1. Packages
  2. Cloudflare Provider
  3. API Docs
  4. ZeroTrustAccessApplication
Cloudflare v5.43.0 published on Wednesday, Nov 13, 2024 by Pulumi

cloudflare.ZeroTrustAccessApplication

Explore with Pulumi AI

cloudflare logo
Cloudflare v5.43.0 published on Wednesday, Nov 13, 2024 by Pulumi

    Provides a Cloudflare Access Application resource. Access Applications are used to restrict access to a whole application using an authorisation gateway managed by Cloudflare.

    It’s required that an account_id or zone_id is provided and in most cases using either is fine. However, if you’re using a scoped access token, you must provide the argument that matches the token’s scope. For example, an access token that is scoped to the “example.com” zone needs to use the zone_id argument.

    Create ZeroTrustAccessApplication Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new ZeroTrustAccessApplication(name: string, args?: ZeroTrustAccessApplicationArgs, opts?: CustomResourceOptions);
    @overload
    def ZeroTrustAccessApplication(resource_name: str,
                                   args: Optional[ZeroTrustAccessApplicationArgs] = None,
                                   opts: Optional[ResourceOptions] = None)
    
    @overload
    def ZeroTrustAccessApplication(resource_name: str,
                                   opts: Optional[ResourceOptions] = None,
                                   account_id: Optional[str] = None,
                                   allow_authenticate_via_warp: Optional[bool] = None,
                                   allowed_idps: Optional[Sequence[str]] = None,
                                   app_launcher_logo_url: Optional[str] = None,
                                   app_launcher_visible: Optional[bool] = None,
                                   auto_redirect_to_identity: Optional[bool] = None,
                                   bg_color: Optional[str] = None,
                                   cors_headers: Optional[Sequence[ZeroTrustAccessApplicationCorsHeaderArgs]] = None,
                                   custom_deny_message: Optional[str] = None,
                                   custom_deny_url: Optional[str] = None,
                                   custom_non_identity_deny_url: Optional[str] = None,
                                   custom_pages: Optional[Sequence[str]] = None,
                                   domain: Optional[str] = None,
                                   enable_binding_cookie: Optional[bool] = None,
                                   footer_links: Optional[Sequence[ZeroTrustAccessApplicationFooterLinkArgs]] = None,
                                   header_bg_color: Optional[str] = None,
                                   http_only_cookie_attribute: Optional[bool] = None,
                                   landing_page_design: Optional[ZeroTrustAccessApplicationLandingPageDesignArgs] = None,
                                   logo_url: Optional[str] = None,
                                   name: Optional[str] = None,
                                   options_preflight_bypass: Optional[bool] = None,
                                   policies: Optional[Sequence[str]] = None,
                                   saas_app: Optional[ZeroTrustAccessApplicationSaasAppArgs] = None,
                                   same_site_cookie_attribute: Optional[str] = None,
                                   scim_config: Optional[ZeroTrustAccessApplicationScimConfigArgs] = None,
                                   self_hosted_domains: Optional[Sequence[str]] = None,
                                   service_auth401_redirect: Optional[bool] = None,
                                   session_duration: Optional[str] = None,
                                   skip_app_launcher_login_page: Optional[bool] = None,
                                   skip_interstitial: Optional[bool] = None,
                                   tags: Optional[Sequence[str]] = None,
                                   target_criterias: Optional[Sequence[ZeroTrustAccessApplicationTargetCriteriaArgs]] = None,
                                   type: Optional[str] = None,
                                   zone_id: Optional[str] = None)
    func NewZeroTrustAccessApplication(ctx *Context, name string, args *ZeroTrustAccessApplicationArgs, opts ...ResourceOption) (*ZeroTrustAccessApplication, error)
    public ZeroTrustAccessApplication(string name, ZeroTrustAccessApplicationArgs? args = null, CustomResourceOptions? opts = null)
    public ZeroTrustAccessApplication(String name, ZeroTrustAccessApplicationArgs args)
    public ZeroTrustAccessApplication(String name, ZeroTrustAccessApplicationArgs args, CustomResourceOptions options)
    
