Auth0 v3.8.3 published on Wednesday, Nov 6, 2024 by Pulumi
auth0.getTenant
Explore with Pulumi AI
Use this data source to access information about the tenant this provider is configured to access.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";
const myTenant = auth0.getTenant({});
import pulumi
import pulumi_auth0 as auth0
my_tenant = auth0.get_tenant()
package main
import (
"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := auth0.LookupTenant(ctx, map[string]interface{}{}, nil)
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Auth0 = Pulumi.Auth0;
return await Deployment.RunAsync(() =>
{
var myTenant = Auth0.GetTenant.Invoke();
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Auth0Functions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var myTenant = Auth0Functions.getTenant();
}
}
variables:
myTenant:
fn::invoke:
Function: auth0:getTenant
Arguments: {}
Using getTenant
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getTenant(opts?: InvokeOptions): Promise<GetTenantResult>
function getTenantOutput(opts?: InvokeOptions): Output<GetTenantResult>
def get_tenant(opts: Optional[InvokeOptions] = None) -> GetTenantResult
def get_tenant_output(opts: Optional[InvokeOptions] = None) -> Output[GetTenantResult]
func LookupTenant(ctx *Context, opts ...InvokeOption) (*LookupTenantResult, error)
func LookupTenantOutput(ctx *Context, opts ...InvokeOption) LookupTenantResultOutput
> Note: This function is named LookupTenant
in the Go SDK.
public static class GetTenant
{
public static Task<GetTenantResult> InvokeAsync(InvokeOptions? opts = null)
public static Output<GetTenantResult> Invoke(InvokeOptions? opts = null)
}
public static CompletableFuture<GetTenantResult> getTenant(InvokeOptions options)
// Output-based functions aren't available in Java yet
fn::invoke:
function: auth0:index/getTenant:getTenant
arguments:
# arguments dictionary
getTenant Result
The following output properties are available:
- Acr
Values List<string>Supporteds - List of supported ACR values.
- Allow
Organization boolName In Authentication Api - Whether to accept an organization name instead of an ID on auth endpoints.
- Allowed
Logout List<string>Urls - URLs that Auth0 may redirect to after logout.
- Customize
Mfa boolIn Postlogin Action - Whether to enable flexible factors for MFA in the PostLogin action.
- Default
Audience string - API Audience to use by default for API Authorization flows. This setting is equivalent to appending the audience to every authorization request made to the tenant for every application.
- Default
Directory string - Name of the connection to be used for Password Grant exchanges. Options include
auth0-adldap
,ad
,auth0
,email
,sms
,waad
, andadfs
. - Default
Redirection stringUri - The default absolute redirection URI. Must be HTTPS or an empty string.
- Disable
Acr boolValues Supported - Disable list of supported ACR values.
- Domain string
- Your Auth0 domain name.
- Enabled
Locales List<string> - Supported locales for the user interface. The first locale in the list will be used to set the default locale.
- Flags
List<Get
Tenant Flag> - Configuration settings for tenant flags.
- Friendly
Name string - Friendly name for the tenant.
- Id string
- The provider-assigned unique ID for this managed resource.
- Idle
Session doubleLifetime - Number of hours during which a session can be inactive before the user must log in again.
- Management
Api stringIdentifier - The identifier value of the built-in Management API resource server, which can be used as an audience when configuring client grants.
- Mtls
List<Get
Tenant Mtl> - Configuration for mTLS.
- Picture
Url string - URL of logo to be shown for the tenant. Recommended size is 150px x 150px. If no URL is provided, the Auth0 logo will be used.
- bool
- Enable pushed authorization requests.
- Sandbox
Version string - Selected sandbox version for the extensibility environment, which allows you to use custom scripts to extend parts of Auth0's functionality.
- List<Get
Tenant Session Cooky> - Alters behavior of tenant's session cookie. Contains a single
mode
property. - Session
Lifetime double - Number of hours during which a session will stay valid.
- Sessions
List<Get
Tenant Session> - Sessions related settings for the tenant.
- Support
Email string - Support email address for authenticating users.
- Support
Url string - Support URL for authenticating users.
- Acr
Values []stringSupporteds - List of supported ACR values.
- Allow
Organization boolName In Authentication Api - Whether to accept an organization name instead of an ID on auth endpoints.
- Allowed
Logout []stringUrls - URLs that Auth0 may redirect to after logout.
- Customize
Mfa boolIn Postlogin Action - Whether to enable flexible factors for MFA in the PostLogin action.
