» google_identity_platform_tenant_inbound_saml_config

Inbound SAML configuration for a Identity Toolkit tenant.

You must enable the Google Identity Platform in the marketplace prior to using this resource.

» Example Usage - Identity Platform Tenant Inbound Saml Config Basic

resource "google_identity_platform_tenant" "tenant" {
  display_name  = "tenant"
}

resource "google_identity_platform_tenant_inbound_saml_config" "tenant_saml_config" {
  name         = "saml.tf-config"
  display_name = "Display Name"
  tenant       = google_identity_platform_tenant.tenant.name
  idp_config {
    idp_entity_id = "tf-idp"
    sign_request  = true
    sso_url       = "https://example.com"
    idp_certificates {
      x509_certificate = file("test-fixtures/rsa_cert.pem")
    }
  }

  sp_config {
    sp_entity_id = "tf-sp"
    callback_uri = "https://example.com"
  }
}

» Argument Reference

The following arguments are supported:

  • name - (Required) The name of the InboundSamlConfig resource. Must start with 'saml.' and can only have alphanumeric characters, hyphens, underscores or periods. The part after 'saml.' must also start with a lowercase letter, end with an alphanumeric character, and have at least 2 characters.

  • tenant - (Required) The name of the tenant where this inbound SAML config resource exists

  • display_name - (Required) Human friendly display name.

  • idp_config - (Required) SAML IdP configuration when the project acts as the relying party Structure is documented below.

  • sp_config - (Required) SAML SP (Service Provider) configuration when the project acts as the relying party to receive and accept an authentication assertion issued by a SAML identity provider. Structure is documented below.

The idp_config block supports:

  • idp_entity_id - (Required) Unique identifier for all SAML entities

  • sso_url - (Required) URL to send Authentication request to.

  • sign_request - (Optional) Indicates if outbounding SAMLRequest should be signed.

  • idp_certificates - (Required) The IDP's certificate data to verify the signature in the SAMLResponse issued by the IDP. Structure is documented below.

The idp_certificates block supports:

The sp_config block supports:

  • sp_entity_id - (Required) Unique identifier for all SAML entities.

  • callback_uri - (Required) Callback URI where responses from IDP are handled. Must start with https://.

  • sp_certificates - The IDP's certificate data to verify the signature in the SAMLResponse issued by the IDP. Structure is documented below.

The sp_certificates block contains:


  • enabled - (Optional) If this config allows users to sign in with the provider.

  • project - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

» Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

  • id - an identifier for the resource with format projects/{{project}}/tenants/{{tenant}}/inboundSamlConfigs/{{name}}

» Timeouts

This resource provides the following Timeouts configuration options:

  • create - Default is 4 minutes.
  • update - Default is 4 minutes.
  • delete - Default is 4 minutes.

» Import

TenantInboundSamlConfig can be imported using any of these accepted formats:

$ terraform import google_identity_platform_tenant_inbound_saml_config.default projects/{{project}}/tenants/{{tenant}}/inboundSamlConfigs/{{name}}
$ terraform import google_identity_platform_tenant_inbound_saml_config.default {{project}}/{{tenant}}/{{name}}
$ terraform import google_identity_platform_tenant_inbound_saml_config.default {{tenant}}/{{name}}

» User Project Overrides

This resource supports User Project Overrides.