Contact UsTry it for free
© 2025 Direct Cursus Technology L.L.C.

yandex_organizationmanager_idp_userpool (Resource)

Written by
Updated at December 4, 2025

A userpool is a container for users in the Identity Provider system.

Example usage

//
// Create a new OrganizationManager Idp Userpool.
//
resource "yandex_organizationmanager_idp_userpool" "example_userpool" {
  name              = "example-userpool"
  organization_id   = "your_organization_id"
  default_subdomain = "example-subdomain"
  description       = "Description example"

  labels = {
    example-label = "example-label-value"
  }

  user_settings = {
    allow_edit_self_login = true
  }

  password_quality_policy = {
    allow_similar   = true
    max_length      = 128
    match_length    = 4
    fixed = {
      lowers_required = true
      uppers_required = true
      digits_required = true
      min_length      = 8
    }
  }
}

Schema

Required

  • default_subdomain (String) Default subdomain for the userpool.
  • name (String) Name of the userpool.
  • organization_id (String) ID of the organization this userpool belongs to.

Optional

  • bruteforce_protection_policy (Attributes) Bruteforce protection policy for this userpool. (see below for nested schema)
  • description (String) Description of the userpool.
  • id (String) ID of the userpool to return.
    To get the userpool ID, make a [UserpoolService.List] request.
  • labels (Map of String) Resource labels as key:value pairs.
  • password_lifetime_policy (Attributes) Password lifetime policy for this userpool. (see below for nested schema)
  • password_quality_policy (Attributes) Password quality policy for this userpool. (see below for nested schema)
  • timeouts (Attributes) (see below for nested schema)
  • user_settings (Attributes) User settings for this userpool. (see below for nested schema)
  • userpool_id (String) ID of the userpool to return.
    To get the userpool ID, make a [UserpoolService.List] request.

Read-Only

  • created_at (String) Timestamp when the userpool was created.
  • domains (List of String) List of domains associated with this userpool.
  • status (String) Current status of the userpool.
  • updated_at (String) Timestamp when the userpool was last updated.

Nested Schema for bruteforce_protection_policy

Optional:

  • attempts (Number) Number of failed attempts allowed within the window before blocking.
  • block (String) Duration of the block after too many failed attempts.
  • window (String) Time window for counting failed authentication attempts.

Nested Schema for password_lifetime_policy

Optional:

  • max_days_count (Number) Maximum number of days a password remains valid.
    Zero means passwords never expire.
  • min_days_count (Number) Minimum number of days before a password can be changed.

Nested Schema for password_quality_policy

Optional:

  • allow_similar (Boolean) Whether passwords similar to previous ones are allowed.
  • fixed (Attributes) Fixed complexity requirements. Exactly one of complexity requirements must be specified. (see below for nested schema)
  • match_length (Number) Minimum length of substrings to check for similarity to vulnerable sequences.
  • max_length (Number) Maximum password length. Zero means no maximum length is enforced.
  • smart (Attributes) Smart complexity requirements. Exactly one of complexity requirements must be specified. (see below for nested schema)

Nested Schema for password_quality_policy.fixed

Optional:

  • digits_required (Boolean) Whether digits are required in the password.
  • lowers_required (Boolean) Whether lowercase letters are required in the password.
  • min_length (Number) Minimum length required for all passwords.
  • specials_required (Boolean) Whether special characters are required in the password.
  • uppers_required (Boolean) Whether uppercase letters are required in the password.

Nested Schema for password_quality_policy.smart

Optional:

  • four_classes (Number) For passwords with all four classes of characters
  • one_class (Number) For passwords with one class of characters
  • three_classes (Number) For passwords with three classes of characters
  • two_classes (Number) For passwords with two classes of characters

Nested Schema for timeouts

Optional:

  • create (String) A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
  • delete (String) A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
  • read (String) A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Read operations occur during any refresh or planning operation when refresh is enabled.
  • update (String) A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).

Nested Schema for user_settings

Optional:

  • allow_edit_self_contacts (Boolean) Whether users can edit their own contact information.
  • allow_edit_self_info (Boolean) Whether users can edit their own profile information.
  • allow_edit_self_login (Boolean) Whether users can edit their own login information.
  • allow_edit_self_password (Boolean) Whether users can change their own passwords.
Previous
organizationmanager_idp_user
Next
organizationmanager_organization_iam_binding