- Default
Audience string - API Audience to use by default for API Authorization flows. This setting is equivalent to appending the audience to every authorization request made to the tenant for every application.
- Default
Directory string - Name of the connection to be used for Password Grant exchanges. Options include
auth0-adldap
,ad
,auth0
,email
,sms
,waad
, andadfs
. - Default
Redirection stringUri - The default absolute redirection URI. Must be HTTPS or an empty string.
- Disable
Acr boolValues Supported - Disable list of supported ACR values.
- Domain string
- Your Auth0 domain name.
- Enabled
Locales []string - Supported locales for the user interface. The first locale in the list will be used to set the default locale.
- Flags
[]Get
Tenant Flag - Configuration settings for tenant flags.
- Friendly
Name string - Friendly name for the tenant.
- Id string
- The provider-assigned unique ID for this managed resource.
- Idle
Session float64Lifetime - Number of hours during which a session can be inactive before the user must log in again.
- Management
Api stringIdentifier - The identifier value of the built-in Management API resource server, which can be used as an audience when configuring client grants.
- Mtls
[]Get
Tenant Mtl - Configuration for mTLS.
- Picture
Url string - URL of logo to be shown for the tenant. Recommended size is 150px x 150px. If no URL is provided, the Auth0 logo will be used.
- bool
- Enable pushed authorization requests.
- Sandbox
Version string - Selected sandbox version for the extensibility environment, which allows you to use custom scripts to extend parts of Auth0's functionality.
- []Get
Tenant Session Cooky - Alters behavior of tenant's session cookie. Contains a single
mode
property. - Session
Lifetime float64 - Number of hours during which a session will stay valid.
- Sessions
[]Get
Tenant Session - Sessions related settings for the tenant.
- Support
Email string - Support email address for authenticating users.
- Support
Url string - Support URL for authenticating users.
- acr
Values List<String>Supporteds - List of supported ACR values.
- allow
Organization BooleanName In Authentication Api - Whether to accept an organization name instead of an ID on auth endpoints.
- allowed
Logout List<String>Urls - URLs that Auth0 may redirect to after logout.
- customize
Mfa BooleanIn Postlogin Action - Whether to enable flexible factors for MFA in the PostLogin action.
- default
Audience String - API Audience to use by default for API Authorization flows. This setting is equivalent to appending the audience to every authorization request made to the tenant for every application.
- default
Directory String - Name of the connection to be used for Password Grant exchanges. Options include
auth0-adldap
,ad
,auth0
,email
,sms
,waad
, andadfs
. - default
Redirection StringUri - The default absolute redirection URI. Must be HTTPS or an empty string.
- disable
Acr BooleanValues Supported - Disable list of supported ACR values.
- domain String
- Your Auth0 domain name.
- enabled
Locales List<String> - Supported locales for the user interface. The first locale in the list will be used to set the default locale.
- flags
List<Get
Tenant Flag> - Configuration settings for tenant flags.
- friendly
Name String - Friendly name for the tenant.
- id String
- The provider-assigned unique ID for this managed resource.
- idle
Session DoubleLifetime - Number of hours during which a session can be inactive before the user must log in again.
- management
Api StringIdentifier - The identifier value of the built-in Management API resource server, which can be used as an audience when configuring client grants.
- mtls
List<Get
Tenant Mtl> - Configuration for mTLS.
- picture
Url String - URL of logo to be shown for the tenant. Recommended size is 150px x 150px. If no URL is provided, the Auth0 logo will be used.
- Boolean
- Enable pushed authorization requests.
- sandbox
Version String - Selected sandbox version for the extensibility environment, which allows you to use custom scripts to extend parts of Auth0's functionality.
- List<Get
Tenant Session Cooky> - Alters behavior of tenant's session cookie. Contains a single
mode
property. - session
Lifetime Double - Number of hours during which a session will stay valid.
- sessions
List<Get
Tenant Session> - Sessions related settings for the tenant.
- support
Email String - Support email address for authenticating users.
- support
Url String - Support URL for authenticating users.
- acr
Values string[]Supporteds - List of supported ACR values.
- allow
Organization booleanName In Authentication Api - Whether to accept an organization name instead of an ID on auth endpoints.
- allowed
Logout string[]Urls - URLs that Auth0 may redirect to after logout.
- customize
Mfa booleanIn Postlogin Action - Whether to enable flexible factors for MFA in the PostLogin action.
