cloudflare.AccessIdentityProvider
Explore with Pulumi AI
Provides a Cloudflare Access Identity Provider resource. Identity Providers are used as an authentication or authorisation source within Access.
It’s required that an
account_id
orzone_id
is provided and in most cases using either is fine. However, if you’re using a scoped access token, you must provide the argument that matches the token’s scope. For example, an access token that is scoped to the “example.com” zone needs to use thezone_id
argument.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";
// one time pin
const pinLogin = new cloudflare.AccessIdentityProvider("pin_login", {
accountId: "f037e56e89293a057740de681ac9abbe",
name: "PIN login",
type: "onetimepin",
});
// oauth
const githubOauth = new cloudflare.AccessIdentityProvider("github_oauth", {
accountId: "f037e56e89293a057740de681ac9abbe",
name: "GitHub OAuth",
type: "github",
configs: [{
clientId: "example",
clientSecret: "secret_key",
}],
});
// saml
const jumpcloudSaml = new cloudflare.AccessIdentityProvider("jumpcloud_saml", {
accountId: "f037e56e89293a057740de681ac9abbe",
name: "JumpCloud SAML",
type: "saml",
configs: [{
issuerUrl: "jumpcloud",
ssoTargetUrl: "https://sso.myexample.jumpcloud.com/saml2/cloudflareaccess",
attributes: [
"email",
"username",
],
signRequest: false,
idpPublicCert: `MIIDpDCCAoygAwIBAgIGAV2ka+55MA0GCSqGSIb3DQEBCwUAMIGSMQswCQ...GF/Q2/MHadws97cZg
uTnQyuOqPuHbnN83d/2l1NSYKCbHt24o`,
}],
});
// okta
const okta = new cloudflare.AccessIdentityProvider("okta", {
accountId: "f037e56e89293a057740de681ac9abbe",
name: "Okta",
type: "okta",
configs: [{
clientId: "example",
clientSecret: "secret_key",
apiToken: "okta_api_token",
oktaAccount: "https://example.com",
}],
});
import pulumi
import pulumi_cloudflare as cloudflare
# one time pin
pin_login = cloudflare.AccessIdentityProvider("pin_login",
account_id="f037e56e89293a057740de681ac9abbe",
name="PIN login",
type="onetimepin")
# oauth
github_oauth = cloudflare.AccessIdentityProvider("github_oauth",
account_id="f037e56e89293a057740de681ac9abbe",
name="GitHub OAuth",
type="github",
configs=[{
"client_id": "example",
"client_secret": "secret_key",
}])
# saml
jumpcloud_saml = cloudflare.AccessIdentityProvider("jumpcloud_saml",
account_id="f037e56e89293a057740de681ac9abbe",
name="JumpCloud SAML",
type="saml",
configs=[{
"issuer_url": "jumpcloud",
"sso_target_url": "https://sso.myexample.jumpcloud.com/saml2/cloudflareaccess",
"attributes": [
"email",
"username",
],
"sign_request": False,
"idp_public_cert": """MIIDpDCCAoygAwIBAgIGAV2ka+55MA0GCSqGSIb3DQEBCwUAMIGSMQswCQ...GF/Q2/MHadws97cZg
uTnQyuOqPuHbnN83d/2l1NSYKCbHt24o""",
}])
# okta
okta = cloudflare.AccessIdentityProvider("okta",
account_id="f037e56e89293a057740de681ac9abbe",
name="Okta",
type="okta",
configs=[{
"client_id": "example",
"client_secret": "secret_key",
"api_token": "okta_api_token",
"okta_account": "https://example.com",
}])
package main
import (
"github.com/pulumi/pulumi-cloudflare/sdk/v5/go/cloudflare"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// one time pin
_, err := cloudflare.NewAccessIdentityProvider(ctx, "pin_login", &cloudflare.AccessIdentityProviderArgs{
AccountId: pulumi.String("f037e56e89293a057740de681ac9abbe"),
Name: pulumi.String("PIN login"),
Type: pulumi.String("onetimepin"),
})
if err != nil {
return err
}
// oauth
_, err = cloudflare.NewAccessIdentityProvider(ctx, "github_oauth", &cloudflare.AccessIdentityProviderArgs{
AccountId: pulumi.String("f037e56e89293a057740de681ac9abbe"),
Name: pulumi.String("GitHub OAuth"),
Type: pulumi.String("github"),
Configs: cloudflare.AccessIdentityProviderConfigArray{
&cloudflare.AccessIdentityProviderConfigArgs{
ClientId: pulumi.String("example"),
ClientSecret: pulumi.String("secret_key"),
},
},
})
if err != nil {
return err
}
// saml
