cyral 4.16.3, Apr 14 25

cyral 4.16.3 published on Monday, Apr 14, 2025 by cyralinc

cyral.IntegrationIdpAad

Explore with Pulumi AI

cyral 4.16.3 published on Monday, Apr 14, 2025 by cyralinc

cyralinc/terraform-provider-cyral

# cyral.IntegrationIdpAad (Resource)
Example Usage
Integration with Default Configuration
Integration using SAML Configuration Data Source
Create IntegrationIdpAad Resource
Constructor syntax
Constructor example
IntegrationIdpAad Resource Properties
Inputs
Outputs
Look up Existing IntegrationIdpAad Resource
Supporting Types
Package Details

Request a Change

# cyral.IntegrationIdpAad (Resource)

DEPRECATED Use resource and data source cyral.IntegrationIdpSaml instead.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as cyral from "@pulumi/cyral";

const someResourceName = new cyral.IntegrationIdpAad("someResourceName", {samlp: {
    config: {
        singleSignOnServiceUrl: "some_sso_url",
    },
}});

import pulumi
import pulumi_cyral as cyral

some_resource_name = cyral.IntegrationIdpAad("someResourceName", samlp={
    "config": {
        "single_sign_on_service_url": "some_sso_url",
    },
})

package main

import (
	"github.com/pulumi/pulumi-terraform-provider/sdks/go/cyral/v4/cyral"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := cyral.NewIntegrationIdpAad(ctx, "someResourceName", &cyral.IntegrationIdpAadArgs{
			Samlp: &cyral.IntegrationIdpAadSamlpArgs{
				Config: &cyral.IntegrationIdpAadSamlpConfigArgs{
					SingleSignOnServiceUrl: pulumi.String("some_sso_url"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Cyral = Pulumi.Cyral;

return await Deployment.RunAsync(() => 
{
    var someResourceName = new Cyral.IntegrationIdpAad("someResourceName", new()
    {
        Samlp = new Cyral.Inputs.IntegrationIdpAadSamlpArgs
        {
            Config = new Cyral.Inputs.IntegrationIdpAadSamlpConfigArgs
            {
                SingleSignOnServiceUrl = "some_sso_url",
            },
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.cyral.IntegrationIdpAad;
import com.pulumi.cyral.IntegrationIdpAadArgs;
import com.pulumi.cyral.inputs.IntegrationIdpAadSamlpArgs;
import com.pulumi.cyral.inputs.IntegrationIdpAadSamlpConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var someResourceName = new IntegrationIdpAad("someResourceName", IntegrationIdpAadArgs.builder()
            .samlp(IntegrationIdpAadSamlpArgs.builder()
                .config(IntegrationIdpAadSamlpConfigArgs.builder()
                    .singleSignOnServiceUrl("some_sso_url")
                    .build())
                .build())
            .build());

    }
}

resources:
  someResourceName:
    type: cyral:IntegrationIdpAad
    properties:
      samlp:
        config:
          singleSignOnServiceUrl: some_sso_url

Integration using SAML Configuration Data Source

TypeScript
Python
Go
C#
Java
YAML

import * as pulumi from "@pulumi/pulumi";
import * as cyral from "@pulumi/cyral";

const someDataSourceName = cyral.getSamlConfiguration({
    samlMetadataUrl: "some_metadata_url",
});
const config = someDataSourceName;
const someResourceName = new cyral.IntegrationIdpAad("someResourceName", {samlp: {
    providerId: "saml",
    disabled: false,
    firstBrokerLoginFlowAlias: "SAML_First_Broker",
    postBrokerLoginFlowAlias: "",
    displayName: "Custom-AAD",
    storeToken: false,
    addReadTokenRoleOnCreate: false,
    trustEmail: false,
    linkOnly: false,
    config: {
        singleSignOnServiceUrl: config.then(config => config.singleSignOnServiceUrl),
        singleLogoutServiceUrl: Promise.all([config, config]).then(([config, config1]) => config.singleLogoutServiceUrl == "" ? undefined : config1.singleLogoutServiceUrl),
        disableUsingJwksUrl: config.then(config => config.disableUsingJwksUrl),
        syncMode: Promise.all([config, config]).then(([config, config1]) => config.syncMode == "" ? undefined : config1.syncMode),
        nameIdPolicyFormat: Promise.all([config, config]).then(([config, config1]) => config.nameIdPolicyFormat == "" ? undefined : config1.nameIdPolicyFormat),
        principalType: Promise.all([config, config]).then(([config, config1]) => config.principalType == "" ? undefined : config1.principalType),
        signatureType: Promise.all([config, config]).then(([config, config1]) => config.signatureType == "" ? undefined : config1.signatureType),
        samlXmlKeyNameTranformer: Promise.all([config, config]).then(([config, config1]) => config.samlXmlKeyNameTranformer == "" ? undefined : config1.samlXmlKeyNameTranformer),
        hideOnLoginPage: config.then(config => config.hideOnLoginPage),
        backChannelSupported: config.then(config => config.backChannelSupported),
        disablePostBindingResponse: config.then(config => config.disablePostBindingResponse),
        disablePostBindingAuthnRequest: config.then(config => config.disablePostBindingAuthnRequest),
        disablePostBindingLogout: config.then(config => config.disablePostBindingLogout),
        wantAssertionsEncrypted: config.then(config => config.wantAssertionsEncrypted),
        disableForceAuthentication: config.then(config => config.disableForceAuthentication),
        guiOrder: Promise.all([config, config]).then(([config, config1]) => config.guiOrder == "" ? undefined : config1.guiOrder),
        xmlSigKeyInfoKeyNameTransformer: Promise.all([config, config]).then(([config, config1]) => config.xmlSigKeyInfoKeyNameTransformer == "" ? undefined : config1.xmlSigKeyInfoKeyNameTransformer),
        signingCertificate: Promise.all([config, config]).then(([config, config1]) => config.signingCertificate == "" ? undefined : config1.signingCertificate),
        allowedClockSkew: config.then(config => config.allowedClockSkew),
        samlMetadataUrl: Promise.all([config, config]).then(([config, config1]) => config.samlMetadataUrl == "" ? undefined : config1.samlMetadataUrl),
        base64SamlMetadataDocument: Promise.all([config, config]).then(([config, config1]) => config.base64SamlMetadataDocument == "" ? undefined : config1.base64SamlMetadataDocument),
        ldapGroupAttribute: Promise.all([config, config]).then(([config, config1]) => config.ldapGroupAttribute == "" ? undefined : config1.ldapGroupAttribute),
    },
}});

