Docs Home Pulumi IaC Pulumi ESC Pulumi Insights Pulumi Cloud Packages Tutorials
  1. Packages
  2. Zitadel
  3. API Docs
  4. IdpSaml
zitadel v0.2.0 published on Monday, Mar 24, 2025 by pulumiverse
pulumiverse/pulumi-zitadel

zitadel.IdpSaml

Explore with Pulumi AI

zitadel v0.2.0 published on Monday, Mar 24, 2025 by pulumiverse
pulumiverse/pulumi-zitadel

Resource representing a SAML IDP on the instance.

Loading the XML Metadata

If you don’t want to pass the XML metadata inline, you have plenty of options. For example:

  • local_file Data Source
  • http Data Source
  • terracurl_request Data Source

Example Usage

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Zitadel = Pulumiverse.Zitadel;

return await Deployment.RunAsync(() => 
{
    var @default = new Zitadel.IdpSaml("default", new()
    {
        Name = "LDAP",
        Binding = "SAML_BINDING_POST",
        WithSignedRequest = true,
        IsLinkingAllowed = false,
        IsCreationAllowed = true,
        IsAutoCreation = false,
        IsAutoUpdate = true,
        MetadataXml = @"<?xml version=""1.0"" encoding=""UTF-8"" standalone=""no""?>
<md:EntityDescriptor xmlns:md=""urn:oasis:names:tc:SAML:2.0:metadata"" entityID=""https://saml.example.com/entityid"" validUntil=""2034-05-15T14:21:58.979Z"">
  <md:IDPSSODescriptor WantAuthnRequestsSigned=""true"" protocolSupportEnumeration=""urn:oasis:names:tc:SAML:2.0:protocol"">
    <md:KeyDescriptor use=""signing"">
      <ds:KeyInfo xmlns:ds=""http://www.w3.org/2000/09/xmldsig#"">
        <ds:X509Data>
          <ds:X509Certificate>MIIC4jCCAcoCCQC33wnybT5QZDANBgkqhkiG9w0BAQsFADAyMQswCQYDVQQGEwJV
SzEPMA0GA1UECgwGQm94eUhRMRIwEAYDVQQDDAlNb2NrIFNBTUwwIBcNMjIwMjI4
MjE0NjM4WhgPMzAyMTA3MDEyMTQ2MzhaMDIxCzAJBgNVBAYTAlVLMQ8wDQYDVQQK
DAZCb3h5SFExEjAQBgNVBAMMCU1vY2sgU0FNTDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALGfYettMsct1T6tVUwTudNJH5Pnb9GGnkXi9Zw/e6x45DD0
RuRONbFlJ2T4RjAE/uG+AjXxXQ8o2SZfb9+GgmCHuTJFNgHoZ1nFVXCmb/Hg8Hpd
4vOAGXndixaReOiq3EH5XvpMjMkJ3+8+9VYMzMZOjkgQtAqO36eAFFfNKX7dTj3V
pwLkvz6/KFCq8OAwY+AUi4eZm5J57D31GzjHwfjH9WTeX0MyndmnNB1qV75qQR3b
2/W5sGHRv+9AarggJkF+ptUkXoLtVA51wcfYm6hILptpde5FQC8RWY1YrswBWAEZ
NfyrR4JeSweElNHg4NVOs4TwGjOPwWGqzTfgTlECAwEAATANBgkqhkiG9w0BAQsF
AAOCAQEAAYRlYflSXAWoZpFfwNiCQVE5d9zZ0DPzNdWhAybXcTyMf0z5mDf6FWBW
5Gyoi9u3EMEDnzLcJNkwJAAc39Apa4I2/tml+Jy29dk8bTyX6m93ngmCgdLh5Za4
khuU3AM3L63g7VexCuO7kwkjh/+LqdcIXsVGO6XDfu2QOs1Xpe9zIzLpwm/RNYeX
UjbSj5ce/jekpAw7qyVVL4xOyh8AtUW1ek3wIw1MJvEgEPt0d16oshWJpoS1OT8L
r/22SvYEo3EmSGdTVGgk3x3s+A0qWAqTcyjr7Q4s/GKYRFfomGwz0TZ4Iw1ZN99M
m0eo2USlSRTVl7QHRTuiuSThHpLKQQ==</ds:X509Certificate>
        </ds:X509Data>
      </ds:KeyInfo>
    </md:KeyDescriptor>
    <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
    <md:SingleSignOnService Binding=""urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"" Location=""https://mocksaml.com/api/saml/sso""/>
    <md:SingleSignOnService Binding=""urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"" Location=""https://mocksaml.com/api/saml/sso""/>
  </md:IDPSSODescriptor>
</md:EntityDescriptor>
",
    });

