Okta v4.15.0, Mar 7 25

Okta v4.15.0 published on Friday, Mar 7, 2025 by Pulumi

okta.group.Role

Explore with Pulumi AI

Okta v4.15.0 published on Friday, Mar 7, 2025 by Pulumi

Create Role Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new Role(name: string, args: RoleArgs, opts?: CustomResourceOptions);

@overload
def Role(resource_name: str,
         args: RoleArgs,
         opts: Optional[ResourceOptions] = None)

@overload
def Role(resource_name: str,
         opts: Optional[ResourceOptions] = None,
         group_id: Optional[str] = None,
         role_type: Optional[str] = None,
         disable_notifications: Optional[bool] = None,
         resource_set_id: Optional[str] = None,
         role_id: Optional[str] = None,
         target_app_lists: Optional[Sequence[str]] = None,
         target_group_lists: Optional[Sequence[str]] = None)

func NewRole(ctx *Context, name string, args RoleArgs, opts ...ResourceOption) (*Role, error)

public Role(string name, RoleArgs args, CustomResourceOptions? opts = null)

public Role(String name, RoleArgs args)
public Role(String name, RoleArgs args, CustomResourceOptions options)

type: okta:group:Role
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args RoleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args RoleArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args RoleArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args RoleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args RoleArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var roleResource = new Okta.Group.Role("roleResource", new()
{
    GroupId = "string",
    RoleType = "string",
    DisableNotifications = false,
    ResourceSetId = "string",
    RoleId = "string",
    TargetAppLists = new[]
    {
        "string",
    },
    TargetGroupLists = new[]
    {
        "string",
    },
});

example, err := group.NewRole(ctx, "roleResource", &group.RoleArgs{
	GroupId:              pulumi.String("string"),
	RoleType:             pulumi.String("string"),
	DisableNotifications: pulumi.Bool(false),
	ResourceSetId:        pulumi.String("string"),
	RoleId:               pulumi.String("string"),
	TargetAppLists: pulumi.StringArray{
		pulumi.String("string"),
	},
	TargetGroupLists: pulumi.StringArray{
		pulumi.String("string"),
	},
})

var roleResource = new Role("roleResource", RoleArgs.builder()
    .groupId("string")
    .roleType("string")
    .disableNotifications(false)
    .resourceSetId("string")
    .roleId("string")
    .targetAppLists("string")
    .targetGroupLists("string")
    .build());

role_resource = okta.group.Role("roleResource",
    group_id="string",
    role_type="string",
    disable_notifications=False,
    resource_set_id="string",
    role_id="string",
    target_app_lists=["string"],
    target_group_lists=["string"])

const roleResource = new okta.group.Role("roleResource", {
    groupId: "string",
    roleType: "string",
    disableNotifications: false,
    resourceSetId: "string",
    roleId: "string",
    targetAppLists: ["string"],
    targetGroupLists: ["string"],
});

type: okta:group:Role
properties:
    disableNotifications: false
    groupId: string
    resourceSetId: string
    roleId: string
    roleType: string
    targetAppLists:
        - string
    targetGroupLists:
        - string

Role Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The Role resource accepts the following input properties:

GroupId string: ID of group to attach admin roles to
RoleType string: Admin role assigned to the group. It can be any one of the following values: "API_ADMIN", "APP_ADMIN", "CUSTOM", "GROUP_MEMBERSHIP_ADMIN", "HELP_DESK_ADMIN", "MOBILE_ADMIN", "ORG_ADMIN", "READ_ONLY_ADMIN", "REPORT_ADMIN", "SUPER_ADMIN", "USER_ADMIN" . See API Docs. - "USER_ADMIN" is the Group Administrator.
DisableNotifications bool: When this setting is enabled, the admins won't receive any of the default Okta administrator emails. These admins also won't have access to contact Okta Support and open support cases on behalf of your org.
ResourceSetId string: Resource Set ID. Required for role_type = CUSTOM
RoleId string: Role ID. Required for role_type = CUSTOM
TargetAppLists List<string>: A list of app names (name represents set of app instances, like 'salesforce' or 'facebook'), or a combination of app name and app instance ID (like 'facebook.0oapsqQ6dv19pqyEo0g3') you would like as the targets of the admin role. - Only supported when used with the role type APP_ADMIN.
TargetGroupLists List<string>: A list of group IDs you would like as the targets of the admin role. - Only supported when used with the role types: GROUP_MEMBERSHIP_ADMIN, HELP_DESK_ADMIN, or USER_ADMIN.

