oci_identity_domains_identity_provider

This resource provides the Identity Provider resource in Oracle Cloud Infrastructure Identity Domains service.

Create an Identity Provider

Example Usage

resource "oci_identity_domains_identity_provider" "test_identity_provider" {
	#Required
	enabled = false
	idcs_endpoint = data.oci_identity_domain.test_domain.url
	partner_name = var.identity_provider_partner_name
	schemas = ["urn:ietf:params:scim:schemas:oracle:idcs:IdentityProvider"]

	#Optional
	assertion_attribute = var.identity_provider_assertion_attribute
	attribute_sets = []
	attributes = ""
	authn_request_binding = var.identity_provider_authn_request_binding
	authorization = var.identity_provider_authorization
	correlation_policy {
		#Required
		type = var.identity_provider_correlation_policy_type
		value = var.identity_provider_correlation_policy_value

		#Optional
		display = var.identity_provider_correlation_policy_display
	}
	description = var.identity_provider_description
	encryption_certificate = var.identity_provider_encryption_certificate
	external_id = "externalId"
	icon_url = var.identity_provider_icon_url
	id = var.identity_provider_id
	idp_sso_url = var.identity_provider_idp_sso_url
	include_signing_cert_in_signature = var.identity_provider_include_signing_cert_in_signature
	jit_user_prov_assigned_groups {
		#Required
		value = var.identity_provider_jit_user_prov_assigned_groups_value
	}
	jit_user_prov_attribute_update_enabled = var.identity_provider_jit_user_prov_attribute_update_enabled
	jit_user_prov_attributes {
		#Required
		value = var.identity_provider_jit_user_prov_attributes_value
	}
	jit_user_prov_create_user_enabled = var.identity_provider_jit_user_prov_create_user_enabled
	jit_user_prov_enabled = var.identity_provider_jit_user_prov_enabled
	jit_user_prov_group_assertion_attribute_enabled = var.identity_provider_jit_user_prov_group_assertion_attribute_enabled
	jit_user_prov_group_assignment_method = var.identity_provider_jit_user_prov_group_assignment_method
	jit_user_prov_group_mapping_mode = var.identity_provider_jit_user_prov_group_mapping_mode
	jit_user_prov_group_mappings {
		#Required
		idp_group = var.identity_provider_jit_user_prov_group_mappings_idp_group
		value = var.identity_provider_jit_user_prov_group_mappings_value
	}
	jit_user_prov_group_saml_attribute_name = var.identity_provider_jit_user_prov_group_saml_attribute_name
	jit_user_prov_group_static_list_enabled = var.identity_provider_jit_user_prov_group_static_list_enabled
	jit_user_prov_ignore_error_on_absent_groups = var.identity_provider_jit_user_prov_ignore_error_on_absent_groups
	logout_binding = var.identity_provider_logout_binding
	logout_enabled = var.identity_provider_logout_enabled
	logout_request_url = var.identity_provider_logout_request_url
	logout_response_url = var.identity_provider_logout_response_url
	metadata = var.identity_provider_metadata
	name_id_format = var.identity_provider_name_id_format
	ocid = var.identity_provider_ocid
	partner_provider_id = var.identity_provider_partner_provider_id
	requested_authentication_context = var.identity_provider_requested_authentication_context
	require_force_authn = var.identity_provider_require_force_authn
	requires_encrypted_assertion = var.identity_provider_requires_encrypted_assertion
	resource_type_schema_version = var.identity_provider_resource_type_schema_version
	saml_ho_krequired = var.identity_provider_saml_ho_krequired
	service_instance_identifier = var.identity_provider_service_instance_identifier
	shown_on_login_page = var.identity_provider_shown_on_login_page
	signature_hash_algorithm = var.identity_provider_signature_hash_algorithm
	signing_certificate = var.identity_provider_signing_certificate
	succinct_id = "succinctId"
	tags {
		#Required
		key = var.identity_provider_tags_key
		value = var.identity_provider_tags_value
	}
	type = var.identity_provider_type
	urnietfparamsscimschemasoracleidcsextensionsocial_identity_provider {
		#Required
		account_linking_enabled = var.identity_provider_urnietfparamsscimschemasoracleidcsextensionsocial_identity_provider_account_linking_enabled
		consumer_key = var.identity_provider_urnietfparamsscimschemasoracleidcsextensionsocial_identity_provider_consumer_key
		consumer_secret = var.identity_provider_urnietfparamsscimschemasoracleidcsextensionsocial_identity_provider_consumer_secret
		registration_enabled = var.identity_provider_urnietfparamsscimschemasoracleidcsextensionsocial_identity_provider_registration_enabled
		service_provider_name = var.identity_provider_urnietfparamsscimschemasoracleidcsextensionsocial_identity_provider_service_provider_name

