1. Packages
  2. Zitadel
  3. API Docs
  4. LoginPolicy
zitadel v0.1.8 published on Thursday, May 30, 2024 by pulumiverse

zitadel.LoginPolicy

Explore with Pulumi AI

zitadel logo
zitadel v0.1.8 published on Thursday, May 30, 2024 by pulumiverse

    Resource representing the custom login policy of an organization.

    Example Usage

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Zitadel = Pulumiverse.Zitadel;
    
    return await Deployment.RunAsync(() => 
    {
        var @default = new Zitadel.LoginPolicy("default", new()
        {
            OrgId = data.Zitadel_org.Default.Id,
            UserLogin = true,
            AllowRegister = true,
            AllowExternalIdp = true,
            ForceMfa = false,
            ForceMfaLocalOnly = false,
            PasswordlessType = "PASSWORDLESS_TYPE_ALLOWED",
            HidePasswordReset = false,
            PasswordCheckLifetime = "240h0m0s",
            ExternalLoginCheckLifetime = "240h0m0s",
            MultiFactorCheckLifetime = "24h0m0s",
            MfaInitSkipLifetime = "720h0m0s",
            SecondFactorCheckLifetime = "24h0m0s",
            IgnoreUnknownUsernames = true,
            DefaultRedirectUri = "localhost:8080",
            SecondFactors = new[]
            {
                "SECOND_FACTOR_TYPE_OTP",
                "SECOND_FACTOR_TYPE_U2F",
            },
            MultiFactors = new[]
            {
                "MULTI_FACTOR_TYPE_U2F_WITH_VERIFICATION",
            },
            Idps = new[]
            {
                data.Zitadel_idp_google.Default.Id,
                data.Zitadel_idp_azure_ad.Default.Id,
            },
            AllowDomainDiscovery = true,
            DisableLoginWithEmail = true,
            DisableLoginWithPhone = true,
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    	"github.com/pulumiverse/pulumi-zitadel/sdk/go/zitadel"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := zitadel.NewLoginPolicy(ctx, "default", &zitadel.LoginPolicyArgs{
    			OrgId:                      pulumi.Any(data.Zitadel_org.Default.Id),
    			UserLogin:                  pulumi.Bool(true),
    			AllowRegister:              pulumi.Bool(true),
    			AllowExternalIdp:           pulumi.Bool(true),
    			ForceMfa:                   pulumi.Bool(false),
    			ForceMfaLocalOnly:          pulumi.Bool(false),
    			PasswordlessType:           pulumi.String("PASSWORDLESS_TYPE_ALLOWED"),
    			HidePasswordReset:          pulumi.Bool(false),
    			PasswordCheckLifetime:      pulumi.String("240h0m0s"),
    			ExternalLoginCheckLifetime: pulumi.String("240h0m0s"),
    			MultiFactorCheckLifetime:   pulumi.String("24h0m0s"),
    			MfaInitSkipLifetime:        pulumi.String("720h0m0s"),
    			SecondFactorCheckLifetime:  pulumi.String("24h0m0s"),
    			IgnoreUnknownUsernames:     pulumi.Bool(true),
    			DefaultRedirectUri:         pulumi.String("localhost:8080"),
    			SecondFactors: pulumi.StringArray{
    				pulumi.String("SECOND_FACTOR_TYPE_OTP"),
    				pulumi.String("SECOND_FACTOR_TYPE_U2F"),
    			},
    			MultiFactors: pulumi.StringArray{
    				pulumi.String("MULTI_FACTOR_TYPE_U2F_WITH_VERIFICATION"),
    			},
    			Idps: pulumi.StringArray{
    				data.Zitadel_idp_google.Default.Id,
    				data.Zitadel_idp_azure_ad.Default.Id,
    			},
    			AllowDomainDiscovery:  pulumi.Bool(true),
    			DisableLoginWithEmail: pulumi.Bool(true),
    			DisableLoginWithPhone: pulumi.Bool(true),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.zitadel.LoginPolicy;
    import com.pulumi.zitadel.LoginPolicyArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var default_ = new LoginPolicy("default", LoginPolicyArgs.builder()        
                .orgId(data.zitadel_org().default().id())
                .userLogin(true)
                .allowRegister(true)
                .allowExternalIdp(true)
                .forceMfa(false)
                .forceMfaLocalOnly(false)
                .passwordlessType("PASSWORDLESS_TYPE_ALLOWED")
                .hidePasswordReset("false")
                .passwordCheckLifetime("240h0m0s")
                .externalLoginCheckLifetime("240h0m0s")
                .multiFactorCheckLifetime("24h0m0s")
                .mfaInitSkipLifetime("720h0m0s")
                .secondFactorCheckLifetime("24h0m0s")
                .ignoreUnknownUsernames(true)
                .defaultRedirectUri("localhost:8080")
                .secondFactors(            
                    "SECOND_FACTOR_TYPE_OTP",
                    "SECOND_FACTOR_TYPE_U2F")
                .multiFactors("MULTI_FACTOR_TYPE_U2F_WITH_VERIFICATION")
                .idps(            
                    data.zitadel_idp_google().default().id(),
                    data.zitadel_idp_azure_ad().default().id())
                .allowDomainDiscovery(true)
                .disableLoginWithEmail(true)
                .disableLoginWithPhone(true)
                .build());
    