    type: cloudflare:ZeroTrustAccessApplication
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args ZeroTrustAccessApplicationArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args ZeroTrustAccessApplicationArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args ZeroTrustAccessApplicationArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args ZeroTrustAccessApplicationArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args ZeroTrustAccessApplicationArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var zeroTrustAccessApplicationResource = new Cloudflare.ZeroTrustAccessApplication("zeroTrustAccessApplicationResource", new()
    {
        AccountId = "string",
        AllowAuthenticateViaWarp = false,
        AllowedIdps = new[]
        {
            "string",
        },
        AppLauncherLogoUrl = "string",
        AppLauncherVisible = false,
        AutoRedirectToIdentity = false,
        BgColor = "string",
        CorsHeaders = new[]
        {
            new Cloudflare.Inputs.ZeroTrustAccessApplicationCorsHeaderArgs
            {
                AllowAllHeaders = false,
                AllowAllMethods = false,
                AllowAllOrigins = false,
                AllowCredentials = false,
                AllowedHeaders = new[]
                {
                    "string",
                },
                AllowedMethods = new[]
                {
                    "string",
                },
                AllowedOrigins = new[]
                {
                    "string",
                },
                MaxAge = 0,
            },
        },
        CustomDenyMessage = "string",
        CustomDenyUrl = "string",
        CustomNonIdentityDenyUrl = "string",
        CustomPages = new[]
        {
            "string",
        },
        Domain = "string",
        EnableBindingCookie = false,
        FooterLinks = new[]
        {
            new Cloudflare.Inputs.ZeroTrustAccessApplicationFooterLinkArgs
            {
                Name = "string",
                Url = "string",
            },
        },
        HeaderBgColor = "string",
        HttpOnlyCookieAttribute = false,
        LandingPageDesign = new Cloudflare.Inputs.ZeroTrustAccessApplicationLandingPageDesignArgs
        {
            ButtonColor = "string",
            ButtonTextColor = "string",
            ImageUrl = "string",
            Message = "string",
            Title = "string",
        },
        LogoUrl = "string",
        Name = "string",
        OptionsPreflightBypass = false,
        Policies = new[]
        {
            "string",
        },
        SaasApp = new Cloudflare.Inputs.ZeroTrustAccessApplicationSaasAppArgs
        {
            AccessTokenLifetime = "string",
            AllowPkceWithoutClientSecret = false,
            AppLauncherUrl = "string",
            AuthType = "string",
            ClientId = "string",
            ClientSecret = "string",
            ConsumerServiceUrl = "string",
            CustomAttributes = new[]
            {
                new Cloudflare.Inputs.ZeroTrustAccessApplicationSaasAppCustomAttributeArgs
                {
                    Source = new Cloudflare.Inputs.ZeroTrustAccessApplicationSaasAppCustomAttributeSourceArgs
                    {
                        Name = "string",
                        NameByIdp = 
                        {
                            { "string", "string" },
                        },
                    },
                    FriendlyName = "string",
                    Name = "string",
                    NameFormat = "string",
                    Required = false,
                },
            },
            CustomClaims = new[]
            {
                new Cloudflare.Inputs.ZeroTrustAccessApplicationSaasAppCustomClaimArgs
                {
                    Source = new Cloudflare.Inputs.ZeroTrustAccessApplicationSaasAppCustomClaimSourceArgs
                    {
                        Name = "string",
                        NameByIdp = 
                        {
                            { "string", "string" },
                        },
                    },
                    Name = "string",
                    Required = false,
                    Scope = "string",
                },
            },
            DefaultRelayState = "string",
            GrantTypes = new[]
            {
                "string",
            },
            GroupFilterRegex = "string",
            HybridAndImplicitOptions = new Cloudflare.Inputs.ZeroTrustAccessApplicationSaasAppHybridAndImplicitOptionsArgs
            {
                ReturnAccessTokenFromAuthorizationEndpoint = false,
                ReturnIdTokenFromAuthorizationEndpoint = false,
            },
            IdpEntityId = "string",
            NameIdFormat = "string",
            NameIdTransformJsonata = "string",
            PublicKey = "string",
            RedirectUris = new[]
            {
                "string",
            },
            RefreshTokenOptions = new[]
            {
                new Cloudflare.Inputs.ZeroTrustAccessApplicationSaasAppRefreshTokenOptionArgs
                {
                    Lifetime = "string",
                },
            },
            SamlAttributeTransformJsonata = "string",
            Scopes = new[]
            {
                "string",
            },
            SpEntityId = "string",
            SsoEndpoint = "string",
        },
        SameSiteCookieAttribute = "string",
        ScimConfig = new Cloudflare.Inputs.ZeroTrustAccessApplicationScimConfigArgs
        {
            IdpUid = "string",
            RemoteUri = "string",
            Authentication = new Cloudflare.Inputs.ZeroTrustAccessApplicationScimConfigAuthenticationArgs
            {
                Scheme = "string",
                AuthorizationUrl = "string",
                ClientId = "string",
                ClientSecret = "string",
                Password = "string",
                Scopes = new[]
                {
                    "string",
                },
                Token = "string",
                TokenUrl = "string",
                User = "string",
            },
            DeactivateOnDelete = false,
            Enabled = false,
            Mappings = new[]
            {
                new Cloudflare.Inputs.ZeroTrustAccessApplicationScimConfigMappingArgs
                {
                    Schema = "string",
                    Enabled = false,
                    Filter = "string",
                    Operations = new Cloudflare.Inputs.ZeroTrustAccessApplicationScimConfigMappingOperationsArgs
                    {
                        Create = false,
                        Delete = false,
                        Update = false,
                    },
                    TransformJsonata = "string",
                },
            },
        },
        SelfHostedDomains = new[]
        {
            "string",
        },
        ServiceAuth401Redirect = false,
        SessionDuration = "string",
        SkipAppLauncherLoginPage = false,
        SkipInterstitial = false,
        Tags = new[]
        {
            "string",
        },
        TargetCriterias = new[]
        {
            new Cloudflare.Inputs.ZeroTrustAccessApplicationTargetCriteriaArgs
            {
                Port = 0,
                Protocol = "string",
                TargetAttributes = new[]
                {
                    new Cloudflare.Inputs.ZeroTrustAccessApplicationTargetCriteriaTargetAttributeArgs
                    {
                        Name = "string",
                        Values = new[]
                        {
                            "string",
                        },
                    },
                },
            },
        },
        Type = "string",
        ZoneId = "string",
    });
    
