Auth0 v3.7.1, Sep 12 24

Auth0 v3.7.1 published on Thursday, Sep 12, 2024 by Pulumi

auth0.Tenant

Explore with Pulumi AI

Auth0 v3.7.1 published on Thursday, Sep 12, 2024 by Pulumi

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";

const myTenant = new auth0.Tenant("my_tenant", {
    friendlyName: "Tenant Name",
    pictureUrl: "http://example.com/logo.png",
    supportEmail: "support@example.com",
    supportUrl: "http://example.com/support",
    allowedLogoutUrls: ["http://example.com/logout"],
    sessionLifetime: 8760,
    sandboxVersion: "12",
    enabledLocales: ["en"],
    defaultRedirectionUri: "https://example.com/login",
    flags: {
        disableClickjackProtectionHeaders: true,
        enablePublicSignupUserExistsError: true,
        useScopeDescriptionsForConsent: true,
        noDiscloseEnterpriseConnections: false,
        disableManagementApiSmsObfuscation: false,
        disableFieldsMapFix: false,
    },
    sessionCookie: {
        mode: "non-persistent",
    },
    sessions: {
        oidcLogoutPromptEnabled: false,
    },
});

import pulumi
import pulumi_auth0 as auth0

my_tenant = auth0.Tenant("my_tenant",
    friendly_name="Tenant Name",
    picture_url="http://example.com/logo.png",
    support_email="support@example.com",
    support_url="http://example.com/support",
    allowed_logout_urls=["http://example.com/logout"],
    session_lifetime=8760,
    sandbox_version="12",
    enabled_locales=["en"],
    default_redirection_uri="https://example.com/login",
    flags={
        "disable_clickjack_protection_headers": True,
        "enable_public_signup_user_exists_error": True,
        "use_scope_descriptions_for_consent": True,
        "no_disclose_enterprise_connections": False,
        "disable_management_api_sms_obfuscation": False,
        "disable_fields_map_fix": False,
    },
    session_cookie={
        "mode": "non-persistent",
    },
    sessions={
        "oidc_logout_prompt_enabled": False,
    })

package main

import (
	"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := auth0.NewTenant(ctx, "my_tenant", &auth0.TenantArgs{
			FriendlyName: pulumi.String("Tenant Name"),
			PictureUrl:   pulumi.String("http://example.com/logo.png"),
			SupportEmail: pulumi.String("support@example.com"),
			SupportUrl:   pulumi.String("http://example.com/support"),
			AllowedLogoutUrls: pulumi.StringArray{
				pulumi.String("http://example.com/logout"),
			},
			SessionLifetime: pulumi.Float64(8760),
			SandboxVersion:  pulumi.String("12"),
			EnabledLocales: pulumi.StringArray{
				pulumi.String("en"),
			},
			DefaultRedirectionUri: pulumi.String("https://example.com/login"),
			Flags: &auth0.TenantFlagsArgs{
				DisableClickjackProtectionHeaders:  pulumi.Bool(true),
				EnablePublicSignupUserExistsError:  pulumi.Bool(true),
				UseScopeDescriptionsForConsent:     pulumi.Bool(true),
				NoDiscloseEnterpriseConnections:    pulumi.Bool(false),
				DisableManagementApiSmsObfuscation: pulumi.Bool(false),
				DisableFieldsMapFix:                pulumi.Bool(false),
			},
			SessionCookie: &auth0.TenantSessionCookieArgs{
				Mode: pulumi.String("non-persistent"),
			},
			Sessions: &auth0.TenantSessionsArgs{
				OidcLogoutPromptEnabled: pulumi.Bool(false),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Auth0 = Pulumi.Auth0;

return await Deployment.RunAsync(() => 
{
    var myTenant = new Auth0.Tenant("my_tenant", new()
    {
        FriendlyName = "Tenant Name",
        PictureUrl = "http://example.com/logo.png",
        SupportEmail = "support@example.com",
        SupportUrl = "http://example.com/support",
        AllowedLogoutUrls = new[]
        {
            "http://example.com/logout",
        },
        SessionLifetime = 8760,
        SandboxVersion = "12",
        EnabledLocales = new[]
        {
            "en",
        },
        DefaultRedirectionUri = "https://example.com/login",
        Flags = new Auth0.Inputs.TenantFlagsArgs
        {
            DisableClickjackProtectionHeaders = true,
            EnablePublicSignupUserExistsError = true,
            UseScopeDescriptionsForConsent = true,
            NoDiscloseEnterpriseConnections = false,
            DisableManagementApiSmsObfuscation = false,
            DisableFieldsMapFix = false,
        },
        SessionCookie = new Auth0.Inputs.TenantSessionCookieArgs
        {
            Mode = "non-persistent",
        },
        Sessions = new Auth0.Inputs.TenantSessionsArgs
        {
            OidcLogoutPromptEnabled = false,
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Tenant;
import com.pulumi.auth0.TenantArgs;
import com.pulumi.auth0.inputs.TenantFlagsArgs;
import com.pulumi.auth0.inputs.TenantSessionCookieArgs;
import com.pulumi.auth0.inputs.TenantSessionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var myTenant = new Tenant("myTenant", TenantArgs.builder()
            .friendlyName("Tenant Name")
            .pictureUrl("http://example.com/logo.png")
            .supportEmail("support@example.com")
            .supportUrl("http://example.com/support")
            .allowedLogoutUrls("http://example.com/logout")
            .sessionLifetime(8760)
            .sandboxVersion("12")
            .enabledLocales("en")
            .defaultRedirectionUri("https://example.com/login")
            .flags(TenantFlagsArgs.builder()
                .disableClickjackProtectionHeaders(true)
                .enablePublicSignupUserExistsError(true)
                .useScopeDescriptionsForConsent(true)
                .noDiscloseEnterpriseConnections(false)
                .disableManagementApiSmsObfuscation(false)
                .disableFieldsMapFix(false)
                .build())
            .sessionCookie(TenantSessionCookieArgs.builder()
                .mode("non-persistent")
                .build())
            .sessions(TenantSessionsArgs.builder()
                .oidcLogoutPromptEnabled(false)
                .build())
            .build());

    }
}

resources:
  myTenant:
    type: auth0:Tenant
    name: my_tenant
    properties:
      friendlyName: Tenant Name
      pictureUrl: http://example.com/logo.png
      supportEmail: support@example.com
      supportUrl: http://example.com/support
      allowedLogoutUrls:
        - http://example.com/logout
      sessionLifetime: 8760
      sandboxVersion: '12'
      enabledLocales:
        - en
      defaultRedirectionUri: https://example.com/login
      flags:
        disableClickjackProtectionHeaders: true
        enablePublicSignupUserExistsError: true
        useScopeDescriptionsForConsent: true
        noDiscloseEnterpriseConnections: false
        disableManagementApiSmsObfuscation: false
        disableFieldsMapFix: false
      sessionCookie:
        mode: non-persistent
      sessions:
        oidcLogoutPromptEnabled: false

Create Tenant Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new Tenant(name: string, args?: TenantArgs, opts?: CustomResourceOptions);

@overload
def Tenant(resource_name: str,
           args: Optional[TenantArgs] = None,
           opts: Optional[ResourceOptions] = None)

