auth0.Tenant
Explore with Pulumi AI
With this resource, you can manage Auth0 tenants, including setting logos and support contact information, setting error pages, and configuring default tenant behaviors.
Creating tenants through the Management API is not currently supported. Therefore, this resource can only manage an existing tenant created through the Auth0 dashboard.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";
const myTenant = new auth0.Tenant("my_tenant", {
friendlyName: "Tenant Name",
pictureUrl: "http://example.com/logo.png",
supportEmail: "support@example.com",
supportUrl: "http://example.com/support",
allowedLogoutUrls: ["http://example.com/logout"],
sessionLifetime: 8760,
sandboxVersion: "12",
enabledLocales: ["en"],
defaultRedirectionUri: "https://example.com/login",
flags: {
disableClickjackProtectionHeaders: true,
enablePublicSignupUserExistsError: true,
useScopeDescriptionsForConsent: true,
noDiscloseEnterpriseConnections: false,
disableManagementApiSmsObfuscation: false,
disableFieldsMapFix: false,
},
sessionCookie: {
mode: "non-persistent",
},
sessions: {
oidcLogoutPromptEnabled: false,
},
});
import pulumi
import pulumi_auth0 as auth0
my_tenant = auth0.Tenant("my_tenant",
friendly_name="Tenant Name",
picture_url="http://example.com/logo.png",
support_email="support@example.com",
support_url="http://example.com/support",
allowed_logout_urls=["http://example.com/logout"],
session_lifetime=8760,
sandbox_version="12",
enabled_locales=["en"],
default_redirection_uri="https://example.com/login",
flags={
"disable_clickjack_protection_headers": True,
"enable_public_signup_user_exists_error": True,
"use_scope_descriptions_for_consent": True,
"no_disclose_enterprise_connections": False,
"disable_management_api_sms_obfuscation": False,
"disable_fields_map_fix": False,
},
session_cookie={
"mode": "non-persistent",
},
sessions={
"oidc_logout_prompt_enabled": False,
})
package main
import (
"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := auth0.NewTenant(ctx, "my_tenant", &auth0.TenantArgs{
FriendlyName: pulumi.String("Tenant Name"),
PictureUrl: pulumi.String("http://example.com/logo.png"),
SupportEmail: pulumi.String("support@example.com"),
SupportUrl: pulumi.String("http://example.com/support"),
AllowedLogoutUrls: pulumi.StringArray{
pulumi.String("http://example.com/logout"),
},
SessionLifetime: pulumi.Float64(8760),
SandboxVersion: pulumi.String("12"),
EnabledLocales: pulumi.StringArray{
pulumi.String("en"),
},
DefaultRedirectionUri: pulumi.String("https://example.com/login"),
Flags: &auth0.TenantFlagsArgs{
DisableClickjackProtectionHeaders: pulumi.Bool(true),
EnablePublicSignupUserExistsError: pulumi.Bool(true),
UseScopeDescriptionsForConsent: pulumi.Bool(true),
NoDiscloseEnterpriseConnections: pulumi.Bool(false),
DisableManagementApiSmsObfuscation: pulumi.Bool(false),
DisableFieldsMapFix: pulumi.Bool(false),
},
SessionCookie: &auth0.TenantSessionCookieArgs{
Mode: pulumi.String("non-persistent"),
},
Sessions: &auth0.TenantSessionsArgs{
OidcLogoutPromptEnabled: pulumi.Bool(false),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Auth0 = Pulumi.Auth0;
return await Deployment.RunAsync(() =>
{
var myTenant = new Auth0.Tenant("my_tenant", new()
{
FriendlyName = "Tenant Name",
PictureUrl = "http://example.com/logo.png",
SupportEmail = "support@example.com",
SupportUrl = "http://example.com/support",
AllowedLogoutUrls = new[]
{
"http://example.com/logout",
},
SessionLifetime = 8760,
SandboxVersion = "12",
EnabledLocales = new[]
{
"en",
},
DefaultRedirectionUri = "https://example.com/login",
Flags = new Auth0.Inputs.TenantFlagsArgs
{
DisableClickjackProtectionHeaders = true,
EnablePublicSignupUserExistsError = true,
UseScopeDescriptionsForConsent = true,
NoDiscloseEnterpriseConnections = false,
DisableManagementApiSmsObfuscation = false,
DisableFieldsMapFix = false,
},
SessionCookie = new Auth0.Inputs.TenantSessionCookieArgs
{
Mode = "non-persistent",
},
Sessions = new Auth0.Inputs.TenantSessionsArgs
{
OidcLogoutPromptEnabled = false,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Tenant;
import com.pulumi.auth0.TenantArgs;
import com.pulumi.auth0.inputs.TenantFlagsArgs;
import com.pulumi.auth0.inputs.TenantSessionCookieArgs;
import com.pulumi.auth0.inputs.TenantSessionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var myTenant = new Tenant("myTenant", TenantArgs.builder()
.friendlyName("Tenant Name")
.pictureUrl("http://example.com/logo.png")
.supportEmail("support@example.com")
.supportUrl("http://example.com/support")
.allowedLogoutUrls("http://example.com/logout")
.sessionLifetime(8760)
.sandboxVersion("12")
.enabledLocales("en")
.defaultRedirectionUri("https://example.com/login")
.flags(TenantFlagsArgs.builder()
.disableClickjackProtectionHeaders(true)
.enablePublicSignupUserExistsError(true)
.useScopeDescriptionsForConsent(true)
.noDiscloseEnterpriseConnections(false)
.disableManagementApiSmsObfuscation(false)
.disableFieldsMapFix(false)
.build())
.sessionCookie(TenantSessionCookieArgs.builder()
.mode("non-persistent")
.build())
.sessions(TenantSessionsArgs.builder()
.oidcLogoutPromptEnabled(false)
.build())
.build());
}
}
resources:
myTenant:
type: auth0:Tenant
name: my_tenant
properties:
friendlyName: Tenant Name
pictureUrl: http://example.com/logo.png
supportEmail: support@example.com
supportUrl: http://example.com/support
allowedLogoutUrls:
- http://example.com/logout
sessionLifetime: 8760
sandboxVersion: '12'
enabledLocales:
- en
defaultRedirectionUri: https://example.com/login
flags:
disableClickjackProtectionHeaders: true
enablePublicSignupUserExistsError: true
useScopeDescriptionsForConsent: true
noDiscloseEnterpriseConnections: false
disableManagementApiSmsObfuscation: false
disableFieldsMapFix: false
sessionCookie:
mode: non-persistent
sessions:
oidcLogoutPromptEnabled: false
Create Tenant Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Tenant(name: string, args?: TenantArgs, opts?: CustomResourceOptions);
@overload
def Tenant(resource_name: str,
args: Optional[TenantArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def Tenant(resource_name: str,
opts: Optional[ResourceOptions] = None,
acr_values_supporteds: Optional[Sequence[str]] = None,
allow_organization_name_in_authentication_api: Optional[bool] = None,
allowed_logout_urls: Optional[Sequence[str]] = None,
customize_mfa_in_postlogin_action: Optional[bool] = None,
default_audience: Optional[str] = None,
default_directory: Optional[str] = None,
default_redirection_uri: Optional[str] = None,
disable_acr_values_supported: Optional[bool] = None,
enabled_locales: Optional[Sequence[str]] = None,
flags: Optional[TenantFlagsArgs] = None,
friendly_name: Optional[str] = None,
idle_session_lifetime: Optional[float] = None,
mtls: Optional[TenantMtlsArgs] = None,
picture_url: Optional[str] = None,
pushed_authorization_requests_supported: Optional[bool] = None,
sandbox_version: Optional[str] = None,
session_cookie: Optional[TenantSessionCookieArgs] = None,
session_lifetime: Optional[float] = None,
sessions: Optional[TenantSessionsArgs] = None,
support_email: Optional[str] = None,
support_url: Optional[str] = None)
func NewTenant(ctx *Context, name string, args *TenantArgs, opts ...ResourceOption) (*Tenant, error)
public Tenant(string name, TenantArgs? args = null, CustomResourceOptions? opts = null)
public Tenant(String name, TenantArgs args)
public Tenant(String name, TenantArgs args, CustomResourceOptions options)
type: auth0:Tenant
