oci_identity_domains_user

This resource provides the User resource in Oracle Cloud Infrastructure Identity Domains service.

Create a user.

Example Usage

resource "oci_identity_domains_user" "test_user" {
	#Required
	idcs_endpoint = data.oci_identity_domain.test_domain.url
	schemas = ["urn:ietf:params:scim:schemas:core:2.0:User"]
	user_name = "userName"
	/* Note: In most cases, a primary email is REQUIRED to create a user. Otherwise you might get a 400 error. Please see "emails" block below. */

	#Optional
	active = var.user_active
	addresses {
		#Required
		type = var.user_addresses_type

		#Optional
		country = var.user_addresses_country
		formatted = var.user_addresses_formatted
		locality = var.user_addresses_locality
		postal_code = var.user_addresses_postal_code
		primary = var.user_addresses_primary
		region = var.user_addresses_region
		street_address = var.user_addresses_street_address
	}
	attribute_sets = []
	attributes = ""
	authorization = var.user_authorization
	description = var.user_description
	display_name = var.user_display_name

	/* One and only one "emails" block needs to have "primary" set to true */
	emails {
		#Required
		type = var.user_emails_type
		value = var.user_emails_value

		#Optional
		primary = true
		secondary = var.user_emails_secondary
		verified = var.user_emails_verified
	}
	/* Note:
      If a new user is created without a recovery email being set, we automatically add one using the primary email value,
      to ensure the account can be recovered (when account recovery feature is enabled in the current domain).
      So it is recommended to set an email of type "recovery" like below. If not, it is expected to see an update about 
      recovery email when plan/apply after creation.
    */
	emails {
		#Required
		type = "recovery"
		value = var.user_emails_value
	}
	entitlements {
		#Required
		type = var.user_entitlements_type
		value = var.user_entitlements_value

		#Optional
		display = var.user_entitlements_display
		primary = var.user_entitlements_primary
	}
	external_id = "externalId"
	id = var.user_id
	ims {
		#Required
		type = var.user_ims_type
		value = var.user_ims_value

		#Optional
		display = var.user_ims_display
		primary = var.user_ims_primary
	}
	locale = var.user_locale
	name {

		#Optional
		family_name = var.user_name_family_name
		formatted = var.user_name_formatted
		given_name = var.user_name_given_name
		honorific_prefix = var.user_name_honorific_prefix
		honorific_suffix = var.user_name_honorific_suffix
		middle_name = var.user_name_middle_name
	}
	nick_name = var.user_nick_name
	ocid = var.user_ocid
	password = var.user_password
	phone_numbers {
		#Required
		type = var.user_phone_numbers_type
		value = var.user_phone_numbers_value

		#Optional
		primary = var.user_phone_numbers_primary
	}
	photos {
		#Required
		type = var.user_photos_type
		value = var.user_photos_value

		#Optional
		display = var.user_photos_display
		primary = var.user_photos_primary
	}
	preferred_language = var.user_preferred_language
	profile_url = var.user_profile_url
	resource_type_schema_version = var.user_resource_type_schema_version
	roles {
		#Required
		type = var.user_roles_type
		value = var.user_roles_value

		#Optional
		display = var.user_roles_display
		primary = var.user_roles_primary
	}
	tags {
		#Required
		key = var.user_tags_key
		value = var.user_tags_value
	}
	timezone = var.user_timezone
	title = var.user_title
	urnietfparamsscimschemasextensionenterprise20user {

		#Optional
		cost_center = var.user_urnietfparamsscimschemasextensionenterprise20user_cost_center
		department = var.user_urnietfparamsscimschemasextensionenterprise20user_department
		division = var.user_urnietfparamsscimschemasextensionenterprise20user_division
		employee_number = var.user_urnietfparamsscimschemasextensionenterprise20user_employee_number
		manager {

			#Optional
			value = var.user_urnietfparamsscimschemasextensionenterprise20user_manager_value
		}
		organization = var.user_urnietfparamsscimschemasextensionenterprise20user_organization
	}
	urnietfparamsscimschemasoracleidcsextension_oci_tags {