@overload
def Tenant(resource_name: str,
           opts: Optional[ResourceOptions] = None,
           allow_organization_name_in_authentication_api: Optional[bool] = None,
           allowed_logout_urls: Optional[Sequence[str]] = None,
           customize_mfa_in_postlogin_action: Optional[bool] = None,
           default_audience: Optional[str] = None,
           default_directory: Optional[str] = None,
           default_redirection_uri: Optional[str] = None,
           enabled_locales: Optional[Sequence[str]] = None,
           flags: Optional[TenantFlagsArgs] = None,
           friendly_name: Optional[str] = None,
           idle_session_lifetime: Optional[float] = None,
           picture_url: Optional[str] = None,
           sandbox_version: Optional[str] = None,
           session_cookie: Optional[TenantSessionCookieArgs] = None,
           session_lifetime: Optional[float] = None,
           sessions: Optional[TenantSessionsArgs] = None,
           support_email: Optional[str] = None,
           support_url: Optional[str] = None)

func NewTenant(ctx *Context, name string, args *TenantArgs, opts ...ResourceOption) (*Tenant, error)

public Tenant(string name, TenantArgs? args = null, CustomResourceOptions? opts = null)

public Tenant(String name, TenantArgs args)
public Tenant(String name, TenantArgs args, CustomResourceOptions options)

type: auth0:Tenant
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args TenantArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args TenantArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args TenantArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args TenantArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args TenantArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var tenantResource = new Auth0.Tenant("tenantResource", new()
{
    AllowOrganizationNameInAuthenticationApi = false,
    AllowedLogoutUrls = new[]
    {
        "string",
    },
    CustomizeMfaInPostloginAction = false,
    DefaultAudience = "string",
    DefaultDirectory = "string",
    DefaultRedirectionUri = "string",
    EnabledLocales = new[]
    {
        "string",
    },
    Flags = new Auth0.Inputs.TenantFlagsArgs
    {
        AllowLegacyDelegationGrantTypes = false,
        AllowLegacyRoGrantTypes = false,
        AllowLegacyTokeninfoEndpoint = false,
        DashboardInsightsView = false,
        DashboardLogStreamsNext = false,
        DisableClickjackProtectionHeaders = false,
        DisableFieldsMapFix = false,
        DisableManagementApiSmsObfuscation = false,
        EnableAdfsWaadEmailVerification = false,
        EnableApisSection = false,
        EnableClientConnections = false,
        EnableCustomDomainInEmails = false,
        EnableDynamicClientRegistration = false,
        EnableIdtokenApi2 = false,
        EnableLegacyLogsSearchV2 = false,
        EnableLegacyProfile = false,
        EnablePipeline2 = false,
        EnablePublicSignupUserExistsError = false,
        EnableSso = false,
        MfaShowFactorListOnEnrollment = false,
        NoDiscloseEnterpriseConnections = false,
        RevokeRefreshTokenGrant = false,
        UseScopeDescriptionsForConsent = false,
    },
    FriendlyName = "string",
    IdleSessionLifetime = 0,
    PictureUrl = "string",
    SandboxVersion = "string",
    SessionCookie = new Auth0.Inputs.TenantSessionCookieArgs
    {
        Mode = "string",
    },
    SessionLifetime = 0,
    Sessions = new Auth0.Inputs.TenantSessionsArgs
    {
        OidcLogoutPromptEnabled = false,
    },
    SupportEmail = "string",
    SupportUrl = "string",
});

example, err := auth0.NewTenant(ctx, "tenantResource", &auth0.TenantArgs{
	AllowOrganizationNameInAuthenticationApi: pulumi.Bool(false),
	AllowedLogoutUrls: pulumi.StringArray{
		pulumi.String("string"),
	},
	CustomizeMfaInPostloginAction: pulumi.Bool(false),
	DefaultAudience:               pulumi.String("string"),
	DefaultDirectory:              pulumi.String("string"),
	DefaultRedirectionUri:         pulumi.String("string"),
	EnabledLocales: pulumi.StringArray{
		pulumi.String("string"),
	},
	Flags: &auth0.TenantFlagsArgs{
		AllowLegacyDelegationGrantTypes:    pulumi.Bool(false),
		AllowLegacyRoGrantTypes:            pulumi.Bool(false),
		AllowLegacyTokeninfoEndpoint:       pulumi.Bool(false),
		DashboardInsightsView:              pulumi.Bool(false),
		DashboardLogStreamsNext:            pulumi.Bool(false),
		DisableClickjackProtectionHeaders:  pulumi.Bool(false),
		DisableFieldsMapFix:                pulumi.Bool(false),
		DisableManagementApiSmsObfuscation: pulumi.Bool(false),
		EnableAdfsWaadEmailVerification:    pulumi.Bool(false),
		EnableApisSection:                  pulumi.Bool(false),
		EnableClientConnections:            pulumi.Bool(false),
		EnableCustomDomainInEmails:         pulumi.Bool(false),
		EnableDynamicClientRegistration:    pulumi.Bool(false),
		EnableIdtokenApi2:                  pulumi.Bool(false),
		EnableLegacyLogsSearchV2:           pulumi.Bool(false),
		EnableLegacyProfile:                pulumi.Bool(false),
		EnablePipeline2:                    pulumi.Bool(false),
		EnablePublicSignupUserExistsError:  pulumi.Bool(false),
		EnableSso:                          pulumi.Bool(false),
		MfaShowFactorListOnEnrollment:      pulumi.Bool(false),
		NoDiscloseEnterpriseConnections:    pulumi.Bool(false),
		RevokeRefreshTokenGrant:            pulumi.Bool(false),
		UseScopeDescriptionsForConsent:     pulumi.Bool(false),
	},
	FriendlyName:        pulumi.String("string"),
	IdleSessionLifetime: pulumi.Float64(0),
	PictureUrl:          pulumi.String("string"),
	SandboxVersion:      pulumi.String("string"),
	SessionCookie: &auth0.TenantSessionCookieArgs{
		Mode: pulumi.String("string"),
	},
	SessionLifetime: pulumi.Float64(0),
	Sessions: &auth0.TenantSessionsArgs{
		OidcLogoutPromptEnabled: pulumi.Bool(false),
	},
	SupportEmail: pulumi.String("string"),
	SupportUrl:   pulumi.String("string"),
})

var tenantResource = new Tenant("tenantResource", TenantArgs.builder()
    .allowOrganizationNameInAuthenticationApi(false)
    .allowedLogoutUrls("string")
    .customizeMfaInPostloginAction(false)
    .defaultAudience("string")
    .defaultDirectory("string")
    .defaultRedirectionUri("string")
    .enabledLocales("string")
    .flags(TenantFlagsArgs.builder()
        .allowLegacyDelegationGrantTypes(false)
        .allowLegacyRoGrantTypes(false)
        .allowLegacyTokeninfoEndpoint(false)
        .dashboardInsightsView(false)
        .dashboardLogStreamsNext(false)
        .disableClickjackProtectionHeaders(false)
        .disableFieldsMapFix(false)
        .disableManagementApiSmsObfuscation(false)
        .enableAdfsWaadEmailVerification(false)
        .enableApisSection(false)
        .enableClientConnections(false)
        .enableCustomDomainInEmails(false)
        .enableDynamicClientRegistration(false)
        .enableIdtokenApi2(false)
        .enableLegacyLogsSearchV2(false)
        .enableLegacyProfile(false)
        .enablePipeline2(false)
        .enablePublicSignupUserExistsError(false)
        .enableSso(false)
        .mfaShowFactorListOnEnrollment(false)
        .noDiscloseEnterpriseConnections(false)
        .revokeRefreshTokenGrant(false)
        .useScopeDescriptionsForConsent(false)
        .build())
    .friendlyName("string")
    .idleSessionLifetime(0)
    .pictureUrl("string")
    .sandboxVersion("string")
    .sessionCookie(TenantSessionCookieArgs.builder()
        .mode("string")
        .build())
    .sessionLifetime(0)
    .sessions(TenantSessionsArgs.builder()
        .oidcLogoutPromptEnabled(false)
        .build())
    .supportEmail("string")
    .supportUrl("string")
    .build());

