Docs
PackagesOkta v4.9.2 published on Tuesday, Jun 25, 2024 by Pulumi
okta.group.Role
Explore with Pulumi AI
Assigns Admin roles to Okta Groups. This resource allows you to assign Okta administrator roles to Okta Groups. This resource provides a one-to-one interface between the Okta group and the admin role.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as okta from "@pulumi/okta";
const example = new okta.group.Role("example", {
groupId: "<group id>",
roleType: "READ_ONLY_ADMIN",
});
import pulumi
import pulumi_okta as okta
example = okta.group.Role("example",
group_id="<group id>",
role_type="READ_ONLY_ADMIN")
package main
import (
"github.com/pulumi/pulumi-okta/sdk/v4/go/okta/group"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := group.NewRole(ctx, "example", &group.RoleArgs{
GroupId: pulumi.String("<group id>"),
RoleType: pulumi.String("READ_ONLY_ADMIN"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Okta = Pulumi.Okta;
return await Deployment.RunAsync(() =>
{
var example = new Okta.Group.Role("example", new()
{
GroupId = "<group id>",
RoleType = "READ_ONLY_ADMIN",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.okta.group.Role;
import com.pulumi.okta.group.RoleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Role("example", RoleArgs.builder()
.groupId("<group id>")
.roleType("READ_ONLY_ADMIN")
.build());
}
}
resources:
example:
type: okta:group:Role
properties:
groupId: <group id>
roleType: READ_ONLY_ADMIN
Create Role Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Role(name: string, args: RoleArgs, opts?: CustomResourceOptions);@overload
def Role(resource_name: str,
args: RoleArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Role(resource_name: str,
opts: Optional[ResourceOptions] = None,
group_id: Optional[str] = None,
role_type: Optional[str] = None,
disable_notifications: Optional[bool] = None,
target_app_lists: Optional[Sequence[str]] = None,
target_group_lists: Optional[Sequence[str]] = None)func NewRole(ctx *Context, name string, args RoleArgs, opts ...ResourceOption) (*Role, error)public Role(string name, RoleArgs args, CustomResourceOptions? opts = null)type: okta:group:Role
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args RoleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args RoleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args RoleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args RoleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args RoleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var roleResource = new Okta.Group.Role("roleResource", new()
{
GroupId = "string",
RoleType = "string",
DisableNotifications = false,
TargetAppLists = new[]
{
"string",
},
TargetGroupLists = new[]
{
"string",
},
});
example, err := group.NewRole(ctx, "roleResource", &group.RoleArgs{
GroupId: pulumi.String("string"),
RoleType: pulumi.String("string"),
DisableNotifications: pulumi.Bool(false),
TargetAppLists: pulumi.StringArray{
pulumi.String("string"),
},
TargetGroupLists: pulumi.StringArray{
pulumi.String("string"),
},
})
var roleResource = new Role("roleResource", RoleArgs.builder()
.groupId("string")
.roleType("string")
.disableNotifications(false)
.targetAppLists("string")
.targetGroupLists("string")
.build());
role_resource = okta.group.Role("roleResource",
group_id="string",
role_type="string",
disable_notifications=False,
target_app_lists=["string"],
target_group_lists=["string"])
const roleResource = new okta.group.Role("roleResource", {
groupId: "string",
roleType: "string",
disableNotifications: false,
targetAppLists: ["string"],
targetGroupLists: ["string"],
});
type: okta:group:Role
properties:
disableNotifications: false
groupId: string
roleType: string
targetAppLists:
- string
targetGroupLists:
- string
Role Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The Role resource accepts the following input properties:
- Group
Id string - ID of group to attach admin roles to
- Role
Type string - Admin role assigned to the group. It can be any one of the following values: "API_ADMIN", "APP_ADMIN", "CUSTOM", "GROUP_MEMBERSHIP_ADMIN", "HELP_DESK_ADMIN", "MOBILE_ADMIN", "ORG_ADMIN", "READ_ONLY_ADMIN", "REPORT_ADMIN", "SUPER_ADMIN", "USER_ADMIN" . See API Docs. - "USER_ADMIN" is the Group Administrator.