		#Optional
		defined_tags {
			#Required
			key = var.user_urnietfparamsscimschemasoracleidcsextension_oci_tags_defined_tags_key
			namespace = var.user_urnietfparamsscimschemasoracleidcsextension_oci_tags_defined_tags_namespace
			value = var.user_urnietfparamsscimschemasoracleidcsextension_oci_tags_defined_tags_value
		}
		freeform_tags {
			#Required
			key = var.user_urnietfparamsscimschemasoracleidcsextension_oci_tags_freeform_tags_key
			value = var.user_urnietfparamsscimschemasoracleidcsextension_oci_tags_freeform_tags_value
		}
	}
	urnietfparamsscimschemasoracleidcsextensionadaptive_user {

		#Optional
		risk_level = var.user_urnietfparamsscimschemasoracleidcsextensionadaptive_user_risk_level
		risk_scores {
			#Required
			last_update_timestamp = var.user_urnietfparamsscimschemasoracleidcsextensionadaptive_user_risk_scores_last_update_timestamp
			risk_level = var.user_urnietfparamsscimschemasoracleidcsextensionadaptive_user_risk_scores_risk_level
			score = var.user_urnietfparamsscimschemasoracleidcsextensionadaptive_user_risk_scores_score
			value = var.user_urnietfparamsscimschemasoracleidcsextensionadaptive_user_risk_scores_value

			#Optional
			source = var.user_urnietfparamsscimschemasoracleidcsextensionadaptive_user_risk_scores_source
			status = var.user_urnietfparamsscimschemasoracleidcsextensionadaptive_user_risk_scores_status
		}
	}
	urnietfparamsscimschemasoracleidcsextensioncapabilities_user {

		#Optional
		can_use_api_keys = true
		can_use_auth_tokens = true
		can_use_console_password = true
		can_use_customer_secret_keys = true
		can_use_db_credentials = true
		can_use_oauth2client_credentials = true
		can_use_smtp_credentials = true
	}
	urnietfparamsscimschemasoracleidcsextensiondb_credentials_user {

		#Optional
		db_user_name = "dbUserName"
	}
	urnietfparamsscimschemasoracleidcsextensionkerberos_user_user {

		#Optional
		realm_users {
			#Required
			value = var.user_urnietfparamsscimschemasoracleidcsextensionkerberos_user_user_realm_users_value

			#Optional
			principal_name = var.user_urnietfparamsscimschemasoracleidcsextensionkerberos_user_user_realm_users_principal_name
			realm_name = var.user_urnietfparamsscimschemasoracleidcsextensionkerberos_user_user_realm_users_realm_name
		}
	}
	urnietfparamsscimschemasoracleidcsextensionmfa_user {

		#Optional
		bypass_codes {
			#Required
			value = var.user_urnietfparamsscimschemasoracleidcsextensionmfa_user_bypass_codes_value
		}
		devices {
			#Required
			value = var.user_urnietfparamsscimschemasoracleidcsextensionmfa_user_devices_value

			#Optional
			authentication_method = var.user_urnietfparamsscimschemasoracleidcsextensionmfa_user_devices_authentication_method
			display = var.user_urnietfparamsscimschemasoracleidcsextensionmfa_user_devices_display
			factor_status = var.user_urnietfparamsscimschemasoracleidcsextensionmfa_user_devices_factor_status
			factor_type = var.user_urnietfparamsscimschemasoracleidcsextensionmfa_user_devices_factor_type
			last_sync_time = var.user_urnietfparamsscimschemasoracleidcsextensionmfa_user_devices_last_sync_time
			status = var.user_urnietfparamsscimschemasoracleidcsextensionmfa_user_devices_status
			third_party_vendor_name = var.user_urnietfparamsscimschemasoracleidcsextensionmfa_user_devices_third_party_vendor_name
		}
		login_attempts = var.user_urnietfparamsscimschemasoracleidcsextensionmfa_user_login_attempts
		mfa_enabled_on = var.user_urnietfparamsscimschemasoracleidcsextensionmfa_user_mfa_enabled_on
		mfa_ignored_apps = var.user_urnietfparamsscimschemasoracleidcsextensionmfa_user_mfa_ignored_apps
		mfa_status = var.user_urnietfparamsscimschemasoracleidcsextensionmfa_user_mfa_status
		preferred_authentication_factor = var.user_urnietfparamsscimschemasoracleidcsextensionmfa_user_preferred_authentication_factor
		preferred_authentication_method = var.user_urnietfparamsscimschemasoracleidcsextensionmfa_user_preferred_authentication_method
		preferred_device {
			#Required
			value = var.user_urnietfparamsscimschemasoracleidcsextensionmfa_user_preferred_device_value