- default
Audience string - API Audience to use by default for API Authorization flows. This setting is equivalent to appending the audience to every authorization request made to the tenant for every application.
- default
Directory string - Name of the connection to be used for Password Grant exchanges. Options include
auth0-adldap
,ad
,auth0
,email
,sms
,waad
, andadfs
. - default
Redirection stringUri - The default absolute redirection URI. Must be HTTPS or an empty string.
- disable
Acr booleanValues Supported - Disable list of supported ACR values.
- domain string
- Your Auth0 domain name.
- enabled
Locales string[] - Supported locales for the user interface. The first locale in the list will be used to set the default locale.
- flags
Get
Tenant Flag[] - Configuration settings for tenant flags.
- friendly
Name string - Friendly name for the tenant.
- id string
- The provider-assigned unique ID for this managed resource.
- idle
Session numberLifetime - Number of hours during which a session can be inactive before the user must log in again.
- management
Api stringIdentifier - The identifier value of the built-in Management API resource server, which can be used as an audience when configuring client grants.
- mtls
Get
Tenant Mtl[] - Configuration for mTLS.
- picture
Url string - URL of logo to be shown for the tenant. Recommended size is 150px x 150px. If no URL is provided, the Auth0 logo will be used.
- boolean
- Enable pushed authorization requests.
- sandbox
Version string - Selected sandbox version for the extensibility environment, which allows you to use custom scripts to extend parts of Auth0's functionality.
- Get
Tenant Session Cooky[] - Alters behavior of tenant's session cookie. Contains a single
mode
property. - session
Lifetime number - Number of hours during which a session will stay valid.
- sessions
Get
Tenant Session[] - Sessions related settings for the tenant.
- support
Email string - Support email address for authenticating users.
- support
Url string - Support URL for authenticating users.
- acr_
values_ Sequence[str]supporteds - List of supported ACR values.
- allow_
organization_ boolname_ in_ authentication_ api - Whether to accept an organization name instead of an ID on auth endpoints.
- allowed_
logout_ Sequence[str]urls - URLs that Auth0 may redirect to after logout.
- customize_
mfa_ boolin_ postlogin_ action - Whether to enable flexible factors for MFA in the PostLogin action.
- default_
audience str - API Audience to use by default for API Authorization flows. This setting is equivalent to appending the audience to every authorization request made to the tenant for every application.
- default_
directory str - Name of the connection to be used for Password Grant exchanges. Options include
auth0-adldap
,ad
,auth0
,email
,sms
,waad
, andadfs
. - default_
redirection_ struri - The default absolute redirection URI. Must be HTTPS or an empty string.
- disable_
acr_ boolvalues_ supported - Disable list of supported ACR values.
- domain str
- Your Auth0 domain name.
- enabled_
locales Sequence[str] - Supported locales for the user interface. The first locale in the list will be used to set the default locale.
- flags
Sequence[Get
Tenant Flag] - Configuration settings for tenant flags.
- friendly_
name str - Friendly name for the tenant.
- id str
- The provider-assigned unique ID for this managed resource.
- idle_
session_ floatlifetime - Number of hours during which a session can be inactive before the user must log in again.
- management_
api_ stridentifier - The identifier value of the built-in Management API resource server, which can be used as an audience when configuring client grants.
- mtls
Sequence[Get
Tenant Mtl] - Configuration for mTLS.
- picture_
url str - URL of logo to be shown for the tenant. Recommended size is 150px x 150px. If no URL is provided, the Auth0 logo will be used.
- bool
- Enable pushed authorization requests.
- sandbox_
version str - Selected sandbox version for the extensibility environment, which allows you to use custom scripts to extend parts of Auth0's functionality.
- Sequence[Get
Tenant Session Cooky] - Alters behavior of tenant's session cookie. Contains a single
mode
property. - session_
lifetime float - Number of hours during which a session will stay valid.
- sessions
Sequence[Get
Tenant Session] - Sessions related settings for the tenant.
- support_
email str - Support email address for authenticating users.
- support_
url str - Support URL for authenticating users.
- acr
Values List<String>Supporteds - List of supported ACR values.
- allow
Organization BooleanName In Authentication Api - Whether to accept an organization name instead of an ID on auth endpoints.
- allowed
Logout List<String>Urls - URLs that Auth0 may redirect to after logout.
- customize
Mfa BooleanIn Postlogin Action - Whether to enable flexible factors for MFA in the PostLogin action.
- default
Audience String - API Audience to use by default for API Authorization flows. This setting is equivalent to appending the audience to every authorization request made to the tenant for every application.