- Disable
Notifications bool - When this setting is enabled, the admins won't receive any of the default Okta administrator emails. These admins also won't have access to contact Okta Support and open support cases on behalf of your org.
- Target
App List<string>Lists - A list of app names (name represents set of app instances, like 'salesforce' or 'facebook'), or a combination of app
name and app instance ID (like 'facebook.0oapsqQ6dv19pqyEo0g3') you would like as the targets of the admin role. - Only
supported when used with the role type
APP_ADMIN. - Target
Group List<string>Lists - A list of group IDs you would like as the targets of the admin role. - Only supported when used with the role types:
GROUP_MEMBERSHIP_ADMIN,HELP_DESK_ADMIN, orUSER_ADMIN.
- Group
Id string - ID of group to attach admin roles to
- Role
Type string - Admin role assigned to the group. It can be any one of the following values: "API_ADMIN", "APP_ADMIN", "CUSTOM", "GROUP_MEMBERSHIP_ADMIN", "HELP_DESK_ADMIN", "MOBILE_ADMIN", "ORG_ADMIN", "READ_ONLY_ADMIN", "REPORT_ADMIN", "SUPER_ADMIN", "USER_ADMIN" . See API Docs. - "USER_ADMIN" is the Group Administrator.
- Disable
Notifications bool - When this setting is enabled, the admins won't receive any of the default Okta administrator emails. These admins also won't have access to contact Okta Support and open support cases on behalf of your org.
- Target
App []stringLists - A list of app names (name represents set of app instances, like 'salesforce' or 'facebook'), or a combination of app
name and app instance ID (like 'facebook.0oapsqQ6dv19pqyEo0g3') you would like as the targets of the admin role. - Only
supported when used with the role type
APP_ADMIN. - Target
Group []stringLists - A list of group IDs you would like as the targets of the admin role. - Only supported when used with the role types:
GROUP_MEMBERSHIP_ADMIN,HELP_DESK_ADMIN, orUSER_ADMIN.
- group
Id String - ID of group to attach admin roles to
- role
Type String - Admin role assigned to the group. It can be any one of the following values: "API_ADMIN", "APP_ADMIN", "CUSTOM", "GROUP_MEMBERSHIP_ADMIN", "HELP_DESK_ADMIN", "MOBILE_ADMIN", "ORG_ADMIN", "READ_ONLY_ADMIN", "REPORT_ADMIN", "SUPER_ADMIN", "USER_ADMIN" . See API Docs. - "USER_ADMIN" is the Group Administrator.
- disable
Notifications Boolean - When this setting is enabled, the admins won't receive any of the default Okta administrator emails. These admins also won't have access to contact Okta Support and open support cases on behalf of your org.
- target
App List<String>Lists - A list of app names (name represents set of app instances, like 'salesforce' or 'facebook'), or a combination of app
name and app instance ID (like 'facebook.0oapsqQ6dv19pqyEo0g3') you would like as the targets of the admin role. - Only
supported when used with the role type
APP_ADMIN. - target
Group List<String>Lists - A list of group IDs you would like as the targets of the admin role. - Only supported when used with the role types:
GROUP_MEMBERSHIP_ADMIN,HELP_DESK_ADMIN, orUSER_ADMIN.
- group
Id string - ID of group to attach admin roles to
- role
Type string - Admin role assigned to the group. It can be any one of the following values: "API_ADMIN", "APP_ADMIN", "CUSTOM", "GROUP_MEMBERSHIP_ADMIN", "HELP_DESK_ADMIN", "MOBILE_ADMIN", "ORG_ADMIN", "READ_ONLY_ADMIN", "REPORT_ADMIN", "SUPER_ADMIN", "USER_ADMIN" . See API Docs. - "USER_ADMIN" is the Group Administrator.