			#Optional
			display = var.user_urnietfparamsscimschemasoracleidcsextensionmfa_user_preferred_device_display
		}
		preferred_third_party_vendor = var.user_urnietfparamsscimschemasoracleidcsextensionmfa_user_preferred_third_party_vendor
		trusted_user_agents {
			#Required
			value = var.user_urnietfparamsscimschemasoracleidcsextensionmfa_user_trusted_user_agents_value

			#Optional
			display = var.user_urnietfparamsscimschemasoracleidcsextensionmfa_user_trusted_user_agents_display
		}
	}
	urnietfparamsscimschemasoracleidcsextensionpasswordless_user {

		#Optional
		factor_identifier {
			#Required
			value = var.user_urnietfparamsscimschemasoracleidcsextensionpasswordless_user_factor_identifier_value

			#Optional
			display = var.user_urnietfparamsscimschemasoracleidcsextensionpasswordless_user_factor_identifier_display
		}
		factor_method = var.user_urnietfparamsscimschemasoracleidcsextensionpasswordless_user_factor_method
		factor_type = var.user_urnietfparamsscimschemasoracleidcsextensionpasswordless_user_factor_type
	}
	urnietfparamsscimschemasoracleidcsextensionposix_user {

		#Optional
		gecos = var.user_urnietfparamsscimschemasoracleidcsextensionposix_user_gecos
		gid_number = var.user_urnietfparamsscimschemasoracleidcsextensionposix_user_gid_number
		home_directory = var.user_urnietfparamsscimschemasoracleidcsextensionposix_user_home_directory
		login_shell = var.user_urnietfparamsscimschemasoracleidcsextensionposix_user_login_shell
		uid_number = var.user_urnietfparamsscimschemasoracleidcsextensionposix_user_uid_number
	}
	urnietfparamsscimschemasoracleidcsextensionsecurity_questions_user {

		#Optional
		sec_questions {
			#Required
			answer = var.user_urnietfparamsscimschemasoracleidcsextensionsecurity_questions_user_sec_questions_answer
			value = var.user_urnietfparamsscimschemasoracleidcsextensionsecurity_questions_user_sec_questions_value

			#Optional
			hint_text = var.user_urnietfparamsscimschemasoracleidcsextensionsecurity_questions_user_sec_questions_hint_text
		}
	}
	urnietfparamsscimschemasoracleidcsextensionself_change_user {

		#Optional
		allow_self_change = var.user_urnietfparamsscimschemasoracleidcsextensionself_change_user_allow_self_change
	}
	urnietfparamsscimschemasoracleidcsextensionself_registration_user {
		#Required
		self_registration_profile {
			#Required
			value = var.user_urnietfparamsscimschemasoracleidcsextensionself_registration_user_self_registration_profile_value

			#Optional
			display = var.user_urnietfparamsscimschemasoracleidcsextensionself_registration_user_self_registration_profile_display
		}

		#Optional
		consent_granted = var.user_urnietfparamsscimschemasoracleidcsextensionself_registration_user_consent_granted
		user_token = var.user_urnietfparamsscimschemasoracleidcsextensionself_registration_user_user_token
	}
	urnietfparamsscimschemasoracleidcsextensionsff_user {

		#Optional
		sff_auth_keys = var.user_urnietfparamsscimschemasoracleidcsextensionsff_user_sff_auth_keys
	}
	urnietfparamsscimschemasoracleidcsextensionsocial_account_user {

		#Optional
		social_accounts {
			#Required
			value = var.user_urnietfparamsscimschemasoracleidcsextensionsocial_account_user_social_accounts_value

			#Optional
			display = var.user_urnietfparamsscimschemasoracleidcsextensionsocial_account_user_social_accounts_display
		}
	}
	urnietfparamsscimschemasoracleidcsextensionterms_of_use_user {

		#Optional
		terms_of_use_consents {
			#Required
			value = var.user_urnietfparamsscimschemasoracleidcsextensionterms_of_use_user_terms_of_use_consents_value
		}
	}
	urnietfparamsscimschemasoracleidcsextensionuser_state_user {

