1. Packages
  2. Cloudflare Provider
  3. API Docs
  4. AccessIdentityProvider
Cloudflare v5.43.0 published on Wednesday, Nov 13, 2024 by Pulumi

cloudflare.AccessIdentityProvider

Explore with Pulumi AI

cloudflare logo
Cloudflare v5.43.0 published on Wednesday, Nov 13, 2024 by Pulumi

    Provides a Cloudflare Access Identity Provider resource. Identity Providers are used as an authentication or authorisation source within Access.

    It’s required that an account_id or zone_id is provided and in most cases using either is fine. However, if you’re using a scoped access token, you must provide the argument that matches the token’s scope. For example, an access token that is scoped to the “example.com” zone needs to use the zone_id argument.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as cloudflare from "@pulumi/cloudflare";
    
    // one time pin
    const pinLogin = new cloudflare.AccessIdentityProvider("pin_login", {
        accountId: "f037e56e89293a057740de681ac9abbe",
        name: "PIN login",
        type: "onetimepin",
    });
    // oauth
    const githubOauth = new cloudflare.AccessIdentityProvider("github_oauth", {
        accountId: "f037e56e89293a057740de681ac9abbe",
        name: "GitHub OAuth",
        type: "github",
        configs: [{
            clientId: "example",
            clientSecret: "secret_key",
        }],
    });
    // saml
    const jumpcloudSaml = new cloudflare.AccessIdentityProvider("jumpcloud_saml", {
        accountId: "f037e56e89293a057740de681ac9abbe",
        name: "JumpCloud SAML",
        type: "saml",
        configs: [{
            issuerUrl: "jumpcloud",
            ssoTargetUrl: "https://sso.myexample.jumpcloud.com/saml2/cloudflareaccess",
            attributes: [
                "email",
                "username",
            ],
            signRequest: false,
            idpPublicCert: `MIIDpDCCAoygAwIBAgIGAV2ka+55MA0GCSqGSIb3DQEBCwUAMIGSMQswCQ...GF/Q2/MHadws97cZg
    uTnQyuOqPuHbnN83d/2l1NSYKCbHt24o`,
        }],
    });
    // okta
    const okta = new cloudflare.AccessIdentityProvider("okta", {
        accountId: "f037e56e89293a057740de681ac9abbe",
        name: "Okta",
        type: "okta",
        configs: [{
            clientId: "example",
            clientSecret: "secret_key",
            apiToken: "okta_api_token",
            oktaAccount: "https://example.com",
        }],
    });
    