- default
Directory String - Name of the connection to be used for Password Grant exchanges. Options include
auth0-adldap
,ad
,auth0
,email
,sms
,waad
, andadfs
. - default
Redirection StringUri - The default absolute redirection URI. Must be HTTPS or an empty string.
- disable
Acr BooleanValues Supported - Disable list of supported ACR values.
- domain String
- Your Auth0 domain name.
- enabled
Locales List<String> - Supported locales for the user interface. The first locale in the list will be used to set the default locale.
- flags List<Property Map>
- Configuration settings for tenant flags.
- friendly
Name String - Friendly name for the tenant.
- id String
- The provider-assigned unique ID for this managed resource.
- idle
Session NumberLifetime - Number of hours during which a session can be inactive before the user must log in again.
- management
Api StringIdentifier - The identifier value of the built-in Management API resource server, which can be used as an audience when configuring client grants.
- mtls List<Property Map>
- Configuration for mTLS.
- picture
Url String - URL of logo to be shown for the tenant. Recommended size is 150px x 150px. If no URL is provided, the Auth0 logo will be used.
- Boolean
- Enable pushed authorization requests.
- sandbox
Version String - Selected sandbox version for the extensibility environment, which allows you to use custom scripts to extend parts of Auth0's functionality.
- List<Property Map>
- Alters behavior of tenant's session cookie. Contains a single
mode
property. - session
Lifetime Number - Number of hours during which a session will stay valid.
- sessions List<Property Map>
- Sessions related settings for the tenant.
- support
Email String - Support email address for authenticating users.
- support
Url String - Support URL for authenticating users.
Supporting Types
GetTenantFlag
- Allow
Legacy boolDelegation Grant Types - Whether the legacy delegation endpoint will be enabled for your account (true) or not available (false).
- Allow
Legacy boolRo Grant Types - Whether the legacy
auth/ro
endpoint (used with resource owner password and passwordless features) will be enabled for your account (true) or not available (false). - Allow
Legacy boolTokeninfo Endpoint - If enabled, customers can use Tokeninfo Endpoint, otherwise they can not use it.
- Dashboard
Insights boolView - Enables new insights activity page view.
- Dashboard
Log boolStreams Next - Enables beta access to log streaming changes.
- Disable
Clickjack boolProtection Headers - Indicates whether classic Universal Login prompts include additional security headers to prevent clickjacking.
- Disable
Fields boolMap Fix - Disables SAML fields map fix for bad mappings with repeated attributes.
- Disable
Management boolApi Sms Obfuscation - If true, SMS phone numbers will not be obfuscated in Management API GET calls.
- Enable
Adfs boolWaad Email Verification - If enabled, users will be presented with an email verification prompt during their first login when using Azure AD or ADFS connections.
- Enable
Apis boolSection - Indicates whether the APIs section is enabled for the tenant.
- Enable
Client boolConnections - Indicates whether all current connections should be enabled when a new client is created.
- Enable
Custom boolDomain In Emails - Indicates whether the tenant allows custom domains in emails. Before enabling this flag, you must have a custom domain with status:
ready
. - Enable
Dynamic boolClient Registration - Indicates whether the tenant allows dynamic client registration.
- Enable
Idtoken boolApi2 - Whether ID tokens can be used to authorize some types of requests to API v2 (true) or not (false).
- Enable
Legacy boolLogs Search V2 - Indicates whether to use the older v2 legacy logs search.
- Enable
Legacy boolProfile - Whether ID tokens and the userinfo endpoint includes a complete user profile (true) or only OpenID Connect claims (false).
- Enable
Pipeline2 bool - Indicates whether advanced API Authorization scenarios are enabled.
- Enable
Public boolSignup User Exists Error - Indicates whether the public sign up process shows a
user_exists
error if the user already exists. - Enable
Sso bool - Flag indicating whether users will not be prompted to confirm log in before SSO redirection. This flag applies to existing tenants only; new tenants have it enforced as true.
- Mfa
Show boolFactor List On Enrollment - Used to allow users to pick which factor to enroll with from the list of available MFA factors.
- No
Disclose boolEnterprise Connections - Do not Publish Enterprise Connections Information with IdP domains on the lock configuration file.
- Remove
Alg boolFrom Jwks - Remove
alg
from jwks(JSON Web Key Sets). - bool
- This Flag is not supported by the Auth0 Management API and will be removed in the next major release.
