junipermist.org.Sso
Explore with Pulumi AI
This resource manages Org SSO Configuration.
Org SSO, or Single Sign-On, is a method of authentication that allows users to securely log in to multiple applications and websites with a single set of login credentials.
It involves integrating the Org portal with an Identity Provider (IdP) using the Security Assertion Markup Language (SAML) framework.
This enables users to authenticate themselves through their corporate IdP, eliminating the need to remember separate passwords or enter credentials each time they access the Org portal.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as junipermist from "@pulumi/juniper-mist";
const ssoAdminOne = new junipermist.org.Sso("sso_admin_one", {
    orgId: terraformTest.id,
    name: "sso_admin_one",
    customLogoutUrl: "https://idp.com/logout",
    idpCert: "-----BEGIN CERTIFICATE-----MIIF0jC .../fSCGx7-----END CERTIFICATE-----",
    idpSignAlgo: "sha512",
    idpSsoUrl: "https://idp.com/login",
    issuer: "my_idp_issuer",
    nameidFormat: "email",
});
import pulumi
import pulumi_juniper_mist as junipermist
sso_admin_one = junipermist.org.Sso("sso_admin_one",
    org_id=terraform_test["id"],
    name="sso_admin_one",
    custom_logout_url="https://idp.com/logout",
    idp_cert="-----BEGIN CERTIFICATE-----MIIF0jC .../fSCGx7-----END CERTIFICATE-----",
    idp_sign_algo="sha512",
    idp_sso_url="https://idp.com/login",
    issuer="my_idp_issuer",
    nameid_format="email")
package main
import (
	"github.com/pulumi/pulumi-junipermist/sdk/go/junipermist/org"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := org.NewSso(ctx, "sso_admin_one", &org.SsoArgs{
			OrgId:           pulumi.Any(terraformTest.Id),
			Name:            pulumi.String("sso_admin_one"),
			CustomLogoutUrl: pulumi.String("https://idp.com/logout"),
			IdpCert:         pulumi.String("-----BEGIN CERTIFICATE-----MIIF0jC .../fSCGx7-----END CERTIFICATE-----"),
			IdpSignAlgo:     pulumi.String("sha512"),
			IdpSsoUrl:       pulumi.String("https://idp.com/login"),
			Issuer:          pulumi.String("my_idp_issuer"),
			NameidFormat:    pulumi.String("email"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using JuniperMist = Pulumi.JuniperMist;
return await Deployment.RunAsync(() => 
{
    var ssoAdminOne = new JuniperMist.Org.Sso("sso_admin_one", new()
    {
        OrgId = terraformTest.Id,
        Name = "sso_admin_one",
        CustomLogoutUrl = "https://idp.com/logout",
        IdpCert = "-----BEGIN CERTIFICATE-----MIIF0jC .../fSCGx7-----END CERTIFICATE-----",
        IdpSignAlgo = "sha512",
        IdpSsoUrl = "https://idp.com/login",
        Issuer = "my_idp_issuer",
        NameidFormat = "email",
    });
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.junipermist.org.Sso;
import com.pulumi.junipermist.org.SsoArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var ssoAdminOne = new Sso("ssoAdminOne", SsoArgs.builder()
            .orgId(terraformTest.id())
            .name("sso_admin_one")
            .customLogoutUrl("https://idp.com/logout")
            .idpCert("-----BEGIN CERTIFICATE-----MIIF0jC .../fSCGx7-----END CERTIFICATE-----")
            .idpSignAlgo("sha512")
            .idpSsoUrl("https://idp.com/login")
            .issuer("my_idp_issuer")
            .nameidFormat("email")
            .build());
    }
}
resources:
  ssoAdminOne:
    type: junipermist:org:Sso
    name: sso_admin_one
    properties:
      orgId: ${terraformTest.id}
      name: sso_admin_one
      customLogoutUrl: https://idp.com/logout
      idpCert: '-----BEGIN CERTIFICATE-----MIIF0jC .../fSCGx7-----END CERTIFICATE-----'
      idpSignAlgo: sha512
      idpSsoUrl: https://idp.com/login
      issuer: my_idp_issuer
      nameidFormat: email
Create Sso Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Sso(name: string, args: SsoArgs, opts?: CustomResourceOptions);@overload
def Sso(resource_name: str,
        args: SsoArgs,