        }
    }
    
    import pulumi
    import pulumiverse_zitadel as zitadel
    
    default = zitadel.LoginPolicy("default",
        org_id=data["zitadel_org"]["default"]["id"],
        user_login=True,
        allow_register=True,
        allow_external_idp=True,
        force_mfa=False,
        force_mfa_local_only=False,
        passwordless_type="PASSWORDLESS_TYPE_ALLOWED",
        hide_password_reset=False,
        password_check_lifetime="240h0m0s",
        external_login_check_lifetime="240h0m0s",
        multi_factor_check_lifetime="24h0m0s",
        mfa_init_skip_lifetime="720h0m0s",
        second_factor_check_lifetime="24h0m0s",
        ignore_unknown_usernames=True,
        default_redirect_uri="localhost:8080",
        second_factors=[
            "SECOND_FACTOR_TYPE_OTP",
            "SECOND_FACTOR_TYPE_U2F",
        ],
        multi_factors=["MULTI_FACTOR_TYPE_U2F_WITH_VERIFICATION"],
        idps=[
            data["zitadel_idp_google"]["default"]["id"],
            data["zitadel_idp_azure_ad"]["default"]["id"],
        ],
        allow_domain_discovery=True,
        disable_login_with_email=True,
        disable_login_with_phone=True)
    
    import * as pulumi from "@pulumi/pulumi";
    import * as zitadel from "@pulumiverse/zitadel";
    
    const _default = new zitadel.LoginPolicy("default", {
        orgId: data.zitadel_org["default"].id,
        userLogin: true,
        allowRegister: true,
        allowExternalIdp: true,
        forceMfa: false,
        forceMfaLocalOnly: false,
        passwordlessType: "PASSWORDLESS_TYPE_ALLOWED",
        hidePasswordReset: false,
        passwordCheckLifetime: "240h0m0s",
        externalLoginCheckLifetime: "240h0m0s",
        multiFactorCheckLifetime: "24h0m0s",
        mfaInitSkipLifetime: "720h0m0s",
        secondFactorCheckLifetime: "24h0m0s",
        ignoreUnknownUsernames: true,
        defaultRedirectUri: "localhost:8080",
        secondFactors: [
            "SECOND_FACTOR_TYPE_OTP",
            "SECOND_FACTOR_TYPE_U2F",
        ],
        multiFactors: ["MULTI_FACTOR_TYPE_U2F_WITH_VERIFICATION"],
        idps: [
            data.zitadel_idp_google["default"].id,
            data.zitadel_idp_azure_ad["default"].id,
        ],
        allowDomainDiscovery: true,
        disableLoginWithEmail: true,
        disableLoginWithPhone: true,
    });
    
    resources:
      default:
        type: zitadel:LoginPolicy
        properties:
          orgId: ${data.zitadel_org.default.id}
          userLogin: true
          allowRegister: true
          allowExternalIdp: true
          forceMfa: false
          forceMfaLocalOnly: false
          passwordlessType: PASSWORDLESS_TYPE_ALLOWED
          hidePasswordReset: 'false'
          passwordCheckLifetime: 240h0m0s
          externalLoginCheckLifetime: 240h0m0s
          multiFactorCheckLifetime: 24h0m0s
          mfaInitSkipLifetime: 720h0m0s
          secondFactorCheckLifetime: 24h0m0s
          ignoreUnknownUsernames: true
          defaultRedirectUri: localhost:8080
          secondFactors:
            - SECOND_FACTOR_TYPE_OTP
            - SECOND_FACTOR_TYPE_U2F
          multiFactors:
            - MULTI_FACTOR_TYPE_U2F_WITH_VERIFICATION
          idps:
            - ${data.zitadel_idp_google.default.id}
            - ${data.zitadel_idp_azure_ad.default.id}
          allowDomainDiscovery: true
          disableLoginWithEmail: true
          disableLoginWithPhone: true
    

    Create LoginPolicy Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new LoginPolicy(name: string, args: LoginPolicyArgs, opts?: CustomResourceOptions);
    @overload
    def LoginPolicy(resource_name: str,
                    args: LoginPolicyArgs,
                    opts: Optional[ResourceOptions] = None)
    