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args TenantArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args TenantArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args TenantArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args TenantArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args TenantArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var tenantResource = new Auth0.Tenant("tenantResource", new()
{
AcrValuesSupporteds = new[]
{
"string",
},
AllowOrganizationNameInAuthenticationApi = false,
AllowedLogoutUrls = new[]
{
"string",
},
CustomizeMfaInPostloginAction = false,
DefaultAudience = "string",
DefaultDirectory = "string",
DefaultRedirectionUri = "string",
DisableAcrValuesSupported = false,
EnabledLocales = new[]
{
"string",
},
Flags = new Auth0.Inputs.TenantFlagsArgs
{
AllowLegacyDelegationGrantTypes = false,
AllowLegacyRoGrantTypes = false,
AllowLegacyTokeninfoEndpoint = false,
DashboardInsightsView = false,
DashboardLogStreamsNext = false,
DisableClickjackProtectionHeaders = false,
DisableFieldsMapFix = false,
DisableManagementApiSmsObfuscation = false,
EnableAdfsWaadEmailVerification = false,
EnableApisSection = false,
EnableClientConnections = false,
EnableCustomDomainInEmails = false,
EnableDynamicClientRegistration = false,
EnableIdtokenApi2 = false,
EnableLegacyLogsSearchV2 = false,
EnableLegacyProfile = false,
EnablePipeline2 = false,
EnablePublicSignupUserExistsError = false,
EnableSso = false,
MfaShowFactorListOnEnrollment = false,
NoDiscloseEnterpriseConnections = false,
RemoveAlgFromJwks = false,
RevokeRefreshTokenGrant = false,
UseScopeDescriptionsForConsent = false,
},
FriendlyName = "string",
IdleSessionLifetime = 0,
Mtls = new Auth0.Inputs.TenantMtlsArgs
{
Disable = false,
EnableEndpointAliases = false,
},
PictureUrl = "string",
PushedAuthorizationRequestsSupported = false,
SandboxVersion = "string",
SessionCookie = new Auth0.Inputs.TenantSessionCookieArgs
{
Mode = "string",
},
SessionLifetime = 0,
Sessions = new Auth0.Inputs.TenantSessionsArgs
{
OidcLogoutPromptEnabled = false,
},
SupportEmail = "string",
SupportUrl = "string",
});
example, err := auth0.NewTenant(ctx, "tenantResource", &auth0.TenantArgs{
AcrValuesSupporteds: pulumi.StringArray{
pulumi.String("string"),
},
AllowOrganizationNameInAuthenticationApi: pulumi.Bool(false),
AllowedLogoutUrls: pulumi.StringArray{
pulumi.String("string"),
},
CustomizeMfaInPostloginAction: pulumi.Bool(false),
DefaultAudience: pulumi.String("string"),
DefaultDirectory: pulumi.String("string"),
DefaultRedirectionUri: pulumi.String("string"),
DisableAcrValuesSupported: pulumi.Bool(false),
EnabledLocales: pulumi.StringArray{
pulumi.String("string"),
},
Flags: &auth0.TenantFlagsArgs{
AllowLegacyDelegationGrantTypes: pulumi.Bool(false),
AllowLegacyRoGrantTypes: pulumi.Bool(false),
AllowLegacyTokeninfoEndpoint: pulumi.Bool(false),
DashboardInsightsView: pulumi.Bool(false),
DashboardLogStreamsNext: pulumi.Bool(false),
DisableClickjackProtectionHeaders: pulumi.Bool(false),
DisableFieldsMapFix: pulumi.Bool(false),
DisableManagementApiSmsObfuscation: pulumi.Bool(false),
EnableAdfsWaadEmailVerification: pulumi.Bool(false),
EnableApisSection: pulumi.Bool(false),
EnableClientConnections: pulumi.Bool(false),
EnableCustomDomainInEmails: pulumi.Bool(false),
EnableDynamicClientRegistration: pulumi.Bool(false),
EnableIdtokenApi2: pulumi.Bool(false),
EnableLegacyLogsSearchV2: pulumi.Bool(false),
EnableLegacyProfile: pulumi.Bool(false),
EnablePipeline2: pulumi.Bool(false),
EnablePublicSignupUserExistsError: pulumi.Bool(false),
EnableSso: pulumi.Bool(false),
MfaShowFactorListOnEnrollment: pulumi.Bool(false),
NoDiscloseEnterpriseConnections: pulumi.Bool(false),
RemoveAlgFromJwks: pulumi.Bool(false),
RevokeRefreshTokenGrant: pulumi.Bool(false),
UseScopeDescriptionsForConsent: pulumi.Bool(false),
},
FriendlyName: pulumi.String("string"),
IdleSessionLifetime: pulumi.Float64(0),
Mtls: &auth0.TenantMtlsArgs{
Disable: pulumi.Bool(false),
EnableEndpointAliases: pulumi.Bool(false),
},
PictureUrl: pulumi.String("string"),
PushedAuthorizationRequestsSupported: pulumi.Bool(false),
SandboxVersion: pulumi.String("string"),
SessionCookie: &auth0.TenantSessionCookieArgs{
Mode: pulumi.String("string"),
},
SessionLifetime: pulumi.Float64(0),
Sessions: &auth0.TenantSessionsArgs{
OidcLogoutPromptEnabled: pulumi.Bool(false),
},
SupportEmail: pulumi.String("string"),
SupportUrl: pulumi.String("string"),
})
var tenantResource = new Tenant("tenantResource", TenantArgs.builder()
.acrValuesSupporteds("string")
.allowOrganizationNameInAuthenticationApi(false)
.allowedLogoutUrls("string")
.customizeMfaInPostloginAction(false)
.defaultAudience("string")
.defaultDirectory("string")
.defaultRedirectionUri("string")
.disableAcrValuesSupported(false)
.enabledLocales("string")
.flags(TenantFlagsArgs.builder()
.allowLegacyDelegationGrantTypes(false)
.allowLegacyRoGrantTypes(false)
.allowLegacyTokeninfoEndpoint(false)
.dashboardInsightsView(false)
.dashboardLogStreamsNext(false)
.disableClickjackProtectionHeaders(false)
.disableFieldsMapFix(false)
.disableManagementApiSmsObfuscation(false)
.enableAdfsWaadEmailVerification(false)
.enableApisSection(false)
.enableClientConnections(false)
.enableCustomDomainInEmails(false)
.enableDynamicClientRegistration(false)
.enableIdtokenApi2(false)
.enableLegacyLogsSearchV2(false)
.enableLegacyProfile(false)
.enablePipeline2(false)
.enablePublicSignupUserExistsError(false)
.enableSso(false)
.mfaShowFactorListOnEnrollment(false)
.noDiscloseEnterpriseConnections(false)
.removeAlgFromJwks(false)
.revokeRefreshTokenGrant(false)
.useScopeDescriptionsForConsent(false)
.build())
.friendlyName("string")
.idleSessionLifetime(0)
.mtls(TenantMtlsArgs.builder()
.disable(false)
.enableEndpointAliases(false)
.build())
.pictureUrl("string")
.pushedAuthorizationRequestsSupported(false)
.sandboxVersion("string")
.sessionCookie(TenantSessionCookieArgs.builder()
.mode("string")
.build())
.sessionLifetime(0)
.sessions(TenantSessionsArgs.builder()
.oidcLogoutPromptEnabled(false)
.build())
.supportEmail("string")
.supportUrl("string")
.build());
tenant_resource = auth0.Tenant("tenantResource",
acr_values_supporteds=["string"],
allow_organization_name_in_authentication_api=False,
allowed_logout_urls=["string"],
customize_mfa_in_postlogin_action=False,
default_audience="string",
default_directory="string",
default_redirection_uri="string",
disable_acr_values_supported=False,
enabled_locales=["string"],
flags={
"allow_legacy_delegation_grant_types": False,
"allow_legacy_ro_grant_types": False,
"allow_legacy_tokeninfo_endpoint": False,
"dashboard_insights_view": False,
"dashboard_log_streams_next": False,
"disable_clickjack_protection_headers": False,
"disable_fields_map_fix": False,
"disable_management_api_sms_obfuscation": False,
"enable_adfs_waad_email_verification": False,
"enable_apis_section": False,
"enable_client_connections": False,
"enable_custom_domain_in_emails": False,
"enable_dynamic_client_registration": False,
"enable_idtoken_api2": False,
"enable_legacy_logs_search_v2": False,
"enable_legacy_profile": False,
"enable_pipeline2": False,
"enable_public_signup_user_exists_error": False,
"enable_sso": False,
"mfa_show_factor_list_on_enrollment": False,
"no_disclose_enterprise_connections": False,
"remove_alg_from_jwks": False,
"revoke_refresh_token_grant": False,
"use_scope_descriptions_for_consent": False,
},
friendly_name="string",
idle_session_lifetime=0,
mtls={
"disable": False,
"enable_endpoint_aliases": False,
},
picture_url="string",
pushed_authorization_requests_supported=False,
sandbox_version="string",
