@pulumi/oci 0.11.0 → 0.12.0

package/identity/domainsIdentityProvider.d.ts

@@ -0,0 +1,755 @@
+import * as pulumi from "@pulumi/pulumi";
+import * as inputs from "../types/input";
+import * as outputs from "../types/output";
+/**
+ * This resource provides the Identity Provider resource in Oracle Cloud Infrastructure Identity Domains service.
+ *
+ * Create an Identity Provider
+ *
+ * ## Import
+ *
+ * IdentityProviders can be imported using the `id`, e.g.
+ *
+ * ```sh
+ *  $ pulumi import oci:Identity/domainsIdentityProvider:DomainsIdentityProvider test_identity_provider "idcsEndpoint/{idcsEndpoint}/identityProviders/{identityProviderId}"
+ * ```
+ */
+export declare class DomainsIdentityProvider extends pulumi.CustomResource {
+    /**
+     * Get an existing DomainsIdentityProvider resource's state with the given name, ID, and optional extra
+     * properties used to qualify the lookup.
+     *
+     * @param name The _unique_ name of the resulting resource.
+     * @param id The _unique_ provider ID of the resource to lookup.
+     * @param state Any extra arguments used during the lookup.
+     * @param opts Optional settings to control the behavior of the CustomResource.
+     */
+    static get(name: string, id: pulumi.Input<pulumi.ID>, state?: DomainsIdentityProviderState, opts?: pulumi.CustomResourceOptions): DomainsIdentityProvider;
+    /**
+     * Returns true if the given object is an instance of DomainsIdentityProvider.  This is designed to work even
+     * when multiple copies of the Pulumi SDK have been loaded into the same process.
+     */
+    static isInstance(obj: any): obj is DomainsIdentityProvider;
+    /**
+     * (Updatable) Assertion attribute name.
+     */
+    readonly assertionAttribute: pulumi.Output<string>;
+    /**
+     * (Updatable) A multi-valued list of strings indicating the return type of attribute definition. The specified set of attributes can be fetched by the return type of the attribute. One or more values can be given together to fetch more than one group of attributes. If 'attributes' query parameter is also available, union of the two is fetched. Valid values - all, always, never, request, default. Values are case-insensitive.
+     */
+    readonly attributeSets: pulumi.Output<string[] | undefined>;
+    /**
+     * (Updatable) A comma-delimited string that specifies the names of resource attributes that should be returned in the response. By default, a response that contains resource attributes contains only attributes that are defined in the schema for that resource type as returned=always or returned=default. An attribute that is defined as returned=request is returned in a response only if the request specifies its name in the value of this query parameter. If a request specifies this query parameter, the response contains the attributes that this query parameter specifies, as well as any attribute that is defined as returned=always.
+     */
+    readonly attributes: pulumi.Output<string | undefined>;
+    /**
+     * (Updatable) HTTP binding to use for authentication requests.
+     */
+    readonly authnRequestBinding: pulumi.Output<string>;
+    /**
+     * (Updatable) The Authorization field value consists of credentials containing the authentication information of the user agent for the realm of the resource being requested.
+     */
+    readonly authorization: pulumi.Output<string | undefined>;
+    /**
+     * (Updatable) Oracle Cloud Infrastructure Compartment Id (ocid) in which the resource lives.
+     */
+    readonly compartmentOcid: pulumi.Output<string>;
+    /**
+     * (Updatable) Correlation policy
+     */
+    readonly correlationPolicy: pulumi.Output<outputs.Identity.DomainsIdentityProviderCorrelationPolicy>;
+    /**
+     * (Updatable) A boolean flag indicating this resource in the process of being deleted. Usually set to true when synchronous deletion of the resource would take too long.
+     */
+    readonly deleteInProgress: pulumi.Output<boolean>;
+    /**
+     * (Updatable) Description
+     */
+    readonly description: pulumi.Output<string>;
+    /**
+     * (Updatable) Oracle Cloud Infrastructure Domain Id (ocid) in which the resource lives.
+     */
+    readonly domainOcid: pulumi.Output<string>;
+    /**
+     * (Updatable) Set to true to indicate Partner enabled.
+     */
+    readonly enabled: pulumi.Output<boolean>;
+    /**
+     * (Updatable) Encryption certificate
+     */
+    readonly encryptionCertificate: pulumi.Output<string>;
+    /**
+     * (Updatable) An identifier for the Resource as defined by the Service Consumer. The externalId may simplify identification of the Resource between Service Consumer and Service Provider by allowing the Consumer to refer to the Resource with its own identifier, obviating the need to store a local mapping between the local identifier of the Resource and the identifier used by the Service Provider. Each Resource MAY include a non-empty externalId value. The value of the externalId attribute is always issued by the Service Consumer and can never be specified by the Service Provider. The Service Provider MUST always interpret the externalId as scoped to the Service Consumer's tenant.
+     */
+    readonly externalId: pulumi.Output<string>;
+    /**
+     * (Updatable) Identity Provider Icon URL.