GroupId string: ID of group to attach admin roles to
RoleType string: Admin role assigned to the group. It can be any one of the following values: "API_ADMIN", "APP_ADMIN", "CUSTOM", "GROUP_MEMBERSHIP_ADMIN", "HELP_DESK_ADMIN", "MOBILE_ADMIN", "ORG_ADMIN", "READ_ONLY_ADMIN", "REPORT_ADMIN", "SUPER_ADMIN", "USER_ADMIN" . See API Docs. - "USER_ADMIN" is the Group Administrator.
DisableNotifications bool: When this setting is enabled, the admins won't receive any of the default Okta administrator emails. These admins also won't have access to contact Okta Support and open support cases on behalf of your org.
ResourceSetId string: Resource Set ID. Required for role_type = CUSTOM
RoleId string: Role ID. Required for role_type = CUSTOM
TargetAppLists []string: A list of app names (name represents set of app instances, like 'salesforce' or 'facebook'), or a combination of app name and app instance ID (like 'facebook.0oapsqQ6dv19pqyEo0g3') you would like as the targets of the admin role. - Only supported when used with the role type APP_ADMIN.
TargetGroupLists []string: A list of group IDs you would like as the targets of the admin role. - Only supported when used with the role types: GROUP_MEMBERSHIP_ADMIN, HELP_DESK_ADMIN, or USER_ADMIN.

groupId String: ID of group to attach admin roles to
roleType String: Admin role assigned to the group. It can be any one of the following values: "API_ADMIN", "APP_ADMIN", "CUSTOM", "GROUP_MEMBERSHIP_ADMIN", "HELP_DESK_ADMIN", "MOBILE_ADMIN", "ORG_ADMIN", "READ_ONLY_ADMIN", "REPORT_ADMIN", "SUPER_ADMIN", "USER_ADMIN" . See API Docs. - "USER_ADMIN" is the Group Administrator.
disableNotifications Boolean: When this setting is enabled, the admins won't receive any of the default Okta administrator emails. These admins also won't have access to contact Okta Support and open support cases on behalf of your org.
resourceSetId String: Resource Set ID. Required for role_type = CUSTOM
roleId String: Role ID. Required for role_type = CUSTOM
targetAppLists List<String>: A list of app names (name represents set of app instances, like 'salesforce' or 'facebook'), or a combination of app name and app instance ID (like 'facebook.0oapsqQ6dv19pqyEo0g3') you would like as the targets of the admin role. - Only supported when used with the role type APP_ADMIN.
targetGroupLists List<String>: A list of group IDs you would like as the targets of the admin role. - Only supported when used with the role types: GROUP_MEMBERSHIP_ADMIN, HELP_DESK_ADMIN, or USER_ADMIN.

groupId string: ID of group to attach admin roles to
roleType string: Admin role assigned to the group. It can be any one of the following values: "API_ADMIN", "APP_ADMIN", "CUSTOM", "GROUP_MEMBERSHIP_ADMIN", "HELP_DESK_ADMIN", "MOBILE_ADMIN", "ORG_ADMIN", "READ_ONLY_ADMIN", "REPORT_ADMIN", "SUPER_ADMIN", "USER_ADMIN" . See API Docs. - "USER_ADMIN" is the Group Administrator.
disableNotifications boolean: When this setting is enabled, the admins won't receive any of the default Okta administrator emails. These admins also won't have access to contact Okta Support and open support cases on behalf of your org.
resourceSetId string: Resource Set ID. Required for role_type = CUSTOM
roleId string: Role ID. Required for role_type = CUSTOM
targetAppLists string[]: A list of app names (name represents set of app instances, like 'salesforce' or 'facebook'), or a combination of app name and app instance ID (like 'facebook.0oapsqQ6dv19pqyEo0g3') you would like as the targets of the admin role. - Only supported when used with the role type APP_ADMIN.
targetGroupLists string[]: A list of group IDs you would like as the targets of the admin role. - Only supported when used with the role types: GROUP_MEMBERSHIP_ADMIN, HELP_DESK_ADMIN, or USER_ADMIN.

