Docs Home Pulumi IaC Pulumi ESC Pulumi Insights Pulumi Cloud Packages Tutorials
  1. Packages
  2. Mongodbatlas Provider
  3. API Docs
  4. FederatedSettingsIdentityProvider
MongoDB Atlas v3.30.0 published on Friday, Mar 21, 2025 by Pulumi
pulumi/pulumi-mongodbatlas

mongodbatlas.FederatedSettingsIdentityProvider

Explore with Pulumi AI

MongoDB Atlas v3.30.0 published on Friday, Mar 21, 2025 by Pulumi
pulumi/pulumi-mongodbatlas

# Resource: mongodbatlas.FederatedSettingsIdentityProvider

mongodbatlas.FederatedSettingsIdentityProvider provides an Atlas federated settings identity provider resource provides a subset of settings to be maintained post import of the existing resource.

Example Usage

IMPORTANT If you want to use a SAML Identity Provider, you MUST import this resource before you can manage it with this provider.

SAML IdP:

import * as pulumi from "@pulumi/pulumi";
import * as mongodbatlas from "@pulumi/mongodbatlas";

const identityProvider = new mongodbatlas.FederatedSettingsIdentityProvider("identity_provider", {
    federationSettingsId: "627a9687f7f7f7f774de306f14",
    name: "mongodb_federation_test",
    associatedDomains: ["yourdomain.com"],
    ssoDebugEnabled: true,
    status: "ACTIVE",
    ssoUrl: "https://mysso.oktapreview.com/app/mysso_terraformtestsso/exk17q7f7f7f7f50h8/sso/saml",
    issuerUri: "http://www.okta.com/exk17q7f7f7f7fp50h8",
    requestBinding: "HTTP-POST",
    responseSignatureAlgorithm: "SHA-256",
});
Copy
import pulumi
import pulumi_mongodbatlas as mongodbatlas

identity_provider = mongodbatlas.FederatedSettingsIdentityProvider("identity_provider",
    federation_settings_id="627a9687f7f7f7f774de306f14",
    name="mongodb_federation_test",
    associated_domains=["yourdomain.com"],
    sso_debug_enabled=True,
    status="ACTIVE",
    sso_url="https://mysso.oktapreview.com/app/mysso_terraformtestsso/exk17q7f7f7f7f50h8/sso/saml",
    issuer_uri="http://www.okta.com/exk17q7f7f7f7fp50h8",
    request_binding="HTTP-POST",
    response_signature_algorithm="SHA-256")
Copy
package main

import (
	"github.com/pulumi/pulumi-mongodbatlas/sdk/v3/go/mongodbatlas"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := mongodbatlas.NewFederatedSettingsIdentityProvider(ctx, "identity_provider", &mongodbatlas.FederatedSettingsIdentityProviderArgs{
			FederationSettingsId: pulumi.String("627a9687f7f7f7f774de306f14"),
			Name:                 pulumi.String("mongodb_federation_test"),
			AssociatedDomains: pulumi.StringArray{
				pulumi.String("yourdomain.com"),
			},
			SsoDebugEnabled:            pulumi.Bool(true),
			Status:                     pulumi.String("ACTIVE"),
			SsoUrl:                     pulumi.String("https://mysso.oktapreview.com/app/mysso_terraformtestsso/exk17q7f7f7f7f50h8/sso/saml"),
			IssuerUri:                  pulumi.String("http://www.okta.com/exk17q7f7f7f7fp50h8"),
			RequestBinding:             pulumi.String("HTTP-POST"),
			ResponseSignatureAlgorithm: pulumi.String("SHA-256"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Mongodbatlas = Pulumi.Mongodbatlas;

return await Deployment.RunAsync(() => 
{
    var identityProvider = new Mongodbatlas.FederatedSettingsIdentityProvider("identity_provider", new()
    {
        FederationSettingsId = "627a9687f7f7f7f774de306f14",
        Name = "mongodb_federation_test",
        AssociatedDomains = new[]
        {
            "yourdomain.com",
        },
        SsoDebugEnabled = true,
        Status = "ACTIVE",
        SsoUrl = "https://mysso.oktapreview.com/app/mysso_terraformtestsso/exk17q7f7f7f7f50h8/sso/saml",
        IssuerUri = "http://www.okta.com/exk17q7f7f7f7fp50h8",
        RequestBinding = "HTTP-POST",
        ResponseSignatureAlgorithm = "SHA-256",
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.mongodbatlas.FederatedSettingsIdentityProvider;
import com.pulumi.mongodbatlas.FederatedSettingsIdentityProviderArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var identityProvider = new FederatedSettingsIdentityProvider("identityProvider", FederatedSettingsIdentityProviderArgs.builder()
            .federationSettingsId("627a9687f7f7f7f774de306f14")
            .name("mongodb_federation_test")
            .associatedDomains("yourdomain.com")
            .ssoDebugEnabled(true)
            .status("ACTIVE")
            .ssoUrl("https://mysso.oktapreview.com/app/mysso_terraformtestsso/exk17q7f7f7f7f50h8/sso/saml")
            .issuerUri("http://www.okta.com/exk17q7f7f7f7fp50h8")
            .requestBinding("HTTP-POST")
            .responseSignatureAlgorithm("SHA-256")
            .build());

