Inbound SAML configuration for a Identity Toolkit tenant.
You must enable the Google Identity Platform in the marketplace prior to using this resource.
resource "google_identity_platform_tenant" "tenant" {
display_name = "tenant"
}
resource "google_identity_platform_tenant_inbound_saml_config" "tenant_saml_config" {
name = "saml.tf-config"
display_name = "Display Name"
tenant = google_identity_platform_tenant.tenant.name
idp_config {
idp_entity_id = "tf-idp"
sign_request = true
sso_url = "https://example.com"
idp_certificates {
x509_certificate = file("test-fixtures/rsa_cert.pem")
}
}
sp_config {
sp_entity_id = "tf-sp"
callback_uri = "https://example.com"
}
}
The following arguments are supported:
name
-
(Required)
The name of the InboundSamlConfig resource. Must start with 'saml.' and can only have alphanumeric characters,
hyphens, underscores or periods. The part after 'saml.' must also start with a lowercase letter, end with an
alphanumeric character, and have at least 2 characters.
tenant
-
(Required)
The name of the tenant where this inbound SAML config resource exists
display_name
-
(Required)
Human friendly display name.
idp_config
-
(Required)
SAML IdP configuration when the project acts as the relying party
Structure is documented below.
sp_config
-
(Required)
SAML SP (Service Provider) configuration when the project acts as the relying party to receive
and accept an authentication assertion issued by a SAML identity provider.
Structure is documented below.
The idp_config
block supports:
idp_entity_id
-
(Required)
Unique identifier for all SAML entities
sso_url
-
(Required)
URL to send Authentication request to.
sign_request
-
(Optional)
Indicates if outbounding SAMLRequest should be signed.
idp_certificates
-
(Required)
The IDP's certificate data to verify the signature in the SAMLResponse issued by the IDP.
Structure is documented below.
The idp_certificates
block supports:
x509_certificate
-
(Optional)
The x509 certificatesp_entity_id
-
(Required)
Unique identifier for all SAML entities.
callback_uri
-
(Required)
Callback URI where responses from IDP are handled. Must start with https://
.
sp_certificates
-
(Output)
The IDP's certificate data to verify the signature in the SAMLResponse issued by the IDP.
Structure is documented below.
The sp_certificates
block contains:
x509_certificate
-
(Output)
The x509 certificateenabled
-
(Optional)
If this config allows users to sign in with the provider.
project
- (Optional) The ID of the project in which the resource belongs.
If it is not provided, the provider project is used.
In addition to the arguments listed above, the following computed attributes are exported:
id
- an identifier for the resource with format projects/{{project}}/tenants/{{tenant}}/inboundSamlConfigs/{{name}}
This resource provides the following Timeouts configuration options:
create
- Default is 20 minutes.update
- Default is 20 minutes.delete
- Default is 20 minutes.TenantInboundSamlConfig can be imported using any of these accepted formats:
projects/{{project}}/tenants/{{tenant}}/inboundSamlConfigs/{{name}}
{{project}}/{{tenant}}/{{name}}
{{tenant}}/{{name}}
In Terraform v1.5.0 and later, use an import
block to import TenantInboundSamlConfig using one of the formats above. For example:
import {
id = "projects/{{project}}/tenants/{{tenant}}/inboundSamlConfigs/{{name}}"
to = google_identity_platform_tenant_inbound_saml_config.default
}
When using the terraform import
command, TenantInboundSamlConfig can be imported using one of the formats above. For example:
$ terraform import google_identity_platform_tenant_inbound_saml_config.default projects/{{project}}/tenants/{{tenant}}/inboundSamlConfigs/{{name}}
$ terraform import google_identity_platform_tenant_inbound_saml_config.default {{project}}/{{tenant}}/{{name}}
$ terraform import google_identity_platform_tenant_inbound_saml_config.default {{tenant}}/{{name}}
This resource supports User Project Overrides.