session_cookie={
"mode": "string",
},
session_lifetime=0,
sessions={
"oidc_logout_prompt_enabled": False,
},
support_email="string",
support_url="string")
const tenantResource = new auth0.Tenant("tenantResource", {
acrValuesSupporteds: ["string"],
allowOrganizationNameInAuthenticationApi: false,
allowedLogoutUrls: ["string"],
customizeMfaInPostloginAction: false,
defaultAudience: "string",
defaultDirectory: "string",
defaultRedirectionUri: "string",
disableAcrValuesSupported: false,
enabledLocales: ["string"],
flags: {
allowLegacyDelegationGrantTypes: false,
allowLegacyRoGrantTypes: false,
allowLegacyTokeninfoEndpoint: false,
dashboardInsightsView: false,
dashboardLogStreamsNext: false,
disableClickjackProtectionHeaders: false,
disableFieldsMapFix: false,
disableManagementApiSmsObfuscation: false,
enableAdfsWaadEmailVerification: false,
enableApisSection: false,
enableClientConnections: false,
enableCustomDomainInEmails: false,
enableDynamicClientRegistration: false,
enableIdtokenApi2: false,
enableLegacyLogsSearchV2: false,
enableLegacyProfile: false,
enablePipeline2: false,
enablePublicSignupUserExistsError: false,
enableSso: false,
mfaShowFactorListOnEnrollment: false,
noDiscloseEnterpriseConnections: false,
removeAlgFromJwks: false,
revokeRefreshTokenGrant: false,
useScopeDescriptionsForConsent: false,
},
friendlyName: "string",
idleSessionLifetime: 0,
mtls: {
disable: false,
enableEndpointAliases: false,
},
pictureUrl: "string",
pushedAuthorizationRequestsSupported: false,
sandboxVersion: "string",
sessionCookie: {
mode: "string",
},
sessionLifetime: 0,
sessions: {
oidcLogoutPromptEnabled: false,
},
supportEmail: "string",
supportUrl: "string",
});
type: auth0:Tenant
properties:
acrValuesSupporteds:
- string
allowOrganizationNameInAuthenticationApi: false
allowedLogoutUrls:
- string
customizeMfaInPostloginAction: false
defaultAudience: string
defaultDirectory: string
defaultRedirectionUri: string
disableAcrValuesSupported: false
enabledLocales:
- string
flags:
allowLegacyDelegationGrantTypes: false
allowLegacyRoGrantTypes: false
allowLegacyTokeninfoEndpoint: false
dashboardInsightsView: false
dashboardLogStreamsNext: false
disableClickjackProtectionHeaders: false
disableFieldsMapFix: false
disableManagementApiSmsObfuscation: false
enableAdfsWaadEmailVerification: false
enableApisSection: false
enableClientConnections: false
enableCustomDomainInEmails: false
enableDynamicClientRegistration: false
enableIdtokenApi2: false
enableLegacyLogsSearchV2: false
enableLegacyProfile: false
enablePipeline2: false
enablePublicSignupUserExistsError: false
enableSso: false
mfaShowFactorListOnEnrollment: false
noDiscloseEnterpriseConnections: false
removeAlgFromJwks: false
revokeRefreshTokenGrant: false
useScopeDescriptionsForConsent: false
friendlyName: string
idleSessionLifetime: 0
mtls:
disable: false
enableEndpointAliases: false
pictureUrl: string
pushedAuthorizationRequestsSupported: false
sandboxVersion: string
sessionCookie:
mode: string
sessionLifetime: 0
sessions:
oidcLogoutPromptEnabled: false
supportEmail: string
supportUrl: string
Tenant Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Tenant resource accepts the following input properties:
- Acr
Values List<string>Supporteds - List of supported ACR values.
- Allow
Organization boolName In Authentication Api - Whether to accept an organization name instead of an ID on auth endpoints.
- Allowed
Logout List<string>Urls - URLs that Auth0 may redirect to after logout.
- Customize
Mfa boolIn Postlogin Action - Whether to enable flexible factors for MFA in the PostLogin action.
- Default
Audience string - API Audience to use by default for API Authorization flows. This setting is equivalent to appending the audience to every authorization request made to the tenant for every application.
- Default
Directory string - Name of the connection to be used for Password Grant exchanges. Options include
auth0-adldap
,ad
,auth0
,email
,sms
,waad
, andadfs
. - Default
Redirection stringUri - The default absolute redirection URI. Must be HTTPS or an empty string.
- Disable
Acr boolValues Supported - Disable list of supported ACR values.
- Enabled
Locales List<string> - Supported locales for the user interface. The first locale in the list will be used to set the default locale.
- Flags
Tenant
Flags - Configuration settings for tenant flags.
- Friendly
Name string - Friendly name for the tenant.
- Idle
Session doubleLifetime - Number of hours during which a session can be inactive before the user must log in again.
- Mtls
Tenant
Mtls - Configuration for mTLS.
- Picture
Url string - URL of logo to be shown for the tenant. Recommended size is 150px x 150px. If no URL is provided, the Auth0 logo will be used.
- bool
- Enable pushed authorization requests.
- Sandbox
Version string - Selected sandbox version for the extensibility environment, which allows you to use custom scripts to extend parts of Auth0's functionality.
- Tenant
Session Cookie - Alters behavior of tenant's session cookie. Contains a single
mode
property. - Session
Lifetime double - Number of hours during which a session will stay valid.
- Sessions
Tenant
Sessions - Sessions related settings for the tenant.
- Support
Email string - Support email address for authenticating users.
- Support
Url string - Support URL for authenticating users.
- Acr
Values []stringSupporteds - List of supported ACR values.
- Allow
Organization boolName In Authentication Api - Whether to accept an organization name instead of an ID on auth endpoints.
- Allowed
Logout []stringUrls - URLs that Auth0 may redirect to after logout.
- Customize
Mfa boolIn Postlogin Action - Whether to enable flexible factors for MFA in the PostLogin action.
- Default
Audience string - API Audience to use by default for API Authorization flows. This setting is equivalent to appending the audience to every authorization request made to the tenant for every application.
- Default
Directory string - Name of the connection to be used for Password Grant exchanges. Options include
auth0-adldap
,ad
,auth0
,email
,sms
,waad
, andadfs
. - Default
Redirection stringUri - The default absolute redirection URI. Must be HTTPS or an empty string.
- Disable
Acr boolValues Supported - Disable list of supported ACR values.
- Enabled
Locales []string - Supported locales for the user interface. The first locale in the list will be used to set the default locale.
- Flags
Tenant
Flags Args - Configuration settings for tenant flags.
- Friendly
Name string - Friendly name for the tenant.
- Idle
Session float64Lifetime - Number of hours during which a session can be inactive before the user must log in again.
- Mtls
Tenant
Mtls Args - Configuration for mTLS.
- Picture
Url string - URL of logo to be shown for the tenant. Recommended size is 150px x 150px. If no URL is provided, the Auth0 logo will be used.
- bool
- Enable pushed authorization requests.
- Sandbox
Version string - Selected sandbox version for the extensibility environment, which allows you to use custom scripts to extend parts of Auth0's functionality.
- Tenant
Session Cookie Args - Alters behavior of tenant's session cookie. Contains a single
mode
property. - Session
Lifetime float64 - Number of hours during which a session will stay valid.
- Sessions
Tenant
Sessions Args - Sessions related settings for the tenant.
- Support
Email string - Support email address for authenticating users.
- Support
Url string - Support URL for authenticating users.
- acr
Values List<String>Supporteds - List of supported ACR values.
