rotation of keys. New name == new key. Required to be set with key_years_valid
keyYearsValid number: Number of years the certificate is valid (2 - 10 years).
logo string: Local file path to the logo. The file must be in PNG, JPG, or GIF format, and less than 1 MB in size.
preconfiguredApp string: Name of application from the Okta Integration Network. For instance 'slack'. If not included a custom app will be created. If not provided the following arguments are required: 'ssourl' 'recipient' 'destination' 'audience' 'subjectnameidtemplate' 'subjectnameidformat' 'signaturealgorithm' 'digestalgorithm' 'authncontextclassref'
recipient string: The location where the app may present the SAML assertion
requestCompressed boolean: Denotes whether the request is compressed or not.
responseSigned boolean: Determines whether the SAML auth response message is digitally signed
samlSignedRequestEnabled boolean: SAML Signed Request enabled
samlVersion string: SAML version for the app's sign-on mode. Valid values are: 2.0 or 1.1. Default is 2.0
signatureAlgorithm string: Signature algorithm used to digitally sign the assertion and response
singleLogoutCertificate string: x509 encoded certificate that the Service Provider uses to sign Single Logout requests. Note: should be provided without -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----, see official documentation.
singleLogoutIssuer string: The issuer of the Service Provider that generates the Single Logout request
singleLogoutUrl string: The location where the logout response is sent
spIssuer string: SAML SP issuer ID
ssoUrl string: Single Sign On URL
status string: Status of application. By default, it is ACTIVE
subjectNameIdFormat string: Identifies the SAML processing rules.
subjectNameIdTemplate string: Template for app user's username when a user is assigned to the app
userNameTemplate string: Username template. Default: ${source.login}
userNameTemplatePushStatus string: Push username on update. Valid values: PUSH and DONT_PUSH
userNameTemplateSuffix string: Username template suffix
userNameTemplateType string: Username template type. Default: BUILT_IN

label str: The Application's display name.
accessibility_error_redirect_url str: Custom error page URL
accessibility_login_redirect_url str: Custom login page URL
accessibility_self_service bool: Enable self service. Default is false
acs_endpoints Sequence[str]: An array of ACS endpoints. You can configure a maximum of 100 endpoints.
admin_note str: Application notes for admins.
app_links_json str: Displays specific appLinks for the app. The value for each application link should be boolean.
app_settings_json str: Application settings in JSON format
assertion_signed bool: Determines whether the SAML assertion is digitally signed
attribute_statements Sequence[SamlAttributeStatementArgs]
audience str: Audience Restriction
authentication_policy str: The ID of the associated app_signon_policy. If this property is removed from the application the default sign-on-policy will be associated with this application.y
authn_context_class_ref str: Identifies the SAML authentication context class for the assertion’s authentication statement
auto_submit_toolbar bool: Display auto submit toolbar. Default is: false
default_relay_state str: Identifies a specific application resource in an IDP initiated SSO scenario.
destination str: Identifies the location where the SAML response is intended to be sent inside of the SAML assertion
digest_algorithm str: Determines the digest algorithm used to digitally sign the SAML assertion and response
enduser_note str: Application notes for end users.
hide_ios bool: Do not display application icon on mobile app
hide_web bool: Do not display application icon to users
honor_force_authn bool: Prompt user to re-authenticate if SP asks for it. Default is: false
idp_issuer str: SAML issuer ID
implicit_assignment bool: Early Access Property. Enable Federation Broker Mode.
inline_hook_id str: Saml Inline Hook setting
key_name str: Certificate name. This modulates the rotation of keys. New name == new key. Required to be set with key_years_valid
key_years_valid int: Number of years the certificate is valid (2 - 10 years).
logo str: Local file path to the logo. The file must be in PNG, JPG, or GIF format, and less than 1 MB in size.
preconfigured_app str: Name of application from the Okta Integration Network. For instance 'slack'. If not included a custom app will be created. If not provided the following arguments are required: 'ssourl' 'recipient' 'destination' 'audience' 'subjectnameidtemplate' 'subjectnameidformat' 'signaturealgorithm' 'digestalgorithm' 'authncontextclassref'
recipient str: The location where the app may present the SAML assertion
request_compressed bool: Denotes whether the request is compressed or not.
response_signed bool: Determines whether the SAML auth response message is digitally signed
saml_signed_request_enabled bool: SAML Signed Request enabled
saml_version str: SAML version for the app's sign-on mode. Valid values are: 2.0 or 1.1. Default is 2.0
signature_algorithm str: Signature algorithm used to digitally sign the assertion and response
single_logout_certificate str: x509 encoded certificate that the Service Provider uses to sign Single Logout requests. Note: should be provided without -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----, see official documentation.
single_logout_issuer str: The issuer of the Service Provider that generates the Single Logout request
single_logout_url str: The location where the logout response is sent
sp_issuer str: SAML SP issuer ID
sso_url str: Single Sign On URL
status str: Status of application. By default, it is ACTIVE
subject_name_id_format str: Identifies the SAML processing rules.
subject_name_id_template str: Template for app user's username when a user is assigned to the app
user_name_template str: Username template. Default: ${source.login}
user_name_template_push_status str: Push username on update. Valid values: PUSH and DONT_PUSH
user_name_template_suffix str: Username template suffix
user_name_template_type str: Username template type. Default: BUILT_IN