import pulumi
import pulumi_cyral as cyral

some_data_source_name = cyral.get_saml_configuration(saml_metadata_url="some_metadata_url")
config = some_data_source_name
some_resource_name = cyral.IntegrationIdpAad("someResourceName", samlp={
    "provider_id": "saml",
    "disabled": False,
    "first_broker_login_flow_alias": "SAML_First_Broker",
    "post_broker_login_flow_alias": "",
    "display_name": "Custom-AAD",
    "store_token": False,
    "add_read_token_role_on_create": False,
    "trust_email": False,
    "link_only": False,
    "config": {
        "single_sign_on_service_url": config.single_sign_on_service_url,
        "single_logout_service_url": None if config.single_logout_service_url == "" else config.single_logout_service_url,
        "disable_using_jwks_url": config.disable_using_jwks_url,
        "sync_mode": None if config.sync_mode == "" else config.sync_mode,
        "name_id_policy_format": None if config.name_id_policy_format == "" else config.name_id_policy_format,
        "principal_type": None if config.principal_type == "" else config.principal_type,
        "signature_type": None if config.signature_type == "" else config.signature_type,
        "saml_xml_key_name_tranformer": None if config.saml_xml_key_name_tranformer == "" else config.saml_xml_key_name_tranformer,
        "hide_on_login_page": config.hide_on_login_page,
        "back_channel_supported": config.back_channel_supported,
        "disable_post_binding_response": config.disable_post_binding_response,
        "disable_post_binding_authn_request": config.disable_post_binding_authn_request,
        "disable_post_binding_logout": config.disable_post_binding_logout,
        "want_assertions_encrypted": config.want_assertions_encrypted,
        "disable_force_authentication": config.disable_force_authentication,
        "gui_order": None if config.gui_order == "" else config.gui_order,
        "xml_sig_key_info_key_name_transformer": None if config.xml_sig_key_info_key_name_transformer == "" else config.xml_sig_key_info_key_name_transformer,
        "signing_certificate": None if config.signing_certificate == "" else config.signing_certificate,
        "allowed_clock_skew": config.allowed_clock_skew,
        "saml_metadata_url": None if config.saml_metadata_url == "" else config.saml_metadata_url,
        "base64_saml_metadata_document": None if config.base64_saml_metadata_document == "" else config.base64_saml_metadata_document,
        "ldap_group_attribute": None if config.ldap_group_attribute == "" else config.ldap_group_attribute,
    },
})

package main

import (
	"github.com/pulumi/pulumi-terraform-provider/sdks/go/cyral/v4/cyral"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		someDataSourceName, err := cyral.GetSamlConfiguration(ctx, &cyral.GetSamlConfigurationArgs{
			SamlMetadataUrl: pulumi.StringRef("some_metadata_url"),
		}, nil)
		if err != nil {
			return err
		}
		config := someDataSourceName
		var tmp0 pulumi.String
		if config.SingleLogoutServiceUrl == "" {
			tmp0 = nil
		} else {
			tmp0 = pulumi.String(config.SingleLogoutServiceUrl)
		}
		var tmp1 pulumi.String
		if config.SyncMode == "" {
			tmp1 = nil
		} else {
			tmp1 = pulumi.String(config.SyncMode)
		}
		var tmp2 pulumi.String
		if config.NameIdPolicyFormat == "" {
			tmp2 = nil
		} else {
			tmp2 = pulumi.String(config.NameIdPolicyFormat)
		}
		var tmp3 pulumi.String
		if config.PrincipalType == "" {
			tmp3 = nil
		} else {
			tmp3 = pulumi.String(config.PrincipalType)
		}
		var tmp4 pulumi.String
		if config.SignatureType == "" {
			tmp4 = nil
		} else {
			tmp4 = pulumi.String(config.SignatureType)
		}
		var tmp5 pulumi.String
		if config.SamlXmlKeyNameTranformer == "" {
			tmp5 = nil
		} else {
			tmp5 = pulumi.String(config.SamlXmlKeyNameTranformer)
		}
		var tmp6 pulumi.String
		if config.GuiOrder == "" {
			tmp6 = nil
		} else {
			tmp6 = pulumi.String(config.GuiOrder)
		}
		var tmp7 pulumi.String
		if config.XmlSigKeyInfoKeyNameTransformer == "" {
			tmp7 = nil
		} else {
			tmp7 = pulumi.String(config.XmlSigKeyInfoKeyNameTransformer)
		}
		var tmp8 pulumi.String
		if config.SigningCertificate == "" {
			tmp8 = nil
		} else {
			tmp8 = pulumi.String(config.SigningCertificate)
		}
		var tmp9 pulumi.String
		if config.SamlMetadataUrl == "" {
			tmp9 = nil
		} else {
			tmp9 = pulumi.String(config.SamlMetadataUrl)
		}
		var tmp10 pulumi.String
		if config.Base64SamlMetadataDocument == "" {
			tmp10 = nil
		} else {
			tmp10 = pulumi.String(config.Base64SamlMetadataDocument)
		}
		var tmp11 pulumi.String
		if config.LdapGroupAttribute == "" {
			tmp11 = nil
		} else {
			tmp11 = pulumi.String(config.LdapGroupAttribute)
		}
		_, err = cyral.NewIntegrationIdpAad(ctx, "someResourceName", &cyral.IntegrationIdpAadArgs{
			Samlp: &cyral.IntegrationIdpAadSamlpArgs{
				ProviderId:                pulumi.String("saml"),
				Disabled:                  pulumi.Bool(false),
				FirstBrokerLoginFlowAlias: pulumi.String("SAML_First_Broker"),
				PostBrokerLoginFlowAlias:  pulumi.String(""),
				DisplayName:               pulumi.String("Custom-AAD"),
				StoreToken:                pulumi.Bool(false),
				AddReadTokenRoleOnCreate:  pulumi.Bool(false),
				TrustEmail:                pulumi.Bool(false),
				LinkOnly:                  pulumi.Bool(false),
				Config: &cyral.IntegrationIdpAadSamlpConfigArgs{
					SingleSignOnServiceUrl:          pulumi.String(config.SingleSignOnServiceUrl),
					SingleLogoutServiceUrl:          pulumi.String(tmp0),
					DisableUsingJwksUrl:             pulumi.Bool(config.DisableUsingJwksUrl),
					SyncMode:                        pulumi.String(tmp1),
					NameIdPolicyFormat:              pulumi.String(tmp2),
					PrincipalType:                   pulumi.String(tmp3),
					SignatureType:                   pulumi.String(tmp4),
					SamlXmlKeyNameTranformer:        pulumi.String(tmp5),
					HideOnLoginPage:                 pulumi.Bool(config.HideOnLoginPage),
					BackChannelSupported:            pulumi.Bool(config.BackChannelSupported),
					DisablePostBindingResponse:      pulumi.Bool(config.DisablePostBindingResponse),
					DisablePostBindingAuthnRequest:  pulumi.Bool(config.DisablePostBindingAuthnRequest),
					DisablePostBindingLogout:        pulumi.Bool(config.DisablePostBindingLogout),
					WantAssertionsEncrypted:         pulumi.Bool(config.WantAssertionsEncrypted),
					DisableForceAuthentication:      pulumi.Bool(config.DisableForceAuthentication),
					GuiOrder:                        pulumi.String(tmp6),
					XmlSigKeyInfoKeyNameTransformer: pulumi.String(tmp7),
					SigningCertificate:              pulumi.String(tmp8),
					AllowedClockSkew:                pulumi.Float64(config.AllowedClockSkew),
					SamlMetadataUrl:                 pulumi.String(tmp9),
					Base64SamlMetadataDocument:      pulumi.String(tmp10),
					LdapGroupAttribute:              pulumi.String(tmp11),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Cyral = Pulumi.Cyral;

return await Deployment.RunAsync(() => 
{
    var someDataSourceName = Cyral.GetSamlConfiguration.Invoke(new()
    {
        SamlMetadataUrl = "some_metadata_url",
    });

    var config = someDataSourceName;