- allow
Organization BooleanName In Authentication Api - Whether to accept an organization name instead of an ID on auth endpoints.
- allowed
Logout List<String>Urls - URLs that Auth0 may redirect to after logout.
- customize
Mfa BooleanIn Postlogin Action - Whether to enable flexible factors for MFA in the PostLogin action.
- default
Audience String - API Audience to use by default for API Authorization flows. This setting is equivalent to appending the audience to every authorization request made to the tenant for every application.
- default
Directory String - Name of the connection to be used for Password Grant exchanges. Options include
auth0-adldap
,ad
,auth0
,email
,sms
,waad
, andadfs
. - default
Redirection StringUri - The default absolute redirection URI. Must be HTTPS or an empty string.
- disable
Acr BooleanValues Supported - Disable list of supported ACR values.
- enabled
Locales List<String> - Supported locales for the user interface. The first locale in the list will be used to set the default locale.
- flags
Tenant
Flags - Configuration settings for tenant flags.
- friendly
Name String - Friendly name for the tenant.
- idle
Session DoubleLifetime - Number of hours during which a session can be inactive before the user must log in again.
- mtls
Tenant
Mtls - Configuration for mTLS.
- picture
Url String - URL of logo to be shown for the tenant. Recommended size is 150px x 150px. If no URL is provided, the Auth0 logo will be used.
- Boolean
- Enable pushed authorization requests.
- sandbox
Version String - Selected sandbox version for the extensibility environment, which allows you to use custom scripts to extend parts of Auth0's functionality.
- Tenant
Session Cookie - Alters behavior of tenant's session cookie. Contains a single
mode
property. - session
Lifetime Double - Number of hours during which a session will stay valid.
- sessions
Tenant
Sessions - Sessions related settings for the tenant.
- support
Email String - Support email address for authenticating users.
- support
Url String - Support URL for authenticating users.
- acr
Values string[]Supporteds - List of supported ACR values.
- allow
Organization booleanName In Authentication Api - Whether to accept an organization name instead of an ID on auth endpoints.
- allowed
Logout string[]Urls - URLs that Auth0 may redirect to after logout.
- customize
Mfa booleanIn Postlogin Action - Whether to enable flexible factors for MFA in the PostLogin action.
- default
Audience string - API Audience to use by default for API Authorization flows. This setting is equivalent to appending the audience to every authorization request made to the tenant for every application.
- default
Directory string - Name of the connection to be used for Password Grant exchanges. Options include
auth0-adldap
,ad
,auth0
,email
,sms
,waad
, andadfs
. - default
Redirection stringUri - The default absolute redirection URI. Must be HTTPS or an empty string.
- disable
Acr booleanValues Supported - Disable list of supported ACR values.
- enabled
Locales string[] - Supported locales for the user interface. The first locale in the list will be used to set the default locale.
- flags
Tenant
Flags - Configuration settings for tenant flags.
- friendly
Name string - Friendly name for the tenant.
- idle
Session numberLifetime - Number of hours during which a session can be inactive before the user must log in again.
- mtls
Tenant
Mtls - Configuration for mTLS.
- picture
Url string - URL of logo to be shown for the tenant. Recommended size is 150px x 150px. If no URL is provided, the Auth0 logo will be used.
- boolean
- Enable pushed authorization requests.
- sandbox
Version string - Selected sandbox version for the extensibility environment, which allows you to use custom scripts to extend parts of Auth0's functionality.
- Tenant
Session Cookie - Alters behavior of tenant's session cookie. Contains a single
mode
property. - session
Lifetime number - Number of hours during which a session will stay valid.
- sessions
Tenant
Sessions - Sessions related settings for the tenant.
- support
Email string - Support email address for authenticating users.
- support
Url string - Support URL for authenticating users.
- acr_
values_ Sequence[str]supporteds - List of supported ACR values.
- allow_
organization_ boolname_ in_ authentication_ api - Whether to accept an organization name instead of an ID on auth endpoints.
- allowed_
logout_ Sequence[str]urls - URLs that Auth0 may redirect to after logout.
- customize_
mfa_ boolin_ postlogin_ action - Whether to enable flexible factors for MFA in the PostLogin action.
- default_
audience str - API Audience to use by default for API Authorization flows. This setting is equivalent to appending the audience to every authorization request made to the tenant for every application.
- default_
directory str - Name of the connection to be used for Password Grant exchanges. Options include
auth0-adldap
,ad
,auth0
,email
,sms
,waad
, andadfs
. - default_
redirection_ struri - The default absolute redirection URI. Must be HTTPS or an empty string.
- disable_
acr_ boolvalues_ supported - Disable list of supported ACR values.
- enabled_
locales Sequence[str] - Supported locales for the user interface. The first locale in the list will be used to set the default locale.
- flags
Tenant
Flags Args - Configuration settings for tenant flags.
- friendly_
name str - Friendly name for the tenant.
- idle_
session_ floatlifetime - Number of hours during which a session can be inactive before the user must log in again.
- mtls
Tenant
Mtls Args - Configuration for mTLS.
- picture_
url str - URL of logo to be shown for the tenant. Recommended size is 150px x 150px. If no URL is provided, the Auth0 logo will be used.
- bool
- Enable pushed authorization requests.
- sandbox_
version str - Selected sandbox version for the extensibility environment, which allows you to use custom scripts to extend parts of Auth0's functionality.
- Tenant
Session Cookie Args - Alters behavior of tenant's session cookie. Contains a single
mode
property. - session_
lifetime float - Number of hours during which a session will stay valid.
- sessions
Tenant
Sessions Args - Sessions related settings for the tenant.
- support_
email str - Support email address for authenticating users.
- support_
url str - Support URL for authenticating users.
- acr
Values List<String>Supporteds - List of supported ACR values.
- allow
Organization BooleanName In Authentication Api - Whether to accept an organization name instead of an ID on auth endpoints.
- allowed
Logout List<String>Urls - URLs that Auth0 may redirect to after logout.
- customize
Mfa BooleanIn Postlogin Action - Whether to enable flexible factors for MFA in the PostLogin action.
- default
Audience String - API Audience to use by default for API Authorization flows. This setting is equivalent to appending the audience to every authorization request made to the tenant for every application.
- default
Directory String - Name of the connection to be used for Password Grant exchanges. Options include
auth0-adldap
,ad
,auth0
,email
,sms
,waad
, andadfs
. - default
Redirection StringUri - The default absolute redirection URI. Must be HTTPS or an empty string.
- disable
Acr BooleanValues Supported - Disable list of supported ACR values.
- enabled
Locales List<String> - Supported locales for the user interface. The first locale in the list will be used to set the default locale.
- flags Property Map
- Configuration settings for tenant flags.
- friendly
Name String - Friendly name for the tenant.
- idle
Session NumberLifetime - Number of hours during which a session can be inactive before the user must log in again.
- mtls Property Map
- Configuration for mTLS.
- picture
Url String - URL of logo to be shown for the tenant. Recommended size is 150px x 150px. If no URL is provided, the Auth0 logo will be used.
- Boolean
- Enable pushed authorization requests.
- sandbox
Version String - Selected sandbox version for the extensibility environment, which allows you to use custom scripts to extend parts of Auth0's functionality.
- Property Map
- Alters behavior of tenant's session cookie. Contains a single
mode
property. - session
Lifetime Number - Number of hours during which a session will stay valid.
- sessions Property Map
- Sessions related settings for the tenant.
- support
Email String - Support email address for authenticating users.
- support
Url String - Support URL for authenticating users.