label String: The Application's display name.
accessibilityErrorRedirectUrl String: Custom error page URL
accessibilityLoginRedirectUrl String: Custom login page URL
accessibilitySelfService Boolean: Enable self service. Default is false
acsEndpoints List<String>: An array of ACS endpoints. You can configure a maximum of 100 endpoints.
adminNote String: Application notes for admins.
appLinksJson String: Displays specific appLinks for the app. The value for each application link should be boolean.
appSettingsJson String: Application settings in JSON format
assertionSigned Boolean: Determines whether the SAML assertion is digitally signed
attributeStatements List<Property Map>
audience String: Audience Restriction
authenticationPolicy String: The ID of the associated app_signon_policy. If this property is removed from the application the default sign-on-policy will be associated with this application.y
authnContextClassRef String: Identifies the SAML authentication context class for the assertion’s authentication statement
autoSubmitToolbar Boolean: Display auto submit toolbar. Default is: false
defaultRelayState String: Identifies a specific application resource in an IDP initiated SSO scenario.
destination String: Identifies the location where the SAML response is intended to be sent inside of the SAML assertion
digestAlgorithm String: Determines the digest algorithm used to digitally sign the SAML assertion and response
enduserNote String: Application notes for end users.
hideIos Boolean: Do not display application icon on mobile app
hideWeb Boolean: Do not display application icon to users
honorForceAuthn Boolean: Prompt user to re-authenticate if SP asks for it. Default is: false
idpIssuer String: SAML issuer ID
implicitAssignment Boolean: Early Access Property. Enable Federation Broker Mode.
inlineHookId String: Saml Inline Hook setting
keyName String: Certificate name. This modulates the rotation of keys. New name == new key. Required to be set with key_years_valid
keyYearsValid Number: Number of years the certificate is valid (2 - 10 years).
logo String: Local file path to the logo. The file must be in PNG, JPG, or GIF format, and less than 1 MB in size.
preconfiguredApp String: Name of application from the Okta Integration Network. For instance 'slack'. If not included a custom app will be created. If not provided the following arguments are required: 'ssourl' 'recipient' 'destination' 'audience' 'subjectnameidtemplate' 'subjectnameidformat' 'signaturealgorithm' 'digestalgorithm' 'authncontextclassref'
recipient String: The location where the app may present the SAML assertion
requestCompressed Boolean: Denotes whether the request is compressed or not.
responseSigned Boolean: Determines whether the SAML auth response message is digitally signed
samlSignedRequestEnabled Boolean: SAML Signed Request enabled
samlVersion String: SAML version for the app's sign-on mode. Valid values are: 2.0 or 1.1. Default is 2.0
signatureAlgorithm String: Signature algorithm used to digitally sign the assertion and response
singleLogoutCertificate String: x509 encoded certificate that the Service Provider uses to sign Single Logout requests. Note: should be provided without -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----, see official documentation.
singleLogoutIssuer String: The issuer of the Service Provider that generates the Single Logout request
singleLogoutUrl String: The location where the logout response is sent
spIssuer String: SAML SP issuer ID
ssoUrl String: Single Sign On URL
status String: Status of application. By default, it is ACTIVE
subjectNameIdFormat String: Identifies the SAML processing rules.
subjectNameIdTemplate String: Template for app user's username when a user is assigned to the app
userNameTemplate String: Username template. Default: ${source.login}
userNameTemplatePushStatus String: Push username on update. Valid values: PUSH and DONT_PUSH
userNameTemplateSuffix String: Username template suffix
userNameTemplateType String: Username template type. Default: BUILT_IN

Outputs

All input properties are implicitly available as output properties. Additionally, the Saml resource produces the following output properties:

Certificate string: cert from SAML XML metadata payload
EmbedUrl string: The url that can be used to embed this application in other portals.
EntityKey string: Entity ID, the ID portion of the entity_url
EntityUrl string: Entity URL for instance http://www.okta.com/exk1fcia6d6EMsf331d8
Features List<string>: features to enable
HttpPostBinding string: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Post location from the SAML metadata.
HttpRedirectBinding string: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect location from the SAML metadata.
Id string: The provider-assigned unique ID for this managed resource.
KeyId string: Certificate ID
Keys List<SamlKey>: Application keys
LogoUrl string: URL of the application's logo
Metadata string: SAML xml metadata payload
MetadataUrl string: SAML xml metadata URL
Name string: Name of the app.
SignOnMode string: Sign on mode of application.

Certificate string: cert from SAML XML metadata payload
EmbedUrl string: The url that can be used to embed this application in other portals.
EntityKey string: Entity ID, the ID portion of the entity_url
EntityUrl string: Entity URL for instance http://www.okta.com/exk1fcia6d6EMsf331d8
Features []string: features to enable
HttpPostBinding string: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Post location from the SAML metadata.
HttpRedirectBinding string: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect location from the SAML metadata.
Id string: The provider-assigned unique ID for this managed resource.
KeyId string: Certificate ID
Keys []SamlKey: Application keys
LogoUrl string: URL of the application's logo
Metadata string: SAML xml metadata payload
MetadataUrl string: SAML xml metadata URL
Name string: Name of the app.
SignOnMode string: Sign on mode of application.

certificate String: cert from SAML XML metadata payload
embedUrl String: The url that can be used to embed this application in other portals.
entityKey String: Entity ID, the ID portion of the entity_url
entityUrl String: Entity URL for instance http://www.okta.com/exk1fcia6d6EMsf331d8
features List<String>: features to enable
httpPostBinding String: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Post location from the SAML metadata.
httpRedirectBinding String: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect location from the SAML metadata.
id String: The provider-assigned unique ID for this managed resource.
keyId String: Certificate ID
keys List<SamlKey>: Application keys
logoUrl String: URL of the application's logo
metadata String: SAML xml metadata payload
metadataUrl String: SAML xml metadata URL
name String: Name of the app.
signOnMode String: Sign on mode of application.

certificate string: cert from SAML XML metadata payload
embedUrl string: The url that can be used to embed this application in other portals.
entityKey string: Entity ID, the ID portion of the entity_url
entityUrl string: Entity URL for instance http://www.okta.com/exk1fcia6d6EMsf331d8
features string[]: features to enable
httpPostBinding string: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Post location from the SAML metadata.
httpRedirectBinding string: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect location from the SAML metadata.
id string: The provider-assigned unique ID for this managed resource.
keyId string: Certificate ID
keys SamlKey[]: Application keys
logoUrl string: URL of the application's logo
metadata string: SAML xml metadata payload
metadataUrl string: SAML xml metadata URL
name string: Name of the app.
signOnMode string: Sign on mode of application.