    var someResourceName = new Cyral.IntegrationIdpAad("someResourceName", new()
    {
        Samlp = new Cyral.Inputs.IntegrationIdpAadSamlpArgs
        {
            ProviderId = "saml",
            Disabled = false,
            FirstBrokerLoginFlowAlias = "SAML_First_Broker",
            PostBrokerLoginFlowAlias = "",
            DisplayName = "Custom-AAD",
            StoreToken = false,
            AddReadTokenRoleOnCreate = false,
            TrustEmail = false,
            LinkOnly = false,
            Config = new Cyral.Inputs.IntegrationIdpAadSamlpConfigArgs
            {
                SingleSignOnServiceUrl = config.Apply(config => config.SingleSignOnServiceUrl),
                SingleLogoutServiceUrl = Output.Tuple(config, config).Apply(values =>
                {
                    var config = values.Item1;
                    var config1 = values.Item2;
                    return config.SingleLogoutServiceUrl == "" ? null : config1.SingleLogoutServiceUrl;
                }),
                DisableUsingJwksUrl = config.Apply(config => config.DisableUsingJwksUrl),
                SyncMode = Output.Tuple(config, config).Apply(values =>
                {
                    var config = values.Item1;
                    var config1 = values.Item2;
                    return config.SyncMode == "" ? null : config1.SyncMode;
                }),
                NameIdPolicyFormat = Output.Tuple(config, config).Apply(values =>
                {
                    var config = values.Item1;
                    var config1 = values.Item2;
                    return config.NameIdPolicyFormat == "" ? null : config1.NameIdPolicyFormat;
                }),
                PrincipalType = Output.Tuple(config, config).Apply(values =>
                {
                    var config = values.Item1;
                    var config1 = values.Item2;
                    return config.PrincipalType == "" ? null : config1.PrincipalType;
                }),
                SignatureType = Output.Tuple(config, config).Apply(values =>
                {
                    var config = values.Item1;
                    var config1 = values.Item2;
                    return config.SignatureType == "" ? null : config1.SignatureType;
                }),
                SamlXmlKeyNameTranformer = Output.Tuple(config, config).Apply(values =>
                {
                    var config = values.Item1;
                    var config1 = values.Item2;
                    return config.SamlXmlKeyNameTranformer == "" ? null : config1.SamlXmlKeyNameTranformer;
                }),
                HideOnLoginPage = config.Apply(config => config.HideOnLoginPage),
                BackChannelSupported = config.Apply(config => config.BackChannelSupported),
                DisablePostBindingResponse = config.Apply(config => config.DisablePostBindingResponse),
                DisablePostBindingAuthnRequest = config.Apply(config => config.DisablePostBindingAuthnRequest),
                DisablePostBindingLogout = config.Apply(config => config.DisablePostBindingLogout),
                WantAssertionsEncrypted = config.Apply(config => config.WantAssertionsEncrypted),
                DisableForceAuthentication = config.Apply(config => config.DisableForceAuthentication),
                GuiOrder = Output.Tuple(config, config).Apply(values =>
                {
                    var config = values.Item1;
                    var config1 = values.Item2;
                    return config.GuiOrder == "" ? null : config1.GuiOrder;
                }),
                XmlSigKeyInfoKeyNameTransformer = Output.Tuple(config, config).Apply(values =>
                {
                    var config = values.Item1;
                    var config1 = values.Item2;
                    return config.XmlSigKeyInfoKeyNameTransformer == "" ? null : config1.XmlSigKeyInfoKeyNameTransformer;
                }),
                SigningCertificate = Output.Tuple(config, config).Apply(values =>
                {
                    var config = values.Item1;
                    var config1 = values.Item2;
                    return config.SigningCertificate == "" ? null : config1.SigningCertificate;
                }),
                AllowedClockSkew = config.Apply(config => config.AllowedClockSkew),
                SamlMetadataUrl = Output.Tuple(config, config).Apply(values =>
                {
                    var config = values.Item1;
                    var config1 = values.Item2;
                    return config.SamlMetadataUrl == "" ? null : config1.SamlMetadataUrl;
                }),
                Base64SamlMetadataDocument = Output.Tuple(config, config).Apply(values =>
                {
                    var config = values.Item1;
                    var config1 = values.Item2;
                    return config.Base64SamlMetadataDocument == "" ? null : config1.Base64SamlMetadataDocument;
                }),
                LdapGroupAttribute = Output.Tuple(config, config).Apply(values =>
                {
                    var config = values.Item1;
                    var config1 = values.Item2;
                    return config.LdapGroupAttribute == "" ? null : config1.LdapGroupAttribute;
                }),
            },
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.cyral.CyralFunctions;
import com.pulumi.cyral.inputs.GetSamlConfigurationArgs;
import com.pulumi.cyral.IntegrationIdpAad;
import com.pulumi.cyral.IntegrationIdpAadArgs;
import com.pulumi.cyral.inputs.IntegrationIdpAadSamlpArgs;
import com.pulumi.cyral.inputs.IntegrationIdpAadSamlpConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var someDataSourceName = CyralFunctions.getSamlConfiguration(GetSamlConfigurationArgs.builder()
            .samlMetadataUrl("some_metadata_url")
            .build());

        final var config = someDataSourceName.applyValue(getSamlConfigurationResult -> getSamlConfigurationResult);

        var someResourceName = new IntegrationIdpAad("someResourceName", IntegrationIdpAadArgs.builder()
            .samlp(IntegrationIdpAadSamlpArgs.builder()
                .providerId("saml")
                .disabled(false)
                .firstBrokerLoginFlowAlias("SAML_First_Broker")
                .postBrokerLoginFlowAlias("")
                .displayName("Custom-AAD")
                .storeToken(false)
                .addReadTokenRoleOnCreate(false)
                .trustEmail(false)
                .linkOnly(false)
                .config(IntegrationIdpAadSamlpConfigArgs.builder()
                    .singleSignOnServiceUrl(config.singleSignOnServiceUrl())
                    .singleLogoutServiceUrl(config.singleLogoutServiceUrl() == "" ? null : config.singleLogoutServiceUrl())
                    .disableUsingJwksUrl(config.disableUsingJwksUrl())
                    .syncMode(config.syncMode() == "" ? null : config.syncMode())
                    .nameIdPolicyFormat(config.nameIdPolicyFormat() == "" ? null : config.nameIdPolicyFormat())
                    .principalType(config.principalType() == "" ? null : config.principalType())
                    .signatureType(config.signatureType() == "" ? null : config.signatureType())
                    .samlXmlKeyNameTranformer(config.samlXmlKeyNameTranformer() == "" ? null : config.samlXmlKeyNameTranformer())
                    .hideOnLoginPage(config.hideOnLoginPage())
                    .backChannelSupported(config.backChannelSupported())
                    .disablePostBindingResponse(config.disablePostBindingResponse())
                    .disablePostBindingAuthnRequest(config.disablePostBindingAuthnRequest())
                    .disablePostBindingLogout(config.disablePostBindingLogout())
                    .wantAssertionsEncrypted(config.wantAssertionsEncrypted())
                    .disableForceAuthentication(config.disableForceAuthentication())
                    .guiOrder(config.guiOrder() == "" ? null : config.guiOrder())
                    .xmlSigKeyInfoKeyNameTransformer(config.xmlSigKeyInfoKeyNameTransformer() == "" ? null : config.xmlSigKeyInfoKeyNameTransformer())
                    .signingCertificate(config.signingCertificate() == "" ? null : config.signingCertificate())
                    .allowedClockSkew(config.allowedClockSkew())
                    .samlMetadataUrl(config.samlMetadataUrl() == "" ? null : config.samlMetadataUrl())
                    .base64SamlMetadataDocument(config.base64SamlMetadataDocument() == "" ? null : config.base64SamlMetadataDocument())
                    .ldapGroupAttribute(config.ldapGroupAttribute() == "" ? null : config.ldapGroupAttribute())
                    .build())
                .build())
            .build());

    }
}

Coming soon!

When using the SAML Configuration Data Source to configure this IdP Integration resource, consider verifying if the string attributes are empty like in the example above so that the resource arguments can be used with their default values, instead of setting them as empty.