        opts: Optional[ResourceOptions] = None)
@overload
def Sso(resource_name: str,
        opts: Optional[ResourceOptions] = None,
        idp_cert: Optional[str] = None,
        idp_sign_algo: Optional[str] = None,
        idp_sso_url: Optional[str] = None,
        issuer: Optional[str] = None,
        org_id: Optional[str] = None,
        custom_logout_url: Optional[str] = None,
        default_role: Optional[str] = None,
        ignore_unmatched_roles: Optional[bool] = None,
        name: Optional[str] = None,
        nameid_format: Optional[str] = None,
        role_attr_extraction: Optional[str] = None,
        role_attr_from: Optional[str] = None)func NewSso(ctx *Context, name string, args SsoArgs, opts ...ResourceOption) (*Sso, error)public Sso(string name, SsoArgs args, CustomResourceOptions? opts = null)type: junipermist:org:Sso
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args SsoArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args SsoArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args SsoArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args SsoArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args SsoArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var ssoResource = new JuniperMist.Org.Sso("ssoResource", new()
{
    IdpCert = "string",
    IdpSignAlgo = "string",
    IdpSsoUrl = "string",
    Issuer = "string",
    OrgId = "string",
    CustomLogoutUrl = "string",
    DefaultRole = "string",
    IgnoreUnmatchedRoles = false,
    Name = "string",
    NameidFormat = "string",
    RoleAttrExtraction = "string",
    RoleAttrFrom = "string",
});
example, err := org.NewSso(ctx, "ssoResource", &org.SsoArgs{
	IdpCert:              pulumi.String("string"),
	IdpSignAlgo:          pulumi.String("string"),
	IdpSsoUrl:            pulumi.String("string"),
	Issuer:               pulumi.String("string"),
	OrgId:                pulumi.String("string"),
	CustomLogoutUrl:      pulumi.String("string"),
	DefaultRole:          pulumi.String("string"),
	IgnoreUnmatchedRoles: pulumi.Bool(false),
	Name:                 pulumi.String("string"),
	NameidFormat:         pulumi.String("string"),
	RoleAttrExtraction:   pulumi.String("string"),
	RoleAttrFrom:         pulumi.String("string"),
})
var ssoResource = new Sso("ssoResource", SsoArgs.builder()
    .idpCert("string")
    .idpSignAlgo("string")
    .idpSsoUrl("string")
    .issuer("string")
    .orgId("string")
    .customLogoutUrl("string")
    .defaultRole("string")
    .ignoreUnmatchedRoles(false)
    .name("string")
    .nameidFormat("string")
    .roleAttrExtraction("string")
    .roleAttrFrom("string")
    .build());
sso_resource = junipermist.org.Sso("ssoResource",
    idp_cert="string",
    idp_sign_algo="string",
    idp_sso_url="string",
    issuer="string",
    org_id="string",
    custom_logout_url="string",
    default_role="string",
    ignore_unmatched_roles=False,
    name="string",
    nameid_format="string",
    role_attr_extraction="string",
    role_attr_from="string")
const ssoResource = new junipermist.org.Sso("ssoResource", {
    idpCert: "string",
    idpSignAlgo: "string",
    idpSsoUrl: "string",
    issuer: "string",
    orgId: "string",
    customLogoutUrl: "string",
    defaultRole: "string",
    ignoreUnmatchedRoles: false,
    name: "string",
    nameidFormat: "string",
    roleAttrExtraction: "string",
    roleAttrFrom: "string",
});
type: junipermist:org:Sso
properties:
    customLogoutUrl: string
    defaultRole: string
    idpCert: string
    idpSignAlgo: string
    idpSsoUrl: string
    ignoreUnmatchedRoles: false
    issuer: string
    name: string
    nameidFormat: string
    orgId: string
    roleAttrExtraction: string
    roleAttrFrom: string
Sso Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Sso resource accepts the following input properties:
- IdpCert string
- IDP Cert (used to verify the signed response)
- IdpSign stringAlgo 