+     */
+    readonly iconUrl: pulumi.Output<string>;
+    /**
+     * (Updatable) The User or App who created the Resource
+     */
+    readonly idcsCreatedBies: pulumi.Output<outputs.Identity.DomainsIdentityProviderIdcsCreatedBy[]>;
+    /**
+     * The basic endpoint for the identity domain
+     */
+    readonly idcsEndpoint: pulumi.Output<string>;
+    /**
+     * (Updatable) The User or App who modified the Resource
+     */
+    readonly idcsLastModifiedBies: pulumi.Output<outputs.Identity.DomainsIdentityProviderIdcsLastModifiedBy[]>;
+    /**
+     * (Updatable) The release number when the resource was upgraded.
+     */
+    readonly idcsLastUpgradedInRelease: pulumi.Output<string>;
+    /**
+     * (Updatable) Each value of this attribute specifies an operation that only an internal client may perform on this particular resource.
+     */
+    readonly idcsPreventedOperations: pulumi.Output<string[]>;
+    /**
+     * (Updatable) Identity Provider SSO URL
+     */
+    readonly idpSsoUrl: pulumi.Output<string>;
+    /**
+     * (Updatable) Set to true to include the signing certificate in the signature.
+     */
+    readonly includeSigningCertInSignature: pulumi.Output<boolean>;
+    /**
+     * (Updatable) Refers to every group of which a JIT-provisioned User should be a member.  Just-in-Time user-provisioning applies this static list when jitUserProvGroupStaticListEnabled:true.
+     */
+    readonly jitUserProvAssignedGroups: pulumi.Output<outputs.Identity.DomainsIdentityProviderJitUserProvAssignedGroup[]>;
+    /**
+     * (Updatable) Set to true to indicate JIT User Creation is enabled
+     */
+    readonly jitUserProvAttributeUpdateEnabled: pulumi.Output<boolean>;
+    /**
+     * (Updatable) Assertion To User Mapping
+     */
+    readonly jitUserProvAttributes: pulumi.Output<outputs.Identity.DomainsIdentityProviderJitUserProvAttributes>;
+    /**
+     * (Updatable) Set to true to indicate JIT User Creation is enabled
+     */
+    readonly jitUserProvCreateUserEnabled: pulumi.Output<boolean>;
+    /**
+     * (Updatable) Set to true to indicate JIT User Provisioning is enabled
+     */
+    readonly jitUserProvEnabled: pulumi.Output<boolean>;
+    /**
+     * (Updatable) Set to true to indicate JIT User Provisioning Groups should be assigned based on assertion attribute
+     */
+    readonly jitUserProvGroupAssertionAttributeEnabled: pulumi.Output<boolean>;
+    /**
+     * (Updatable) The default value is 'Overwrite', which tells Just-In-Time user-provisioning to replace any current group-assignments for a User with those assigned by assertions and/or those assigned statically. Specify 'Merge' if you want Just-In-Time user-provisioning to combine its group-assignments with those the user already has.
+     */
+    readonly jitUserProvGroupAssignmentMethod: pulumi.Output<string>;
+    /**
+     * (Updatable) Property to indicate the mode of group mapping
+     */
+    readonly jitUserProvGroupMappingMode: pulumi.Output<string>;
+    /**
+     * (Updatable) The list of mappings between the Identity Domain Group and the IDP group.
+     */
+    readonly jitUserProvGroupMappings: pulumi.Output<outputs.Identity.DomainsIdentityProviderJitUserProvGroupMapping[]>;
+    /**
+     * (Updatable) Name of the assertion attribute containing the users groups
+     */
+    readonly jitUserProvGroupSamlAttributeName: pulumi.Output<string>;
+    /**
+     * (Updatable) Set to true to indicate JIT User Provisioning Groups should be assigned from a static list
+     */
+    readonly jitUserProvGroupStaticListEnabled: pulumi.Output<boolean>;
+    /**
+     * (Updatable) Set to true to indicate ignoring absence of group while provisioning
+     */
+    readonly jitUserProvIgnoreErrorOnAbsentGroups: pulumi.Output<boolean>;
+    /**
+     * (Updatable) HTTP binding to use for logout.
+     */
+    readonly logoutBinding: pulumi.Output<string>;
+    /**
+     * (Updatable) Set to true to enable logout.
+     */
+    readonly logoutEnabled: pulumi.Output<boolean>;
+    /**
+     * (Updatable) Logout request URL
+     */
+    readonly logoutRequestUrl: pulumi.Output<string>;
+    /**
+     * (Updatable) Logout response URL
+     */
+    readonly logoutResponseUrl: pulumi.Output<string>;
+    /**
+     * (Updatable) Metadata
+     */
+    readonly metadata: pulumi.Output<string>;
+    /**
+     * (Updatable) A complex attribute that contains resource metadata. All sub-attributes are OPTIONAL.
+     */
+    readonly metas: pulumi.Output<outputs.Identity.DomainsIdentityProviderMeta[]>;
+    /**
+     * (Updatable) Default authentication request name ID format.