});
Copy
package main

import (
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
	"github.com/pulumiverse/pulumi-zitadel/sdk/go/zitadel"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := zitadel.NewIdpSaml(ctx, "default", &zitadel.IdpSamlArgs{
			Name:              pulumi.String("LDAP"),
			Binding:           pulumi.String("SAML_BINDING_POST"),
			WithSignedRequest: pulumi.Bool(true),
			IsLinkingAllowed:  pulumi.Bool(false),
			IsCreationAllowed: pulumi.Bool(true),
			IsAutoCreation:    pulumi.Bool(false),
			IsAutoUpdate:      pulumi.Bool(true),
			MetadataXml: pulumi.String(`<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://saml.example.com/entityid" validUntil="2034-05-15T14:21:58.979Z">
  <md:IDPSSODescriptor WantAuthnRequestsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
    <md:KeyDescriptor use="signing">
      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:X509Data>
          <ds:X509Certificate>MIIC4jCCAcoCCQC33wnybT5QZDANBgkqhkiG9w0BAQsFADAyMQswCQYDVQQGEwJV
SzEPMA0GA1UECgwGQm94eUhRMRIwEAYDVQQDDAlNb2NrIFNBTUwwIBcNMjIwMjI4
MjE0NjM4WhgPMzAyMTA3MDEyMTQ2MzhaMDIxCzAJBgNVBAYTAlVLMQ8wDQYDVQQK
DAZCb3h5SFExEjAQBgNVBAMMCU1vY2sgU0FNTDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALGfYettMsct1T6tVUwTudNJH5Pnb9GGnkXi9Zw/e6x45DD0
RuRONbFlJ2T4RjAE/uG+AjXxXQ8o2SZfb9+GgmCHuTJFNgHoZ1nFVXCmb/Hg8Hpd
4vOAGXndixaReOiq3EH5XvpMjMkJ3+8+9VYMzMZOjkgQtAqO36eAFFfNKX7dTj3V
pwLkvz6/KFCq8OAwY+AUi4eZm5J57D31GzjHwfjH9WTeX0MyndmnNB1qV75qQR3b
2/W5sGHRv+9AarggJkF+ptUkXoLtVA51wcfYm6hILptpde5FQC8RWY1YrswBWAEZ
NfyrR4JeSweElNHg4NVOs4TwGjOPwWGqzTfgTlECAwEAATANBgkqhkiG9w0BAQsF
AAOCAQEAAYRlYflSXAWoZpFfwNiCQVE5d9zZ0DPzNdWhAybXcTyMf0z5mDf6FWBW
5Gyoi9u3EMEDnzLcJNkwJAAc39Apa4I2/tml+Jy29dk8bTyX6m93ngmCgdLh5Za4
khuU3AM3L63g7VexCuO7kwkjh/+LqdcIXsVGO6XDfu2QOs1Xpe9zIzLpwm/RNYeX
UjbSj5ce/jekpAw7qyVVL4xOyh8AtUW1ek3wIw1MJvEgEPt0d16oshWJpoS1OT8L
r/22SvYEo3EmSGdTVGgk3x3s+A0qWAqTcyjr7Q4s/GKYRFfomGwz0TZ4Iw1ZN99M
m0eo2USlSRTVl7QHRTuiuSThHpLKQQ==</ds:X509Certificate>
        </ds:X509Data>
      </ds:KeyInfo>
    </md:KeyDescriptor>
    <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
    <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://mocksaml.com/api/saml/sso"/>
    <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://mocksaml.com/api/saml/sso"/>
  </md:IDPSSODescriptor>
