Docs Home
Juniper Mist v0.3.1 published on Monday, Apr 14, 2025 by Pulumi
junipermist.org.Nacidp
Explore with Pulumi AI
This resource manages NAC IDPs (Identity Providers).
The NAC IDPs are used to validate NAC client accounts against an IDP with OAuth2.0, LDAP/LDAPS, or a local Mist Edge.
Mist Access Assurance can also retrieve group membership from the IDP, and use this information in the NAC Rules (junipermist.org.Nacrule resource)
IMPORTANT:
- Once created, the NAC IDP must be registered in the
junipermist.org.Settingresource (full path:mist_org_setting.mist_nac.idps). - The associated REALMS are configured under
mist_org_setting.mist_nac.idps - To make the IDP the Default IDP, set the IDP ID under
mist_org_setting.mist_nac.default_idp_id
For SAML IDP, the NAC IDP Metadata can be retrieved with the junipermist.org.getNacidpMetadata data source.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as junipermist from "@pulumi/juniper-mist";
// OAuth with Azure Example
const idpAzure = new junipermist.org.Nacidp("idp_azure", {
orgId: terraformTest.id,
name: "idp_azure",
idpType: "oauth",
oauthCcClientId: "client_id",
oauthCcClientSecret: "-----BEGIN CERTIFICATE-----MIIF0jC .../fSCGx7-----END CERTIFICATE-----",
oauthRopcClientId: "ropc_client_id",
oauthRopcClientSecret: "ropc_client_secret",
oauthTenantId: "tenant_id",
oauthType: "azure",
});
// Custom LDAP Example
const idpLdap = new junipermist.org.Nacidp("idp_ldap", {
orgId: terraformTest.id,
name: "idp_ldap",
idpType: "ldap",
ldapType: "custom",
groupFilter: "memberOf",
memberFilter: "memberOf",
ldapUserFilter: "(mail=%s)",
ldapServerHosts: [
"ldap.mycorp.com",
"1.2.3.4",
],
ldapBaseDn: "DC=abc,DC=com",
ldapBindDn: "CN=admin,CN=users,DC=abc,DC=com",
ldapBindPassword: "secret!password",
ldapCacerts: [
`-----BEGIN CERTIFICATE-----
MIIFZjCCA06gAwIBAgIIP61/1qm/uDowDQYJKoZIhvcNAQELBQE
-----END CERTIFICATE-----`,
`-----BEGIN CERTIFICATE-----
BhMCRVMxFDASBgNVBAoMC1N0YXJ0Q29tIENBMSwwKgYDVn-----END CERTIFICATE-----`,
],
ldapClientCert: `-----BEGIN CERTIFICATE-----
MIIFZjCCA06gAwIBAgIIP61/1qm/uDowDQYJKoZIhvcNAQELBQE
-----END CERTIFICATE-----`,
ldapClientKey: "-----BEGIN PRI...",
});
import pulumi
import pulumi_juniper_mist as junipermist
# OAuth with Azure Example
idp_azure = junipermist.org.Nacidp("idp_azure",
org_id=terraform_test["id"],
name="idp_azure",
idp_type="oauth",
oauth_cc_client_id="client_id",
oauth_cc_client_secret="-----BEGIN CERTIFICATE-----MIIF0jC .../fSCGx7-----END CERTIFICATE-----",
oauth_ropc_client_id="ropc_client_id",
oauth_ropc_client_secret="ropc_client_secret",
oauth_tenant_id="tenant_id",
oauth_type="azure")
# Custom LDAP Example
idp_ldap = junipermist.org.Nacidp("idp_ldap",
org_id=terraform_test["id"],
name="idp_ldap",
idp_type="ldap",
ldap_type="custom",
group_filter="memberOf",
member_filter="memberOf",
ldap_user_filter="(mail=%s)",
ldap_server_hosts=[
"ldap.mycorp.com",
"1.2.3.4",
],
ldap_base_dn="DC=abc,DC=com",
ldap_bind_dn="CN=admin,CN=users,DC=abc,DC=com",
ldap_bind_password="secret!password",
ldap_cacerts=[
"""-----BEGIN CERTIFICATE-----
MIIFZjCCA06gAwIBAgIIP61/1qm/uDowDQYJKoZIhvcNAQELBQE
-----END CERTIFICATE-----""",
"""-----BEGIN CERTIFICATE-----
BhMCRVMxFDASBgNVBAoMC1N0YXJ0Q29tIENBMSwwKgYDVn-----END CERTIFICATE-----""",
],
ldap_client_cert="""-----BEGIN CERTIFICATE-----
MIIFZjCCA06gAwIBAgIIP61/1qm/uDowDQYJKoZIhvcNAQELBQE
-----END CERTIFICATE-----""",
ldap_client_key="-----BEGIN PRI...")
package main
import (
"github.com/pulumi/pulumi-junipermist/sdk/go/junipermist/org"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// OAuth with Azure Example
_, err := org.NewNacidp(ctx, "idp_azure", &org.NacidpArgs{
OrgId: pulumi.Any(terraformTest.Id),
Name: pulumi.String("idp_azure"),
IdpType: pulumi.String("oauth"),
OauthCcClientId: pulumi.String("client_id"),
OauthCcClientSecret: pulumi.String("-----BEGIN CERTIFICATE-----MIIF0jC .../fSCGx7-----END CERTIFICATE-----"),
OauthRopcClientId: pulumi.String("ropc_client_id"),
OauthRopcClientSecret: pulumi.String("ropc_client_secret"),
OauthTenantId: pulumi.String("tenant_id"),
OauthType: pulumi.String("azure"),
})
if err != nil {
return err
}
// Custom LDAP Example
_, err = org.NewNacidp(ctx, "idp_ldap", &org.NacidpArgs{
OrgId: pulumi.Any(terraformTest.Id),
Name: pulumi.String("idp_ldap"),
IdpType: pulumi.String("ldap"),
LdapType: pulumi.String("custom"),
GroupFilter: pulumi.String("memberOf"),
MemberFilter: pulumi.String("memberOf"),
LdapUserFilter: pulumi.String("(mail=%s)"),
LdapServerHosts: pulumi.StringArray{
pulumi.String("ldap.mycorp.com"),
pulumi.String("1.2.3.4"),
},