+     */
+    readonly nameIdFormat: pulumi.Output<string>;
+    /**
+     * (Updatable) Unique Oracle Cloud Infrastructure identifier for the SCIM Resource.
+     */
+    readonly ocid: pulumi.Output<string>;
+    /**
+     * (Updatable) Unique name of the trusted Identity Provider.
+     */
+    readonly partnerName: pulumi.Output<string>;
+    /**
+     * (Updatable) Provider ID
+     */
+    readonly partnerProviderId: pulumi.Output<string>;
+    /**
+     * (Updatable) SAML SP authentication type.
+     */
+    readonly requestedAuthenticationContexts: pulumi.Output<string[]>;
+    /**
+     * (Updatable) This SP requires requests SAML IdP to enforce re-authentication.
+     */
+    readonly requireForceAuthn: pulumi.Output<boolean>;
+    /**
+     * (Updatable) SAML SP must accept encrypted assertion only.
+     */
+    readonly requiresEncryptedAssertion: pulumi.Output<boolean>;
+    /**
+     * (Updatable) An endpoint-specific schema version number to use in the Request. Allowed version values are Earliest Version or Latest Version as specified in each REST API endpoint description, or any sequential number inbetween. All schema attributes/body parameters are a part of version 1. After version 1, any attributes added or deprecated will be tagged with the version that they were added to or deprecated in. If no version is provided, the latest schema version is returned.
+     */
+    readonly resourceTypeSchemaVersion: pulumi.Output<string | undefined>;
+    /**
+     * (Updatable) SAML SP HoK Enabled.
+     */
+    readonly samlHoKrequired: pulumi.Output<boolean>;
+    /**
+     * (Updatable) REQUIRED. The schemas attribute is an array of Strings which allows introspection of the supported schema version for a SCIM representation as well any schema extensions supported by that representation. Each String value must be a unique URI. This specification defines URIs for User, Group, and a standard \"enterprise\" extension. All representations of SCIM schema MUST include a non-zero value array with value(s) of the URIs supported by that representation. Duplicate values MUST NOT be included. Value order is not specified and MUST not impact behavior.
+     */
+    readonly schemas: pulumi.Output<string[]>;
+    /**
+     * (Updatable) The serviceInstanceIdentifier of the App that hosts this IdP. This value will match the opcServiceInstanceGUID of any service-instance that the IdP represents.
+     */
+    readonly serviceInstanceIdentifier: pulumi.Output<string>;
+    /**
+     * (Updatable) Set to true to indicate whether to show IdP in login page or not.
+     */
+    readonly shownOnLoginPage: pulumi.Output<boolean>;
+    /**
+     * (Updatable) Signature hash algorithm.
+     */
+    readonly signatureHashAlgorithm: pulumi.Output<string>;
+    /**
+     * (Updatable) Signing certificate
+     */
+    readonly signingCertificate: pulumi.Output<string>;
+    /**
+     * (Updatable) Succinct ID
+     */
+    readonly succinctId: pulumi.Output<string>;
+    /**
+     * (Updatable) A list of tags on this resource.
+     */
+    readonly tags: pulumi.Output<outputs.Identity.DomainsIdentityProviderTag[]>;
+    /**
+     * (Updatable) Oracle Cloud Infrastructure Tenant Id (ocid) in which the resource lives.
+     */
+    readonly tenancyOcid: pulumi.Output<string>;
+    /**
+     * (Updatable) The alternate Provider ID to be used as the Oracle Identity Cloud Service providerID (instead of the one in SamlSettings) when interacting with this IdP.
+     */
+    readonly tenantProviderId: pulumi.Output<string>;
+    /**
+     * (Updatable) Identity Provider Type
+     */
+    readonly type: pulumi.Output<string>;
+    /**
+     * (Updatable) Social Identity Provider Extension Schema
+     */
+    readonly urnietfparamsscimschemasoracleidcsextensionsocialIdentityProvider: pulumi.Output<outputs.Identity.DomainsIdentityProviderUrnietfparamsscimschemasoracleidcsextensionsocialIdentityProvider>;
+    /**
+     * (Updatable) X509 Identity Provider Extension Schema
+     */
+    readonly urnietfparamsscimschemasoracleidcsextensionx509identityProvider: pulumi.Output<outputs.Identity.DomainsIdentityProviderUrnietfparamsscimschemasoracleidcsextensionx509identityProvider>;
+    /**
+     * (Updatable) User mapping method.
+     */
+    readonly userMappingMethod: pulumi.Output<string>;
+    /**
+     * (Updatable) This property specifies the userstore attribute value that must match the incoming assertion attribute value or the incoming nameid attribute value in order to identify the user during SSO.<br>You can construct the userMappingStoreAttribute value by specifying attributes from the Oracle Identity Cloud Service Core Users schema. For examples of how to construct the userMappingStoreAttribute value, see the <b>Example of a Request Body</b> section of the Examples tab for the <a href='./op-admin-v1-identityproviders-post.html'>POST</a> and <a href='./op-admin-v1-identityproviders-id-put.html'>PUT</a> methods of the /IdentityProviders endpoint.