certificate str: cert from SAML XML metadata payload
embed_url str: The url that can be used to embed this application in other portals.
entity_key str: Entity ID, the ID portion of the entity_url
entity_url str: Entity URL for instance http://www.okta.com/exk1fcia6d6EMsf331d8
features Sequence[str]: features to enable
http_post_binding str: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Post location from the SAML metadata.
http_redirect_binding str: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect location from the SAML metadata.
id str: The provider-assigned unique ID for this managed resource.
key_id str: Certificate ID
keys Sequence[SamlKey]: Application keys
logo_url str: URL of the application's logo
metadata str: SAML xml metadata payload
metadata_url str: SAML xml metadata URL
name str: Name of the app.
sign_on_mode str: Sign on mode of application.

certificate String: cert from SAML XML metadata payload
embedUrl String: The url that can be used to embed this application in other portals.
entityKey String: Entity ID, the ID portion of the entity_url
entityUrl String: Entity URL for instance http://www.okta.com/exk1fcia6d6EMsf331d8
features List<String>: features to enable
httpPostBinding String: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Post location from the SAML metadata.
httpRedirectBinding String: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect location from the SAML metadata.
id String: The provider-assigned unique ID for this managed resource.
keyId String: Certificate ID
keys List<Property Map>: Application keys
logoUrl String: URL of the application's logo
metadata String: SAML xml metadata payload
metadataUrl String: SAML xml metadata URL
name String: Name of the app.
signOnMode String: Sign on mode of application.

Look up Existing Saml Resource

Get an existing Saml resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: SamlState, opts?: CustomResourceOptions): Saml

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        accessibility_error_redirect_url: Optional[str] = None,
        accessibility_login_redirect_url: Optional[str] = None,
        accessibility_self_service: Optional[bool] = None,
        acs_endpoints: Optional[Sequence[str]] = None,
        admin_note: Optional[str] = None,
        app_links_json: Optional[str] = None,
        app_settings_json: Optional[str] = None,
        assertion_signed: Optional[bool] = None,
        attribute_statements: Optional[Sequence[SamlAttributeStatementArgs]] = None,
        audience: Optional[str] = None,
        authentication_policy: Optional[str] = None,
        authn_context_class_ref: Optional[str] = None,
        auto_submit_toolbar: Optional[bool] = None,
        certificate: Optional[str] = None,
        default_relay_state: Optional[str] = None,
        destination: Optional[str] = None,
        digest_algorithm: Optional[str] = None,
        embed_url: Optional[str] = None,
        enduser_note: Optional[str] = None,
        entity_key: Optional[str] = None,
        entity_url: Optional[str] = None,
        features: Optional[Sequence[str]] = None,
        hide_ios: Optional[bool] = None,
        hide_web: Optional[bool] = None,
        honor_force_authn: Optional[bool] = None,
        http_post_binding: Optional[str] = None,
        http_redirect_binding: Optional[str] = None,
        idp_issuer: Optional[str] = None,
        implicit_assignment: Optional[bool] = None,
        inline_hook_id: Optional[str] = None,
        key_id: Optional[str] = None,
        key_name: Optional[str] = None,
        key_years_valid: Optional[int] = None,
        keys: Optional[Sequence[SamlKeyArgs]] = None,
        label: Optional[str] = None,
        logo: Optional[str] = None,
        logo_url: Optional[str] = None,
        metadata: Optional[str] = None,
        metadata_url: Optional[str] = None,
        name: Optional[str] = None,
        preconfigured_app: Optional[str] = None,
        recipient: Optional[str] = None,
        request_compressed: Optional[bool] = None,
        response_signed: Optional[bool] = None,
        saml_signed_request_enabled: Optional[bool] = None,
        saml_version: Optional[str] = None,
        sign_on_mode: Optional[str] = None,
        signature_algorithm: Optional[str] = None,
        single_logout_certificate: Optional[str] = None,
        single_logout_issuer: Optional[str] = None,
        single_logout_url: Optional[str] = None,
        sp_issuer: Optional[str] = None,
        sso_url: Optional[str] = None,
        status: Optional[str] = None,
        subject_name_id_format: Optional[str] = None,
        subject_name_id_template: Optional[str] = None,
        user_name_template: Optional[str] = None,
        user_name_template_push_status: Optional[str] = None,
        user_name_template_suffix: Optional[str] = None,
        user_name_template_type: Optional[str] = None) -> Saml

func GetSaml(ctx *Context, name string, id IDInput, state *SamlState, opts ...ResourceOption) (*Saml, error)

public static Saml Get(string name, Input<string> id, SamlState? state, CustomResourceOptions? opts = null)

public static Saml get(String name, Output<String> id, SamlState state, CustomResourceOptions options)