LdapBaseDn: pulumi.String("DC=abc,DC=com"),
LdapBindDn: pulumi.String("CN=admin,CN=users,DC=abc,DC=com"),
LdapBindPassword: pulumi.String("secret!password"),
LdapCacerts: pulumi.StringArray{
pulumi.String("-----BEGIN CERTIFICATE-----\nMIIFZjCCA06gAwIBAgIIP61/1qm/uDowDQYJKoZIhvcNAQELBQE\n-----END CERTIFICATE-----"),
pulumi.String("-----BEGIN CERTIFICATE-----\nBhMCRVMxFDASBgNVBAoMC1N0YXJ0Q29tIENBMSwwKgYDVn-----END CERTIFICATE-----"),
},
LdapClientCert: pulumi.String("-----BEGIN CERTIFICATE-----\nMIIFZjCCA06gAwIBAgIIP61/1qm/uDowDQYJKoZIhvcNAQELBQE\n-----END CERTIFICATE-----"),
LdapClientKey: pulumi.String("-----BEGIN PRI..."),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using JuniperMist = Pulumi.JuniperMist;
return await Deployment.RunAsync(() =>
{
// OAuth with Azure Example
var idpAzure = new JuniperMist.Org.Nacidp("idp_azure", new()
{
OrgId = terraformTest.Id,
Name = "idp_azure",
IdpType = "oauth",
OauthCcClientId = "client_id",
OauthCcClientSecret = "-----BEGIN CERTIFICATE-----MIIF0jC .../fSCGx7-----END CERTIFICATE-----",
OauthRopcClientId = "ropc_client_id",
OauthRopcClientSecret = "ropc_client_secret",
OauthTenantId = "tenant_id",
OauthType = "azure",
});
// Custom LDAP Example
var idpLdap = new JuniperMist.Org.Nacidp("idp_ldap", new()
{
OrgId = terraformTest.Id,
Name = "idp_ldap",
IdpType = "ldap",
LdapType = "custom",
GroupFilter = "memberOf",
MemberFilter = "memberOf",
LdapUserFilter = "(mail=%s)",
LdapServerHosts = new[]
{
"ldap.mycorp.com",
"1.2.3.4",
},
LdapBaseDn = "DC=abc,DC=com",
LdapBindDn = "CN=admin,CN=users,DC=abc,DC=com",
LdapBindPassword = "secret!password",
LdapCacerts = new[]
{
@"-----BEGIN CERTIFICATE-----
MIIFZjCCA06gAwIBAgIIP61/1qm/uDowDQYJKoZIhvcNAQELBQE
-----END CERTIFICATE-----",
@"-----BEGIN CERTIFICATE-----
BhMCRVMxFDASBgNVBAoMC1N0YXJ0Q29tIENBMSwwKgYDVn-----END CERTIFICATE-----",
},
LdapClientCert = @"-----BEGIN CERTIFICATE-----
MIIFZjCCA06gAwIBAgIIP61/1qm/uDowDQYJKoZIhvcNAQELBQE
-----END CERTIFICATE-----",
LdapClientKey = "-----BEGIN PRI...",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.junipermist.org.Nacidp;
import com.pulumi.junipermist.org.NacidpArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// OAuth with Azure Example
var idpAzure = new Nacidp("idpAzure", NacidpArgs.builder()
.orgId(terraformTest.id())
.name("idp_azure")
.idpType("oauth")
.oauthCcClientId("client_id")
.oauthCcClientSecret("-----BEGIN CERTIFICATE-----MIIF0jC .../fSCGx7-----END CERTIFICATE-----")
.oauthRopcClientId("ropc_client_id")
.oauthRopcClientSecret("ropc_client_secret")
.oauthTenantId("tenant_id")
.oauthType("azure")
.build());
// Custom LDAP Example
var idpLdap = new Nacidp("idpLdap", NacidpArgs.builder()
.orgId(terraformTest.id())
.name("idp_ldap")
.idpType("ldap")
.ldapType("custom")
.groupFilter("memberOf")
.memberFilter("memberOf")
.ldapUserFilter("(mail=%s)")
.ldapServerHosts(
"ldap.mycorp.com",
"1.2.3.4")
.ldapBaseDn("DC=abc,DC=com")
.ldapBindDn("CN=admin,CN=users,DC=abc,DC=com")
.ldapBindPassword("secret!password")
.ldapCacerts(
"""
-----BEGIN CERTIFICATE-----
MIIFZjCCA06gAwIBAgIIP61/1qm/uDowDQYJKoZIhvcNAQELBQE
-----END CERTIFICATE----- """,
"""
-----BEGIN CERTIFICATE-----
BhMCRVMxFDASBgNVBAoMC1N0YXJ0Q29tIENBMSwwKgYDVn-----END CERTIFICATE----- """)
.ldapClientCert("""
-----BEGIN CERTIFICATE-----
MIIFZjCCA06gAwIBAgIIP61/1qm/uDowDQYJKoZIhvcNAQELBQE
-----END CERTIFICATE----- """)
.ldapClientKey("-----BEGIN PRI...")
.build());
}
}
resources:
# OAuth with Azure Example
idpAzure:
type: junipermist:org:Nacidp
name: idp_azure
properties:
orgId: ${terraformTest.id}
name: idp_azure
idpType: oauth
oauthCcClientId: client_id
oauthCcClientSecret: '-----BEGIN CERTIFICATE-----MIIF0jC .../fSCGx7-----END CERTIFICATE-----'
oauthRopcClientId: ropc_client_id
oauthRopcClientSecret: ropc_client_secret
oauthTenantId: tenant_id
oauthType: azure
# Custom LDAP Example
idpLdap:
type: junipermist:org:Nacidp
name: idp_ldap
properties:
orgId: ${terraformTest.id}
name: idp_ldap
idpType: ldap
ldapType: custom
groupFilter: memberOf
memberFilter: memberOf
ldapUserFilter: (mail=%s)
ldapServerHosts:
- ldap.mycorp.com
- 1.2.3.4
ldapBaseDn: DC=abc,DC=com
ldapBindDn: CN=admin,CN=users,DC=abc,DC=com
ldapBindPassword: secret!password
ldapCacerts:
- |-
-----BEGIN CERTIFICATE-----
MIIFZjCCA06gAwIBAgIIP61/1qm/uDowDQYJKoZIhvcNAQELBQE
-----END CERTIFICATE-----
- |-
-----BEGIN CERTIFICATE-----
BhMCRVMxFDASBgNVBAoMC1N0YXJ0Q29tIENBMSwwKgYDVn-----END CERTIFICATE-----
ldapClientCert: |-
-----BEGIN CERTIFICATE-----
MIIFZjCCA06gAwIBAgIIP61/1qm/uDowDQYJKoZIhvcNAQELBQE
-----END CERTIFICATE-----
ldapClientKey: '-----BEGIN PRI...'