		#Optional
		locked {

			#Optional
			expired = var.user_urnietfparamsscimschemasoracleidcsextensionuser_state_user_locked_expired
			lock_date = var.user_urnietfparamsscimschemasoracleidcsextensionuser_state_user_locked_lock_date
			on = var.user_urnietfparamsscimschemasoracleidcsextensionuser_state_user_locked_on
			reason = var.user_urnietfparamsscimschemasoracleidcsextensionuser_state_user_locked_reason
		}
		max_concurrent_sessions = var.user_urnietfparamsscimschemasoracleidcsextensionuser_state_user_max_concurrent_sessions
		recovery_locked {

			#Optional
			lock_date = var.user_urnietfparamsscimschemasoracleidcsextensionuser_state_user_recovery_locked_lock_date
			on = var.user_urnietfparamsscimschemasoracleidcsextensionuser_state_user_recovery_locked_on
		}
	}
	urnietfparamsscimschemasoracleidcsextensionuser_user {

		#Optional
		user_provider = var.user_urnietfparamsscimschemasoracleidcsextensionuser_user_user_provider
		account_recovery_required = var.user_urnietfparamsscimschemasoracleidcsextensionuser_user_account_recovery_required
		bypass_notification = var.user_urnietfparamsscimschemasoracleidcsextensionuser_user_bypass_notification
		creation_mechanism = var.user_urnietfparamsscimschemasoracleidcsextensionuser_user_creation_mechanism
		delegated_authentication_target_app {
			#Required
			type = var.user_urnietfparamsscimschemasoracleidcsextensionuser_user_delegated_authentication_target_app_type
			value = var.user_urnietfparamsscimschemasoracleidcsextensionuser_user_delegated_authentication_target_app_value

			#Optional
			display = var.user_urnietfparamsscimschemasoracleidcsextensionuser_user_delegated_authentication_target_app_display
		}
		do_not_show_getting_started = var.user_urnietfparamsscimschemasoracleidcsextensionuser_user_do_not_show_getting_started
		is_authentication_delegated = var.user_urnietfparamsscimschemasoracleidcsextensionuser_user_is_authentication_delegated
		is_federated_user = var.user_urnietfparamsscimschemasoracleidcsextensionuser_user_is_federated_user
		is_group_membership_normalized = var.user_urnietfparamsscimschemasoracleidcsextensionuser_user_is_group_membership_normalized
		is_group_membership_synced_to_users_groups = var.user_urnietfparamsscimschemasoracleidcsextensionuser_user_is_group_membership_synced_to_users_groups
		notification_email_template_id = oci_identity_domains_notification_email_template.test_notification_email_template.id
		preferred_ui_landing_page = var.user_urn_ietf_params_scim_schemas_oracle_idcs_extension_user_user_preferred_ui_landing_page
		service_user = var.user_urn_ietf_params_scim_schemas_oracle_idcs_extension_user_user_service_user
		synced_from_app {
			#Required
			type = var.user_urnietfparamsscimschemasoracleidcsextensionuser_user_synced_from_app_type
			value = var.user_urnietfparamsscimschemasoracleidcsextensionuser_user_synced_from_app_value

			#Optional
			display = var.user_urnietfparamsscimschemasoracleidcsextensionuser_user_synced_from_app_display
		}
		user_flow_controlled_by_external_client = var.user_urnietfparamsscimschemasoracleidcsextensionuser_user_user_flow_controlled_by_external_client
	}
	user_type = var.user_user_type
	x509certificates {
		#Required
		value = var.user_x509certificates_value

		#Optional
		display = var.user_x509certificates_display
		primary = var.user_x509certificates_primary
		type = var.user_x509certificates_type
	}
}

Argument Reference

The following arguments are supported:

** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

Attributes Reference

The following attributes are exported:

Timeouts

The timeouts block allows you to specify timeouts for certain operations: * create - (Defaults to 20 minutes), when creating the User * update - (Defaults to 20 minutes), when updating the User * delete - (Defaults to 20 minutes), when destroying the User

Import

Users can be imported using the id, e.g.

$ terraform import oci_identity_domains_user.test_user "idcsEndpoint/{idcsEndpoint}/users/{userId}"