    import pulumi
    import pulumi_cloudflare as cloudflare
    
    # one time pin
    pin_login = cloudflare.AccessIdentityProvider("pin_login",
        account_id="f037e56e89293a057740de681ac9abbe",
        name="PIN login",
        type="onetimepin")
    # oauth
    github_oauth = cloudflare.AccessIdentityProvider("github_oauth",
        account_id="f037e56e89293a057740de681ac9abbe",
        name="GitHub OAuth",
        type="github",
        configs=[{
            "client_id": "example",
            "client_secret": "secret_key",
        }])
    # saml
    jumpcloud_saml = cloudflare.AccessIdentityProvider("jumpcloud_saml",
        account_id="f037e56e89293a057740de681ac9abbe",
        name="JumpCloud SAML",
        type="saml",
        configs=[{
            "issuer_url": "jumpcloud",
            "sso_target_url": "https://sso.myexample.jumpcloud.com/saml2/cloudflareaccess",
            "attributes": [
                "email",
                "username",
            ],
            "sign_request": False,
            "idp_public_cert": """MIIDpDCCAoygAwIBAgIGAV2ka+55MA0GCSqGSIb3DQEBCwUAMIGSMQswCQ...GF/Q2/MHadws97cZg
    uTnQyuOqPuHbnN83d/2l1NSYKCbHt24o""",
        }])
    # okta
    okta = cloudflare.AccessIdentityProvider("okta",
        account_id="f037e56e89293a057740de681ac9abbe",
        name="Okta",
        type="okta",
        configs=[{
            "client_id": "example",
            "client_secret": "secret_key",
            "api_token": "okta_api_token",
            "okta_account": "https://example.com",
        }])
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-cloudflare/sdk/v5/go/cloudflare"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		// one time pin
    		_, err := cloudflare.NewAccessIdentityProvider(ctx, "pin_login", &cloudflare.AccessIdentityProviderArgs{
    			AccountId: pulumi.String("f037e56e89293a057740de681ac9abbe"),
    			Name:      pulumi.String("PIN login"),
    			Type:      pulumi.String("onetimepin"),
    		})
    		if err != nil {
    			return err
    		}
    		// oauth
    		_, err = cloudflare.NewAccessIdentityProvider(ctx, "github_oauth", &cloudflare.AccessIdentityProviderArgs{
    			AccountId: pulumi.String("f037e56e89293a057740de681ac9abbe"),
    			Name:      pulumi.String("GitHub OAuth"),
    			Type:      pulumi.String("github"),
    			Configs: cloudflare.AccessIdentityProviderConfigArray{
    				&cloudflare.AccessIdentityProviderConfigArgs{
    					ClientId:     pulumi.String("example"),
    					ClientSecret: pulumi.String("secret_key"),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		// saml
    		_, err = cloudflare.NewAccessIdentityProvider(ctx, "jumpcloud_saml", &cloudflare.AccessIdentityProviderArgs{
    			AccountId: pulumi.String("f037e56e89293a057740de681ac9abbe"),
    			Name:      pulumi.String("JumpCloud SAML"),
    			Type:      pulumi.String("saml"),
    			Configs: cloudflare.AccessIdentityProviderConfigArray{
    				&cloudflare.AccessIdentityProviderConfigArgs{
    					IssuerUrl:    pulumi.String("jumpcloud"),
    					SsoTargetUrl: pulumi.String("https://sso.myexample.jumpcloud.com/saml2/cloudflareaccess"),
    					Attributes: pulumi.StringArray{
    						pulumi.String("email"),
    						pulumi.String("username"),
    					},
    					SignRequest:   pulumi.Bool(false),
    					IdpPublicCert: pulumi.String("MIIDpDCCAoygAwIBAgIGAV2ka+55MA0GCSqGSIb3DQEBCwUAMIGSMQswCQ...GF/Q2/MHadws97cZg\nuTnQyuOqPuHbnN83d/2l1NSYKCbHt24o"),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		// okta
    		_, err = cloudflare.NewAccessIdentityProvider(ctx, "okta", &cloudflare.AccessIdentityProviderArgs{
    			AccountId: pulumi.String("f037e56e89293a057740de681ac9abbe"),
    			Name:      pulumi.String("Okta"),
    			Type:      pulumi.String("okta"),
    			Configs: cloudflare.AccessIdentityProviderConfigArray{
    				&cloudflare.AccessIdentityProviderConfigArgs{
    					ClientId:     pulumi.String("example"),
    					ClientSecret: pulumi.String("secret_key"),
    					ApiToken:     pulumi.String("okta_api_token"),
    					OktaAccount:  pulumi.String("https://example.com"),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Cloudflare = Pulumi.Cloudflare;
    
    return await Deployment.RunAsync(() => 
    {
        // one time pin
        var pinLogin = new Cloudflare.AccessIdentityProvider("pin_login", new()
        {
            AccountId = "f037e56e89293a057740de681ac9abbe",
            Name = "PIN login",
            Type = "onetimepin",
        });
    
        // oauth
        var githubOauth = new Cloudflare.AccessIdentityProvider("github_oauth", new()
        {
            AccountId = "f037e56e89293a057740de681ac9abbe",
            Name = "GitHub OAuth",
            Type = "github",
            Configs = new[]
            {
                new Cloudflare.Inputs.AccessIdentityProviderConfigArgs
                {
                    ClientId = "example",
                    ClientSecret = "secret_key",
                },
            },
        });
    
        // saml
        var jumpcloudSaml = new Cloudflare.AccessIdentityProvider("jumpcloud_saml", new()
        {
            AccountId = "f037e56e89293a057740de681ac9abbe",
            Name = "JumpCloud SAML",
            Type = "saml",
            Configs = new[]
            {
                new Cloudflare.Inputs.AccessIdentityProviderConfigArgs
                {
                    IssuerUrl = "jumpcloud",
                    SsoTargetUrl = "https://sso.myexample.jumpcloud.com/saml2/cloudflareaccess",
                    Attributes = new[]
                    {
                        "email",
                        "username",
                    },
                    SignRequest = false,
                    IdpPublicCert = @"MIIDpDCCAoygAwIBAgIGAV2ka+55MA0GCSqGSIb3DQEBCwUAMIGSMQswCQ...GF/Q2/MHadws97cZg
    uTnQyuOqPuHbnN83d/2l1NSYKCbHt24o",
                },
            },
        });
    
