alicloud_cloud_sso_directory

Provides a Cloud SSO Directory resource.

For information about Cloud SSO Directory and how to use it, see What is Directory.

-> NOTE: Available since v1.135.0.

Example Usage

Basic Usage

variable "name" {
  default = "tf-example"
}

provider "alicloud" {
  region = "cn-shanghai"
}

resource "alicloud_cloud_sso_directory" "default" {
  directory_name = var.name
}

Argument Reference

The following arguments are supported:

• directory_global_access_status - (Optional, Computed, Available since v1.248.0) Directory Global Acceleration activation status
• directory_name - (Optional) DirectoryName
• login_preference - (Optional, List, Available since v1.248.0) Login preferences See login_preference below.
• mfa_authentication_status - (Optional, Computed) MFA Authentication Status
• mfa_authentication_setting_info - (Optional, List, Available since v1.248.0) Global MFA verification configuration. See mfa_authentication_setting_info below.
• password_policy - (Optional, Computed, List, Available since v1.248.0) Password policy See password_policy below.
• saml_identity_provider_configuration - (Optional, Computed, List) Identity Provider (IDP) See saml_identity_provider_configuration below.
• scim_synchronization_status - (Optional, Computed) SCIM Synchronization Status
• saml_service_provider - (Optional, Computed, List, Available since v1.248.0) SP information. See saml_service_provider below.
• user_provisioning_configuration - (Optional, List, Available since v1.248.0) User Provisioning configuration See user_provisioning_configuration below.

login_preference

The login_preference supports the following:

• allow_user_to_get_credentials - (Optional, Computed, Available since v1.248.0) Whether the user can obtain the program access credential in the portal after logging in.
• login_network_masks - (Optional, Available since v1.248.0) IP address whitelist

mfa_authentication_setting_info

The mfa_authentication_setting_info supports the following:

• mfa_authentication_advance_settings - (Optional, Computed, Available since v1.248.0) Global MFA validation policy
• operation_for_risk_login - (Optional, Computed, Available since v1.248.0) MFA verification policy for abnormal logon.

password_policy

The password_policy supports the following:

• max_login_attempts - (Optional, Computed, Int, Available since v1.248.0) Number of password retries.
• max_password_age - (Optional, Computed, Int, Available since v1.248.0) Password validity period.
• min_password_different_chars - (Optional, Computed, Int, Available since v1.248.0) The minimum number of different characters in a password.
• min_password_length - (Optional, Computed, Int, Available since v1.248.0) Minimum password length.
• password_not_contain_username - (Optional, Computed, Available since v1.248.0) Whether the user name is not allowed in the password.
• password_reuse_prevention - (Optional, Computed, Int, Available since v1.248.0) Historical password check policy.

saml_identity_provider_configuration

The saml_identity_provider_configuration supports the following:

• binding_type - (Optional, ForceNew, Computed, Available since v1.248.0) The Binding method for initiating a SAML request.
• encoded_metadata_document - (Optional, Computed) EncodedMetadataDocument
• entity_id - (Optional, ForceNew, Available since v1.248.0) EntityId
• login_url - (Optional, ForceNew, Available since v1.248.0) LoginUrl
• sso_status - (Optional, Computed) SSOStatus
• want_request_signed - (Optional, ForceNew, Available since v1.248.0) SP Request whether the signature is required

saml_service_provider

The saml_service_provider supports the following:

• authn_sign_algo - (Optional, Computed, Available since v1.248.0) Signature algorithms supported by AuthNRequest
• certificate_type - (Optional, Computed, Available since v1.248.0) Type of certificate used for signing in the SSO process
• support_encrypted_assertion - (Optional, Computed, Available since v1.248.0) Whether IdP-side encryption of Assertion is supported.

user_provisioning_configuration

The user_provisioning_configuration supports the following:

• default_landing_page - (Optional, Available since v1.248.0) The duration of the Session after the user logs in.
• session_duration - (Optional, Available since v1.248.0) The duration of the Session after the user logs in.

Attributes Reference

The following attributes are exported:

• id - The ID of the resource supplied above.
• create_time - CreateTime
• password_policy - Password policy
  • hard_expire - Whether to restrict login after Password Expiration
  • max_password_length - Maximum password length.
  • require_lower_case_chars - Whether lowercase letters are required in the password.
  • require_numbers - Whether numbers are required in the password.
  • require_symbols - Whether symbols are required in the password.
  • require_upper_case_chars - Whether uppercase letters are required in the password.
• saml_identity_provider_configuration - Identity Provider (IDP)
  • certificate_ids - Certificate ID list
  • create_time - CreateTime
  • update_time - UpdateTime
• saml_service_provider - SP information.
  • acs_url - ACS URL of SP.
  • encoded_metadata_document - SP metadata document (Base64 encoding).
  • entity_id - SP identity.

Timeouts

The timeouts block allows you to specify timeouts for certain actions:

• create - (Defaults to 5 mins) Used when create the Directory.
• delete - (Defaults to 5 mins) Used when delete the Directory.
• update - (Defaults to 5 mins) Used when update the Directory.

Import

Cloud SSO Directory can be imported using the id, e.g.

$ terraform import alicloud_cloud_sso_directory.example <id>