tenant_resource = auth0.Tenant("tenantResource",
    allow_organization_name_in_authentication_api=False,
    allowed_logout_urls=["string"],
    customize_mfa_in_postlogin_action=False,
    default_audience="string",
    default_directory="string",
    default_redirection_uri="string",
    enabled_locales=["string"],
    flags=auth0.TenantFlagsArgs(
        allow_legacy_delegation_grant_types=False,
        allow_legacy_ro_grant_types=False,
        allow_legacy_tokeninfo_endpoint=False,
        dashboard_insights_view=False,
        dashboard_log_streams_next=False,
        disable_clickjack_protection_headers=False,
        disable_fields_map_fix=False,
        disable_management_api_sms_obfuscation=False,
        enable_adfs_waad_email_verification=False,
        enable_apis_section=False,
        enable_client_connections=False,
        enable_custom_domain_in_emails=False,
        enable_dynamic_client_registration=False,
        enable_idtoken_api2=False,
        enable_legacy_logs_search_v2=False,
        enable_legacy_profile=False,
        enable_pipeline2=False,
        enable_public_signup_user_exists_error=False,
        enable_sso=False,
        mfa_show_factor_list_on_enrollment=False,
        no_disclose_enterprise_connections=False,
        revoke_refresh_token_grant=False,
        use_scope_descriptions_for_consent=False,
    ),
    friendly_name="string",
    idle_session_lifetime=0,
    picture_url="string",
    sandbox_version="string",
    session_cookie=auth0.TenantSessionCookieArgs(
        mode="string",
    ),
    session_lifetime=0,
    sessions=auth0.TenantSessionsArgs(
        oidc_logout_prompt_enabled=False,
    ),
    support_email="string",
    support_url="string")

const tenantResource = new auth0.Tenant("tenantResource", {
    allowOrganizationNameInAuthenticationApi: false,
    allowedLogoutUrls: ["string"],
    customizeMfaInPostloginAction: false,
    defaultAudience: "string",
    defaultDirectory: "string",
    defaultRedirectionUri: "string",
    enabledLocales: ["string"],
    flags: {
        allowLegacyDelegationGrantTypes: false,
        allowLegacyRoGrantTypes: false,
        allowLegacyTokeninfoEndpoint: false,
        dashboardInsightsView: false,
        dashboardLogStreamsNext: false,
        disableClickjackProtectionHeaders: false,
        disableFieldsMapFix: false,
        disableManagementApiSmsObfuscation: false,
        enableAdfsWaadEmailVerification: false,
        enableApisSection: false,
        enableClientConnections: false,
        enableCustomDomainInEmails: false,
        enableDynamicClientRegistration: false,
        enableIdtokenApi2: false,
        enableLegacyLogsSearchV2: false,
        enableLegacyProfile: false,
        enablePipeline2: false,
        enablePublicSignupUserExistsError: false,
        enableSso: false,
        mfaShowFactorListOnEnrollment: false,
        noDiscloseEnterpriseConnections: false,
        revokeRefreshTokenGrant: false,
        useScopeDescriptionsForConsent: false,
    },
    friendlyName: "string",
    idleSessionLifetime: 0,
    pictureUrl: "string",
    sandboxVersion: "string",
    sessionCookie: {
        mode: "string",
    },
    sessionLifetime: 0,
    sessions: {
        oidcLogoutPromptEnabled: false,
    },
    supportEmail: "string",
    supportUrl: "string",
});

type: auth0:Tenant
properties:
    allowOrganizationNameInAuthenticationApi: false
    allowedLogoutUrls:
        - string
    customizeMfaInPostloginAction: false
    defaultAudience: string
    defaultDirectory: string
    defaultRedirectionUri: string
    enabledLocales:
        - string
    flags:
        allowLegacyDelegationGrantTypes: false
        allowLegacyRoGrantTypes: false
        allowLegacyTokeninfoEndpoint: false
        dashboardInsightsView: false
        dashboardLogStreamsNext: false
        disableClickjackProtectionHeaders: false
        disableFieldsMapFix: false
        disableManagementApiSmsObfuscation: false
        enableAdfsWaadEmailVerification: false
        enableApisSection: false
        enableClientConnections: false
        enableCustomDomainInEmails: false
        enableDynamicClientRegistration: false
        enableIdtokenApi2: false
        enableLegacyLogsSearchV2: false
        enableLegacyProfile: false
        enablePipeline2: false
        enablePublicSignupUserExistsError: false
        enableSso: false
        mfaShowFactorListOnEnrollment: false
        noDiscloseEnterpriseConnections: false
        revokeRefreshTokenGrant: false
        useScopeDescriptionsForConsent: false
    friendlyName: string
    idleSessionLifetime: 0
    pictureUrl: string
    sandboxVersion: string
    sessionCookie:
        mode: string
    sessionLifetime: 0
    sessions:
        oidcLogoutPromptEnabled: false
    supportEmail: string
    supportUrl: string

Tenant Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The Tenant resource accepts the following input properties:

AllowOrganizationNameInAuthenticationApi bool: Whether to accept an organization name instead of an ID on auth endpoints.
AllowedLogoutUrls List<string>: URLs that Auth0 may redirect to after logout.
CustomizeMfaInPostloginAction bool: Whether to enable flexible factors for MFA in the PostLogin action.
DefaultAudience string: API Audience to use by default for API Authorization flows. This setting is equivalent to appending the audience to every authorization request made to the tenant for every application.
DefaultDirectory string: Name of the connection to be used for Password Grant exchanges. Options include auth0-adldap, ad, auth0, email, sms, waad, and adfs.
DefaultRedirectionUri string: The default absolute redirection URI. Must be HTTPS or an empty string.
EnabledLocales List<string>: Supported locales for the user interface. The first locale in the list will be used to set the default locale.
Flags TenantFlags: Configuration settings for tenant flags.
FriendlyName string: Friendly name for the tenant.
IdleSessionLifetime double: Number of hours during which a session can be inactive before the user must log in again.
PictureUrl string: URL of logo to be shown for the tenant. Recommended size is 150px x 150px. If no URL is provided, the Auth0 logo will be used.
SandboxVersion string: Selected sandbox version for the extensibility environment, which allows you to use custom scripts to extend parts of Auth0's functionality.
SessionCookie TenantSessionCookie: Alters behavior of tenant's session cookie. Contains a single mode property.
SessionLifetime double: Number of hours during which a session will stay valid.
Sessions TenantSessions: Sessions related settings for the tenant.
SupportEmail string: Support email address for authenticating users.
SupportUrl string: Support URL for authenticating users.