- Signing algorithm for SAML Assertion. enum sha1,sha256,sha384,sha512
- IdpSso stringUrl 
- IDP Single-Sign-On URL
- Issuer string
- IDP issuer URL
- OrgId string
- CustomLogout stringUrl 
- a URL we will redirect the user after user logout from Mist (for some IdP which supports a custom logout URL that is different from SP-initiated SLO process)
- DefaultRole string
- default role to assign if there’s no match. By default, an assertion is treated as invalid when there’s no role matched
- IgnoreUnmatched boolRoles 
- ignore any unmatched roles provided in assertion. By default, an assertion is treated as invalid for any unmatched role
- Name string
- Name
- NameidFormat string
- enum: email,unspecified
- RoleAttr stringExtraction 
- custom role attribute parsing scheme. Supported Role Parsing Schemes
- RoleAttr stringFrom 
- name of the attribute in SAML Assertion to extract role from. Default: Role
- IdpCert string
- IDP Cert (used to verify the signed response)
- IdpSign stringAlgo 
- Signing algorithm for SAML Assertion. enum sha1,sha256,sha384,sha512
- IdpSso stringUrl 
- IDP Single-Sign-On URL
- Issuer string
- IDP issuer URL
- OrgId string
- CustomLogout stringUrl 
- a URL we will redirect the user after user logout from Mist (for some IdP which supports a custom logout URL that is different from SP-initiated SLO process)
- DefaultRole string
- default role to assign if there’s no match. By default, an assertion is treated as invalid when there’s no role matched
- IgnoreUnmatched boolRoles 
- ignore any unmatched roles provided in assertion. By default, an assertion is treated as invalid for any unmatched role
- Name string
- Name
- NameidFormat string
- enum: email,unspecified
- RoleAttr stringExtraction 
- custom role attribute parsing scheme. Supported Role Parsing Schemes
- RoleAttr stringFrom 
- name of the attribute in SAML Assertion to extract role from. Default: Role
- idpCert String
- IDP Cert (used to verify the signed response)
- idpSign StringAlgo 
- Signing algorithm for SAML Assertion. enum sha1,sha256,sha384,sha512
- idpSso StringUrl 
- IDP Single-Sign-On URL
- issuer String
- IDP issuer URL
- orgId String
- customLogout StringUrl 
- a URL we will redirect the user after user logout from Mist (for some IdP which supports a custom logout URL that is different from SP-initiated SLO process)
- defaultRole String
- default role to assign if there’s no match. By default, an assertion is treated as invalid when there’s no role matched
- ignoreUnmatched BooleanRoles 
- ignore any unmatched roles provided in assertion. By default, an assertion is treated as invalid for any unmatched role
- name String
- Name
- nameidFormat String
- enum: email,unspecified
- roleAttr StringExtraction 
- custom role attribute parsing scheme. Supported Role Parsing Schemes
- roleAttr StringFrom 
- name of the attribute in SAML Assertion to extract role from. Default: Role
- idpCert string
- IDP Cert (used to verify the signed response)
- idpSign stringAlgo 
- Signing algorithm for SAML Assertion. enum sha1,sha256,sha384,sha512
- idpSso stringUrl 
- IDP Single-Sign-On URL
- issuer string
- IDP issuer URL
- orgId string
- customLogout stringUrl 
- a URL we will redirect the user after user logout from Mist (for some IdP which supports a custom logout URL that is different from SP-initiated SLO process)
- defaultRole string
- default role to assign if there’s no match. By default, an assertion is treated as invalid when there’s no role matched
- ignoreUnmatched booleanRoles 
- ignore any unmatched roles provided in assertion. By default, an assertion is treated as invalid for any unmatched role
- name string
- Name
- nameidFormat string
- enum: email,unspecified
- roleAttr stringExtraction 
- custom role attribute parsing scheme. Supported Role Parsing Schemes
- roleAttr stringFrom 
- name of the attribute in SAML Assertion to extract role from. Default: Role
- idp_cert str
- IDP Cert (used to verify the signed response)