    @overload
    def LoginPolicy(resource_name: str,
                    opts: Optional[ResourceOptions] = None,
                    external_login_check_lifetime: Optional[str] = None,
                    password_check_lifetime: Optional[str] = None,
                    allow_register: Optional[bool] = None,
                    default_redirect_uri: Optional[str] = None,
                    user_login: Optional[bool] = None,
                    second_factor_check_lifetime: Optional[str] = None,
                    allow_external_idp: Optional[bool] = None,
                    force_mfa: Optional[bool] = None,
                    passwordless_type: Optional[str] = None,
                    hide_password_reset: Optional[bool] = None,
                    force_mfa_local_only: Optional[bool] = None,
                    ignore_unknown_usernames: Optional[bool] = None,
                    mfa_init_skip_lifetime: Optional[str] = None,
                    multi_factor_check_lifetime: Optional[str] = None,
                    idps: Optional[Sequence[str]] = None,
                    org_id: Optional[str] = None,
                    multi_factors: Optional[Sequence[str]] = None,
                    allow_domain_discovery: Optional[bool] = None,
                    disable_login_with_phone: Optional[bool] = None,
                    second_factors: Optional[Sequence[str]] = None,
                    disable_login_with_email: Optional[bool] = None)
    func NewLoginPolicy(ctx *Context, name string, args LoginPolicyArgs, opts ...ResourceOption) (*LoginPolicy, error)
    public LoginPolicy(string name, LoginPolicyArgs args, CustomResourceOptions? opts = null)
    public LoginPolicy(String name, LoginPolicyArgs args)
    public LoginPolicy(String name, LoginPolicyArgs args, CustomResourceOptions options)
    
    type: zitadel:LoginPolicy
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args LoginPolicyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args LoginPolicyArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args LoginPolicyArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args LoginPolicyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args LoginPolicyArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var loginPolicyResource = new Zitadel.LoginPolicy("loginPolicyResource", new()
    {
        ExternalLoginCheckLifetime = "string",
        PasswordCheckLifetime = "string",
        AllowRegister = false,
        DefaultRedirectUri = "string",
        UserLogin = false,
        SecondFactorCheckLifetime = "string",
        AllowExternalIdp = false,
        ForceMfa = false,
        PasswordlessType = "string",
        HidePasswordReset = false,
        ForceMfaLocalOnly = false,
        IgnoreUnknownUsernames = false,
        MfaInitSkipLifetime = "string",
        MultiFactorCheckLifetime = "string",
        Idps = new[]
        {
            "string",
        },
        OrgId = "string",
        MultiFactors = new[]
        {
            "string",
        },
        AllowDomainDiscovery = false,
        DisableLoginWithPhone = false,
        SecondFactors = new[]
        {
            "string",
        },
        DisableLoginWithEmail = false,
    });
    
    example, err := zitadel.NewLoginPolicy(ctx, "loginPolicyResource", &zitadel.LoginPolicyArgs{
    	ExternalLoginCheckLifetime: pulumi.String("string"),
    	PasswordCheckLifetime:      pulumi.String("string"),
    	AllowRegister:              pulumi.Bool(false),
    	DefaultRedirectUri:         pulumi.String("string"),
    	UserLogin:                  pulumi.Bool(false),
    	SecondFactorCheckLifetime:  pulumi.String("string"),
    	AllowExternalIdp:           pulumi.Bool(false),
    	ForceMfa:                   pulumi.Bool(false),
    	PasswordlessType:           pulumi.String("string"),
    	HidePasswordReset:          pulumi.Bool(false),
    	ForceMfaLocalOnly:          pulumi.Bool(false),
    	IgnoreUnknownUsernames:     pulumi.Bool(false),
    	MfaInitSkipLifetime:        pulumi.String("string"),
    	MultiFactorCheckLifetime:   pulumi.String("string"),
    	Idps: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	OrgId: pulumi.String("string"),
    	MultiFactors: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	AllowDomainDiscovery:  pulumi.Bool(false),
    	DisableLoginWithPhone: pulumi.Bool(false),
    	SecondFactors: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	DisableLoginWithEmail: pulumi.Bool(false),
    })
    
    var loginPolicyResource = new LoginPolicy("loginPolicyResource", LoginPolicyArgs.builder()
        .externalLoginCheckLifetime("string")
        .passwordCheckLifetime("string")
        .allowRegister(false)
        .defaultRedirectUri("string")
        .userLogin(false)
        .secondFactorCheckLifetime("string")
        .allowExternalIdp(false)
        .forceMfa(false)
        .passwordlessType("string")
        .hidePasswordReset(false)
        .forceMfaLocalOnly(false)
        .ignoreUnknownUsernames(false)
        .mfaInitSkipLifetime("string")
        .multiFactorCheckLifetime("string")
        .idps("string")
        .orgId("string")
        .multiFactors("string")
        .allowDomainDiscovery(false)
        .disableLoginWithPhone(false)
        .secondFactors("string")
        .disableLoginWithEmail(false)
        .build());
    