    example, err := cloudflare.NewZeroTrustAccessApplication(ctx, "zeroTrustAccessApplicationResource", &cloudflare.ZeroTrustAccessApplicationArgs{
    	AccountId:                pulumi.String("string"),
    	AllowAuthenticateViaWarp: pulumi.Bool(false),
    	AllowedIdps: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	AppLauncherLogoUrl:     pulumi.String("string"),
    	AppLauncherVisible:     pulumi.Bool(false),
    	AutoRedirectToIdentity: pulumi.Bool(false),
    	BgColor:                pulumi.String("string"),
    	CorsHeaders: cloudflare.ZeroTrustAccessApplicationCorsHeaderArray{
    		&cloudflare.ZeroTrustAccessApplicationCorsHeaderArgs{
    			AllowAllHeaders:  pulumi.Bool(false),
    			AllowAllMethods:  pulumi.Bool(false),
    			AllowAllOrigins:  pulumi.Bool(false),
    			AllowCredentials: pulumi.Bool(false),
    			AllowedHeaders: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			AllowedMethods: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			AllowedOrigins: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			MaxAge: pulumi.Int(0),
    		},
    	},
    	CustomDenyMessage:        pulumi.String("string"),
    	CustomDenyUrl:            pulumi.String("string"),
    	CustomNonIdentityDenyUrl: pulumi.String("string"),
    	CustomPages: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	Domain:              pulumi.String("string"),
    	EnableBindingCookie: pulumi.Bool(false),
    	FooterLinks: cloudflare.ZeroTrustAccessApplicationFooterLinkArray{
    		&cloudflare.ZeroTrustAccessApplicationFooterLinkArgs{
    			Name: pulumi.String("string"),
    			Url:  pulumi.String("string"),
    		},
    	},
    	HeaderBgColor:           pulumi.String("string"),
    	HttpOnlyCookieAttribute: pulumi.Bool(false),
    	LandingPageDesign: &cloudflare.ZeroTrustAccessApplicationLandingPageDesignArgs{
    		ButtonColor:     pulumi.String("string"),
    		ButtonTextColor: pulumi.String("string"),
    		ImageUrl:        pulumi.String("string"),
    		Message:         pulumi.String("string"),
    		Title:           pulumi.String("string"),
    	},
    	LogoUrl:                pulumi.String("string"),
    	Name:                   pulumi.String("string"),
    	OptionsPreflightBypass: pulumi.Bool(false),
    	Policies: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	SaasApp: &cloudflare.ZeroTrustAccessApplicationSaasAppArgs{
    		AccessTokenLifetime:          pulumi.String("string"),
    		AllowPkceWithoutClientSecret: pulumi.Bool(false),
    		AppLauncherUrl:               pulumi.String("string"),
    		AuthType:                     pulumi.String("string"),
    		ClientId:                     pulumi.String("string"),
    		ClientSecret:                 pulumi.String("string"),
    		ConsumerServiceUrl:           pulumi.String("string"),
    		CustomAttributes: cloudflare.ZeroTrustAccessApplicationSaasAppCustomAttributeArray{
    			&cloudflare.ZeroTrustAccessApplicationSaasAppCustomAttributeArgs{
    				Source: &cloudflare.ZeroTrustAccessApplicationSaasAppCustomAttributeSourceArgs{
    					Name: pulumi.String("string"),
    					NameByIdp: pulumi.StringMap{
    						"string": pulumi.String("string"),
    					},
    				},
    				FriendlyName: pulumi.String("string"),
    				Name:         pulumi.String("string"),
    				NameFormat:   pulumi.String("string"),
    				Required:     pulumi.Bool(false),
    			},
    		},
    		CustomClaims: cloudflare.ZeroTrustAccessApplicationSaasAppCustomClaimArray{
    			&cloudflare.ZeroTrustAccessApplicationSaasAppCustomClaimArgs{
    				Source: &cloudflare.ZeroTrustAccessApplicationSaasAppCustomClaimSourceArgs{
    					Name: pulumi.String("string"),
    					NameByIdp: pulumi.StringMap{
    						"string": pulumi.String("string"),
    					},
    				},
    				Name:     pulumi.String("string"),
    				Required: pulumi.Bool(false),
    				Scope:    pulumi.String("string"),
    			},
    		},
    		DefaultRelayState: pulumi.String("string"),
    		GrantTypes: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		GroupFilterRegex: pulumi.String("string"),
    		HybridAndImplicitOptions: &cloudflare.ZeroTrustAccessApplicationSaasAppHybridAndImplicitOptionsArgs{
    			ReturnAccessTokenFromAuthorizationEndpoint: pulumi.Bool(false),
    			ReturnIdTokenFromAuthorizationEndpoint:     pulumi.Bool(false),
    		},
    		IdpEntityId:            pulumi.String("string"),
    		NameIdFormat:           pulumi.String("string"),
    		NameIdTransformJsonata: pulumi.String("string"),
    		PublicKey:              pulumi.String("string"),
    		RedirectUris: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		RefreshTokenOptions: cloudflare.ZeroTrustAccessApplicationSaasAppRefreshTokenOptionArray{
    			&cloudflare.ZeroTrustAccessApplicationSaasAppRefreshTokenOptionArgs{
    				Lifetime: pulumi.String("string"),
    			},
    		},
    		SamlAttributeTransformJsonata: pulumi.String("string"),
    		Scopes: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		SpEntityId:  pulumi.String("string"),
    		SsoEndpoint: pulumi.String("string"),
    	},
    	SameSiteCookieAttribute: pulumi.String("string"),
    	ScimConfig: &cloudflare.ZeroTrustAccessApplicationScimConfigArgs{
    		IdpUid:    pulumi.String("string"),
    		RemoteUri: pulumi.String("string"),
    		Authentication: &cloudflare.ZeroTrustAccessApplicationScimConfigAuthenticationArgs{
    			Scheme:           pulumi.String("string"),
    			AuthorizationUrl: pulumi.String("string"),
    			ClientId:         pulumi.String("string"),
    			ClientSecret:     pulumi.String("string"),
    			Password:         pulumi.String("string"),
    			Scopes: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			Token:    pulumi.String("string"),
    			TokenUrl: pulumi.String("string"),
    			User:     pulumi.String("string"),
    		},
    		DeactivateOnDelete: pulumi.Bool(false),
    		Enabled:            pulumi.Bool(false),
    		Mappings: cloudflare.ZeroTrustAccessApplicationScimConfigMappingArray{
    			&cloudflare.ZeroTrustAccessApplicationScimConfigMappingArgs{
    				Schema:  pulumi.String("string"),
    				Enabled: pulumi.Bool(false),
    				Filter:  pulumi.String("string"),
    				Operations: &cloudflare.ZeroTrustAccessApplicationScimConfigMappingOperationsArgs{
    					Create: pulumi.Bool(false),
    					Delete: pulumi.Bool(false),
    					Update: pulumi.Bool(false),
    				},
    				TransformJsonata: pulumi.String("string"),
    			},
    		},
    	},
    	SelfHostedDomains: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	ServiceAuth401Redirect:   pulumi.Bool(false),
    	SessionDuration:          pulumi.String("string"),
    	SkipAppLauncherLoginPage: pulumi.Bool(false),
    	SkipInterstitial:         pulumi.Bool(false),
    	Tags: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	TargetCriterias: cloudflare.ZeroTrustAccessApplicationTargetCriteriaArray{
    		&cloudflare.ZeroTrustAccessApplicationTargetCriteriaArgs{
    			Port:     pulumi.Int(0),
    			Protocol: pulumi.String("string"),
    			TargetAttributes: cloudflare.ZeroTrustAccessApplicationTargetCriteriaTargetAttributeArray{
    				&cloudflare.ZeroTrustAccessApplicationTargetCriteriaTargetAttributeArgs{
    					Name: pulumi.String("string"),
    					Values: pulumi.StringArray{
    						pulumi.String("string"),
    					},
    				},
    			},
    		},
    	},
    	Type:   pulumi.String("string"),
    	ZoneId: pulumi.String("string"),
    })
    