Create Nacidp Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Nacidp(name: string, args: NacidpArgs, opts?: CustomResourceOptions);@overload
def Nacidp(resource_name: str,
args: NacidpArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Nacidp(resource_name: str,
opts: Optional[ResourceOptions] = None,
org_id: Optional[str] = None,
idp_type: Optional[str] = None,
ldap_type: Optional[str] = None,
oauth_type: Optional[str] = None,
ldap_bind_password: Optional[str] = None,
ldap_cacerts: Optional[Sequence[str]] = None,
ldap_client_cert: Optional[str] = None,
ldap_client_key: Optional[str] = None,
ldap_group_attr: Optional[str] = None,
ldap_group_dn: Optional[str] = None,
ldap_resolve_groups: Optional[bool] = None,
ldap_server_hosts: Optional[Sequence[str]] = None,
group_filter: Optional[str] = None,
ldap_user_filter: Optional[str] = None,
ldap_bind_dn: Optional[str] = None,
oauth_cc_client_id: Optional[str] = None,
member_filter: Optional[str] = None,
oauth_cc_client_secret: Optional[str] = None,
oauth_discovery_url: Optional[str] = None,
oauth_ping_identity_region: Optional[str] = None,
oauth_ropc_client_id: Optional[str] = None,
oauth_ropc_client_secret: Optional[str] = None,
oauth_tenant_id: Optional[str] = None,
name: Optional[str] = None,
ldap_base_dn: Optional[str] = None,
scim_enabled: Optional[bool] = None,
scim_secret_token: Optional[str] = None)func NewNacidp(ctx *Context, name string, args NacidpArgs, opts ...ResourceOption) (*Nacidp, error)public Nacidp(string name, NacidpArgs args, CustomResourceOptions? opts = null)
public Nacidp(String name, NacidpArgs args)
public Nacidp(String name, NacidpArgs args, CustomResourceOptions options)
type: junipermist:org:Nacidp
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args NacidpArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args NacidpArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args NacidpArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args NacidpArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args NacidpArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var nacidpResource = new JuniperMist.Org.Nacidp("nacidpResource", new()
{
OrgId = "string",
IdpType = "string",
LdapType = "string",
OauthType = "string",
LdapBindPassword = "string",
LdapCacerts = new[]
{
"string",
},
LdapClientCert = "string",
LdapClientKey = "string",
LdapGroupAttr = "string",
LdapGroupDn = "string",
LdapResolveGroups = false,
LdapServerHosts = new[]
{
"string",
},
GroupFilter = "string",
LdapUserFilter = "string",
LdapBindDn = "string",
OauthCcClientId = "string",
MemberFilter = "string",
OauthCcClientSecret = "string",
OauthDiscoveryUrl = "string",
OauthPingIdentityRegion = "string",
OauthRopcClientId = "string",
OauthRopcClientSecret = "string",
OauthTenantId = "string",
Name = "string",
LdapBaseDn = "string",
ScimEnabled = false,
ScimSecretToken = "string",
});
example, err := org.NewNacidp(ctx, "nacidpResource", &org.NacidpArgs{
OrgId: pulumi.String("string"),
IdpType: pulumi.String("string"),
LdapType: pulumi.String("string"),
OauthType: pulumi.String("string"),
LdapBindPassword: pulumi.String("string"),
LdapCacerts: pulumi.StringArray{
pulumi.String("string"),
},
LdapClientCert: pulumi.String("string"),
LdapClientKey: pulumi.String("string"),
LdapGroupAttr: pulumi.String("string"),
LdapGroupDn: pulumi.String("string"),
LdapResolveGroups: pulumi.Bool(false),
LdapServerHosts: pulumi.StringArray{
pulumi.String("string"),
},
GroupFilter: pulumi.String("string"),
LdapUserFilter: pulumi.String("string"),
LdapBindDn: pulumi.String("string"),
OauthCcClientId: pulumi.String("string"),
MemberFilter: pulumi.String("string"),
OauthCcClientSecret: pulumi.String("string"),
OauthDiscoveryUrl: pulumi.String("string"),
OauthPingIdentityRegion: pulumi.String("string"),
OauthRopcClientId: pulumi.String("string"),
OauthRopcClientSecret: pulumi.String("string"),
OauthTenantId: pulumi.String("string"),
Name: pulumi.String("string"),
LdapBaseDn: pulumi.String("string"),
ScimEnabled: pulumi.Bool(false),
ScimSecretToken: pulumi.String("string"),
})
var nacidpResource = new Nacidp("nacidpResource", NacidpArgs.builder()
.orgId("string")
.idpType("string")
.ldapType("string")
.oauthType("string")
.ldapBindPassword("string")
.ldapCacerts("string")
.ldapClientCert("string")
.ldapClientKey("string")
.ldapGroupAttr("string")
.ldapGroupDn("string")
.ldapResolveGroups(false)
.ldapServerHosts("string")
.groupFilter("string")
.ldapUserFilter("string")
.ldapBindDn("string")
.oauthCcClientId("string")
.memberFilter("string")
.oauthCcClientSecret("string")
.oauthDiscoveryUrl("string")
.oauthPingIdentityRegion("string")
.oauthRopcClientId("string")
.oauthRopcClientSecret("string")
.oauthTenantId("string")
.name("string")
.ldapBaseDn("string")
.scimEnabled(false)
.scimSecretToken("string")
.build());
nacidp_resource = junipermist.org.Nacidp("nacidpResource",
org_id="string",
idp_type="string",
ldap_type="string",
oauth_type="string",
ldap_bind_password="string",
ldap_cacerts=["string"],
ldap_client_cert="string",
ldap_client_key="string",
ldap_group_attr="string",
ldap_group_dn="string",
ldap_resolve_groups=False,
ldap_server_hosts=["string"],
group_filter="string",
ldap_user_filter="string",
ldap_bind_dn="string",
oauth_cc_client_id="string",
member_filter="string",
oauth_cc_client_secret="string",
oauth_discovery_url="string",
oauth_ping_identity_region="string",
oauth_ropc_client_id="string",
oauth_ropc_client_secret="string",
oauth_tenant_id="string",
name="string",
ldap_base_dn="string",
scim_enabled=False,
scim_secret_token="string")
const nacidpResource = new junipermist.org.Nacidp("nacidpResource", {
orgId: "string",
idpType: "string",
ldapType: "string",
oauthType: "string",
ldapBindPassword: "string",
ldapCacerts: ["string"],
ldapClientCert: "string",
ldapClientKey: "string",
ldapGroupAttr: "string",
ldapGroupDn: "string",
ldapResolveGroups: false,
ldapServerHosts: ["string"],
groupFilter: "string",
ldapUserFilter: "string",
ldapBindDn: "string",
oauthCcClientId: "string",
memberFilter: "string",
oauthCcClientSecret: "string",
oauthDiscoveryUrl: "string",
oauthPingIdentityRegion: "string",
oauthRopcClientId: "string",
oauthRopcClientSecret: "string",
oauthTenantId: "string",
name: "string",
ldapBaseDn: "string",
scimEnabled: false,
scimSecretToken: "string",
});
type: junipermist:org:Nacidp
properties:
groupFilter: string
idpType: string
ldapBaseDn: string
ldapBindDn: string
ldapBindPassword: string
ldapCacerts:
- string
ldapClientCert: string
ldapClientKey: string
ldapGroupAttr: string
ldapGroupDn: string
ldapResolveGroups: false
ldapServerHosts:
- string
ldapType: string