Outputs
All input properties are implicitly available as output properties. Additionally, the Tenant resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing Tenant Resource
Get an existing Tenant resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: TenantState, opts?: CustomResourceOptions): Tenant
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
acr_values_supporteds: Optional[Sequence[str]] = None,
allow_organization_name_in_authentication_api: Optional[bool] = None,
allowed_logout_urls: Optional[Sequence[str]] = None,
customize_mfa_in_postlogin_action: Optional[bool] = None,
default_audience: Optional[str] = None,
default_directory: Optional[str] = None,
default_redirection_uri: Optional[str] = None,
disable_acr_values_supported: Optional[bool] = None,
enabled_locales: Optional[Sequence[str]] = None,
flags: Optional[TenantFlagsArgs] = None,
friendly_name: Optional[str] = None,
idle_session_lifetime: Optional[float] = None,
mtls: Optional[TenantMtlsArgs] = None,
picture_url: Optional[str] = None,
pushed_authorization_requests_supported: Optional[bool] = None,
sandbox_version: Optional[str] = None,
session_cookie: Optional[TenantSessionCookieArgs] = None,
session_lifetime: Optional[float] = None,
sessions: Optional[TenantSessionsArgs] = None,
support_email: Optional[str] = None,
support_url: Optional[str] = None) -> Tenant
func GetTenant(ctx *Context, name string, id IDInput, state *TenantState, opts ...ResourceOption) (*Tenant, error)
public static Tenant Get(string name, Input<string> id, TenantState? state, CustomResourceOptions? opts = null)
public static Tenant get(String name, Output<String> id, TenantState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Acr
Values List<string>Supporteds - List of supported ACR values.
- Allow
Organization boolName In Authentication Api - Whether to accept an organization name instead of an ID on auth endpoints.
- Allowed
Logout List<string>Urls - URLs that Auth0 may redirect to after logout.
- Customize
Mfa boolIn Postlogin Action - Whether to enable flexible factors for MFA in the PostLogin action.
- Default
Audience string - API Audience to use by default for API Authorization flows. This setting is equivalent to appending the audience to every authorization request made to the tenant for every application.
- Default
Directory string - Name of the connection to be used for Password Grant exchanges. Options include
auth0-adldap
,ad
,auth0
,email
,sms
,waad
, andadfs
. - Default
Redirection stringUri - The default absolute redirection URI. Must be HTTPS or an empty string.
- Disable
Acr boolValues Supported - Disable list of supported ACR values.
- Enabled
Locales List<string> - Supported locales for the user interface. The first locale in the list will be used to set the default locale.
- Flags
Tenant
Flags - Configuration settings for tenant flags.
- Friendly
Name string - Friendly name for the tenant.
- Idle
Session doubleLifetime - Number of hours during which a session can be inactive before the user must log in again.
- Mtls
Tenant
Mtls - Configuration for mTLS.
- Picture
Url string - URL of logo to be shown for the tenant. Recommended size is 150px x 150px. If no URL is provided, the Auth0 logo will be used.
- bool
- Enable pushed authorization requests.
- Sandbox
Version string - Selected sandbox version for the extensibility environment, which allows you to use custom scripts to extend parts of Auth0's functionality.
- Tenant
Session Cookie - Alters behavior of tenant's session cookie. Contains a single
mode
property. - Session
Lifetime double - Number of hours during which a session will stay valid.
- Sessions
Tenant
Sessions - Sessions related settings for the tenant.
- Support
Email string - Support email address for authenticating users.
- Support
Url string - Support URL for authenticating users.
- Acr
Values []stringSupporteds - List of supported ACR values.
- Allow
Organization boolName In Authentication Api - Whether to accept an organization name instead of an ID on auth endpoints.
- Allowed
Logout []stringUrls - URLs that Auth0 may redirect to after logout.
- Customize
Mfa boolIn Postlogin Action - Whether to enable flexible factors for MFA in the PostLogin action.
- Default
Audience string - API Audience to use by default for API Authorization flows. This setting is equivalent to appending the audience to every authorization request made to the tenant for every application.
- Default
Directory string - Name of the connection to be used for Password Grant exchanges. Options include
auth0-adldap
,ad
,auth0
,email
,sms
,waad
, andadfs
. - Default
Redirection stringUri - The default absolute redirection URI. Must be HTTPS or an empty string.
- Disable
Acr boolValues Supported - Disable list of supported ACR values.
- Enabled
Locales []string - Supported locales for the user interface. The first locale in the list will be used to set the default locale.
- Flags
Tenant
Flags Args - Configuration settings for tenant flags.
- Friendly
Name string - Friendly name for the tenant.
- Idle
Session float64Lifetime - Number of hours during which a session can be inactive before the user must log in again.
- Mtls
Tenant
Mtls Args - Configuration for mTLS.
- Picture
Url string - URL of logo to be shown for the tenant. Recommended size is 150px x 150px. If no URL is provided, the Auth0 logo will be used.
- bool
- Enable pushed authorization requests.
- Sandbox
Version string - Selected sandbox version for the extensibility environment, which allows you to use custom scripts to extend parts of Auth0's functionality.
- Tenant
Session Cookie Args - Alters behavior of tenant's session cookie. Contains a single
mode
property. - Session
Lifetime float64 - Number of hours during which a session will stay valid.
- Sessions
Tenant
Sessions Args - Sessions related settings for the tenant.
- Support
Email string - Support email address for authenticating users.
- Support
Url string - Support URL for authenticating users.
- acr
Values List<String>Supporteds - List of supported ACR values.
- allow
Organization BooleanName In Authentication Api - Whether to accept an organization name instead of an ID on auth endpoints.
- allowed
Logout List<String>Urls - URLs that Auth0 may redirect to after logout.
- customize
Mfa BooleanIn Postlogin Action - Whether to enable flexible factors for MFA in the PostLogin action.
- default
Audience String - API Audience to use by default for API Authorization flows. This setting is equivalent to appending the audience to every authorization request made to the tenant for every application.
- default
Directory String - Name of the connection to be used for Password Grant exchanges. Options include
auth0-adldap
,ad
,auth0
,email
,sms
,waad
, andadfs
. - default
Redirection StringUri - The default absolute redirection URI. Must be HTTPS or an empty string.
- disable
Acr BooleanValues Supported - Disable list of supported ACR values.
- enabled
Locales List<String> - Supported locales for the user interface. The first locale in the list will be used to set the default locale.
- flags
Tenant
Flags - Configuration settings for tenant flags.
- friendly
Name String - Friendly name for the tenant.
- idle
Session DoubleLifetime - Number of hours during which a session can be inactive before the user must log in again.
- mtls
Tenant
Mtls - Configuration for mTLS.
- picture
Url String - URL of logo to be shown for the tenant. Recommended size is 150px x 150px. If no URL is provided, the Auth0 logo will be used.
- Boolean
- Enable pushed authorization requests.
- sandbox
Version String - Selected sandbox version for the extensibility environment, which allows you to use custom scripts to extend parts of Auth0's functionality.
- Tenant
Session Cookie - Alters behavior of tenant's session cookie. Contains a single
mode
property. - session
Lifetime Double - Number of hours during which a session will stay valid.
- sessions
Tenant
Sessions - Sessions related settings for the tenant.
- support
Email String - Support email address for authenticating users.
- support
Url String - Support URL for authenticating users.
- acr
Values string[]Supporteds - List of supported ACR values.
- allow
Organization booleanName In Authentication Api - Whether to accept an organization name instead of an ID on auth endpoints.
- allowed
Logout string[]Urls - URLs that Auth0 may redirect to after logout.
- customize
Mfa booleanIn Postlogin Action - Whether to enable flexible factors for MFA in the PostLogin action.
- default
Audience string - API Audience to use by default for API Authorization flows. This setting is equivalent to appending the audience to every authorization request made to the tenant for every application.
- default
Directory string - Name of the connection to be used for Password Grant exchanges. Options include
auth0-adldap
,ad
,auth0
,email
,sms
,waad
, andadfs
. - default
Redirection stringUri - The default absolute redirection URI. Must be HTTPS or an empty string.
- disable
Acr booleanValues Supported - Disable list of supported ACR values.
- enabled
Locales string[] - Supported locales for the user interface. The first locale in the list will be used to set the default locale.
- flags
Tenant
Flags - Configuration settings for tenant flags.
- friendly
Name string - Friendly name for the tenant.
- idle
Session numberLifetime - Number of hours during which a session can be inactive before the user must log in again.
- mtls
Tenant
Mtls - Configuration for mTLS.
- picture
Url string - URL of logo to be shown for the tenant. Recommended size is 150px x 150px. If no URL is provided, the Auth0 logo will be used.
- boolean
- Enable pushed authorization requests.
- sandbox
Version string - Selected sandbox version for the extensibility environment, which allows you to use custom scripts to extend parts of Auth0's functionality.
- Tenant
Session Cookie - Alters behavior of tenant's session cookie. Contains a single
mode
property. - session
Lifetime number - Number of hours during which a session will stay valid.