_, err = cloudflare.NewAccessIdentityProvider(ctx, "jumpcloud_saml", &cloudflare.AccessIdentityProviderArgs{
AccountId: pulumi.String("f037e56e89293a057740de681ac9abbe"),
Name: pulumi.String("JumpCloud SAML"),
Type: pulumi.String("saml"),
Configs: cloudflare.AccessIdentityProviderConfigArray{
&cloudflare.AccessIdentityProviderConfigArgs{
IssuerUrl: pulumi.String("jumpcloud"),
SsoTargetUrl: pulumi.String("https://sso.myexample.jumpcloud.com/saml2/cloudflareaccess"),
Attributes: pulumi.StringArray{
pulumi.String("email"),
pulumi.String("username"),
},
SignRequest: pulumi.Bool(false),
IdpPublicCert: pulumi.String("MIIDpDCCAoygAwIBAgIGAV2ka+55MA0GCSqGSIb3DQEBCwUAMIGSMQswCQ...GF/Q2/MHadws97cZg\nuTnQyuOqPuHbnN83d/2l1NSYKCbHt24o"),
},
},
})
if err != nil {
return err
}
// okta
_, err = cloudflare.NewAccessIdentityProvider(ctx, "okta", &cloudflare.AccessIdentityProviderArgs{
AccountId: pulumi.String("f037e56e89293a057740de681ac9abbe"),
Name: pulumi.String("Okta"),
Type: pulumi.String("okta"),
Configs: cloudflare.AccessIdentityProviderConfigArray{
&cloudflare.AccessIdentityProviderConfigArgs{
ClientId: pulumi.String("example"),
ClientSecret: pulumi.String("secret_key"),
ApiToken: pulumi.String("okta_api_token"),
OktaAccount: pulumi.String("https://example.com"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Cloudflare = Pulumi.Cloudflare;
return await Deployment.RunAsync(() =>
{
// one time pin
var pinLogin = new Cloudflare.AccessIdentityProvider("pin_login", new()
{
AccountId = "f037e56e89293a057740de681ac9abbe",
Name = "PIN login",
Type = "onetimepin",
});
// oauth
var githubOauth = new Cloudflare.AccessIdentityProvider("github_oauth", new()
{
AccountId = "f037e56e89293a057740de681ac9abbe",
Name = "GitHub OAuth",
Type = "github",
Configs = new[]
{
new Cloudflare.Inputs.AccessIdentityProviderConfigArgs
{
ClientId = "example",
ClientSecret = "secret_key",
},
},
});
// saml
var jumpcloudSaml = new Cloudflare.AccessIdentityProvider("jumpcloud_saml", new()
{
AccountId = "f037e56e89293a057740de681ac9abbe",
Name = "JumpCloud SAML",
Type = "saml",
Configs = new[]
{
new Cloudflare.Inputs.AccessIdentityProviderConfigArgs
{
IssuerUrl = "jumpcloud",
SsoTargetUrl = "https://sso.myexample.jumpcloud.com/saml2/cloudflareaccess",
Attributes = new[]
{
"email",
"username",
},
SignRequest = false,
IdpPublicCert = @"MIIDpDCCAoygAwIBAgIGAV2ka+55MA0GCSqGSIb3DQEBCwUAMIGSMQswCQ...GF/Q2/MHadws97cZg
uTnQyuOqPuHbnN83d/2l1NSYKCbHt24o",
},
},
});
// okta
var okta = new Cloudflare.AccessIdentityProvider("okta", new()
{
AccountId = "f037e56e89293a057740de681ac9abbe",
Name = "Okta",
Type = "okta",
Configs = new[]
{
new Cloudflare.Inputs.AccessIdentityProviderConfigArgs
{
ClientId = "example",
ClientSecret = "secret_key",
ApiToken = "okta_api_token",
OktaAccount = "https://example.com",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.cloudflare.AccessIdentityProvider;
import com.pulumi.cloudflare.AccessIdentityProviderArgs;
import com.pulumi.cloudflare.inputs.AccessIdentityProviderConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// one time pin
var pinLogin = new AccessIdentityProvider("pinLogin", AccessIdentityProviderArgs.builder()
.accountId("f037e56e89293a057740de681ac9abbe")
.name("PIN login")
.type("onetimepin")
.build());
// oauth
var githubOauth = new AccessIdentityProvider("githubOauth", AccessIdentityProviderArgs.builder()
.accountId("f037e56e89293a057740de681ac9abbe")
.name("GitHub OAuth")
.type("github")
.configs(AccessIdentityProviderConfigArgs.builder()
.clientId("example")
.clientSecret("secret_key")
.build())
.build());
// saml
var jumpcloudSaml = new AccessIdentityProvider("jumpcloudSaml", AccessIdentityProviderArgs.builder()
.accountId("f037e56e89293a057740de681ac9abbe")
.name("JumpCloud SAML")
.type("saml")
.configs(AccessIdentityProviderConfigArgs.builder()
.issuerUrl("jumpcloud")
.ssoTargetUrl("https://sso.myexample.jumpcloud.com/saml2/cloudflareaccess")