ldapUserFilter: string
memberFilter: string
name: string
oauthCcClientId: string
oauthCcClientSecret: string
oauthDiscoveryUrl: string
oauthPingIdentityRegion: string
oauthRopcClientId: string
oauthRopcClientSecret: string
oauthTenantId: string
oauthType: string
orgId: string
scimEnabled: false
scimSecretToken: string
Nacidp Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Nacidp resource accepts the following input properties:
- Idp
Type string - enum:
ldap,mxedge_proxy,oauth - Org
Id string - Group
Filter string - Required if
ldap_type==custom, LDAP filter that will identify the type of group - Ldap
Base stringDn - Required if
idp_type==ldap, whole domain or a specific organization unit (container) in Search base to specify where users and groups are found in the LDAP tree - Ldap
Bind stringDn - Required if
idp_type==ldap, the account used to authenticate against the LDAP - Ldap
Bind stringPassword - Required if
idp_type==ldap, the password used to authenticate against the LDAP - Ldap
Cacerts List<string> - Required if
idp_type==ldap, list of CA certificates to validate the LDAP certificate - Ldap
Client stringCert - If
idp_type==ldap, LDAPS Client certificate - Ldap
Client stringKey - If
idp_type==ldap, Key for theldap_client_cert - Ldap
Group stringAttr - If
ldap_type==custom - Ldap
Group stringDn - If
ldap_type==custom - Ldap
Resolve boolGroups - If
idp_type==ldap, whether to recursively resolve LDAP groups - Ldap
Server List<string>Hosts - If
idp_type==ldap, list of LDAP/LDAPS server IP Addresses or Hostnames - Ldap
Type string - if
idp_type==ldap. enum:azure,custom,google,okta,ping_identity - Ldap
User stringFilter - Required if
ldap_type==custom, LDAP filter that will identify the type of user - Member
Filter string - Required if
ldap_type==custom,LDAP filter that will identify the type of member - Name string
- Name
- Oauth
Cc stringClient Id - Required if
idp_type==oauth, Client Credentials - Oauth
Cc stringClient Secret - Required if
idp_type==oauth, oauthccclient_secret is RSA private key, of the form "-----BEGIN RSA PRIVATE KEY--...." - Oauth
Discovery stringUrl - If
idp_type==oauth - Oauth
Ping stringIdentity Region - enum:
us(United States, default),ca(Canada),eu(Europe),asia(Asia),au(Australia) - Oauth
Ropc stringClient Id - If
idp_type==oauth, ropc = Resource Owner Password Credentials - Oauth
Ropc stringClient Secret - If
oauth_type==azureoroauth_type==azure-gov. oauthropcclient_secret can be empty - Oauth
Tenant stringId - Required if
idp_type==oauth, oauthtenantid - Oauth
Type string - if
idp_type==oauth. enum:azure,azure-gov,okta,ping_identity - Scim
Enabled bool - If
idp_type==oauth, indicates if SCIM provisioning is enabled for the OAuth IDP - Scim
Secret stringToken - If
idp_type==oauth, scimsecrettoken (auto-generated when not provided by caller andscim_enabled==true, empty string whenscim_enabled==false) is used as the Bearer token in the Authorization header of SCIM provisioning requests by the IDP
- Idp
Type string - enum:
ldap,mxedge_proxy,oauth - Org
Id string - Group
Filter string - Required if
ldap_type==custom, LDAP filter that will identify the type of group - Ldap
Base stringDn - Required if
idp_type==ldap, whole domain or a specific organization unit (container) in Search base to specify where users and groups are found in the LDAP tree - Ldap
Bind stringDn - Required if
idp_type==ldap, the account used to authenticate against the LDAP - Ldap
Bind stringPassword - Required if
idp_type==ldap, the password used to authenticate against the LDAP - Ldap
Cacerts []string - Required if
idp_type==ldap, list of CA certificates to validate the LDAP certificate - Ldap
Client stringCert - If
idp_type==ldap, LDAPS Client certificate - Ldap
Client stringKey - If
idp_type==ldap, Key for theldap_client_cert - Ldap
Group stringAttr - If
ldap_type==custom - Ldap
Group stringDn - If
ldap_type==custom - Ldap
Resolve boolGroups - If
idp_type==ldap, whether to recursively resolve LDAP groups - Ldap
Server []stringHosts - If
idp_type==ldap, list of LDAP/LDAPS server IP Addresses or Hostnames - Ldap
Type string - if
idp_type==ldap. enum:azure,custom,google,okta,ping_identity - Ldap
User stringFilter - Required if
ldap_type==custom, LDAP filter that will identify the type of user - Member
Filter string - Required if
ldap_type==custom,LDAP filter that will identify the type of member - Name string
- Name
- Oauth
Cc stringClient Id - Required if
idp_type==oauth, Client Credentials - Oauth
Cc stringClient Secret - Required if
idp_type==oauth, oauthccclient_secret is RSA private key, of the form "-----BEGIN RSA PRIVATE KEY--...." - Oauth
Discovery stringUrl - If
idp_type==oauth - Oauth
Ping stringIdentity Region - enum:
us(United States, default),ca(Canada),eu(Europe),asia(Asia),au(Australia) - Oauth
Ropc stringClient Id - If
idp_type==oauth, ropc = Resource Owner Password Credentials - Oauth
Ropc stringClient Secret - If
oauth_type==azureoroauth_type==azure-gov. oauthropcclient_secret can be empty - Oauth
Tenant stringId - Required if
idp_type==oauth, oauthtenantid - Oauth
Type string - if
idp_type==oauth. enum:azure,azure-gov,okta,ping_identity - Scim
Enabled bool - If
idp_type==oauth, indicates if SCIM provisioning is enabled for the OAuth IDP - Scim
Secret stringToken - If
idp_type==oauth, scimsecrettoken (auto-generated when not provided by caller andscim_enabled==true, empty string whenscim_enabled==false) is used as the Bearer token in the Authorization header of SCIM provisioning requests by the IDP
- idp
Type String - enum:
ldap,mxedge_proxy,oauth - org
Id String - group
Filter String - Required if
ldap_type==custom, LDAP filter that will identify the type of group - ldap
Base StringDn - Required if
idp_type==ldap, whole domain or a specific organization unit (container) in Search base to specify where users and groups are found in the LDAP tree - ldap
Bind StringDn - Required if
idp_type==ldap, the account used to authenticate against the LDAP - ldap
Bind StringPassword - Required if
idp_type==ldap, the password used to authenticate against the LDAP - ldap
Cacerts List<String> - Required if
idp_type==ldap, list of CA certificates to validate the LDAP certificate - ldap
Client StringCert - If
idp_type==ldap, LDAPS Client certificate - ldap
Client StringKey - If
idp_type==ldap, Key for theldap_client_cert - ldap
Group StringAttr - If
ldap_type==custom - ldap
Group StringDn - If
ldap_type==custom - ldap
Resolve BooleanGroups - If
idp_type==ldap, whether to recursively resolve LDAP groups - ldap
Server List<String>Hosts - If
idp_type==ldap, list of LDAP/LDAPS server IP Addresses or Hostnames - ldap
Type String - if
