The "accounts update" command lets Boundary admin update an account resource.
The "accounts update" command updates an existing account resource's LDAP, OIDC, or password authentication information.
---
# accounts update
@ -131,7 +131,7 @@ The `boundary accounts update oidc` command updates an OIDC account.
#### Example
The folloiwng example updates an OIDC account with the ID `acctoidc_1234567890` to add the name `devops` and the description `Oidc account for DevOps`:
The following example updates an OIDC account with the ID `acctoidc_1234567890` to add the name `devops` and the description `Oidc account for DevOps`:
The "auth-methods create" command lets Boundary admin create an auth method.
The "auth-methods create" command creates auth method resources in Boundary. You can create LDAP, OIDC, and password auth method types.
---
# auth-methods create
@ -238,6 +238,21 @@ The following are OIDC-specific options in addition to the command options:
- `-max-age` `(string: "")` - Indicates the OIDC "max_age" parameter that is sent to the provider.
- `prompts` `(string: "")` - Indicates whether the OIDC authorization server should display reauthentication, account selection, or consent user interface prompts.
You can optionally configure one or more of the following types of prompts to customize the behavior of the authentication process:
- `none` - The authorization server does not display any authentication or consent prompts.
- `login` - The authorization server prompts users for reauthentication before allowing them to log in.
- `consent` - The authorization server prompts users for consent before returning any information to Boundary.
- `select_account` - The authorization server prompts users to select a user account.
The `select_account` option can be helpful if your users have multiple accounts.
<Note>
Cloud providers implement `prompts` in different ways.
You may notice differences in behavior if you configure OIDC authentication on multiple cloud providers.
</Note>
- `-signing-algorithm` `(string: "")` - Indicates the allowed signing algorithm. You may specify this multiple times for multiple values.
The "auth-methods update" command lets Boundary admin update an auth method.
The "auth-methods update" command updates existing auth method resources in Boundary. You can update LDAP, OIDC, and password auth method types.
---
# auth-methods update
@ -251,6 +251,21 @@ The following are options are specific to OIDC auth-methods in addition to the c
- `-max-age` `(string: "")` - Indicates the OIDC "max_age" parameter sent to the provider.
- `prompts` `(string: "")` - Indicates whether the OIDC authorization server should display reauthentication, account selection, or consent user interface prompts.
You can optionally configure one or more of the following types of prompts to customize the behavior of the authentication process:
- `none` - The authorization server does not display any authentication or consent prompts.
- `login` - The authorization server prompts users for reauthentication before allowing them to log in.
- `consent` - The authorization server prompts users for consent before returning any information to Boundary.
- `select_account` - The authorization server prompts users to select a user account.
The `select_account` option can be helpful if your users have multiple accounts.
<Note>
Cloud providers implement `prompts` in different ways.
You may notice differences in behavior if you configure OIDC authentication on multiple cloud providers.
</Note>
- `-signing-algorithm` `(string: "")` - Indicates the allowed signing algorithm. You may specify this value multiple times for multiple values.
Use auth methods to authenticate users to Boundary. Learn which attributes you can configure for password, OIDC, and LDAP auth methods in Boundary.
---
# Auth methods
@ -80,6 +80,21 @@ The OIDC auth method has the following additional attributes:
users to reauthenticate, and an unset `maxAge` results in a Terraform value of
-1 and the default TTL of the chosen OIDC is used.
- `prompt` (optional) If you configure this attribute, the OIDC authorization server prompts users for reauthentication, account selection, or consent when they log in.
You can optionally configure one or more of the following additional attributes to customize the behavior of the authentication process:
- `none` (optional) The authorization server does not display any authentication or consent prompts.
- `login` (optional) The authorization server prompts users for reauthentication before allowing them to log in.
- `consent` (optional) The authorization server prompts users for consent before returning any information to Boundary.
- `select_account` (optional) The authorization server prompts users to select a user account.
The `select_account` setting can be helpful if your users have multiple accounts.
<Note>
Cloud providers implement `prompt` in different ways.
You may notice differences in behavior if you configure OIDC authentication on multiple cloud providers.
</Note>
- `signing-algorithm` (required) The allowed signing algorithm. You can specify this attribute
Dan Heath
2 years ago
committed by
GitHub