Docs Home
Packages
Cloudflare v5.39.1 published on Tuesday, Sep 24, 2024 by Pulumi
cloudflare.ZeroTrustAccessIdentityProvider
Explore with Pulumi AI
Provides a Cloudflare Access Identity Provider resource. Identity Providers are used as an authentication or authorisation source within Access.
It’s required that an
account_idorzone_idis provided and in most cases using either is fine. However, if you’re using a scoped access token, you must provide the argument that matches the token’s scope. For example, an access token that is scoped to the “example.com” zone needs to use thezone_idargument.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";
// one time pin
const pinLogin = new cloudflare.ZeroTrustAccessIdentityProvider("pin_login", {
accountId: "f037e56e89293a057740de681ac9abbe",
name: "PIN login",
type: "onetimepin",
});
// oauth
const githubOauth = new cloudflare.ZeroTrustAccessIdentityProvider("github_oauth", {
accountId: "f037e56e89293a057740de681ac9abbe",
name: "GitHub OAuth",
type: "github",
configs: [{
clientId: "example",
clientSecret: "secret_key",
}],
});
// saml
const jumpcloudSaml = new cloudflare.ZeroTrustAccessIdentityProvider("jumpcloud_saml", {
accountId: "f037e56e89293a057740de681ac9abbe",
name: "JumpCloud SAML",
type: "saml",
configs: [{
issuerUrl: "jumpcloud",
ssoTargetUrl: "https://sso.myexample.jumpcloud.com/saml2/cloudflareaccess",
attributes: [
"email",
"username",
],
signRequest: false,
idpPublicCert: `MIIDpDCCAoygAwIBAgIGAV2ka+55MA0GCSqGSIb3DQEBCwUAMIGSMQswCQ...GF/Q2/MHadws97cZg
uTnQyuOqPuHbnN83d/2l1NSYKCbHt24o`,
}],
});
// okta
const okta = new cloudflare.ZeroTrustAccessIdentityProvider("okta", {
accountId: "f037e56e89293a057740de681ac9abbe",
name: "Okta",
type: "okta",
configs: [{
clientId: "example",
clientSecret: "secret_key",
apiToken: "okta_api_token",
oktaAccount: "https://example.com",
}],
});
import pulumi
import pulumi_cloudflare as cloudflare
# one time pin
pin_login = cloudflare.ZeroTrustAccessIdentityProvider("pin_login",
account_id="f037e56e89293a057740de681ac9abbe",
name="PIN login",
type="onetimepin")
# oauth
github_oauth = cloudflare.ZeroTrustAccessIdentityProvider("github_oauth",
account_id="f037e56e89293a057740de681ac9abbe",
name="GitHub OAuth",
type="github",
configs=[{
"client_id": "example",
"client_secret": "secret_key",
}])
# saml
jumpcloud_saml = cloudflare.ZeroTrustAccessIdentityProvider("jumpcloud_saml",
account_id="f037e56e89293a057740de681ac9abbe",
name="JumpCloud SAML",
type="saml",
configs=[{
"issuer_url": "jumpcloud",
"sso_target_url": "https://sso.myexample.jumpcloud.com/saml2/cloudflareaccess",
"attributes": [
"email",
"username",
],
"sign_request": False,
"idp_public_cert": """MIIDpDCCAoygAwIBAgIGAV2ka+55MA0GCSqGSIb3DQEBCwUAMIGSMQswCQ...GF/Q2/MHadws97cZg
uTnQyuOqPuHbnN83d/2l1NSYKCbHt24o""",
}])
# okta
okta = cloudflare.ZeroTrustAccessIdentityProvider("okta",
account_id="f037e56e89293a057740de681ac9abbe",
name="Okta",
type="okta",
configs=[{
"client_id": "example",
"client_secret": "secret_key",
"api_token": "okta_api_token",
"okta_account": "https://example.com",
}])
package main
import (
"github.com/pulumi/pulumi-cloudflare/sdk/v5/go/cloudflare"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// one time pin
_, err := cloudflare.NewZeroTrustAccessIdentityProvider(ctx, "pin_login", &cloudflare.ZeroTrustAccessIdentityProviderArgs{
AccountId: pulumi.String("f037e56e89293a057740de681ac9abbe"),
Name: pulumi.String("PIN login"),
Type: pulumi.String("onetimepin"),
})
if err != nil {
return err
}
// oauth
_, err = cloudflare.NewZeroTrustAccessIdentityProvider(ctx, "github_oauth", &cloudflare.ZeroTrustAccessIdentityProviderArgs{
AccountId: pulumi.String("f037e56e89293a057740de681ac9abbe"),
Name: pulumi.String("GitHub OAuth"),
Type: pulumi.String("github"),
Configs: cloudflare.ZeroTrustAccessIdentityProviderConfigArray{
&cloudflare.ZeroTrustAccessIdentityProviderConfigArgs{