Create IntegrationIdpAad Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

TypeScript
Python
Go
C#
Java
YAML

new IntegrationIdpAad(name: string, args: IntegrationIdpAadArgs, opts?: CustomResourceOptions);

@overload
def IntegrationIdpAad(resource_name: str,
                      args: IntegrationIdpAadArgs,
                      opts: Optional[ResourceOptions] = None)

@overload
def IntegrationIdpAad(resource_name: str,
                      opts: Optional[ResourceOptions] = None,
                      samlp: Optional[IntegrationIdpAadSamlpArgs] = None,
                      draft_alias: Optional[str] = None)

func NewIntegrationIdpAad(ctx *Context, name string, args IntegrationIdpAadArgs, opts ...ResourceOption) (*IntegrationIdpAad, error)

public IntegrationIdpAad(string name, IntegrationIdpAadArgs args, CustomResourceOptions? opts = null)

public IntegrationIdpAad(String name, IntegrationIdpAadArgs args)
public IntegrationIdpAad(String name, IntegrationIdpAadArgs args, CustomResourceOptions options)

type: cyral:IntegrationIdpAad
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args IntegrationIdpAadArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args IntegrationIdpAadArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args IntegrationIdpAadArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args IntegrationIdpAadArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args IntegrationIdpAadArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

TypeScript
Python
Go
C#
Java
YAML

var integrationIdpAadResource = new Cyral.IntegrationIdpAad("integrationIdpAadResource", new()
{
    Samlp = new Cyral.Inputs.IntegrationIdpAadSamlpArgs
    {
        Config = new Cyral.Inputs.IntegrationIdpAadSamlpConfigArgs
        {
            SingleSignOnServiceUrl = "string",
            LdapGroupAttribute = "string",
            PrincipalType = "string",
            DisableForceAuthentication = false,
            DisablePostBindingAuthnRequest = false,
            DisablePostBindingLogout = false,
            DisablePostBindingResponse = false,
            DisableUsingJwksUrl = false,
            GuiOrder = "string",
            HideOnLoginPage = false,
            AllowedClockSkew = 0,
            Base64SamlMetadataDocument = "string",
            SamlMetadataUrl = "string",
            NameIdPolicyFormat = "string",
            SamlXmlKeyNameTranformer = "string",
            SignatureType = "string",
            SigningCertificate = "string",
            SingleLogoutServiceUrl = "string",
            BackChannelSupported = false,
            SyncMode = "string",
            WantAssertionsEncrypted = false,
            XmlSigKeyInfoKeyNameTransformer = "string",
        },
        AddReadTokenRoleOnCreate = false,
        Disabled = false,
        DisplayName = "string",
        FirstBrokerLoginFlowAlias = "string",
        InternalId = "string",
        LinkOnly = false,
        PostBrokerLoginFlowAlias = "string",
        ProviderId = "string",
        StoreToken = false,
        TrustEmail = false,
    },
    DraftAlias = "string",
});

example, err := cyral.NewIntegrationIdpAad(ctx, "integrationIdpAadResource", &cyral.IntegrationIdpAadArgs{
Samlp: &.IntegrationIdpAadSamlpArgs{
Config: &.IntegrationIdpAadSamlpConfigArgs{
SingleSignOnServiceUrl: pulumi.String("string"),
LdapGroupAttribute: pulumi.String("string"),
PrincipalType: pulumi.String("string"),
DisableForceAuthentication: pulumi.Bool(false),
DisablePostBindingAuthnRequest: pulumi.Bool(false),
DisablePostBindingLogout: pulumi.Bool(false),
DisablePostBindingResponse: pulumi.Bool(false),
DisableUsingJwksUrl: pulumi.Bool(false),
GuiOrder: pulumi.String("string"),
HideOnLoginPage: pulumi.Bool(false),
AllowedClockSkew: pulumi.Float64(0),
Base64SamlMetadataDocument: pulumi.String("string"),
SamlMetadataUrl: pulumi.String("string"),
NameIdPolicyFormat: pulumi.String("string"),
SamlXmlKeyNameTranformer: pulumi.String("string"),
SignatureType: pulumi.String("string"),
SigningCertificate: pulumi.String("string"),
SingleLogoutServiceUrl: pulumi.String("string"),
BackChannelSupported: pulumi.Bool(false),
SyncMode: pulumi.String("string"),
WantAssertionsEncrypted: pulumi.Bool(false),
XmlSigKeyInfoKeyNameTransformer: pulumi.String("string"),
},
AddReadTokenRoleOnCreate: pulumi.Bool(false),
Disabled: pulumi.Bool(false),
DisplayName: pulumi.String("string"),
FirstBrokerLoginFlowAlias: pulumi.String("string"),
InternalId: pulumi.String("string"),
LinkOnly: pulumi.Bool(false),
PostBrokerLoginFlowAlias: pulumi.String("string"),
ProviderId: pulumi.String("string"),
StoreToken: pulumi.Bool(false),
TrustEmail: pulumi.Bool(false),
},
DraftAlias: pulumi.String("string"),
})

var integrationIdpAadResource = new IntegrationIdpAad("integrationIdpAadResource", IntegrationIdpAadArgs.builder()
    .samlp(IntegrationIdpAadSamlpArgs.builder()
        .config(IntegrationIdpAadSamlpConfigArgs.builder()
            .singleSignOnServiceUrl("string")
            .ldapGroupAttribute("string")
            .principalType("string")
            .disableForceAuthentication(false)
            .disablePostBindingAuthnRequest(false)
            .disablePostBindingLogout(false)
            .disablePostBindingResponse(false)
            .disableUsingJwksUrl(false)
            .guiOrder("string")
            .hideOnLoginPage(false)
            .allowedClockSkew(0)
            .base64SamlMetadataDocument("string")
            .samlMetadataUrl("string")
            .nameIdPolicyFormat("string")
            .samlXmlKeyNameTranformer("string")
            .signatureType("string")
            .signingCertificate("string")
            .singleLogoutServiceUrl("string")
            .backChannelSupported(false)
            .syncMode("string")
            .wantAssertionsEncrypted(false)
            .xmlSigKeyInfoKeyNameTransformer("string")
            .build())
        .addReadTokenRoleOnCreate(false)
        .disabled(false)
        .displayName("string")
        .firstBrokerLoginFlowAlias("string")
        .internalId("string")
        .linkOnly(false)
        .postBrokerLoginFlowAlias("string")
        .providerId("string")
        .storeToken(false)
        .trustEmail(false)
        .build())
    .draftAlias("string")
    .build());

integration_idp_aad_resource = cyral.IntegrationIdpAad("integrationIdpAadResource",
    samlp={
        "config": {
            "single_sign_on_service_url": "string",
            "ldap_group_attribute": "string",
            "principal_type": "string",
            "disable_force_authentication": False,
            "disable_post_binding_authn_request": False,
            "disable_post_binding_logout": False,
            "disable_post_binding_response": False,
            "disable_using_jwks_url": False,
            "gui_order": "string",
            "hide_on_login_page": False,
            "allowed_clock_skew": 0,
            "base64_saml_metadata_document": "string",
            "saml_metadata_url": "string",
            "name_id_policy_format": "string",
            "saml_xml_key_name_tranformer": "string",
            "signature_type": "string",
            "signing_certificate": "string",
            "single_logout_service_url": "string",
            "back_channel_supported": False,
            "sync_mode": "string",
            "want_assertions_encrypted": False,
            "xml_sig_key_info_key_name_transformer": "string",
        },
        "add_read_token_role_on_create": False,
        "disabled": False,
        "display_name": "string",
        "first_broker_login_flow_alias": "string",
        "internal_id": "string",
        "link_only": False,
        "post_broker_login_flow_alias": "string",
        "provider_id": "string",
        "store_token": False,
        "trust_email": False,
    },
    draft_alias="string")