- idp_sign_ stralgo 
- Signing algorithm for SAML Assertion. enum sha1,sha256,sha384,sha512
- idp_sso_ strurl 
- IDP Single-Sign-On URL
- issuer str
- IDP issuer URL
- org_id str
- custom_logout_ strurl 
- a URL we will redirect the user after user logout from Mist (for some IdP which supports a custom logout URL that is different from SP-initiated SLO process)
- default_role str
- default role to assign if there’s no match. By default, an assertion is treated as invalid when there’s no role matched
- ignore_unmatched_ boolroles 
- ignore any unmatched roles provided in assertion. By default, an assertion is treated as invalid for any unmatched role
- name str
- Name
- nameid_format str
- enum: email,unspecified
- role_attr_ strextraction 
- custom role attribute parsing scheme. Supported Role Parsing Schemes
- role_attr_ strfrom 
- name of the attribute in SAML Assertion to extract role from. Default: Role
- idpCert String
- IDP Cert (used to verify the signed response)
- idpSign StringAlgo 
- Signing algorithm for SAML Assertion. enum sha1,sha256,sha384,sha512
- idpSso StringUrl 
- IDP Single-Sign-On URL
- issuer String
- IDP issuer URL
- orgId String
- customLogout StringUrl 
- a URL we will redirect the user after user logout from Mist (for some IdP which supports a custom logout URL that is different from SP-initiated SLO process)
- defaultRole String
- default role to assign if there’s no match. By default, an assertion is treated as invalid when there’s no role matched
- ignoreUnmatched BooleanRoles 
- ignore any unmatched roles provided in assertion. By default, an assertion is treated as invalid for any unmatched role
- name String
- Name
- nameidFormat String
- enum: email,unspecified
- roleAttr StringExtraction 
- custom role attribute parsing scheme. Supported Role Parsing Schemes
- roleAttr StringFrom 
- name of the attribute in SAML Assertion to extract role from. Default: Role
Outputs
All input properties are implicitly available as output properties. Additionally, the Sso resource produces the following output properties:
- Domain string
- Random string generated during the SSO creation and used to generate the SAML URLs: * ACS URL =
/api/v1/saml/{domain}/login(e.g.https://api.mist.com/api/v1/saml/s4t5vwv8/login) * Single Logout URL =/api/v1/saml/{domain}/logout(e.g.https://api.mist.com/api/v1/saml/s4t5vwv8/logout)
- Id string
- The provider-assigned unique ID for this managed resource.
- Domain string
- Random string generated during the SSO creation and used to generate the SAML URLs: * ACS URL =
/api/v1/saml/{domain}/login(e.g.https://api.mist.com/api/v1/saml/s4t5vwv8/login) * Single Logout URL =/api/v1/saml/{domain}/logout(e.g.https://api.mist.com/api/v1/saml/s4t5vwv8/logout)
- Id string
- The provider-assigned unique ID for this managed resource.
- domain String
- Random string generated during the SSO creation and used to generate the SAML URLs: * ACS URL =
/api/v1/saml/{domain}/login(e.g.https://api.mist.com/api/v1/saml/s4t5vwv8/login) * Single Logout URL =/api/v1/saml/{domain}/logout(e.g.https://api.mist.com/api/v1/saml/s4t5vwv8/logout)
- id String
- The provider-assigned unique ID for this managed resource.
- domain string
- Random string generated during the SSO creation and used to generate the SAML URLs: * ACS URL =
/api/v1/saml/{domain}/login(e.g.https://api.mist.com/api/v1/saml/s4t5vwv8/login) * Single Logout URL =/api/v1/saml/{domain}/logout(e.g.https://api.mist.com/api/v1/saml/s4t5vwv8/logout)
- id string
- The provider-assigned unique ID for this managed resource.
- domain str
- Random string generated during the SSO creation and used to generate the SAML URLs: * ACS URL =
/api/v1/saml/{domain}/login(e.g.https://api.mist.com/api/v1/saml/s4t5vwv8/login) * Single Logout URL =/api/v1/saml/{domain}/logout(e.g.https://api.mist.com/api/v1/saml/s4t5vwv8/logout)
- id str
- The provider-assigned unique ID for this managed resource.