.attributes(
"email",
"username")
.signRequest(false)
.idpPublicCert("""
MIIDpDCCAoygAwIBAgIGAV2ka+55MA0GCSqGSIb3DQEBCwUAMIGSMQswCQ...GF/Q2/MHadws97cZg
uTnQyuOqPuHbnN83d/2l1NSYKCbHt24o """)
.build())
.build());
// okta
var okta = new AccessIdentityProvider("okta", AccessIdentityProviderArgs.builder()
.accountId("f037e56e89293a057740de681ac9abbe")
.name("Okta")
.type("okta")
.configs(AccessIdentityProviderConfigArgs.builder()
.clientId("example")
.clientSecret("secret_key")
.apiToken("okta_api_token")
.oktaAccount("https://example.com")
.build())
.build());
}
}
resources:
# one time pin
pinLogin:
type: cloudflare:AccessIdentityProvider
name: pin_login
properties:
accountId: f037e56e89293a057740de681ac9abbe
name: PIN login
type: onetimepin
# oauth
githubOauth:
type: cloudflare:AccessIdentityProvider
name: github_oauth
properties:
accountId: f037e56e89293a057740de681ac9abbe
name: GitHub OAuth
type: github
configs:
- clientId: example
clientSecret: secret_key
# saml
jumpcloudSaml:
type: cloudflare:AccessIdentityProvider
name: jumpcloud_saml
properties:
accountId: f037e56e89293a057740de681ac9abbe
name: JumpCloud SAML
type: saml
configs:
- issuerUrl: jumpcloud
ssoTargetUrl: https://sso.myexample.jumpcloud.com/saml2/cloudflareaccess
attributes:
- email
- username
signRequest: false
idpPublicCert: |-
MIIDpDCCAoygAwIBAgIGAV2ka+55MA0GCSqGSIb3DQEBCwUAMIGSMQswCQ...GF/Q2/MHadws97cZg
uTnQyuOqPuHbnN83d/2l1NSYKCbHt24o
# okta
okta:
type: cloudflare:AccessIdentityProvider
properties:
accountId: f037e56e89293a057740de681ac9abbe
name: Okta
type: okta
configs:
- clientId: example
clientSecret: secret_key
apiToken: okta_api_token
oktaAccount: https://example.com
Create AccessIdentityProvider Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new AccessIdentityProvider(name: string, args: AccessIdentityProviderArgs, opts?: CustomResourceOptions);
@overload
def AccessIdentityProvider(resource_name: str,
args: AccessIdentityProviderArgs,
opts: Optional[ResourceOptions] = None)
@overload
def AccessIdentityProvider(resource_name: str,
opts: Optional[ResourceOptions] = None,
name: Optional[str] = None,
type: Optional[str] = None,
account_id: Optional[str] = None,
configs: Optional[Sequence[AccessIdentityProviderConfigArgs]] = None,
scim_configs: Optional[Sequence[AccessIdentityProviderScimConfigArgs]] = None,
zone_id: Optional[str] = None)
func NewAccessIdentityProvider(ctx *Context, name string, args AccessIdentityProviderArgs, opts ...ResourceOption) (*AccessIdentityProvider, error)
public AccessIdentityProvider(string name, AccessIdentityProviderArgs args, CustomResourceOptions? opts = null)
public AccessIdentityProvider(String name, AccessIdentityProviderArgs args)
public AccessIdentityProvider(String name, AccessIdentityProviderArgs args, CustomResourceOptions options)
type: cloudflare:AccessIdentityProvider
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args AccessIdentityProviderArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AccessIdentityProviderArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AccessIdentityProviderArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AccessIdentityProviderArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AccessIdentityProviderArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var accessIdentityProviderResource = new Cloudflare.AccessIdentityProvider("accessIdentityProviderResource", new()
{
Name = "string",
Type = "string",
AccountId = "string",
Configs = new[]
{
new Cloudflare.Inputs.AccessIdentityProviderConfigArgs
{
ApiToken = "string",
AppsDomain = "string",
Attributes = new[]
{
"string",
},
AuthUrl = "string",
AuthorizationServerId = "string",
CentrifyAccount = "string",
CentrifyAppId = "string",
CertsUrl = "string",
Claims = new[]
{
"string",
},
ClientId = "string",
ClientSecret = "string",
ConditionalAccessEnabled = false,
DirectoryId = "string",