    }
}
Copy
resources:
  identityProvider:
    type: mongodbatlas:FederatedSettingsIdentityProvider
    name: identity_provider
    properties:
      federationSettingsId: 627a9687f7f7f7f774de306f14
      name: mongodb_federation_test
      associatedDomains:
        - yourdomain.com
      ssoDebugEnabled: true
      status: ACTIVE
      ssoUrl: https://mysso.oktapreview.com/app/mysso_terraformtestsso/exk17q7f7f7f7f50h8/sso/saml
      issuerUri: http://www.okta.com/exk17q7f7f7f7fp50h8
      requestBinding: HTTP-POST
      responseSignatureAlgorithm: SHA-256
Copy

OIDC IdP:

import * as pulumi from "@pulumi/pulumi";
import * as mongodbatlas from "@pulumi/mongodbatlas";

const oidc = new mongodbatlas.FederatedSettingsIdentityProvider("oidc", {
    federationSettingsId: _this.id,
    audience: tokenAudience,
    authorizationType: "USER",
    description: "oidc",
    issuerUri: `https://sts.windows.net/${thisAzurermUserAssignedIdentity.tenantId}/`,
    idpType: "WORKLOAD",
    name: "OIDC-for-azure",
    protocol: "OIDC",
    userClaim: "sub",
});
Copy
import pulumi
import pulumi_mongodbatlas as mongodbatlas

oidc = mongodbatlas.FederatedSettingsIdentityProvider("oidc",
    federation_settings_id=this["id"],
    audience=token_audience,
    authorization_type="USER",
    description="oidc",
    issuer_uri=f"https://sts.windows.net/{this_azurerm_user_assigned_identity['tenantId']}/",
    idp_type="WORKLOAD",
    name="OIDC-for-azure",
    protocol="OIDC",
    user_claim="sub")
Copy
package main

import (
	"fmt"

	"github.com/pulumi/pulumi-mongodbatlas/sdk/v3/go/mongodbatlas"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := mongodbatlas.NewFederatedSettingsIdentityProvider(ctx, "oidc", &mongodbatlas.FederatedSettingsIdentityProviderArgs{
			FederationSettingsId: pulumi.Any(this.Id),
			Audience:             pulumi.Any(tokenAudience),
			AuthorizationType:    pulumi.String("USER"),
			Description:          pulumi.String("oidc"),
			IssuerUri:            pulumi.Sprintf("https://sts.windows.net/%v/", thisAzurermUserAssignedIdentity.TenantId),
			IdpType:              pulumi.String("WORKLOAD"),
			Name:                 pulumi.String("OIDC-for-azure"),
			Protocol:             pulumi.String("OIDC"),
			UserClaim:            pulumi.String("sub"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Mongodbatlas = Pulumi.Mongodbatlas;

return await Deployment.RunAsync(() => 
{
    var oidc = new Mongodbatlas.FederatedSettingsIdentityProvider("oidc", new()
    {
        FederationSettingsId = @this.Id,
        Audience = tokenAudience,
        AuthorizationType = "USER",
        Description = "oidc",
        IssuerUri = $"https://sts.windows.net/{thisAzurermUserAssignedIdentity.TenantId}/",
        IdpType = "WORKLOAD",
        Name = "OIDC-for-azure",
        Protocol = "OIDC",
        UserClaim = "sub",
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.mongodbatlas.FederatedSettingsIdentityProvider;
import com.pulumi.mongodbatlas.FederatedSettingsIdentityProviderArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var oidc = new FederatedSettingsIdentityProvider("oidc", FederatedSettingsIdentityProviderArgs.builder()
            .federationSettingsId(this_.id())
            .audience(tokenAudience)
            .authorizationType("USER")
            .description("oidc")
            .issuerUri(String.format("https://sts.windows.net/%s/", thisAzurermUserAssignedIdentity.tenantId()))
            .idpType("WORKLOAD")
            .name("OIDC-for-azure")
            .protocol("OIDC")
            .userClaim("sub")
            .build());

    }
}
Copy
resources:
  oidc:
    type: mongodbatlas:FederatedSettingsIdentityProvider
    properties:
      federationSettingsId: ${this.id}
      audience: ${tokenAudience}
      authorizationType: USER
      description: oidc
      issuerUri: https://sts.windows.net/${thisAzurermUserAssignedIdentity.tenantId}/
      idpType: WORKLOAD
      name: OIDC-for-azure
      protocol: OIDC
      userClaim: sub
Copy

Create FederatedSettingsIdentityProvider Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new FederatedSettingsIdentityProvider(name: string, args: FederatedSettingsIdentityProviderArgs, opts?: CustomResourceOptions);
@overload
def FederatedSettingsIdentityProvider(resource_name: str,
                                      args: FederatedSettingsIdentityProviderArgs,
                                      opts: Optional[ResourceOptions] = None)