AllowOrganizationNameInAuthenticationApi bool: Whether to accept an organization name instead of an ID on auth endpoints.
AllowedLogoutUrls []string: URLs that Auth0 may redirect to after logout.
CustomizeMfaInPostloginAction bool: Whether to enable flexible factors for MFA in the PostLogin action.
DefaultAudience string: API Audience to use by default for API Authorization flows. This setting is equivalent to appending the audience to every authorization request made to the tenant for every application.
DefaultDirectory string: Name of the connection to be used for Password Grant exchanges. Options include auth0-adldap, ad, auth0, email, sms, waad, and adfs.
DefaultRedirectionUri string: The default absolute redirection URI. Must be HTTPS or an empty string.
EnabledLocales []string: Supported locales for the user interface. The first locale in the list will be used to set the default locale.
Flags TenantFlagsArgs: Configuration settings for tenant flags.
FriendlyName string: Friendly name for the tenant.
IdleSessionLifetime float64: Number of hours during which a session can be inactive before the user must log in again.
PictureUrl string: URL of logo to be shown for the tenant. Recommended size is 150px x 150px. If no URL is provided, the Auth0 logo will be used.
SandboxVersion string: Selected sandbox version for the extensibility environment, which allows you to use custom scripts to extend parts of Auth0's functionality.
SessionCookie TenantSessionCookieArgs: Alters behavior of tenant's session cookie. Contains a single mode property.
SessionLifetime float64: Number of hours during which a session will stay valid.
Sessions TenantSessionsArgs: Sessions related settings for the tenant.
SupportEmail string: Support email address for authenticating users.
SupportUrl string: Support URL for authenticating users.

allowOrganizationNameInAuthenticationApi Boolean: Whether to accept an organization name instead of an ID on auth endpoints.
allowedLogoutUrls List<String>: URLs that Auth0 may redirect to after logout.
customizeMfaInPostloginAction Boolean: Whether to enable flexible factors for MFA in the PostLogin action.
defaultAudience String: API Audience to use by default for API Authorization flows. This setting is equivalent to appending the audience to every authorization request made to the tenant for every application.
defaultDirectory String: Name of the connection to be used for Password Grant exchanges. Options include auth0-adldap, ad, auth0, email, sms, waad, and adfs.
defaultRedirectionUri String: The default absolute redirection URI. Must be HTTPS or an empty string.
enabledLocales List<String>: Supported locales for the user interface. The first locale in the list will be used to set the default locale.
flags TenantFlags: Configuration settings for tenant flags.
friendlyName String: Friendly name for the tenant.
idleSessionLifetime Double: Number of hours during which a session can be inactive before the user must log in again.
pictureUrl String: URL of logo to be shown for the tenant. Recommended size is 150px x 150px. If no URL is provided, the Auth0 logo will be used.
sandboxVersion String: Selected sandbox version for the extensibility environment, which allows you to use custom scripts to extend parts of Auth0's functionality.
sessionCookie TenantSessionCookie: Alters behavior of tenant's session cookie. Contains a single mode property.
sessionLifetime Double: Number of hours during which a session will stay valid.
sessions TenantSessions: Sessions related settings for the tenant.
supportEmail String: Support email address for authenticating users.
supportUrl String: Support URL for authenticating users.

allowOrganizationNameInAuthenticationApi boolean: Whether to accept an organization name instead of an ID on auth endpoints.
allowedLogoutUrls string[]: URLs that Auth0 may redirect to after logout.
customizeMfaInPostloginAction boolean: Whether to enable flexible factors for MFA in the PostLogin action.
defaultAudience string: API Audience to use by default for API Authorization flows. This setting is equivalent to appending the audience to every authorization request made to the tenant for every application.
defaultDirectory string: Name of the connection to be used for Password Grant exchanges. Options include auth0-adldap, ad, auth0, email, sms, waad, and adfs.
defaultRedirectionUri string: The default absolute redirection URI. Must be HTTPS or an empty string.
enabledLocales string[]: Supported locales for the user interface. The first locale in the list will be used to set the default locale.
flags TenantFlags: Configuration settings for tenant flags.
friendlyName string: Friendly name for the tenant.
idleSessionLifetime number: Number of hours during which a session can be inactive before the user must log in again.
pictureUrl string: URL of logo to be shown for the tenant. Recommended size is 150px x 150px. If no URL is provided, the Auth0 logo will be used.
sandboxVersion string: Selected sandbox version for the extensibility environment, which allows you to use custom scripts to extend parts of Auth0's functionality.
sessionCookie TenantSessionCookie: Alters behavior of tenant's session cookie. Contains a single mode property.
sessionLifetime number: Number of hours during which a session will stay valid.
sessions TenantSessions: Sessions related settings for the tenant.
supportEmail string: Support email address for authenticating users.
supportUrl string: Support URL for authenticating users.

allow_organization_name_in_authentication_api bool: Whether to accept an organization name instead of an ID on auth endpoints.
allowed_logout_urls Sequence[str]: URLs that Auth0 may redirect to after logout.
customize_mfa_in_postlogin_action bool: Whether to enable flexible factors for MFA in the PostLogin action.
default_audience str: API Audience to use by default for API Authorization flows. This setting is equivalent to appending the audience to every authorization request made to the tenant for every application.
default_directory str: Name of the connection to be used for Password Grant exchanges. Options include auth0-adldap, ad, auth0, email, sms, waad, and adfs.
default_redirection_uri str: The default absolute redirection URI. Must be HTTPS or an empty string.
enabled_locales Sequence[str]: Supported locales for the user interface. The first locale in the list will be used to set the default locale.
flags TenantFlagsArgs: Configuration settings for tenant flags.
friendly_name str: Friendly name for the tenant.
idle_session_lifetime float: Number of hours during which a session can be inactive before the user must log in again.
picture_url str: URL of logo to be shown for the tenant. Recommended size is 150px x 150px. If no URL is provided, the Auth0 logo will be used.
sandbox_version str: Selected sandbox version for the extensibility environment, which allows you to use custom scripts to extend parts of Auth0's functionality.
session_cookie TenantSessionCookieArgs: Alters behavior of tenant's session cookie. Contains a single mode property.
session_lifetime float: Number of hours during which a session will stay valid.
sessions TenantSessionsArgs: Sessions related settings for the tenant.
support_email str: Support email address for authenticating users.
support_url str: Support URL for authenticating users.

allowOrganizationNameInAuthenticationApi Boolean: Whether to accept an organization name instead of an ID on auth endpoints.
allowedLogoutUrls List<String>: URLs that Auth0 may redirect to after logout.
customizeMfaInPostloginAction Boolean: Whether to enable flexible factors for MFA in the PostLogin action.
defaultAudience String: API Audience to use by default for API Authorization flows. This setting is equivalent to appending the audience to every authorization request made to the tenant for every application.
defaultDirectory String: Name of the connection to be used for Password Grant exchanges. Options include auth0-adldap, ad, auth0, email, sms, waad, and adfs.
defaultRedirectionUri String: The default absolute redirection URI. Must be HTTPS or an empty string.
enabledLocales List<String>: Supported locales for the user interface. The first locale in the list will be used to set the default locale.
flags Property Map: Configuration settings for tenant flags.
friendlyName String: Friendly name for the tenant.
idleSessionLifetime Number: Number of hours during which a session can be inactive before the user must log in again.
pictureUrl String: URL of logo to be shown for the tenant. Recommended size is 150px x 150px. If no URL is provided, the Auth0 logo will be used.
sandboxVersion String: Selected sandbox version for the extensibility environment, which allows you to use custom scripts to extend parts of Auth0's functionality.
sessionCookie Property Map: Alters behavior of tenant's session cookie. Contains a single mode property.
sessionLifetime Number: Number of hours during which a session will stay valid.
sessions Property Map: Sessions related settings for the tenant.
supportEmail String: Support email address for authenticating users.
supportUrl String: Support URL for authenticating users.