ClientId: pulumi.String("example"),
ClientSecret: pulumi.String("secret_key"),
},
},
})
if err != nil {
return err
}
// saml
_, err = cloudflare.NewZeroTrustAccessIdentityProvider(ctx, "jumpcloud_saml", &cloudflare.ZeroTrustAccessIdentityProviderArgs{
AccountId: pulumi.String("f037e56e89293a057740de681ac9abbe"),
Name: pulumi.String("JumpCloud SAML"),
Type: pulumi.String("saml"),
Configs: cloudflare.ZeroTrustAccessIdentityProviderConfigArray{
&cloudflare.ZeroTrustAccessIdentityProviderConfigArgs{
IssuerUrl: pulumi.String("jumpcloud"),
SsoTargetUrl: pulumi.String("https://sso.myexample.jumpcloud.com/saml2/cloudflareaccess"),
Attributes: pulumi.StringArray{
pulumi.String("email"),
pulumi.String("username"),
},
SignRequest: pulumi.Bool(false),
IdpPublicCert: pulumi.String("MIIDpDCCAoygAwIBAgIGAV2ka+55MA0GCSqGSIb3DQEBCwUAMIGSMQswCQ...GF/Q2/MHadws97cZg\nuTnQyuOqPuHbnN83d/2l1NSYKCbHt24o"),
},
},
})
if err != nil {
return err
}
// okta
_, err = cloudflare.NewZeroTrustAccessIdentityProvider(ctx, "okta", &cloudflare.ZeroTrustAccessIdentityProviderArgs{
AccountId: pulumi.String("f037e56e89293a057740de681ac9abbe"),
Name: pulumi.String("Okta"),
Type: pulumi.String("okta"),
Configs: cloudflare.ZeroTrustAccessIdentityProviderConfigArray{
&cloudflare.ZeroTrustAccessIdentityProviderConfigArgs{
ClientId: pulumi.String("example"),
ClientSecret: pulumi.String("secret_key"),
ApiToken: pulumi.String("okta_api_token"),
OktaAccount: pulumi.String("https://example.com"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Cloudflare = Pulumi.Cloudflare;
return await Deployment.RunAsync(() =>
{
// one time pin
var pinLogin = new Cloudflare.ZeroTrustAccessIdentityProvider("pin_login", new()
{
AccountId = "f037e56e89293a057740de681ac9abbe",
Name = "PIN login",
Type = "onetimepin",
});
// oauth
var githubOauth = new Cloudflare.ZeroTrustAccessIdentityProvider("github_oauth", new()
{
AccountId = "f037e56e89293a057740de681ac9abbe",
Name = "GitHub OAuth",
Type = "github",
Configs = new[]
{
new Cloudflare.Inputs.ZeroTrustAccessIdentityProviderConfigArgs
{
ClientId = "example",
ClientSecret = "secret_key",
},
},
});
// saml
var jumpcloudSaml = new Cloudflare.ZeroTrustAccessIdentityProvider("jumpcloud_saml", new()
{
AccountId = "f037e56e89293a057740de681ac9abbe",
Name = "JumpCloud SAML",
Type = "saml",
Configs = new[]
{
new Cloudflare.Inputs.ZeroTrustAccessIdentityProviderConfigArgs
{
IssuerUrl = "jumpcloud",
SsoTargetUrl = "https://sso.myexample.jumpcloud.com/saml2/cloudflareaccess",
Attributes = new[]
{
"email",
"username",
},
SignRequest = false,
IdpPublicCert = @"MIIDpDCCAoygAwIBAgIGAV2ka+55MA0GCSqGSIb3DQEBCwUAMIGSMQswCQ...GF/Q2/MHadws97cZg
uTnQyuOqPuHbnN83d/2l1NSYKCbHt24o",
},
},
});
// okta
var okta = new Cloudflare.ZeroTrustAccessIdentityProvider("okta", new()
{
AccountId = "f037e56e89293a057740de681ac9abbe",
Name = "Okta",
Type = "okta",
Configs = new[]
{
new Cloudflare.Inputs.ZeroTrustAccessIdentityProviderConfigArgs
{
ClientId = "example",
ClientSecret = "secret_key",
ApiToken = "okta_api_token",
OktaAccount = "https://example.com",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.cloudflare.ZeroTrustAccessIdentityProvider;
import com.pulumi.cloudflare.ZeroTrustAccessIdentityProviderArgs;
import com.pulumi.cloudflare.inputs.ZeroTrustAccessIdentityProviderConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// one time pin
var pinLogin = new ZeroTrustAccessIdentityProvider("pinLogin", ZeroTrustAccessIdentityProviderArgs.builder()
.accountId("f037e56e89293a057740de681ac9abbe")
.name("PIN login")
.type("onetimepin")
.build());
// oauth
var githubOauth = new ZeroTrustAccessIdentityProvider("githubOauth", ZeroTrustAccessIdentityProviderArgs.builder()
.accountId("f037e56e89293a057740de681ac9abbe")
.name("GitHub OAuth")
.type("github")
.configs(ZeroTrustAccessIdentityProviderConfigArgs.builder()
.clientId("example")
.clientSecret("secret_key")
.build())