        // okta
        var okta = new Cloudflare.AccessIdentityProvider("okta", new()
        {
            AccountId = "f037e56e89293a057740de681ac9abbe",
            Name = "Okta",
            Type = "okta",
            Configs = new[]
            {
                new Cloudflare.Inputs.AccessIdentityProviderConfigArgs
                {
                    ClientId = "example",
                    ClientSecret = "secret_key",
                    ApiToken = "okta_api_token",
                    OktaAccount = "https://example.com",
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.cloudflare.AccessIdentityProvider;
    import com.pulumi.cloudflare.AccessIdentityProviderArgs;
    import com.pulumi.cloudflare.inputs.AccessIdentityProviderConfigArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            // one time pin
            var pinLogin = new AccessIdentityProvider("pinLogin", AccessIdentityProviderArgs.builder()
                .accountId("f037e56e89293a057740de681ac9abbe")
                .name("PIN login")
                .type("onetimepin")
                .build());
    
            // oauth
            var githubOauth = new AccessIdentityProvider("githubOauth", AccessIdentityProviderArgs.builder()
                .accountId("f037e56e89293a057740de681ac9abbe")
                .name("GitHub OAuth")
                .type("github")
                .configs(AccessIdentityProviderConfigArgs.builder()
                    .clientId("example")
                    .clientSecret("secret_key")
                    .build())
                .build());
    
            // saml
            var jumpcloudSaml = new AccessIdentityProvider("jumpcloudSaml", AccessIdentityProviderArgs.builder()
                .accountId("f037e56e89293a057740de681ac9abbe")
                .name("JumpCloud SAML")
                .type("saml")
                .configs(AccessIdentityProviderConfigArgs.builder()
                    .issuerUrl("jumpcloud")
                    .ssoTargetUrl("https://sso.myexample.jumpcloud.com/saml2/cloudflareaccess")
                    .attributes(                
                        "email",
                        "username")
                    .signRequest(false)
                    .idpPublicCert("""
    MIIDpDCCAoygAwIBAgIGAV2ka+55MA0GCSqGSIb3DQEBCwUAMIGSMQswCQ...GF/Q2/MHadws97cZg
    uTnQyuOqPuHbnN83d/2l1NSYKCbHt24o                """)
                    .build())
                .build());
    
            // okta
            var okta = new AccessIdentityProvider("okta", AccessIdentityProviderArgs.builder()
                .accountId("f037e56e89293a057740de681ac9abbe")
                .name("Okta")
                .type("okta")
                .configs(AccessIdentityProviderConfigArgs.builder()
                    .clientId("example")
                    .clientSecret("secret_key")
                    .apiToken("okta_api_token")
                    .oktaAccount("https://example.com")
                    .build())
                .build());
    
        }
    }
    
    resources:
      # one time pin
      pinLogin:
        type: cloudflare:AccessIdentityProvider
        name: pin_login
        properties:
          accountId: f037e56e89293a057740de681ac9abbe
          name: PIN login
          type: onetimepin
      # oauth
      githubOauth:
        type: cloudflare:AccessIdentityProvider
        name: github_oauth
        properties:
          accountId: f037e56e89293a057740de681ac9abbe
          name: GitHub OAuth
          type: github
          configs:
            - clientId: example
              clientSecret: secret_key
      # saml
      jumpcloudSaml:
        type: cloudflare:AccessIdentityProvider
        name: jumpcloud_saml
        properties:
          accountId: f037e56e89293a057740de681ac9abbe
          name: JumpCloud SAML
          type: saml
          configs:
            - issuerUrl: jumpcloud
              ssoTargetUrl: https://sso.myexample.jumpcloud.com/saml2/cloudflareaccess
              attributes:
                - email
                - username
              signRequest: false
              idpPublicCert: |-
                MIIDpDCCAoygAwIBAgIGAV2ka+55MA0GCSqGSIb3DQEBCwUAMIGSMQswCQ...GF/Q2/MHadws97cZg
                uTnQyuOqPuHbnN83d/2l1NSYKCbHt24o            
      # okta
      okta:
        type: cloudflare:AccessIdentityProvider
        properties:
          accountId: f037e56e89293a057740de681ac9abbe
          name: Okta
          type: okta
          configs:
            - clientId: example
              clientSecret: secret_key
              apiToken: okta_api_token
              oktaAccount: https://example.com
    