- Revoke
Refresh boolToken Grant - Delete underlying grant when a refresh token is revoked via the Authentication API.
- Use
Scope boolDescriptions For Consent - Indicates whether to use scope descriptions for consent.
- Allow
Legacy boolDelegation Grant Types - Whether the legacy delegation endpoint will be enabled for your account (true) or not available (false).
- Allow
Legacy boolRo Grant Types - Whether the legacy
auth/ro
endpoint (used with resource owner password and passwordless features) will be enabled for your account (true) or not available (false). - Allow
Legacy boolTokeninfo Endpoint - If enabled, customers can use Tokeninfo Endpoint, otherwise they can not use it.
- Dashboard
Insights boolView - Enables new insights activity page view.
- Dashboard
Log boolStreams Next - Enables beta access to log streaming changes.
- Disable
Clickjack boolProtection Headers - Indicates whether classic Universal Login prompts include additional security headers to prevent clickjacking.
- Disable
Fields boolMap Fix - Disables SAML fields map fix for bad mappings with repeated attributes.
- Disable
Management boolApi Sms Obfuscation - If true, SMS phone numbers will not be obfuscated in Management API GET calls.
- Enable
Adfs boolWaad Email Verification - If enabled, users will be presented with an email verification prompt during their first login when using Azure AD or ADFS connections.
- Enable
Apis boolSection - Indicates whether the APIs section is enabled for the tenant.
- Enable
Client boolConnections - Indicates whether all current connections should be enabled when a new client is created.
- Enable
Custom boolDomain In Emails - Indicates whether the tenant allows custom domains in emails. Before enabling this flag, you must have a custom domain with status:
ready
. - Enable
Dynamic boolClient Registration - Indicates whether the tenant allows dynamic client registration.
- Enable
Idtoken boolApi2 - Whether ID tokens can be used to authorize some types of requests to API v2 (true) or not (false).
- Enable
Legacy boolLogs Search V2 - Indicates whether to use the older v2 legacy logs search.
- Enable
Legacy boolProfile - Whether ID tokens and the userinfo endpoint includes a complete user profile (true) or only OpenID Connect claims (false).
- Enable
Pipeline2 bool - Indicates whether advanced API Authorization scenarios are enabled.
- Enable
Public boolSignup User Exists Error - Indicates whether the public sign up process shows a
user_exists
error if the user already exists. - Enable
Sso bool - Flag indicating whether users will not be prompted to confirm log in before SSO redirection. This flag applies to existing tenants only; new tenants have it enforced as true.
- Mfa
Show boolFactor List On Enrollment - Used to allow users to pick which factor to enroll with from the list of available MFA factors.
- No
Disclose boolEnterprise Connections - Do not Publish Enterprise Connections Information with IdP domains on the lock configuration file.
- Remove
Alg boolFrom Jwks - Remove
alg
from jwks(JSON Web Key Sets). - bool
- This Flag is not supported by the Auth0 Management API and will be removed in the next major release.
- Revoke
Refresh boolToken Grant - Delete underlying grant when a refresh token is revoked via the Authentication API.
- Use
Scope boolDescriptions For Consent - Indicates whether to use scope descriptions for consent.
- allow
Legacy BooleanDelegation Grant Types - Whether the legacy delegation endpoint will be enabled for your account (true) or not available (false).
- allow
Legacy BooleanRo Grant Types - Whether the legacy
auth/ro
endpoint (used with resource owner password and passwordless features) will be enabled for your account (true) or not available (false). - allow
Legacy BooleanTokeninfo Endpoint - If enabled, customers can use Tokeninfo Endpoint, otherwise they can not use it.
- dashboard
Insights BooleanView - Enables new insights activity page view.
- dashboard
Log BooleanStreams Next - Enables beta access to log streaming changes.
- disable
Clickjack BooleanProtection Headers - Indicates whether classic Universal Login prompts include additional security headers to prevent clickjacking.
- disable
Fields BooleanMap Fix - Disables SAML fields map fix for bad mappings with repeated attributes.
- disable
Management BooleanApi Sms Obfuscation - If true, SMS phone numbers will not be obfuscated in Management API GET calls.
- enable
Adfs BooleanWaad Email Verification - If enabled, users will be presented with an email verification prompt during their first login when using Azure AD or ADFS connections.
- enable
Apis BooleanSection - Indicates whether the APIs section is enabled for the tenant.
- enable
Client BooleanConnections - Indicates whether all current connections should be enabled when a new client is created.