</md:EntityDescriptor>
`),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.zitadel.IdpSaml;
import com.pulumi.zitadel.IdpSamlArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var default_ = new IdpSaml("default", IdpSamlArgs.builder()        
            .name("LDAP")
            .binding("SAML_BINDING_POST")
            .withSignedRequest(true)
            .isLinkingAllowed(false)
            .isCreationAllowed(true)
            .isAutoCreation(false)
            .isAutoUpdate(true)
            .metadataXml("""
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://saml.example.com/entityid" validUntil="2034-05-15T14:21:58.979Z">
  <md:IDPSSODescriptor WantAuthnRequestsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
    <md:KeyDescriptor use="signing">
      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:X509Data>
          <ds:X509Certificate>MIIC4jCCAcoCCQC33wnybT5QZDANBgkqhkiG9w0BAQsFADAyMQswCQYDVQQGEwJV
SzEPMA0GA1UECgwGQm94eUhRMRIwEAYDVQQDDAlNb2NrIFNBTUwwIBcNMjIwMjI4
MjE0NjM4WhgPMzAyMTA3MDEyMTQ2MzhaMDIxCzAJBgNVBAYTAlVLMQ8wDQYDVQQK
DAZCb3h5SFExEjAQBgNVBAMMCU1vY2sgU0FNTDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALGfYettMsct1T6tVUwTudNJH5Pnb9GGnkXi9Zw/e6x45DD0
RuRONbFlJ2T4RjAE/uG+AjXxXQ8o2SZfb9+GgmCHuTJFNgHoZ1nFVXCmb/Hg8Hpd
4vOAGXndixaReOiq3EH5XvpMjMkJ3+8+9VYMzMZOjkgQtAqO36eAFFfNKX7dTj3V
pwLkvz6/KFCq8OAwY+AUi4eZm5J57D31GzjHwfjH9WTeX0MyndmnNB1qV75qQR3b
2/W5sGHRv+9AarggJkF+ptUkXoLtVA51wcfYm6hILptpde5FQC8RWY1YrswBWAEZ
NfyrR4JeSweElNHg4NVOs4TwGjOPwWGqzTfgTlECAwEAATANBgkqhkiG9w0BAQsF
AAOCAQEAAYRlYflSXAWoZpFfwNiCQVE5d9zZ0DPzNdWhAybXcTyMf0z5mDf6FWBW
5Gyoi9u3EMEDnzLcJNkwJAAc39Apa4I2/tml+Jy29dk8bTyX6m93ngmCgdLh5Za4
khuU3AM3L63g7VexCuO7kwkjh/+LqdcIXsVGO6XDfu2QOs1Xpe9zIzLpwm/RNYeX
UjbSj5ce/jekpAw7qyVVL4xOyh8AtUW1ek3wIw1MJvEgEPt0d16oshWJpoS1OT8L
r/22SvYEo3EmSGdTVGgk3x3s+A0qWAqTcyjr7Q4s/GKYRFfomGwz0TZ4Iw1ZN99M
m0eo2USlSRTVl7QHRTuiuSThHpLKQQ==</ds:X509Certificate>
        </ds:X509Data>
      </ds:KeyInfo>
    </md:KeyDescriptor>
    <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
    <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://mocksaml.com/api/saml/sso"/>
    <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://mocksaml.com/api/saml/sso"/>
  </md:IDPSSODescriptor>
</md:EntityDescriptor>
            """)
            .build());