- sessions
Tenant
Sessions - Sessions related settings for the tenant.
- support
Email string - Support email address for authenticating users.
- support
Url string - Support URL for authenticating users.
- acr_
values_ Sequence[str]supporteds - List of supported ACR values.
- allow_
organization_ boolname_ in_ authentication_ api - Whether to accept an organization name instead of an ID on auth endpoints.
- allowed_
logout_ Sequence[str]urls - URLs that Auth0 may redirect to after logout.
- customize_
mfa_ boolin_ postlogin_ action - Whether to enable flexible factors for MFA in the PostLogin action.
- default_
audience str - API Audience to use by default for API Authorization flows. This setting is equivalent to appending the audience to every authorization request made to the tenant for every application.
- default_
directory str - Name of the connection to be used for Password Grant exchanges. Options include
auth0-adldap
,ad
,auth0
,email
,sms
,waad
, andadfs
. - default_
redirection_ struri - The default absolute redirection URI. Must be HTTPS or an empty string.
- disable_
acr_ boolvalues_ supported - Disable list of supported ACR values.
- enabled_
locales Sequence[str] - Supported locales for the user interface. The first locale in the list will be used to set the default locale.
- flags
Tenant
Flags Args - Configuration settings for tenant flags.
- friendly_
name str - Friendly name for the tenant.
- idle_
session_ floatlifetime - Number of hours during which a session can be inactive before the user must log in again.
- mtls
Tenant
Mtls Args - Configuration for mTLS.
- picture_
url str - URL of logo to be shown for the tenant. Recommended size is 150px x 150px. If no URL is provided, the Auth0 logo will be used.
- bool
- Enable pushed authorization requests.
- sandbox_
version str - Selected sandbox version for the extensibility environment, which allows you to use custom scripts to extend parts of Auth0's functionality.
- Tenant
Session Cookie Args - Alters behavior of tenant's session cookie. Contains a single
mode
property. - session_
lifetime float - Number of hours during which a session will stay valid.
- sessions
Tenant
Sessions Args - Sessions related settings for the tenant.
- support_
email str - Support email address for authenticating users.
- support_
url str - Support URL for authenticating users.
- acr
Values List<String>Supporteds - List of supported ACR values.
- allow
Organization BooleanName In Authentication Api - Whether to accept an organization name instead of an ID on auth endpoints.
- allowed
Logout List<String>Urls - URLs that Auth0 may redirect to after logout.
- customize
Mfa BooleanIn Postlogin Action - Whether to enable flexible factors for MFA in the PostLogin action.
- default
Audience String - API Audience to use by default for API Authorization flows. This setting is equivalent to appending the audience to every authorization request made to the tenant for every application.
- default
Directory String - Name of the connection to be used for Password Grant exchanges. Options include
auth0-adldap
,ad
,auth0
,email
,sms
,waad
, andadfs
. - default
Redirection StringUri - The default absolute redirection URI. Must be HTTPS or an empty string.
- disable
Acr BooleanValues Supported - Disable list of supported ACR values.
- enabled
Locales List<String> - Supported locales for the user interface. The first locale in the list will be used to set the default locale.
- flags Property Map
- Configuration settings for tenant flags.
- friendly
Name String - Friendly name for the tenant.
- idle
Session NumberLifetime - Number of hours during which a session can be inactive before the user must log in again.
- mtls Property Map
- Configuration for mTLS.
- picture
Url String - URL of logo to be shown for the tenant. Recommended size is 150px x 150px. If no URL is provided, the Auth0 logo will be used.
- Boolean
- Enable pushed authorization requests.
- sandbox
Version String - Selected sandbox version for the extensibility environment, which allows you to use custom scripts to extend parts of Auth0's functionality.
- Property Map
- Alters behavior of tenant's session cookie. Contains a single
mode
property. - session
Lifetime Number - Number of hours during which a session will stay valid.
- sessions Property Map
- Sessions related settings for the tenant.
- support
Email String - Support email address for authenticating users.
- support
Url String - Support URL for authenticating users.
Supporting Types
TenantFlags, TenantFlagsArgs
- Allow
Legacy boolDelegation Grant Types - Whether the legacy delegation endpoint will be enabled for your account (true) or not available (false).
- Allow
Legacy boolRo Grant Types - Whether the legacy
auth/ro
endpoint (used with resource owner password and passwordless features) will be enabled for your account (true) or not available (false). - Allow
Legacy boolTokeninfo Endpoint - If enabled, customers can use Tokeninfo Endpoint, otherwise they can not use it.
- Dashboard
Insights boolView - Enables new insights activity page view.
- Dashboard
Log boolStreams Next - Enables beta access to log streaming changes.
- Disable
Clickjack boolProtection Headers - Indicates whether classic Universal Login prompts include additional security headers to prevent clickjacking.
- Disable
Fields boolMap Fix - Disables SAML fields map fix for bad mappings with repeated attributes.
- Disable
Management boolApi Sms Obfuscation - If true, SMS phone numbers will not be obfuscated in Management API GET calls.
- Enable
Adfs boolWaad Email Verification - If enabled, users will be presented with an email verification prompt during their first login when using Azure AD or ADFS connections.
- Enable
Apis boolSection - Indicates whether the APIs section is enabled for the tenant.
- Enable
Client boolConnections - Indicates whether all current connections should be enabled when a new client is created.
- Enable
Custom boolDomain In Emails - Indicates whether the tenant allows custom domains in emails. Before enabling this flag, you must have a custom domain with status:
ready
. - Enable
Dynamic boolClient Registration - Indicates whether the tenant allows dynamic client registration.
- Enable
Idtoken boolApi2 - Whether ID tokens can be used to authorize some types of requests to API v2 (true) or not (false).
- Enable
Legacy boolLogs Search V2 - Indicates whether to use the older v2 legacy logs search.
- Enable
Legacy boolProfile - Whether ID tokens and the userinfo endpoint includes a complete user profile (true) or only OpenID Connect claims (false).
- Enable
Pipeline2 bool - Indicates whether advanced API Authorization scenarios are enabled.
- Enable
Public boolSignup User Exists Error - Indicates whether the public sign up process shows a
user_exists
error if the user already exists. - Enable
Sso bool - Flag indicating whether users will not be prompted to confirm log in before SSO redirection. This flag applies to existing tenants only; new tenants have it enforced as true.
- Mfa
Show boolFactor List On Enrollment - Used to allow users to pick which factor to enroll with from the list of available MFA factors.
- No
Disclose boolEnterprise Connections - Do not Publish Enterprise Connections Information with IdP domains on the lock configuration file.
- Remove
Alg boolFrom Jwks - Remove
alg
from jwks(JSON Web Key Sets). - bool
- This Flag is not supported by the Auth0 Management API and will be removed in the next major release.
- Revoke
Refresh boolToken Grant - Delete underlying grant when a refresh token is revoked via the Authentication API.
- Use
Scope boolDescriptions For Consent - Indicates whether to use scope descriptions for consent.
- Allow
Legacy boolDelegation Grant Types - Whether the legacy delegation endpoint will be enabled for your account (true) or not available (false).
- Allow
Legacy boolRo Grant Types - Whether the legacy
auth/ro
endpoint (used with resource owner password and passwordless features) will be enabled for your account (true) or not available (false). - Allow
Legacy boolTokeninfo Endpoint - If enabled, customers can use Tokeninfo Endpoint, otherwise they can not use it.
- Dashboard
Insights boolView - Enables new insights activity page view.
- Dashboard
Log boolStreams Next - Enables beta access to log streaming changes.
- Disable
Clickjack boolProtection Headers - Indicates whether classic Universal Login prompts include additional security headers to prevent clickjacking.
- Disable
Fields boolMap Fix - Disables SAML fields map fix for bad mappings with repeated attributes.
- Disable
Management boolApi Sms Obfuscation - If true, SMS phone numbers will not be obfuscated in Management API GET calls.
- Enable
Adfs boolWaad Email Verification - If enabled, users will be presented with an email verification prompt during their first login when using Azure AD or ADFS connections.
- Enable
Apis boolSection - Indicates whether the APIs section is enabled for the tenant.
- Enable
Client boolConnections - Indicates whether all current connections should be enabled when a new client is created.