resources:  _:    type: okta:app:Saml    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AccessibilityErrorRedirectUrl string: Custom error page URL
AccessibilityLoginRedirectUrl string: Custom login page URL
AccessibilitySelfService bool: Enable self service. Default is false
AcsEndpoints List<string>: An array of ACS endpoints. You can configure a maximum of 100 endpoints.
AdminNote string: Application notes for admins.
AppLinksJson string: Displays specific appLinks for the app. The value for each application link should be boolean.
AppSettingsJson string: Application settings in JSON format
AssertionSigned bool: Determines whether the SAML assertion is digitally signed
AttributeStatements List<SamlAttributeStatement>
Audience string: Audience Restriction
AuthenticationPolicy string: The ID of the associated app_signon_policy. If this property is removed from the application the default sign-on-policy will be associated with this application.y
AuthnContextClassRef string: Identifies the SAML authentication context class for the assertion’s authentication statement
AutoSubmitToolbar bool: Display auto submit toolbar. Default is: false
Certificate string: cert from SAML XML metadata payload
DefaultRelayState string: Identifies a specific application resource in an IDP initiated SSO scenario.
Destination string: Identifies the location where the SAML response is intended to be sent inside of the SAML assertion
DigestAlgorithm string: Determines the digest algorithm used to digitally sign the SAML assertion and response
EmbedUrl string: The url that can be used to embed this application in other portals.
EnduserNote string: Application notes for end users.
EntityKey string: Entity ID, the ID portion of the entity_url
EntityUrl string: Entity URL for instance http://www.okta.com/exk1fcia6d6EMsf331d8
Features List<string>: features to enable
HideIos bool: Do not display application icon on mobile app
HideWeb bool: Do not display application icon to users
HonorForceAuthn bool: Prompt user to re-authenticate if SP asks for it. Default is: false
HttpPostBinding string: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Post location from the SAML metadata.
HttpRedirectBinding string: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect location from the SAML metadata.
IdpIssuer string: SAML issuer ID
ImplicitAssignment bool: Early Access Property. Enable Federation Broker Mode.
InlineHookId string: Saml Inline Hook setting
KeyId string: Certificate ID
KeyName string: Certificate name. This modulates the rotation of keys. New name == new key. Required to be set with key_years_valid
KeyYearsValid int: Number of years the certificate is valid (2 - 10 years).
Keys List<SamlKey>: Application keys
Label string: The Application's display name.
Logo string: Local file path to the logo. The file must be in PNG, JPG, or GIF format, and less than 1 MB in size.
LogoUrl string: URL of the application's logo
Metadata string: SAML xml metadata payload
MetadataUrl string: SAML xml metadata URL
Name string: Name of the app.
PreconfiguredApp string: Name of application from the Okta Integration Network. For instance 'slack'. If not included a custom app will be created. If not provided the following arguments are required: 'ssourl' 'recipient' 'destination' 'audience' 'subjectnameidtemplate' 'subjectnameidformat' 'signaturealgorithm' 'digestalgorithm' 'authncontextclassref'
Recipient string: The location where the app may present the SAML assertion
RequestCompressed bool: Denotes whether the request is compressed or not.
ResponseSigned bool: Determines whether the SAML auth response message is digitally signed
SamlSignedRequestEnabled bool: SAML Signed Request enabled
SamlVersion string: SAML version for the app's sign-on mode. Valid values are: 2.0 or 1.1. Default is 2.0
SignOnMode string: Sign on mode of application.
SignatureAlgorithm string: Signature algorithm used to digitally sign the assertion and response
SingleLogoutCertificate string: x509 encoded certificate that the Service Provider uses to sign Single Logout requests. Note: should be provided without -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----, see official documentation.
SingleLogoutIssuer string: The issuer of the Service Provider that generates the Single Logout request
SingleLogoutUrl string: The location where the logout response is sent
SpIssuer string: SAML SP issuer ID
SsoUrl string: Single Sign On URL
Status string: Status of application. By default, it is ACTIVE
SubjectNameIdFormat string: Identifies the SAML processing rules.
SubjectNameIdTemplate string: Template for app user's username when a user is assigned to the app
UserNameTemplate string: Username template. Default: ${source.login}
UserNameTemplatePushStatus string: Push username on update. Valid values: PUSH and DONT_PUSH
UserNameTemplateSuffix string: Username template suffix
UserNameTemplateType string: Username template type. Default: BUILT_IN

AccessibilityErrorRedirectUrl string: Custom error page URL
AccessibilityLoginRedirectUrl string: Custom login page URL
AccessibilitySelfService bool: Enable self service. Default is false
AcsEndpoints []string: An array of ACS endpoints. You can configure a maximum of 100 endpoints.
AdminNote string: Application notes for admins.
AppLinksJson string: Displays specific appLinks for the app. The value for each application link should be boolean.
AppSettingsJson string: Application settings in JSON format
AssertionSigned bool: Determines whether the SAML assertion is digitally signed
AttributeStatements []SamlAttributeStatementArgs
Audience string: Audience Restriction
AuthenticationPolicy string: The ID of the associated app_signon_policy. If this property is removed from the application the default sign-on-policy will be associated with this application.y
AuthnContextClassRef string: Identifies the SAML authentication context class for the assertion’s authentication statement
AutoSubmitToolbar bool: Display auto submit toolbar. Default is: false
Certificate string: cert from SAML XML metadata payload
DefaultRelayState string: Identifies a specific application resource in an IDP initiated SSO scenario.
Destination string: Identifies the location where the SAML response is intended to be sent inside of the SAML assertion
DigestAlgorithm string: Determines the digest algorithm used to digitally sign the SAML assertion and response
EmbedUrl string: The url that can be used to embed this application in other portals.
EnduserNote string: Application notes for end users.
EntityKey string: Entity ID, the ID portion of the entity_url
EntityUrl string: Entity URL for instance http://www.okta.com/exk1fcia6d6EMsf331d8
Features []string: features to enable
HideIos bool: Do not display application icon on mobile app
HideWeb bool: Do not display application icon to users
HonorForceAuthn bool: Prompt user to re-authenticate if SP asks for it. Default is: false
HttpPostBinding string: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Post location from the SAML metadata.
HttpRedirectBinding string: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect location from the SAML metadata.
IdpIssuer string: SAML issuer ID
ImplicitAssignment bool: Early Access Property. Enable Federation Broker Mode.
InlineHookId string: Saml Inline Hook setting
KeyId string: Certificate ID
KeyName string: Certificate name. This modulates the rotation of keys. New name == new key. Required to be set with key_years_valid
KeyYearsValid int: Number of years the certificate is valid (2 - 10 years).
Keys []SamlKeyArgs: Application keys
Label string: The Application's display name.
Logo string: Local file path to the logo. The file must be in PNG, JPG, or GIF format, and less than 1 MB in size.
LogoUrl string: URL of the application's logo
Metadata string: SAML xml metadata payload
MetadataUrl string: SAML xml metadata URL
Name string: Name of the app.
PreconfiguredApp string: Name of application from the Okta Integration Network. For instance 'slack'. If not included a custom app will be created. If not provided the following arguments are required: 'ssourl' 'recipient' 'destination' 'audience' 'subjectnameidtemplate' 'subjectnameidformat' 'signaturealgorithm' 'digestalgorithm' 'authncontextclassref'
Recipient string: The location where the app may present the SAML assertion
RequestCompressed bool: Denotes whether the request is compressed or not.
ResponseSigned bool: Determines whether the SAML auth response message is digitally signed
SamlSignedRequestEnabled bool: SAML Signed Request enabled
SamlVersion string: SAML version for the app's sign-on mode. Valid values are: 2.0 or 1.1. Default is 2.0
SignOnMode string: Sign on mode of application.
SignatureAlgorithm string: Signature algorithm used to digitally sign the assertion and response
SingleLogoutCertificate string: x509 encoded certificate that the Service Provider uses to sign Single Logout requests. Note: should be provided without -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----, see official documentation.
SingleLogoutIssuer string: The issuer of the Service Provider that generates the Single Logout request
SingleLogoutUrl string: The location where the logout response is sent
SpIssuer string: SAML SP issuer ID
SsoUrl string: Single Sign On URL
Status string: Status of application. By default, it is ACTIVE
SubjectNameIdFormat string: Identifies the SAML processing rules.
SubjectNameIdTemplate string: Template for app user's username when a user is assigned to the app
UserNameTemplate string: Username template. Default: ${source.login}
UserNameTemplatePushStatus string: Push username on update. Valid values: PUSH and DONT_PUSH
UserNameTemplateSuffix string: Username template suffix
UserNameTemplateType string: Username template type. Default: BUILT_IN