- enable
Custom BooleanDomain In Emails - Indicates whether the tenant allows custom domains in emails. Before enabling this flag, you must have a custom domain with status:
ready
. - enable
Dynamic BooleanClient Registration - Indicates whether the tenant allows dynamic client registration.
- enable
Idtoken BooleanApi2 - Whether ID tokens can be used to authorize some types of requests to API v2 (true) or not (false).
- enable
Legacy BooleanLogs Search V2 - Indicates whether to use the older v2 legacy logs search.
- enable
Legacy BooleanProfile - Whether ID tokens and the userinfo endpoint includes a complete user profile (true) or only OpenID Connect claims (false).
- enable
Pipeline2 Boolean - Indicates whether advanced API Authorization scenarios are enabled.
- enable
Public BooleanSignup User Exists Error - Indicates whether the public sign up process shows a
user_exists
error if the user already exists. - enable
Sso Boolean - Flag indicating whether users will not be prompted to confirm log in before SSO redirection. This flag applies to existing tenants only; new tenants have it enforced as true.
- mfa
Show BooleanFactor List On Enrollment - Used to allow users to pick which factor to enroll with from the list of available MFA factors.
- no
Disclose BooleanEnterprise Connections - Do not Publish Enterprise Connections Information with IdP domains on the lock configuration file.
- remove
Alg BooleanFrom Jwks - Remove
alg
from jwks(JSON Web Key Sets). - Boolean
- This Flag is not supported by the Auth0 Management API and will be removed in the next major release.
- revoke
Refresh BooleanToken Grant - Delete underlying grant when a refresh token is revoked via the Authentication API.
- use
Scope BooleanDescriptions For Consent - Indicates whether to use scope descriptions for consent.
- allow
Legacy booleanDelegation Grant Types - Whether the legacy delegation endpoint will be enabled for your account (true) or not available (false).
- allow
Legacy booleanRo Grant Types - Whether the legacy
auth/ro
endpoint (used with resource owner password and passwordless features) will be enabled for your account (true) or not available (false). - allow
Legacy booleanTokeninfo Endpoint - If enabled, customers can use Tokeninfo Endpoint, otherwise they can not use it.
- dashboard
Insights booleanView - Enables new insights activity page view.
- dashboard
Log booleanStreams Next - Enables beta access to log streaming changes.
- disable
Clickjack booleanProtection Headers - Indicates whether classic Universal Login prompts include additional security headers to prevent clickjacking.
- disable
Fields booleanMap Fix - Disables SAML fields map fix for bad mappings with repeated attributes.
- disable
Management booleanApi Sms Obfuscation - If true, SMS phone numbers will not be obfuscated in Management API GET calls.
- enable
Adfs booleanWaad Email Verification - If enabled, users will be presented with an email verification prompt during their first login when using Azure AD or ADFS connections.
- enable
Apis booleanSection - Indicates whether the APIs section is enabled for the tenant.
- enable
Client booleanConnections - Indicates whether all current connections should be enabled when a new client is created.
- enable
Custom booleanDomain In Emails - Indicates whether the tenant allows custom domains in emails. Before enabling this flag, you must have a custom domain with status:
ready
. - enable
Dynamic booleanClient Registration - Indicates whether the tenant allows dynamic client registration.
- enable
Idtoken booleanApi2 - Whether ID tokens can be used to authorize some types of requests to API v2 (true) or not (false).
- enable
Legacy booleanLogs Search V2 - Indicates whether to use the older v2 legacy logs search.
- enable
Legacy booleanProfile - Whether ID tokens and the userinfo endpoint includes a complete user profile (true) or only OpenID Connect claims (false).
- enable
Pipeline2 boolean - Indicates whether advanced API Authorization scenarios are enabled.
- enable
Public booleanSignup User Exists Error - Indicates whether the public sign up process shows a
user_exists
error if the user already exists. - enable
Sso boolean - Flag indicating whether users will not be prompted to confirm log in before SSO redirection. This flag applies to existing tenants only; new tenants have it enforced as true.
- mfa
Show booleanFactor List On Enrollment - Used to allow users to pick which factor to enroll with from the list of available MFA factors.
- no
Disclose booleanEnterprise Connections - Do not Publish Enterprise Connections Information with IdP domains on the lock configuration file.
- remove
Alg booleanFrom Jwks - Remove
alg
from jwks(JSON Web Key Sets). - boolean
- This Flag is not supported by the Auth0 Management API and will be removed in the next major release.