group_id str: ID of group to attach admin roles to
role_type str: Admin role assigned to the group. It can be any one of the following values: "API_ADMIN", "APP_ADMIN", "CUSTOM", "GROUP_MEMBERSHIP_ADMIN", "HELP_DESK_ADMIN", "MOBILE_ADMIN", "ORG_ADMIN", "READ_ONLY_ADMIN", "REPORT_ADMIN", "SUPER_ADMIN", "USER_ADMIN" . See API Docs. - "USER_ADMIN" is the Group Administrator.
disable_notifications bool: When this setting is enabled, the admins won't receive any of the default Okta administrator emails. These admins also won't have access to contact Okta Support and open support cases on behalf of your org.
resource_set_id str: Resource Set ID. Required for role_type = CUSTOM
role_id str: Role ID. Required for role_type = CUSTOM
target_app_lists Sequence[str]: A list of app names (name represents set of app instances, like 'salesforce' or 'facebook'), or a combination of app name and app instance ID (like 'facebook.0oapsqQ6dv19pqyEo0g3') you would like as the targets of the admin role. - Only supported when used with the role type APP_ADMIN.
target_group_lists Sequence[str]: A list of group IDs you would like as the targets of the admin role. - Only supported when used with the role types: GROUP_MEMBERSHIP_ADMIN, HELP_DESK_ADMIN, or USER_ADMIN.

groupId String: ID of group to attach admin roles to
roleType String: Admin role assigned to the group. It can be any one of the following values: "API_ADMIN", "APP_ADMIN", "CUSTOM", "GROUP_MEMBERSHIP_ADMIN", "HELP_DESK_ADMIN", "MOBILE_ADMIN", "ORG_ADMIN", "READ_ONLY_ADMIN", "REPORT_ADMIN", "SUPER_ADMIN", "USER_ADMIN" . See API Docs. - "USER_ADMIN" is the Group Administrator.
disableNotifications Boolean: When this setting is enabled, the admins won't receive any of the default Okta administrator emails. These admins also won't have access to contact Okta Support and open support cases on behalf of your org.
resourceSetId String: Resource Set ID. Required for role_type = CUSTOM
roleId String: Role ID. Required for role_type = CUSTOM
targetAppLists List<String>: A list of app names (name represents set of app instances, like 'salesforce' or 'facebook'), or a combination of app name and app instance ID (like 'facebook.0oapsqQ6dv19pqyEo0g3') you would like as the targets of the admin role. - Only supported when used with the role type APP_ADMIN.
targetGroupLists List<String>: A list of group IDs you would like as the targets of the admin role. - Only supported when used with the role types: GROUP_MEMBERSHIP_ADMIN, HELP_DESK_ADMIN, or USER_ADMIN.

Outputs

All input properties are implicitly available as output properties. Additionally, the Role resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

Look up Existing Role Resource

Get an existing Role resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: RoleState, opts?: CustomResourceOptions): Role

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        disable_notifications: Optional[bool] = None,
        group_id: Optional[str] = None,
        resource_set_id: Optional[str] = None,
        role_id: Optional[str] = None,
        role_type: Optional[str] = None,
        target_app_lists: Optional[Sequence[str]] = None,
        target_group_lists: Optional[Sequence[str]] = None) -> Role

func GetRole(ctx *Context, name string, id IDInput, state *RoleState, opts ...ResourceOption) (*Role, error)

public static Role Get(string name, Input<string> id, RoleState? state, CustomResourceOptions? opts = null)

public static Role get(String name, Output<String> id, RoleState state, CustomResourceOptions options)

resources:  _:    type: okta:group:Role    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