EmailAttributeName = "string",
EmailClaimName = "string",
IdpPublicCert = "string",
IssuerUrl = "string",
OktaAccount = "string",
OneloginAccount = "string",
PingEnvId = "string",
PkceEnabled = false,
RedirectUrl = "string",
Scopes = new[]
{
"string",
},
SignRequest = false,
SsoTargetUrl = "string",
SupportGroups = false,
TokenUrl = "string",
},
},
ScimConfigs = new[]
{
new Cloudflare.Inputs.AccessIdentityProviderScimConfigArgs
{
Enabled = false,
GroupMemberDeprovision = false,
SeatDeprovision = false,
Secret = "string",
UserDeprovision = false,
},
},
ZoneId = "string",
});
example, err := cloudflare.NewAccessIdentityProvider(ctx, "accessIdentityProviderResource", &cloudflare.AccessIdentityProviderArgs{
Name: pulumi.String("string"),
Type: pulumi.String("string"),
AccountId: pulumi.String("string"),
Configs: cloudflare.AccessIdentityProviderConfigArray{
&cloudflare.AccessIdentityProviderConfigArgs{
ApiToken: pulumi.String("string"),
AppsDomain: pulumi.String("string"),
Attributes: pulumi.StringArray{
pulumi.String("string"),
},
AuthUrl: pulumi.String("string"),
AuthorizationServerId: pulumi.String("string"),
CentrifyAccount: pulumi.String("string"),
CentrifyAppId: pulumi.String("string"),
CertsUrl: pulumi.String("string"),
Claims: pulumi.StringArray{
pulumi.String("string"),
},
ClientId: pulumi.String("string"),
ClientSecret: pulumi.String("string"),
ConditionalAccessEnabled: pulumi.Bool(false),
DirectoryId: pulumi.String("string"),
EmailAttributeName: pulumi.String("string"),
EmailClaimName: pulumi.String("string"),
IdpPublicCert: pulumi.String("string"),
IssuerUrl: pulumi.String("string"),
OktaAccount: pulumi.String("string"),
OneloginAccount: pulumi.String("string"),
PingEnvId: pulumi.String("string"),
PkceEnabled: pulumi.Bool(false),
RedirectUrl: pulumi.String("string"),
Scopes: pulumi.StringArray{
pulumi.String("string"),
},
SignRequest: pulumi.Bool(false),
SsoTargetUrl: pulumi.String("string"),
SupportGroups: pulumi.Bool(false),
TokenUrl: pulumi.String("string"),
},
},
ScimConfigs: cloudflare.AccessIdentityProviderScimConfigArray{
&cloudflare.AccessIdentityProviderScimConfigArgs{
Enabled: pulumi.Bool(false),
GroupMemberDeprovision: pulumi.Bool(false),
SeatDeprovision: pulumi.Bool(false),
Secret: pulumi.String("string"),
UserDeprovision: pulumi.Bool(false),
},
},
ZoneId: pulumi.String("string"),
})
var accessIdentityProviderResource = new AccessIdentityProvider("accessIdentityProviderResource", AccessIdentityProviderArgs.builder()
.name("string")
.type("string")
.accountId("string")
.configs(AccessIdentityProviderConfigArgs.builder()
.apiToken("string")
.appsDomain("string")
.attributes("string")
.authUrl("string")
.authorizationServerId("string")
.centrifyAccount("string")
.centrifyAppId("string")
.certsUrl("string")
.claims("string")
.clientId("string")
.clientSecret("string")
.conditionalAccessEnabled(false)
.directoryId("string")
.emailAttributeName("string")
.emailClaimName("string")
.idpPublicCert("string")
.issuerUrl("string")
.oktaAccount("string")
.oneloginAccount("string")
.pingEnvId("string")
.pkceEnabled(false)
.redirectUrl("string")
.scopes("string")
.signRequest(false)
.ssoTargetUrl("string")
.supportGroups(false)
.tokenUrl("string")
.build())
.scimConfigs(AccessIdentityProviderScimConfigArgs.builder()
.enabled(false)
.groupMemberDeprovision(false)
.seatDeprovision(false)
.secret("string")
.userDeprovision(false)
.build())
.zoneId("string")
.build());
access_identity_provider_resource = cloudflare.AccessIdentityProvider("accessIdentityProviderResource",
name="string",
type="string",
account_id="string",
configs=[{
"api_token": "string",
"apps_domain": "string",
"attributes": ["string"],
"auth_url": "string",
"authorization_server_id": "string",
"centrify_account": "string",
"centrify_app_id": "string",
"certs_url": "string",
"claims": ["string"],
"client_id": "string",