- Enable
Custom boolDomain In Emails - Indicates whether the tenant allows custom domains in emails. Before enabling this flag, you must have a custom domain with status:
ready
. - Enable
Dynamic boolClient Registration - Indicates whether the tenant allows dynamic client registration.
- Enable
Idtoken boolApi2 - Whether ID tokens can be used to authorize some types of requests to API v2 (true) or not (false).
- Enable
Legacy boolLogs Search V2 - Indicates whether to use the older v2 legacy logs search.
- Enable
Legacy boolProfile - Whether ID tokens and the userinfo endpoint includes a complete user profile (true) or only OpenID Connect claims (false).
- Enable
Pipeline2 bool - Indicates whether advanced API Authorization scenarios are enabled.
- Enable
Public boolSignup User Exists Error - Indicates whether the public sign up process shows a
user_exists
error if the user already exists. - Enable
Sso bool - Flag indicating whether users will not be prompted to confirm log in before SSO redirection. This flag applies to existing tenants only; new tenants have it enforced as true.
- Mfa
Show boolFactor List On Enrollment - Used to allow users to pick which factor to enroll with from the list of available MFA factors.
- No
Disclose boolEnterprise Connections - Do not Publish Enterprise Connections Information with IdP domains on the lock configuration file.
- Remove
Alg boolFrom Jwks - Remove
alg
from jwks(JSON Web Key Sets). - bool
- This Flag is not supported by the Auth0 Management API and will be removed in the next major release.
- Revoke
Refresh boolToken Grant - Delete underlying grant when a refresh token is revoked via the Authentication API.
- Use
Scope boolDescriptions For Consent - Indicates whether to use scope descriptions for consent.
- allow
Legacy BooleanDelegation Grant Types - Whether the legacy delegation endpoint will be enabled for your account (true) or not available (false).
- allow
Legacy BooleanRo Grant Types - Whether the legacy
auth/ro
endpoint (used with resource owner password and passwordless features) will be enabled for your account (true) or not available (false). - allow
Legacy BooleanTokeninfo Endpoint - If enabled, customers can use Tokeninfo Endpoint, otherwise they can not use it.
- dashboard
Insights BooleanView - Enables new insights activity page view.
- dashboard
Log BooleanStreams Next - Enables beta access to log streaming changes.
- disable
Clickjack BooleanProtection Headers - Indicates whether classic Universal Login prompts include additional security headers to prevent clickjacking.
- disable
Fields BooleanMap Fix - Disables SAML fields map fix for bad mappings with repeated attributes.
- disable
Management BooleanApi Sms Obfuscation - If true, SMS phone numbers will not be obfuscated in Management API GET calls.
- enable
Adfs BooleanWaad Email Verification - If enabled, users will be presented with an email verification prompt during their first login when using Azure AD or ADFS connections.
- enable
Apis BooleanSection - Indicates whether the APIs section is enabled for the tenant.
- enable
Client BooleanConnections - Indicates whether all current connections should be enabled when a new client is created.
- enable
Custom BooleanDomain In Emails - Indicates whether the tenant allows custom domains in emails. Before enabling this flag, you must have a custom domain with status:
ready
. - enable
Dynamic BooleanClient Registration - Indicates whether the tenant allows dynamic client registration.
- enable
Idtoken BooleanApi2 - Whether ID tokens can be used to authorize some types of requests to API v2 (true) or not (false).
- enable
Legacy BooleanLogs Search V2 - Indicates whether to use the older v2 legacy logs search.
- enable
Legacy BooleanProfile - Whether ID tokens and the userinfo endpoint includes a complete user profile (true) or only OpenID Connect claims (false).
- enable
Pipeline2 Boolean - Indicates whether advanced API Authorization scenarios are enabled.
- enable
Public BooleanSignup User Exists Error - Indicates whether the public sign up process shows a
user_exists
error if the user already exists. - enable
Sso Boolean - Flag indicating whether users will not be prompted to confirm log in before SSO redirection. This flag applies to existing tenants only; new tenants have it enforced as true.
- mfa
Show BooleanFactor List On Enrollment - Used to allow users to pick which factor to enroll with from the list of available MFA factors.
- no
Disclose BooleanEnterprise Connections - Do not Publish Enterprise Connections Information with IdP domains on the lock configuration file.
- remove
Alg BooleanFrom Jwks - Remove
alg
from jwks(JSON Web Key Sets). - Boolean
- This Flag is not supported by the Auth0 Management API and will be removed in the next major release.
- revoke
Refresh BooleanToken Grant - Delete underlying grant when a refresh token is revoked via the Authentication API.
- use
Scope BooleanDescriptions For Consent - Indicates whether to use scope descriptions for consent.
- allow
Legacy booleanDelegation Grant Types - Whether the legacy delegation endpoint will be enabled for your account (true) or not available (false).
- allow
Legacy booleanRo Grant Types - Whether the legacy
auth/ro
endpoint (used with resource owner password and passwordless features) will be enabled for your account (true) or not available (false). - allow
Legacy booleanTokeninfo Endpoint - If enabled, customers can use Tokeninfo Endpoint, otherwise they can not use it.
- dashboard
Insights booleanView - Enables new insights activity page view.
- dashboard
Log booleanStreams Next - Enables beta access to log streaming changes.
- disable
Clickjack booleanProtection Headers - Indicates whether classic Universal Login prompts include additional security headers to prevent clickjacking.
- disable
Fields booleanMap Fix - Disables SAML fields map fix for bad mappings with repeated attributes.
- disable
Management booleanApi Sms Obfuscation - If true, SMS phone numbers will not be obfuscated in Management API GET calls.
- enable
Adfs booleanWaad Email Verification - If enabled, users will be presented with an email verification prompt during their first login when using Azure AD or ADFS connections.
- enable
Apis booleanSection - Indicates whether the APIs section is enabled for the tenant.
- enable
Client booleanConnections - Indicates whether all current connections should be enabled when a new client is created.
- enable
Custom booleanDomain In Emails - Indicates whether the tenant allows custom domains in emails. Before enabling this flag, you must have a custom domain with status:
ready
. - enable
Dynamic booleanClient Registration - Indicates whether the tenant allows dynamic client registration.
- enable
Idtoken booleanApi2 - Whether ID tokens can be used to authorize some types of requests to API v2 (true) or not (false).
- enable
Legacy booleanLogs Search V2 - Indicates whether to use the older v2 legacy logs search.
- enable
Legacy booleanProfile - Whether ID tokens and the userinfo endpoint includes a complete user profile (true) or only OpenID Connect claims (false).
- enable
Pipeline2 boolean - Indicates whether advanced API Authorization scenarios are enabled.
- enable
Public booleanSignup User Exists Error - Indicates whether the public sign up process shows a
user_exists
error if the user already exists. - enable
Sso boolean - Flag indicating whether users will not be prompted to confirm log in before SSO redirection. This flag applies to existing tenants only; new tenants have it enforced as true.
- mfa
Show booleanFactor List On Enrollment - Used to allow users to pick which factor to enroll with from the list of available MFA factors.
- no
Disclose booleanEnterprise Connections - Do not Publish Enterprise Connections Information with IdP domains on the lock configuration file.
- remove
Alg booleanFrom Jwks - Remove
alg
from jwks(JSON Web Key Sets). - boolean
- This Flag is not supported by the Auth0 Management API and will be removed in the next major release.
- revoke
Refresh booleanToken Grant - Delete underlying grant when a refresh token is revoked via the Authentication API.
- use
Scope booleanDescriptions For Consent - Indicates whether to use scope descriptions for consent.
- allow_
legacy_ booldelegation_ grant_ types - Whether the legacy delegation endpoint will be enabled for your account (true) or not available (false).
- allow_
legacy_ boolro_ grant_ types - Whether the legacy
auth/ro
endpoint (used with resource owner password and passwordless features) will be enabled for your account (true) or not available (false). - allow_
legacy_ booltokeninfo_ endpoint - If enabled, customers can use Tokeninfo Endpoint, otherwise they can not use it.
- dashboard_
insights_ boolview - Enables new insights activity page view.
- dashboard_
log_ boolstreams_ next - Enables beta access to log streaming changes.
- disable_
clickjack_ boolprotection_ headers - Indicates whether classic Universal Login prompts include additional security headers to prevent clickjacking.