- revoke
Refresh booleanToken Grant - Delete underlying grant when a refresh token is revoked via the Authentication API.
- use
Scope booleanDescriptions For Consent - Indicates whether to use scope descriptions for consent.
- allow_
legacy_ booldelegation_ grant_ types - Whether the legacy delegation endpoint will be enabled for your account (true) or not available (false).
- allow_
legacy_ boolro_ grant_ types - Whether the legacy
auth/ro
endpoint (used with resource owner password and passwordless features) will be enabled for your account (true) or not available (false). - allow_
legacy_ booltokeninfo_ endpoint - If enabled, customers can use Tokeninfo Endpoint, otherwise they can not use it.
- dashboard_
insights_ boolview - Enables new insights activity page view.
- dashboard_
log_ boolstreams_ next - Enables beta access to log streaming changes.
- disable_
clickjack_ boolprotection_ headers - Indicates whether classic Universal Login prompts include additional security headers to prevent clickjacking.
- disable_
fields_ boolmap_ fix - Disables SAML fields map fix for bad mappings with repeated attributes.
- disable_
management_ boolapi_ sms_ obfuscation - If true, SMS phone numbers will not be obfuscated in Management API GET calls.
- enable_
adfs_ boolwaad_ email_ verification - If enabled, users will be presented with an email verification prompt during their first login when using Azure AD or ADFS connections.
- enable_
apis_ boolsection - Indicates whether the APIs section is enabled for the tenant.
- enable_
client_ boolconnections - Indicates whether all current connections should be enabled when a new client is created.
- enable_
custom_ booldomain_ in_ emails - Indicates whether the tenant allows custom domains in emails. Before enabling this flag, you must have a custom domain with status:
ready
. - enable_
dynamic_ boolclient_ registration - Indicates whether the tenant allows dynamic client registration.
- enable_
idtoken_ boolapi2 - Whether ID tokens can be used to authorize some types of requests to API v2 (true) or not (false).
- enable_
legacy_ boollogs_ search_ v2 - Indicates whether to use the older v2 legacy logs search.
- enable_
legacy_ boolprofile - Whether ID tokens and the userinfo endpoint includes a complete user profile (true) or only OpenID Connect claims (false).
- enable_
pipeline2 bool - Indicates whether advanced API Authorization scenarios are enabled.
- enable_
public_ boolsignup_ user_ exists_ error - Indicates whether the public sign up process shows a
user_exists
error if the user already exists. - enable_
sso bool - Flag indicating whether users will not be prompted to confirm log in before SSO redirection. This flag applies to existing tenants only; new tenants have it enforced as true.
- mfa_
show_ boolfactor_ list_ on_ enrollment - Used to allow users to pick which factor to enroll with from the list of available MFA factors.
- no_
disclose_ boolenterprise_ connections - Do not Publish Enterprise Connections Information with IdP domains on the lock configuration file.
- remove_
alg_ boolfrom_ jwks - Remove
alg
from jwks(JSON Web Key Sets). - bool
- This Flag is not supported by the Auth0 Management API and will be removed in the next major release.
- revoke_
refresh_ booltoken_ grant - Delete underlying grant when a refresh token is revoked via the Authentication API.
- use_
scope_ booldescriptions_ for_ consent - Indicates whether to use scope descriptions for consent.
- allow
Legacy BooleanDelegation Grant Types - Whether the legacy delegation endpoint will be enabled for your account (true) or not available (false).
- allow
Legacy BooleanRo Grant Types - Whether the legacy
auth/ro
endpoint (used with resource owner password and passwordless features) will be enabled for your account (true) or not available (false). - allow
Legacy BooleanTokeninfo Endpoint - If enabled, customers can use Tokeninfo Endpoint, otherwise they can not use it.
- dashboard
Insights BooleanView - Enables new insights activity page view.
- dashboard
Log BooleanStreams Next - Enables beta access to log streaming changes.
- disable
Clickjack BooleanProtection Headers - Indicates whether classic Universal Login prompts include additional security headers to prevent clickjacking.
- disable
Fields BooleanMap Fix - Disables SAML fields map fix for bad mappings with repeated attributes.
- disable
Management BooleanApi Sms Obfuscation - If true, SMS phone numbers will not be obfuscated in Management API GET calls.
- enable
Adfs BooleanWaad Email Verification - If enabled, users will be presented with an email verification prompt during their first login when using Azure AD or ADFS connections.
- enable
Apis BooleanSection - Indicates whether the APIs section is enabled for the tenant.