accessibilityErrorRedirectUrl String: Custom error page URL
accessibilityLoginRedirectUrl String: Custom login page URL
accessibilitySelfService Boolean: Enable self service. Default is false
acsEndpoints List<String>: An array of ACS endpoints. You can configure a maximum of 100 endpoints.
adminNote String: Application notes for admins.
appLinksJson String: Displays specific appLinks for the app. The value for each application link should be boolean.
appSettingsJson String: Application settings in JSON format
assertionSigned Boolean: Determines whether the SAML assertion is digitally signed
attributeStatements List<SamlAttributeStatement>
audience String: Audience Restriction
authenticationPolicy String: The ID of the associated app_signon_policy. If this property is removed from the application the default sign-on-policy will be associated with this application.y
authnContextClassRef String: Identifies the SAML authentication context class for the assertion’s authentication statement
autoSubmitToolbar Boolean: Display auto submit toolbar. Default is: false
certificate String: cert from SAML XML metadata payload
defaultRelayState String: Identifies a specific application resource in an IDP initiated SSO scenario.
destination String: Identifies the location where the SAML response is intended to be sent inside of the SAML assertion
digestAlgorithm String: Determines the digest algorithm used to digitally sign the SAML assertion and response
embedUrl String: The url that can be used to embed this application in other portals.
enduserNote String: Application notes for end users.
entityKey String: Entity ID, the ID portion of the entity_url
entityUrl String: Entity URL for instance http://www.okta.com/exk1fcia6d6EMsf331d8
features List<String>: features to enable
hideIos Boolean: Do not display application icon on mobile app
hideWeb Boolean: Do not display application icon to users
honorForceAuthn Boolean: Prompt user to re-authenticate if SP asks for it. Default is: false
httpPostBinding String: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Post location from the SAML metadata.
httpRedirectBinding String: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect location from the SAML metadata.
idpIssuer String: SAML issuer ID
implicitAssignment Boolean: Early Access Property. Enable Federation Broker Mode.
inlineHookId String: Saml Inline Hook setting
keyId String: Certificate ID
keyName String: Certificate name. This modulates the rotation of keys. New name == new key. Required to be set with key_years_valid
keyYearsValid Integer: Number of years the certificate is valid (2 - 10 years).
keys List<SamlKey>: Application keys
label String: The Application's display name.
logo String: Local file path to the logo. The file must be in PNG, JPG, or GIF format, and less than 1 MB in size.
logoUrl String: URL of the application's logo
metadata String: SAML xml metadata payload
metadataUrl String: SAML xml metadata URL
name String: Name of the app.
preconfiguredApp String: Name of application from the Okta Integration Network. For instance 'slack'. If not included a custom app will be created. If not provided the following arguments are required: 'ssourl' 'recipient' 'destination' 'audience' 'subjectnameidtemplate' 'subjectnameidformat' 'signaturealgorithm' 'digestalgorithm' 'authncontextclassref'
recipient String: The location where the app may present the SAML assertion
requestCompressed Boolean: Denotes whether the request is compressed or not.
responseSigned Boolean: Determines whether the SAML auth response message is digitally signed
samlSignedRequestEnabled Boolean: SAML Signed Request enabled
samlVersion String: SAML version for the app's sign-on mode. Valid values are: 2.0 or 1.1. Default is 2.0
signOnMode String: Sign on mode of application.
signatureAlgorithm String: Signature algorithm used to digitally sign the assertion and response
singleLogoutCertificate String: x509 encoded certificate that the Service Provider uses to sign Single Logout requests. Note: should be provided without -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----, see official documentation.
singleLogoutIssuer String: The issuer of the Service Provider that generates the Single Logout request
singleLogoutUrl String: The location where the logout response is sent
spIssuer String: SAML SP issuer ID
ssoUrl String: Single Sign On URL
status String: Status of application. By default, it is ACTIVE
subjectNameIdFormat String: Identifies the SAML processing rules.
subjectNameIdTemplate String: Template for app user's username when a user is assigned to the app
userNameTemplate String: Username template. Default: ${source.login}
userNameTemplatePushStatus String: Push username on update. Valid values: PUSH and DONT_PUSH
userNameTemplateSuffix String: Username template suffix
userNameTemplateType String: Username template type. Default: BUILT_IN