    var zeroTrustAccessApplicationResource = new ZeroTrustAccessApplication("zeroTrustAccessApplicationResource", ZeroTrustAccessApplicationArgs.builder()
        .accountId("string")
        .allowAuthenticateViaWarp(false)
        .allowedIdps("string")
        .appLauncherLogoUrl("string")
        .appLauncherVisible(false)
        .autoRedirectToIdentity(false)
        .bgColor("string")
        .corsHeaders(ZeroTrustAccessApplicationCorsHeaderArgs.builder()
            .allowAllHeaders(false)
            .allowAllMethods(false)
            .allowAllOrigins(false)
            .allowCredentials(false)
            .allowedHeaders("string")
            .allowedMethods("string")
            .allowedOrigins("string")
            .maxAge(0)
            .build())
        .customDenyMessage("string")
        .customDenyUrl("string")
        .customNonIdentityDenyUrl("string")
        .customPages("string")
        .domain("string")
        .enableBindingCookie(false)
        .footerLinks(ZeroTrustAccessApplicationFooterLinkArgs.builder()
            .name("string")
            .url("string")
            .build())
        .headerBgColor("string")
        .httpOnlyCookieAttribute(false)
        .landingPageDesign(ZeroTrustAccessApplicationLandingPageDesignArgs.builder()
            .buttonColor("string")
            .buttonTextColor("string")
            .imageUrl("string")
            .message("string")
            .title("string")
            .build())
        .logoUrl("string")
        .name("string")
        .optionsPreflightBypass(false)
        .policies("string")
        .saasApp(ZeroTrustAccessApplicationSaasAppArgs.builder()
            .accessTokenLifetime("string")
            .allowPkceWithoutClientSecret(false)
            .appLauncherUrl("string")
            .authType("string")
            .clientId("string")
            .clientSecret("string")
            .consumerServiceUrl("string")
            .customAttributes(ZeroTrustAccessApplicationSaasAppCustomAttributeArgs.builder()
                .source(ZeroTrustAccessApplicationSaasAppCustomAttributeSourceArgs.builder()
                    .name("string")
                    .nameByIdp(Map.of("string", "string"))
                    .build())
                .friendlyName("string")
                .name("string")
                .nameFormat("string")
                .required(false)
                .build())
            .customClaims(ZeroTrustAccessApplicationSaasAppCustomClaimArgs.builder()
                .source(ZeroTrustAccessApplicationSaasAppCustomClaimSourceArgs.builder()
                    .name("string")
                    .nameByIdp(Map.of("string", "string"))
                    .build())
                .name("string")
                .required(false)
                .scope("string")
                .build())
            .defaultRelayState("string")
            .grantTypes("string")
            .groupFilterRegex("string")
            .hybridAndImplicitOptions(ZeroTrustAccessApplicationSaasAppHybridAndImplicitOptionsArgs.builder()
                .returnAccessTokenFromAuthorizationEndpoint(false)
                .returnIdTokenFromAuthorizationEndpoint(false)
                .build())
            .idpEntityId("string")
            .nameIdFormat("string")
            .nameIdTransformJsonata("string")
            .publicKey("string")
            .redirectUris("string")
            .refreshTokenOptions(ZeroTrustAccessApplicationSaasAppRefreshTokenOptionArgs.builder()
                .lifetime("string")
                .build())
            .samlAttributeTransformJsonata("string")
            .scopes("string")
            .spEntityId("string")
            .ssoEndpoint("string")
            .build())
        .sameSiteCookieAttribute("string")
        .scimConfig(ZeroTrustAccessApplicationScimConfigArgs.builder()
            .idpUid("string")
            .remoteUri("string")
            .authentication(ZeroTrustAccessApplicationScimConfigAuthenticationArgs.builder()
                .scheme("string")
                .authorizationUrl("string")
                .clientId("string")
                .clientSecret("string")
                .password("string")
                .scopes("string")
                .token("string")
                .tokenUrl("string")
                .user("string")
                .build())
            .deactivateOnDelete(false)
            .enabled(false)
            .mappings(ZeroTrustAccessApplicationScimConfigMappingArgs.builder()
                .schema("string")
                .enabled(false)
                .filter("string")
                .operations(ZeroTrustAccessApplicationScimConfigMappingOperationsArgs.builder()
                    .create(false)
                    .delete(false)
                    .update(false)
                    .build())
                .transformJsonata("string")
                .build())
            .build())
        .selfHostedDomains("string")
        .serviceAuth401Redirect(false)
        .sessionDuration("string")
        .skipAppLauncherLoginPage(false)
        .skipInterstitial(false)
        .tags("string")
        .targetCriterias(ZeroTrustAccessApplicationTargetCriteriaArgs.builder()
            .port(0)
            .protocol("string")
            .targetAttributes(ZeroTrustAccessApplicationTargetCriteriaTargetAttributeArgs.builder()
                .name("string")
                .values("string")
                .build())
            .build())
        .type("string")
        .zoneId("string")
        .build());
    
