iamtf_app_oidc

client_authn

client authentication. Valid values are: NONE CLIENT_SECRET_BASIC CLIENT_SECRET_JWT CLIENT_SECRET_POST PRIVATE_KEY_JWT. Note: use NONE will assume code challenge (PKE) is used

  • type: String
  • optional: true

client_id

client ID

  • type: String
  • required

client_secret

client secret

  • type: String
  • required

description

relaying party description

  • type: String
  • optional: true

encryption_alg

encryption algorithm. Valid values: NONE, RSA1_5, A128KW, A128GCMKW, A192KW, A192GCMKW, A256KW, A256GCMKW.

  • type: String
  • optional: true

encryption_method

encryption method. Valid values: NONE, A128CBC-HS256, A192CBC-HS384, A256CBC-HS512, A128GCM, A192GCM, A256GCM.

  • type: String
  • optional: true

grant_types

list of OIDC grant types. Valid values: AUTHORIZATION_CODE, REFRESH_TOKEN, JWT_BEARER_PWD, CLIENT_CREDENTIALS, JWT_BEARER, PASSWORD, IMPLICIT, SAML2_BEARER.

  • type: Set
  • required

ida

identity appliane name

  • type: String
  • required

idp

SP to IDP SAML 2 settings

  • type: List
  • optional: true
  • computed: true

is_preferred

identifies this IdP as the preferred one (only one IdP must be set to preferred)

  • type: Bool
  • optional: true

name

name of the trusted IdP

  • type: String
  • required

saml2

SP SAML 2 settings

  • type: List
  • optional: true
  • computed: true

account_linkage

account linkage: which attribute to use as UID from the IdP.

  • type: String
  • optional: true
  • computed: true

account_linkage_name

account linkage name, only valid when account_linkage is set to CUSTOM

  • type: String
  • optional: true

bindings

enabled SAML bindings

  • type: List
  • optional: true
  • computed: true
artifact

use Artifact binding

  • type: Bool
  • optional: true
http_post

use HTTP POST binding

  • type: Bool
  • optional: true
http_redirect

use HTTP REDIRECT binding

  • type: Bool
  • optional: true
local

use LOCAL binding

  • type: Bool
  • optional: true
soap

use SOAP binding

  • type: Bool
  • optional: true

identity_mapping

how the user identity should be mapped for this SP. LOCAL means that the user claims will be retrieved from an identity source connected to the SP. REMOTE means that claims from the IdP will be used. MERGE is a mix of both claim sets (LOCAL and REMOTE)

  • type: String
  • optional: true
  • computed: true

identity_mapping_localid

Use local SP user identifier even when REMOTE is configured

  • type: Bool
  • optional: true

identiyt_mapping_name

identity mapping name, only valid when identity_mapping is set to CUSTOM

  • type: String
  • optional: true

message_ttl

SAML message time to live

  • type: Int
  • optional: true
  • computed: true

message_ttl_tolerance

SAML message time to live tolerance

  • type: Int
  • optional: true
  • computed: true

sign_authentication_requests

sign authentication requests issued to IdPs

  • type: Bool
  • optional: true
  • computed: true

sign_requests

sign requests issued to IdPs

  • type: Bool
  • optional: true
  • computed: true

signature_hash

saml signature hash algorithm

  • type: String
  • optional: true
  • computed: true

want_assertion_signed

require signed assertions from IdPs

  • type: Bool
  • optional: true
  • computed: true

idtoken_encryption_alg

ID token encryption algorithm. Valid values: NONE, RSA1_5, A128KW, A128GCMKW, A192KW, A192GCMKW, A256KW, A256GCMKW.

  • type: String
  • optional: true

idtoken_encryption_method

ID token encryption method. Valid values: NONE, A128CBC-HS256, A192CBC-HS384, A256CBC-HS512, A128GCM, A192GCM, A256GCM.

  • type: String
  • optional: true

idtoken_signature_alg

ID token signature algorithm. Valid values: NONE, HS256, HS384, HS512, RS256, RS384, RS512.

  • type: String
  • optional: true

name

resource name

  • type: String
  • required

post_logout_redirect_uris

list of URIs for redirection after logout

  • type: Set
  • optional: true

redirect_uris

list of URIs for use in the redirect-based flow. This is required for all application types except service. Note: see okta_app_oauth_redirect_uri for appending to this list in a decentralized way.

  • type: Set
  • required

response_modes

list of OIDC response type strings. Valid values: QUERY, JWT.

  • type: Set
  • required

response_types

list of OIDC response type strings. Valid values: TOKEN, CODE, ID_TOKEN.

  • type: Set
  • required

signature_alg

signature algorithm. Valid values: NONE, HS256, HS384, HS512, RS256, RS384, RS512.

  • type: String
  • optional: true
Last Updated:
Contributors: Sebastian