@overload
def FederatedSettingsIdentityProvider(resource_name: str,
                                      opts: Optional[ResourceOptions] = None,
                                      federation_settings_id: Optional[str] = None,
                                      issuer_uri: Optional[str] = None,
                                      description: Optional[str] = None,
                                      name: Optional[str] = None,
                                      associated_domains: Optional[Sequence[str]] = None,
                                      authorization_type: Optional[str] = None,
                                      groups_claim: Optional[str] = None,
                                      idp_type: Optional[str] = None,
                                      audience: Optional[str] = None,
                                      client_id: Optional[str] = None,
                                      protocol: Optional[str] = None,
                                      request_binding: Optional[str] = None,
                                      requested_scopes: Optional[Sequence[str]] = None,
                                      response_signature_algorithm: Optional[str] = None,
                                      sso_debug_enabled: Optional[bool] = None,
                                      sso_url: Optional[str] = None,
                                      status: Optional[str] = None,
                                      user_claim: Optional[str] = None)
func NewFederatedSettingsIdentityProvider(ctx *Context, name string, args FederatedSettingsIdentityProviderArgs, opts ...ResourceOption) (*FederatedSettingsIdentityProvider, error)
public FederatedSettingsIdentityProvider(string name, FederatedSettingsIdentityProviderArgs args, CustomResourceOptions? opts = null)
public FederatedSettingsIdentityProvider(String name, FederatedSettingsIdentityProviderArgs args)
public FederatedSettingsIdentityProvider(String name, FederatedSettingsIdentityProviderArgs args, CustomResourceOptions options)

type: mongodbatlas:FederatedSettingsIdentityProvider
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name This property is required. string
The unique name of the resource.
args This property is required. FederatedSettingsIdentityProviderArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name This property is required. str
The unique name of the resource.
args This property is required. FederatedSettingsIdentityProviderArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name This property is required. string
The unique name of the resource.
args This property is required. FederatedSettingsIdentityProviderArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name This property is required. string
The unique name of the resource.
args This property is required. FederatedSettingsIdentityProviderArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name This property is required. String
The unique name of the resource.
args This property is required. FederatedSettingsIdentityProviderArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var federatedSettingsIdentityProviderResource = new Mongodbatlas.FederatedSettingsIdentityProvider("federatedSettingsIdentityProviderResource", new()
{
    FederationSettingsId = "string",
    IssuerUri = "string",
    Description = "string",
    Name = "string",
    AssociatedDomains = new[]
    {
        "string",
    },
    AuthorizationType = "string",
    GroupsClaim = "string",
    IdpType = "string",
    Audience = "string",
    ClientId = "string",
    Protocol = "string",
    RequestBinding = "string",
    RequestedScopes = new[]
    {
        "string",
    },
    ResponseSignatureAlgorithm = "string",
    SsoDebugEnabled = false,
    SsoUrl = "string",
    Status = "string",
    UserClaim = "string",
});
Copy
example, err := mongodbatlas.NewFederatedSettingsIdentityProvider(ctx, "federatedSettingsIdentityProviderResource", &mongodbatlas.FederatedSettingsIdentityProviderArgs{
	FederationSettingsId: pulumi.String("string"),
	IssuerUri:            pulumi.String("string"),
	Description:          pulumi.String("string"),
	Name:                 pulumi.String("string"),
	AssociatedDomains: pulumi.StringArray{
		pulumi.String("string"),
	},
	AuthorizationType: pulumi.String("string"),
	GroupsClaim:       pulumi.String("string"),
	IdpType:           pulumi.String("string"),
	Audience:          pulumi.String("string"),
	ClientId:          pulumi.String("string"),
	Protocol:          pulumi.String("string"),
	RequestBinding:    pulumi.String("string"),
	RequestedScopes: pulumi.StringArray{
		pulumi.String("string"),
	},
	ResponseSignatureAlgorithm: pulumi.String("string"),
	SsoDebugEnabled:            pulumi.Bool(false),
	SsoUrl:                     pulumi.String("string"),
	Status:                     pulumi.String("string"),
	UserClaim:                  pulumi.String("string"),
})
Copy
var federatedSettingsIdentityProviderResource = new FederatedSettingsIdentityProvider("federatedSettingsIdentityProviderResource", FederatedSettingsIdentityProviderArgs.builder()
    .federationSettingsId("string")
    .issuerUri("string")
    .description("string")
    .name("string")
    .associatedDomains("string")
    .authorizationType("string")
    .groupsClaim("string")
    .idpType("string")
    .audience("string")
    .clientId("string")
    .protocol("string")
    .requestBinding("string")
    .requestedScopes("string")
    .responseSignatureAlgorithm("string")
    .ssoDebugEnabled(false)
    .ssoUrl("string")
    .status("string")
    .userClaim("string")
    .build());
Copy
federated_settings_identity_provider_resource = mongodbatlas.FederatedSettingsIdentityProvider("federatedSettingsIdentityProviderResource",
    federation_settings_id="string",
    issuer_uri="string",
    description="string",
    name="string",
    associated_domains=["string"],
    authorization_type="string",
    groups_claim="string",
    idp_type="string",
    audience="string",
    client_id="string",
    protocol="string",
    request_binding="string",
    requested_scopes=["string"],
    response_signature_algorithm="string",
    sso_debug_enabled=False,
    sso_url="string",
    status="string",
    user_claim="string")
Copy
const federatedSettingsIdentityProviderResource = new mongodbatlas.FederatedSettingsIdentityProvider("federatedSettingsIdentityProviderResource", {
    federationSettingsId: "string",
    issuerUri: "string",
    description: "string",
    name: "string",
    associatedDomains: ["string"],
    authorizationType: "string",
    groupsClaim: "string",
    idpType: "string",
    audience: "string",
    clientId: "string",
    protocol: "string",
    requestBinding: "string",
    requestedScopes: ["string"],
    responseSignatureAlgorithm: "string",
    ssoDebugEnabled: false,
    ssoUrl: "string",
    status: "string",
    userClaim: "string",
});
Copy
type: mongodbatlas:FederatedSettingsIdentityProvider
properties:
    associatedDomains:
        - string
    audience: string
    authorizationType: string
    clientId: string
    description: string
    federationSettingsId: string
    groupsClaim: string
    idpType: string
    issuerUri: string
    name: string
    protocol: string
    requestBinding: string
    requestedScopes:
        - string
    responseSignatureAlgorithm: string
    ssoDebugEnabled: false
    ssoUrl: string
    status: string
    userClaim: string
Copy