    Create AccessIdentityProvider Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new AccessIdentityProvider(name: string, args: AccessIdentityProviderArgs, opts?: CustomResourceOptions);
    @overload
    def AccessIdentityProvider(resource_name: str,
                               args: AccessIdentityProviderArgs,
                               opts: Optional[ResourceOptions] = None)
    
    @overload
    def AccessIdentityProvider(resource_name: str,
                               opts: Optional[ResourceOptions] = None,
                               name: Optional[str] = None,
                               type: Optional[str] = None,
                               account_id: Optional[str] = None,
                               configs: Optional[Sequence[AccessIdentityProviderConfigArgs]] = None,
                               scim_configs: Optional[Sequence[AccessIdentityProviderScimConfigArgs]] = None,
                               zone_id: Optional[str] = None)
    func NewAccessIdentityProvider(ctx *Context, name string, args AccessIdentityProviderArgs, opts ...ResourceOption) (*AccessIdentityProvider, error)
    public AccessIdentityProvider(string name, AccessIdentityProviderArgs args, CustomResourceOptions? opts = null)
    public AccessIdentityProvider(String name, AccessIdentityProviderArgs args)
    public AccessIdentityProvider(String name, AccessIdentityProviderArgs args, CustomResourceOptions options)
    
    type: cloudflare:AccessIdentityProvider
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args AccessIdentityProviderArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args AccessIdentityProviderArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args AccessIdentityProviderArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args AccessIdentityProviderArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args AccessIdentityProviderArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var accessIdentityProviderResource = new Cloudflare.AccessIdentityProvider("accessIdentityProviderResource", new()
    {
        Name = "string",
        Type = "string",
        AccountId = "string",
        Configs = new[]
        {
            new Cloudflare.Inputs.AccessIdentityProviderConfigArgs
            {
                ApiToken = "string",
                AppsDomain = "string",
                Attributes = new[]
                {
                    "string",
                },
                AuthUrl = "string",
                AuthorizationServerId = "string",
                CentrifyAccount = "string",
                CentrifyAppId = "string",
                CertsUrl = "string",
                Claims = new[]
                {
                    "string",
                },
                ClientId = "string",
                ClientSecret = "string",
                ConditionalAccessEnabled = false,
                DirectoryId = "string",
                EmailAttributeName = "string",
                EmailClaimName = "string",
                IdpPublicCert = "string",
                IssuerUrl = "string",
                OktaAccount = "string",
                OneloginAccount = "string",
                PingEnvId = "string",
                PkceEnabled = false,
                RedirectUrl = "string",
                Scopes = new[]
                {
                    "string",
                },
                SignRequest = false,
                SsoTargetUrl = "string",
                SupportGroups = false,
                TokenUrl = "string",
            },
        },
        ScimConfigs = new[]
        {
            new Cloudflare.Inputs.AccessIdentityProviderScimConfigArgs
            {
                Enabled = false,
                GroupMemberDeprovision = false,
                SeatDeprovision = false,
                Secret = "string",
                UserDeprovision = false,
            },
        },
        ZoneId = "string",
    });
    