+     */
+    readonly userMappingStoreAttribute: pulumi.Output<string>;
+    /**
+     * Create a DomainsIdentityProvider resource with the given unique name, arguments, and options.
+     *
+     * @param name The _unique_ name of the resource.
+     * @param args The arguments to use to populate this resource's properties.
+     * @param opts A bag of options that control this resource's behavior.
+     */
+    constructor(name: string, args: DomainsIdentityProviderArgs, opts?: pulumi.CustomResourceOptions);
+}
+/**
+ * Input properties used for looking up and filtering DomainsIdentityProvider resources.
+ */
+export interface DomainsIdentityProviderState {
+    /**
+     * (Updatable) Assertion attribute name.
+     */
+    assertionAttribute?: pulumi.Input<string>;
+    /**
+     * (Updatable) A multi-valued list of strings indicating the return type of attribute definition. The specified set of attributes can be fetched by the return type of the attribute. One or more values can be given together to fetch more than one group of attributes. If 'attributes' query parameter is also available, union of the two is fetched. Valid values - all, always, never, request, default. Values are case-insensitive.
+     */
+    attributeSets?: pulumi.Input<pulumi.Input<string>[]>;
+    /**
+     * (Updatable) A comma-delimited string that specifies the names of resource attributes that should be returned in the response. By default, a response that contains resource attributes contains only attributes that are defined in the schema for that resource type as returned=always or returned=default. An attribute that is defined as returned=request is returned in a response only if the request specifies its name in the value of this query parameter. If a request specifies this query parameter, the response contains the attributes that this query parameter specifies, as well as any attribute that is defined as returned=always.
+     */
+    attributes?: pulumi.Input<string>;
+    /**
+     * (Updatable) HTTP binding to use for authentication requests.
+     */
+    authnRequestBinding?: pulumi.Input<string>;
+    /**
+     * (Updatable) The Authorization field value consists of credentials containing the authentication information of the user agent for the realm of the resource being requested.
+     */
+    authorization?: pulumi.Input<string>;
+    /**
+     * (Updatable) Oracle Cloud Infrastructure Compartment Id (ocid) in which the resource lives.
+     */
+    compartmentOcid?: pulumi.Input<string>;
+    /**
+     * (Updatable) Correlation policy
+     */
+    correlationPolicy?: pulumi.Input<inputs.Identity.DomainsIdentityProviderCorrelationPolicy>;
+    /**
+     * (Updatable) A boolean flag indicating this resource in the process of being deleted. Usually set to true when synchronous deletion of the resource would take too long.
+     */
+    deleteInProgress?: pulumi.Input<boolean>;
+    /**
+     * (Updatable) Description
+     */
+    description?: pulumi.Input<string>;
+    /**
+     * (Updatable) Oracle Cloud Infrastructure Domain Id (ocid) in which the resource lives.
+     */
+    domainOcid?: pulumi.Input<string>;
+    /**
+     * (Updatable) Set to true to indicate Partner enabled.
+     */
+    enabled?: pulumi.Input<boolean>;
+    /**
+     * (Updatable) Encryption certificate
+     */
+    encryptionCertificate?: pulumi.Input<string>;
+    /**
+     * (Updatable) An identifier for the Resource as defined by the Service Consumer. The externalId may simplify identification of the Resource between Service Consumer and Service Provider by allowing the Consumer to refer to the Resource with its own identifier, obviating the need to store a local mapping between the local identifier of the Resource and the identifier used by the Service Provider. Each Resource MAY include a non-empty externalId value. The value of the externalId attribute is always issued by the Service Consumer and can never be specified by the Service Provider. The Service Provider MUST always interpret the externalId as scoped to the Service Consumer's tenant.
+     */
+    externalId?: pulumi.Input<string>;
+    /**
+     * (Updatable) Identity Provider Icon URL.
+     */
+    iconUrl?: pulumi.Input<string>;
+    /**
+     * (Updatable) The User or App who created the Resource
+     */
+    idcsCreatedBies?: pulumi.Input<pulumi.Input<inputs.Identity.DomainsIdentityProviderIdcsCreatedBy>[]>;
+    /**
+     * The basic endpoint for the identity domain
+     */
+    idcsEndpoint?: pulumi.Input<string>;
+    /**
+     * (Updatable) The User or App who modified the Resource
+     */
+    idcsLastModifiedBies?: pulumi.Input<pulumi.Input<inputs.Identity.DomainsIdentityProviderIdcsLastModifiedBy>[]>;
+    /**
+     * (Updatable) The release number when the resource was upgraded.
+     */
+    idcsLastUpgradedInRelease?: pulumi.Input<string>;
+    /**
+     * (Updatable) Each value of this attribute specifies an operation that only an internal client may perform on this particular resource.
+     */
+    idcsPreventedOperations?: pulumi.Input<pulumi.Input<string>[]>;
+    /**
+     * (Updatable) Identity Provider SSO URL
+     */
+    idpSsoUrl?: pulumi.Input<string>;
+    /**
+     * (Updatable) Set to true to include the signing certificate in the signature.