const integrationIdpAadResource = new cyral.IntegrationIdpAad("integrationIdpAadResource", {
    samlp: {
        config: {
            singleSignOnServiceUrl: "string",
            ldapGroupAttribute: "string",
            principalType: "string",
            disableForceAuthentication: false,
            disablePostBindingAuthnRequest: false,
            disablePostBindingLogout: false,
            disablePostBindingResponse: false,
            disableUsingJwksUrl: false,
            guiOrder: "string",
            hideOnLoginPage: false,
            allowedClockSkew: 0,
            base64SamlMetadataDocument: "string",
            samlMetadataUrl: "string",
            nameIdPolicyFormat: "string",
            samlXmlKeyNameTranformer: "string",
            signatureType: "string",
            signingCertificate: "string",
            singleLogoutServiceUrl: "string",
            backChannelSupported: false,
            syncMode: "string",
            wantAssertionsEncrypted: false,
            xmlSigKeyInfoKeyNameTransformer: "string",
        },
        addReadTokenRoleOnCreate: false,
        disabled: false,
        displayName: "string",
        firstBrokerLoginFlowAlias: "string",
        internalId: "string",
        linkOnly: false,
        postBrokerLoginFlowAlias: "string",
        providerId: "string",
        storeToken: false,
        trustEmail: false,
    },
    draftAlias: "string",
});

type: cyral:IntegrationIdpAad
properties:
    draftAlias: string
    samlp:
        addReadTokenRoleOnCreate: false
        config:
            allowedClockSkew: 0
            backChannelSupported: false
            base64SamlMetadataDocument: string
            disableForceAuthentication: false
            disablePostBindingAuthnRequest: false
            disablePostBindingLogout: false
            disablePostBindingResponse: false
            disableUsingJwksUrl: false
            guiOrder: string
            hideOnLoginPage: false
            ldapGroupAttribute: string
            nameIdPolicyFormat: string
            principalType: string
            samlMetadataUrl: string
            samlXmlKeyNameTranformer: string
            signatureType: string
            signingCertificate: string
            singleLogoutServiceUrl: string
            singleSignOnServiceUrl: string
            syncMode: string
            wantAssertionsEncrypted: false
            xmlSigKeyInfoKeyNameTransformer: string
        disabled: false
        displayName: string
        firstBrokerLoginFlowAlias: string
        internalId: string
        linkOnly: false
        postBrokerLoginFlowAlias: string
        providerId: string
        storeToken: false
        trustEmail: false

IntegrationIdpAad Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The IntegrationIdpAad resource accepts the following input properties:

Samlp IntegrationIdpAadSamlp: It contains the top-level configuration for an identity provider.
DraftAlias string: An alias that uniquely identifies a IdP Integration draft. If set, will delete any correspondent draft and create a new IdP Integration with the same alias. Defaults to "".

Samlp IntegrationIdpAadSamlpArgs: It contains the top-level configuration for an identity provider.
DraftAlias string: An alias that uniquely identifies a IdP Integration draft. If set, will delete any correspondent draft and create a new IdP Integration with the same alias. Defaults to "".

samlp IntegrationIdpAadSamlp: It contains the top-level configuration for an identity provider.
draftAlias String: An alias that uniquely identifies a IdP Integration draft. If set, will delete any correspondent draft and create a new IdP Integration with the same alias. Defaults to "".

samlp IntegrationIdpAadSamlp: It contains the top-level configuration for an identity provider.
draftAlias string: An alias that uniquely identifies a IdP Integration draft. If set, will delete any correspondent draft and create a new IdP Integration with the same alias. Defaults to "".

samlp IntegrationIdpAadSamlpArgs: It contains the top-level configuration for an identity provider.
draft_alias str: An alias that uniquely identifies a IdP Integration draft. If set, will delete any correspondent draft and create a new IdP Integration with the same alias. Defaults to "".

samlp Property Map: It contains the top-level configuration for an identity provider.
draftAlias String: An alias that uniquely identifies a IdP Integration draft. If set, will delete any correspondent draft and create a new IdP Integration with the same alias. Defaults to "".

Outputs

All input properties are implicitly available as output properties. Additionally, the IntegrationIdpAad resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

Look up Existing IntegrationIdpAad Resource

Get an existing IntegrationIdpAad resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

TypeScript
Python
Go
C#
Java
YAML

public static get(name: string, id: Input<ID>, state?: IntegrationIdpAadState, opts?: CustomResourceOptions): IntegrationIdpAad

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        draft_alias: Optional[str] = None,
        samlp: Optional[IntegrationIdpAadSamlpArgs] = None) -> IntegrationIdpAad

func GetIntegrationIdpAad(ctx *Context, name string, id IDInput, state *IntegrationIdpAadState, opts ...ResourceOption) (*IntegrationIdpAad, error)

public static IntegrationIdpAad Get(string name, Input<string> id, IntegrationIdpAadState? state, CustomResourceOptions? opts = null)

public static IntegrationIdpAad get(String name, Output<String> id, IntegrationIdpAadState state, CustomResourceOptions options)

resources:  _:    type: cyral:IntegrationIdpAad    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

DraftAlias string: An alias that uniquely identifies a IdP Integration draft. If set, will delete any correspondent draft and create a new IdP Integration with the same alias. Defaults to "".
Samlp IntegrationIdpAadSamlp: It contains the top-level configuration for an identity provider.

DraftAlias string: An alias that uniquely identifies a IdP Integration draft. If set, will delete any correspondent draft and create a new IdP Integration with the same alias. Defaults to "".
Samlp IntegrationIdpAadSamlpArgs: It contains the top-level configuration for an identity provider.

draftAlias String: An alias that uniquely identifies a IdP Integration draft. If set, will delete any correspondent draft and create a new IdP Integration with the same alias. Defaults to "".
samlp IntegrationIdpAadSamlp: It contains the top-level configuration for an identity provider.

draftAlias string: An alias that uniquely identifies a IdP Integration draft. If set, will delete any correspondent draft and create a new IdP Integration with the same alias. Defaults to "".
samlp IntegrationIdpAadSamlp: It contains the top-level configuration for an identity provider.

draft_alias str: An alias that uniquely identifies a IdP Integration draft. If set, will delete any correspondent draft and create a new IdP Integration with the same alias. Defaults to "".
samlp IntegrationIdpAadSamlpArgs: It contains the top-level configuration for an identity provider.

draftAlias String: An alias that uniquely identifies a IdP Integration draft. If set, will delete any correspondent draft and create a new IdP Integration with the same alias. Defaults to "".
samlp Property Map: It contains the top-level configuration for an identity provider.