    }
}
Copy
import * as pulumi from "@pulumi/pulumi";
import * as zitadel from "@pulumiverse/zitadel";

const _default = new zitadel.IdpSaml("default", {
    name: "LDAP",
    binding: "SAML_BINDING_POST",
    withSignedRequest: true,
    isLinkingAllowed: false,
    isCreationAllowed: true,
    isAutoCreation: false,
    isAutoUpdate: true,
    metadataXml: `<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://saml.example.com/entityid" validUntil="2034-05-15T14:21:58.979Z">
  <md:IDPSSODescriptor WantAuthnRequestsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
    <md:KeyDescriptor use="signing">
      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:X509Data>
          <ds:X509Certificate>MIIC4jCCAcoCCQC33wnybT5QZDANBgkqhkiG9w0BAQsFADAyMQswCQYDVQQGEwJV
SzEPMA0GA1UECgwGQm94eUhRMRIwEAYDVQQDDAlNb2NrIFNBTUwwIBcNMjIwMjI4
MjE0NjM4WhgPMzAyMTA3MDEyMTQ2MzhaMDIxCzAJBgNVBAYTAlVLMQ8wDQYDVQQK
DAZCb3h5SFExEjAQBgNVBAMMCU1vY2sgU0FNTDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALGfYettMsct1T6tVUwTudNJH5Pnb9GGnkXi9Zw/e6x45DD0
RuRONbFlJ2T4RjAE/uG+AjXxXQ8o2SZfb9+GgmCHuTJFNgHoZ1nFVXCmb/Hg8Hpd
4vOAGXndixaReOiq3EH5XvpMjMkJ3+8+9VYMzMZOjkgQtAqO36eAFFfNKX7dTj3V
pwLkvz6/KFCq8OAwY+AUi4eZm5J57D31GzjHwfjH9WTeX0MyndmnNB1qV75qQR3b
2/W5sGHRv+9AarggJkF+ptUkXoLtVA51wcfYm6hILptpde5FQC8RWY1YrswBWAEZ
NfyrR4JeSweElNHg4NVOs4TwGjOPwWGqzTfgTlECAwEAATANBgkqhkiG9w0BAQsF
AAOCAQEAAYRlYflSXAWoZpFfwNiCQVE5d9zZ0DPzNdWhAybXcTyMf0z5mDf6FWBW
5Gyoi9u3EMEDnzLcJNkwJAAc39Apa4I2/tml+Jy29dk8bTyX6m93ngmCgdLh5Za4
khuU3AM3L63g7VexCuO7kwkjh/+LqdcIXsVGO6XDfu2QOs1Xpe9zIzLpwm/RNYeX
UjbSj5ce/jekpAw7qyVVL4xOyh8AtUW1ek3wIw1MJvEgEPt0d16oshWJpoS1OT8L
r/22SvYEo3EmSGdTVGgk3x3s+A0qWAqTcyjr7Q4s/GKYRFfomGwz0TZ4Iw1ZN99M
m0eo2USlSRTVl7QHRTuiuSThHpLKQQ==</ds:X509Certificate>
        </ds:X509Data>
      </ds:KeyInfo>
    </md:KeyDescriptor>
    <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
    <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://mocksaml.com/api/saml/sso"/>
    <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://mocksaml.com/api/saml/sso"/>
  </md:IDPSSODescriptor>
</md:EntityDescriptor>
`,
});
Copy
import pulumi
import pulumiverse_zitadel as zitadel