		#Optional
		access_token_url = var.identity_provider_urn_ietf_params_scim_schemas_oracle_idcs_extension_social_identity_provider_access_token_url
		admin_scope = var.identity_provider_urn_ietf_params_scim_schemas_oracle_idcs_extension_social_identity_provider_admin_scope
		authz_url = var.identity_provider_urn_ietf_params_scim_schemas_oracle_idcs_extension_social_identity_provider_authz_url
		auto_redirect_enabled = var.identity_provider_urn_ietf_params_scim_schemas_oracle_idcs_extension_social_identity_provider_auto_redirect_enabled
		client_credential_in_payload = var.identity_provider_urn_ietf_params_scim_schemas_oracle_idcs_extension_social_identity_provider_client_credential_in_payload
		clock_skew_in_seconds = var.identity_provider_urn_ietf_params_scim_schemas_oracle_idcs_extension_social_identity_provider_clock_skew_in_seconds
		discovery_url = var.identity_provider_urn_ietf_params_scim_schemas_oracle_idcs_extension_social_identity_provider_discovery_url
		id_attribute = var.identity_provider_urn_ietf_params_scim_schemas_oracle_idcs_extension_social_identity_provider_id_attribute
		jit_prov_assigned_groups {
			#Required
			value = var.identity_provider_urn_ietf_params_scim_schemas_oracle_idcs_extension_social_identity_provider_jit_prov_assigned_groups_value

			#Optional
			display = var.identity_provider_urn_ietf_params_scim_schemas_oracle_idcs_extension_social_identity_provider_jit_prov_assigned_groups_display
		}
		jit_prov_group_static_list_enabled = var.identity_provider_urn_ietf_params_scim_schemas_oracle_idcs_extension_social_identity_provider_jit_prov_group_static_list_enabled
		profile_url = var.identity_provider_urn_ietf_params_scim_schemas_oracle_idcs_extension_social_identity_provider_profile_url
		redirect_url = var.identity_provider_urn_ietf_params_scim_schemas_oracle_idcs_extension_social_identity_provider_redirect_url
		scope = var.identity_provider_urn_ietf_params_scim_schemas_oracle_idcs_extension_social_identity_provider_scope
		social_jit_provisioning_enabled = var.identity_provider_urn_ietf_params_scim_schemas_oracle_idcs_extension_social_identity_provider_social_jit_provisioning_enabled
		status = var.identity_provider_urn_ietf_params_scim_schemas_oracle_idcs_extension_social_identity_provider_status
	}
	urnietfparamsscimschemasoracleidcsextensionx509identity_provider {
		#Required
		cert_match_attribute = var.identity_provider_urnietfparamsscimschemasoracleidcsextensionx509identity_provider_cert_match_attribute
		signing_certificate_chain = ["signingCertificateChain"]
		user_match_attribute = var.identity_provider_urnietfparamsscimschemasoracleidcsextensionx509identity_provider_user_match_attribute

		#Optional
		crl_check_on_ocsp_failure_enabled = var.identity_provider_urnietfparamsscimschemasoracleidcsextensionx509identity_provider_crl_check_on_ocsp_failure_enabled
		crl_enabled = var.identity_provider_urnietfparamsscimschemasoracleidcsextensionx509identity_provider_crl_enabled
		crl_location = var.identity_provider_urnietfparamsscimschemasoracleidcsextensionx509identity_provider_crl_location
		crl_reload_duration = var.identity_provider_urnietfparamsscimschemasoracleidcsextensionx509identity_provider_crl_reload_duration
		eku_validation_enabled = var.identity_provider_urnietfparamsscimschemasoracleidcsextensionx509identity_provider_eku_validation_enabled
		eku_values = var.identity_provider_urnietfparamsscimschemasoracleidcsextensionx509identity_provider_eku_values
		ocsp_allow_unknown_response_status = var.identity_provider_urnietfparamsscimschemasoracleidcsextensionx509identity_provider_ocsp_allow_unknown_response_status
		ocsp_enable_signed_response = var.identity_provider_urnietfparamsscimschemasoracleidcsextensionx509identity_provider_ocsp_enable_signed_response
		ocsp_enabled = var.identity_provider_urnietfparamsscimschemasoracleidcsextensionx509identity_provider_ocsp_enabled
		ocsp_responder_url = var.identity_provider_urnietfparamsscimschemasoracleidcsextensionx509identity_provider_ocsp_responder_url
		ocsp_revalidate_time = var.identity_provider_urnietfparamsscimschemasoracleidcsextensionx509identity_provider_ocsp_revalidate_time
		ocsp_server_name = var.identity_provider_urnietfparamsscimschemasoracleidcsextensionx509identity_provider_ocsp_server_name
		ocsp_trust_cert_chain = var.identity_provider_urnietfparamsscimschemasoracleidcsextensionx509identity_provider_ocsp_trust_cert_chain
		other_cert_match_attribute = var.identity_provider_urnietfparamsscimschemasoracleidcsextensionx509identity_provider_other_cert_match_attribute
	}
	user_mapping_method = var.identity_provider_user_mapping_method
	user_mapping_store_attribute = var.identity_provider_user_mapping_store_attribute
}

Argument Reference

The following arguments are supported:

** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

Attributes Reference

The following attributes are exported:

Timeouts

The timeouts block allows you to specify timeouts for certain operations: * create - (Defaults to 20 minutes), when creating the Identity Provider * update - (Defaults to 20 minutes), when updating the Identity Provider * delete - (Defaults to 20 minutes), when destroying the Identity Provider

Import

IdentityProviders can be imported using the id, e.g.

$ terraform import oci_identity_domains_identity_provider.test_identity_provider "idcsEndpoint/{idcsEndpoint}/identityProviders/{identityProviderId}"