Supporting Types

IntegrationIdpAadSamlp
, IntegrationIdpAadSamlpArgs

Config IntegrationIdpAadSamlpConfig: SAML configuration for this IdP Integration.
AddReadTokenRoleOnCreate bool: Adds read token role on creation. Defaults to false.
Disabled bool: Disable maps to Keycloak's enabled field. Defaults to false.
DisplayName string: Name of the IdP Integration displayed in the control plane. Defaults to Azure Active Directory
FirstBrokerLoginFlowAlias string: Alias of authentication flow, which is triggered after First Login with this identity provider. Term First Login means that no Keycloak account is currently linked to the authenticated identity provider account. Defaults to SAML_First_Broker.
InternalId string: An ID that is auto-generated internally for this IdP Integration.
LinkOnly bool: If true, users cannot log in through this identity provider. They can only link to this identity provider. This is useful if you don't want to allow login from the identity provider, but want to integrate with an identity provider. Defaults to false.
PostBrokerLoginFlowAlias string: Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you need no any additional authenticators to be triggered after login with this identity provider. Defaults to "".
ProviderId string: This is the provider ID of saml. Defaults to saml.
StoreToken bool: Enable if tokens must be stored after authenticating users. Defaults to false.
TrustEmail bool: If the identity provider supplies an email address this email address will be trusted. If the realm required email validation, users that log in from this identity provider will not have to go through the email verification process. Defaults to false.

Config IntegrationIdpAadSamlpConfig: SAML configuration for this IdP Integration.
AddReadTokenRoleOnCreate bool: Adds read token role on creation. Defaults to false.
Disabled bool: Disable maps to Keycloak's enabled field. Defaults to false.
DisplayName string: Name of the IdP Integration displayed in the control plane. Defaults to Azure Active Directory
FirstBrokerLoginFlowAlias string: Alias of authentication flow, which is triggered after First Login with this identity provider. Term First Login means that no Keycloak account is currently linked to the authenticated identity provider account. Defaults to SAML_First_Broker.
InternalId string: An ID that is auto-generated internally for this IdP Integration.
LinkOnly bool: If true, users cannot log in through this identity provider. They can only link to this identity provider. This is useful if you don't want to allow login from the identity provider, but want to integrate with an identity provider. Defaults to false.
PostBrokerLoginFlowAlias string: Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you need no any additional authenticators to be triggered after login with this identity provider. Defaults to "".
ProviderId string: This is the provider ID of saml. Defaults to saml.
StoreToken bool: Enable if tokens must be stored after authenticating users. Defaults to false.
TrustEmail bool: If the identity provider supplies an email address this email address will be trusted. If the realm required email validation, users that log in from this identity provider will not have to go through the email verification process. Defaults to false.

config IntegrationIdpAadSamlpConfig: SAML configuration for this IdP Integration.
addReadTokenRoleOnCreate Boolean: Adds read token role on creation. Defaults to false.
disabled Boolean: Disable maps to Keycloak's enabled field. Defaults to false.
displayName String: Name of the IdP Integration displayed in the control plane. Defaults to Azure Active Directory
firstBrokerLoginFlowAlias String: Alias of authentication flow, which is triggered after First Login with this identity provider. Term First Login means that no Keycloak account is currently linked to the authenticated identity provider account. Defaults to SAML_First_Broker.
internalId String: An ID that is auto-generated internally for this IdP Integration.
linkOnly Boolean: If true, users cannot log in through this identity provider. They can only link to this identity provider. This is useful if you don't want to allow login from the identity provider, but want to integrate with an identity provider. Defaults to false.
postBrokerLoginFlowAlias String: Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you need no any additional authenticators to be triggered after login with this identity provider. Defaults to "".
providerId String: This is the provider ID of saml. Defaults to saml.
storeToken Boolean: Enable if tokens must be stored after authenticating users. Defaults to false.
trustEmail Boolean: If the identity provider supplies an email address this email address will be trusted. If the realm required email validation, users that log in from this identity provider will not have to go through the email verification process. Defaults to false.

config IntegrationIdpAadSamlpConfig: SAML configuration for this IdP Integration.
addReadTokenRoleOnCreate boolean: Adds read token role on creation. Defaults to false.
disabled boolean: Disable maps to Keycloak's enabled field. Defaults to false.
displayName string: Name of the IdP Integration displayed in the control plane. Defaults to Azure Active Directory
firstBrokerLoginFlowAlias string: Alias of authentication flow, which is triggered after First Login with this identity provider. Term First Login means that no Keycloak account is currently linked to the authenticated identity provider account. Defaults to SAML_First_Broker.
internalId string: An ID that is auto-generated internally for this IdP Integration.
linkOnly boolean: If true, users cannot log in through this identity provider. They can only link to this identity provider. This is useful if you don't want to allow login from the identity provider, but want to integrate with an identity provider. Defaults to false.
postBrokerLoginFlowAlias string: Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you need no any additional authenticators to be triggered after login with this identity provider. Defaults to "".
providerId string: This is the provider ID of saml. Defaults to saml.
storeToken boolean: Enable if tokens must be stored after authenticating users. Defaults to false.
trustEmail boolean: If the identity provider supplies an email address this email address will be trusted. If the realm required email validation, users that log in from this identity provider will not have to go through the email verification process. Defaults to false.

config IntegrationIdpAadSamlpConfig: SAML configuration for this IdP Integration.
add_read_token_role_on_create bool: Adds read token role on creation. Defaults to false.
disabled bool: Disable maps to Keycloak's enabled field. Defaults to false.
display_name str: Name of the IdP Integration displayed in the control plane. Defaults to Azure Active Directory
first_broker_login_flow_alias str: Alias of authentication flow, which is triggered after First Login with this identity provider. Term First Login means that no Keycloak account is currently linked to the authenticated identity provider account. Defaults to SAML_First_Broker.
internal_id str: An ID that is auto-generated internally for this IdP Integration.
link_only bool: If true, users cannot log in through this identity provider. They can only link to this identity provider. This is useful if you don't want to allow login from the identity provider, but want to integrate with an identity provider. Defaults to false.
post_broker_login_flow_alias str: Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you need no any additional authenticators to be triggered after login with this identity provider. Defaults to "".
provider_id str: This is the provider ID of saml. Defaults to saml.
store_token bool: Enable if tokens must be stored after authenticating users. Defaults to false.
trust_email bool: If the identity provider supplies an email address this email address will be trusted. If the realm required email validation, users that log in from this identity provider will not have to go through the email verification process. Defaults to false.

config Property Map: SAML configuration for this IdP Integration.
addReadTokenRoleOnCreate Boolean: Adds read token role on creation. Defaults to false.
disabled Boolean: Disable maps to Keycloak's enabled field. Defaults to false.
displayName String: Name of the IdP Integration displayed in the control plane. Defaults to Azure Active Directory
firstBrokerLoginFlowAlias String: Alias of authentication flow, which is triggered after First Login with this identity provider. Term First Login means that no Keycloak account is currently linked to the authenticated identity provider account. Defaults to SAML_First_Broker.
internalId String: An ID that is auto-generated internally for this IdP Integration.
linkOnly Boolean: If true, users cannot log in through this identity provider. They can only link to this identity provider. This is useful if you don't want to allow login from the identity provider, but want to integrate with an identity provider. Defaults to false.
postBrokerLoginFlowAlias String: Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you need no any additional authenticators to be triggered after login with this identity provider. Defaults to "".
providerId String: This is the provider ID of saml. Defaults to saml.
storeToken Boolean: Enable if tokens must be stored after authenticating users. Defaults to false.
trustEmail Boolean: If the identity provider supplies an email address this email address will be trusted. If the realm required email validation, users that log in from this identity provider will not have to go through the email verification process. Defaults to false.