+     */
+    includeSigningCertInSignature?: pulumi.Input<boolean>;
+    /**
+     * (Updatable) Refers to every group of which a JIT-provisioned User should be a member.  Just-in-Time user-provisioning applies this static list when jitUserProvGroupStaticListEnabled:true.
+     */
+    jitUserProvAssignedGroups?: pulumi.Input<pulumi.Input<inputs.Identity.DomainsIdentityProviderJitUserProvAssignedGroup>[]>;
+    /**
+     * (Updatable) Set to true to indicate JIT User Creation is enabled
+     */
+    jitUserProvAttributeUpdateEnabled?: pulumi.Input<boolean>;
+    /**
+     * (Updatable) Assertion To User Mapping
+     */
+    jitUserProvAttributes?: pulumi.Input<inputs.Identity.DomainsIdentityProviderJitUserProvAttributes>;
+    /**
+     * (Updatable) Set to true to indicate JIT User Creation is enabled
+     */
+    jitUserProvCreateUserEnabled?: pulumi.Input<boolean>;
+    /**
+     * (Updatable) Set to true to indicate JIT User Provisioning is enabled
+     */
+    jitUserProvEnabled?: pulumi.Input<boolean>;
+    /**
+     * (Updatable) Set to true to indicate JIT User Provisioning Groups should be assigned based on assertion attribute
+     */
+    jitUserProvGroupAssertionAttributeEnabled?: pulumi.Input<boolean>;
+    /**
+     * (Updatable) The default value is 'Overwrite', which tells Just-In-Time user-provisioning to replace any current group-assignments for a User with those assigned by assertions and/or those assigned statically. Specify 'Merge' if you want Just-In-Time user-provisioning to combine its group-assignments with those the user already has.
+     */
+    jitUserProvGroupAssignmentMethod?: pulumi.Input<string>;
+    /**
+     * (Updatable) Property to indicate the mode of group mapping
+     */
+    jitUserProvGroupMappingMode?: pulumi.Input<string>;
+    /**
+     * (Updatable) The list of mappings between the Identity Domain Group and the IDP group.
+     */
+    jitUserProvGroupMappings?: pulumi.Input<pulumi.Input<inputs.Identity.DomainsIdentityProviderJitUserProvGroupMapping>[]>;
+    /**
+     * (Updatable) Name of the assertion attribute containing the users groups
+     */
+    jitUserProvGroupSamlAttributeName?: pulumi.Input<string>;
+    /**
+     * (Updatable) Set to true to indicate JIT User Provisioning Groups should be assigned from a static list
+     */
+    jitUserProvGroupStaticListEnabled?: pulumi.Input<boolean>;
+    /**
+     * (Updatable) Set to true to indicate ignoring absence of group while provisioning
+     */
+    jitUserProvIgnoreErrorOnAbsentGroups?: pulumi.Input<boolean>;
+    /**
+     * (Updatable) HTTP binding to use for logout.
+     */
+    logoutBinding?: pulumi.Input<string>;
+    /**
+     * (Updatable) Set to true to enable logout.
+     */
+    logoutEnabled?: pulumi.Input<boolean>;
+    /**
+     * (Updatable) Logout request URL
+     */
+    logoutRequestUrl?: pulumi.Input<string>;
+    /**
+     * (Updatable) Logout response URL
+     */
+    logoutResponseUrl?: pulumi.Input<string>;
+    /**
+     * (Updatable) Metadata
+     */
+    metadata?: pulumi.Input<string>;
+    /**
+     * (Updatable) A complex attribute that contains resource metadata. All sub-attributes are OPTIONAL.
+     */
+    metas?: pulumi.Input<pulumi.Input<inputs.Identity.DomainsIdentityProviderMeta>[]>;
+    /**
+     * (Updatable) Default authentication request name ID format.
+     */
+    nameIdFormat?: pulumi.Input<string>;
+    /**
+     * (Updatable) Unique Oracle Cloud Infrastructure identifier for the SCIM Resource.
+     */
+    ocid?: pulumi.Input<string>;
+    /**
+     * (Updatable) Unique name of the trusted Identity Provider.
+     */
+    partnerName?: pulumi.Input<string>;
+    /**
+     * (Updatable) Provider ID
+     */
+    partnerProviderId?: pulumi.Input<string>;
+    /**
+     * (Updatable) SAML SP authentication type.
+     */
+    requestedAuthenticationContexts?: pulumi.Input<pulumi.Input<string>[]>;
+    /**
+     * (Updatable) This SP requires requests SAML IdP to enforce re-authentication.
+     */
+    requireForceAuthn?: pulumi.Input<boolean>;
+    /**
+     * (Updatable) SAML SP must accept encrypted assertion only.
+     */
+    requiresEncryptedAssertion?: pulumi.Input<boolean>;
+    /**
+     * (Updatable) An endpoint-specific schema version number to use in the Request. Allowed version values are Earliest Version or Latest Version as specified in each REST API endpoint description, or any sequential number inbetween. All schema attributes/body parameters are a part of version 1. After version 1, any attributes added or deprecated will be tagged with the version that they were added to or deprecated in. If no version is provided, the latest schema version is returned.