    example, err := cloudflare.NewAccessIdentityProvider(ctx, "accessIdentityProviderResource", &cloudflare.AccessIdentityProviderArgs{
    	Name:      pulumi.String("string"),
    	Type:      pulumi.String("string"),
    	AccountId: pulumi.String("string"),
    	Configs: cloudflare.AccessIdentityProviderConfigArray{
    		&cloudflare.AccessIdentityProviderConfigArgs{
    			ApiToken:   pulumi.String("string"),
    			AppsDomain: pulumi.String("string"),
    			Attributes: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			AuthUrl:               pulumi.String("string"),
    			AuthorizationServerId: pulumi.String("string"),
    			CentrifyAccount:       pulumi.String("string"),
    			CentrifyAppId:         pulumi.String("string"),
    			CertsUrl:              pulumi.String("string"),
    			Claims: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			ClientId:                 pulumi.String("string"),
    			ClientSecret:             pulumi.String("string"),
    			ConditionalAccessEnabled: pulumi.Bool(false),
    			DirectoryId:              pulumi.String("string"),
    			EmailAttributeName:       pulumi.String("string"),
    			EmailClaimName:           pulumi.String("string"),
    			IdpPublicCert:            pulumi.String("string"),
    			IssuerUrl:                pulumi.String("string"),
    			OktaAccount:              pulumi.String("string"),
    			OneloginAccount:          pulumi.String("string"),
    			PingEnvId:                pulumi.String("string"),
    			PkceEnabled:              pulumi.Bool(false),
    			RedirectUrl:              pulumi.String("string"),
    			Scopes: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			SignRequest:   pulumi.Bool(false),
    			SsoTargetUrl:  pulumi.String("string"),
    			SupportGroups: pulumi.Bool(false),
    			TokenUrl:      pulumi.String("string"),
    		},
    	},
    	ScimConfigs: cloudflare.AccessIdentityProviderScimConfigArray{
    		&cloudflare.AccessIdentityProviderScimConfigArgs{
    			Enabled:                pulumi.Bool(false),
    			GroupMemberDeprovision: pulumi.Bool(false),
    			SeatDeprovision:        pulumi.Bool(false),
    			Secret:                 pulumi.String("string"),
    			UserDeprovision:        pulumi.Bool(false),
    		},
    	},
    	ZoneId: pulumi.String("string"),
    })
    
    var accessIdentityProviderResource = new AccessIdentityProvider("accessIdentityProviderResource", AccessIdentityProviderArgs.builder()
        .name("string")
        .type("string")
        .accountId("string")
        .configs(AccessIdentityProviderConfigArgs.builder()
            .apiToken("string")
            .appsDomain("string")
            .attributes("string")
            .authUrl("string")
            .authorizationServerId("string")
            .centrifyAccount("string")
            .centrifyAppId("string")
            .certsUrl("string")
            .claims("string")
            .clientId("string")
            .clientSecret("string")
            .conditionalAccessEnabled(false)
            .directoryId("string")
            .emailAttributeName("string")
            .emailClaimName("string")
            .idpPublicCert("string")
            .issuerUrl("string")
            .oktaAccount("string")
            .oneloginAccount("string")
            .pingEnvId("string")
            .pkceEnabled(false)
            .redirectUrl("string")
            .scopes("string")
            .signRequest(false)
            .ssoTargetUrl("string")
            .supportGroups(false)
            .tokenUrl("string")
            .build())
        .scimConfigs(AccessIdentityProviderScimConfigArgs.builder()
            .enabled(false)
            .groupMemberDeprovision(false)
            .seatDeprovision(false)
            .secret("string")
            .userDeprovision(false)
            .build())
        .zoneId("string")
        .build());
    
    access_identity_provider_resource = cloudflare.AccessIdentityProvider("accessIdentityProviderResource",
        name="string",
        type="string",
        account_id="string",
        configs=[{
            "api_token": "string",
            "apps_domain": "string",
            "attributes": ["string"],
            "auth_url": "string",
            "authorization_server_id": "string",
            "centrify_account": "string",
            "centrify_app_id": "string",
            "certs_url": "string",
            "claims": ["string"],
            "client_id": "string",
            "client_secret": "string",
            "conditional_access_enabled": False,
            "directory_id": "string",
            "email_attribute_name": "string",
            "email_claim_name": "string",
            "idp_public_cert": "string",
            "issuer_url": "string",
            "okta_account": "string",
            "onelogin_account": "string",
            "ping_env_id": "string",
            "pkce_enabled": False,
            "redirect_url": "string",
            "scopes": ["string"],
            "sign_request": False,
            "sso_target_url": "string",
            "support_groups": False,
            "token_url": "string",
        }],
        scim_configs=[{
            "enabled": False,
            "group_member_deprovision": False,
            "seat_deprovision": False,
            "secret": "string",
            "user_deprovision": False,
        }],
        zone_id="string")
    
