yandex_organizationmanager_idp_application_saml_application (Resource)

A SAML application resource.

Example usageExample usage

//
// Create a new OrganizationManager Idp SAML Application.
//
resource "yandex_organizationmanager_idp_application_saml_application" "example_saml_app" {
  name            = "example-saml-app"
  organization_id = "your_organization_id"
  description     = "Example SAML application"

  service_provider = {
    entity_id = "https://example.com/saml/metadata"

    acs_urls = [
      {
        url = "https://example.com/saml/acs"
      }
    ]

    slo_urls = [
      {
        url              = "https://example.com/saml/slo"
        protocol_binding = "HTTP_POST"
      }
    ]
  }

  attribute_mapping = {
    name_id = {
      format = "EMAIL"
    }

    attributes = [
      {
        name  = "email"
        value = "email"
      }, {
        name  = "firstName"
        value = "given_name"
      }, {
        name  = "lastName"
        value = "family_name"
      }
    ]
  }

  security_settings = {
    signature_mode = "RESPONSE_AND_ASSERTIONS"
  }

  labels = {
    environment = "production"
    app-type    = "saml"
  }
}

SchemaSchema

RequiredRequired

• name (String) Name of the SAML application.
• organization_id (String) ID of the organization that the application belongs to.

OptionalOptional

• application_id (String) ID of the SAML application to return.
• attribute_mapping (Attributes) Attribute mapping configuration for the SAML application. (see below for nested schema)
• description (String) Description of the SAML application.
• group_claims_settings (Attributes) Group claims settings for the SAML application. (see below for nested schema)
• id (String) ID of the SAML application to return.
• labels (Map of String) Resource labels as key:value pairs.
• security_settings (Attributes) Security settings for the SAML application. (see below for nested schema)
• service_provider (Attributes) Service provider configuration for the SAML application. (see below for nested schema)
• timeouts (Attributes) (see below for nested schema)

Read-OnlyRead-Only

• created_at (String) Creation timestamp.
• identity_provider_metadata (Attributes) Identity provider metadata for the SAML application. (see below for nested schema)
• status (String) Current status of the SAML application.
• updated_at (String) Modification timestamp.

Nested Schema for Nested Schema for attribute_mapping

Required:

• name_id (Attributes) NameID configuration for the SAML application. (see below for nested schema)

Optional:

• attributes (Attributes List) List of attribute mappings. (see below for nested schema)

Nested Schema for Nested Schema for attribute_mapping.name_id

Required:

• format (String) Format of the NameID.

Read-Only:

• value (String) Value of the NameID.

Nested Schema for Nested Schema for attribute_mapping.attributes

Required:

• name (String) Name of the SAML attribute.
• value (String) Value of the SAML attribute.

Nested Schema for Nested Schema for group_claims_settings

Optional:

• group_attribute_name (String) Name of the SAML attribute that contains group information.
• group_distribution_type (String) Distribution type for group claims.

Nested Schema for Nested Schema for security_settings

Optional:

• signature_certificate_id (String) ID of the signature certificate to use.
• signature_mode (String) Signature mode for SAML messages.

Nested Schema for Nested Schema for service_provider

Required:

• entity_id (String) Service provider entity ID.

Optional:

• acs_urls (Attributes List) Assertion Consumer Service URLs. (see below for nested schema)
• slo_urls (Attributes List) Single Logout Service URLs. (see below for nested schema)

Nested Schema for Nested Schema for service_provider.acs_urls

Required:

• url (String) The URL where SAML responses are sent.

Optional:

• index (Number) Optional index for the assertion consumer service.

Nested Schema for Nested Schema for service_provider.slo_urls

Required:

• protocol_binding (String) Protocol binding supported by the logout endpoint.
• url (String) The URL where logout requests are sent.

Optional:

• response_url (String) Optional separate URL for logout responses.

Nested Schema for Nested Schema for timeouts

Optional:

• create (String) A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
• delete (String) A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
• read (String) A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Read operations occur during any refresh or planning operation when refresh is enabled.
• update (String) A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).

Nested Schema for Nested Schema for identity_provider_metadata

Read-Only:

• issuer (String) Identity provider issuer identifier.
• metadata_url (String) Identity provider metadata URL.
• slo_url (String) Identity provider Single Logout URL.
• sso_url (String) Identity provider Single Sign-On URL.