DisableNotifications bool: When this setting is enabled, the admins won't receive any of the default Okta administrator emails. These admins also won't have access to contact Okta Support and open support cases on behalf of your org.
GroupId string: ID of group to attach admin roles to
ResourceSetId string: Resource Set ID. Required for role_type = CUSTOM
RoleId string: Role ID. Required for role_type = CUSTOM
RoleType string: Admin role assigned to the group. It can be any one of the following values: "API_ADMIN", "APP_ADMIN", "CUSTOM", "GROUP_MEMBERSHIP_ADMIN", "HELP_DESK_ADMIN", "MOBILE_ADMIN", "ORG_ADMIN", "READ_ONLY_ADMIN", "REPORT_ADMIN", "SUPER_ADMIN", "USER_ADMIN" . See API Docs. - "USER_ADMIN" is the Group Administrator.
TargetAppLists List<string>: A list of app names (name represents set of app instances, like 'salesforce' or 'facebook'), or a combination of app name and app instance ID (like 'facebook.0oapsqQ6dv19pqyEo0g3') you would like as the targets of the admin role. - Only supported when used with the role type APP_ADMIN.
TargetGroupLists List<string>: A list of group IDs you would like as the targets of the admin role. - Only supported when used with the role types: GROUP_MEMBERSHIP_ADMIN, HELP_DESK_ADMIN, or USER_ADMIN.

DisableNotifications bool: When this setting is enabled, the admins won't receive any of the default Okta administrator emails. These admins also won't have access to contact Okta Support and open support cases on behalf of your org.
GroupId string: ID of group to attach admin roles to
ResourceSetId string: Resource Set ID. Required for role_type = CUSTOM
RoleId string: Role ID. Required for role_type = CUSTOM
RoleType string: Admin role assigned to the group. It can be any one of the following values: "API_ADMIN", "APP_ADMIN", "CUSTOM", "GROUP_MEMBERSHIP_ADMIN", "HELP_DESK_ADMIN", "MOBILE_ADMIN", "ORG_ADMIN", "READ_ONLY_ADMIN", "REPORT_ADMIN", "SUPER_ADMIN", "USER_ADMIN" . See API Docs. - "USER_ADMIN" is the Group Administrator.
TargetAppLists []string: A list of app names (name represents set of app instances, like 'salesforce' or 'facebook'), or a combination of app name and app instance ID (like 'facebook.0oapsqQ6dv19pqyEo0g3') you would like as the targets of the admin role. - Only supported when used with the role type APP_ADMIN.
TargetGroupLists []string: A list of group IDs you would like as the targets of the admin role. - Only supported when used with the role types: GROUP_MEMBERSHIP_ADMIN, HELP_DESK_ADMIN, or USER_ADMIN.

disableNotifications Boolean: When this setting is enabled, the admins won't receive any of the default Okta administrator emails. These admins also won't have access to contact Okta Support and open support cases on behalf of your org.
groupId String: ID of group to attach admin roles to
resourceSetId String: Resource Set ID. Required for role_type = CUSTOM
roleId String: Role ID. Required for role_type = CUSTOM
roleType String: Admin role assigned to the group. It can be any one of the following values: "API_ADMIN", "APP_ADMIN", "CUSTOM", "GROUP_MEMBERSHIP_ADMIN", "HELP_DESK_ADMIN", "MOBILE_ADMIN", "ORG_ADMIN", "READ_ONLY_ADMIN", "REPORT_ADMIN", "SUPER_ADMIN", "USER_ADMIN" . See API Docs. - "USER_ADMIN" is the Group Administrator.
targetAppLists List<String>: A list of app names (name represents set of app instances, like 'salesforce' or 'facebook'), or a combination of app name and app instance ID (like 'facebook.0oapsqQ6dv19pqyEo0g3') you would like as the targets of the admin role. - Only supported when used with the role type APP_ADMIN.
targetGroupLists List<String>: A list of group IDs you would like as the targets of the admin role. - Only supported when used with the role types: GROUP_MEMBERSHIP_ADMIN, HELP_DESK_ADMIN, or USER_ADMIN.