.build());
// saml
var jumpcloudSaml = new ZeroTrustAccessIdentityProvider("jumpcloudSaml", ZeroTrustAccessIdentityProviderArgs.builder()
.accountId("f037e56e89293a057740de681ac9abbe")
.name("JumpCloud SAML")
.type("saml")
.configs(ZeroTrustAccessIdentityProviderConfigArgs.builder()
.issuerUrl("jumpcloud")
.ssoTargetUrl("https://sso.myexample.jumpcloud.com/saml2/cloudflareaccess")
.attributes(
"email",
"username")
.signRequest(false)
.idpPublicCert("""
MIIDpDCCAoygAwIBAgIGAV2ka+55MA0GCSqGSIb3DQEBCwUAMIGSMQswCQ...GF/Q2/MHadws97cZg
uTnQyuOqPuHbnN83d/2l1NSYKCbHt24o """)
.build())
.build());
// okta
var okta = new ZeroTrustAccessIdentityProvider("okta", ZeroTrustAccessIdentityProviderArgs.builder()
.accountId("f037e56e89293a057740de681ac9abbe")
.name("Okta")
.type("okta")
.configs(ZeroTrustAccessIdentityProviderConfigArgs.builder()
.clientId("example")
.clientSecret("secret_key")
.apiToken("okta_api_token")
.oktaAccount("https://example.com")
.build())
.build());
}
}
resources:
# one time pin
pinLogin:
type: cloudflare:ZeroTrustAccessIdentityProvider
name: pin_login
properties:
accountId: f037e56e89293a057740de681ac9abbe
name: PIN login
type: onetimepin
# oauth
githubOauth:
type: cloudflare:ZeroTrustAccessIdentityProvider
name: github_oauth
properties:
accountId: f037e56e89293a057740de681ac9abbe
name: GitHub OAuth
type: github
configs:
- clientId: example
clientSecret: secret_key
# saml
jumpcloudSaml:
type: cloudflare:ZeroTrustAccessIdentityProvider
name: jumpcloud_saml
properties:
accountId: f037e56e89293a057740de681ac9abbe
name: JumpCloud SAML
type: saml
configs:
- issuerUrl: jumpcloud
ssoTargetUrl: https://sso.myexample.jumpcloud.com/saml2/cloudflareaccess
attributes:
- email
- username
signRequest: false
idpPublicCert: |-
MIIDpDCCAoygAwIBAgIGAV2ka+55MA0GCSqGSIb3DQEBCwUAMIGSMQswCQ...GF/Q2/MHadws97cZg
uTnQyuOqPuHbnN83d/2l1NSYKCbHt24o
# okta
okta:
type: cloudflare:ZeroTrustAccessIdentityProvider
properties:
accountId: f037e56e89293a057740de681ac9abbe
name: Okta
type: okta
configs:
- clientId: example
clientSecret: secret_key
apiToken: okta_api_token
oktaAccount: https://example.com
Create ZeroTrustAccessIdentityProvider Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ZeroTrustAccessIdentityProvider(name: string, args: ZeroTrustAccessIdentityProviderArgs, opts?: CustomResourceOptions);@overload
def ZeroTrustAccessIdentityProvider(resource_name: str,
args: ZeroTrustAccessIdentityProviderArgs,
opts: Optional[ResourceOptions] = None)
@overload
def ZeroTrustAccessIdentityProvider(resource_name: str,
opts: Optional[ResourceOptions] = None,
name: Optional[str] = None,
type: Optional[str] = None,
account_id: Optional[str] = None,
configs: Optional[Sequence[ZeroTrustAccessIdentityProviderConfigArgs]] = None,
scim_configs: Optional[Sequence[ZeroTrustAccessIdentityProviderScimConfigArgs]] = None,
zone_id: Optional[str] = None)func NewZeroTrustAccessIdentityProvider(ctx *Context, name string, args ZeroTrustAccessIdentityProviderArgs, opts ...ResourceOption) (*ZeroTrustAccessIdentityProvider, error)public ZeroTrustAccessIdentityProvider(string name, ZeroTrustAccessIdentityProviderArgs args, CustomResourceOptions? opts = null)
public ZeroTrustAccessIdentityProvider(String name, ZeroTrustAccessIdentityProviderArgs args)
public ZeroTrustAccessIdentityProvider(String name, ZeroTrustAccessIdentityProviderArgs args, CustomResourceOptions options)
type: cloudflare:ZeroTrustAccessIdentityProvider
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ZeroTrustAccessIdentityProviderArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ZeroTrustAccessIdentityProviderArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ZeroTrustAccessIdentityProviderArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ZeroTrustAccessIdentityProviderArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ZeroTrustAccessIdentityProviderArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var zeroTrustAccessIdentityProviderResource = new Cloudflare.ZeroTrustAccessIdentityProvider("zeroTrustAccessIdentityProviderResource", new()