    login_policy_resource = zitadel.LoginPolicy("loginPolicyResource",
        external_login_check_lifetime="string",
        password_check_lifetime="string",
        allow_register=False,
        default_redirect_uri="string",
        user_login=False,
        second_factor_check_lifetime="string",
        allow_external_idp=False,
        force_mfa=False,
        passwordless_type="string",
        hide_password_reset=False,
        force_mfa_local_only=False,
        ignore_unknown_usernames=False,
        mfa_init_skip_lifetime="string",
        multi_factor_check_lifetime="string",
        idps=["string"],
        org_id="string",
        multi_factors=["string"],
        allow_domain_discovery=False,
        disable_login_with_phone=False,
        second_factors=["string"],
        disable_login_with_email=False)
    
    const loginPolicyResource = new zitadel.LoginPolicy("loginPolicyResource", {
        externalLoginCheckLifetime: "string",
        passwordCheckLifetime: "string",
        allowRegister: false,
        defaultRedirectUri: "string",
        userLogin: false,
        secondFactorCheckLifetime: "string",
        allowExternalIdp: false,
        forceMfa: false,
        passwordlessType: "string",
        hidePasswordReset: false,
        forceMfaLocalOnly: false,
        ignoreUnknownUsernames: false,
        mfaInitSkipLifetime: "string",
        multiFactorCheckLifetime: "string",
        idps: ["string"],
        orgId: "string",
        multiFactors: ["string"],
        allowDomainDiscovery: false,
        disableLoginWithPhone: false,
        secondFactors: ["string"],
        disableLoginWithEmail: false,
    });
    
    type: zitadel:LoginPolicy
    properties:
        allowDomainDiscovery: false
        allowExternalIdp: false
        allowRegister: false
        defaultRedirectUri: string
        disableLoginWithEmail: false
        disableLoginWithPhone: false
        externalLoginCheckLifetime: string
        forceMfa: false
        forceMfaLocalOnly: false
        hidePasswordReset: false
        idps:
            - string
        ignoreUnknownUsernames: false
        mfaInitSkipLifetime: string
        multiFactorCheckLifetime: string
        multiFactors:
            - string
        orgId: string
        passwordCheckLifetime: string
        passwordlessType: string
        secondFactorCheckLifetime: string
        secondFactors:
            - string
        userLogin: false
    

    LoginPolicy Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The LoginPolicy resource accepts the following input properties:

    AllowExternalIdp bool
    defines if a user is allowed to add a defined identity provider. E.g. Google auth
    AllowRegister bool
    defines if a person is allowed to register a user on this organisation
    DefaultRedirectUri string
    defines where the user will be redirected to if the login is started without app context (e.g. from mail)
    ExternalLoginCheckLifetime string
    ForceMfa bool
    defines if a user MUST use a multi factor to log in
    ForceMfaLocalOnly bool
    if activated, ZITADEL only enforces MFA on local authentications. On authentications through MFA, ZITADEL won't prompt for MFA.
    HidePasswordReset bool
    defines if password reset link should be shown in the login screen
    IgnoreUnknownUsernames bool
    defines if unknown username on login screen directly return an error or always display the password screen
    MfaInitSkipLifetime string
    MultiFactorCheckLifetime string
    PasswordCheckLifetime string
    PasswordlessType string
    defines if passwordless is allowed for users
    SecondFactorCheckLifetime string
    UserLogin bool
    defines if a user is allowed to login with his username and password
    AllowDomainDiscovery bool
    if set to true, the suffix (@domain.com) of an unknown username input on the login screen will be matched against the org domains and will redirect to the registration of that organisation on success.
    DisableLoginWithEmail bool
    defines if user can additionally (to the loginname) be identified by their verified email address
    DisableLoginWithPhone bool
    defines if user can additionally (to the loginname) be identified by their verified phone number
    Idps List<string>
    allowed idps to login or register
    MultiFactors List<string>
    allowed multi factors
    OrgId string
    ID of the organization
    SecondFactors List<string>
    allowed second factors
    AllowExternalIdp bool
    defines if a user is allowed to add a defined identity provider. E.g. Google auth
    AllowRegister bool
    defines if a person is allowed to register a user on this organisation
    DefaultRedirectUri string
    defines where the user will be redirected to if the login is started without app context (e.g. from mail)
    ExternalLoginCheckLifetime string
    ForceMfa bool
    defines if a user MUST use a multi factor to log in
    ForceMfaLocalOnly bool
    if activated, ZITADEL only enforces MFA on local authentications. On authentications through MFA, ZITADEL won't prompt for MFA.
    HidePasswordReset bool
    defines if password reset link should be shown in the login screen
    IgnoreUnknownUsernames bool
    defines if unknown username on login screen directly return an error or always display the password screen
    MfaInitSkipLifetime string
    MultiFactorCheckLifetime string
    PasswordCheckLifetime string
    PasswordlessType string
    defines if passwordless is allowed for users
    SecondFactorCheckLifetime string
    UserLogin bool
    defines if a user is allowed to login with his username and password
    AllowDomainDiscovery bool
    if set to true, the suffix (@domain.com) of an unknown username input on the login screen will be matched against the org domains and will redirect to the registration of that organisation on success.
    DisableLoginWithEmail bool
    defines if user can additionally (to the loginname) be identified by their verified email address
    DisableLoginWithPhone bool
    defines if user can additionally (to the loginname) be identified by their verified phone number
    Idps []string
    allowed idps to login or register
    MultiFactors []string
    allowed multi factors
    OrgId string
    ID of the organization
    SecondFactors []string
    allowed second factors
    allowExternalIdp Boolean
    defines if a user is allowed to add a defined identity provider. E.g. Google auth
    allowRegister Boolean
    defines if a person is allowed to register a user on this organisation
    defaultRedirectUri String
    defines where the user will be redirected to if the login is started without app context (e.g. from mail)
    externalLoginCheckLifetime String
    forceMfa Boolean
    defines if a user MUST use a multi factor to log in
    forceMfaLocalOnly Boolean
    if activated, ZITADEL only enforces MFA on local authentications. On authentications through MFA, ZITADEL won't prompt for MFA.
    hidePasswordReset Boolean
    defines if password reset link should be shown in the login screen
    ignoreUnknownUsernames Boolean
    defines if unknown username on login screen directly return an error or always display the password screen
    mfaInitSkipLifetime String
    multiFactorCheckLifetime String
    passwordCheckLifetime String
    passwordlessType String
    defines if passwordless is allowed for users
    secondFactorCheckLifetime String
    userLogin Boolean
    defines if a user is allowed to login with his username and password
    allowDomainDiscovery Boolean
    if set to true, the suffix (@domain.com) of an unknown username input on the login screen will be matched against the org domains and will redirect to the registration of that organisation on success.
    disableLoginWithEmail Boolean
    defines if user can additionally (to the loginname) be identified by their verified email address
    disableLoginWithPhone Boolean
    defines if user can additionally (to the loginname) be identified by their verified phone number
    idps List<String>
    allowed idps to login or register
    multiFactors List<String>
    allowed multi factors
    orgId String
    ID of the organization
    secondFactors List<String>
    allowed second factors
    allowExternalIdp boolean