FederatedSettingsIdentityProvider Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The FederatedSettingsIdentityProvider resource accepts the following input properties:

FederationSettingsId This property is required. string
Unique 24-hexadecimal digit string that identifies the federated authentication configuration.
IssuerUri This property is required. string
Unique string that identifies the issuer of the IdP.
AssociatedDomains List<string>
List that contains the domains associated with the identity provider.
Audience string
Identifier of the intended recipient of the token used in OIDC IdP.
AuthorizationType string
Indicates whether authorization is granted based on group membership or user ID. Valid values are GROUP or USER.
ClientId string
Client identifier that is assigned to an application by the OIDC Identity Provider.
Description string
The description of the identity provider.
GroupsClaim string
Identifier of the claim which contains OIDC IdP Group IDs in the token.
IdpType string
Name string
Human-readable label that identifies the identity provider.
Protocol string
The protocol of the identity provider. Either SAML or OIDC.
RequestBinding string
SAML Authentication Request Protocol HTTP method binding (POST or REDIRECT) that Federated Authentication uses to send the authentication request. Atlas supports the following binding values:

  • HTTP POST
  • HTTP REDIRECT
RequestedScopes List<string>
Scopes that MongoDB applications will request from the authorization endpoint used for OIDC IdPs.
ResponseSignatureAlgorithm string
Signature algorithm that Federated Authentication uses to encrypt the identity provider signature. Valid values include SHA-1 and SHA-256.
SsoDebugEnabled bool
Flag that indicates whether the identity provider has SSO debug enabled.
SsoUrl string
Unique string that identifies the intended audience of the SAML assertion.
Status string
String enum that indicates whether the identity provider is active or not. Accepted values are ACTIVE or INACTIVE.
UserClaim string
Identifier of the claim which contains the user ID in the token used for OIDC IdPs. userClaim is required for OIDC IdP with authorizationType GROUP and USER.
FederationSettingsId This property is required. string
Unique 24-hexadecimal digit string that identifies the federated authentication configuration.
IssuerUri This property is required. string
Unique string that identifies the issuer of the IdP.
AssociatedDomains []string
List that contains the domains associated with the identity provider.
Audience string
Identifier of the intended recipient of the token used in OIDC IdP.
AuthorizationType string
Indicates whether authorization is granted based on group membership or user ID. Valid values are GROUP or USER.
ClientId string
Client identifier that is assigned to an application by the OIDC Identity Provider.
Description string
The description of the identity provider.
GroupsClaim string
Identifier of the claim which contains OIDC IdP Group IDs in the token.
IdpType string
Name string
Human-readable label that identifies the identity provider.
Protocol string
The protocol of the identity provider. Either SAML or OIDC.
RequestBinding string
SAML Authentication Request Protocol HTTP method binding (POST or REDIRECT) that Federated Authentication uses to send the authentication request. Atlas supports the following binding values:

  • HTTP POST
  • HTTP REDIRECT
RequestedScopes []string
Scopes that MongoDB applications will request from the authorization endpoint used for OIDC IdPs.
ResponseSignatureAlgorithm string
Signature algorithm that Federated Authentication uses to encrypt the identity provider signature. Valid values include SHA-1 and SHA-256.
SsoDebugEnabled bool
Flag that indicates whether the identity provider has SSO debug enabled.
SsoUrl string
Unique string that identifies the intended audience of the SAML assertion.
Status string
String enum that indicates whether the identity provider is active or not. Accepted values are ACTIVE or INACTIVE.
UserClaim string
Identifier of the claim which contains the user ID in the token used for OIDC IdPs. userClaim is required for OIDC IdP with authorizationType GROUP and USER.
federationSettingsId This property is required. String
Unique 24-hexadecimal digit string that identifies the federated authentication configuration.
issuerUri This property is required. String
Unique string that identifies the issuer of the IdP.
associatedDomains List<String>
List that contains the domains associated with the identity provider.
audience String
Identifier of the intended recipient of the token used in OIDC IdP.
authorizationType String
Indicates whether authorization is granted based on group membership or user ID. Valid values are GROUP or USER.
clientId String
Client identifier that is assigned to an application by the OIDC Identity Provider.
description String
The description of the identity provider.
groupsClaim String
Identifier of the claim which contains OIDC IdP Group IDs in the token.
idpType String
name String
Human-readable label that identifies the identity provider.
protocol String
The protocol of the identity provider. Either SAML or OIDC.
requestBinding String
SAML Authentication Request Protocol HTTP method binding (POST or REDIRECT) that Federated Authentication uses to send the authentication request. Atlas supports the following binding values:

  • HTTP POST
  • HTTP REDIRECT
requestedScopes List<String>
Scopes that MongoDB applications will request from the authorization endpoint used for OIDC IdPs.
responseSignatureAlgorithm String
Signature algorithm that Federated Authentication uses to encrypt the identity provider signature. Valid values include SHA-1 and SHA-256.
ssoDebugEnabled Boolean
Flag that indicates whether the identity provider has SSO debug enabled.
ssoUrl String
Unique string that identifies the intended audience of the SAML assertion.
status String
String enum that indicates whether the identity provider is active or not. Accepted values are ACTIVE or INACTIVE.
userClaim String
Identifier of the claim which contains the user ID in the token used for OIDC IdPs. userClaim is required for OIDC IdP with authorizationType GROUP and USER.
federationSettingsId This property is required. string
Unique 24-hexadecimal digit string that identifies the federated authentication configuration.
issuerUri This property is required. string
Unique string that identifies the issuer of the IdP.
associatedDomains string[]
List that contains the domains associated with the identity provider.
audience string
Identifier of the intended recipient of the token used in OIDC IdP.
authorizationType string
Indicates whether authorization is granted based on group membership or user ID. Valid values are GROUP or USER.
clientId string
Client identifier that is assigned to an application by the OIDC Identity Provider.
description string
The description of the identity provider.
groupsClaim string
Identifier of the claim which contains OIDC IdP Group IDs in the token.
idpType string
name string
Human-readable label that identifies the identity provider.
protocol string
The protocol of the identity provider. Either SAML or OIDC.
requestBinding string
SAML Authentication Request Protocol HTTP method binding (POST or REDIRECT) that Federated Authentication uses to send the authentication request. Atlas supports the following binding values:

  • HTTP POST
  • HTTP REDIRECT
requestedScopes string[]
Scopes that MongoDB applications will request from the authorization endpoint used for OIDC IdPs.
responseSignatureAlgorithm string
Signature algorithm that Federated Authentication uses to encrypt the identity provider signature. Valid values include SHA-1 and SHA-256.
ssoDebugEnabled boolean
Flag that indicates whether the identity provider has SSO debug enabled.
ssoUrl string
Unique string that identifies the intended audience of the SAML assertion.
status string
String enum that indicates whether the identity provider is active or not. Accepted values are ACTIVE or INACTIVE.
userClaim string
Identifier of the claim which contains the user ID in the token used for OIDC IdPs. userClaim is required for OIDC IdP with authorizationType GROUP and USER.
federation_settings_id This property is required. str
Unique 24-hexadecimal digit string that identifies the federated authentication configuration.
issuer_uri This property is required. str
Unique string that identifies the issuer of the IdP.
associated_domains Sequence[str]
List that contains the domains associated with the identity provider.
audience str
Identifier of the intended recipient of the token used in OIDC IdP.
authorization_type str
Indicates whether authorization is granted based on group membership or user ID. Valid values are GROUP or USER.
client_id str
Client identifier that is assigned to an application by the OIDC Identity Provider.
description str
The description of the identity provider.
groups_claim str
Identifier of the claim which contains OIDC IdP Group IDs in the token.
idp_type str
name str
Human-readable label that identifies the identity provider.
protocol str
The protocol of the identity provider. Either SAML or OIDC.
request_binding str
SAML Authentication Request Protocol HTTP method binding (POST or REDIRECT) that Federated Authentication uses to send the authentication request. Atlas supports the following binding values:

  • HTTP POST
  • HTTP REDIRECT
requested_scopes Sequence[str]
Scopes that MongoDB applications will request from the authorization endpoint used for OIDC IdPs.
response_signature_algorithm str
Signature algorithm that Federated Authentication uses to encrypt the identity provider signature. Valid values include SHA-1 and SHA-256.
sso_debug_enabled bool
Flag that indicates whether the identity provider has SSO debug enabled.
sso_url str
Unique string that identifies the intended audience of the SAML assertion.
status str
String enum that indicates whether the identity provider is active or not. Accepted values are ACTIVE or INACTIVE.
user_claim str
Identifier of the claim which contains the user ID in the token used for OIDC IdPs. userClaim is required for OIDC IdP with authorizationType GROUP and USER.
federationSettingsId This property is required. String
Unique 24-hexadecimal digit string that identifies the federated authentication configuration.
issuerUri This property is required. String
Unique string that identifies the issuer of the IdP.
associatedDomains List<String>
List that contains the domains associated with the identity provider.
audience String
Identifier of the intended recipient of the token used in OIDC IdP.
authorizationType String
Indicates whether authorization is granted based on group membership or user ID. Valid values are GROUP or USER.
clientId String
Client identifier that is assigned to an application by the OIDC Identity Provider.
description String
The description of the identity provider.
groupsClaim String
Identifier of the claim which contains OIDC IdP Group IDs in the token.
idpType String
name String
Human-readable label that identifies the identity provider.
protocol String
The protocol of the identity provider. Either SAML or OIDC.
requestBinding String
SAML Authentication Request Protocol HTTP method binding (POST or REDIRECT) that Federated Authentication uses to send the authentication request. Atlas supports the following binding values:

  • HTTP POST
  • HTTP REDIRECT
requestedScopes List<String>
Scopes that MongoDB applications will request from the authorization endpoint used for OIDC IdPs.
responseSignatureAlgorithm String
Signature algorithm that Federated Authentication uses to encrypt the identity provider signature. Valid values include SHA-1 and SHA-256.
ssoDebugEnabled Boolean
Flag that indicates whether the identity provider has SSO debug enabled.
ssoUrl String
Unique string that identifies the intended audience of the SAML assertion.
status String
String enum that indicates whether the identity provider is active or not. Accepted values are ACTIVE or INACTIVE.
userClaim String
Identifier of the claim which contains the user ID in the token used for OIDC IdPs. userClaim is required for OIDC IdP with authorizationType GROUP and USER.