{
Name = "string",
Type = "string",
AccountId = "string",
Configs = new[]
{
new Cloudflare.Inputs.ZeroTrustAccessIdentityProviderConfigArgs
{
ApiToken = "string",
AppsDomain = "string",
Attributes = new[]
{
"string",
},
AuthUrl = "string",
AuthorizationServerId = "string",
CentrifyAccount = "string",
CentrifyAppId = "string",
CertsUrl = "string",
Claims = new[]
{
"string",
},
ClientId = "string",
ClientSecret = "string",
ConditionalAccessEnabled = false,
DirectoryId = "string",
EmailAttributeName = "string",
EmailClaimName = "string",
IdpPublicCert = "string",
IssuerUrl = "string",
OktaAccount = "string",
OneloginAccount = "string",
PingEnvId = "string",
PkceEnabled = false,
RedirectUrl = "string",
Scopes = new[]
{
"string",
},
SignRequest = false,
SsoTargetUrl = "string",
SupportGroups = false,
TokenUrl = "string",
},
},
ScimConfigs = new[]
{
new Cloudflare.Inputs.ZeroTrustAccessIdentityProviderScimConfigArgs
{
Enabled = false,
GroupMemberDeprovision = false,
SeatDeprovision = false,
Secret = "string",
UserDeprovision = false,
},
},
ZoneId = "string",
});
example, err := cloudflare.NewZeroTrustAccessIdentityProvider(ctx, "zeroTrustAccessIdentityProviderResource", &cloudflare.ZeroTrustAccessIdentityProviderArgs{
Name: pulumi.String("string"),
Type: pulumi.String("string"),
AccountId: pulumi.String("string"),
Configs: cloudflare.ZeroTrustAccessIdentityProviderConfigArray{
&cloudflare.ZeroTrustAccessIdentityProviderConfigArgs{
ApiToken: pulumi.String("string"),
AppsDomain: pulumi.String("string"),
Attributes: pulumi.StringArray{
pulumi.String("string"),
},
AuthUrl: pulumi.String("string"),
AuthorizationServerId: pulumi.String("string"),
CentrifyAccount: pulumi.String("string"),
CentrifyAppId: pulumi.String("string"),
CertsUrl: pulumi.String("string"),
Claims: pulumi.StringArray{
pulumi.String("string"),
},
ClientId: pulumi.String("string"),
ClientSecret: pulumi.String("string"),
ConditionalAccessEnabled: pulumi.Bool(false),
DirectoryId: pulumi.String("string"),
EmailAttributeName: pulumi.String("string"),
EmailClaimName: pulumi.String("string"),
IdpPublicCert: pulumi.String("string"),
IssuerUrl: pulumi.String("string"),
OktaAccount: pulumi.String("string"),
OneloginAccount: pulumi.String("string"),
PingEnvId: pulumi.String("string"),
PkceEnabled: pulumi.Bool(false),
RedirectUrl: pulumi.String("string"),
Scopes: pulumi.StringArray{
pulumi.String("string"),
},
SignRequest: pulumi.Bool(false),
SsoTargetUrl: pulumi.String("string"),
SupportGroups: pulumi.Bool(false),
TokenUrl: pulumi.String("string"),
},
},
ScimConfigs: cloudflare.ZeroTrustAccessIdentityProviderScimConfigArray{
&cloudflare.ZeroTrustAccessIdentityProviderScimConfigArgs{
Enabled: pulumi.Bool(false),
GroupMemberDeprovision: pulumi.Bool(false),
SeatDeprovision: pulumi.Bool(false),
Secret: pulumi.String("string"),
UserDeprovision: pulumi.Bool(false),
},
},
ZoneId: pulumi.String("string"),
})
var zeroTrustAccessIdentityProviderResource = new ZeroTrustAccessIdentityProvider("zeroTrustAccessIdentityProviderResource", ZeroTrustAccessIdentityProviderArgs.builder()
.name("string")
.type("string")
.accountId("string")
.configs(ZeroTrustAccessIdentityProviderConfigArgs.builder()
.apiToken("string")
.appsDomain("string")
.attributes("string")
.authUrl("string")
.authorizationServerId("string")
.centrifyAccount("string")
.centrifyAppId("string")
.certsUrl("string")
.claims("string")
.clientId("string")
.clientSecret("string")
.conditionalAccessEnabled(false)
.directoryId("string")
.emailAttributeName("string")
.emailClaimName("string")
.idpPublicCert("string")
.issuerUrl("string")
.oktaAccount("string")
.oneloginAccount("string")
.pingEnvId("string")
.pkceEnabled(false)
.redirectUrl("string")
.scopes("string")
.signRequest(false)