idp_type==ldap. enum:azure,custom,google,okta,ping_identity - ldap
User StringFilter - Required if
ldap_type==custom, LDAP filter that will identify the type of user - member
Filter String - Required if
ldap_type==custom,LDAP filter that will identify the type of member - name String
- Name
- oauth
Cc StringClient Id - Required if
idp_type==oauth, Client Credentials - oauth
Cc StringClient Secret - Required if
idp_type==oauth, oauthccclient_secret is RSA private key, of the form "-----BEGIN RSA PRIVATE KEY--...." - oauth
Discovery StringUrl - If
idp_type==oauth - oauth
Ping StringIdentity Region - enum:
us(United States, default),ca(Canada),eu(Europe),asia(Asia),au(Australia) - oauth
Ropc StringClient Id - If
idp_type==oauth, ropc = Resource Owner Password Credentials - oauth
Ropc StringClient Secret - If
oauth_type==azureoroauth_type==azure-gov. oauthropcclient_secret can be empty - oauth
Tenant StringId - Required if
idp_type==oauth, oauthtenantid - oauth
Type String - if
idp_type==oauth. enum:azure,azure-gov,okta,ping_identity - scim
Enabled Boolean - If
idp_type==oauth, indicates if SCIM provisioning is enabled for the OAuth IDP - scim
Secret StringToken - If
idp_type==oauth, scimsecrettoken (auto-generated when not provided by caller andscim_enabled==true, empty string whenscim_enabled==false) is used as the Bearer token in the Authorization header of SCIM provisioning requests by the IDP
- idp
Type string - enum:
ldap,mxedge_proxy,oauth - org
Id string - group
Filter string - Required if
ldap_type==custom, LDAP filter that will identify the type of group - ldap
Base stringDn - Required if
idp_type==ldap, whole domain or a specific organization unit (container) in Search base to specify where users and groups are found in the LDAP tree - ldap
Bind stringDn - Required if
idp_type==ldap, the account used to authenticate against the LDAP - ldap
Bind stringPassword - Required if
idp_type==ldap, the password used to authenticate against the LDAP - ldap
Cacerts string[] - Required if
idp_type==ldap, list of CA certificates to validate the LDAP certificate - ldap
Client stringCert - If
idp_type==ldap, LDAPS Client certificate - ldap
Client stringKey - If
idp_type==ldap, Key for theldap_client_cert - ldap
Group stringAttr - If
ldap_type==custom - ldap
Group stringDn - If
ldap_type==custom - ldap
Resolve booleanGroups - If
idp_type==ldap, whether to recursively resolve LDAP groups - ldap
Server string[]Hosts - If
idp_type==ldap, list of LDAP/LDAPS server IP Addresses or Hostnames - ldap
Type string - if
idp_type==ldap. enum:azure,custom,google,okta,ping_identity - ldap
User stringFilter - Required if
ldap_type==custom, LDAP filter that will identify the type of user - member
Filter string - Required if
ldap_type==custom,LDAP filter that will identify the type of member - name string
- Name
- oauth
Cc stringClient Id - Required if
idp_type==oauth, Client Credentials - oauth
Cc stringClient Secret - Required if
idp_type==oauth, oauthccclient_secret is RSA private key, of the form "-----BEGIN RSA PRIVATE KEY--...." - oauth
Discovery stringUrl - If
idp_type==oauth - oauth
Ping stringIdentity Region - enum:
us(United States, default),ca(Canada),eu(Europe),asia(Asia),au(Australia) - oauth
Ropc stringClient Id - If
idp_type==oauth, ropc = Resource Owner Password Credentials - oauth
Ropc stringClient Secret - If
oauth_type==azureoroauth_type==azure-gov. oauthropcclient_secret can be empty - oauth
Tenant stringId - Required if
idp_type==oauth, oauthtenantid - oauth
Type string - if
idp_type==oauth. enum:azure,azure-gov,okta,ping_identity - scim
Enabled boolean - If
idp_type==oauth, indicates if SCIM provisioning is enabled for the OAuth IDP - scim
Secret stringToken - If
idp_type==oauth, scimsecrettoken (auto-generated when not provided by caller andscim_enabled==true, empty string whenscim_enabled==false) is used as the Bearer token in the Authorization header of SCIM provisioning requests by the IDP
- idp_
type str - enum:
ldap,mxedge_proxy,oauth - org_
id str - group_
filter str - Required if
ldap_type==custom, LDAP filter that will identify the type of group - ldap_
base_ strdn - Required if
idp_type==ldap, whole domain or a specific organization unit (container) in Search base to specify where users and groups are found in the LDAP tree - ldap_
bind_ strdn - Required if
idp_type==ldap, the account used to authenticate against the LDAP - ldap_
bind_ strpassword - Required if
idp_type==ldap, the password used to authenticate against the LDAP - ldap_
cacerts Sequence[str] - Required if
idp_type==ldap, list of CA certificates to validate the LDAP certificate - ldap_
client_ strcert - If
idp_type==ldap, LDAPS Client certificate - ldap_
client_ strkey - If
idp_type==ldap, Key for theldap_client_cert - ldap_
group_ strattr - If
ldap_type==custom - ldap_
group_ strdn - If
ldap_type==custom - ldap_
resolve_ boolgroups - If
idp_type==ldap, whether to recursively resolve LDAP groups - ldap_
server_ Sequence[str]hosts - If
idp_type==ldap, list of LDAP/LDAPS server IP Addresses or Hostnames - ldap_
type str - if
idp_type==ldap. enum:azure,custom,google,okta,ping_identity - ldap_
user_ strfilter - Required if
ldap_type==custom, LDAP filter that will identify the type of user - member_
filter str - Required if
ldap_type==custom,LDAP filter that will identify the type of member - name str
- Name
- oauth_
cc_ strclient_ id - Required if
idp_type==oauth, Client Credentials - oauth_
cc_ strclient_ secret - Required if
idp_type==oauth, oauthccclient_secret is RSA private key, of the form "-----BEGIN RSA PRIVATE KEY--...." - oauth_
discovery_ strurl - If
idp_type==oauth - oauth_
ping_ stridentity_ region - enum:
us(United States, default),ca(Canada),eu(Europe),asia(Asia),au(Australia) - oauth_
ropc_ strclient_ id - If
idp_type==oauth, ropc = Resource Owner Password Credentials - oauth_
ropc_ strclient_ secret - If
oauth_type==azureoroauth_type==azure-gov. oauthropcclient_secret can be empty - oauth_
tenant_ strid - Required if
idp_type==oauth, oauthtenantid - oauth_
type str - if
idp_type==oauth. enum:azure,azure-gov,okta,ping_identity - scim_
enabled bool - If
idp_type==oauth, indicates if SCIM provisioning is enabled for the OAuth IDP - scim_
secret_ strtoken - If
idp_type==oauth, scimsecrettoken (auto-generated when not provided by caller andscim_enabled==true, empty string whenscim_enabled==false) is used as the Bearer token in the Authorization header of SCIM provisioning requests by the IDP
- idp
Type String - enum:
ldap,mxedge_proxy,oauth - org
Id String - group
Filter String - Required if
ldap_type==custom, LDAP filter that will identify the type of group - ldap