- disable
Notifications boolean - When this setting is enabled, the admins won't receive any of the default Okta administrator emails. These admins also won't have access to contact Okta Support and open support cases on behalf of your org.
- target
App string[]Lists - A list of app names (name represents set of app instances, like 'salesforce' or 'facebook'), or a combination of app
name and app instance ID (like 'facebook.0oapsqQ6dv19pqyEo0g3') you would like as the targets of the admin role. - Only
supported when used with the role type
APP_ADMIN. - target
Group string[]Lists - A list of group IDs you would like as the targets of the admin role. - Only supported when used with the role types:
GROUP_MEMBERSHIP_ADMIN,HELP_DESK_ADMIN, orUSER_ADMIN.
- group_
id str - ID of group to attach admin roles to
- role_
type str - Admin role assigned to the group. It can be any one of the following values: "API_ADMIN", "APP_ADMIN", "CUSTOM", "GROUP_MEMBERSHIP_ADMIN", "HELP_DESK_ADMIN", "MOBILE_ADMIN", "ORG_ADMIN", "READ_ONLY_ADMIN", "REPORT_ADMIN", "SUPER_ADMIN", "USER_ADMIN" . See API Docs. - "USER_ADMIN" is the Group Administrator.
- disable_
notifications bool - When this setting is enabled, the admins won't receive any of the default Okta administrator emails. These admins also won't have access to contact Okta Support and open support cases on behalf of your org.
- target_
app_ Sequence[str]lists - A list of app names (name represents set of app instances, like 'salesforce' or 'facebook'), or a combination of app
name and app instance ID (like 'facebook.0oapsqQ6dv19pqyEo0g3') you would like as the targets of the admin role. - Only
supported when used with the role type
APP_ADMIN. - target_
group_ Sequence[str]lists - A list of group IDs you would like as the targets of the admin role. - Only supported when used with the role types:
GROUP_MEMBERSHIP_ADMIN,HELP_DESK_ADMIN, orUSER_ADMIN.
- group
Id String - ID of group to attach admin roles to
- role
Type String - Admin role assigned to the group. It can be any one of the following values: "API_ADMIN", "APP_ADMIN", "CUSTOM", "GROUP_MEMBERSHIP_ADMIN", "HELP_DESK_ADMIN", "MOBILE_ADMIN", "ORG_ADMIN", "READ_ONLY_ADMIN", "REPORT_ADMIN", "SUPER_ADMIN", "USER_ADMIN" . See API Docs. - "USER_ADMIN" is the Group Administrator.
- disable
Notifications Boolean - When this setting is enabled, the admins won't receive any of the default Okta administrator emails. These admins also won't have access to contact Okta Support and open support cases on behalf of your org.
- target
App List<String>Lists - A list of app names (name represents set of app instances, like 'salesforce' or 'facebook'), or a combination of app
name and app instance ID (like 'facebook.0oapsqQ6dv19pqyEo0g3') you would like as the targets of the admin role. - Only
supported when used with the role type
APP_ADMIN. - target
Group List<String>Lists - A list of group IDs you would like as the targets of the admin role. - Only supported when used with the role types:
GROUP_MEMBERSHIP_ADMIN,HELP_DESK_ADMIN, orUSER_ADMIN.
Outputs
All input properties are implicitly available as output properties. Additionally, the Role resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing Role Resource
Get an existing Role resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: RoleState, opts?: CustomResourceOptions): Role@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
disable_notifications: Optional[bool] = None,
group_id: Optional[str] = None,
role_type: Optional[str] = None,
target_app_lists: Optional[Sequence[str]] = None,
target_group_lists: Optional[Sequence[str]] = None) -> Rolefunc GetRole(ctx *Context, name string, id IDInput, state *RoleState, opts ...ResourceOption) (*Role, error)public static Role Get(string name, Input<string> id, RoleState? state, CustomResourceOptions? opts = null)public static Role get(String name, Output<String> id, RoleState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Disable
Notifications bool - When this setting is enabled, the admins won't receive any of the default Okta administrator emails. These admins also won't have access to contact Okta Support and open support cases on behalf of your org.