.ssoTargetUrl("string")
.supportGroups(false)
.tokenUrl("string")
.build())
.scimConfigs(ZeroTrustAccessIdentityProviderScimConfigArgs.builder()
.enabled(false)
.groupMemberDeprovision(false)
.seatDeprovision(false)
.secret("string")
.userDeprovision(false)
.build())
.zoneId("string")
.build());
zero_trust_access_identity_provider_resource = cloudflare.ZeroTrustAccessIdentityProvider("zeroTrustAccessIdentityProviderResource",
name="string",
type="string",
account_id="string",
configs=[cloudflare.ZeroTrustAccessIdentityProviderConfigArgs(
api_token="string",
apps_domain="string",
attributes=["string"],
auth_url="string",
authorization_server_id="string",
centrify_account="string",
centrify_app_id="string",
certs_url="string",
claims=["string"],
client_id="string",
client_secret="string",
conditional_access_enabled=False,
directory_id="string",
email_attribute_name="string",
email_claim_name="string",
idp_public_cert="string",
issuer_url="string",
okta_account="string",
onelogin_account="string",
ping_env_id="string",
pkce_enabled=False,
redirect_url="string",
scopes=["string"],
sign_request=False,
sso_target_url="string",
support_groups=False,
token_url="string",
)],
scim_configs=[cloudflare.ZeroTrustAccessIdentityProviderScimConfigArgs(
enabled=False,
group_member_deprovision=False,
seat_deprovision=False,
secret="string",
user_deprovision=False,
)],
zone_id="string")
const zeroTrustAccessIdentityProviderResource = new cloudflare.ZeroTrustAccessIdentityProvider("zeroTrustAccessIdentityProviderResource", {
name: "string",
type: "string",
accountId: "string",
configs: [{
apiToken: "string",
appsDomain: "string",
attributes: ["string"],
authUrl: "string",
authorizationServerId: "string",
centrifyAccount: "string",
centrifyAppId: "string",
certsUrl: "string",
claims: ["string"],
clientId: "string",
clientSecret: "string",
conditionalAccessEnabled: false,
directoryId: "string",
emailAttributeName: "string",
emailClaimName: "string",
idpPublicCert: "string",
issuerUrl: "string",
oktaAccount: "string",
oneloginAccount: "string",
pingEnvId: "string",
pkceEnabled: false,
redirectUrl: "string",
scopes: ["string"],
signRequest: false,
ssoTargetUrl: "string",
supportGroups: false,
tokenUrl: "string",
}],
scimConfigs: [{
enabled: false,
groupMemberDeprovision: false,
seatDeprovision: false,
secret: "string",
userDeprovision: false,
}],
zoneId: "string",
});
type: cloudflare:ZeroTrustAccessIdentityProvider
properties:
accountId: string
configs:
- apiToken: string
appsDomain: string
attributes:
- string
authUrl: string
authorizationServerId: string
centrifyAccount: string
centrifyAppId: string
certsUrl: string
claims:
- string
clientId: string
clientSecret: string
conditionalAccessEnabled: false
directoryId: string
emailAttributeName: string
emailClaimName: string
idpPublicCert: string
issuerUrl: string
oktaAccount: string
oneloginAccount: string
pingEnvId: string
pkceEnabled: false
redirectUrl: string
scopes:
- string
signRequest: false
ssoTargetUrl: string
supportGroups: false
tokenUrl: string
name: string
scimConfigs:
- enabled: false
groupMemberDeprovision: false
seatDeprovision: false
secret: string
userDeprovision: false
type: string
zoneId: string
ZeroTrustAccessIdentityProvider Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The ZeroTrustAccessIdentityProvider resource accepts the following input properties:
- Name string
- Friendly name of the Access Identity Provider configuration.
- Type string
- The provider type to use. Available values:
azureAD,centrify,facebook,github,google,google-apps,linkedin,oidc,okta,onelogin,onetimepin,pingone,saml,yandex. - Account
Id string - The account identifier to target for the resource. Conflicts with
zone_id. Modifying this attribute will force creation of a new resource. - Configs
List<Zero
Trust Access Identity Provider Config> - Provider configuration from the developer documentation.