default = zitadel.IdpSaml("default",
    name="LDAP",
    binding="SAML_BINDING_POST",
    with_signed_request=True,
    is_linking_allowed=False,
    is_creation_allowed=True,
    is_auto_creation=False,
    is_auto_update=True,
    metadata_xml="""<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://saml.example.com/entityid" validUntil="2034-05-15T14:21:58.979Z">
  <md:IDPSSODescriptor WantAuthnRequestsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
    <md:KeyDescriptor use="signing">
      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:X509Data>
          <ds:X509Certificate>MIIC4jCCAcoCCQC33wnybT5QZDANBgkqhkiG9w0BAQsFADAyMQswCQYDVQQGEwJV
SzEPMA0GA1UECgwGQm94eUhRMRIwEAYDVQQDDAlNb2NrIFNBTUwwIBcNMjIwMjI4
MjE0NjM4WhgPMzAyMTA3MDEyMTQ2MzhaMDIxCzAJBgNVBAYTAlVLMQ8wDQYDVQQK
DAZCb3h5SFExEjAQBgNVBAMMCU1vY2sgU0FNTDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALGfYettMsct1T6tVUwTudNJH5Pnb9GGnkXi9Zw/e6x45DD0
RuRONbFlJ2T4RjAE/uG+AjXxXQ8o2SZfb9+GgmCHuTJFNgHoZ1nFVXCmb/Hg8Hpd
4vOAGXndixaReOiq3EH5XvpMjMkJ3+8+9VYMzMZOjkgQtAqO36eAFFfNKX7dTj3V
pwLkvz6/KFCq8OAwY+AUi4eZm5J57D31GzjHwfjH9WTeX0MyndmnNB1qV75qQR3b
2/W5sGHRv+9AarggJkF+ptUkXoLtVA51wcfYm6hILptpde5FQC8RWY1YrswBWAEZ
NfyrR4JeSweElNHg4NVOs4TwGjOPwWGqzTfgTlECAwEAATANBgkqhkiG9w0BAQsF
AAOCAQEAAYRlYflSXAWoZpFfwNiCQVE5d9zZ0DPzNdWhAybXcTyMf0z5mDf6FWBW
5Gyoi9u3EMEDnzLcJNkwJAAc39Apa4I2/tml+Jy29dk8bTyX6m93ngmCgdLh5Za4
khuU3AM3L63g7VexCuO7kwkjh/+LqdcIXsVGO6XDfu2QOs1Xpe9zIzLpwm/RNYeX
UjbSj5ce/jekpAw7qyVVL4xOyh8AtUW1ek3wIw1MJvEgEPt0d16oshWJpoS1OT8L
r/22SvYEo3EmSGdTVGgk3x3s+A0qWAqTcyjr7Q4s/GKYRFfomGwz0TZ4Iw1ZN99M
m0eo2USlSRTVl7QHRTuiuSThHpLKQQ==</ds:X509Certificate>
        </ds:X509Data>
      </ds:KeyInfo>
    </md:KeyDescriptor>
    <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
    <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://mocksaml.com/api/saml/sso"/>
    <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://mocksaml.com/api/saml/sso"/>
  </md:IDPSSODescriptor>
</md:EntityDescriptor>
""")
Copy
resources:
  default:
    type: zitadel:IdpSaml
    properties:
      name: LDAP
      binding: SAML_BINDING_POST
      withSignedRequest: true
      isLinkingAllowed: false
      isCreationAllowed: true
      isAutoCreation: false
      isAutoUpdate: true
      metadataXml: |
        <?xml version="1.0" encoding="UTF-8" standalone="no"?>
        <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://saml.example.com/entityid" validUntil="2034-05-15T14:21:58.979Z">
          <md:IDPSSODescriptor WantAuthnRequestsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
            <md:KeyDescriptor use="signing">
              <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:X509Data>
                  <ds:X509Certificate>MIIC4jCCAcoCCQC33wnybT5QZDANBgkqhkiG9w0BAQsFADAyMQswCQYDVQQGEwJV
        SzEPMA0GA1UECgwGQm94eUhRMRIwEAYDVQQDDAlNb2NrIFNBTUwwIBcNMjIwMjI4
        MjE0NjM4WhgPMzAyMTA3MDEyMTQ2MzhaMDIxCzAJBgNVBAYTAlVLMQ8wDQYDVQQK
        DAZCb3h5SFExEjAQBgNVBAMMCU1vY2sgU0FNTDCCASIwDQYJKoZIhvcNAQEBBQAD
        ggEPADCCAQoCggEBALGfYettMsct1T6tVUwTudNJH5Pnb9GGnkXi9Zw/e6x45DD0
        RuRONbFlJ2T4RjAE/uG+AjXxXQ8o2SZfb9+GgmCHuTJFNgHoZ1nFVXCmb/Hg8Hpd
        4vOAGXndixaReOiq3EH5XvpMjMkJ3+8+9VYMzMZOjkgQtAqO36eAFFfNKX7dTj3V
        pwLkvz6/KFCq8OAwY+AUi4eZm5J57D31GzjHwfjH9WTeX0MyndmnNB1qV75qQR3b
        2/W5sGHRv+9AarggJkF+ptUkXoLtVA51wcfYm6hILptpde5FQC8RWY1YrswBWAEZ
        NfyrR4JeSweElNHg4NVOs4TwGjOPwWGqzTfgTlECAwEAATANBgkqhkiG9w0BAQsF
        AAOCAQEAAYRlYflSXAWoZpFfwNiCQVE5d9zZ0DPzNdWhAybXcTyMf0z5mDf6FWBW
        5Gyoi9u3EMEDnzLcJNkwJAAc39Apa4I2/tml+Jy29dk8bTyX6m93ngmCgdLh5Za4
        khuU3AM3L63g7VexCuO7kwkjh/+LqdcIXsVGO6XDfu2QOs1Xpe9zIzLpwm/RNYeX
        UjbSj5ce/jekpAw7qyVVL4xOyh8AtUW1ek3wIw1MJvEgEPt0d16oshWJpoS1OT8L
        r/22SvYEo3EmSGdTVGgk3x3s+A0qWAqTcyjr7Q4s/GKYRFfomGwz0TZ4Iw1ZN99M
        m0eo2USlSRTVl7QHRTuiuSThHpLKQQ==</ds:X509Certificate>
                </ds:X509Data>
              </ds:KeyInfo>
            </md:KeyDescriptor>
            <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
            <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://mocksaml.com/api/saml/sso"/>
            <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://mocksaml.com/api/saml/sso"/>
          </md:IDPSSODescriptor>
        </md:EntityDescriptor>
Copy