Base StringDn - Required if
idp_type==ldap, whole domain or a specific organization unit (container) in Search base to specify where users and groups are found in the LDAP tree - ldap
Bind StringDn - Required if
idp_type==ldap, the account used to authenticate against the LDAP - ldap
Bind StringPassword - Required if
idp_type==ldap, the password used to authenticate against the LDAP - ldap
Cacerts List<String> - Required if
idp_type==ldap, list of CA certificates to validate the LDAP certificate - ldap
Client StringCert - If
idp_type==ldap, LDAPS Client certificate - ldap
Client StringKey - If
idp_type==ldap, Key for theldap_client_cert - ldap
Group StringAttr - If
ldap_type==custom - ldap
Group StringDn - If
ldap_type==custom - ldap
Resolve BooleanGroups - If
idp_type==ldap, whether to recursively resolve LDAP groups - ldap
Server List<String>Hosts - If
idp_type==ldap, list of LDAP/LDAPS server IP Addresses or Hostnames - ldap
Type String - if
idp_type==ldap. enum:azure,custom,google,okta,ping_identity - ldap
User StringFilter - Required if
ldap_type==custom, LDAP filter that will identify the type of user - member
Filter String - Required if
ldap_type==custom,LDAP filter that will identify the type of member - name String
- Name
- oauth
Cc StringClient Id - Required if
idp_type==oauth, Client Credentials - oauth
Cc StringClient Secret - Required if
idp_type==oauth, oauthccclient_secret is RSA private key, of the form "-----BEGIN RSA PRIVATE KEY--...." - oauth
Discovery StringUrl - If
idp_type==oauth - oauth
Ping StringIdentity Region - enum:
us(United States, default),ca(Canada),eu(Europe),asia(Asia),au(Australia) - oauth
Ropc StringClient Id - If
idp_type==oauth, ropc = Resource Owner Password Credentials - oauth
Ropc StringClient Secret - If
oauth_type==azureoroauth_type==azure-gov. oauthropcclient_secret can be empty - oauth
Tenant StringId - Required if
idp_type==oauth, oauthtenantid - oauth
Type String - if
idp_type==oauth. enum:azure,azure-gov,okta,ping_identity - scim
Enabled Boolean - If
idp_type==oauth, indicates if SCIM provisioning is enabled for the OAuth IDP - scim
Secret StringToken - If
idp_type==oauth, scimsecrettoken (auto-generated when not provided by caller andscim_enabled==true, empty string whenscim_enabled==false) is used as the Bearer token in the Authorization header of SCIM provisioning requests by the IDP
Outputs
All input properties are implicitly available as output properties. Additionally, the Nacidp resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing Nacidp Resource
Get an existing Nacidp resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: NacidpState, opts?: CustomResourceOptions): Nacidp@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
group_filter: Optional[str] = None,
idp_type: Optional[str] = None,
ldap_base_dn: Optional[str] = None,
ldap_bind_dn: Optional[str] = None,
ldap_bind_password: Optional[str] = None,
ldap_cacerts: Optional[Sequence[str]] = None,
ldap_client_cert: Optional[str] = None,
ldap_client_key: Optional[str] = None,
ldap_group_attr: Optional[str] = None,
ldap_group_dn: Optional[str] = None,
ldap_resolve_groups: Optional[bool] = None,
ldap_server_hosts: Optional[Sequence[str]] = None,
ldap_type: Optional[str] = None,
ldap_user_filter: Optional[str] = None,
member_filter: Optional[str] = None,
name: Optional[str] = None,
oauth_cc_client_id: Optional[str] = None,
oauth_cc_client_secret: Optional[str] = None,
oauth_discovery_url: Optional[str] = None,
oauth_ping_identity_region: Optional[str] = None,
oauth_ropc_client_id: Optional[str] = None,
oauth_ropc_client_secret: Optional[str] = None,
oauth_tenant_id: Optional[str] = None,
oauth_type: Optional[str] = None,
org_id: Optional[str] = None,
scim_enabled: Optional[bool] = None,
scim_secret_token: Optional[str] = None) -> Nacidpfunc GetNacidp(ctx *Context, name string, id IDInput, state *NacidpState, opts ...ResourceOption) (*Nacidp, error)public static Nacidp Get(string name, Input<string> id, NacidpState? state, CustomResourceOptions? opts = null)public static Nacidp get(String name, Output<String> id, NacidpState state, CustomResourceOptions options)resources: _: type: junipermist:org:Nacidp get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Group
Filter string - Required if
ldap_type==custom, LDAP filter that will identify the type of group - Idp
Type string - enum:
ldap,mxedge_proxy,oauth - Ldap
Base stringDn - Required if
idp_type==ldap, whole domain or a specific organization unit (container) in Search base to specify where users and groups are found in the LDAP tree - Ldap
Bind stringDn - Required if
idp_type==ldap, the account used to authenticate against the LDAP - Ldap
Bind stringPassword - Required if
idp_type==ldap, the password used to authenticate against the LDAP - Ldap
Cacerts List<string> - Required if
idp_type==ldap, list of CA certificates to validate the LDAP certificate - Ldap
Client stringCert - If
idp_type==ldap, LDAPS Client certificate - Ldap
Client stringKey - If
idp_type==ldap, Key for theldap_client_cert - Ldap
Group stringAttr - If
ldap_type==custom - Ldap
Group stringDn - If
ldap_type==custom - Ldap
Resolve boolGroups - If
idp_type==ldap, whether to recursively resolve LDAP groups - Ldap
Server List<string>Hosts - If
idp_type==ldap, list of LDAP/LDAPS server IP Addresses or Hostnames - Ldap
Type string - if
idp_type==ldap. enum:azure,custom,google,okta,ping_identity - Ldap
User stringFilter - Required if
ldap_type==custom, LDAP filter that will identify the type of user - Member
Filter string - Required if
ldap_type==custom,LDAP filter that will identify the type of member - Name string
- Name
- Oauth
Cc stringClient Id - Required if
idp_type==oauth, Client Credentials - Oauth
Cc stringClient Secret - Required if
idp_type==oauth, oauthccclient_secret is RSA private key, of the form "-----BEGIN RSA PRIVATE KEY--...." - Oauth
Discovery stringUrl - If
idp_type==oauth - Oauth
Ping stringIdentity Region - enum:
us(United States, default),ca(Canada),eu(Europe),asia(Asia),au(Australia) - Oauth
Ropc stringClient Id - If
idp_type==oauth, ropc = Resource Owner Password Credentials - Oauth
Ropc stringClient Secret - If
oauth_type==azureoroauth_type==azure-gov. oauthropcclient_secret can be empty - Oauth
Tenant stringId - Required if
idp_type==oauth, oauthtenantid - Oauth
Type string - if
idp_type==oauth. enum:azure,azure-gov,okta,ping_identity - Org
Id string - Scim
Enabled bool - If
idp_type==oauth, indicates if SCIM provisioning is enabled for the OAuth IDP - Scim
Secret stringToken - If