accessibilityErrorRedirectUrl string: Custom error page URL
accessibilityLoginRedirectUrl string: Custom login page URL
accessibilitySelfService boolean: Enable self service. Default is false
acsEndpoints string[]: An array of ACS endpoints. You can configure a maximum of 100 endpoints.
adminNote string: Application notes for admins.
appLinksJson string: Displays specific appLinks for the app. The value for each application link should be boolean.
appSettingsJson string: Application settings in JSON format
assertionSigned boolean: Determines whether the SAML assertion is digitally signed
attributeStatements SamlAttributeStatement[]
audience string: Audience Restriction
authenticationPolicy string: The ID of the associated app_signon_policy. If this property is removed from the application the default sign-on-policy will be associated with this application.y
authnContextClassRef string: Identifies the SAML authentication context class for the assertion’s authentication statement
autoSubmitToolbar boolean: Display auto submit toolbar. Default is: false
certificate string: cert from SAML XML metadata payload
defaultRelayState string: Identifies a specific application resource in an IDP initiated SSO scenario.
destination string: Identifies the location where the SAML response is intended to be sent inside of the SAML assertion
digestAlgorithm string: Determines the digest algorithm used to digitally sign the SAML assertion and response
embedUrl string: The url that can be used to embed this application in other portals.
enduserNote string: Application notes for end users.
entityKey string: Entity ID, the ID portion of the entity_url
entityUrl string: Entity URL for instance http://www.okta.com/exk1fcia6d6EMsf331d8
features string[]: features to enable
hideIos boolean: Do not display application icon on mobile app
hideWeb boolean: Do not display application icon to users
honorForceAuthn boolean: Prompt user to re-authenticate if SP asks for it. Default is: false
httpPostBinding string: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Post location from the SAML metadata.
httpRedirectBinding string: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect location from the SAML metadata.
idpIssuer string: SAML issuer ID
implicitAssignment boolean: Early Access Property. Enable Federation Broker Mode.
inlineHookId string: Saml Inline Hook setting
keyId string: Certificate ID
keyName string: Certificate name. This modulates the rotation of keys. New name == new key. Required to be set with key_years_valid
keyYearsValid number: Number of years the certificate is valid (2 - 10 years).
keys SamlKey[]: Application keys
label string: The Application's display name.
logo string: Local file path to the logo. The file must be in PNG, JPG, or GIF format, and less than 1 MB in size.
logoUrl string: URL of the application's logo
metadata string: SAML xml metadata payload
metadataUrl string: SAML xml metadata URL
name string: Name of the app.
preconfiguredApp string: Name of application from the Okta Integration Network. For instance 'slack'. If not included a custom app will be created. If not provided the following arguments are required: 'ssourl' 'recipient' 'destination' 'audience' 'subjectnameidtemplate' 'subjectnameidformat' 'signaturealgorithm' 'digestalgorithm' 'authncontextclassref'
recipient string: The location where the app may present the SAML assertion
requestCompressed boolean: Denotes whether the request is compressed or not.
responseSigned boolean: Determines whether the SAML auth response message is digitally signed
samlSignedRequestEnabled boolean: SAML Signed Request enabled
samlVersion string: SAML version for the app's sign-on mode. Valid values are: 2.0 or 1.1. Default is 2.0
signOnMode string: Sign on mode of application.
signatureAlgorithm string: Signature algorithm used to digitally sign the assertion and response
singleLogoutCertificate string: x509 encoded certificate that the Service Provider uses to sign Single Logout requests. Note: should be provided without -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----, see official documentation.
singleLogoutIssuer string: The issuer of the Service Provider that generates the Single Logout request
singleLogoutUrl string: The location where the logout response is sent
spIssuer string: SAML SP issuer ID
ssoUrl string: Single Sign On URL
status string: Status of application. By default, it is ACTIVE
subjectNameIdFormat string: Identifies the SAML processing rules.
subjectNameIdTemplate string: Template for app user's username when a user is assigned to the app
userNameTemplate string: Username template. Default: ${source.login}
userNameTemplatePushStatus string: Push username on update. Valid values: PUSH and DONT_PUSH
userNameTemplateSuffix string: Username template suffix
userNameTemplateType string: Username template type. Default: BUILT_IN

accessibility_error_redirect_url str: Custom error page URL
accessibility_login_redirect_url str: Custom login page URL
accessibility_self_service bool: Enable self service. Default is false
acs_endpoints Sequence[str]: An array of ACS endpoints. You can configure a maximum of 100 endpoints.
admin_note str: Application notes for admins.
app_links_json str: Displays specific appLinks for the app. The value for each application link should be boolean.
app_settings_json str: Application settings in JSON format
assertion_signed bool: Determines whether the SAML assertion is digitally signed
attribute_statements Sequence[SamlAttributeStatementArgs]
audience str: Audience Restriction
authentication_policy str: The ID of the associated app_signon_policy. If this property is removed from the application the default sign-on-policy will be associated with this application.y
authn_context_class_ref str: Identifies the SAML authentication context class for the assertion’s authentication statement
auto_submit_toolbar bool: Display auto submit toolbar. Default is: false
certificate str: cert from SAML XML metadata payload
default_relay_state str: Identifies a specific application resource in an IDP initiated SSO scenario.
destination str: Identifies the location where the SAML response is intended to be sent inside of the SAML assertion
digest_algorithm str: Determines the digest algorithm used to digitally sign the SAML assertion and response
embed_url str: The url that can be used to embed this application in other portals.
enduser_note str: Application notes for end users.
entity_key str: Entity ID, the ID portion of the entity_url
entity_url str: Entity URL for instance http://www.okta.com/exk1fcia6d6EMsf331d8
features Sequence[str]: features to enable
hide_ios bool: Do not display application icon on mobile app
hide_web bool: Do not display application icon to users
honor_force_authn bool: Prompt user to re-authenticate if SP asks for it. Default is: false
http_post_binding str: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Post location from the SAML metadata.
http_redirect_binding str: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect location from the SAML metadata.
idp_issuer str: SAML issuer ID
implicit_assignment bool: Early Access Property. Enable Federation Broker Mode.
inline_hook_id str: Saml Inline Hook setting
key_id str: Certificate ID
key_name str: Certificate name. This modulates the rotation of keys. New name == new key. Required to be set with key_years_valid
key_years_valid int: Number of years the certificate is valid (2 - 10 years).
keys Sequence[SamlKeyArgs]: Application keys
label str: The Application's display name.
logo str: Local file path to the logo. The file must be in PNG, JPG, or GIF format, and less than 1 MB in size.
logo_url str: URL of the application's logo
metadata str: SAML xml metadata payload
metadata_url str: SAML xml metadata URL
name str: Name of the app.
preconfigured_app str: Name of application from the Okta Integration Network. For instance 'slack'. If not included a custom app will be created. If not provided the following arguments are required: 'ssourl' 'recipient' 'destination' 'audience' 'subjectnameidtemplate' 'subjectnameidformat' 'signaturealgorithm' 'digestalgorithm' 'authncontextclassref'
recipient str: The location where the app may present the SAML assertion
request_compressed bool: Denotes whether the request is compressed or not.
response_signed bool: Determines whether the SAML auth response message is digitally signed
saml_signed_request_enabled bool: SAML Signed Request enabled
saml_version str: SAML version for the app's sign-on mode. Valid values are: 2.0 or 1.1. Default is 2.0
sign_on_mode str: Sign on mode of application.
signature_algorithm str: Signature algorithm used to digitally sign the assertion and response
single_logout_certificate str: x509 encoded certificate that the Service Provider uses to sign Single Logout requests. Note: should be provided without -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----, see official documentation.
single_logout_issuer str: The issuer of the Service Provider that generates the Single Logout request
single_logout_url str: The location where the logout response is sent
sp_issuer str: SAML SP issuer ID
sso_url str: Single Sign On URL
status str: Status of application. By default, it is ACTIVE
subject_name_id_format str: Identifies the SAML processing rules.
subject_name_id_template str: Template for app user's username when a user is assigned to the app
user_name_template str: Username template. Default: ${source.login}
user_name_template_push_status str: Push username on update. Valid values: PUSH and DONT_PUSH
user_name_template_suffix str: Username template suffix
user_name_template_type str: Username template type. Default: BUILT_IN