- enable
Client BooleanConnections - Indicates whether all current connections should be enabled when a new client is created.
- enable
Custom BooleanDomain In Emails - Indicates whether the tenant allows custom domains in emails. Before enabling this flag, you must have a custom domain with status:
ready
. - enable
Dynamic BooleanClient Registration - Indicates whether the tenant allows dynamic client registration.
- enable
Idtoken BooleanApi2 - Whether ID tokens can be used to authorize some types of requests to API v2 (true) or not (false).
- enable
Legacy BooleanLogs Search V2 - Indicates whether to use the older v2 legacy logs search.
- enable
Legacy BooleanProfile - Whether ID tokens and the userinfo endpoint includes a complete user profile (true) or only OpenID Connect claims (false).
- enable
Pipeline2 Boolean - Indicates whether advanced API Authorization scenarios are enabled.
- enable
Public BooleanSignup User Exists Error - Indicates whether the public sign up process shows a
user_exists
error if the user already exists. - enable
Sso Boolean - Flag indicating whether users will not be prompted to confirm log in before SSO redirection. This flag applies to existing tenants only; new tenants have it enforced as true.
- mfa
Show BooleanFactor List On Enrollment - Used to allow users to pick which factor to enroll with from the list of available MFA factors.
- no
Disclose BooleanEnterprise Connections - Do not Publish Enterprise Connections Information with IdP domains on the lock configuration file.
- remove
Alg BooleanFrom Jwks - Remove
alg
from jwks(JSON Web Key Sets). - Boolean
- This Flag is not supported by the Auth0 Management API and will be removed in the next major release.
- revoke
Refresh BooleanToken Grant - Delete underlying grant when a refresh token is revoked via the Authentication API.
- use
Scope BooleanDescriptions For Consent - Indicates whether to use scope descriptions for consent.
GetTenantMtl
- Disable bool
- Disable mTLS settings.
- Enable
Endpoint boolAliases - Enable mTLS endpoint aliases.
- Disable bool
- Disable mTLS settings.
- Enable
Endpoint boolAliases - Enable mTLS endpoint aliases.
- disable Boolean
- Disable mTLS settings.
- enable
Endpoint BooleanAliases - Enable mTLS endpoint aliases.
- disable boolean
- Disable mTLS settings.
- enable
Endpoint booleanAliases - Enable mTLS endpoint aliases.
- disable bool
- Disable mTLS settings.
- enable_
endpoint_ boolaliases - Enable mTLS endpoint aliases.
- disable Boolean
- Disable mTLS settings.
- enable
Endpoint BooleanAliases - Enable mTLS endpoint aliases.
GetTenantSession
- Oidc
Logout boolPrompt Enabled - When active, users will be presented with a consent prompt to confirm the logout request if the request is not trustworthy. Turn off the consent prompt to bypass user confirmation.
- Oidc
Logout boolPrompt Enabled - When active, users will be presented with a consent prompt to confirm the logout request if the request is not trustworthy. Turn off the consent prompt to bypass user confirmation.
- oidc
Logout BooleanPrompt Enabled - When active, users will be presented with a consent prompt to confirm the logout request if the request is not trustworthy. Turn off the consent prompt to bypass user confirmation.
- oidc
Logout booleanPrompt Enabled - When active, users will be presented with a consent prompt to confirm the logout request if the request is not trustworthy. Turn off the consent prompt to bypass user confirmation.
- oidc_
logout_ boolprompt_ enabled - When active, users will be presented with a consent prompt to confirm the logout request if the request is not trustworthy. Turn off the consent prompt to bypass user confirmation.
- oidc
Logout BooleanPrompt Enabled - When active, users will be presented with a consent prompt to confirm the logout request if the request is not trustworthy. Turn off the consent prompt to bypass user confirmation.
GetTenantSessionCooky
- Mode string
- Behavior of tenant session cookie. Accepts either "persistent" or "non-persistent".
- Mode string
- Behavior of tenant session cookie. Accepts either "persistent" or "non-persistent".
- mode String
- Behavior of tenant session cookie. Accepts either "persistent" or "non-persistent".
- mode string
- Behavior of tenant session cookie. Accepts either "persistent" or "non-persistent".
- mode str
- Behavior of tenant session cookie. Accepts either "persistent" or "non-persistent".
- mode String
- Behavior of tenant session cookie. Accepts either "persistent" or "non-persistent".
Package Details
- Repository
- Auth0 pulumi/pulumi-auth0
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
auth0
Terraform Provider.