IntegrationIdpAadSamlpConfig
, IntegrationIdpAadSamlpConfigArgs

SingleSignOnServiceUrl string: URL that must be used to send authentication requests (SAML AuthnRequest).
AllowedClockSkew double: Clock skew in seconds that is tolerated when validating identity provider tokens. Defaults to 0.
BackChannelSupported bool: Defaults to false if unset.
Base64SamlMetadataDocument string: Full SAML metadata document that was used to import the SAML configuration, Base64 encoded. Defaults to "".
DisableForceAuthentication bool: Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context. Defaults to false
DisablePostBindingAuthnRequest bool: Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If true, HTTP-REDIRECT binding will be used. Defaults to false.
DisablePostBindingLogout bool: Indicates whether to respond to requests using HTTP-POST binding. If true, HTTP-REDIRECT binding will be used. Defaults to false.
DisablePostBindingResponse bool: Indicates whether to respond to requests using HTTP-POST binding. If true, HTTP-REDIRECT binding will be used. Defaults to false.
DisableUsingJwksUrl bool: By default, the jwks URL is used for all SAML connections. Defaults to false.
GuiOrder string: GUI order. Defaults to "".
HideOnLoginPage bool: Defaults to false if unset.
LdapGroupAttribute string: Type of LDAP Group RDN that identifies the name of a group within a DN. For example, if an LDAP DN sent in a SAML assertion is cn=Everyone, ou=groups, dc=openam, dc=forgerock, dc=org and the LDAP Group RDN Type is cn Cyral will interpret Everyone as the group name.
NameIdPolicyFormat string: Defaults to urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified if unset.
PrincipalType string: Defaults to SUBJECT if unset.
SamlMetadataUrl string: This is the full SAML metadata URL that was used to import the SAML configuration. Defaults to "".
SamlXmlKeyNameTranformer string: Defaults to KEY_ID if unset.
SignatureType string: Defaults to RSA_SHA256 if unset.
SigningCertificate string: Signing certificate used to validate signatures. Required if signature validation is enabled. Defaults to "".
SingleLogoutServiceUrl string: URL that must be used to send logout requests. Defaults to "".
SyncMode string: Defaults to FORCE if unset.
WantAssertionsEncrypted bool: Indicates whether the service provider expects an encrypted Assertion. Defaults to false.
XmlSigKeyInfoKeyNameTransformer string: Defaults to KEY_ID if unset.

SingleSignOnServiceUrl string: URL that must be used to send authentication requests (SAML AuthnRequest).
AllowedClockSkew float64: Clock skew in seconds that is tolerated when validating identity provider tokens. Defaults to 0.
BackChannelSupported bool: Defaults to false if unset.
Base64SamlMetadataDocument string: Full SAML metadata document that was used to import the SAML configuration, Base64 encoded. Defaults to "".
DisableForceAuthentication bool: Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context. Defaults to false
DisablePostBindingAuthnRequest bool: Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If true, HTTP-REDIRECT binding will be used. Defaults to false.
DisablePostBindingLogout bool: Indicates whether to respond to requests using HTTP-POST binding. If true, HTTP-REDIRECT binding will be used. Defaults to false.
DisablePostBindingResponse bool: Indicates whether to respond to requests using HTTP-POST binding. If true, HTTP-REDIRECT binding will be used. Defaults to false.
DisableUsingJwksUrl bool: By default, the jwks URL is used for all SAML connections. Defaults to false.
GuiOrder string: GUI order. Defaults to "".
HideOnLoginPage bool: Defaults to false if unset.
LdapGroupAttribute string: Type of LDAP Group RDN that identifies the name of a group within a DN. For example, if an LDAP DN sent in a SAML assertion is cn=Everyone, ou=groups, dc=openam, dc=forgerock, dc=org and the LDAP Group RDN Type is cn Cyral will interpret Everyone as the group name.
NameIdPolicyFormat string: Defaults to urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified if unset.
PrincipalType string: Defaults to SUBJECT if unset.
SamlMetadataUrl string: This is the full SAML metadata URL that was used to import the SAML configuration. Defaults to "".
SamlXmlKeyNameTranformer string: Defaults to KEY_ID if unset.
SignatureType string: Defaults to RSA_SHA256 if unset.
SigningCertificate string: Signing certificate used to validate signatures. Required if signature validation is enabled. Defaults to "".
SingleLogoutServiceUrl string: URL that must be used to send logout requests. Defaults to "".
SyncMode string: Defaults to FORCE if unset.
WantAssertionsEncrypted bool: Indicates whether the service provider expects an encrypted Assertion. Defaults to false.
XmlSigKeyInfoKeyNameTransformer string: Defaults to KEY_ID if unset.

singleSignOnServiceUrl String: URL that must be used to send authentication requests (SAML AuthnRequest).
allowedClockSkew Double: Clock skew in seconds that is tolerated when validating identity provider tokens. Defaults to 0.
backChannelSupported Boolean: Defaults to false if unset.
base64SamlMetadataDocument String: Full SAML metadata document that was used to import the SAML configuration, Base64 encoded. Defaults to "".
disableForceAuthentication Boolean: Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context. Defaults to false
disablePostBindingAuthnRequest Boolean: Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If true, HTTP-REDIRECT binding will be used. Defaults to false.
disablePostBindingLogout Boolean: Indicates whether to respond to requests using HTTP-POST binding. If true, HTTP-REDIRECT binding will be used. Defaults to false.
disablePostBindingResponse Boolean: Indicates whether to respond to requests using HTTP-POST binding. If true, HTTP-REDIRECT binding will be used. Defaults to false.
disableUsingJwksUrl Boolean: By default, the jwks URL is used for all SAML connections. Defaults to false.
guiOrder String: GUI order. Defaults to "".
hideOnLoginPage Boolean: Defaults to false if unset.
ldapGroupAttribute String: Type of LDAP Group RDN that identifies the name of a group within a DN. For example, if an LDAP DN sent in a SAML assertion is cn=Everyone, ou=groups, dc=openam, dc=forgerock, dc=org and the LDAP Group RDN Type is cn Cyral will interpret Everyone as the group name.
nameIdPolicyFormat String: Defaults to urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified if unset.
principalType String: Defaults to SUBJECT if unset.
samlMetadataUrl String: This is the full SAML metadata URL that was used to import the SAML configuration. Defaults to "".
samlXmlKeyNameTranformer String: Defaults to KEY_ID if unset.
signatureType String: Defaults to RSA_SHA256 if unset.
signingCertificate String: Signing certificate used to validate signatures. Required if signature validation is enabled. Defaults to "".
singleLogoutServiceUrl String: URL that must be used to send logout requests. Defaults to "".
syncMode String: Defaults to FORCE if unset.
wantAssertionsEncrypted Boolean: Indicates whether the service provider expects an encrypted Assertion. Defaults to false.
xmlSigKeyInfoKeyNameTransformer String: Defaults to KEY_ID if unset.

singleSignOnServiceUrl string: URL that must be used to send authentication requests (SAML AuthnRequest).
allowedClockSkew number: Clock skew in seconds that is tolerated when validating identity provider tokens. Defaults to 0.
backChannelSupported boolean: Defaults to false if unset.
base64SamlMetadataDocument string: Full SAML metadata document that was used to import the SAML configuration, Base64 encoded. Defaults to "".
disableForceAuthentication boolean: Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context. Defaults to false
disablePostBindingAuthnRequest boolean: Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If true, HTTP-REDIRECT binding will be used. Defaults to false.
disablePostBindingLogout boolean: Indicates whether to respond to requests using HTTP-POST binding. If true, HTTP-REDIRECT binding will be used. Defaults to false.
disablePostBindingResponse boolean: Indicates whether to respond to requests using HTTP-POST binding. If true, HTTP-REDIRECT binding will be used. Defaults to false.
disableUsingJwksUrl boolean: By default, the jwks URL is used for all SAML connections. Defaults to false.
guiOrder string: GUI order. Defaults to "".
hideOnLoginPage boolean: Defaults to false if unset.
ldapGroupAttribute string: Type of LDAP Group RDN that identifies the name of a group within a DN. For example, if an LDAP DN sent in a SAML assertion is cn=Everyone, ou=groups, dc=openam, dc=forgerock, dc=org and the LDAP Group RDN Type is cn Cyral will interpret Everyone as the group name.
nameIdPolicyFormat string: Defaults to urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified if unset.
principalType string: Defaults to SUBJECT if unset.
samlMetadataUrl string: This is the full SAML metadata URL that was used to import the SAML configuration. Defaults to "".
samlXmlKeyNameTranformer string: Defaults to KEY_ID if unset.
signatureType string: Defaults to RSA_SHA256 if unset.
signingCertificate string: Signing certificate used to validate signatures. Required if signature validation is enabled. Defaults to "".
singleLogoutServiceUrl string: URL that must be used to send logout requests. Defaults to "".
syncMode string: Defaults to FORCE if unset.
wantAssertionsEncrypted boolean: Indicates whether the service provider expects an encrypted Assertion. Defaults to false.
xmlSigKeyInfoKeyNameTransformer string: Defaults to KEY_ID if unset.

