Docs Home Pulumi IaC Pulumi ESC Pulumi Insights Pulumi Cloud Packages Tutorials
  1. Packages
  2. Juniper Mist Provider
  3. API Docs
  4. org
  5. SsoRole
Juniper Mist v0.3.1 published on Monday, Apr 14, 2025 by Pulumi
pulumi/pulumi-junipermist

junipermist.org.SsoRole

Explore with Pulumi AI

Juniper Mist v0.3.1 published on Monday, Apr 14, 2025 by Pulumi
pulumi/pulumi-junipermist

This resource manages Org SSO Roles for Admin Authentication.

SSO roles refer to the different functions assigned to users within a Single Sign-On (SSO) system.
These roles determine the tasks and actions that users can perform within the SSO system. There are typically predefined roles and custom roles in an SSO system.
Roles in SSO provide a well-defined separation of responsibility and visibility, allowing for granular-level access control on SSO objects.

Example Usage

Coming soon!

Coming soon!

Coming soon!

Coming soon!

Coming soon!

resources:
  ssoRoleOne:
    type: junipermist:org:SsoRole
    name: sso_role_one
    properties:
      orgId: ${terraformTest.id}
      name: admin_sso
      privileges:
        - scope: site
          role: read
          site_id: ${terraformSite.id}
Copy

Create SsoRole Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new SsoRole(name: string, args: SsoRoleArgs, opts?: CustomResourceOptions);
@overload
def SsoRole(resource_name: str,
            args: SsoRoleArgs,
            opts: Optional[ResourceOptions] = None)

@overload
def SsoRole(resource_name: str,
            opts: Optional[ResourceOptions] = None,
            org_id: Optional[str] = None,
            privileges: Optional[Sequence[SsoRolePrivilegeArgs]] = None,
            name: Optional[str] = None)
func NewSsoRole(ctx *Context, name string, args SsoRoleArgs, opts ...ResourceOption) (*SsoRole, error)
public SsoRole(string name, SsoRoleArgs args, CustomResourceOptions? opts = null)
public SsoRole(String name, SsoRoleArgs args)
public SsoRole(String name, SsoRoleArgs args, CustomResourceOptions options)

type: junipermist:org:SsoRole
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name This property is required. string
The unique name of the resource.
args This property is required. SsoRoleArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name This property is required. str
The unique name of the resource.
args This property is required. SsoRoleArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name This property is required. string
The unique name of the resource.
args This property is required. SsoRoleArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name This property is required. string
The unique name of the resource.
args This property is required. SsoRoleArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name This property is required. String
The unique name of the resource.
args This property is required. SsoRoleArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var ssoRoleResource = new JuniperMist.Org.SsoRole("ssoRoleResource", new()
{
    OrgId = "string",
    Privileges = new[]
    {
        new JuniperMist.Org.Inputs.SsoRolePrivilegeArgs
        {
            Role = "string",
            Scope = "string",
            SiteId = "string",
            SitegroupId = "string",
            Views = new[]
            {
                "string",
            },
        },
    },
    Name = "string",
});
Copy
example, err := org.NewSsoRole(ctx, "ssoRoleResource", &org.SsoRoleArgs{
	OrgId: pulumi.String("string"),
	Privileges: org.SsoRolePrivilegeArray{
		&org.SsoRolePrivilegeArgs{
			Role:        pulumi.String("string"),
			Scope:       pulumi.String("string"),
			SiteId:      pulumi.String("string"),
			SitegroupId: pulumi.String("string"),
			Views: pulumi.StringArray{
				pulumi.String("string"),
			},
		},
	},
	Name: pulumi.String("string"),
})
Copy
var ssoRoleResource = new SsoRole("ssoRoleResource", SsoRoleArgs.builder()
    .orgId("string")
    .privileges(SsoRolePrivilegeArgs.builder()
        .role("string")
        .scope("string")
        .siteId("string")
        .sitegroupId("string")
        .views("string")
        .build())
    .name("string")
    .build());
Copy
sso_role_resource = junipermist.org.SsoRole("ssoRoleResource",
    org_id="string",
    privileges=[{
        "role": "string",
        "scope": "string",
        "site_id": "string",
        "sitegroup_id": "string",
        "views": ["string"],
    }],
    name="string")
Copy
const ssoRoleResource = new junipermist.org.SsoRole("ssoRoleResource", {
    orgId: "string",
    privileges: [{
        role: "string",
        scope: "string",
        siteId: "string",
        sitegroupId: "string",
        views: ["string"],
    }],
    name: "string",
});
Copy
type: junipermist:org:SsoRole
properties:
    name: string
    orgId: string
    privileges:
        - role: string
          scope: string
          siteId: string
          sitegroupId: string
          views:
            - string
Copy