    const accessIdentityProviderResource = new cloudflare.AccessIdentityProvider("accessIdentityProviderResource", {
        name: "string",
        type: "string",
        accountId: "string",
        configs: [{
            apiToken: "string",
            appsDomain: "string",
            attributes: ["string"],
            authUrl: "string",
            authorizationServerId: "string",
            centrifyAccount: "string",
            centrifyAppId: "string",
            certsUrl: "string",
            claims: ["string"],
            clientId: "string",
            clientSecret: "string",
            conditionalAccessEnabled: false,
            directoryId: "string",
            emailAttributeName: "string",
            emailClaimName: "string",
            idpPublicCert: "string",
            issuerUrl: "string",
            oktaAccount: "string",
            oneloginAccount: "string",
            pingEnvId: "string",
            pkceEnabled: false,
            redirectUrl: "string",
            scopes: ["string"],
            signRequest: false,
            ssoTargetUrl: "string",
            supportGroups: false,
            tokenUrl: "string",
        }],
        scimConfigs: [{
            enabled: false,
            groupMemberDeprovision: false,
            seatDeprovision: false,
            secret: "string",
            userDeprovision: false,
        }],
        zoneId: "string",
    });
    
    type: cloudflare:AccessIdentityProvider
    properties:
        accountId: string
        configs:
            - apiToken: string
              appsDomain: string
              attributes:
                - string
              authUrl: string
              authorizationServerId: string
              centrifyAccount: string
              centrifyAppId: string
              certsUrl: string
              claims:
                - string
              clientId: string
              clientSecret: string
              conditionalAccessEnabled: false
              directoryId: string
              emailAttributeName: string
              emailClaimName: string
              idpPublicCert: string
              issuerUrl: string
              oktaAccount: string
              oneloginAccount: string
              pingEnvId: string
              pkceEnabled: false
              redirectUrl: string
              scopes:
                - string
              signRequest: false
              ssoTargetUrl: string
              supportGroups: false
              tokenUrl: string
        name: string
        scimConfigs:
            - enabled: false
              groupMemberDeprovision: false
              seatDeprovision: false
              secret: string
              userDeprovision: false
        type: string
        zoneId: string
    

    AccessIdentityProvider Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The AccessIdentityProvider resource accepts the following input properties:

    Name string
    Friendly name of the Access Identity Provider configuration.
    Type string
    The provider type to use. Available values: azureAD, centrify, facebook, github, google, google-apps, linkedin, oidc, okta, onelogin, onetimepin, pingone, saml, yandex.
    AccountId string
    The account identifier to target for the resource. Conflicts with zone_id. Modifying this attribute will force creation of a new resource.
    Configs List<AccessIdentityProviderConfig>
    Provider configuration from the developer documentation.
    ScimConfigs List<AccessIdentityProviderScimConfig>
    Configuration for SCIM settings for a given IDP.
    ZoneId string
    The zone identifier to target for the resource. Conflicts with account_id. Modifying this attribute will force creation of a new resource.
    Name string
    Friendly name of the Access Identity Provider configuration.
    Type string
    The provider type to use. Available values: azureAD, centrify, facebook, github, google, google-apps, linkedin, oidc, okta, onelogin, onetimepin, pingone, saml, yandex.
    AccountId string
    The account identifier to target for the resource. Conflicts with zone_id. Modifying this attribute will force creation of a new resource.
    Configs []AccessIdentityProviderConfigArgs
    Provider configuration from the developer documentation.
    ScimConfigs []AccessIdentityProviderScimConfigArgs
    Configuration for SCIM settings for a given IDP.
    ZoneId string
    The zone identifier to target for the resource. Conflicts with account_id. Modifying this attribute will force creation of a new resource.
    name String
    Friendly name of the Access Identity Provider configuration.
    type String
    The provider type to use. Available values: azureAD, centrify, facebook, github, google, google-apps, linkedin, oidc, okta, onelogin, onetimepin, pingone, saml, yandex.
    accountId String
    The account identifier to target for the resource. Conflicts with zone_id. Modifying this attribute will force creation of a new resource.
    configs List<AccessIdentityProviderConfig>
    Provider configuration from the developer documentation.
    scimConfigs List<AccessIdentityProviderScimConfig>
    Configuration for SCIM settings for a given IDP.
    zoneId String
    The zone identifier to target for the resource. Conflicts with account_id. Modifying this attribute will force creation of a new resource.
    name string
    Friendly name of the Access Identity Provider configuration.
    type string
    The provider type to use. Available values: azureAD, centrify, facebook, github, google, google-apps, linkedin, oidc, okta, onelogin, onetimepin, pingone, saml, yandex.
    accountId string
    The account identifier to target for the resource. Conflicts with zone_id. Modifying this attribute will force creation of a new resource.
    configs AccessIdentityProviderConfig[]
    Provider configuration from the developer documentation.
    scimConfigs AccessIdentityProviderScimConfig[]
    Configuration for SCIM settings for a given IDP.
    zoneId string
    The zone identifier to target for the resource. Conflicts with account_id. Modifying this attribute will force creation of a new resource.
    name str
    Friendly name of the Access Identity Provider configuration.
    type str
    The provider type to use. Available values: azureAD, centrify, facebook, github, google, google-apps, linkedin, oidc, okta, onelogin, onetimepin, pingone, saml, yandex.
    account_id str
    The account identifier to target for the resource. Conflicts with zone_id. Modifying this attribute will force creation of a new resource.
    configs Sequence[AccessIdentityProviderConfigArgs]
    Provider configuration from the developer documentation.
    scim_configs Sequence[AccessIdentityProviderScimConfigArgs]
    Configuration for SCIM settings for a given IDP.
    zone_id str
    The zone identifier to target for the resource. Conflicts with account_id. Modifying this attribute will force creation of a new resource.
    name String
    Friendly name of the Access Identity Provider configuration.
    type String
    The provider type to use. Available values: azureAD, centrify, facebook, github, google, google-apps, linkedin, oidc, okta, onelogin, onetimepin, pingone, saml, yandex.
    accountId String
    The account identifier to target for the resource. Conflicts with zone_id. Modifying this attribute will force creation of a new resource.
    configs List<Property Map>
    Provider configuration from the developer documentation.
    scimConfigs List<Property Map>
    Configuration for SCIM settings for a given IDP.
    zoneId String
    The zone identifier to target for the resource. Conflicts with account_id. Modifying this attribute will force creation of a new resource.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the AccessIdentityProvider resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing AccessIdentityProvider Resource