idp_type==oauth, scimsecrettoken (auto-generated when not provided by caller andscim_enabled==true, empty string whenscim_enabled==false) is used as the Bearer token in the Authorization header of SCIM provisioning requests by the IDP
- Group
Filter string - Required if
ldap_type==custom, LDAP filter that will identify the type of group - Idp
Type string - enum:
ldap,mxedge_proxy,oauth - Ldap
Base stringDn - Required if
idp_type==ldap, whole domain or a specific organization unit (container) in Search base to specify where users and groups are found in the LDAP tree - Ldap
Bind stringDn - Required if
idp_type==ldap, the account used to authenticate against the LDAP - Ldap
Bind stringPassword - Required if
idp_type==ldap, the password used to authenticate against the LDAP - Ldap
Cacerts []string - Required if
idp_type==ldap, list of CA certificates to validate the LDAP certificate - Ldap
Client stringCert - If
idp_type==ldap, LDAPS Client certificate - Ldap
Client stringKey - If
idp_type==ldap, Key for theldap_client_cert - Ldap
Group stringAttr - If
ldap_type==custom - Ldap
Group stringDn - If
ldap_type==custom - Ldap
Resolve boolGroups - If
idp_type==ldap, whether to recursively resolve LDAP groups - Ldap
Server []stringHosts - If
idp_type==ldap, list of LDAP/LDAPS server IP Addresses or Hostnames - Ldap
Type string - if
idp_type==ldap. enum:azure,custom,google,okta,ping_identity - Ldap
User stringFilter - Required if
ldap_type==custom, LDAP filter that will identify the type of user - Member
Filter string - Required if
ldap_type==custom,LDAP filter that will identify the type of member - Name string
- Name
- Oauth
Cc stringClient Id - Required if
idp_type==oauth, Client Credentials - Oauth
Cc stringClient Secret - Required if
idp_type==oauth, oauthccclient_secret is RSA private key, of the form "-----BEGIN RSA PRIVATE KEY--...." - Oauth
Discovery stringUrl - If
idp_type==oauth - Oauth
Ping stringIdentity Region - enum:
us(United States, default),ca(Canada),eu(Europe),asia(Asia),au(Australia) - Oauth
Ropc stringClient Id - If
idp_type==oauth, ropc = Resource Owner Password Credentials - Oauth
Ropc stringClient Secret - If
oauth_type==azureoroauth_type==azure-gov. oauthropcclient_secret can be empty - Oauth
Tenant stringId - Required if
idp_type==oauth, oauthtenantid - Oauth
Type string - if
idp_type==oauth. enum:azure,azure-gov,okta,ping_identity - Org
Id string - Scim
Enabled bool - If
idp_type==oauth, indicates if SCIM provisioning is enabled for the OAuth IDP - Scim
Secret stringToken - If
idp_type==oauth, scimsecrettoken (auto-generated when not provided by caller andscim_enabled==true, empty string whenscim_enabled==false) is used as the Bearer token in the Authorization header of SCIM provisioning requests by the IDP
- group
Filter String - Required if
ldap_type==custom, LDAP filter that will identify the type of group - idp
Type String - enum:
ldap,mxedge_proxy,oauth - ldap
Base StringDn - Required if
idp_type==ldap, whole domain or a specific organization unit (container) in Search base to specify where users and groups are found in the LDAP tree - ldap
Bind StringDn - Required if
idp_type==ldap, the account used to authenticate against the LDAP - ldap
Bind StringPassword - Required if
idp_type==ldap, the password used to authenticate against the LDAP - ldap
Cacerts List<String> - Required if
idp_type==ldap, list of CA certificates to validate the LDAP certificate - ldap
Client StringCert - If
idp_type==ldap, LDAPS Client certificate - ldap
Client StringKey - If
idp_type==ldap, Key for theldap_client_cert - ldap
Group StringAttr - If
ldap_type==custom - ldap
Group StringDn - If
ldap_type==custom - ldap
Resolve BooleanGroups - If
idp_type==ldap, whether to recursively resolve LDAP groups - ldap
Server List<String>Hosts - If
idp_type==ldap, list of LDAP/LDAPS server IP Addresses or Hostnames - ldap
Type String - if
idp_type==ldap. enum:azure,custom,google,okta,ping_identity - ldap
User StringFilter - Required if
ldap_type==custom, LDAP filter that will identify the type of user - member
Filter String - Required if
ldap_type==custom,LDAP filter that will identify the type of member - name String
- Name
- oauth
Cc StringClient Id - Required if
idp_type==oauth, Client Credentials - oauth
Cc StringClient Secret - Required if
idp_type==oauth, oauthccclient_secret is RSA private key, of the form "-----BEGIN RSA PRIVATE KEY--...." - oauth
Discovery StringUrl - If
idp_type==oauth - oauth
Ping StringIdentity Region - enum:
us(United States, default),ca(Canada),eu(Europe),asia(Asia),au(Australia) - oauth
Ropc StringClient Id - If
idp_type==oauth, ropc = Resource Owner Password Credentials - oauth
Ropc StringClient Secret - If
oauth_type==azureoroauth_type==azure-gov. oauthropcclient_secret can be empty - oauth
Tenant StringId - Required if
idp_type==oauth, oauthtenantid - oauth
Type String - if
idp_type==oauth. enum:azure,azure-gov,okta,ping_identity - org
Id String - scim
Enabled Boolean - If
idp_type==oauth, indicates if SCIM provisioning is enabled for the OAuth IDP - scim
Secret StringToken - If
idp_type==oauth, scimsecrettoken (auto-generated when not provided by caller andscim_enabled==true, empty string whenscim_enabled==false) is used as the Bearer token in the Authorization header of SCIM provisioning requests by the IDP
- group
Filter string - Required if
ldap_type==custom, LDAP filter that will identify the type of group - idp
Type string - enum:
ldap,mxedge_proxy,oauth - ldap
Base stringDn - Required if
idp_type==ldap, whole domain or a specific organization unit (container) in Search base to specify where users and groups are found in the LDAP tree - ldap
Bind stringDn - Required if
idp_type==ldap, the account used to authenticate against the LDAP - ldap
Bind stringPassword - Required if
idp_type==ldap, the password used to authenticate against the LDAP - ldap
Cacerts string[] - Required if
idp_type==ldap, list of CA certificates to validate the LDAP certificate - ldap
Client stringCert - If
idp_type==ldap, LDAPS Client certificate - ldap
Client stringKey - If
idp_type==ldap, Key for theldap_client_cert - ldap
Group stringAttr - If
ldap_type==custom - ldap
Group stringDn - If
ldap_type==custom - ldap
Resolve booleanGroups - If
idp_type==ldap, whether to recursively resolve LDAP groups - ldap
Server string[]Hosts - If
idp_type==ldap, list of LDAP/LDAPS server IP Addresses or Hostnames - ldap
Type string - if
idp_type==ldap. enum:azure,custom,google,okta,ping_identity - ldap
User stringFilter - Required if
ldap_type==custom, LDAP filter that will identify the type of user - member
Filter string - Required if
ldap_type==custom,LDAP filter that will identify the type of member - name string