SsoRole Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The SsoRole resource accepts the following input properties:

OrgId This property is required. string
Privileges This property is required. List<Pulumi.JuniperMist.Org.Inputs.SsoRolePrivilege>
Name string
OrgId This property is required. string
Privileges This property is required. []SsoRolePrivilegeArgs
Name string
orgId This property is required. String
privileges This property is required. List<SsoRolePrivilege>
name String
orgId This property is required. string
privileges This property is required. SsoRolePrivilege[]
name string
org_id This property is required. str
privileges This property is required. Sequence[SsoRolePrivilegeArgs]
name str
orgId This property is required. String
privileges This property is required. List<Property Map>
name String

Outputs

All input properties are implicitly available as output properties. Additionally, the SsoRole resource produces the following output properties:

Id string
The provider-assigned unique ID for this managed resource.
Id string
The provider-assigned unique ID for this managed resource.
id String
The provider-assigned unique ID for this managed resource.
id string
The provider-assigned unique ID for this managed resource.
id str
The provider-assigned unique ID for this managed resource.
id String
The provider-assigned unique ID for this managed resource.

Look up Existing SsoRole Resource

Get an existing SsoRole resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: SsoRoleState, opts?: CustomResourceOptions): SsoRole
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        name: Optional[str] = None,
        org_id: Optional[str] = None,
        privileges: Optional[Sequence[SsoRolePrivilegeArgs]] = None) -> SsoRole
func GetSsoRole(ctx *Context, name string, id IDInput, state *SsoRoleState, opts ...ResourceOption) (*SsoRole, error)
public static SsoRole Get(string name, Input<string> id, SsoRoleState? state, CustomResourceOptions? opts = null)
public static SsoRole get(String name, Output<String> id, SsoRoleState state, CustomResourceOptions options)
resources:  _:    type: junipermist:org:SsoRole    get:      id: ${id}
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.

Supporting Types

SsoRolePrivilege
, SsoRolePrivilegeArgs

Role This property is required. string
access permissions. enum: admin, helpdesk, installer, read, write
Scope This property is required. string
enum: org, site, sitegroup
SiteId string
Required if scope==site
SitegroupId string
Required if scope==sitegroup
Views List<string>

Custom roles restrict Org users to specific UI views. This is useful for limiting UI access of Org users. Custom roles restrict Org users to specific UI views. This is useful for limiting UI access of Org users.
You can define custom roles by adding the views attribute along with role when assigning privileges.
Below are the list of supported UI views. Note that this is UI only feature.

| UI View | Required Role | Description | | --- | --- | --- | | reporting | read | full access to all analytics tools | | marketing | read | can view analytics and location maps | | super_observer | read | can view all the organization except the subscription page | | location | write | can view and manage location maps, can view analytics | | security | write | can view and manage site labels, policies and security | | switch_admin | helpdesk | can view and manage Switch ports, can view wired clients | | mxedge_admin | admin | can view and manage Mist edges and Mist tunnels | | lobby_admin | admin | full access to Org and Site Pre-shared keys |

Role This property is required. string
access permissions. enum: admin, helpdesk, installer, read, write
Scope This property is required. string
enum: org, site, sitegroup
SiteId string
Required if scope==site
SitegroupId string
Required if scope==sitegroup
Views []string

Custom roles restrict Org users to specific UI views. This is useful for limiting UI access of Org users. Custom roles restrict Org users to specific UI views. This is useful for limiting UI access of Org users.
You can define custom roles by adding the views attribute along with role when assigning privileges.
Below are the list of supported UI views. Note that this is UI only feature.

| UI View | Required Role | Description | | --- | --- | --- | | reporting | read | full access to all analytics tools | | marketing | read | can view analytics and location maps | | super_observer | read | can view all the organization except the subscription page | | location | write | can view and manage location maps, can view analytics | | security | write | can view and manage site labels, policies and security | | switch_admin | helpdesk | can view and manage Switch ports, can view wired clients | | mxedge_admin | admin | can view and manage Mist edges and Mist tunnels | | lobby_admin | admin | full access to Org and Site Pre-shared keys |

role This property is required. String
access permissions. enum: admin, helpdesk, installer, read, write
scope This property is required. String
enum: org, site, sitegroup
siteId String
Required if scope==site
sitegroupId String
Required if scope==sitegroup
views List<String>