- Scim
Configs List<ZeroTrust Access Identity Provider Scim Config> - Configuration for SCIM settings for a given IDP.
- Zone
Id string - The zone identifier to target for the resource. Conflicts with
account_id. Modifying this attribute will force creation of a new resource.
- Name string
- Friendly name of the Access Identity Provider configuration.
- Type string
- The provider type to use. Available values:
azureAD,centrify,facebook,github,google,google-apps,linkedin,oidc,okta,onelogin,onetimepin,pingone,saml,yandex. - Account
Id string - The account identifier to target for the resource. Conflicts with
zone_id. Modifying this attribute will force creation of a new resource. - Configs
[]Zero
Trust Access Identity Provider Config Args - Provider configuration from the developer documentation.
- Scim
Configs []ZeroTrust Access Identity Provider Scim Config Args - Configuration for SCIM settings for a given IDP.
- Zone
Id string - The zone identifier to target for the resource. Conflicts with
account_id. Modifying this attribute will force creation of a new resource.
- name String
- Friendly name of the Access Identity Provider configuration.
- type String
- The provider type to use. Available values:
azureAD,centrify,facebook,github,google,google-apps,linkedin,oidc,okta,onelogin,onetimepin,pingone,saml,yandex. - account
Id String - The account identifier to target for the resource. Conflicts with
zone_id. Modifying this attribute will force creation of a new resource. - configs
List<Zero
Trust Access Identity Provider Config> - Provider configuration from the developer documentation.
- scim
Configs List<ZeroTrust Access Identity Provider Scim Config> - Configuration for SCIM settings for a given IDP.
- zone
Id String - The zone identifier to target for the resource. Conflicts with
account_id. Modifying this attribute will force creation of a new resource.
- name string
- Friendly name of the Access Identity Provider configuration.
- type string
- The provider type to use. Available values:
azureAD,centrify,facebook,github,google,google-apps,linkedin,oidc,okta,onelogin,onetimepin,pingone,saml,yandex. - account
Id string - The account identifier to target for the resource. Conflicts with
zone_id. Modifying this attribute will force creation of a new resource. - configs
Zero
Trust Access Identity Provider Config[] - Provider configuration from the developer documentation.
- scim
Configs ZeroTrust Access Identity Provider Scim Config[] - Configuration for SCIM settings for a given IDP.
- zone
Id string - The zone identifier to target for the resource. Conflicts with
account_id. Modifying this attribute will force creation of a new resource.
- name str
- Friendly name of the Access Identity Provider configuration.
- type str
- The provider type to use. Available values:
azureAD,centrify,facebook,github,google,google-apps,linkedin,oidc,okta,onelogin,onetimepin,pingone,saml,yandex. - account_
id str - The account identifier to target for the resource. Conflicts with
zone_id. Modifying this attribute will force creation of a new resource. - configs
Sequence[Zero
Trust Access Identity Provider Config Args] - Provider configuration from the developer documentation.
- scim_
configs Sequence[ZeroTrust Access Identity Provider Scim Config Args] - Configuration for SCIM settings for a given IDP.
- zone_
id str - The zone identifier to target for the resource. Conflicts with
account_id. Modifying this attribute will force creation of a new resource.
- name String
- Friendly name of the Access Identity Provider configuration.
- type String
- The provider type to use. Available values:
azureAD,centrify,facebook,github,google,google-apps,linkedin,oidc,okta,onelogin,onetimepin,pingone,saml,yandex. - account
Id String - The account identifier to target for the resource. Conflicts with
zone_id. Modifying this attribute will force creation of a new resource. - configs List<Property Map>
- Provider configuration from the developer documentation.
- scim
Configs List<Property Map> - Configuration for SCIM settings for a given IDP.
- zone
Id String - The zone identifier to target for the resource. Conflicts with
account_id. Modifying this attribute will force creation of a new resource.
Outputs
All input properties are implicitly available as output properties. Additionally, the ZeroTrustAccessIdentityProvider resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing ZeroTrustAccessIdentityProvider Resource
Get an existing ZeroTrustAccessIdentityProvider resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ZeroTrustAccessIdentityProviderState, opts?: CustomResourceOptions): ZeroTrustAccessIdentityProvider@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
account_id: Optional[str] = None,
configs: Optional[Sequence[ZeroTrustAccessIdentityProviderConfigArgs]] = None,
name: Optional[str] = None,
scim_configs: Optional[Sequence[ZeroTrustAccessIdentityProviderScimConfigArgs]] = None,
type: Optional[str] = None,
zone_id: Optional[str] = None) -> ZeroTrustAccessIdentityProviderfunc GetZeroTrustAccessIdentityProvider(ctx *Context, name string, id IDInput, state *ZeroTrustAccessIdentityProviderState, opts ...ResourceOption) (*ZeroTrustAccessIdentityProvider, error)public static ZeroTrustAccessIdentityProvider Get(string name, Input<string> id, ZeroTrustAccessIdentityProviderState? state, CustomResourceOptions? opts = null)public static ZeroTrustAccessIdentityProvider get(String name, Output<String> id, ZeroTrustAccessIdentityProviderState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Account
Id string - The account identifier to target for the resource. Conflicts with
zone_id. Modifying this attribute will force creation of a new resource. - Configs
List<Zero
Trust Access Identity Provider Config> - Provider configuration from the developer documentation.