"client_secret": "string",
"conditional_access_enabled": False,
"directory_id": "string",
"email_attribute_name": "string",
"email_claim_name": "string",
"idp_public_cert": "string",
"issuer_url": "string",
"okta_account": "string",
"onelogin_account": "string",
"ping_env_id": "string",
"pkce_enabled": False,
"redirect_url": "string",
"scopes": ["string"],
"sign_request": False,
"sso_target_url": "string",
"support_groups": False,
"token_url": "string",
}],
scim_configs=[{
"enabled": False,
"group_member_deprovision": False,
"seat_deprovision": False,
"secret": "string",
"user_deprovision": False,
}],
zone_id="string")
const accessIdentityProviderResource = new cloudflare.AccessIdentityProvider("accessIdentityProviderResource", {
name: "string",
type: "string",
accountId: "string",
configs: [{
apiToken: "string",
appsDomain: "string",
attributes: ["string"],
authUrl: "string",
authorizationServerId: "string",
centrifyAccount: "string",
centrifyAppId: "string",
certsUrl: "string",
claims: ["string"],
clientId: "string",
clientSecret: "string",
conditionalAccessEnabled: false,
directoryId: "string",
emailAttributeName: "string",
emailClaimName: "string",
idpPublicCert: "string",
issuerUrl: "string",
oktaAccount: "string",
oneloginAccount: "string",
pingEnvId: "string",
pkceEnabled: false,
redirectUrl: "string",
scopes: ["string"],
signRequest: false,
ssoTargetUrl: "string",
supportGroups: false,
tokenUrl: "string",
}],
scimConfigs: [{
enabled: false,
groupMemberDeprovision: false,
seatDeprovision: false,
secret: "string",
userDeprovision: false,
}],
zoneId: "string",
});
type: cloudflare:AccessIdentityProvider
properties:
accountId: string
configs:
- apiToken: string
appsDomain: string
attributes:
- string
authUrl: string
authorizationServerId: string
centrifyAccount: string
centrifyAppId: string
certsUrl: string
claims:
- string
clientId: string
clientSecret: string
conditionalAccessEnabled: false
directoryId: string
emailAttributeName: string
emailClaimName: string
idpPublicCert: string
issuerUrl: string
oktaAccount: string
oneloginAccount: string
pingEnvId: string
pkceEnabled: false
redirectUrl: string
scopes:
- string
signRequest: false
ssoTargetUrl: string
supportGroups: false
tokenUrl: string
name: string
scimConfigs:
- enabled: false
groupMemberDeprovision: false
seatDeprovision: false
secret: string
userDeprovision: false
type: string
zoneId: string
AccessIdentityProvider Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The AccessIdentityProvider resource accepts the following input properties:
- Name string
- Friendly name of the Access Identity Provider configuration.
- Type string
- The provider type to use. Available values:
azureAD
,centrify
,facebook
,github
,google
,google-apps
,linkedin
,oidc
,okta
,onelogin
,onetimepin
,pingone
,saml
,yandex
. - Account
Id string - The account identifier to target for the resource. Conflicts with
zone_id
. Modifying this attribute will force creation of a new resource. - Configs
List<Access
Identity Provider Config> - Provider configuration from the developer documentation.
- Scim
Configs List<AccessIdentity Provider Scim Config> - Configuration for SCIM settings for a given IDP.
- Zone
Id string - The zone identifier to target for the resource. Conflicts with
account_id
. Modifying this attribute will force creation of a new resource.
- Name string
- Friendly name of the Access Identity Provider configuration.
- Type string
- The provider type to use. Available values:
azureAD
,centrify
,facebook
,github
,google
,google-apps
,linkedin
,oidc
,okta
,onelogin
,onetimepin
,pingone
,saml
,yandex
. - Account
Id string - The account identifier to target for the resource. Conflicts with
zone_id
. Modifying this attribute will force creation of a new resource. - Configs
[]Access
Identity Provider Config Args - Provider configuration from the developer documentation.