Custom roles restrict Org users to specific UI views. This is useful for limiting UI access of Org users. Custom roles restrict Org users to specific UI views. This is useful for limiting UI access of Org users.
You can define custom roles by adding the views attribute along with role when assigning privileges.
Below are the list of supported UI views. Note that this is UI only feature.

| UI View | Required Role | Description | | --- | --- | --- | | reporting | read | full access to all analytics tools | | marketing | read | can view analytics and location maps | | super_observer | read | can view all the organization except the subscription page | | location | write | can view and manage location maps, can view analytics | | security | write | can view and manage site labels, policies and security | | switch_admin | helpdesk | can view and manage Switch ports, can view wired clients | | mxedge_admin | admin | can view and manage Mist edges and Mist tunnels | | lobby_admin | admin | full access to Org and Site Pre-shared keys |

role This property is required. string
access permissions. enum: admin, helpdesk, installer, read, write
scope This property is required. string
enum: org, site, sitegroup
siteId string
Required if scope==site
sitegroupId string
Required if scope==sitegroup
views string[]

Custom roles restrict Org users to specific UI views. This is useful for limiting UI access of Org users. Custom roles restrict Org users to specific UI views. This is useful for limiting UI access of Org users.
You can define custom roles by adding the views attribute along with role when assigning privileges.
Below are the list of supported UI views. Note that this is UI only feature.

| UI View | Required Role | Description | | --- | --- | --- | | reporting | read | full access to all analytics tools | | marketing | read | can view analytics and location maps | | super_observer | read | can view all the organization except the subscription page | | location | write | can view and manage location maps, can view analytics | | security | write | can view and manage site labels, policies and security | | switch_admin | helpdesk | can view and manage Switch ports, can view wired clients | | mxedge_admin | admin | can view and manage Mist edges and Mist tunnels | | lobby_admin | admin | full access to Org and Site Pre-shared keys |

role This property is required. str
access permissions. enum: admin, helpdesk, installer, read, write
scope This property is required. str
enum: org, site, sitegroup
site_id str
Required if scope==site
sitegroup_id str
Required if scope==sitegroup
views Sequence[str]

Custom roles restrict Org users to specific UI views. This is useful for limiting UI access of Org users. Custom roles restrict Org users to specific UI views. This is useful for limiting UI access of Org users.
You can define custom roles by adding the views attribute along with role when assigning privileges.
Below are the list of supported UI views. Note that this is UI only feature.

| UI View | Required Role | Description | | --- | --- | --- | | reporting | read | full access to all analytics tools | | marketing | read | can view analytics and location maps | | super_observer | read | can view all the organization except the subscription page | | location | write | can view and manage location maps, can view analytics | | security | write | can view and manage site labels, policies and security | | switch_admin | helpdesk | can view and manage Switch ports, can view wired clients | | mxedge_admin | admin | can view and manage Mist edges and Mist tunnels | | lobby_admin | admin | full access to Org and Site Pre-shared keys |

role This property is required. String
access permissions. enum: admin, helpdesk, installer, read, write
scope This property is required. String
enum: org, site, sitegroup
siteId String
Required if scope==site
sitegroupId String
Required if scope==sitegroup
views List<String>

Custom roles restrict Org users to specific UI views. This is useful for limiting UI access of Org users. Custom roles restrict Org users to specific UI views. This is useful for limiting UI access of Org users.
You can define custom roles by adding the views attribute along with role when assigning privileges.
Below are the list of supported UI views. Note that this is UI only feature.

| UI View | Required Role | Description | | --- | --- | --- | | reporting | read | full access to all analytics tools | | marketing | read | can view analytics and location maps | | super_observer | read | can view all the organization except the subscription page | | location | write | can view and manage location maps, can view analytics | | security | write | can view and manage site labels, policies and security | | switch_admin | helpdesk | can view and manage Switch ports, can view wired clients | | mxedge_admin | admin | can view and manage Mist edges and Mist tunnels | | lobby_admin | admin | full access to Org and Site Pre-shared keys |

Import

Using pulumi import, import mist_org_sso_role with:

Org PSK can be imported by specifying the org_id and the sso_role_id

$ pulumi import junipermist:org/ssoRole:SsoRole sso_role_one 17b46405-3a6d-4715-8bb4-6bb6d06f316a.d3c42998-9012-4859-9743-6b9bee475309
Copy

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository
junipermist pulumi/pulumi-junipermist
License
Apache-2.0
Notes
This Pulumi package is based on the mist Terraform Provider.
Juniper Mist v0.3.1 published on Monday, Apr 14, 2025 by Pulumi
pulumi/pulumi-junipermist