Create IdpSaml Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new IdpSaml(name: string, args: IdpSamlArgs, opts?: CustomResourceOptions);
@overload
def IdpSaml(resource_name: str,
            args: IdpSamlArgs,
            opts: Optional[ResourceOptions] = None)

@overload
def IdpSaml(resource_name: str,
            opts: Optional[ResourceOptions] = None,
            is_auto_creation: Optional[bool] = None,
            is_auto_update: Optional[bool] = None,
            is_creation_allowed: Optional[bool] = None,
            is_linking_allowed: Optional[bool] = None,
            metadata_xml: Optional[str] = None,
            binding: Optional[str] = None,
            name: Optional[str] = None,
            with_signed_request: Optional[bool] = None)
func NewIdpSaml(ctx *Context, name string, args IdpSamlArgs, opts ...ResourceOption) (*IdpSaml, error)
public IdpSaml(string name, IdpSamlArgs args, CustomResourceOptions? opts = null)
public IdpSaml(String name, IdpSamlArgs args)
public IdpSaml(String name, IdpSamlArgs args, CustomResourceOptions options)

type: zitadel:IdpSaml
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name This property is required. string
The unique name of the resource.
args This property is required. IdpSamlArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name This property is required. str
The unique name of the resource.
args This property is required. IdpSamlArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name This property is required. string
The unique name of the resource.
args This property is required. IdpSamlArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name This property is required. string
The unique name of the resource.
args This property is required. IdpSamlArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name This property is required. String
The unique name of the resource.
args This property is required. IdpSamlArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var idpSamlResource = new Zitadel.IdpSaml("idpSamlResource", new()
{
    IsAutoCreation = false,
    IsAutoUpdate = false,
    IsCreationAllowed = false,
    IsLinkingAllowed = false,
    MetadataXml = "string",
    Binding = "string",
    Name = "string",
    WithSignedRequest = false,
});
Copy
example, err := zitadel.NewIdpSaml(ctx, "idpSamlResource", &zitadel.IdpSamlArgs{
	IsAutoCreation:    pulumi.Bool(false),
	IsAutoUpdate:      pulumi.Bool(false),
	IsCreationAllowed: pulumi.Bool(false),
	IsLinkingAllowed:  pulumi.Bool(false),
	MetadataXml:       pulumi.String("string"),
	Binding:           pulumi.String("string"),
	Name:              pulumi.String("string"),
	WithSignedRequest: pulumi.Bool(false),
})
Copy
var idpSamlResource = new IdpSaml("idpSamlResource", IdpSamlArgs.builder()
    .isAutoCreation(false)
    .isAutoUpdate(false)
    .isCreationAllowed(false)
    .isLinkingAllowed(false)
    .metadataXml("string")
    .binding("string")
    .name("string")
    .withSignedRequest(false)
    .build());
Copy
idp_saml_resource = zitadel.IdpSaml("idpSamlResource",
    is_auto_creation=False,
    is_auto_update=False,
    is_creation_allowed=False,
    is_linking_allowed=False,
    metadata_xml="string",
    binding="string",
    name="string",
    with_signed_request=False)
Copy
const idpSamlResource = new zitadel.IdpSaml("idpSamlResource", {
    isAutoCreation: false,
    isAutoUpdate: false,
    isCreationAllowed: false,
    isLinkingAllowed: false,
    metadataXml: "string",
    binding: "string",
    name: "string",
    withSignedRequest: false,
});
Copy
type: zitadel:IdpSaml
properties:
    binding: string
    isAutoCreation: false
    isAutoUpdate: false
    isCreationAllowed: false
    isLinkingAllowed: false
    metadataXml: string
    name: string
    withSignedRequest: false
Copy

IdpSaml Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The IdpSaml resource accepts the following input properties:

IsAutoCreation This property is required. bool
enable if a new account in ZITADEL should be created automatically on login with an external account
IsAutoUpdate This property is required. bool
enable if a the ZITADEL account fields should be updated automatically on each login
IsCreationAllowed This property is required. bool
enable if users should be able to create a new account in ZITADEL when using an external account
IsLinkingAllowed This property is required. bool
enable if users should be able to link an existing ZITADEL user with an external account
MetadataXml This property is required. string
The metadata XML as plain string
Binding string
The binding, supported values: SAMLBINDINGUNSPECIFIED, SAMLBINDINGPOST, SAMLBINDINGREDIRECT, SAMLBINDINGARTIFACT
Name string
Name of the IDP
WithSignedRequest bool
Whether the SAML IDP requires signed requests
IsAutoCreation This property is required. bool
enable if a new account in ZITADEL should be created automatically on login with an external account
IsAutoUpdate This property is required. bool
enable if a the ZITADEL account fields should be updated automatically on each login
IsCreationAllowed This property is required. bool
enable if users should be able to create a new account in ZITADEL when using an external account
IsLinkingAllowed This property is required. bool
enable if users should be able to link an existing ZITADEL user with an external account
MetadataXml This property is required. string
The metadata XML as plain string
Binding string
The binding, supported values: SAMLBINDINGUNSPECIFIED, SAMLBINDINGPOST, SAMLBINDINGREDIRECT, SAMLBINDINGARTIFACT
Name string
Name of the IDP
WithSignedRequest bool
Whether the SAML IDP requires signed requests
isAutoCreation This property is required. Boolean
enable if a new account in ZITADEL should be created automatically on login with an external account
isAutoUpdate This property is required. Boolean
enable if a the ZITADEL account fields should be updated automatically on each login
isCreationAllowed This property is required. Boolean
enable if users should be able to create a new account in ZITADEL when using an external account
isLinkingAllowed This property is required. Boolean
enable if users should be able to link an existing ZITADEL user with an external account
metadataXml This property is required. String
The metadata XML as plain string
binding String
The binding, supported values: SAMLBINDINGUNSPECIFIED, SAMLBINDINGPOST, SAMLBINDINGREDIRECT, SAMLBINDINGARTIFACT
name String
Name of the IDP
withSignedRequest Boolean
Whether the SAML IDP requires signed requests
isAutoCreation This property is required. boolean
enable if a new account in ZITADEL should be created automatically on login with an external account
isAutoUpdate This property is required. boolean
enable if a the ZITADEL account fields should be updated automatically on each login
isCreationAllowed This property is required. boolean
enable if users should be able to create a new account in ZITADEL when using an external account
isLinkingAllowed This property is required. boolean
enable if users should be able to link an existing ZITADEL user with an external account
metadataXml This property is required. string
The metadata XML as plain string
binding string
The binding, supported values: SAMLBINDINGUNSPECIFIED, SAMLBINDINGPOST, SAMLBINDINGREDIRECT, SAMLBINDINGARTIFACT
name string
Name of the IDP
withSignedRequest boolean
Whether the SAML IDP requires signed requests
is_auto_creation This property is required. bool
enable if a new account in ZITADEL should be created automatically on login with an external account
is_auto_update This property is required. bool
enable if a the ZITADEL account fields should be updated automatically on each login
is_creation_allowed This property is required. bool
enable if users should be able to create a new account in ZITADEL when using an external account
is_linking_allowed This property is required. bool
enable if users should be able to link an existing ZITADEL user with an external account
metadata_xml This property is required. str
The metadata XML as plain string
binding str
The binding, supported values: SAMLBINDINGUNSPECIFIED, SAMLBINDINGPOST, SAMLBINDINGREDIRECT, SAMLBINDINGARTIFACT
name str
Name of the IDP
with_signed_request bool
Whether the SAML IDP requires signed requests
isAutoCreation This property is required. Boolean
enable if a new account in ZITADEL should be created automatically on login with an external account
isAutoUpdate This property is required. Boolean
enable if a the ZITADEL account fields should be updated automatically on each login
isCreationAllowed This property is required. Boolean
enable if users should be able to create a new account in ZITADEL when using an external account
isLinkingAllowed This property is required. Boolean
enable if users should be able to link an existing ZITADEL user with an external account
metadataXml This property is required. String
The metadata XML as plain string
binding String
The binding, supported values: SAMLBINDINGUNSPECIFIED, SAMLBINDINGPOST, SAMLBINDINGREDIRECT, SAMLBINDINGARTIFACT
name String
Name of the IDP
withSignedRequest Boolean
Whether the SAML IDP requires signed requests

Outputs

All input properties are implicitly available as output properties. Additionally, the IdpSaml resource produces the following output properties:

Id string
The provider-assigned unique ID for this managed resource.
Id string
The provider-assigned unique ID for this managed resource.
id String
The provider-assigned unique ID for this managed resource.
id string
The provider-assigned unique ID for this managed resource.
id str
The provider-assigned unique ID for this managed resource.
id String
The provider-assigned unique ID for this managed resource.