- Scim
Configs []AccessIdentity Provider Scim Config Args - Configuration for SCIM settings for a given IDP.
- Zone
Id string - The zone identifier to target for the resource. Conflicts with
account_id
. Modifying this attribute will force creation of a new resource.
- name String
- Friendly name of the Access Identity Provider configuration.
- type String
- The provider type to use. Available values:
azureAD
,centrify
,facebook
,github
,google
,google-apps
,linkedin
,oidc
,okta
,onelogin
,onetimepin
,pingone
,saml
,yandex
. - account
Id String - The account identifier to target for the resource. Conflicts with
zone_id
. Modifying this attribute will force creation of a new resource. - configs
List<Access
Identity Provider Config> - Provider configuration from the developer documentation.
- scim
Configs List<AccessIdentity Provider Scim Config> - Configuration for SCIM settings for a given IDP.
- zone
Id String - The zone identifier to target for the resource. Conflicts with
account_id
. Modifying this attribute will force creation of a new resource.
- name string
- Friendly name of the Access Identity Provider configuration.
- type string
- The provider type to use. Available values:
azureAD
,centrify
,facebook
,github
,google
,google-apps
,linkedin
,oidc
,okta
,onelogin
,onetimepin
,pingone
,saml
,yandex
. - account
Id string - The account identifier to target for the resource. Conflicts with
zone_id
. Modifying this attribute will force creation of a new resource. - configs
Access
Identity Provider Config[] - Provider configuration from the developer documentation.
- scim
Configs AccessIdentity Provider Scim Config[] - Configuration for SCIM settings for a given IDP.
- zone
Id string - The zone identifier to target for the resource. Conflicts with
account_id
. Modifying this attribute will force creation of a new resource.
- name str
- Friendly name of the Access Identity Provider configuration.
- type str
- The provider type to use. Available values:
azureAD
,centrify
,facebook
,github
,google
,google-apps
,linkedin
,oidc
,okta
,onelogin
,onetimepin
,pingone
,saml
,yandex
. - account_
id str - The account identifier to target for the resource. Conflicts with
zone_id
. Modifying this attribute will force creation of a new resource. - configs
Sequence[Access
Identity Provider Config Args] - Provider configuration from the developer documentation.
- scim_
configs Sequence[AccessIdentity Provider Scim Config Args] - Configuration for SCIM settings for a given IDP.
- zone_
id str - The zone identifier to target for the resource. Conflicts with
account_id
. Modifying this attribute will force creation of a new resource.
- name String
- Friendly name of the Access Identity Provider configuration.
- type String
- The provider type to use. Available values:
azureAD
,centrify
,facebook
,github
,google
,google-apps
,linkedin
,oidc
,okta
,onelogin
,onetimepin
,pingone
,saml
,yandex
. - account
Id String - The account identifier to target for the resource. Conflicts with
zone_id
. Modifying this attribute will force creation of a new resource. - configs List<Property Map>
- Provider configuration from the developer documentation.
- scim
Configs List<Property Map> - Configuration for SCIM settings for a given IDP.
- zone
Id String - The zone identifier to target for the resource. Conflicts with
account_id
. Modifying this attribute will force creation of a new resource.
Outputs
All input properties are implicitly available as output properties. Additionally, the AccessIdentityProvider resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing AccessIdentityProvider Resource
Get an existing AccessIdentityProvider resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: AccessIdentityProviderState, opts?: CustomResourceOptions): AccessIdentityProvider
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
account_id: Optional[str] = None,
configs: Optional[Sequence[AccessIdentityProviderConfigArgs]] = None,
name: Optional[str] = None,
scim_configs: Optional[Sequence[AccessIdentityProviderScimConfigArgs]] = None,
type: Optional[str] = None,
zone_id: Optional[str] = None) -> AccessIdentityProvider
func GetAccessIdentityProvider(ctx *Context, name string, id IDInput, state *AccessIdentityProviderState, opts ...ResourceOption) (*AccessIdentityProvider, error)
public static AccessIdentityProvider Get(string name, Input<string> id, AccessIdentityProviderState? state, CustomResourceOptions? opts = null)
public static AccessIdentityProvider get(String name, Output<String> id, AccessIdentityProviderState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Account
Id string - The account identifier to target for the resource. Conflicts with
zone_id
. Modifying this attribute will force creation of a new resource. - Configs
List<Access
Identity Provider Config> - Provider configuration from the developer documentation.