- Group
Id string - ID of group to attach admin roles to
- Role
Type string - Admin role assigned to the group. It can be any one of the following values: "API_ADMIN", "APP_ADMIN", "CUSTOM", "GROUP_MEMBERSHIP_ADMIN", "HELP_DESK_ADMIN", "MOBILE_ADMIN", "ORG_ADMIN", "READ_ONLY_ADMIN", "REPORT_ADMIN", "SUPER_ADMIN", "USER_ADMIN" . See API Docs. - "USER_ADMIN" is the Group Administrator.
- Target
App List<string>Lists - A list of app names (name represents set of app instances, like 'salesforce' or 'facebook'), or a combination of app
name and app instance ID (like 'facebook.0oapsqQ6dv19pqyEo0g3') you would like as the targets of the admin role. - Only
supported when used with the role type
APP_ADMIN. - Target
Group List<string>Lists - A list of group IDs you would like as the targets of the admin role. - Only supported when used with the role types:
GROUP_MEMBERSHIP_ADMIN,HELP_DESK_ADMIN, orUSER_ADMIN.
- Disable
Notifications bool - When this setting is enabled, the admins won't receive any of the default Okta administrator emails. These admins also won't have access to contact Okta Support and open support cases on behalf of your org.
- Group
Id string - ID of group to attach admin roles to
- Role
Type string - Admin role assigned to the group. It can be any one of the following values: "API_ADMIN", "APP_ADMIN", "CUSTOM", "GROUP_MEMBERSHIP_ADMIN", "HELP_DESK_ADMIN", "MOBILE_ADMIN", "ORG_ADMIN", "READ_ONLY_ADMIN", "REPORT_ADMIN", "SUPER_ADMIN", "USER_ADMIN" . See API Docs. - "USER_ADMIN" is the Group Administrator.
- Target
App []stringLists - A list of app names (name represents set of app instances, like 'salesforce' or 'facebook'), or a combination of app
name and app instance ID (like 'facebook.0oapsqQ6dv19pqyEo0g3') you would like as the targets of the admin role. - Only
supported when used with the role type
APP_ADMIN. - Target
Group []stringLists - A list of group IDs you would like as the targets of the admin role. - Only supported when used with the role types:
GROUP_MEMBERSHIP_ADMIN,HELP_DESK_ADMIN, orUSER_ADMIN.
- disable
Notifications Boolean - When this setting is enabled, the admins won't receive any of the default Okta administrator emails. These admins also won't have access to contact Okta Support and open support cases on behalf of your org.
- group
Id String - ID of group to attach admin roles to
- role
Type String - Admin role assigned to the group. It can be any one of the following values: "API_ADMIN", "APP_ADMIN", "CUSTOM", "GROUP_MEMBERSHIP_ADMIN", "HELP_DESK_ADMIN", "MOBILE_ADMIN", "ORG_ADMIN", "READ_ONLY_ADMIN", "REPORT_ADMIN", "SUPER_ADMIN", "USER_ADMIN" . See API Docs. - "USER_ADMIN" is the Group Administrator.
- target
App List<String>Lists - A list of app names (name represents set of app instances, like 'salesforce' or 'facebook'), or a combination of app
name and app instance ID (like 'facebook.0oapsqQ6dv19pqyEo0g3') you would like as the targets of the admin role. - Only
supported when used with the role type
APP_ADMIN. - target
Group List<String>Lists - A list of group IDs you would like as the targets of the admin role. - Only supported when used with the role types:
GROUP_MEMBERSHIP_ADMIN,HELP_DESK_ADMIN, orUSER_ADMIN.