+     */
+    resourceTypeSchemaVersion?: pulumi.Input<string>;
+    /**
+     * (Updatable) SAML SP HoK Enabled.
+     */
+    samlHoKrequired?: pulumi.Input<boolean>;
+    /**
+     * (Updatable) REQUIRED. The schemas attribute is an array of Strings which allows introspection of the supported schema version for a SCIM representation as well any schema extensions supported by that representation. Each String value must be a unique URI. This specification defines URIs for User, Group, and a standard \"enterprise\" extension. All representations of SCIM schema MUST include a non-zero value array with value(s) of the URIs supported by that representation. Duplicate values MUST NOT be included. Value order is not specified and MUST not impact behavior.
+     */
+    schemas?: pulumi.Input<pulumi.Input<string>[]>;
+    /**
+     * (Updatable) The serviceInstanceIdentifier of the App that hosts this IdP. This value will match the opcServiceInstanceGUID of any service-instance that the IdP represents.
+     */
+    serviceInstanceIdentifier?: pulumi.Input<string>;
+    /**
+     * (Updatable) Set to true to indicate whether to show IdP in login page or not.
+     */
+    shownOnLoginPage?: pulumi.Input<boolean>;
+    /**
+     * (Updatable) Signature hash algorithm.
+     */
+    signatureHashAlgorithm?: pulumi.Input<string>;
+    /**
+     * (Updatable) Signing certificate
+     */
+    signingCertificate?: pulumi.Input<string>;
+    /**
+     * (Updatable) Succinct ID
+     */
+    succinctId?: pulumi.Input<string>;
+    /**
+     * (Updatable) A list of tags on this resource.
+     */
+    tags?: pulumi.Input<pulumi.Input<inputs.Identity.DomainsIdentityProviderTag>[]>;
+    /**
+     * (Updatable) Oracle Cloud Infrastructure Tenant Id (ocid) in which the resource lives.
+     */
+    tenancyOcid?: pulumi.Input<string>;
+    /**
+     * (Updatable) The alternate Provider ID to be used as the Oracle Identity Cloud Service providerID (instead of the one in SamlSettings) when interacting with this IdP.
+     */
+    tenantProviderId?: pulumi.Input<string>;
+    /**
+     * (Updatable) Identity Provider Type
+     */
+    type?: pulumi.Input<string>;
+    /**
+     * (Updatable) Social Identity Provider Extension Schema
+     */
+    urnietfparamsscimschemasoracleidcsextensionsocialIdentityProvider?: pulumi.Input<inputs.Identity.DomainsIdentityProviderUrnietfparamsscimschemasoracleidcsextensionsocialIdentityProvider>;
+    /**
+     * (Updatable) X509 Identity Provider Extension Schema
+     */
+    urnietfparamsscimschemasoracleidcsextensionx509identityProvider?: pulumi.Input<inputs.Identity.DomainsIdentityProviderUrnietfparamsscimschemasoracleidcsextensionx509identityProvider>;
+    /**
+     * (Updatable) User mapping method.
+     */
+    userMappingMethod?: pulumi.Input<string>;
+    /**
+     * (Updatable) This property specifies the userstore attribute value that must match the incoming assertion attribute value or the incoming nameid attribute value in order to identify the user during SSO.<br>You can construct the userMappingStoreAttribute value by specifying attributes from the Oracle Identity Cloud Service Core Users schema. For examples of how to construct the userMappingStoreAttribute value, see the <b>Example of a Request Body</b> section of the Examples tab for the <a href='./op-admin-v1-identityproviders-post.html'>POST</a> and <a href='./op-admin-v1-identityproviders-id-put.html'>PUT</a> methods of the /IdentityProviders endpoint.
+     */
+    userMappingStoreAttribute?: pulumi.Input<string>;
+}
+/**
+ * The set of arguments for constructing a DomainsIdentityProvider resource.
+ */
+export interface DomainsIdentityProviderArgs {
+    /**
+     * (Updatable) Assertion attribute name.
+     */
+    assertionAttribute?: pulumi.Input<string>;
+    /**
+     * (Updatable) A multi-valued list of strings indicating the return type of attribute definition. The specified set of attributes can be fetched by the return type of the attribute. One or more values can be given together to fetch more than one group of attributes. If 'attributes' query parameter is also available, union of the two is fetched. Valid values - all, always, never, request, default. Values are case-insensitive.
+     */
+    attributeSets?: pulumi.Input<pulumi.Input<string>[]>;
+    /**
+     * (Updatable) A comma-delimited string that specifies the names of resource attributes that should be returned in the response. By default, a response that contains resource attributes contains only attributes that are defined in the schema for that resource type as returned=always or returned=default. An attribute that is defined as returned=request is returned in a response only if the request specifies its name in the value of this query parameter. If a request specifies this query parameter, the response contains the attributes that this query parameter specifies, as well as any attribute that is defined as returned=always.
+     */
+    attributes?: pulumi.Input<string>;
+    /**
+     * (Updatable) HTTP binding to use for authentication requests.