accessibilityErrorRedirectUrl String: Custom error page URL
accessibilityLoginRedirectUrl String: Custom login page URL
accessibilitySelfService Boolean: Enable self service. Default is false
acsEndpoints List<String>: An array of ACS endpoints. You can configure a maximum of 100 endpoints.
adminNote String: Application notes for admins.
appLinksJson String: Displays specific appLinks for the app. The value for each application link should be boolean.
appSettingsJson String: Application settings in JSON format
assertionSigned Boolean: Determines whether the SAML assertion is digitally signed
attributeStatements List<Property Map>
audience String: Audience Restriction
authenticationPolicy String: The ID of the associated app_signon_policy. If this property is removed from the application the default sign-on-policy will be associated with this application.y
authnContextClassRef String: Identifies the SAML authentication context class for the assertion’s authentication statement
autoSubmitToolbar Boolean: Display auto submit toolbar. Default is: false
certificate String: cert from SAML XML metadata payload
defaultRelayState String: Identifies a specific application resource in an IDP initiated SSO scenario.
destination String: Identifies the location where the SAML response is intended to be sent inside of the SAML assertion
digestAlgorithm String: Determines the digest algorithm used to digitally sign the SAML assertion and response
embedUrl String: The url that can be used to embed this application in other portals.
enduserNote String: Application notes for end users.
entityKey String: Entity ID, the ID portion of the entity_url
entityUrl String: Entity URL for instance http://www.okta.com/exk1fcia6d6EMsf331d8
features List<String>: features to enable
hideIos Boolean: Do not display application icon on mobile app
hideWeb Boolean: Do not display application icon to users
honorForceAuthn Boolean: Prompt user to re-authenticate if SP asks for it. Default is: false
httpPostBinding String: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Post location from the SAML metadata.
httpRedirectBinding String: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect location from the SAML metadata.
idpIssuer String: SAML issuer ID
implicitAssignment Boolean: Early Access Property. Enable Federation Broker Mode.
inlineHookId String: Saml Inline Hook setting
keyId String: Certificate ID
keyName String: Certificate name. This modulates the rotation of keys. New name == new key. Required to be set with key_years_valid
keyYearsValid Number: Number of years the certificate is valid (2 - 10 years).
keys List<Property Map>: Application keys
label String: The Application's display name.
logo String: Local file path to the logo. The file must be in PNG, JPG, or GIF format, and less than 1 MB in size.
logoUrl String: URL of the application's logo
metadata String: SAML xml metadata payload
metadataUrl String: SAML xml metadata URL
name String: Name of the app.
preconfiguredApp String: Name of application from the Okta Integration Network. For instance 'slack'. If not included a custom app will be created. If not provided the following arguments are required: 'ssourl' 'recipient' 'destination' 'audience' 'subjectnameidtemplate' 'subjectnameidformat' 'signaturealgorithm' 'digestalgorithm' 'authncontextclassref'
recipient String: The location where the app may present the SAML assertion
requestCompressed Boolean: Denotes whether the request is compressed or not.
responseSigned Boolean: Determines whether the SAML auth response message is digitally signed
samlSignedRequestEnabled Boolean: SAML Signed Request enabled
samlVersion String: SAML version for the app's sign-on mode. Valid values are: 2.0 or 1.1. Default is 2.0
signOnMode String: Sign on mode of application.
signatureAlgorithm String: Signature algorithm used to digitally sign the assertion and response
singleLogoutCertificate String: x509 encoded certificate that the Service Provider uses to sign Single Logout requests. Note: should be provided without -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----, see official documentation.
singleLogoutIssuer String: The issuer of the Service Provider that generates the Single Logout request
singleLogoutUrl String: The location where the logout response is sent
spIssuer String: SAML SP issuer ID
ssoUrl String: Single Sign On URL
status String: Status of application. By default, it is ACTIVE
subjectNameIdFormat String: Identifies the SAML processing rules.
subjectNameIdTemplate String: Template for app user's username when a user is assigned to the app
userNameTemplate String: Username template. Default: ${source.login}
userNameTemplatePushStatus String: Push username on update. Valid values: PUSH and DONT_PUSH
userNameTemplateSuffix String: Username template suffix
userNameTemplateType String: Username template type. Default: BUILT_IN