- disable_
fields_ boolmap_ fix - Disables SAML fields map fix for bad mappings with repeated attributes.
- disable_
management_ boolapi_ sms_ obfuscation - If true, SMS phone numbers will not be obfuscated in Management API GET calls.
- enable_
adfs_ boolwaad_ email_ verification - If enabled, users will be presented with an email verification prompt during their first login when using Azure AD or ADFS connections.
- enable_
apis_ boolsection - Indicates whether the APIs section is enabled for the tenant.
- enable_
client_ boolconnections - Indicates whether all current connections should be enabled when a new client is created.
- enable_
custom_ booldomain_ in_ emails - Indicates whether the tenant allows custom domains in emails. Before enabling this flag, you must have a custom domain with status:
ready
. - enable_
dynamic_ boolclient_ registration - Indicates whether the tenant allows dynamic client registration.
- enable_
idtoken_ boolapi2 - Whether ID tokens can be used to authorize some types of requests to API v2 (true) or not (false).
- enable_
legacy_ boollogs_ search_ v2 - Indicates whether to use the older v2 legacy logs search.
- enable_
legacy_ boolprofile - Whether ID tokens and the userinfo endpoint includes a complete user profile (true) or only OpenID Connect claims (false).
- enable_
pipeline2 bool - Indicates whether advanced API Authorization scenarios are enabled.
- enable_
public_ boolsignup_ user_ exists_ error - Indicates whether the public sign up process shows a
user_exists
error if the user already exists. - enable_
sso bool - Flag indicating whether users will not be prompted to confirm log in before SSO redirection. This flag applies to existing tenants only; new tenants have it enforced as true.
- mfa_
show_ boolfactor_ list_ on_ enrollment - Used to allow users to pick which factor to enroll with from the list of available MFA factors.
- no_
disclose_ boolenterprise_ connections - Do not Publish Enterprise Connections Information with IdP domains on the lock configuration file.
- remove_
alg_ boolfrom_ jwks - Remove
alg
from jwks(JSON Web Key Sets). - bool
- This Flag is not supported by the Auth0 Management API and will be removed in the next major release.
- revoke_
refresh_ booltoken_ grant - Delete underlying grant when a refresh token is revoked via the Authentication API.
- use_
scope_ booldescriptions_ for_ consent - Indicates whether to use scope descriptions for consent.
- allow
Legacy BooleanDelegation Grant Types - Whether the legacy delegation endpoint will be enabled for your account (true) or not available (false).
- allow
Legacy BooleanRo Grant Types - Whether the legacy
auth/ro
endpoint (used with resource owner password and passwordless features) will be enabled for your account (true) or not available (false). - allow
Legacy BooleanTokeninfo Endpoint - If enabled, customers can use Tokeninfo Endpoint, otherwise they can not use it.
- dashboard
Insights BooleanView - Enables new insights activity page view.
- dashboard
Log BooleanStreams Next - Enables beta access to log streaming changes.
- disable
Clickjack BooleanProtection Headers - Indicates whether classic Universal Login prompts include additional security headers to prevent clickjacking.
- disable
Fields BooleanMap Fix - Disables SAML fields map fix for bad mappings with repeated attributes.
- disable
Management BooleanApi Sms Obfuscation - If true, SMS phone numbers will not be obfuscated in Management API GET calls.
- enable
Adfs BooleanWaad Email Verification - If enabled, users will be presented with an email verification prompt during their first login when using Azure AD or ADFS connections.
- enable
Apis BooleanSection - Indicates whether the APIs section is enabled for the tenant.
- enable
Client BooleanConnections - Indicates whether all current connections should be enabled when a new client is created.
- enable
Custom BooleanDomain In Emails - Indicates whether the tenant allows custom domains in emails. Before enabling this flag, you must have a custom domain with status:
ready
. - enable
Dynamic BooleanClient Registration - Indicates whether the tenant allows dynamic client registration.
- enable
Idtoken BooleanApi2 - Whether ID tokens can be used to authorize some types of requests to API v2 (true) or not (false).
- enable
Legacy BooleanLogs Search V2 - Indicates whether to use the older v2 legacy logs search.
- enable
Legacy BooleanProfile - Whether ID tokens and the userinfo endpoint includes a complete user profile (true) or only OpenID Connect claims (false).
- enable
Pipeline2 Boolean - Indicates whether advanced API Authorization scenarios are enabled.
- enable
Public BooleanSignup User Exists Error - Indicates whether the public sign up process shows a
user_exists
error if the user already exists. - enable
Sso Boolean - Flag indicating whether users will not be prompted to confirm log in before SSO redirection. This flag applies to existing tenants only; new tenants have it enforced as true.
- mfa
Show BooleanFactor List On Enrollment - Used to allow users to pick which factor to enroll with from the list of available MFA factors.
- no
Disclose BooleanEnterprise Connections - Do not Publish Enterprise Connections Information with IdP domains on the lock configuration file.
- remove
Alg BooleanFrom Jwks - Remove
alg
from jwks(JSON Web Key Sets). - Boolean
- This Flag is not supported by the Auth0 Management API and will be removed in the next major release.
- revoke
Refresh BooleanToken Grant - Delete underlying grant when a refresh token is revoked via the Authentication API.
- use
Scope BooleanDescriptions For Consent - Indicates whether to use scope descriptions for consent.
TenantMtls, TenantMtlsArgs
- Disable bool
- Disable mTLS settings.
- Enable
Endpoint boolAliases - Enable mTLS endpoint aliases.
- Disable bool
- Disable mTLS settings.
- Enable
Endpoint boolAliases - Enable mTLS endpoint aliases.
- disable Boolean
- Disable mTLS settings.
- enable
Endpoint BooleanAliases - Enable mTLS endpoint aliases.
- disable boolean
- Disable mTLS settings.
- enable
Endpoint booleanAliases - Enable mTLS endpoint aliases.
- disable bool
- Disable mTLS settings.
- enable_
endpoint_ boolaliases - Enable mTLS endpoint aliases.
- disable Boolean
- Disable mTLS settings.
- enable
Endpoint BooleanAliases - Enable mTLS endpoint aliases.
TenantSessionCookie, TenantSessionCookieArgs
- Mode string
- Behavior of tenant session cookie. Accepts either "persistent" or "non-persistent".
- Mode string
- Behavior of tenant session cookie. Accepts either "persistent" or "non-persistent".
- mode String
- Behavior of tenant session cookie. Accepts either "persistent" or "non-persistent".
- mode string
- Behavior of tenant session cookie. Accepts either "persistent" or "non-persistent".
- mode str
- Behavior of tenant session cookie. Accepts either "persistent" or "non-persistent".
- mode String
- Behavior of tenant session cookie. Accepts either "persistent" or "non-persistent".
TenantSessions, TenantSessionsArgs
- Oidc
Logout boolPrompt Enabled - When active, users will be presented with a consent prompt to confirm the logout request if the request is not trustworthy. Turn off the consent prompt to bypass user confirmation.
- Oidc
Logout boolPrompt Enabled - When active, users will be presented with a consent prompt to confirm the logout request if the request is not trustworthy. Turn off the consent prompt to bypass user confirmation.
- oidc
Logout BooleanPrompt Enabled - When active, users will be presented with a consent prompt to confirm the logout request if the request is not trustworthy. Turn off the consent prompt to bypass user confirmation.
- oidc
Logout booleanPrompt Enabled - When active, users will be presented with a consent prompt to confirm the logout request if the request is not trustworthy. Turn off the consent prompt to bypass user confirmation.
- oidc_
logout_ boolprompt_ enabled - When active, users will be presented with a consent prompt to confirm the logout request if the request is not trustworthy. Turn off the consent prompt to bypass user confirmation.
- oidc
Logout BooleanPrompt Enabled - When active, users will be presented with a consent prompt to confirm the logout request if the request is not trustworthy. Turn off the consent prompt to bypass user confirmation.
Import
As this is not a resource identifiable by an ID within the Auth0 Management API,
tenant can be imported using a random string.
We recommend Version 4 UUID
Example:
$ pulumi import auth0:index/tenant:Tenant my_tenant "82f4f21b-017a-319d-92e7-2291c1ca36c4"
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Auth0 pulumi/pulumi-auth0
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
auth0
Terraform Provider.