- disable
Notifications boolean - When this setting is enabled, the admins won't receive any of the default Okta administrator emails. These admins also won't have access to contact Okta Support and open support cases on behalf of your org.
- group
Id string - ID of group to attach admin roles to
- role
Type string - Admin role assigned to the group. It can be any one of the following values: "API_ADMIN", "APP_ADMIN", "CUSTOM", "GROUP_MEMBERSHIP_ADMIN", "HELP_DESK_ADMIN", "MOBILE_ADMIN", "ORG_ADMIN", "READ_ONLY_ADMIN", "REPORT_ADMIN", "SUPER_ADMIN", "USER_ADMIN" . See API Docs. - "USER_ADMIN" is the Group Administrator.
- target
App string[]Lists - A list of app names (name represents set of app instances, like 'salesforce' or 'facebook'), or a combination of app
name and app instance ID (like 'facebook.0oapsqQ6dv19pqyEo0g3') you would like as the targets of the admin role. - Only
supported when used with the role type
APP_ADMIN. - target
Group string[]Lists - A list of group IDs you would like as the targets of the admin role. - Only supported when used with the role types:
GROUP_MEMBERSHIP_ADMIN,HELP_DESK_ADMIN, orUSER_ADMIN.
- disable_
notifications bool - When this setting is enabled, the admins won't receive any of the default Okta administrator emails. These admins also won't have access to contact Okta Support and open support cases on behalf of your org.
- group_
id str - ID of group to attach admin roles to
- role_
type str - Admin role assigned to the group. It can be any one of the following values: "API_ADMIN", "APP_ADMIN", "CUSTOM", "GROUP_MEMBERSHIP_ADMIN", "HELP_DESK_ADMIN", "MOBILE_ADMIN", "ORG_ADMIN", "READ_ONLY_ADMIN", "REPORT_ADMIN", "SUPER_ADMIN", "USER_ADMIN" . See API Docs. - "USER_ADMIN" is the Group Administrator.
- target_
app_ Sequence[str]lists - A list of app names (name represents set of app instances, like 'salesforce' or 'facebook'), or a combination of app
name and app instance ID (like 'facebook.0oapsqQ6dv19pqyEo0g3') you would like as the targets of the admin role. - Only
supported when used with the role type
APP_ADMIN. - target_
group_ Sequence[str]lists - A list of group IDs you would like as the targets of the admin role. - Only supported when used with the role types:
GROUP_MEMBERSHIP_ADMIN,HELP_DESK_ADMIN, orUSER_ADMIN.
- disable
Notifications Boolean - When this setting is enabled, the admins won't receive any of the default Okta administrator emails. These admins also won't have access to contact Okta Support and open support cases on behalf of your org.
- group
Id String - ID of group to attach admin roles to
- role
Type String - Admin role assigned to the group. It can be any one of the following values: "API_ADMIN", "APP_ADMIN", "CUSTOM", "GROUP_MEMBERSHIP_ADMIN", "HELP_DESK_ADMIN", "MOBILE_ADMIN", "ORG_ADMIN", "READ_ONLY_ADMIN", "REPORT_ADMIN", "SUPER_ADMIN", "USER_ADMIN" . See API Docs. - "USER_ADMIN" is the Group Administrator.
- target
App List<String>Lists - A list of app names (name represents set of app instances, like 'salesforce' or 'facebook'), or a combination of app
name and app instance ID (like 'facebook.0oapsqQ6dv19pqyEo0g3') you would like as the targets of the admin role. - Only
supported when used with the role type
APP_ADMIN. - target
Group List<String>Lists - A list of group IDs you would like as the targets of the admin role. - Only supported when used with the role types:
GROUP_MEMBERSHIP_ADMIN,HELP_DESK_ADMIN, orUSER_ADMIN.
Import
$ pulumi import okta:group/role:Role example <group id>/<role id>
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Okta pulumi/pulumi-okta
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
oktaTerraform Provider.