- Name string
- Friendly name of the Access Identity Provider configuration.
- Scim
Configs List<ZeroTrust Access Identity Provider Scim Config> - Configuration for SCIM settings for a given IDP.
- Type string
- The provider type to use. Available values:
azureAD,centrify,facebook,github,google,google-apps,linkedin,oidc,okta,onelogin,onetimepin,pingone,saml,yandex. - Zone
Id string - The zone identifier to target for the resource. Conflicts with
account_id. Modifying this attribute will force creation of a new resource.
- Account
Id string - The account identifier to target for the resource. Conflicts with
zone_id. Modifying this attribute will force creation of a new resource. - Configs
[]Zero
Trust Access Identity Provider Config Args - Provider configuration from the developer documentation.
- Name string
- Friendly name of the Access Identity Provider configuration.
- Scim
Configs []ZeroTrust Access Identity Provider Scim Config Args - Configuration for SCIM settings for a given IDP.
- Type string
- The provider type to use. Available values:
azureAD,centrify,facebook,github,google,google-apps,linkedin,oidc,okta,onelogin,onetimepin,pingone,saml,yandex. - Zone
Id string - The zone identifier to target for the resource. Conflicts with
account_id. Modifying this attribute will force creation of a new resource.
- account
Id String - The account identifier to target for the resource. Conflicts with
zone_id. Modifying this attribute will force creation of a new resource. - configs
List<Zero
Trust Access Identity Provider Config> - Provider configuration from the developer documentation.
- name String
- Friendly name of the Access Identity Provider configuration.
- scim
Configs List<ZeroTrust Access Identity Provider Scim Config> - Configuration for SCIM settings for a given IDP.
- type String
- The provider type to use. Available values:
azureAD,centrify,facebook,github,google,google-apps,linkedin,oidc,okta,onelogin,onetimepin,pingone,saml,yandex. - zone
Id String - The zone identifier to target for the resource. Conflicts with
account_id. Modifying this attribute will force creation of a new resource.
- account
Id string - The account identifier to target for the resource. Conflicts with
zone_id. Modifying this attribute will force creation of a new resource. - configs
Zero
Trust Access Identity Provider Config[] - Provider configuration from the developer documentation.
- name string
- Friendly name of the Access Identity Provider configuration.
- scim
Configs ZeroTrust Access Identity Provider Scim Config[] - Configuration for SCIM settings for a given IDP.
- type string
- The provider type to use. Available values:
azureAD,centrify,facebook,github,google,google-apps,linkedin,oidc,okta,onelogin,onetimepin,pingone,saml,yandex. - zone
Id string - The zone identifier to target for the resource. Conflicts with
account_id. Modifying this attribute will force creation of a new resource.
- account_
id str - The account identifier to target for the resource. Conflicts with
zone_id. Modifying this attribute will force creation of a new resource. - configs
Sequence[Zero
Trust Access Identity Provider Config Args] - Provider configuration from the developer documentation.
- name str
- Friendly name of the Access Identity Provider configuration.
- scim_
configs Sequence[ZeroTrust Access Identity Provider Scim Config Args] - Configuration for SCIM settings for a given IDP.
- type str
- The provider type to use. Available values:
azureAD,centrify,facebook,github,google,google-apps,linkedin,oidc,okta,onelogin,onetimepin,pingone,saml,yandex. - zone_
id str - The zone identifier to target for the resource. Conflicts with
account_id. Modifying this attribute will force creation of a new resource.
- account
Id String - The account identifier to target for the resource. Conflicts with
zone_id. Modifying this attribute will force creation of a new resource. - configs List<Property Map>
- Provider configuration from the developer documentation.
- name String
- Friendly name of the Access Identity Provider configuration.
- scim
Configs List<Property Map> - Configuration for SCIM settings for a given IDP.
- type String
- The provider type to use. Available values:
azureAD,centrify,facebook,github,google,google-apps,linkedin,oidc,okta,onelogin,onetimepin,pingone,saml,yandex. - zone
Id String - The zone identifier to target for the resource. Conflicts with
account_id. Modifying this attribute will force creation of a new resource.