Look up Existing IdpSaml Resource

Get an existing IdpSaml resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: IdpSamlState, opts?: CustomResourceOptions): IdpSaml
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        binding: Optional[str] = None,
        is_auto_creation: Optional[bool] = None,
        is_auto_update: Optional[bool] = None,
        is_creation_allowed: Optional[bool] = None,
        is_linking_allowed: Optional[bool] = None,
        metadata_xml: Optional[str] = None,
        name: Optional[str] = None,
        with_signed_request: Optional[bool] = None) -> IdpSaml
func GetIdpSaml(ctx *Context, name string, id IDInput, state *IdpSamlState, opts ...ResourceOption) (*IdpSaml, error)
public static IdpSaml Get(string name, Input<string> id, IdpSamlState? state, CustomResourceOptions? opts = null)
public static IdpSaml get(String name, Output<String> id, IdpSamlState state, CustomResourceOptions options)
resources:  _:    type: zitadel:IdpSaml    get:      id: ${id}
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
Binding string
The binding, supported values: SAMLBINDINGUNSPECIFIED, SAMLBINDINGPOST, SAMLBINDINGREDIRECT, SAMLBINDINGARTIFACT
IsAutoCreation bool
enable if a new account in ZITADEL should be created automatically on login with an external account
IsAutoUpdate bool
enable if a the ZITADEL account fields should be updated automatically on each login
IsCreationAllowed bool
enable if users should be able to create a new account in ZITADEL when using an external account
IsLinkingAllowed bool
enable if users should be able to link an existing ZITADEL user with an external account
MetadataXml string
The metadata XML as plain string
Name string
Name of the IDP
WithSignedRequest bool
Whether the SAML IDP requires signed requests
Binding string
The binding, supported values: SAMLBINDINGUNSPECIFIED, SAMLBINDINGPOST, SAMLBINDINGREDIRECT, SAMLBINDINGARTIFACT
IsAutoCreation bool
enable if a new account in ZITADEL should be created automatically on login with an external account
IsAutoUpdate bool
enable if a the ZITADEL account fields should be updated automatically on each login
IsCreationAllowed bool
enable if users should be able to create a new account in ZITADEL when using an external account
IsLinkingAllowed bool
enable if users should be able to link an existing ZITADEL user with an external account
MetadataXml string
The metadata XML as plain string
Name string
Name of the IDP
WithSignedRequest bool
Whether the SAML IDP requires signed requests
binding String
The binding, supported values: SAMLBINDINGUNSPECIFIED, SAMLBINDINGPOST, SAMLBINDINGREDIRECT, SAMLBINDINGARTIFACT
isAutoCreation Boolean
enable if a new account in ZITADEL should be created automatically on login with an external account
isAutoUpdate Boolean
enable if a the ZITADEL account fields should be updated automatically on each login
isCreationAllowed Boolean
enable if users should be able to create a new account in ZITADEL when using an external account
isLinkingAllowed Boolean
enable if users should be able to link an existing ZITADEL user with an external account
metadataXml String
The metadata XML as plain string
name String
Name of the IDP
withSignedRequest Boolean
Whether the SAML IDP requires signed requests
binding string
The binding, supported values: SAMLBINDINGUNSPECIFIED, SAMLBINDINGPOST, SAMLBINDINGREDIRECT, SAMLBINDINGARTIFACT
isAutoCreation boolean
enable if a new account in ZITADEL should be created automatically on login with an external account
isAutoUpdate boolean
enable if a the ZITADEL account fields should be updated automatically on each login
isCreationAllowed boolean
enable if users should be able to create a new account in ZITADEL when using an external account
isLinkingAllowed boolean
enable if users should be able to link an existing ZITADEL user with an external account
metadataXml string
The metadata XML as plain string
name string
Name of the IDP
withSignedRequest boolean
Whether the SAML IDP requires signed requests
binding str
The binding, supported values: SAMLBINDINGUNSPECIFIED, SAMLBINDINGPOST, SAMLBINDINGREDIRECT, SAMLBINDINGARTIFACT
is_auto_creation bool
enable if a new account in ZITADEL should be created automatically on login with an external account
is_auto_update bool
enable if a the ZITADEL account fields should be updated automatically on each login
is_creation_allowed bool
enable if users should be able to create a new account in ZITADEL when using an external account
is_linking_allowed bool
enable if users should be able to link an existing ZITADEL user with an external account
metadata_xml str
The metadata XML as plain string
name str
Name of the IDP
with_signed_request bool
Whether the SAML IDP requires signed requests
binding String
The binding, supported values: SAMLBINDINGUNSPECIFIED, SAMLBINDINGPOST, SAMLBINDINGREDIRECT, SAMLBINDINGARTIFACT
isAutoCreation Boolean
enable if a new account in ZITADEL should be created automatically on login with an external account
isAutoUpdate Boolean
enable if a the ZITADEL account fields should be updated automatically on each login
isCreationAllowed Boolean
enable if users should be able to create a new account in ZITADEL when using an external account
isLinkingAllowed Boolean
enable if users should be able to link an existing ZITADEL user with an external account
metadataXml String
The metadata XML as plain string
name String
Name of the IDP
withSignedRequest Boolean
Whether the SAML IDP requires signed requests

Import

bash The resource can be imported using the ID format <id>, e.g.

 $ pulumi import zitadel:index/idpSaml:IdpSaml imported '123456789012345678'
Copy

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository
zitadel pulumiverse/pulumi-zitadel
License
Apache-2.0
Notes
This Pulumi package is based on the zitadel Terraform Provider.
zitadel v0.2.0 published on Monday, Mar 24, 2025 by pulumiverse
pulumiverse/pulumi-zitadel