    defines if a user is allowed to add a defined identity provider. E.g. Google auth
    allowRegister boolean
    defines if a person is allowed to register a user on this organisation
    defaultRedirectUri string
    defines where the user will be redirected to if the login is started without app context (e.g. from mail)
    externalLoginCheckLifetime string
    forceMfa boolean
    defines if a user MUST use a multi factor to log in
    forceMfaLocalOnly boolean
    if activated, ZITADEL only enforces MFA on local authentications. On authentications through MFA, ZITADEL won't prompt for MFA.
    hidePasswordReset boolean
    defines if password reset link should be shown in the login screen
    ignoreUnknownUsernames boolean
    defines if unknown username on login screen directly return an error or always display the password screen
    mfaInitSkipLifetime string
    multiFactorCheckLifetime string
    passwordCheckLifetime string
    passwordlessType string
    defines if passwordless is allowed for users
    secondFactorCheckLifetime string
    userLogin boolean
    defines if a user is allowed to login with his username and password
    allowDomainDiscovery boolean
    if set to true, the suffix (@domain.com) of an unknown username input on the login screen will be matched against the org domains and will redirect to the registration of that organisation on success.
    disableLoginWithEmail boolean
    defines if user can additionally (to the loginname) be identified by their verified email address
    disableLoginWithPhone boolean
    defines if user can additionally (to the loginname) be identified by their verified phone number
    idps string[]
    allowed idps to login or register
    multiFactors string[]
    allowed multi factors
    orgId string
    ID of the organization
    secondFactors string[]
    allowed second factors
    allow_external_idp bool
    defines if a user is allowed to add a defined identity provider. E.g. Google auth
    allow_register bool
    defines if a person is allowed to register a user on this organisation
    default_redirect_uri str
    defines where the user will be redirected to if the login is started without app context (e.g. from mail)
    external_login_check_lifetime str
    force_mfa bool
    defines if a user MUST use a multi factor to log in
    force_mfa_local_only bool
    if activated, ZITADEL only enforces MFA on local authentications. On authentications through MFA, ZITADEL won't prompt for MFA.
    hide_password_reset bool
    defines if password reset link should be shown in the login screen
    ignore_unknown_usernames bool
    defines if unknown username on login screen directly return an error or always display the password screen
    mfa_init_skip_lifetime str
    multi_factor_check_lifetime str
    password_check_lifetime str
    passwordless_type str
    defines if passwordless is allowed for users
    second_factor_check_lifetime str
    user_login bool
    defines if a user is allowed to login with his username and password
    allow_domain_discovery bool
    if set to true, the suffix (@domain.com) of an unknown username input on the login screen will be matched against the org domains and will redirect to the registration of that organisation on success.
    disable_login_with_email bool
    defines if user can additionally (to the loginname) be identified by their verified email address
    disable_login_with_phone bool
    defines if user can additionally (to the loginname) be identified by their verified phone number
    idps Sequence[str]
    allowed idps to login or register
    multi_factors Sequence[str]
    allowed multi factors
    org_id str
    ID of the organization
    second_factors Sequence[str]
    allowed second factors
    allowExternalIdp Boolean
    defines if a user is allowed to add a defined identity provider. E.g. Google auth
    allowRegister Boolean
    defines if a person is allowed to register a user on this organisation
    defaultRedirectUri String
    defines where the user will be redirected to if the login is started without app context (e.g. from mail)
    externalLoginCheckLifetime String
    forceMfa Boolean
    defines if a user MUST use a multi factor to log in
    forceMfaLocalOnly Boolean
    if activated, ZITADEL only enforces MFA on local authentications. On authentications through MFA, ZITADEL won't prompt for MFA.
    hidePasswordReset Boolean
    defines if password reset link should be shown in the login screen
    ignoreUnknownUsernames Boolean
    defines if unknown username on login screen directly return an error or always display the password screen
    mfaInitSkipLifetime String
    multiFactorCheckLifetime String
    passwordCheckLifetime String
    passwordlessType String
    defines if passwordless is allowed for users
    secondFactorCheckLifetime String
    userLogin Boolean
    defines if a user is allowed to login with his username and password
    allowDomainDiscovery Boolean
    if set to true, the suffix (@domain.com) of an unknown username input on the login screen will be matched against the org domains and will redirect to the registration of that organisation on success.
    disableLoginWithEmail Boolean
    defines if user can additionally (to the loginname) be identified by their verified email address
    disableLoginWithPhone Boolean
    defines if user can additionally (to the loginname) be identified by their verified phone number
    idps List<String>
    allowed idps to login or register
    multiFactors List<String>
    allowed multi factors
    orgId String
    ID of the organization
    secondFactors List<String>
    allowed second factors