single_sign_on_service_url str: URL that must be used to send authentication requests (SAML AuthnRequest).
allowed_clock_skew float: Clock skew in seconds that is tolerated when validating identity provider tokens. Defaults to 0.
back_channel_supported bool: Defaults to false if unset.
base64_saml_metadata_document str: Full SAML metadata document that was used to import the SAML configuration, Base64 encoded. Defaults to "".
disable_force_authentication bool: Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context. Defaults to false
disable_post_binding_authn_request bool: Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If true, HTTP-REDIRECT binding will be used. Defaults to false.
disable_post_binding_logout bool: Indicates whether to respond to requests using HTTP-POST binding. If true, HTTP-REDIRECT binding will be used. Defaults to false.
disable_post_binding_response bool: Indicates whether to respond to requests using HTTP-POST binding. If true, HTTP-REDIRECT binding will be used. Defaults to false.
disable_using_jwks_url bool: By default, the jwks URL is used for all SAML connections. Defaults to false.
gui_order str: GUI order. Defaults to "".
hide_on_login_page bool: Defaults to false if unset.
ldap_group_attribute str: Type of LDAP Group RDN that identifies the name of a group within a DN. For example, if an LDAP DN sent in a SAML assertion is cn=Everyone, ou=groups, dc=openam, dc=forgerock, dc=org and the LDAP Group RDN Type is cn Cyral will interpret Everyone as the group name.
name_id_policy_format str: Defaults to urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified if unset.
principal_type str: Defaults to SUBJECT if unset.
saml_metadata_url str: This is the full SAML metadata URL that was used to import the SAML configuration. Defaults to "".
saml_xml_key_name_tranformer str: Defaults to KEY_ID if unset.
signature_type str: Defaults to RSA_SHA256 if unset.
signing_certificate str: Signing certificate used to validate signatures. Required if signature validation is enabled. Defaults to "".
single_logout_service_url str: URL that must be used to send logout requests. Defaults to "".
sync_mode str: Defaults to FORCE if unset.
want_assertions_encrypted bool: Indicates whether the service provider expects an encrypted Assertion. Defaults to false.
xml_sig_key_info_key_name_transformer str: Defaults to KEY_ID if unset.

singleSignOnServiceUrl String: URL that must be used to send authentication requests (SAML AuthnRequest).
allowedClockSkew Number: Clock skew in seconds that is tolerated when validating identity provider tokens. Defaults to 0.
backChannelSupported Boolean: Defaults to false if unset.
base64SamlMetadataDocument String: Full SAML metadata document that was used to import the SAML configuration, Base64 encoded. Defaults to "".
disableForceAuthentication Boolean: Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context. Defaults to false
disablePostBindingAuthnRequest Boolean: Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If true, HTTP-REDIRECT binding will be used. Defaults to false.
disablePostBindingLogout Boolean: Indicates whether to respond to requests using HTTP-POST binding. If true, HTTP-REDIRECT binding will be used. Defaults to false.
disablePostBindingResponse Boolean: Indicates whether to respond to requests using HTTP-POST binding. If true, HTTP-REDIRECT binding will be used. Defaults to false.
disableUsingJwksUrl Boolean: By default, the jwks URL is used for all SAML connections. Defaults to false.
guiOrder String: GUI order. Defaults to "".
hideOnLoginPage Boolean: Defaults to false if unset.
ldapGroupAttribute String: Type of LDAP Group RDN that identifies the name of a group within a DN. For example, if an LDAP DN sent in a SAML assertion is cn=Everyone, ou=groups, dc=openam, dc=forgerock, dc=org and the LDAP Group RDN Type is cn Cyral will interpret Everyone as the group name.
nameIdPolicyFormat String: Defaults to urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified if unset.
principalType String: Defaults to SUBJECT if unset.
samlMetadataUrl String: This is the full SAML metadata URL that was used to import the SAML configuration. Defaults to "".
samlXmlKeyNameTranformer String: Defaults to KEY_ID if unset.
signatureType String: Defaults to RSA_SHA256 if unset.
signingCertificate String: Signing certificate used to validate signatures. Required if signature validation is enabled. Defaults to "".
singleLogoutServiceUrl String: URL that must be used to send logout requests. Defaults to "".
syncMode String: Defaults to FORCE if unset.
wantAssertionsEncrypted Boolean: Indicates whether the service provider expects an encrypted Assertion. Defaults to false.
xmlSigKeyInfoKeyNameTransformer String: Defaults to KEY_ID if unset.

Package Details

Repository: cyral cyralinc/terraform-provider-cyral
License
Notes: This Pulumi package is based on the cyral Terraform Provider.

cyral 4.16.3 published on Monday, Apr 14, 2025 by cyralinc

cyralinc/terraform-provider-cyral

# cyral.IntegrationIdpAad (Resource)
Example Usage
Integration with Default Configuration
Integration using SAML Configuration Data Source
Create IntegrationIdpAad Resource
Constructor syntax
Constructor example
IntegrationIdpAad Resource Properties
Inputs
Outputs
Look up Existing IntegrationIdpAad Resource
Supporting Types
Package Details

Request a Change

cyral.IntegrationIdpAad

On this page

On this page

# cyral.IntegrationIdpAad (Resource)

Example Usage

Integration with Default Configuration

Integration using SAML Configuration Data Source

Create IntegrationIdpAad Resource

Constructor syntax

Parameters

Constructor example

IntegrationIdpAad Resource Properties

Inputs

Outputs

Look up Existing IntegrationIdpAad Resource

Supporting Types

IntegrationIdpAadSamlp
, IntegrationIdpAadSamlpArgs

IntegrationIdpAadSamlpConfig
, IntegrationIdpAadSamlpConfigArgs

Package Details

On this page

On this page

cyral.IntegrationIdpAad

On this page

On this page

# cyral.IntegrationIdpAad (Resource)

Example Usage

Integration with Default Configuration

Integration using SAML Configuration Data Source

Create IntegrationIdpAad Resource

Constructor syntax

Parameters

Constructor example

IntegrationIdpAad Resource Properties

Inputs

Outputs

Look up Existing IntegrationIdpAad Resource

Supporting Types

IntegrationIdpAadSamlp, IntegrationIdpAadSamlpArgs

IntegrationIdpAadSamlpConfig, IntegrationIdpAadSamlpConfigArgs

Package Details

On this page

On this page

IntegrationIdpAadSamlp
, IntegrationIdpAadSamlpArgs

IntegrationIdpAadSamlpConfig
, IntegrationIdpAadSamlpConfigArgs