Outputs

All input properties are implicitly available as output properties. Additionally, the Tenant resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

Look up Existing Tenant Resource

Get an existing Tenant resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: TenantState, opts?: CustomResourceOptions): Tenant

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        allow_organization_name_in_authentication_api: Optional[bool] = None,
        allowed_logout_urls: Optional[Sequence[str]] = None,
        customize_mfa_in_postlogin_action: Optional[bool] = None,
        default_audience: Optional[str] = None,
        default_directory: Optional[str] = None,
        default_redirection_uri: Optional[str] = None,
        enabled_locales: Optional[Sequence[str]] = None,
        flags: Optional[TenantFlagsArgs] = None,
        friendly_name: Optional[str] = None,
        idle_session_lifetime: Optional[float] = None,
        picture_url: Optional[str] = None,
        sandbox_version: Optional[str] = None,
        session_cookie: Optional[TenantSessionCookieArgs] = None,
        session_lifetime: Optional[float] = None,
        sessions: Optional[TenantSessionsArgs] = None,
        support_email: Optional[str] = None,
        support_url: Optional[str] = None) -> Tenant

func GetTenant(ctx *Context, name string, id IDInput, state *TenantState, opts ...ResourceOption) (*Tenant, error)

public static Tenant Get(string name, Input<string> id, TenantState? state, CustomResourceOptions? opts = null)

public static Tenant get(String name, Output<String> id, TenantState state, CustomResourceOptions options)

Resource lookup is not supported in YAML

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AllowOrganizationNameInAuthenticationApi bool: Whether to accept an organization name instead of an ID on auth endpoints.
AllowedLogoutUrls List<string>: URLs that Auth0 may redirect to after logout.
CustomizeMfaInPostloginAction bool: Whether to enable flexible factors for MFA in the PostLogin action.
DefaultAudience string: API Audience to use by default for API Authorization flows. This setting is equivalent to appending the audience to every authorization request made to the tenant for every application.
DefaultDirectory string: Name of the connection to be used for Password Grant exchanges. Options include auth0-adldap, ad, auth0, email, sms, waad, and adfs.
DefaultRedirectionUri string: The default absolute redirection URI. Must be HTTPS or an empty string.
EnabledLocales List<string>: Supported locales for the user interface. The first locale in the list will be used to set the default locale.
Flags TenantFlags: Configuration settings for tenant flags.
FriendlyName string: Friendly name for the tenant.
IdleSessionLifetime double: Number of hours during which a session can be inactive before the user must log in again.
PictureUrl string: URL of logo to be shown for the tenant. Recommended size is 150px x 150px. If no URL is provided, the Auth0 logo will be used.
SandboxVersion string: Selected sandbox version for the extensibility environment, which allows you to use custom scripts to extend parts of Auth0's functionality.
SessionCookie TenantSessionCookie: Alters behavior of tenant's session cookie. Contains a single mode property.
SessionLifetime double: Number of hours during which a session will stay valid.
Sessions TenantSessions: Sessions related settings for the tenant.
SupportEmail string: Support email address for authenticating users.
SupportUrl string: Support URL for authenticating users.

AllowOrganizationNameInAuthenticationApi bool: Whether to accept an organization name instead of an ID on auth endpoints.
AllowedLogoutUrls []string: URLs that Auth0 may redirect to after logout.
CustomizeMfaInPostloginAction bool: Whether to enable flexible factors for MFA in the PostLogin action.
DefaultAudience string: API Audience to use by default for API Authorization flows. This setting is equivalent to appending the audience to every authorization request made to the tenant for every application.
DefaultDirectory string: Name of the connection to be used for Password Grant exchanges. Options include auth0-adldap, ad, auth0, email, sms, waad, and adfs.
DefaultRedirectionUri string: The default absolute redirection URI. Must be HTTPS or an empty string.
EnabledLocales []string: Supported locales for the user interface. The first locale in the list will be used to set the default locale.
Flags TenantFlagsArgs: Configuration settings for tenant flags.
FriendlyName string: Friendly name for the tenant.
IdleSessionLifetime float64: Number of hours during which a session can be inactive before the user must log in again.
PictureUrl string: URL of logo to be shown for the tenant. Recommended size is 150px x 150px. If no URL is provided, the Auth0 logo will be used.
SandboxVersion string: Selected sandbox version for the extensibility environment, which allows you to use custom scripts to extend parts of Auth0's functionality.
SessionCookie TenantSessionCookieArgs: Alters behavior of tenant's session cookie. Contains a single mode property.
SessionLifetime float64: Number of hours during which a session will stay valid.
Sessions TenantSessionsArgs: Sessions related settings for the tenant.
SupportEmail string: Support email address for authenticating users.
SupportUrl string: Support URL for authenticating users.

allowOrganizationNameInAuthenticationApi Boolean: Whether to accept an organization name instead of an ID on auth endpoints.
allowedLogoutUrls List<String>: URLs that Auth0 may redirect to after logout.
customizeMfaInPostloginAction Boolean: Whether to enable flexible factors for MFA in the PostLogin action.
defaultAudience String: API Audience to use by default for API Authorization flows. This setting is equivalent to appending the audience to every authorization request made to the tenant for every application.
defaultDirectory String: Name of the connection to be used for Password Grant exchanges. Options include auth0-adldap, ad, auth0, email, sms, waad, and adfs.
defaultRedirectionUri String: The default absolute redirection URI. Must be HTTPS or an empty string.
enabledLocales List<String>: Supported locales for the user interface. The first locale in the list will be used to set the default locale.
flags TenantFlags: Configuration settings for tenant flags.
friendlyName String: Friendly name for the tenant.
idleSessionLifetime Double: Number of hours during which a session can be inactive before the user must log in again.
pictureUrl String: URL of logo to be shown for the tenant. Recommended size is 150px x 150px. If no URL is provided, the Auth0 logo will be used.
sandboxVersion String: Selected sandbox version for the extensibility environment, which allows you to use custom scripts to extend parts of Auth0's functionality.
sessionCookie TenantSessionCookie: Alters behavior of tenant's session cookie. Contains a single mode property.
sessionLifetime Double: Number of hours during which a session will stay valid.
sessions TenantSessions: Sessions related settings for the tenant.
supportEmail String: Support email address for authenticating users.
supportUrl String: Support URL for authenticating users.

allowOrganizationNameInAuthenticationApi boolean: Whether to accept an organization name instead of an ID on auth endpoints.
allowedLogoutUrls string[]: URLs that Auth0 may redirect to after logout.
customizeMfaInPostloginAction boolean: Whether to enable flexible factors for MFA in the PostLogin action.
defaultAudience string: API Audience to use by default for API Authorization flows. This setting is equivalent to appending the audience to every authorization request made to the tenant for every application.
defaultDirectory string: Name of the connection to be used for Password Grant exchanges. Options include auth0-adldap, ad, auth0, email, sms, waad, and adfs.
defaultRedirectionUri string: The default absolute redirection URI. Must be HTTPS or an empty string.
enabledLocales string[]: Supported locales for the user interface. The first locale in the list will be used to set the default locale.
flags TenantFlags: Configuration settings for tenant flags.
friendlyName string: Friendly name for the tenant.
idleSessionLifetime number: Number of hours during which a session can be inactive before the user must log in again.
pictureUrl string: URL of logo to be shown for the tenant. Recommended size is 150px x 150px. If no URL is provided, the Auth0 logo will be used.
sandboxVersion string: Selected sandbox version for the extensibility environment, which allows you to use custom scripts to extend parts of Auth0's functionality.
sessionCookie TenantSessionCookie: Alters behavior of tenant's session cookie. Contains a single mode property.
sessionLifetime number: Number of hours during which a session will stay valid.
sessions TenantSessions: Sessions related settings for the tenant.
supportEmail string: Support email address for authenticating users.
supportUrl string: Support URL for authenticating users.