Supporting Types

SamlAttributeStatement, SamlAttributeStatementArgs

Name string: The reference name of the attribute statement
FilterType string: Type of group attribute filter. Valid values are: STARTS_WITH, EQUALS, CONTAINS, or REGEX
FilterValue string: Filter value to use
Namespace string: The attribute namespace. It can be set to urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified, urn:oasis:names:tc:SAML:2.0:attrname-format:uri, or urn:oasis:names:tc:SAML:2.0:attrname-format:basic
Type string: The type of attribute statements object
Values List<string>

Name string: The reference name of the attribute statement
FilterType string: Type of group attribute filter. Valid values are: STARTS_WITH, EQUALS, CONTAINS, or REGEX
FilterValue string: Filter value to use
Namespace string: The attribute namespace. It can be set to urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified, urn:oasis:names:tc:SAML:2.0:attrname-format:uri, or urn:oasis:names:tc:SAML:2.0:attrname-format:basic
Type string: The type of attribute statements object
Values []string

name String: The reference name of the attribute statement
filterType String: Type of group attribute filter. Valid values are: STARTS_WITH, EQUALS, CONTAINS, or REGEX
filterValue String: Filter value to use
namespace String: The attribute namespace. It can be set to urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified, urn:oasis:names:tc:SAML:2.0:attrname-format:uri, or urn:oasis:names:tc:SAML:2.0:attrname-format:basic
type String: The type of attribute statements object
values List<String>

name string: The reference name of the attribute statement
filterType string: Type of group attribute filter. Valid values are: STARTS_WITH, EQUALS, CONTAINS, or REGEX
filterValue string: Filter value to use
namespace string: The attribute namespace. It can be set to urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified, urn:oasis:names:tc:SAML:2.0:attrname-format:uri, or urn:oasis:names:tc:SAML:2.0:attrname-format:basic
type string: The type of attribute statements object
values string[]

name str: The reference name of the attribute statement
filter_type str: Type of group attribute filter. Valid values are: STARTS_WITH, EQUALS, CONTAINS, or REGEX
filter_value str: Filter value to use
namespace str: The attribute namespace. It can be set to urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified, urn:oasis:names:tc:SAML:2.0:attrname-format:uri, or urn:oasis:names:tc:SAML:2.0:attrname-format:basic
type str: The type of attribute statements object
values Sequence[str]

name String: The reference name of the attribute statement
filterType String: Type of group attribute filter. Valid values are: STARTS_WITH, EQUALS, CONTAINS, or REGEX
filterValue String: Filter value to use
namespace String: The attribute namespace. It can be set to urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified, urn:oasis:names:tc:SAML:2.0:attrname-format:uri, or urn:oasis:names:tc:SAML:2.0:attrname-format:basic
type String: The type of attribute statements object
values List<String>

SamlKey, SamlKeyArgs

Created string: Created date
E string: RSA exponent
ExpiresAt string: Expiration date
Kid string: Key ID
Kty string: Key type. Identifies the cryptographic algorithm family used with the key.
LastUpdated string: Last updated date
N string: RSA modulus
Use string: Intended use of the public key.
X5cs List<string>: X.509 Certificate Chain
X5tS256 string: X.509 certificate SHA-256 thumbprint

Created string: Created date
E string: RSA exponent
ExpiresAt string: Expiration date
Kid string: Key ID
Kty string: Key type. Identifies the cryptographic algorithm family used with the key.
LastUpdated string: Last updated date
N string: RSA modulus
Use string: Intended use of the public key.
X5cs []string: X.509 Certificate Chain
X5tS256 string: X.509 certificate SHA-256 thumbprint

created String: Created date
e String: RSA exponent
expiresAt String: Expiration date
kid String: Key ID
kty String: Key type. Identifies the cryptographic algorithm family used with the key.
lastUpdated String: Last updated date
n String: RSA modulus
use String: Intended use of the public key.
x5cs List<String>: X.509 Certificate Chain
x5tS256 String: X.509 certificate SHA-256 thumbprint

created string: Created date
e string: RSA exponent
expiresAt string: Expiration date
kid string: Key ID
kty string: Key type. Identifies the cryptographic algorithm family used with the key.
lastUpdated string: Last updated date
n string: RSA modulus
use string: Intended use of the public key.
x5cs string[]: X.509 Certificate Chain
x5tS256 string: X.509 certificate SHA-256 thumbprint

created str: Created date
e str: RSA exponent
expires_at str: Expiration date
kid str: Key ID
kty str: Key type. Identifies the cryptographic algorithm family used with the key.
last_updated str: Last updated date
n str: RSA modulus
use str: Intended use of the public key.
x5cs Sequence[str]: X.509 Certificate Chain
x5t_s256 str: X.509 certificate SHA-256 thumbprint

created String: Created date
e String: RSA exponent
expiresAt String: Expiration date
kid String: Key ID
kty String: Key type. Identifies the cryptographic algorithm family used with the key.
lastUpdated String: Last updated date
n String: RSA modulus
use String: Intended use of the public key.
x5cs List<String>: X.509 Certificate Chain
x5tS256 String: X.509 certificate SHA-256 thumbprint

Import

$ pulumi import okta:app/saml:Saml example <app_id>

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: Okta pulumi/pulumi-okta
License: Apache-2.0
Notes: This Pulumi package is based on the okta Terraform Provider.

Okta v4.15.0 published on Friday, Mar 7, 2025 by Pulumi

pulumi/pulumi-okta

okta.app.Saml

On this page

On this page

Create Saml Resource

Constructor syntax

Parameters

Constructor example

Saml Resource Properties

Inputs

Outputs

Look up Existing Saml Resource

Supporting Types

SamlAttributeStatement, SamlAttributeStatementArgs

SamlKey, SamlKeyArgs

Import

Package Details

On this page

On this page