+     */
+    authnRequestBinding?: pulumi.Input<string>;
+    /**
+     * (Updatable) The Authorization field value consists of credentials containing the authentication information of the user agent for the realm of the resource being requested.
+     */
+    authorization?: pulumi.Input<string>;
+    /**
+     * (Updatable) Correlation policy
+     */
+    correlationPolicy?: pulumi.Input<inputs.Identity.DomainsIdentityProviderCorrelationPolicy>;
+    /**
+     * (Updatable) Description
+     */
+    description?: pulumi.Input<string>;
+    /**
+     * (Updatable) Set to true to indicate Partner enabled.
+     */
+    enabled: pulumi.Input<boolean>;
+    /**
+     * (Updatable) Encryption certificate
+     */
+    encryptionCertificate?: pulumi.Input<string>;
+    /**
+     * (Updatable) An identifier for the Resource as defined by the Service Consumer. The externalId may simplify identification of the Resource between Service Consumer and Service Provider by allowing the Consumer to refer to the Resource with its own identifier, obviating the need to store a local mapping between the local identifier of the Resource and the identifier used by the Service Provider. Each Resource MAY include a non-empty externalId value. The value of the externalId attribute is always issued by the Service Consumer and can never be specified by the Service Provider. The Service Provider MUST always interpret the externalId as scoped to the Service Consumer's tenant.
+     */
+    externalId?: pulumi.Input<string>;
+    /**
+     * (Updatable) Identity Provider Icon URL.
+     */
+    iconUrl?: pulumi.Input<string>;
+    /**
+     * The basic endpoint for the identity domain
+     */
+    idcsEndpoint: pulumi.Input<string>;
+    /**
+     * (Updatable) Identity Provider SSO URL
+     */
+    idpSsoUrl?: pulumi.Input<string>;
+    /**
+     * (Updatable) Set to true to include the signing certificate in the signature.
+     */
+    includeSigningCertInSignature?: pulumi.Input<boolean>;
+    /**
+     * (Updatable) Refers to every group of which a JIT-provisioned User should be a member.  Just-in-Time user-provisioning applies this static list when jitUserProvGroupStaticListEnabled:true.
+     */
+    jitUserProvAssignedGroups?: pulumi.Input<pulumi.Input<inputs.Identity.DomainsIdentityProviderJitUserProvAssignedGroup>[]>;
+    /**
+     * (Updatable) Set to true to indicate JIT User Creation is enabled
+     */
+    jitUserProvAttributeUpdateEnabled?: pulumi.Input<boolean>;
+    /**
+     * (Updatable) Assertion To User Mapping
+     */
+    jitUserProvAttributes?: pulumi.Input<inputs.Identity.DomainsIdentityProviderJitUserProvAttributes>;
+    /**
+     * (Updatable) Set to true to indicate JIT User Creation is enabled
+     */
+    jitUserProvCreateUserEnabled?: pulumi.Input<boolean>;
+    /**
+     * (Updatable) Set to true to indicate JIT User Provisioning is enabled
+     */
+    jitUserProvEnabled?: pulumi.Input<boolean>;
+    /**
+     * (Updatable) Set to true to indicate JIT User Provisioning Groups should be assigned based on assertion attribute
+     */
+    jitUserProvGroupAssertionAttributeEnabled?: pulumi.Input<boolean>;
+    /**
+     * (Updatable) The default value is 'Overwrite', which tells Just-In-Time user-provisioning to replace any current group-assignments for a User with those assigned by assertions and/or those assigned statically. Specify 'Merge' if you want Just-In-Time user-provisioning to combine its group-assignments with those the user already has.
+     */
+    jitUserProvGroupAssignmentMethod?: pulumi.Input<string>;
+    /**
+     * (Updatable) Property to indicate the mode of group mapping
+     */
+    jitUserProvGroupMappingMode?: pulumi.Input<string>;
+    /**
+     * (Updatable) The list of mappings between the Identity Domain Group and the IDP group.
+     */
+    jitUserProvGroupMappings?: pulumi.Input<pulumi.Input<inputs.Identity.DomainsIdentityProviderJitUserProvGroupMapping>[]>;
+    /**
+     * (Updatable) Name of the assertion attribute containing the users groups
+     */
+    jitUserProvGroupSamlAttributeName?: pulumi.Input<string>;
+    /**
+     * (Updatable) Set to true to indicate JIT User Provisioning Groups should be assigned from a static list
+     */
+    jitUserProvGroupStaticListEnabled?: pulumi.Input<boolean>;
+    /**
+     * (Updatable) Set to true to indicate ignoring absence of group while provisioning
+     */
+    jitUserProvIgnoreErrorOnAbsentGroups?: pulumi.Input<boolean>;
+    /**
+     * (Updatable) HTTP binding to use for logout.
+     */
+    logoutBinding?: pulumi.Input<string>;
+    /**
+     * (Updatable) Set to true to enable logout.