disableNotifications boolean: When this setting is enabled, the admins won't receive any of the default Okta administrator emails. These admins also won't have access to contact Okta Support and open support cases on behalf of your org.
groupId string: ID of group to attach admin roles to
resourceSetId string: Resource Set ID. Required for role_type = CUSTOM
roleId string: Role ID. Required for role_type = CUSTOM
roleType string: Admin role assigned to the group. It can be any one of the following values: "API_ADMIN", "APP_ADMIN", "CUSTOM", "GROUP_MEMBERSHIP_ADMIN", "HELP_DESK_ADMIN", "MOBILE_ADMIN", "ORG_ADMIN", "READ_ONLY_ADMIN", "REPORT_ADMIN", "SUPER_ADMIN", "USER_ADMIN" . See API Docs. - "USER_ADMIN" is the Group Administrator.
targetAppLists string[]: A list of app names (name represents set of app instances, like 'salesforce' or 'facebook'), or a combination of app name and app instance ID (like 'facebook.0oapsqQ6dv19pqyEo0g3') you would like as the targets of the admin role. - Only supported when used with the role type APP_ADMIN.
targetGroupLists string[]: A list of group IDs you would like as the targets of the admin role. - Only supported when used with the role types: GROUP_MEMBERSHIP_ADMIN, HELP_DESK_ADMIN, or USER_ADMIN.

disable_notifications bool: When this setting is enabled, the admins won't receive any of the default Okta administrator emails. These admins also won't have access to contact Okta Support and open support cases on behalf of your org.
group_id str: ID of group to attach admin roles to
resource_set_id str: Resource Set ID. Required for role_type = CUSTOM
role_id str: Role ID. Required for role_type = CUSTOM
role_type str: Admin role assigned to the group. It can be any one of the following values: "API_ADMIN", "APP_ADMIN", "CUSTOM", "GROUP_MEMBERSHIP_ADMIN", "HELP_DESK_ADMIN", "MOBILE_ADMIN", "ORG_ADMIN", "READ_ONLY_ADMIN", "REPORT_ADMIN", "SUPER_ADMIN", "USER_ADMIN" . See API Docs. - "USER_ADMIN" is the Group Administrator.
target_app_lists Sequence[str]: A list of app names (name represents set of app instances, like 'salesforce' or 'facebook'), or a combination of app name and app instance ID (like 'facebook.0oapsqQ6dv19pqyEo0g3') you would like as the targets of the admin role. - Only supported when used with the role type APP_ADMIN.
target_group_lists Sequence[str]: A list of group IDs you would like as the targets of the admin role. - Only supported when used with the role types: GROUP_MEMBERSHIP_ADMIN, HELP_DESK_ADMIN, or USER_ADMIN.

disableNotifications Boolean: When this setting is enabled, the admins won't receive any of the default Okta administrator emails. These admins also won't have access to contact Okta Support and open support cases on behalf of your org.
groupId String: ID of group to attach admin roles to
resourceSetId String: Resource Set ID. Required for role_type = CUSTOM
roleId String: Role ID. Required for role_type = CUSTOM
roleType String: Admin role assigned to the group. It can be any one of the following values: "API_ADMIN", "APP_ADMIN", "CUSTOM", "GROUP_MEMBERSHIP_ADMIN", "HELP_DESK_ADMIN", "MOBILE_ADMIN", "ORG_ADMIN", "READ_ONLY_ADMIN", "REPORT_ADMIN", "SUPER_ADMIN", "USER_ADMIN" . See API Docs. - "USER_ADMIN" is the Group Administrator.
targetAppLists List<String>: A list of app names (name represents set of app instances, like 'salesforce' or 'facebook'), or a combination of app name and app instance ID (like 'facebook.0oapsqQ6dv19pqyEo0g3') you would like as the targets of the admin role. - Only supported when used with the role type APP_ADMIN.
targetGroupLists List<String>: A list of group IDs you would like as the targets of the admin role. - Only supported when used with the role types: GROUP_MEMBERSHIP_ADMIN, HELP_DESK_ADMIN, or USER_ADMIN.

Import

$ pulumi import okta:group/role:Role example <group_id>/<role_id>

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: Okta pulumi/pulumi-okta
License: Apache-2.0
Notes: This Pulumi package is based on the okta Terraform Provider.

Okta v4.15.0 published on Friday, Mar 7, 2025 by Pulumi

pulumi/pulumi-okta

okta.group.Role

On this page

On this page

Create Role Resource

Constructor syntax

Parameters

Constructor example

Role Resource Properties

Inputs

Outputs

Look up Existing Role Resource

Import

Package Details

On this page

On this page