    Get an existing AccessIdentityProvider resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: AccessIdentityProviderState, opts?: CustomResourceOptions): AccessIdentityProvider
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            account_id: Optional[str] = None,
            configs: Optional[Sequence[AccessIdentityProviderConfigArgs]] = None,
            name: Optional[str] = None,
            scim_configs: Optional[Sequence[AccessIdentityProviderScimConfigArgs]] = None,
            type: Optional[str] = None,
            zone_id: Optional[str] = None) -> AccessIdentityProvider
    func GetAccessIdentityProvider(ctx *Context, name string, id IDInput, state *AccessIdentityProviderState, opts ...ResourceOption) (*AccessIdentityProvider, error)
    public static AccessIdentityProvider Get(string name, Input<string> id, AccessIdentityProviderState? state, CustomResourceOptions? opts = null)
    public static AccessIdentityProvider get(String name, Output<String> id, AccessIdentityProviderState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AccountId string
    The account identifier to target for the resource. Conflicts with zone_id. Modifying this attribute will force creation of a new resource.
    Configs List<AccessIdentityProviderConfig>
    Provider configuration from the developer documentation.
    Name string
    Friendly name of the Access Identity Provider configuration.
    ScimConfigs List<AccessIdentityProviderScimConfig>
    Configuration for SCIM settings for a given IDP.
    Type string
    The provider type to use. Available values: azureAD, centrify, facebook, github, google, google-apps, linkedin, oidc, okta, onelogin, onetimepin, pingone, saml, yandex.
    ZoneId string
    The zone identifier to target for the resource. Conflicts with account_id. Modifying this attribute will force creation of a new resource.
    AccountId string
    The account identifier to target for the resource. Conflicts with zone_id. Modifying this attribute will force creation of a new resource.
    Configs []AccessIdentityProviderConfigArgs
    Provider configuration from the developer documentation.
    Name string
    Friendly name of the Access Identity Provider configuration.
    ScimConfigs []AccessIdentityProviderScimConfigArgs
    Configuration for SCIM settings for a given IDP.
    Type string
    The provider type to use. Available values: azureAD, centrify, facebook, github, google, google-apps, linkedin, oidc, okta, onelogin, onetimepin, pingone, saml, yandex.
    ZoneId string
    The zone identifier to target for the resource. Conflicts with account_id. Modifying this attribute will force creation of a new resource.
    accountId String
    The account identifier to target for the resource. Conflicts with zone_id. Modifying this attribute will force creation of a new resource.
    configs List<AccessIdentityProviderConfig>
    Provider configuration from the developer documentation.
    name String
    Friendly name of the Access Identity Provider configuration.
    scimConfigs List<AccessIdentityProviderScimConfig>
    Configuration for SCIM settings for a given IDP.
    type String
    The provider type to use. Available values: azureAD, centrify, facebook, github, google, google-apps, linkedin, oidc, okta, onelogin, onetimepin, pingone, saml, yandex.
    zoneId String
    The zone identifier to target for the resource. Conflicts with account_id. Modifying this attribute will force creation of a new resource.
    accountId string
    The account identifier to target for the resource. Conflicts with zone_id. Modifying this attribute will force creation of a new resource.
    configs AccessIdentityProviderConfig[]
    Provider configuration from the developer documentation.
    name string
    Friendly name of the Access Identity Provider configuration.
    scimConfigs AccessIdentityProviderScimConfig[]
    Configuration for SCIM settings for a given IDP.
    type string
    The provider type to use. Available values: azureAD, centrify, facebook, github, google, google-apps, linkedin, oidc, okta, onelogin, onetimepin, pingone, saml, yandex.
    zoneId string
    The zone identifier to target for the resource. Conflicts with account_id. Modifying this attribute will force creation of a new resource.
    account_id str
    The account identifier to target for the resource. Conflicts with zone_id. Modifying this attribute will force creation of a new resource.
    configs Sequence[AccessIdentityProviderConfigArgs]
    Provider configuration from the developer documentation.
    name str
    Friendly name of the Access Identity Provider configuration.
    scim_configs Sequence[AccessIdentityProviderScimConfigArgs]
    Configuration for SCIM settings for a given IDP.
    type str
    The provider type to use. Available values: azureAD, centrify, facebook, github, google, google-apps, linkedin, oidc, okta, onelogin, onetimepin, pingone, saml, yandex.
    zone_id str
    The zone identifier to target for the resource. Conflicts with account_id. Modifying this attribute will force creation of a new resource.
    accountId String
    The account identifier to target for the resource. Conflicts with zone_id. Modifying this attribute will force creation of a new resource.
    configs List<Property Map>
    Provider configuration from the developer documentation.
    name String
    Friendly name of the Access Identity Provider configuration.
    scimConfigs List<Property Map>
    Configuration for SCIM settings for a given IDP.
    type String
    The provider type to use. Available values: azureAD, centrify, facebook, github, google, google-apps, linkedin, oidc, okta, onelogin, onetimepin, pingone, saml, yandex.
    zoneId String
    The zone identifier to target for the resource. Conflicts with account_id. Modifying this attribute will force creation of a new resource.

