|
| 1 | +--- |
| 2 | +layout: "sumologic" |
| 3 | +page_title: "SumoLogic: sumologic_saml_configuration" |
| 4 | +description: |- |
| 5 | + Provides a Sumologic SAML Configuration |
| 6 | +--- |
| 7 | + |
| 8 | +# sumologic_saml_configuration |
| 9 | +Provides a [Sumologic SAML Configuration][1]. |
| 10 | + |
| 11 | +## Example Usage |
| 12 | +```hcl |
| 13 | +resource "sumologic_saml_configuration" "exampleSamlConfiguration" { |
| 14 | + sp_initiated_login_path = "" |
| 15 | + configuration_name = "SumoLogic" |
| 16 | + issuer = "http://www.okta.com/abxcseyuiwelflkdjh" |
| 17 | + sp_initiated_login_enabled = false |
| 18 | + authn_request_url = "" |
| 19 | + x509cert1 = "string" |
| 20 | + x509cert2 = "" |
| 21 | + x509cert3 = "" |
| 22 | + on_demand_provisioning_enabled { |
| 23 | + first_name_attribute = "firstName" |
| 24 | + last_name_attribute = "lastName" |
| 25 | + on_demand_provisioning_roles = ["Administrator"] |
| 26 | + } |
| 27 | + roles_attribute = "Administrator" |
| 28 | + logout_enabled = false |
| 29 | + logout_url = "" |
| 30 | + email_attribute = "" |
| 31 | + debug_mode = false |
| 32 | + sign_authn_request = false |
| 33 | + disable_requested_authn_context = false |
| 34 | + is_redirect_binding = false |
| 35 | +} |
| 36 | +``` |
| 37 | + |
| 38 | +## Argument reference |
| 39 | + |
| 40 | +The following arguments are supported: |
| 41 | + |
| 42 | +- `sp_initiated_login_path` - (Optional) The identifier used to generate a unique URL for user login. Defaults to "". |
| 43 | +- `configuration_name` - (Required) Name of the SSO policy or another name used to describe the policy internally. |
| 44 | +- `issuer` - (Required) The unique URL assigned to the organization by the SAML Identity Provider. |
| 45 | +- `sp_initiated_login_enabled` - (Optional) True if Sumo Logic redirects users to your identity provider with a SAML AuthnRequest when signing in. Defaults to false. |
| 46 | +- `authn_request_url` - (Optional) The URL that the identity provider has assigned for Sumo Logic to submit SAML authentication requests to the identity provider. Defaults to "". |
| 47 | +- `x509cert1` - (Required) The certificate is used to verify the signature in SAML assertions. |
| 48 | +- `x509cert2` - (Optional) The backup certificate used to verify the signature in SAML assertions when x509cert1 expires. Defaults to "". |
| 49 | +- `x509cert3` - (Optional) The backup certificate used to verify the signature in SAML assertions when x509cert1 expires and x509cert2 is empty. Defaults to "". |
| 50 | +- `on_demand_provisioning_enabled` - (Block List, Max: 1, Optional) The configuration for on-demand provisioning. See [on_demand_provisioning_enabled schema](#schema-for-on_demand_provisioning_enabled) for details. |
| 51 | +- `roles_attribute` - (Optional) The role that Sumo Logic will assign to users when they sign in. Defaults to "". |
| 52 | +- `logout_enabled` - (Optional) True if users are redirected to a URL after signing out of Sumo Logic. Defaults to false. |
| 53 | +- `logout_url` - (Optional) The URL that users will be redirected to after signing out of Sumo Logic. Defaults to "". |
| 54 | +- `email_attribute` - (Optional) The email address of the new user account. Defaults to "". |
| 55 | +- `debug_mode` - (Optional) True if additional details are included when a user fails to sign in. Defaults to false. |
| 56 | +- `sign_authn_request` - (Optional) True if Sumo Logic will send signed Authn requests to the identity provider. Defaults to false. |
| 57 | +- `disable_requested_authn_context` - (Optional) True if Sumo Logic will include the RequestedAuthnContext element of the SAML AuthnRequests it sends to the identity provider. Defaults to false. |
| 58 | +- `is_redirect_binding` - (Optional) True if the SAML binding is of HTTP Redirect type. Defaults to false. |
| 59 | + |
| 60 | +### Schema for `on_demand_provisioning_enabled` |
| 61 | +- `first_name_attribute` - (Optional) First name attribute of the new user account. Defaults to "". |
| 62 | +- `last_name_attribute` - (Optional) Last name attribute of the new user account. Defaults to "". |
| 63 | +- `on_demand_provisioning_roles` - (Required) List of Sumo Logic RBAC roles to be assigned when user accounts are provisioned. |
| 64 | + |
| 65 | +## Attributes reference |
| 66 | + |
| 67 | +The following attributes are exported: |
| 68 | + |
| 69 | +- `id` - Unique identifier for the SAML Configuration. |
| 70 | +- `certificate` - Authentication Request Signing Certificate for the user. |
| 71 | + |
| 72 | +## Import |
| 73 | +SAML Configuration can be imported using the SAML configuration id, e.g.: |
| 74 | +```hcl |
| 75 | +terraform import sumologic_saml_configuration.example 00000000454A5979 |
| 76 | +``` |
| 77 | + |
| 78 | +[1]: https://help.sumologic.com/Manage/Security/SAML/01-Set-Up-SAML-for-Single-Sign-On |
0 commit comments