    Outputs

    All input properties are implicitly available as output properties. Additionally, the LoginPolicy resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing LoginPolicy Resource

    Get an existing LoginPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: LoginPolicyState, opts?: CustomResourceOptions): LoginPolicy
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            allow_domain_discovery: Optional[bool] = None,
            allow_external_idp: Optional[bool] = None,
            allow_register: Optional[bool] = None,
            default_redirect_uri: Optional[str] = None,
            disable_login_with_email: Optional[bool] = None,
            disable_login_with_phone: Optional[bool] = None,
            external_login_check_lifetime: Optional[str] = None,
            force_mfa: Optional[bool] = None,
            force_mfa_local_only: Optional[bool] = None,
            hide_password_reset: Optional[bool] = None,
            idps: Optional[Sequence[str]] = None,
            ignore_unknown_usernames: Optional[bool] = None,
            mfa_init_skip_lifetime: Optional[str] = None,
            multi_factor_check_lifetime: Optional[str] = None,
            multi_factors: Optional[Sequence[str]] = None,
            org_id: Optional[str] = None,
            password_check_lifetime: Optional[str] = None,
            passwordless_type: Optional[str] = None,
            second_factor_check_lifetime: Optional[str] = None,
            second_factors: Optional[Sequence[str]] = None,
            user_login: Optional[bool] = None) -> LoginPolicy
    func GetLoginPolicy(ctx *Context, name string, id IDInput, state *LoginPolicyState, opts ...ResourceOption) (*LoginPolicy, error)
    public static LoginPolicy Get(string name, Input<string> id, LoginPolicyState? state, CustomResourceOptions? opts = null)
    public static LoginPolicy get(String name, Output<String> id, LoginPolicyState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AllowDomainDiscovery bool
    if set to true, the suffix (@domain.com) of an unknown username input on the login screen will be matched against the org domains and will redirect to the registration of that organisation on success.
    AllowExternalIdp bool
    defines if a user is allowed to add a defined identity provider. E.g. Google auth
    AllowRegister bool
    defines if a person is allowed to register a user on this organisation
    DefaultRedirectUri string
    defines where the user will be redirected to if the login is started without app context (e.g. from mail)
    DisableLoginWithEmail bool
    defines if user can additionally (to the loginname) be identified by their verified email address
    DisableLoginWithPhone bool
    defines if user can additionally (to the loginname) be identified by their verified phone number
    ExternalLoginCheckLifetime string
    ForceMfa bool
    defines if a user MUST use a multi factor to log in
    ForceMfaLocalOnly bool
    if activated, ZITADEL only enforces MFA on local authentications. On authentications through MFA, ZITADEL won't prompt for MFA.
    HidePasswordReset bool
    defines if password reset link should be shown in the login screen
    Idps List<string>
    allowed idps to login or register
    IgnoreUnknownUsernames bool
    defines if unknown username on login screen directly return an error or always display the password screen
    MfaInitSkipLifetime string
    MultiFactorCheckLifetime string
    MultiFactors List<string>
    allowed multi factors
    OrgId string
    ID of the organization
    PasswordCheckLifetime string
    PasswordlessType string
    defines if passwordless is allowed for users
    SecondFactorCheckLifetime string
    SecondFactors List<string>
    allowed second factors
    UserLogin bool
    defines if a user is allowed to login with his username and password
    AllowDomainDiscovery bool
    if set to true, the suffix (@domain.com) of an unknown username input on the login screen will be matched against the org domains and will redirect to the registration of that organisation on success.
    AllowExternalIdp bool
    defines if a user is allowed to add a defined identity provider. E.g. Google auth
    AllowRegister bool
    defines if a person is allowed to register a user on this organisation
    DefaultRedirectUri string
    defines where the user will be redirected to if the login is started without app context (e.g. from mail)
    DisableLoginWithEmail bool
    defines if user can additionally (to the loginname) be identified by their verified email address
    DisableLoginWithPhone bool
    defines if user can additionally (to the loginname) be identified by their verified phone number
    ExternalLoginCheckLifetime string
    ForceMfa bool
    defines if a user MUST use a multi factor to log in
    ForceMfaLocalOnly bool
    if activated, ZITADEL only enforces MFA on local authentications. On authentications through MFA, ZITADEL won't prompt for MFA.
    HidePasswordReset bool
    defines if password reset link should be shown in the login screen
    Idps []string
    allowed idps to login or register
    IgnoreUnknownUsernames bool
    defines if unknown username on login screen directly return an error or always display the password screen
    MfaInitSkipLifetime string
    MultiFactorCheckLifetime string
    MultiFactors []string
    allowed multi factors
    OrgId string
    ID of the organization
    PasswordCheckLifetime string
    PasswordlessType string
    defines if passwordless is allowed for users
    SecondFactorCheckLifetime string
    SecondFactors []string
    allowed second factors
    UserLogin bool
    defines if a user is allowed to login with his username and password
    allowDomainDiscovery Boolean
    if set to true, the suffix (@domain.com) of an unknown username input on the login screen will be matched against the org domains and will redirect to the registration of that organisation on success.
    allowExternalIdp Boolean
    defines if a user is allowed to add a defined identity provider. E.g. Google auth
    allowRegister Boolean
    defines if a person is allowed to register a user on this organisation
    defaultRedirectUri String
    defines where the user will be redirected to if the login is started without app context (e.g. from mail)
    disableLoginWithEmail Boolean
    defines if user can additionally (to the loginname) be identified by their verified email address
    disableLoginWithPhone Boolean
    defines if user can additionally (to the loginname) be identified by their verified phone number
    externalLoginCheckLifetime String
    forceMfa Boolean
    defines if a user MUST use a multi factor to log in
    forceMfaLocalOnly Boolean
    if activated, ZITADEL only enforces MFA on local authentications. On authentications through MFA, ZITADEL won't prompt for MFA.
    hidePasswordReset Boolean