+     */
+    logoutEnabled?: pulumi.Input<boolean>;
+    /**
+     * (Updatable) Logout request URL
+     */
+    logoutRequestUrl?: pulumi.Input<string>;
+    /**
+     * (Updatable) Logout response URL
+     */
+    logoutResponseUrl?: pulumi.Input<string>;
+    /**
+     * (Updatable) Metadata
+     */
+    metadata?: pulumi.Input<string>;
+    /**
+     * (Updatable) Default authentication request name ID format.
+     */
+    nameIdFormat?: pulumi.Input<string>;
+    /**
+     * (Updatable) Unique Oracle Cloud Infrastructure identifier for the SCIM Resource.
+     */
+    ocid?: pulumi.Input<string>;
+    /**
+     * (Updatable) Unique name of the trusted Identity Provider.
+     */
+    partnerName: pulumi.Input<string>;
+    /**
+     * (Updatable) Provider ID
+     */
+    partnerProviderId?: pulumi.Input<string>;
+    /**
+     * (Updatable) SAML SP authentication type.
+     */
+    requestedAuthenticationContexts?: pulumi.Input<pulumi.Input<string>[]>;
+    /**
+     * (Updatable) This SP requires requests SAML IdP to enforce re-authentication.
+     */
+    requireForceAuthn?: pulumi.Input<boolean>;
+    /**
+     * (Updatable) SAML SP must accept encrypted assertion only.
+     */
+    requiresEncryptedAssertion?: pulumi.Input<boolean>;
+    /**
+     * (Updatable) An endpoint-specific schema version number to use in the Request. Allowed version values are Earliest Version or Latest Version as specified in each REST API endpoint description, or any sequential number inbetween. All schema attributes/body parameters are a part of version 1. After version 1, any attributes added or deprecated will be tagged with the version that they were added to or deprecated in. If no version is provided, the latest schema version is returned.
+     */
+    resourceTypeSchemaVersion?: pulumi.Input<string>;
+    /**
+     * (Updatable) SAML SP HoK Enabled.
+     */
+    samlHoKrequired?: pulumi.Input<boolean>;
+    /**
+     * (Updatable) REQUIRED. The schemas attribute is an array of Strings which allows introspection of the supported schema version for a SCIM representation as well any schema extensions supported by that representation. Each String value must be a unique URI. This specification defines URIs for User, Group, and a standard \"enterprise\" extension. All representations of SCIM schema MUST include a non-zero value array with value(s) of the URIs supported by that representation. Duplicate values MUST NOT be included. Value order is not specified and MUST not impact behavior.
+     */
+    schemas: pulumi.Input<pulumi.Input<string>[]>;
+    /**
+     * (Updatable) The serviceInstanceIdentifier of the App that hosts this IdP. This value will match the opcServiceInstanceGUID of any service-instance that the IdP represents.
+     */
+    serviceInstanceIdentifier?: pulumi.Input<string>;
+    /**
+     * (Updatable) Set to true to indicate whether to show IdP in login page or not.
+     */
+    shownOnLoginPage?: pulumi.Input<boolean>;
+    /**
+     * (Updatable) Signature hash algorithm.
+     */
+    signatureHashAlgorithm?: pulumi.Input<string>;
+    /**
+     * (Updatable) Signing certificate
+     */
+    signingCertificate?: pulumi.Input<string>;
+    /**
+     * (Updatable) Succinct ID
+     */
+    succinctId?: pulumi.Input<string>;
+    /**
+     * (Updatable) A list of tags on this resource.
+     */
+    tags?: pulumi.Input<pulumi.Input<inputs.Identity.DomainsIdentityProviderTag>[]>;
+    /**
+     * (Updatable) Identity Provider Type
+     */
+    type?: pulumi.Input<string>;
+    /**
+     * (Updatable) Social Identity Provider Extension Schema
+     */
+    urnietfparamsscimschemasoracleidcsextensionsocialIdentityProvider?: pulumi.Input<inputs.Identity.DomainsIdentityProviderUrnietfparamsscimschemasoracleidcsextensionsocialIdentityProvider>;
+    /**
+     * (Updatable) X509 Identity Provider Extension Schema
+     */
+    urnietfparamsscimschemasoracleidcsextensionx509identityProvider?: pulumi.Input<inputs.Identity.DomainsIdentityProviderUrnietfparamsscimschemasoracleidcsextensionx509identityProvider>;
+    /**
+     * (Updatable) User mapping method.
+     */
+    userMappingMethod?: pulumi.Input<string>;
+    /**
+     * (Updatable) This property specifies the userstore attribute value that must match the incoming assertion attribute value or the incoming nameid attribute value in order to identify the user during SSO.<br>You can construct the userMappingStoreAttribute value by specifying attributes from the Oracle Identity Cloud Service Core Users schema. For examples of how to construct the userMappingStoreAttribute value, see the <b>Example of a Request Body</b> section of the Examples tab for the <a href='./op-admin-v1-identityproviders-post.html'>POST</a> and <a href='./op-admin-v1-identityproviders-id-put.html'>PUT</a> methods of the /IdentityProviders endpoint.
+     */
+    userMappingStoreAttribute?: pulumi.Input<string>;
+}