create
Creates an InboundSsoAssignment for users and devices in a Customer under a given Group or OrgUnit.
Synopsis
Implements the API documented at https://cloud.google.com/identity/docs/reference/rest/v1/inboundSsoAssignments/create
gsm ssoAssignments create [flags]
Options
--customer string The customer.
For example: customers/C0123abc. (default "customers/my_customer")
--fields string Fields allows partial responses to be retrieved.
See https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more information.
-h, --help help for create
--inboundSamlSsoProfile string Name of the InboundSamlSsoProfile to use.
Must be of the form inboundSamlSsoProfiles/{inboundSamlSsoProfile}.
--rank int Must be zero (which is the default value so it can be omitted) for assignments with targetOrgUnit set and must be greater-than-or-equal-to one for assignments with targetGroup set.
--ssoMode string Inbound SSO behaviors.
May be one of the following:
- SSO_OFF - Disable SSO for the targeted users.
- SAML_SSO - Use an external SAML Identity Provider for SSO for the targeted users.
- DOMAIN_WIDE_SAML_IF_ENABLED - Use the domain-wide SAML Identity Provider for the targeted users if one is configured; otherwise, this is equivalent to SSO_OFF.
Note that this will also be equivalent to SSO_OFF if/when support for domain-wide SAML is removed.
Google may disallow this mode at that point and existing assignments with this mode may be automatically changed to SSO_OFF.
--targetGroup string Must be of the form groups/{group}
Only ONE of --targetGroup and --targetOrgUnit may be specified.
--targetOrgUnit string Must be of the form orgUnits/{orgUnit}.
Only ONE of --targetGroup and --targetOrgUnit may be specified.
Options inherited from parent commands
--compressOutput By default, GSM outputs "pretty" (indented) objects. By setting this flag, GSM's output will be compressed. This may or may not improve performance in scripts.
--config string config file (default is $HOME/.config/gsm/.gsm.yaml)
--delay int This delay (plus a random jitter between 0 and 50) will be applied after every command to avoid reaching quota and rate limits. Set to 0 to disable.
--dwdSubject string Specify a subject used for DWD impersonation (overrides value in config file)
--log string Set the path of the log file. Default is either ~/gsm.log or defined in your config file
--maxElapsedTime int This is the maximum total time that will be spent retrying a request in minutes. (default 15)
--maxRetryInterval int This is the maximum interval that will be used between retry attempts in seconds. (default 320)
--redirectPort int This is the TCP port on which GSM will create web server if you authenticate with a user account for the first time. This is necessary for the OAuth flow. See https://developers.google.com/identity/protocols/oauth2/native-app#redirect-uri_loopback (default 8081)
--retryOn ints Specify the HTTP error code(s) that GSM should retry on. Note that GSM will always retry on HTTP 403 errors that indicate a quota / rate limit error
--streamOutput Setting this flag will cause GSM to output slice values to stdout one by one, instead of one large object
SEE ALSO
- gsm ssoAssignments - Manage inbound SAML SSO assignments (Part of Cloud Identity API)