allow_organization_name_in_authentication_api bool: Whether to accept an organization name instead of an ID on auth endpoints.
allowed_logout_urls Sequence[str]: URLs that Auth0 may redirect to after logout.
customize_mfa_in_postlogin_action bool: Whether to enable flexible factors for MFA in the PostLogin action.
default_audience str: API Audience to use by default for API Authorization flows. This setting is equivalent to appending the audience to every authorization request made to the tenant for every application.
default_directory str: Name of the connection to be used for Password Grant exchanges. Options include auth0-adldap, ad, auth0, email, sms, waad, and adfs.
default_redirection_uri str: The default absolute redirection URI. Must be HTTPS or an empty string.
enabled_locales Sequence[str]: Supported locales for the user interface. The first locale in the list will be used to set the default locale.
flags TenantFlagsArgs: Configuration settings for tenant flags.
friendly_name str: Friendly name for the tenant.
idle_session_lifetime float: Number of hours during which a session can be inactive before the user must log in again.
picture_url str: URL of logo to be shown for the tenant. Recommended size is 150px x 150px. If no URL is provided, the Auth0 logo will be used.
sandbox_version str: Selected sandbox version for the extensibility environment, which allows you to use custom scripts to extend parts of Auth0's functionality.
session_cookie TenantSessionCookieArgs: Alters behavior of tenant's session cookie. Contains a single mode property.
session_lifetime float: Number of hours during which a session will stay valid.
sessions TenantSessionsArgs: Sessions related settings for the tenant.
support_email str: Support email address for authenticating users.
support_url str: Support URL for authenticating users.

allowOrganizationNameInAuthenticationApi Boolean: Whether to accept an organization name instead of an ID on auth endpoints.
allowedLogoutUrls List<String>: URLs that Auth0 may redirect to after logout.
customizeMfaInPostloginAction Boolean: Whether to enable flexible factors for MFA in the PostLogin action.
defaultAudience String: API Audience to use by default for API Authorization flows. This setting is equivalent to appending the audience to every authorization request made to the tenant for every application.
defaultDirectory String: Name of the connection to be used for Password Grant exchanges. Options include auth0-adldap, ad, auth0, email, sms, waad, and adfs.
defaultRedirectionUri String: The default absolute redirection URI. Must be HTTPS or an empty string.
enabledLocales List<String>: Supported locales for the user interface. The first locale in the list will be used to set the default locale.
flags Property Map: Configuration settings for tenant flags.
friendlyName String: Friendly name for the tenant.
idleSessionLifetime Number: Number of hours during which a session can be inactive before the user must log in again.
pictureUrl String: URL of logo to be shown for the tenant. Recommended size is 150px x 150px. If no URL is provided, the Auth0 logo will be used.
sandboxVersion String: Selected sandbox version for the extensibility environment, which allows you to use custom scripts to extend parts of Auth0's functionality.
sessionCookie Property Map: Alters behavior of tenant's session cookie. Contains a single mode property.
sessionLifetime Number: Number of hours during which a session will stay valid.
sessions Property Map: Sessions related settings for the tenant.
supportEmail String: Support email address for authenticating users.
supportUrl String: Support URL for authenticating users.

Supporting Types

TenantFlags, TenantFlagsArgs

AllowLegacyDelegationGrantTypes bool: Whether the legacy delegation endpoint will be enabled for your account (true) or not available (false).
AllowLegacyRoGrantTypes bool: Whether the legacy auth/ro endpoint (used with resource owner password and passwordless features) will be enabled for your account (true) or not available (false).
AllowLegacyTokeninfoEndpoint bool: If enabled, customers can use Tokeninfo Endpoint, otherwise they can not use it.
DashboardInsightsView bool: Enables new insights activity page view.
DashboardLogStreamsNext bool: Enables beta access to log streaming changes.
DisableClickjackProtectionHeaders bool: Indicates whether classic Universal Login prompts include additional security headers to prevent clickjacking.
DisableFieldsMapFix bool: Disables SAML fields map fix for bad mappings with repeated attributes.
DisableManagementApiSmsObfuscation bool: If true, SMS phone numbers will not be obfuscated in Management API GET calls.
EnableAdfsWaadEmailVerification bool: If enabled, users will be presented with an email verification prompt during their first login when using Azure AD or ADFS connections.
EnableApisSection bool: Indicates whether the APIs section is enabled for the tenant.
EnableClientConnections bool: Indicates whether all current connections should be enabled when a new client is created.
EnableCustomDomainInEmails bool: Indicates whether the tenant allows custom domains in emails. Before enabling this flag, you must have a custom domain with status: ready.
EnableDynamicClientRegistration bool: Indicates whether the tenant allows dynamic client registration.
EnableIdtokenApi2 bool: Whether ID tokens can be used to authorize some types of requests to API v2 (true) or not (false).
EnableLegacyLogsSearchV2 bool: Indicates whether to use the older v2 legacy logs search.
EnableLegacyProfile bool: Whether ID tokens and the userinfo endpoint includes a complete user profile (true) or only OpenID Connect claims (false).
EnablePipeline2 bool: Indicates whether advanced API Authorization scenarios are enabled.
EnablePublicSignupUserExistsError bool: Indicates whether the public sign up process shows a user_exists error if the user already exists.
EnableSso bool: Flag indicating whether users will not be prompted to confirm log in before SSO redirection. This flag applies to existing tenants only; new tenants have it enforced as true.
MfaShowFactorListOnEnrollment bool: Used to allow users to pick which factor to enroll with from the list of available MFA factors.
NoDiscloseEnterpriseConnections bool: Do not Publish Enterprise Connections Information with IdP domains on the lock configuration file.
RequirePushedAuthorizationRequests bool: This Flag is not supported by the Auth0 Management API and will be removed in the next major release.
Deprecated: This Flag is not supported by the Auth0 Management API and will be removed in the next major release.
RevokeRefreshTokenGrant bool: Delete underlying grant when a refresh token is revoked via the Authentication API.
UseScopeDescriptionsForConsent bool: Indicates whether to use scope descriptions for consent.

AllowLegacyDelegationGrantTypes bool: Whether the legacy delegation endpoint will be enabled for your account (true) or not available (false).
AllowLegacyRoGrantTypes bool: Whether the legacy auth/ro endpoint (used with resource owner password and passwordless features) will be enabled for your account (true) or not available (false).
AllowLegacyTokeninfoEndpoint bool: If enabled, customers can use Tokeninfo Endpoint, otherwise they can not use it.
DashboardInsightsView bool: Enables new insights activity page view.
DashboardLogStreamsNext bool: Enables beta access to log streaming changes.
DisableClickjackProtectionHeaders bool: Indicates whether classic Universal Login prompts include additional security headers to prevent clickjacking.
DisableFieldsMapFix bool: Disables SAML fields map fix for bad mappings with repeated attributes.
DisableManagementApiSmsObfuscation bool: If true, SMS phone numbers will not be obfuscated in Management API GET calls.
EnableAdfsWaadEmailVerification bool: If enabled, users will be presented with an email verification prompt during their first login when using Azure AD or ADFS connections.
EnableApisSection bool: Indicates whether the APIs section is enabled for the tenant.
EnableClientConnections bool: Indicates whether all current connections should be enabled when a new client is created.
EnableCustomDomainInEmails bool: Indicates whether the tenant allows custom domains in emails. Before enabling this flag, you must have a custom domain with status: ready.
EnableDynamicClientRegistration bool: Indicates whether the tenant allows dynamic client registration.
EnableIdtokenApi2 bool: Whether ID tokens can be used to authorize some types of requests to API v2 (true) or not (false).
EnableLegacyLogsSearchV2 bool: Indicates whether to use the older v2 legacy logs search.
EnableLegacyProfile bool: Whether ID tokens and the userinfo endpoint includes a complete user profile (true) or only OpenID Connect claims (false).
EnablePipeline2 bool: Indicates whether advanced API Authorization scenarios are enabled.
EnablePublicSignupUserExistsError bool: Indicates whether the public sign up process shows a user_exists error if the user already exists.
EnableSso bool: Flag indicating whether users will not be prompted to confirm log in before SSO redirection. This flag applies to existing tenants only; new tenants have it enforced as true.
MfaShowFactorListOnEnrollment bool: Used to allow users to pick which factor to enroll with from the list of available MFA factors.
NoDiscloseEnterpriseConnections bool: Do not Publish Enterprise Connections Information with IdP domains on the lock configuration file.
RequirePushedAuthorizationRequests bool: This Flag is not supported by the Auth0 Management API and will be removed in the next major release.
Deprecated: This Flag is not supported by the Auth0 Management API and will be removed in the next major release.
RevokeRefreshTokenGrant bool: Delete underlying grant when a refresh token is revoked via the Authentication API.
UseScopeDescriptionsForConsent bool: Indicates whether to use scope descriptions for consent.