- Name
- oauth
Cc stringClient Id - Required if
idp_type==oauth, Client Credentials - oauth
Cc stringClient Secret - Required if
idp_type==oauth, oauthccclient_secret is RSA private key, of the form "-----BEGIN RSA PRIVATE KEY--...." - oauth
Discovery stringUrl - If
idp_type==oauth - oauth
Ping stringIdentity Region - enum:
us(United States, default),ca(Canada),eu(Europe),asia(Asia),au(Australia) - oauth
Ropc stringClient Id - If
idp_type==oauth, ropc = Resource Owner Password Credentials - oauth
Ropc stringClient Secret - If
oauth_type==azureoroauth_type==azure-gov. oauthropcclient_secret can be empty - oauth
Tenant stringId - Required if
idp_type==oauth, oauthtenantid - oauth
Type string - if
idp_type==oauth. enum:azure,azure-gov,okta,ping_identity - org
Id string - scim
Enabled boolean - If
idp_type==oauth, indicates if SCIM provisioning is enabled for the OAuth IDP - scim
Secret stringToken - If
idp_type==oauth, scimsecrettoken (auto-generated when not provided by caller andscim_enabled==true, empty string whenscim_enabled==false) is used as the Bearer token in the Authorization header of SCIM provisioning requests by the IDP
- group_
filter str - Required if
ldap_type==custom, LDAP filter that will identify the type of group - idp_
type str - enum:
ldap,mxedge_proxy,oauth - ldap_
base_ strdn - Required if
idp_type==ldap, whole domain or a specific organization unit (container) in Search base to specify where users and groups are found in the LDAP tree - ldap_
bind_ strdn - Required if
idp_type==ldap, the account used to authenticate against the LDAP - ldap_
bind_ strpassword - Required if
idp_type==ldap, the password used to authenticate against the LDAP - ldap_
cacerts Sequence[str] - Required if
idp_type==ldap, list of CA certificates to validate the LDAP certificate - ldap_
client_ strcert - If
idp_type==ldap, LDAPS Client certificate - ldap_
client_ strkey - If
idp_type==ldap, Key for theldap_client_cert - ldap_
group_ strattr - If
ldap_type==custom - ldap_
group_ strdn - If
ldap_type==custom - ldap_
resolve_ boolgroups - If
idp_type==ldap, whether to recursively resolve LDAP groups - ldap_
server_ Sequence[str]hosts - If
idp_type==ldap, list of LDAP/LDAPS server IP Addresses or Hostnames - ldap_
type str - if
idp_type==ldap. enum:azure,custom,google,okta,ping_identity - ldap_
user_ strfilter - Required if
ldap_type==custom, LDAP filter that will identify the type of user - member_
filter str - Required if
ldap_type==custom,LDAP filter that will identify the type of member - name str
- Name
- oauth_
cc_ strclient_ id - Required if
idp_type==oauth, Client Credentials - oauth_
cc_ strclient_ secret - Required if
idp_type==oauth, oauthccclient_secret is RSA private key, of the form "-----BEGIN RSA PRIVATE KEY--...." - oauth_
discovery_ strurl - If
idp_type==oauth - oauth_
ping_ stridentity_ region - enum:
us(United States, default),ca(Canada),eu(Europe),asia(Asia),au(Australia) - oauth_
ropc_ strclient_ id - If
idp_type==oauth, ropc = Resource Owner Password Credentials - oauth_
ropc_ strclient_ secret - If
oauth_type==azureoroauth_type==azure-gov. oauthropcclient_secret can be empty - oauth_
tenant_ strid - Required if
idp_type==oauth, oauthtenantid - oauth_
type str - if
idp_type==oauth. enum:azure,azure-gov,okta,ping_identity - org_
id str - scim_
enabled bool - If
idp_type==oauth, indicates if SCIM provisioning is enabled for the OAuth IDP - scim_
secret_ strtoken - If
idp_type==oauth, scimsecrettoken (auto-generated when not provided by caller andscim_enabled==true, empty string whenscim_enabled==false) is used as the Bearer token in the Authorization header of SCIM provisioning requests by the IDP
- group
Filter String - Required if
ldap_type==custom, LDAP filter that will identify the type of group - idp
Type String - enum:
ldap,mxedge_proxy,oauth - ldap
Base StringDn - Required if
idp_type==ldap, whole domain or a specific organization unit (container) in Search base to specify where users and groups are found in the LDAP tree - ldap
Bind StringDn - Required if
idp_type==ldap, the account used to authenticate against the LDAP - ldap
Bind StringPassword - Required if
idp_type==ldap, the password used to authenticate against the LDAP - ldap
Cacerts List<String> - Required if
idp_type==ldap, list of CA certificates to validate the LDAP certificate - ldap
Client StringCert - If
idp_type==ldap, LDAPS Client certificate - ldap
Client StringKey - If
idp_type==ldap, Key for theldap_client_cert - ldap
Group StringAttr - If
ldap_type==custom - ldap
Group StringDn - If
ldap_type==custom - ldap
Resolve BooleanGroups - If
idp_type==ldap, whether to recursively resolve LDAP groups - ldap
Server List<String>Hosts - If
idp_type==ldap, list of LDAP/LDAPS server IP Addresses or Hostnames - ldap
Type String - if
idp_type==ldap. enum:azure,custom,google,okta,ping_identity - ldap
User StringFilter - Required if
ldap_type==custom, LDAP filter that will identify the type of user - member
Filter String - Required if
ldap_type==custom,LDAP filter that will identify the type of member - name String
- Name
- oauth
Cc StringClient Id - Required if
idp_type==oauth, Client Credentials - oauth
Cc StringClient Secret - Required if
idp_type==oauth, oauthccclient_secret is RSA private key, of the form "-----BEGIN RSA PRIVATE KEY--...." - oauth
Discovery StringUrl - If
idp_type==oauth - oauth
Ping StringIdentity Region - enum:
us(United States, default),ca(Canada),eu(Europe),asia(Asia),au(Australia) - oauth
Ropc StringClient Id - If
idp_type==oauth, ropc = Resource Owner Password Credentials - oauth
Ropc StringClient Secret - If
oauth_type==azureoroauth_type==azure-gov. oauthropcclient_secret can be empty - oauth
Tenant StringId - Required if
idp_type==oauth, oauthtenantid - oauth
Type String - if
idp_type==oauth. enum:azure,azure-gov,okta,ping_identity - org
Id String - scim
Enabled Boolean - If
idp_type==oauth, indicates if SCIM provisioning is enabled for the OAuth IDP - scim
Secret StringToken - If
idp_type==oauth, scimsecrettoken (auto-generated when not provided by caller andscim_enabled==true, empty string whenscim_enabled==false) is used as the Bearer token in the Authorization header of SCIM provisioning requests by the IDP
Import
Using pulumi import, import mist_org_nacidp with:
Org PSK can be imported by specifying the org_id and the nacidp_id
$ pulumi import junipermist:org/nacidp:Nacidp idp_azure 17b46405-3a6d-4715-8bb4-6bb6d06f316a.d3c42998-9012-4859-9743-6b9bee475309
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- junipermist pulumi/pulumi-junipermist
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
mistTerraform Provider.