Supporting Types
ZeroTrustAccessIdentityProviderConfig, ZeroTrustAccessIdentityProviderConfigArgs
- Api
Token string - Apps
Domain string - Attributes List<string>
- Auth
Url string - string
- Centrify
Account string - Centrify
App stringId - Certs
Url string - Claims List<string>
- Client
Id string - Client
Secret string - Conditional
Access boolEnabled - Directory
Id string - Email
Attribute stringName - Email
Claim stringName - Idp
Public stringCert - Issuer
Url string - Okta
Account string - Onelogin
Account string - Ping
Env stringId - Pkce
Enabled bool - Redirect
Url string - Scopes List<string>
- Sign
Request bool - Sso
Target stringUrl - Support
Groups bool - Token
Url string
- Api
Token string - Apps
Domain string - Attributes []string
- Auth
Url string - string
- Centrify
Account string - Centrify
App stringId - Certs
Url string - Claims []string
- Client
Id string - Client
Secret string - Conditional
Access boolEnabled - Directory
Id string - Email
Attribute stringName - Email
Claim stringName - Idp
Public stringCert - Issuer
Url string - Okta
Account string - Onelogin
Account string - Ping
Env stringId - Pkce
Enabled bool - Redirect
Url string - Scopes []string
- Sign
Request bool - Sso
Target stringUrl - Support
Groups bool - Token
Url string
- api
Token String - apps
Domain String - attributes List<String>
- auth
Url String - String
- centrify
Account String - centrify
App StringId - certs
Url String - claims List<String>
- client
Id String - client
Secret String - conditional
Access BooleanEnabled - directory
Id String - email
Attribute StringName - email
Claim StringName - idp
Public StringCert - issuer
Url String - okta
Account String - onelogin
Account String - ping
Env StringId - pkce
Enabled Boolean - redirect
Url String - scopes List<String>
- sign
Request Boolean - sso
Target StringUrl - support
Groups Boolean - token
Url String
- api
Token string - apps
Domain string - attributes string[]
- auth
Url string - string
- centrify
Account string - centrify
App stringId - certs
Url string - claims string[]
- client
Id string - client
Secret string - conditional
Access booleanEnabled - directory
Id string - email
Attribute stringName - email
Claim stringName - idp
Public stringCert - issuer
Url string - okta
Account string - onelogin
Account string - ping
Env stringId - pkce
Enabled boolean - redirect
Url string - scopes string[]
- sign
Request boolean - sso
Target stringUrl - support
Groups boolean - token
Url string
- api_
token str - apps_
domain str - attributes Sequence[str]
- auth_
url str - str
- centrify_
account str - centrify_
app_ strid - certs_
url str - claims Sequence[str]
- client_
id str - client_
secret str - conditional_
access_ boolenabled - directory_
id str - email_
attribute_ strname - email_
claim_ strname - idp_
public_ strcert - issuer_
url str - okta_
account str - onelogin_
account str - ping_
env_ strid - pkce_
enabled bool - redirect_
url str - scopes Sequence[str]
- sign_
request bool - sso_
target_ strurl - support_
groups bool - token_
url str
- api
Token String - apps
Domain String - attributes List<String>
- auth
Url String - String
- centrify
Account String - centrify
App StringId - certs
Url String - claims List<String>
- client
Id String - client
Secret String - conditional
Access BooleanEnabled - directory
Id String - email
Attribute StringName - email
Claim StringName - idp
Public StringCert - issuer
Url String - okta
Account String - onelogin
Account String - ping
Env StringId - pkce
Enabled Boolean - redirect
Url String - scopes List<String>
- sign
Request Boolean - sso
Target StringUrl - support
Groups Boolean - token
Url String
ZeroTrustAccessIdentityProviderScimConfig, ZeroTrustAccessIdentityProviderScimConfigArgs
- Enabled bool
- Group
Member boolDeprovision - Seat
Deprovision bool - Secret string
- User
Deprovision bool
- Enabled bool
- Group
Member boolDeprovision - Seat
Deprovision bool - Secret string
- User
Deprovision bool
- enabled Boolean
- group
Member BooleanDeprovision - seat
Deprovision Boolean - secret String
- user
Deprovision Boolean
- enabled boolean
- group
Member booleanDeprovision - seat
Deprovision boolean - secret string
- user
Deprovision boolean
- enabled bool
- group_
member_ booldeprovision - seat_
deprovision bool - secret str
- user_
deprovision bool
- enabled Boolean
- group
Member BooleanDeprovision - seat
Deprovision Boolean - secret String
- user
Deprovision Boolean
Import
$ pulumi import cloudflare:index/zeroTrustAccessIdentityProvider:ZeroTrustAccessIdentityProvider example <account_id>/<identity_provider_id>
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Cloudflare pulumi/pulumi-cloudflare
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
cloudflareTerraform Provider.