allowLegacyDelegationGrantTypes Boolean: Whether the legacy delegation endpoint will be enabled for your account (true) or not available (false).
allowLegacyRoGrantTypes Boolean: Whether the legacy auth/ro endpoint (used with resource owner password and passwordless features) will be enabled for your account (true) or not available (false).
allowLegacyTokeninfoEndpoint Boolean: If enabled, customers can use Tokeninfo Endpoint, otherwise they can not use it.
dashboardInsightsView Boolean: Enables new insights activity page view.
dashboardLogStreamsNext Boolean: Enables beta access to log streaming changes.
disableClickjackProtectionHeaders Boolean: Indicates whether classic Universal Login prompts include additional security headers to prevent clickjacking.
disableFieldsMapFix Boolean: Disables SAML fields map fix for bad mappings with repeated attributes.
disableManagementApiSmsObfuscation Boolean: If true, SMS phone numbers will not be obfuscated in Management API GET calls.
enableAdfsWaadEmailVerification Boolean: If enabled, users will be presented with an email verification prompt during their first login when using Azure AD or ADFS connections.
enableApisSection Boolean: Indicates whether the APIs section is enabled for the tenant.
enableClientConnections Boolean: Indicates whether all current connections should be enabled when a new client is created.
enableCustomDomainInEmails Boolean: Indicates whether the tenant allows custom domains in emails. Before enabling this flag, you must have a custom domain with status: ready.
enableDynamicClientRegistration Boolean: Indicates whether the tenant allows dynamic client registration.
enableIdtokenApi2 Boolean: Whether ID tokens can be used to authorize some types of requests to API v2 (true) or not (false).
enableLegacyLogsSearchV2 Boolean: Indicates whether to use the older v2 legacy logs search.
enableLegacyProfile Boolean: Whether ID tokens and the userinfo endpoint includes a complete user profile (true) or only OpenID Connect claims (false).
enablePipeline2 Boolean: Indicates whether advanced API Authorization scenarios are enabled.
enablePublicSignupUserExistsError Boolean: Indicates whether the public sign up process shows a user_exists error if the user already exists.
enableSso Boolean: Flag indicating whether users will not be prompted to confirm log in before SSO redirection. This flag applies to existing tenants only; new tenants have it enforced as true.
mfaShowFactorListOnEnrollment Boolean: Used to allow users to pick which factor to enroll with from the list of available MFA factors.
noDiscloseEnterpriseConnections Boolean: Do not Publish Enterprise Connections Information with IdP domains on the lock configuration file.
requirePushedAuthorizationRequests Boolean: This Flag is not supported by the Auth0 Management API and will be removed in the next major release.
Deprecated: This Flag is not supported by the Auth0 Management API and will be removed in the next major release.
revokeRefreshTokenGrant Boolean: Delete underlying grant when a refresh token is revoked via the Authentication API.
useScopeDescriptionsForConsent Boolean: Indicates whether to use scope descriptions for consent.

allowLegacyDelegationGrantTypes boolean: Whether the legacy delegation endpoint will be enabled for your account (true) or not available (false).
allowLegacyRoGrantTypes boolean: Whether the legacy auth/ro endpoint (used with resource owner password and passwordless features) will be enabled for your account (true) or not available (false).
allowLegacyTokeninfoEndpoint boolean: If enabled, customers can use Tokeninfo Endpoint, otherwise they can not use it.
dashboardInsightsView boolean: Enables new insights activity page view.
dashboardLogStreamsNext boolean: Enables beta access to log streaming changes.
disableClickjackProtectionHeaders boolean: Indicates whether classic Universal Login prompts include additional security headers to prevent clickjacking.
disableFieldsMapFix boolean: Disables SAML fields map fix for bad mappings with repeated attributes.
disableManagementApiSmsObfuscation boolean: If true, SMS phone numbers will not be obfuscated in Management API GET calls.
enableAdfsWaadEmailVerification boolean: If enabled, users will be presented with an email verification prompt during their first login when using Azure AD or ADFS connections.
enableApisSection boolean: Indicates whether the APIs section is enabled for the tenant.
enableClientConnections boolean: Indicates whether all current connections should be enabled when a new client is created.
enableCustomDomainInEmails boolean: Indicates whether the tenant allows custom domains in emails. Before enabling this flag, you must have a custom domain with status: ready.
enableDynamicClientRegistration boolean: Indicates whether the tenant allows dynamic client registration.
enableIdtokenApi2 boolean: Whether ID tokens can be used to authorize some types of requests to API v2 (true) or not (false).
enableLegacyLogsSearchV2 boolean: Indicates whether to use the older v2 legacy logs search.
enableLegacyProfile boolean: Whether ID tokens and the userinfo endpoint includes a complete user profile (true) or only OpenID Connect claims (false).
enablePipeline2 boolean: Indicates whether advanced API Authorization scenarios are enabled.
enablePublicSignupUserExistsError boolean: Indicates whether the public sign up process shows a user_exists error if the user already exists.
enableSso boolean: Flag indicating whether users will not be prompted to confirm log in before SSO redirection. This flag applies to existing tenants only; new tenants have it enforced as true.
mfaShowFactorListOnEnrollment boolean: Used to allow users to pick which factor to enroll with from the list of available MFA factors.
noDiscloseEnterpriseConnections boolean: Do not Publish Enterprise Connections Information with IdP domains on the lock configuration file.
requirePushedAuthorizationRequests boolean: This Flag is not supported by the Auth0 Management API and will be removed in the next major release.
Deprecated: This Flag is not supported by the Auth0 Management API and will be removed in the next major release.
revokeRefreshTokenGrant boolean: Delete underlying grant when a refresh token is revoked via the Authentication API.
useScopeDescriptionsForConsent boolean: Indicates whether to use scope descriptions for consent.