    zero_trust_access_application_resource = cloudflare.ZeroTrustAccessApplication("zeroTrustAccessApplicationResource",
        account_id="string",
        allow_authenticate_via_warp=False,
        allowed_idps=["string"],
        app_launcher_logo_url="string",
        app_launcher_visible=False,
        auto_redirect_to_identity=False,
        bg_color="string",
        cors_headers=[{
            "allow_all_headers": False,
            "allow_all_methods": False,
            "allow_all_origins": False,
            "allow_credentials": False,
            "allowed_headers": ["string"],
            "allowed_methods": ["string"],
            "allowed_origins": ["string"],
            "max_age": 0,
        }],
        custom_deny_message="string",
        custom_deny_url="string",
        custom_non_identity_deny_url="string",
        custom_pages=["string"],
        domain="string",
        enable_binding_cookie=False,
        footer_links=[{
            "name": "string",
            "url": "string",
        }],
        header_bg_color="string",
        http_only_cookie_attribute=False,
        landing_page_design={
            "button_color": "string",
            "button_text_color": "string",
            "image_url": "string",
            "message": "string",
            "title": "string",
        },
        logo_url="string",
        name="string",
        options_preflight_bypass=False,
        policies=["string"],
        saas_app={
            "access_token_lifetime": "string",
            "allow_pkce_without_client_secret": False,
            "app_launcher_url": "string",
            "auth_type": "string",
            "client_id": "string",
            "client_secret": "string",
            "consumer_service_url": "string",
            "custom_attributes": [{
                "source": {
                    "name": "string",
                    "name_by_idp": {
                        "string": "string",
                    },
                },
                "friendly_name": "string",
                "name": "string",
                "name_format": "string",
                "required": False,
            }],
            "custom_claims": [{
                "source": {
                    "name": "string",
                    "name_by_idp": {
                        "string": "string",
                    },
                },
                "name": "string",
                "required": False,
                "scope": "string",
            }],
            "default_relay_state": "string",
            "grant_types": ["string"],
            "group_filter_regex": "string",
            "hybrid_and_implicit_options": {
                "return_access_token_from_authorization_endpoint": False,
                "return_id_token_from_authorization_endpoint": False,
            },
            "idp_entity_id": "string",
            "name_id_format": "string",
            "name_id_transform_jsonata": "string",
            "public_key": "string",
            "redirect_uris": ["string"],
            "refresh_token_options": [{
                "lifetime": "string",
            }],
            "saml_attribute_transform_jsonata": "string",
            "scopes": ["string"],
            "sp_entity_id": "string",
            "sso_endpoint": "string",
        },
        same_site_cookie_attribute="string",
        scim_config={
            "idp_uid": "string",
            "remote_uri": "string",
            "authentication": {
                "scheme": "string",
                "authorization_url": "string",
                "client_id": "string",
                "client_secret": "string",
                "password": "string",
                "scopes": ["string"],
                "token": "string",
                "token_url": "string",
                "user": "string",
            },
            "deactivate_on_delete": False,
            "enabled": False,
            "mappings": [{
                "schema": "string",
                "enabled": False,
                "filter": "string",
                "operations": {
                    "create": False,
                    "delete": False,
                    "update": False,
                },
                "transform_jsonata": "string",
            }],
        },
        self_hosted_domains=["string"],
        service_auth401_redirect=False,
        session_duration="string",
        skip_app_launcher_login_page=False,
        skip_interstitial=False,
        tags=["string"],
        target_criterias=[{
            "port": 0,
            "protocol": "string",
            "target_attributes": [{
                "name": "string",
                "values": ["string"],
            }],
        }],
        type="string",
        zone_id="string")
    