    defines if password reset link should be shown in the login screen
    idps List<String>
    allowed idps to login or register
    ignoreUnknownUsernames Boolean
    defines if unknown username on login screen directly return an error or always display the password screen
    mfaInitSkipLifetime String
    multiFactorCheckLifetime String
    multiFactors List<String>
    allowed multi factors
    orgId String
    ID of the organization
    passwordCheckLifetime String
    passwordlessType String
    defines if passwordless is allowed for users
    secondFactorCheckLifetime String
    secondFactors List<String>
    allowed second factors
    userLogin Boolean
    defines if a user is allowed to login with his username and password
    allowDomainDiscovery boolean
    if set to true, the suffix (@domain.com) of an unknown username input on the login screen will be matched against the org domains and will redirect to the registration of that organisation on success.
    allowExternalIdp boolean
    defines if a user is allowed to add a defined identity provider. E.g. Google auth
    allowRegister boolean
    defines if a person is allowed to register a user on this organisation
    defaultRedirectUri string
    defines where the user will be redirected to if the login is started without app context (e.g. from mail)
    disableLoginWithEmail boolean
    defines if user can additionally (to the loginname) be identified by their verified email address
    disableLoginWithPhone boolean
    defines if user can additionally (to the loginname) be identified by their verified phone number
    externalLoginCheckLifetime string
    forceMfa boolean
    defines if a user MUST use a multi factor to log in
    forceMfaLocalOnly boolean
    if activated, ZITADEL only enforces MFA on local authentications. On authentications through MFA, ZITADEL won't prompt for MFA.
    hidePasswordReset boolean
    defines if password reset link should be shown in the login screen
    idps string[]
    allowed idps to login or register
    ignoreUnknownUsernames boolean
    defines if unknown username on login screen directly return an error or always display the password screen
    mfaInitSkipLifetime string
    multiFactorCheckLifetime string
    multiFactors string[]
    allowed multi factors
    orgId string
    ID of the organization
    passwordCheckLifetime string
    passwordlessType string
    defines if passwordless is allowed for users
    secondFactorCheckLifetime string
    secondFactors string[]
    allowed second factors
    userLogin boolean
    defines if a user is allowed to login with his username and password
    allow_domain_discovery bool
    if set to true, the suffix (@domain.com) of an unknown username input on the login screen will be matched against the org domains and will redirect to the registration of that organisation on success.
    allow_external_idp bool
    defines if a user is allowed to add a defined identity provider. E.g. Google auth
    allow_register bool
    defines if a person is allowed to register a user on this organisation
    default_redirect_uri str
    defines where the user will be redirected to if the login is started without app context (e.g. from mail)
    disable_login_with_email bool
    defines if user can additionally (to the loginname) be identified by their verified email address
    disable_login_with_phone bool
    defines if user can additionally (to the loginname) be identified by their verified phone number
    external_login_check_lifetime str
    force_mfa bool
    defines if a user MUST use a multi factor to log in
    force_mfa_local_only bool
    if activated, ZITADEL only enforces MFA on local authentications. On authentications through MFA, ZITADEL won't prompt for MFA.
    hide_password_reset bool
    defines if password reset link should be shown in the login screen
    idps Sequence[str]
    allowed idps to login or register
    ignore_unknown_usernames bool
    defines if unknown username on login screen directly return an error or always display the password screen
    mfa_init_skip_lifetime str
    multi_factor_check_lifetime str
    multi_factors Sequence[str]
    allowed multi factors
    org_id str
    ID of the organization
    password_check_lifetime str
    passwordless_type str
    defines if passwordless is allowed for users
    second_factor_check_lifetime str
    second_factors Sequence[str]
    allowed second factors
    user_login bool
    defines if a user is allowed to login with his username and password
    allowDomainDiscovery Boolean
    if set to true, the suffix (@domain.com) of an unknown username input on the login screen will be matched against the org domains and will redirect to the registration of that organisation on success.
    allowExternalIdp Boolean
    defines if a user is allowed to add a defined identity provider. E.g. Google auth
    allowRegister Boolean
    defines if a person is allowed to register a user on this organisation
    defaultRedirectUri String
    defines where the user will be redirected to if the login is started without app context (e.g. from mail)
    disableLoginWithEmail Boolean
    defines if user can additionally (to the loginname) be identified by their verified email address
    disableLoginWithPhone Boolean
    defines if user can additionally (to the loginname) be identified by their verified phone number
    externalLoginCheckLifetime String
    forceMfa Boolean
    defines if a user MUST use a multi factor to log in
    forceMfaLocalOnly Boolean
    if activated, ZITADEL only enforces MFA on local authentications. On authentications through MFA, ZITADEL won't prompt for MFA.
    hidePasswordReset Boolean
    defines if password reset link should be shown in the login screen
    idps List<String>
    allowed idps to login or register
    ignoreUnknownUsernames Boolean
    defines if unknown username on login screen directly return an error or always display the password screen
    mfaInitSkipLifetime String
    multiFactorCheckLifetime String
    multiFactors List<String>
    allowed multi factors
    orgId String
    ID of the organization
    passwordCheckLifetime String
    passwordlessType String
    defines if passwordless is allowed for users
    secondFactorCheckLifetime String
    secondFactors List<String>
    allowed second factors
    userLogin Boolean
    defines if a user is allowed to login with his username and password

    Import

    terraform The resource can be imported using the ID format <[org_id]>, e.g.

     $ pulumi import zitadel:index/loginPolicy:LoginPolicy imported '123456789012345678'
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    zitadel pulumiverse/pulumi-zitadel
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the zitadel Terraform Provider.
    zitadel logo
    zitadel v0.1.8 published on Thursday, May 30, 2024 by pulumiverse