Outputs

All input properties are implicitly available as output properties. Additionally, the FederatedSettingsIdentityProvider resource produces the following output properties:

Id string
The provider-assigned unique ID for this managed resource.
IdpId string
Unique 24-hexadecimal digit string that identifies the IdP.
OktaIdpId string
Unique 20-hexadecimal digit string that identifies the IdP.
Id string
The provider-assigned unique ID for this managed resource.
IdpId string
Unique 24-hexadecimal digit string that identifies the IdP.
OktaIdpId string
Unique 20-hexadecimal digit string that identifies the IdP.
id String
The provider-assigned unique ID for this managed resource.
idpId String
Unique 24-hexadecimal digit string that identifies the IdP.
oktaIdpId String
Unique 20-hexadecimal digit string that identifies the IdP.
id string
The provider-assigned unique ID for this managed resource.
idpId string
Unique 24-hexadecimal digit string that identifies the IdP.
oktaIdpId string
Unique 20-hexadecimal digit string that identifies the IdP.
id str
The provider-assigned unique ID for this managed resource.
idp_id str
Unique 24-hexadecimal digit string that identifies the IdP.
okta_idp_id str
Unique 20-hexadecimal digit string that identifies the IdP.
id String
The provider-assigned unique ID for this managed resource.
idpId String
Unique 24-hexadecimal digit string that identifies the IdP.
oktaIdpId String
Unique 20-hexadecimal digit string that identifies the IdP.

Look up Existing FederatedSettingsIdentityProvider Resource

Get an existing FederatedSettingsIdentityProvider resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: FederatedSettingsIdentityProviderState, opts?: CustomResourceOptions): FederatedSettingsIdentityProvider
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        associated_domains: Optional[Sequence[str]] = None,
        audience: Optional[str] = None,
        authorization_type: Optional[str] = None,
        client_id: Optional[str] = None,
        description: Optional[str] = None,
        federation_settings_id: Optional[str] = None,
        groups_claim: Optional[str] = None,
        idp_id: Optional[str] = None,
        idp_type: Optional[str] = None,
        issuer_uri: Optional[str] = None,
        name: Optional[str] = None,
        okta_idp_id: Optional[str] = None,
        protocol: Optional[str] = None,
        request_binding: Optional[str] = None,
        requested_scopes: Optional[Sequence[str]] = None,
        response_signature_algorithm: Optional[str] = None,
        sso_debug_enabled: Optional[bool] = None,
        sso_url: Optional[str] = None,
        status: Optional[str] = None,
        user_claim: Optional[str] = None) -> FederatedSettingsIdentityProvider
func GetFederatedSettingsIdentityProvider(ctx *Context, name string, id IDInput, state *FederatedSettingsIdentityProviderState, opts ...ResourceOption) (*FederatedSettingsIdentityProvider, error)
public static FederatedSettingsIdentityProvider Get(string name, Input<string> id, FederatedSettingsIdentityProviderState? state, CustomResourceOptions? opts = null)
public static FederatedSettingsIdentityProvider get(String name, Output<String> id, FederatedSettingsIdentityProviderState state, CustomResourceOptions options)
resources:  _:    type: mongodbatlas:FederatedSettingsIdentityProvider    get:      id: ${id}
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
AssociatedDomains List<string>
List that contains the domains associated with the identity provider.
Audience string
Identifier of the intended recipient of the token used in OIDC IdP.
AuthorizationType string
Indicates whether authorization is granted based on group membership or user ID. Valid values are GROUP or USER.
ClientId string
Client identifier that is assigned to an application by the OIDC Identity Provider.
Description string
The description of the identity provider.
FederationSettingsId string
Unique 24-hexadecimal digit string that identifies the federated authentication configuration.
GroupsClaim string
Identifier of the claim which contains OIDC IdP Group IDs in the token.
IdpId string
Unique 24-hexadecimal digit string that identifies the IdP.
IdpType string
IssuerUri string
Unique string that identifies the issuer of the IdP.
Name string
Human-readable label that identifies the identity provider.
OktaIdpId string
Unique 20-hexadecimal digit string that identifies the IdP.
Protocol string
The protocol of the identity provider. Either SAML or OIDC.
RequestBinding string
SAML Authentication Request Protocol HTTP method binding (POST or REDIRECT) that Federated Authentication uses to send the authentication request. Atlas supports the following binding values:

  • HTTP POST
  • HTTP REDIRECT
RequestedScopes List<string>
Scopes that MongoDB applications will request from the authorization endpoint used for OIDC IdPs.
ResponseSignatureAlgorithm string
Signature algorithm that Federated Authentication uses to encrypt the identity provider signature. Valid values include SHA-1 and SHA-256.
SsoDebugEnabled bool
Flag that indicates whether the identity provider has SSO debug enabled.
SsoUrl string
Unique string that identifies the intended audience of the SAML assertion.
Status string
String enum that indicates whether the identity provider is active or not. Accepted values are ACTIVE or INACTIVE.
UserClaim string
Identifier of the claim which contains the user ID in the token used for OIDC IdPs. userClaim is required for OIDC IdP with authorizationType GROUP and USER.
AssociatedDomains []string
List that contains the domains associated with the identity provider.
Audience string
Identifier of the intended recipient of the token used in OIDC IdP.
AuthorizationType string
Indicates whether authorization is granted based on group membership or user ID. Valid values are GROUP or USER.
ClientId string
Client identifier that is assigned to an application by the OIDC Identity Provider.
Description string
The description of the identity provider.
FederationSettingsId string
Unique 24-hexadecimal digit string that identifies the federated authentication configuration.
GroupsClaim string
Identifier of the claim which contains OIDC IdP Group IDs in the token.
IdpId string
Unique 24-hexadecimal digit string that identifies the IdP.
IdpType string
IssuerUri string
Unique string that identifies the issuer of the IdP.
Name string
Human-readable label that identifies the identity provider.
OktaIdpId string
Unique 20-hexadecimal digit string that identifies the IdP.
Protocol string
The protocol of the identity provider. Either SAML or OIDC.
RequestBinding string
SAML Authentication Request Protocol HTTP method binding (POST or REDIRECT) that Federated Authentication uses to send the authentication request. Atlas supports the following binding values:

  • HTTP POST
  • HTTP REDIRECT
RequestedScopes []string
Scopes that MongoDB applications will request from the authorization endpoint used for OIDC IdPs.
ResponseSignatureAlgorithm string
Signature algorithm that Federated Authentication uses to encrypt the identity provider signature. Valid values include SHA-1 and SHA-256.
SsoDebugEnabled bool
Flag that indicates whether the identity provider has SSO debug enabled.
SsoUrl string
Unique string that identifies the intended audience of the SAML assertion.
Status string
String enum that indicates whether the identity provider is active or not. Accepted values are ACTIVE or INACTIVE.
UserClaim string
Identifier of the claim which contains the user ID in the token used for OIDC IdPs. userClaim is required for OIDC IdP with authorizationType GROUP and USER.
associatedDomains List<String>
List that contains the domains associated with the identity provider.
audience String
Identifier of the intended recipient of the token used in OIDC IdP.
authorizationType String
Indicates whether authorization is granted based on group membership or user ID. Valid values are GROUP or USER.
clientId String
Client identifier that is assigned to an application by the OIDC Identity Provider.
description String
The description of the identity provider.
federationSettingsId String
Unique 24-hexadecimal digit string that identifies the federated authentication configuration.
groupsClaim String
Identifier of the claim which contains OIDC IdP Group IDs in the token.
idpId String
Unique 24-hexadecimal digit string that identifies the IdP.
idpType String
issuerUri String
Unique string that identifies the issuer of the IdP.
name String
Human-readable label that identifies the identity provider.
oktaIdpId String
Unique 20-hexadecimal digit string that identifies the IdP.
protocol String
The protocol of the identity provider. Either SAML or OIDC.
requestBinding String
SAML Authentication Request Protocol HTTP method binding (POST or REDIRECT) that Federated Authentication uses to send the authentication request. Atlas supports the following binding values:

  • HTTP POST
  • HTTP REDIRECT
requestedScopes List<String>
Scopes that MongoDB applications will request from the authorization endpoint used for OIDC IdPs.
responseSignatureAlgorithm String
Signature algorithm that Federated Authentication uses to encrypt the identity provider signature. Valid values include SHA-1 and SHA-256.
ssoDebugEnabled Boolean
Flag that indicates whether the identity provider has SSO debug enabled.
ssoUrl String
Unique string that identifies the intended audience of the SAML assertion.
status String
String enum that indicates whether the identity provider is active or not. Accepted values are ACTIVE or INACTIVE.
userClaim String
Identifier of the claim which contains the user ID in the token used for OIDC IdPs. userClaim is required for OIDC IdP with authorizationType GROUP and USER.
associatedDomains string[]
List that contains the domains associated with the identity provider.
audience string
Identifier of the intended recipient of the token used in OIDC IdP.
authorizationType string
Indicates whether authorization is granted based on group membership or user ID. Valid values are GROUP or USER.
clientId string
Client identifier that is assigned to an application by the OIDC Identity Provider.
description string
The description of the identity provider.
federationSettingsId string
Unique 24-hexadecimal digit string that identifies the federated authentication configuration.
groupsClaim string
Identifier of the claim which contains OIDC IdP Group IDs in the token.
idpId string
Unique 24-hexadecimal digit string that identifies the IdP.
idpType string
issuerUri string
Unique string that identifies the issuer of the IdP.
name string
Human-readable label that identifies the identity provider.
oktaIdpId string
Unique 20-hexadecimal digit string that identifies the IdP.
protocol string
The protocol of the identity provider. Either SAML or OIDC.
requestBinding string
SAML Authentication Request Protocol HTTP method binding (POST or REDIRECT) that Federated Authentication uses to send the authentication request. Atlas supports the following binding values:

  • HTTP POST
  • HTTP REDIRECT
requestedScopes string[]
Scopes that MongoDB applications will request from the authorization endpoint used for OIDC IdPs.
responseSignatureAlgorithm string
Signature algorithm that Federated Authentication uses to encrypt the identity provider signature. Valid values include SHA-1 and SHA-256.
ssoDebugEnabled boolean
Flag that indicates whether the identity provider has SSO debug enabled.
ssoUrl string
Unique string that identifies the intended audience of the SAML assertion.
status string
String enum that indicates whether the identity provider is active or not. Accepted values are ACTIVE or INACTIVE.
userClaim string
Identifier of the claim which contains the user ID in the token used for OIDC IdPs. userClaim is required for OIDC IdP with authorizationType GROUP and USER.
associated_domains Sequence[str]
List that contains the domains associated with the identity provider.
audience str
Identifier of the intended recipient of the token used in OIDC IdP.
authorization_type str
Indicates whether authorization is granted based on group membership or user ID. Valid values are GROUP or USER.
client_id str
Client identifier that is assigned to an application by the OIDC Identity Provider.
description str
The description of the identity provider.
federation_settings_id str
Unique 24-hexadecimal digit string that identifies the federated authentication configuration.
groups_claim str
Identifier of the claim which contains OIDC IdP Group IDs in the token.
idp_id str
Unique 24-hexadecimal digit string that identifies the IdP.
idp_type str
issuer_uri str
Unique string that identifies the issuer of the IdP.
name str
Human-readable label that identifies the identity provider.
okta_idp_id str
Unique 20-hexadecimal digit string that identifies the IdP.
protocol str
The protocol of the identity provider. Either SAML or OIDC.
request_binding str
SAML Authentication Request Protocol HTTP method binding (POST or REDIRECT) that Federated Authentication uses to send the authentication request. Atlas supports the following binding values:

  • HTTP POST
  • HTTP REDIRECT
requested_scopes Sequence[str]
Scopes that MongoDB applications will request from the authorization endpoint used for OIDC IdPs.
response_signature_algorithm str
Signature algorithm that Federated Authentication uses to encrypt the identity provider signature. Valid values include SHA-1 and SHA-256.
sso_debug_enabled bool
Flag that indicates whether the identity provider has SSO debug enabled.
sso_url str
Unique string that identifies the intended audience of the SAML assertion.
status str
String enum that indicates whether the identity provider is active or not. Accepted values are ACTIVE or INACTIVE.
user_claim str
Identifier of the claim which contains the user ID in the token used for OIDC IdPs. userClaim is required for OIDC IdP with authorizationType GROUP and USER.
associatedDomains List<String>
List that contains the domains associated with the identity provider.
audience String
Identifier of the intended recipient of the token used in OIDC IdP.
authorizationType String
Indicates whether authorization is granted based on group membership or user ID. Valid values are GROUP or USER.
clientId String
Client identifier that is assigned to an application by the OIDC Identity Provider.
description String
The description of the identity provider.
federationSettingsId String
Unique 24-hexadecimal digit string that identifies the federated authentication configuration.
groupsClaim String
Identifier of the claim which contains OIDC IdP Group IDs in the token.
idpId String
Unique 24-hexadecimal digit string that identifies the IdP.
idpType String
issuerUri String
Unique string that identifies the issuer of the IdP.
name String
Human-readable label that identifies the identity provider.
oktaIdpId String
Unique 20-hexadecimal digit string that identifies the IdP.
protocol String
The protocol of the identity provider. Either SAML or OIDC.
requestBinding String
SAML Authentication Request Protocol HTTP method binding (POST or REDIRECT) that Federated Authentication uses to send the authentication request. Atlas supports the following binding values:

  • HTTP POST
  • HTTP REDIRECT
requestedScopes List<String>
Scopes that MongoDB applications will request from the authorization endpoint used for OIDC IdPs.
responseSignatureAlgorithm String
Signature algorithm that Federated Authentication uses to encrypt the identity provider signature. Valid values include SHA-1 and SHA-256.
ssoDebugEnabled Boolean
Flag that indicates whether the identity provider has SSO debug enabled.
ssoUrl String
Unique string that identifies the intended audience of the SAML assertion.
status String
String enum that indicates whether the identity provider is active or not. Accepted values are ACTIVE or INACTIVE.
userClaim String
Identifier of the claim which contains the user ID in the token used for OIDC IdPs. userClaim is required for OIDC IdP with authorizationType GROUP and USER.

Import

Identity Provider must be imported before using federation_settings_id-idp_id, e.g.

$ pulumi import mongodbatlas:index/federatedSettingsIdentityProvider:FederatedSettingsIdentityProvider identity_provider 6287a663c660f52b1c441c6c-0oad4fas87jL5Xnk12971234
Copy

For more information see: MongoDB Atlas API Reference.

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository
MongoDB Atlas pulumi/pulumi-mongodbatlas
License
Apache-2.0
Notes
This Pulumi package is based on the mongodbatlas Terraform Provider.
MongoDB Atlas v3.30.0 published on Friday, Mar 21, 2025 by Pulumi
pulumi/pulumi-mongodbatlas