    const zeroTrustAccessApplicationResource = new cloudflare.ZeroTrustAccessApplication("zeroTrustAccessApplicationResource", {
        accountId: "string",
        allowAuthenticateViaWarp: false,
        allowedIdps: ["string"],
        appLauncherLogoUrl: "string",
        appLauncherVisible: false,
        autoRedirectToIdentity: false,
        bgColor: "string",
        corsHeaders: [{
            allowAllHeaders: false,
            allowAllMethods: false,
            allowAllOrigins: false,
            allowCredentials: false,
            allowedHeaders: ["string"],
            allowedMethods: ["string"],
            allowedOrigins: ["string"],
            maxAge: 0,
        }],
        customDenyMessage: "string",
        customDenyUrl: "string",
        customNonIdentityDenyUrl: "string",
        customPages: ["string"],
        domain: "string",
        enableBindingCookie: false,
        footerLinks: [{
            name: "string",
            url: "string",
        }],
        headerBgColor: "string",
        httpOnlyCookieAttribute: false,
        landingPageDesign: {
            buttonColor: "string",
            buttonTextColor: "string",
            imageUrl: "string",
            message: "string",
            title: "string",
        },
        logoUrl: "string",
        name: "string",
        optionsPreflightBypass: false,
        policies: ["string"],
        saasApp: {
            accessTokenLifetime: "string",
            allowPkceWithoutClientSecret: false,
            appLauncherUrl: "string",
            authType: "string",
            clientId: "string",
            clientSecret: "string",
            consumerServiceUrl: "string",
            customAttributes: [{
                source: {
                    name: "string",
                    nameByIdp: {
                        string: "string",
                    },
                },
                friendlyName: "string",
                name: "string",
                nameFormat: "string",
                required: false,
            }],
            customClaims: [{
                source: {
                    name: "string",
                    nameByIdp: {
                        string: "string",
                    },
                },
                name: "string",
                required: false,
                scope: "string",
            }],
            defaultRelayState: "string",
            grantTypes: ["string"],
            groupFilterRegex: "string",
            hybridAndImplicitOptions: {
                returnAccessTokenFromAuthorizationEndpoint: false,
                returnIdTokenFromAuthorizationEndpoint: false,
            },
            idpEntityId: "string",
            nameIdFormat: "string",
            nameIdTransformJsonata: "string",
            publicKey: "string",
            redirectUris: ["string"],
            refreshTokenOptions: [{
                lifetime: "string",
            }],
            samlAttributeTransformJsonata: "string",
            scopes: ["string"],
            spEntityId: "string",
            ssoEndpoint: "string",
        },
        sameSiteCookieAttribute: "string",
        scimConfig: {
            idpUid: "string",
            remoteUri: "string",
            authentication: {
                scheme: "string",
                authorizationUrl: "string",
                clientId: "string",
                clientSecret: "string",
                password: "string",
                scopes: ["string"],
                token: "string",
                tokenUrl: "string",
                user: "string",
            },
            deactivateOnDelete: false,
            enabled: false,
            mappings: [{
                schema: "string",
                enabled: false,
                filter: "string",
                operations: {
                    create: false,
                    "delete": false,
                    update: false,
                },
                transformJsonata: "string",
            }],
        },
        selfHostedDomains: ["string"],
        serviceAuth401Redirect: false,
        sessionDuration: "string",
        skipAppLauncherLoginPage: false,
        skipInterstitial: false,
        tags: ["string"],
        targetCriterias: [{
            port: 0,
            protocol: "string",
            targetAttributes: [{
                name: "string",
                values: ["string"],
            }],
        }],
        type: "string",
        zoneId: "string",
    });
    
    type: cloudflare:ZeroTrustAccessApplication
    properties:
        accountId: string
        allowAuthenticateViaWarp: false
        allowedIdps:
            - string
        appLauncherLogoUrl: string
        appLauncherVisible: false
        autoRedirectToIdentity: false
        bgColor: string
        corsHeaders:
            - allowAllHeaders: false
              allowAllMethods: false
              allowAllOrigins: false
              allowCredentials: false
              allowedHeaders:
                - string
              allowedMethods:
                - string
              allowedOrigins:
                - string
              maxAge: 0
        customDenyMessage: string
        customDenyUrl: string
        customNonIdentityDenyUrl: string
        customPages:
            - string
        domain: string
        enableBindingCookie: false
        footerLinks:
            - name: string
              url: string
        headerBgColor: string
        httpOnlyCookieAttribute: false
        landingPageDesign:
            buttonColor: string
            buttonTextColor: string
            imageUrl: string
            message: string
            title: string
        logoUrl: string
        name: string
        optionsPreflightBypass: false
        policies:
            - string
        saasApp:
            accessTokenLifetime: string
            allowPkceWithoutClientSecret: false
            appLauncherUrl: string
            authType: string
            clientId: string
            clientSecret: string
            consumerServiceUrl: string
            customAttributes:
                - friendlyName: string
                  name: string
                  nameFormat: string
                  required: false
                  source:
                    name: string
                    nameByIdp:
                        string: string
            customClaims:
                - name: string
                  required: false
                  scope: string
                  source:
                    name: string
                    nameByIdp:
                        string: string
            defaultRelayState: string
            grantTypes:
                - string
            groupFilterRegex: string
            hybridAndImplicitOptions:
                returnAccessTokenFromAuthorizationEndpoint: false
                returnIdTokenFromAuthorizationEndpoint: false
            idpEntityId: string
            nameIdFormat: string
            nameIdTransformJsonata: string
            publicKey: string
            redirectUris:
                - string
            refreshTokenOptions:
                - lifetime: string
            samlAttributeTransformJsonata: string
            scopes:
                - string
            spEntityId: string
            ssoEndpoint: string
        sameSiteCookieAttribute: string
        scimConfig:
            authentication:
                authorizationUrl: string
                clientId: string
                clientSecret: string
                password: string
                scheme: string
                scopes:
                    - string
                token: string
                tokenUrl: string
                user: string
            deactivateOnDelete: false
            enabled: false
            idpUid: string
            mappings:
                - enabled: false
                  filter: string
                  operations:
                    create: false
                    delete: false
                    update: false
                  schema: string
                  transformJsonata: string
            remoteUri: string
        selfHostedDomains:
            - string
        serviceAuth401Redirect: false
        sessionDuration: string
        skipAppLauncherLoginPage: false
        skipInterstitial: false
        tags:
            - string
        targetCriterias:
            - port: 0
              protocol: string
              targetAttributes:
                - name: string
                  values:
                    - string
        type: string
        zoneId: string
    

    ZeroTrustAccessApplication Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The ZeroTrustAccessApplication resource accepts the following input properties:

    AccountId string
    The account identifier to target for the resource. Conflicts with zone_id.
    AllowAuthenticateViaWarp bool
    When set to true, users can authenticate to this application using their WARP session. When set to false this application will always require direct IdP authentication. This setting always overrides the organization setting for WARP authentication.
    AllowedIdps List<string>
    The identity providers selected for the application.
    AppLauncherLogoUrl string
    The logo URL of the app launcher.
    AppLauncherVisible bool
    Option to show/hide applications in App Launcher. Defaults to true.
    AutoRedirectToIdentity bool
    Option to skip identity provider selection if only one is configured in allowed_idps. Defaults to false.
    BgColor string
    The background color of the app launcher.
    CorsHeaders List<ZeroTrustAccessApplicationCorsHeader>
    CORS configuration for the Access Application. See below for reference structure.
    CustomDenyMessage string
    Option that returns a custom error message when a user is denied access to the application.
    CustomDenyUrl string
    Option that redirects to a custom URL when a user is denied access to the application via identity based rules.
    CustomNonIdentityDenyUrl string
    Option that redirects to a custom URL when a user is denied access to the application via non identity rules.
    CustomPages List<string>
    The custom pages selected for the application.
    Domain string
    The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed.
    EnableBindingCookie bool
    Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to false.
    FooterLinks List<ZeroTrustAccessApplicationFooterLink>
    The footer links of the app launcher.
    HeaderBgColor string
    The background color of the header bar in the app launcher.
    HttpOnlyCookieAttribute bool
    Option to add the HttpOnly cookie flag to access tokens.
    LandingPageDesign ZeroTrustAccessApplicationLandingPageDesign
    The landing page design of the app launcher.
    LogoUrl string
    Image URL for the logo shown in the app launcher dashboard.
    Name string
    Friendly name of the Access Application.
    OptionsPreflightBypass bool
    Allows options preflight requests to bypass Access authentication and go directly to the origin. Cannot turn on if cors_headers is set. Defaults to false.
    Policies List<string>
    The policies associated with the application, in ascending order of precedence. Warning: Do not use this field while you still have this application ID referenced as application_id in any cloudflare.AccessPolicy resource, as it can result in an inconsistent state.
    SaasApp ZeroTrustAccessApplicationSaasApp
    SaaS configuration for the Access Application.
    SameSiteCookieAttribute string
    Defines the same-site cookie setting for access tokens. Available values: none, lax, strict.
    ScimConfig ZeroTrustAccessApplicationScimConfig
    Configuration for provisioning to this application via SCIM. This is currently in closed beta.
    SelfHostedDomains List<string>
    List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as domain.
    ServiceAuth401Redirect bool
    Option to return a 401 status code in service authentication rules on failed requests. Defaults to false.
    SessionDuration string
    How often a user will be forced to re-authorise. Must be in the format 48h or 2h45m. Defaults to 24h.
    SkipAppLauncherLoginPage bool
    Option to skip the App Launcher landing page. Defaults to false.
    SkipInterstitial bool
    Option to skip the authorization interstitial when using the CLI. Defaults to false.
    Tags List<string>
    The itags associated with the application.
    TargetCriterias List<ZeroTrustAccessApplicationTargetCriteria>
    The payload for an infrastructure application which defines the port, protocol, and target attributes. Only applicable to Infrastructure Applications, in which case this field is required.
    Type string
    The application type. Available values: app_launcher, bookmark, biso, dash_sso, saas, self_hosted, ssh, vnc, warp, infrastructure. Defaults to self_hosted.
    ZoneId string
    The zone identifier to target for the resource. Conflicts with account_id.
    AccountId string
    The account identifier to target for the resource. Conflicts with zone_id.
    AllowAuthenticateViaWarp bool
    When set to true, users can authenticate to this application using their WARP session. When set to false this application will always require direct IdP authentication. This setting always overrides the organization setting for WARP authentication.
    AllowedIdps []string
    The identity providers selected for the application.
    AppLauncherLogoUrl string
    The logo URL of the app launcher.
    AppLauncherVisible bool
    Option to show/hide applications in App Launcher. Defaults to true.
    AutoRedirectToIdentity bool
    Option to skip identity provider selection if only one is configured in allowed_idps. Defaults to false.
    BgColor string
    The background color of the app launcher.
    CorsHeaders []ZeroTrustAccessApplicationCorsHeaderArgs
    CORS configuration for the Access Application. See below for reference structure.
    CustomDenyMessage string
    Option that returns a custom error message when a user is denied access to the application.
    CustomDenyUrl string
    Option that redirects to a custom URL when a user is denied access to the application via identity based rules.
    CustomNonIdentityDenyUrl string
    Option that redirects to a custom URL when a user is denied access to the application via non identity rules.
    CustomPages []string
    The custom pages selected for the application.
    Domain string
    The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed.
    EnableBindingCookie bool
    Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to false.
    FooterLinks []ZeroTrustAccessApplicationFooterLinkArgs
    The footer links of the app launcher.
    HeaderBgColor string
    The background color of the header bar in the app launcher.
    HttpOnlyCookieAttribute bool
    Option to add the HttpOnly cookie flag to access tokens.
    LandingPageDesign ZeroTrustAccessApplicationLandingPageDesignArgs
    The landing page design of the app launcher.
    LogoUrl string
    Image URL for the logo shown in the app launcher dashboard.
    Name string
    Friendly name of the Access Application.
    OptionsPreflightBypass bool
    Allows options preflight requests to bypass Access authentication and go directly to the origin. Cannot turn on if cors_headers is set. Defaults to false.
    Policies []string
    The policies associated with the application, in ascending order of precedence. Warning: Do not use this field while you still have this application ID referenced as application_id in any cloudflare.AccessPolicy resource, as it can result in an inconsistent state.
    SaasApp ZeroTrustAccessApplicationSaasAppArgs
    SaaS configuration for the Access Application.
    SameSiteCookieAttribute string
    Defines the same-site cookie setting for access tokens. Available values: none, lax, strict.