    Supporting Types

    AccessIdentityProviderConfig, AccessIdentityProviderConfigArgs

    apiToken String
    appsDomain String
    attributes List<String>
    authUrl String
    authorizationServerId String
    centrifyAccount String
    centrifyAppId String
    certsUrl String
    claims List<String>
    clientId String
    clientSecret String
    conditionalAccessEnabled Boolean
    directoryId String
    emailAttributeName String
    emailClaimName String
    idpPublicCert String
    issuerUrl String
    oktaAccount String
    oneloginAccount String
    pingEnvId String
    pkceEnabled Boolean
    redirectUrl String
    scopes List<String>
    signRequest Boolean
    ssoTargetUrl String
    supportGroups Boolean
    tokenUrl String
    apiToken String
    appsDomain String
    attributes List<String>
    authUrl String
    authorizationServerId String
    centrifyAccount String
    centrifyAppId String
    certsUrl String
    claims List<String>
    clientId String
    clientSecret String
    conditionalAccessEnabled Boolean
    directoryId String
    emailAttributeName String
    emailClaimName String
    idpPublicCert String
    issuerUrl String
    oktaAccount String
    oneloginAccount String
    pingEnvId String
    pkceEnabled Boolean
    redirectUrl String
    scopes List<String>
    signRequest Boolean
    ssoTargetUrl String
    supportGroups Boolean
    tokenUrl String

    AccessIdentityProviderScimConfig, AccessIdentityProviderScimConfigArgs

    Import

    $ pulumi import cloudflare:index/accessIdentityProvider:AccessIdentityProvider example <account_id>/<identity_provider_id>
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Cloudflare pulumi/pulumi-cloudflare
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the cloudflare Terraform Provider.
    cloudflare logo
    Cloudflare v5.43.0 published on Wednesday, Nov 13, 2024 by Pulumi