allow_legacy_delegation_grant_types bool: Whether the legacy delegation endpoint will be enabled for your account (true) or not available (false).
allow_legacy_ro_grant_types bool: Whether the legacy auth/ro endpoint (used with resource owner password and passwordless features) will be enabled for your account (true) or not available (false).
allow_legacy_tokeninfo_endpoint bool: If enabled, customers can use Tokeninfo Endpoint, otherwise they can not use it.
dashboard_insights_view bool: Enables new insights activity page view.
dashboard_log_streams_next bool: Enables beta access to log streaming changes.
disable_clickjack_protection_headers bool: Indicates whether classic Universal Login prompts include additional security headers to prevent clickjacking.
disable_fields_map_fix bool: Disables SAML fields map fix for bad mappings with repeated attributes.
disable_management_api_sms_obfuscation bool: If true, SMS phone numbers will not be obfuscated in Management API GET calls.
enable_adfs_waad_email_verification bool: If enabled, users will be presented with an email verification prompt during their first login when using Azure AD or ADFS connections.
enable_apis_section bool: Indicates whether the APIs section is enabled for the tenant.
enable_client_connections bool: Indicates whether all current connections should be enabled when a new client is created.
enable_custom_domain_in_emails bool: Indicates whether the tenant allows custom domains in emails. Before enabling this flag, you must have a custom domain with status: ready.
enable_dynamic_client_registration bool: Indicates whether the tenant allows dynamic client registration.
enable_idtoken_api2 bool: Whether ID tokens can be used to authorize some types of requests to API v2 (true) or not (false).
enable_legacy_logs_search_v2 bool: Indicates whether to use the older v2 legacy logs search.
enable_legacy_profile bool: Whether ID tokens and the userinfo endpoint includes a complete user profile (true) or only OpenID Connect claims (false).
enable_pipeline2 bool: Indicates whether advanced API Authorization scenarios are enabled.
enable_public_signup_user_exists_error bool: Indicates whether the public sign up process shows a user_exists error if the user already exists.
enable_sso bool: Flag indicating whether users will not be prompted to confirm log in before SSO redirection. This flag applies to existing tenants only; new tenants have it enforced as true.
mfa_show_factor_list_on_enrollment bool: Used to allow users to pick which factor to enroll with from the list of available MFA factors.
no_disclose_enterprise_connections bool: Do not Publish Enterprise Connections Information with IdP domains on the lock configuration file.
require_pushed_authorization_requests bool: This Flag is not supported by the Auth0 Management API and will be removed in the next major release.
Deprecated: This Flag is not supported by the Auth0 Management API and will be removed in the next major release.
revoke_refresh_token_grant bool: Delete underlying grant when a refresh token is revoked via the Authentication API.
use_scope_descriptions_for_consent bool: Indicates whether to use scope descriptions for consent.

allowLegacyDelegationGrantTypes Boolean: Whether the legacy delegation endpoint will be enabled for your account (true) or not available (false).
allowLegacyRoGrantTypes Boolean: Whether the legacy auth/ro endpoint (used with resource owner password and passwordless features) will be enabled for your account (true) or not available (false).
allowLegacyTokeninfoEndpoint Boolean: If enabled, customers can use Tokeninfo Endpoint, otherwise they can not use it.
dashboardInsightsView Boolean: Enables new insights activity page view.
dashboardLogStreamsNext Boolean: Enables beta access to log streaming changes.
disableClickjackProtectionHeaders Boolean: Indicates whether classic Universal Login prompts include additional security headers to prevent clickjacking.
disableFieldsMapFix Boolean: Disables SAML fields map fix for bad mappings with repeated attributes.
disableManagementApiSmsObfuscation Boolean: If true, SMS phone numbers will not be obfuscated in Management API GET calls.
enableAdfsWaadEmailVerification Boolean: If enabled, users will be presented with an email verification prompt during their first login when using Azure AD or ADFS connections.
enableApisSection Boolean: Indicates whether the APIs section is enabled for the tenant.
enableClientConnections Boolean: Indicates whether all current connections should be enabled when a new client is created.
enableCustomDomainInEmails Boolean: Indicates whether the tenant allows custom domains in emails. Before enabling this flag, you must have a custom domain with status: ready.
enableDynamicClientRegistration Boolean: Indicates whether the tenant allows dynamic client registration.
enableIdtokenApi2 Boolean: Whether ID tokens can be used to authorize some types of requests to API v2 (true) or not (false).
enableLegacyLogsSearchV2 Boolean: Indicates whether to use the older v2 legacy logs search.
enableLegacyProfile Boolean: Whether ID tokens and the userinfo endpoint includes a complete user profile (true) or only OpenID Connect claims (false).
enablePipeline2 Boolean: Indicates whether advanced API Authorization scenarios are enabled.
enablePublicSignupUserExistsError Boolean: Indicates whether the public sign up process shows a user_exists error if the user already exists.
enableSso Boolean: Flag indicating whether users will not be prompted to confirm log in before SSO redirection. This flag applies to existing tenants only; new tenants have it enforced as true.
mfaShowFactorListOnEnrollment Boolean: Used to allow users to pick which factor to enroll with from the list of available MFA factors.
noDiscloseEnterpriseConnections Boolean: Do not Publish Enterprise Connections Information with IdP domains on the lock configuration file.
requirePushedAuthorizationRequests Boolean: This Flag is not supported by the Auth0 Management API and will be removed in the next major release.
Deprecated: This Flag is not supported by the Auth0 Management API and will be removed in the next major release.
revokeRefreshTokenGrant Boolean: Delete underlying grant when a refresh token is revoked via the Authentication API.
useScopeDescriptionsForConsent Boolean: Indicates whether to use scope descriptions for consent.

TenantSessionCookie, TenantSessionCookieArgs

Mode string: Behavior of tenant session cookie. Accepts either "persistent" or "non-persistent".

Mode string: Behavior of tenant session cookie. Accepts either "persistent" or "non-persistent".

mode String: Behavior of tenant session cookie. Accepts either "persistent" or "non-persistent".

mode string: Behavior of tenant session cookie. Accepts either "persistent" or "non-persistent".

mode str: Behavior of tenant session cookie. Accepts either "persistent" or "non-persistent".

mode String: Behavior of tenant session cookie. Accepts either "persistent" or "non-persistent".

TenantSessions, TenantSessionsArgs

OidcLogoutPromptEnabled bool: When active, users will be presented with a consent prompt to confirm the logout request if the request is not trustworthy. Turn off the consent prompt to bypass user confirmation.

OidcLogoutPromptEnabled bool: When active, users will be presented with a consent prompt to confirm the logout request if the request is not trustworthy. Turn off the consent prompt to bypass user confirmation.

oidcLogoutPromptEnabled Boolean: When active, users will be presented with a consent prompt to confirm the logout request if the request is not trustworthy. Turn off the consent prompt to bypass user confirmation.

oidcLogoutPromptEnabled boolean: When active, users will be presented with a consent prompt to confirm the logout request if the request is not trustworthy. Turn off the consent prompt to bypass user confirmation.

oidc_logout_prompt_enabled bool: When active, users will be presented with a consent prompt to confirm the logout request if the request is not trustworthy. Turn off the consent prompt to bypass user confirmation.

oidcLogoutPromptEnabled Boolean: When active, users will be presented with a consent prompt to confirm the logout request if the request is not trustworthy. Turn off the consent prompt to bypass user confirmation.

Import

As this is not a resource identifiable by an ID within the Auth0 Management API,

tenant can be imported using a random string.

We recommend Version 4 UUID

Example:

$ pulumi import auth0:index/tenant:Tenant my_tenant "82f4f21b-017a-319d-92e7-2291c1ca36c4"

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: Auth0 pulumi/pulumi-auth0
License: Apache-2.0
Notes: This Pulumi package is based on the auth0 Terraform Provider.

Auth0 v3.7.1 published on Thursday, Sep 12, 2024 by Pulumi

pulumi/pulumi-auth0

auth0.Tenant

On this page

On this page

Example Usage

Create Tenant Resource

Constructor syntax

Parameters

Constructor example

Tenant Resource Properties

Inputs

Outputs

Look up Existing Tenant Resource

Supporting Types

TenantFlags, TenantFlagsArgs

TenantSessionCookie, TenantSessionCookieArgs

TenantSessions, TenantSessionsArgs

Import

Package Details

On this page

On this page