- Name string
- Friendly name of the Access Identity Provider configuration.
- Scim
Configs List<AccessIdentity Provider Scim Config> - Configuration for SCIM settings for a given IDP.
- Type string
- The provider type to use. Available values:
azureAD
,centrify
,facebook
,github
,google
,google-apps
,linkedin
,oidc
,okta
,onelogin
,onetimepin
,pingone
,saml
,yandex
. - Zone
Id string - The zone identifier to target for the resource. Conflicts with
account_id
. Modifying this attribute will force creation of a new resource.
- Account
Id string - The account identifier to target for the resource. Conflicts with
zone_id
. Modifying this attribute will force creation of a new resource. - Configs
[]Access
Identity Provider Config Args - Provider configuration from the developer documentation.
- Name string
- Friendly name of the Access Identity Provider configuration.
- Scim
Configs []AccessIdentity Provider Scim Config Args - Configuration for SCIM settings for a given IDP.
- Type string
- The provider type to use. Available values:
azureAD
,centrify
,facebook
,github
,google
,google-apps
,linkedin
,oidc
,okta
,onelogin
,onetimepin
,pingone
,saml
,yandex
. - Zone
Id string - The zone identifier to target for the resource. Conflicts with
account_id
. Modifying this attribute will force creation of a new resource.
- account
Id String - The account identifier to target for the resource. Conflicts with
zone_id
. Modifying this attribute will force creation of a new resource. - configs
List<Access
Identity Provider Config> - Provider configuration from the developer documentation.
- name String
- Friendly name of the Access Identity Provider configuration.
- scim
Configs List<AccessIdentity Provider Scim Config> - Configuration for SCIM settings for a given IDP.
- type String
- The provider type to use. Available values:
azureAD
,centrify
,facebook
,github
,google
,google-apps
,linkedin
,oidc
,okta
,onelogin
,onetimepin
,pingone
,saml
,yandex
. - zone
Id String - The zone identifier to target for the resource. Conflicts with
account_id
. Modifying this attribute will force creation of a new resource.
- account
Id string - The account identifier to target for the resource. Conflicts with
zone_id
. Modifying this attribute will force creation of a new resource. - configs
Access
Identity Provider Config[] - Provider configuration from the developer documentation.
- name string
- Friendly name of the Access Identity Provider configuration.
- scim
Configs AccessIdentity Provider Scim Config[] - Configuration for SCIM settings for a given IDP.
- type string
- The provider type to use. Available values:
azureAD
,centrify
,facebook
,github
,google
,google-apps
,linkedin
,oidc
,okta
,onelogin
,onetimepin
,pingone
,saml
,yandex
. - zone
Id string - The zone identifier to target for the resource. Conflicts with
account_id
. Modifying this attribute will force creation of a new resource.
- account_
id str - The account identifier to target for the resource. Conflicts with
zone_id
. Modifying this attribute will force creation of a new resource. - configs
Sequence[Access
Identity Provider Config Args] - Provider configuration from the developer documentation.
- name str
- Friendly name of the Access Identity Provider configuration.
- scim_
configs Sequence[AccessIdentity Provider Scim Config Args] - Configuration for SCIM settings for a given IDP.
- type str
- The provider type to use. Available values:
azureAD
,centrify
,facebook
,github
,google
,google-apps
,linkedin
,oidc
,okta
,onelogin
,onetimepin
,pingone
,saml
,yandex
. - zone_
id str - The zone identifier to target for the resource. Conflicts with
account_id
. Modifying this attribute will force creation of a new resource.
- account
Id String - The account identifier to target for the resource. Conflicts with
zone_id
. Modifying this attribute will force creation of a new resource. - configs List<Property Map>
- Provider configuration from the developer documentation.
- name String
- Friendly name of the Access Identity Provider configuration.
- scim
Configs List<Property Map> - Configuration for SCIM settings for a given IDP.
- type String
- The provider type to use. Available values:
azureAD
,centrify
,facebook
,github
,google
,google-apps
,linkedin
,oidc
,okta
,onelogin
,onetimepin
,pingone
,saml
,yandex
. - zone
Id String - The zone identifier to target for the resource. Conflicts with
account_id
. Modifying this attribute will force creation of a new resource.
