Hardening Infrastructure Security Against SSO Identity Provider Compromise

Fork me on GitHub

Teleport

Reference for the teleport_user Terraform data-source

Schema

Required

version (String) Version is the resource version. It must be specified. Supported values are: v2.

Optional

metadata (Attributes) Metadata is resource metadata (see below for nested schema)
spec (Attributes) Spec is a user specification (see below for nested schema)
status (Attributes) (see below for nested schema)
sub_kind (String) SubKind is an optional resource sub kind, used in some resources

Nested Schema for `metadata`

Required:

name (String) Name is an object name

Optional:

description (String) Description is object description
expires (String) Expires is a global expiry time header can be set on any resource in the system.
labels (Map of String) Labels is a set of labels

Nested Schema for `spec`

Optional:

github_identities (Attributes List) GithubIdentities list associated Github OAuth2 identities that let user log in using externally verified identity (see below for nested schema)
oidc_identities (Attributes List) OIDCIdentities lists associated OpenID Connect identities that let user log in using externally verified identity (see below for nested schema)
roles (List of String) Roles is a list of roles assigned to user
saml_identities (Attributes List) SAMLIdentities lists associated SAML identities that let user log in using externally verified identity (see below for nested schema)
traits (Map of List of String)
trusted_device_ids (List of String) TrustedDeviceIDs contains the IDs of trusted devices enrolled by the user. Managed by the Device Trust subsystem, avoid manual edits.

Nested Schema for `spec.github_identities`

Optional:

connector_id (String) ConnectorID is id of registered OIDC connector, e.g. 'google-example.com'
samlSingleLogoutUrl (String) SAMLSingleLogoutURL is the SAML Single log-out URL to initiate SAML SLO (single log-out), if applicable.
username (String) Username is username supplied by external identity provider

Nested Schema for `spec.oidc_identities`

Optional:

connector_id (String) ConnectorID is id of registered OIDC connector, e.g. 'google-example.com'
samlSingleLogoutUrl (String) SAMLSingleLogoutURL is the SAML Single log-out URL to initiate SAML SLO (single log-out), if applicable.
username (String) Username is username supplied by external identity provider

Nested Schema for `spec.saml_identities`

Optional:

connector_id (String) ConnectorID is id of registered OIDC connector, e.g. 'google-example.com'
samlSingleLogoutUrl (String) SAMLSingleLogoutURL is the SAML Single log-out URL to initiate SAML SLO (single log-out), if applicable.
username (String) Username is username supplied by external identity provider

Nested Schema for `status`

Optional:

password_state (Number) password_state reflects what the system knows about the user's password. Note that this is a "best effort" property, in that it can be UNSPECIFIED for users who were created before this property was introduced and didn't perform any password-related activity since then. See RFD 0159 for details. Do NOT use this value for authentication purposes!