- domain String
- Random string generated during the SSO creation and used to generate the SAML URLs: * ACS URL =
/api/v1/saml/{domain}/login(e.g.https://api.mist.com/api/v1/saml/s4t5vwv8/login) * Single Logout URL =/api/v1/saml/{domain}/logout(e.g.https://api.mist.com/api/v1/saml/s4t5vwv8/logout)
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing Sso Resource
Get an existing Sso resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: SsoState, opts?: CustomResourceOptions): Sso@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        custom_logout_url: Optional[str] = None,
        default_role: Optional[str] = None,
        domain: Optional[str] = None,
        idp_cert: Optional[str] = None,
        idp_sign_algo: Optional[str] = None,
        idp_sso_url: Optional[str] = None,
        ignore_unmatched_roles: Optional[bool] = None,
        issuer: Optional[str] = None,
        name: Optional[str] = None,
        nameid_format: Optional[str] = None,
        org_id: Optional[str] = None,
        role_attr_extraction: Optional[str] = None,
        role_attr_from: Optional[str] = None) -> Ssofunc GetSso(ctx *Context, name string, id IDInput, state *SsoState, opts ...ResourceOption) (*Sso, error)public static Sso Get(string name, Input<string> id, SsoState? state, CustomResourceOptions? opts = null)public static Sso get(String name, Output<String> id, SsoState state, CustomResourceOptions options)resources:  _:    type: junipermist:org:Sso    get:      id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- CustomLogout stringUrl 
- a URL we will redirect the user after user logout from Mist (for some IdP which supports a custom logout URL that is different from SP-initiated SLO process)
- DefaultRole string
- default role to assign if there’s no match. By default, an assertion is treated as invalid when there’s no role matched
- Domain string
- Random string generated during the SSO creation and used to generate the SAML URLs: * ACS URL =
/api/v1/saml/{domain}/login(e.g.https://api.mist.com/api/v1/saml/s4t5vwv8/login) * Single Logout URL =/api/v1/saml/{domain}/logout(e.g.https://api.mist.com/api/v1/saml/s4t5vwv8/logout)
- IdpCert string
- IDP Cert (used to verify the signed response)
- IdpSign stringAlgo 
- Signing algorithm for SAML Assertion. enum sha1,sha256,sha384,sha512
- IdpSso stringUrl 
- IDP Single-Sign-On URL
- IgnoreUnmatched boolRoles 
- ignore any unmatched roles provided in assertion. By default, an assertion is treated as invalid for any unmatched role
- Issuer string
- IDP issuer URL
- Name string
- Name
- NameidFormat string
- enum: email,unspecified
- OrgId string
- RoleAttr stringExtraction 
- custom role attribute parsing scheme. Supported Role Parsing Schemes
- RoleAttr stringFrom 
- name of the attribute in SAML Assertion to extract role from. Default: Role
- CustomLogout stringUrl 
- a URL we will redirect the user after user logout from Mist (for some IdP which supports a custom logout URL that is different from SP-initiated SLO process)
- DefaultRole string
- default role to assign if there’s no match. By default, an assertion is treated as invalid when there’s no role matched
- Domain string
- Random string generated during the SSO creation and used to generate the SAML URLs: * ACS URL =
/api/v1/saml/{domain}/login(e.g.https://api.mist.com/api/v1/saml/s4t5vwv8/login) * Single Logout URL =/api/v1/saml/{domain}/logout(e.g.https://api.mist.com/api/v1/saml/s4t5vwv8/logout)
- IdpCert string
- IDP Cert (used to verify the signed response)
- IdpSign stringAlgo 
- Signing algorithm for SAML Assertion. enum sha1,sha256,sha384,sha512
- IdpSso stringUrl 
- IDP Single-Sign-On URL
- IgnoreUnmatched boolRoles 
- ignore any unmatched roles provided in assertion. By default, an assertion is treated as invalid for any unmatched role
- Issuer string
- IDP issuer URL
- Name string
- Name
- NameidFormat string
- enum: email,unspecified
- OrgId string
- RoleAttr stringExtraction 
- custom role attribute parsing scheme. Supported Role Parsing Schemes
- RoleAttr stringFrom 
- name of the attribute in SAML Assertion to extract role from. Default: Role
- customLogout StringUrl 
- a URL we will redirect the user after user logout from Mist (for some IdP which supports a custom logout URL that is different from SP-initiated SLO process)
- defaultRole String
- default role to assign if there’s no match. By default, an assertion is treated as invalid when there’s no role matched
- domain String
- Random string generated during the SSO creation and used to generate the SAML URLs: * ACS URL =
/api/v1/saml/{domain}/login(e.g.https://api.mist.com/api/v1/saml/s4t5vwv8/login) * Single Logout URL =/api/v1/saml/{domain}/logout(e.g.https://api.mist.com/api/v1/saml/s4t5vwv8/logout)
- idpCert String
- IDP Cert (used to verify the signed response)
- idpSign StringAlgo 