Supporting Types
AccessIdentityProviderConfig, AccessIdentityProviderConfigArgs
- Api
Token string - Apps
Domain string - Attributes List<string>
- Auth
Url string - string
- Centrify
Account string - Centrify
App stringId - Certs
Url string - Claims List<string>
- Client
Id string - Client
Secret string - Conditional
Access boolEnabled - Directory
Id string - Email
Attribute stringName - Email
Claim stringName - Idp
Public stringCert - Issuer
Url string - Okta
Account string - Onelogin
Account string - Ping
Env stringId - Pkce
Enabled bool - Redirect
Url string - Scopes List<string>
- Sign
Request bool - Sso
Target stringUrl - Support
Groups bool - Token
Url string
- Api
Token string - Apps
Domain string - Attributes []string
- Auth
Url string - string
- Centrify
Account string - Centrify
App stringId - Certs
Url string - Claims []string
- Client
Id string - Client
Secret string - Conditional
Access boolEnabled - Directory
Id string - Email
Attribute stringName - Email
Claim stringName - Idp
Public stringCert - Issuer
Url string - Okta
Account string - Onelogin
Account string - Ping
Env stringId - Pkce
Enabled bool - Redirect
Url string - Scopes []string
- Sign
Request bool - Sso
Target stringUrl - Support
Groups bool - Token
Url string
- api
Token String - apps
Domain String - attributes List<String>
- auth
Url String - String
- centrify
Account String - centrify
App StringId - certs
Url String - claims List<String>
- client
Id String - client
Secret String - conditional
Access BooleanEnabled - directory
Id String - email
Attribute StringName - email
Claim StringName - idp
Public StringCert - issuer
Url String - okta
Account String - onelogin
Account String - ping
Env StringId - pkce
Enabled Boolean - redirect
Url String - scopes List<String>
- sign
Request Boolean - sso
Target StringUrl - support
Groups Boolean - token
Url String
- api
Token string - apps
Domain string - attributes string[]
- auth
Url string - string
- centrify
Account string - centrify
App stringId - certs
Url string - claims string[]
- client
Id string - client
Secret string - conditional
Access booleanEnabled - directory
Id string - email
Attribute stringName - email
Claim stringName - idp
Public stringCert - issuer
Url string - okta
Account string - onelogin
Account string - ping
Env stringId - pkce
Enabled boolean - redirect
Url string - scopes string[]
- sign
Request boolean - sso
Target stringUrl - support
Groups boolean - token
Url string
- api_
token str - apps_
domain str - attributes Sequence[str]
- auth_
url str - str
- centrify_
account str - centrify_
app_ strid - certs_
url str - claims Sequence[str]
- client_
id str - client_
secret str - conditional_
access_ boolenabled - directory_
id str - email_
attribute_ strname - email_
claim_ strname - idp_
public_ strcert - issuer_
url str - okta_
account str - onelogin_
account str - ping_
env_ strid - pkce_
enabled bool - redirect_
url str - scopes Sequence[str]
- sign_
request bool - sso_
target_ strurl - support_
groups bool - token_
url str
- api
Token String - apps
Domain String - attributes List<String>
- auth
Url String - String
- centrify
Account String - centrify
App StringId - certs
Url String - claims List<String>
- client
Id String - client
Secret String - conditional
Access BooleanEnabled - directory
Id String - email
Attribute StringName - email
Claim StringName - idp
Public StringCert - issuer
Url String - okta
Account String - onelogin
Account String - ping
Env StringId - pkce
Enabled Boolean - redirect
Url String - scopes List<String>
- sign
Request Boolean - sso
Target StringUrl - support
Groups Boolean - token
Url String
AccessIdentityProviderScimConfig, AccessIdentityProviderScimConfigArgs
- Enabled bool
- Group
Member boolDeprovision - Seat
Deprovision bool - Secret string
- User
Deprovision bool
- Enabled bool
- Group
Member boolDeprovision - Seat
Deprovision bool - Secret string
- User
Deprovision bool
- enabled Boolean
- group
Member BooleanDeprovision - seat
Deprovision Boolean - secret String
- user
Deprovision Boolean
- enabled boolean
- group
Member booleanDeprovision - seat
Deprovision boolean - secret string
- user
Deprovision boolean
- enabled bool
- group_
member_ booldeprovision - seat_
deprovision bool - secret str
- user_
deprovision bool
- enabled Boolean
- group
Member BooleanDeprovision - seat
Deprovision Boolean - secret String
- user
Deprovision Boolean
Import
$ pulumi import cloudflare:index/accessIdentityProvider:AccessIdentityProvider example <account_id>/<identity_provider_id>
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Cloudflare pulumi/pulumi-cloudflare
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
cloudflare
Terraform Provider.