- Signing algorithm for SAML Assertion. enum sha1,sha256,sha384,sha512
- idpSso StringUrl 
- IDP Single-Sign-On URL
- ignoreUnmatched BooleanRoles 
- ignore any unmatched roles provided in assertion. By default, an assertion is treated as invalid for any unmatched role
- issuer String
- IDP issuer URL
- name String
- Name
- nameidFormat String
- enum: email,unspecified
- orgId String
- roleAttr StringExtraction 
- custom role attribute parsing scheme. Supported Role Parsing Schemes
- roleAttr StringFrom 
- name of the attribute in SAML Assertion to extract role from. Default: Role
- customLogout stringUrl 
- a URL we will redirect the user after user logout from Mist (for some IdP which supports a custom logout URL that is different from SP-initiated SLO process)
- defaultRole string
- default role to assign if there’s no match. By default, an assertion is treated as invalid when there’s no role matched
- domain string
- Random string generated during the SSO creation and used to generate the SAML URLs: * ACS URL =
/api/v1/saml/{domain}/login(e.g.https://api.mist.com/api/v1/saml/s4t5vwv8/login) * Single Logout URL =/api/v1/saml/{domain}/logout(e.g.https://api.mist.com/api/v1/saml/s4t5vwv8/logout)
- idpCert string
- IDP Cert (used to verify the signed response)
- idpSign stringAlgo 
- Signing algorithm for SAML Assertion. enum sha1,sha256,sha384,sha512
- idpSso stringUrl 
- IDP Single-Sign-On URL
- ignoreUnmatched booleanRoles 
- ignore any unmatched roles provided in assertion. By default, an assertion is treated as invalid for any unmatched role
- issuer string
- IDP issuer URL
- name string
- Name
- nameidFormat string
- enum: email,unspecified
- orgId string
- roleAttr stringExtraction 
- custom role attribute parsing scheme. Supported Role Parsing Schemes
- roleAttr stringFrom 
- name of the attribute in SAML Assertion to extract role from. Default: Role
- custom_logout_ strurl 
- a URL we will redirect the user after user logout from Mist (for some IdP which supports a custom logout URL that is different from SP-initiated SLO process)
- default_role str
- default role to assign if there’s no match. By default, an assertion is treated as invalid when there’s no role matched
- domain str
- Random string generated during the SSO creation and used to generate the SAML URLs: * ACS URL =
/api/v1/saml/{domain}/login(e.g.https://api.mist.com/api/v1/saml/s4t5vwv8/login) * Single Logout URL =/api/v1/saml/{domain}/logout(e.g.https://api.mist.com/api/v1/saml/s4t5vwv8/logout)
- idp_cert str
- IDP Cert (used to verify the signed response)
- idp_sign_ stralgo 
- Signing algorithm for SAML Assertion. enum sha1,sha256,sha384,sha512
- idp_sso_ strurl 
- IDP Single-Sign-On URL
- ignore_unmatched_ boolroles 
- ignore any unmatched roles provided in assertion. By default, an assertion is treated as invalid for any unmatched role
- issuer str
- IDP issuer URL
- name str
- Name
- nameid_format str
- enum: email,unspecified
- org_id str
- role_attr_ strextraction 
- custom role attribute parsing scheme. Supported Role Parsing Schemes
- role_attr_ strfrom 
- name of the attribute in SAML Assertion to extract role from. Default: Role
- customLogout StringUrl 
- a URL we will redirect the user after user logout from Mist (for some IdP which supports a custom logout URL that is different from SP-initiated SLO process)
- defaultRole String
- default role to assign if there’s no match. By default, an assertion is treated as invalid when there’s no role matched
- domain String
- Random string generated during the SSO creation and used to generate the SAML URLs: * ACS URL =
/api/v1/saml/{domain}/login(e.g.https://api.mist.com/api/v1/saml/s4t5vwv8/login) * Single Logout URL =/api/v1/saml/{domain}/logout(e.g.https://api.mist.com/api/v1/saml/s4t5vwv8/logout)
- idpCert String
- IDP Cert (used to verify the signed response)
- idpSign StringAlgo 
- Signing algorithm for SAML Assertion. enum sha1,sha256,sha384,sha512
- idpSso StringUrl 
- IDP Single-Sign-On URL
- ignoreUnmatched BooleanRoles 
- ignore any unmatched roles provided in assertion. By default, an assertion is treated as invalid for any unmatched role
- issuer String
- IDP issuer URL
- name String
- Name
- nameidFormat String
- enum: email,unspecified
- orgId String
- roleAttr StringExtraction 
- custom role attribute parsing scheme. Supported Role Parsing Schemes
- roleAttr StringFrom 
- name of the attribute in SAML Assertion to extract role from. Default: Role
Import
Using pulumi import, import mist_org_sso with:
Org PSK can be imported by specifying the org_id and the sso_id
$ pulumi import junipermist:org/sso:Sso sso_admin_one 17b46405-3a6d-4715-8bb4-6bb6d06f316a.d3c42998-9012-4859-9743-6b9bee475309
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- junipermist pulumi/pulumi-junipermist
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the mistTerraform Provider.