    ScimConfig ZeroTrustAccessApplicationScimConfigArgs
    Configuration for provisioning to this application via SCIM. This is currently in closed beta.
    SelfHostedDomains []string
    List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as domain.
    ServiceAuth401Redirect bool
    Option to return a 401 status code in service authentication rules on failed requests. Defaults to false.
    SessionDuration string
    How often a user will be forced to re-authorise. Must be in the format 48h or 2h45m. Defaults to 24h.
    SkipAppLauncherLoginPage bool
    Option to skip the App Launcher landing page. Defaults to false.
    SkipInterstitial bool
    Option to skip the authorization interstitial when using the CLI. Defaults to false.
    Tags []string
    The itags associated with the application.
    TargetCriterias []ZeroTrustAccessApplicationTargetCriteriaArgs
    The payload for an infrastructure application which defines the port, protocol, and target attributes. Only applicable to Infrastructure Applications, in which case this field is required.
    Type string
    The application type. Available values: app_launcher, bookmark, biso, dash_sso, saas, self_hosted, ssh, vnc, warp, infrastructure. Defaults to self_hosted.
    ZoneId string
    The zone identifier to target for the resource. Conflicts with account_id.
    accountId String
    The account identifier to target for the resource. Conflicts with zone_id.
    allowAuthenticateViaWarp Boolean
    When set to true, users can authenticate to this application using their WARP session. When set to false this application will always require direct IdP authentication. This setting always overrides the organization setting for WARP authentication.
    allowedIdps List<String>
    The identity providers selected for the application.
    appLauncherLogoUrl String
    The logo URL of the app launcher.
    appLauncherVisible Boolean
    Option to show/hide applications in App Launcher. Defaults to true.
    autoRedirectToIdentity Boolean
    Option to skip identity provider selection if only one is configured in allowed_idps. Defaults to false.
    bgColor String
    The background color of the app launcher.
    corsHeaders List<ZeroTrustAccessApplicationCorsHeader>
    CORS configuration for the Access Application. See below for reference structure.
    customDenyMessage String
    Option that returns a custom error message when a user is denied access to the application.
    customDenyUrl String
    Option that redirects to a custom URL when a user is denied access to the application via identity based rules.
    customNonIdentityDenyUrl String
    Option that redirects to a custom URL when a user is denied access to the application via non identity rules.
    customPages List<String>
    The custom pages selected for the application.
    domain String
    The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed.
    enableBindingCookie Boolean
    Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to false.
    footerLinks List<ZeroTrustAccessApplicationFooterLink>
    The footer links of the app launcher.
    headerBgColor String
    The background color of the header bar in the app launcher.
    httpOnlyCookieAttribute Boolean
    Option to add the HttpOnly cookie flag to access tokens.
    landingPageDesign ZeroTrustAccessApplicationLandingPageDesign
    The landing page design of the app launcher.
    logoUrl String
    Image URL for the logo shown in the app launcher dashboard.
    name String
    Friendly name of the Access Application.
    optionsPreflightBypass Boolean
    Allows options preflight requests to bypass Access authentication and go directly to the origin. Cannot turn on if cors_headers is set. Defaults to false.
    policies List<String>
    The policies associated with the application, in ascending order of precedence. Warning: Do not use this field while you still have this application ID referenced as application_id in any cloudflare.AccessPolicy resource, as it can result in an inconsistent state.
    saasApp ZeroTrustAccessApplicationSaasApp
    SaaS configuration for the Access Application.
    sameSiteCookieAttribute String
    Defines the same-site cookie setting for access tokens. Available values: none, lax, strict.
    scimConfig ZeroTrustAccessApplicationScimConfig
    Configuration for provisioning to this application via SCIM. This is currently in closed beta.
    selfHostedDomains List<String>
    List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as domain.
    serviceAuth401Redirect Boolean
    Option to return a 401 status code in service authentication rules on failed requests. Defaults to false.
    sessionDuration String
    How often a user will be forced to re-authorise. Must be in the format 48h or 2h45m. Defaults to 24h.
    skipAppLauncherLoginPage Boolean
    Option to skip the App Launcher landing page. Defaults to false.
    skipInterstitial Boolean
    Option to skip the authorization interstitial when using the CLI. Defaults to false.
    tags List<String>
    The itags associated with the application.
    targetCriterias List<ZeroTrustAccessApplicationTargetCriteria>
    The payload for an infrastructure application which defines the port, protocol, and target attributes. Only applicable to Infrastructure Applications, in which case this field is required.
    type String
    The application type. Available values: app_launcher, bookmark, biso, dash_sso, saas, self_hosted, ssh, vnc, warp, infrastructure. Defaults to self_hosted.
    zoneId String
    The zone identifier to target for the resource. Conflicts with account_id.
    accountId string
    The account identifier to target for the resource. Conflicts with zone_id.
    allowAuthenticateViaWarp boolean
    When set to true, users can authenticate to this application using their WARP session. When set to false this application will always require direct IdP authentication. This setting always overrides the organization setting for WARP authentication.
    allowedIdps string[]
    The identity providers selected for the application.
    appLauncherLogoUrl string
    The logo URL of the app launcher.
    appLauncherVisible boolean
    Option to show/hide applications in App Launcher. Defaults to true.
    autoRedirectToIdentity boolean
    Option to skip identity provider selection if only one is configured in allowed_idps. Defaults to false.
    bgColor string
    The background color of the app launcher.
    corsHeaders ZeroTrustAccessApplicationCorsHeader[]
    CORS configuration for the Access Application. See below for reference structure.
    customDenyMessage string
    Option that returns a custom error message when a user is denied access to the application.
    customDenyUrl string
    Option that redirects to a custom URL when a user is denied access to the application via identity based rules.
    customNonIdentityDenyUrl string
    Option that redirects to a custom URL when a user is denied access to the application via non identity rules.
    customPages string[]
    The custom pages selected for the application.
    domain string
    The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed.
    enableBindingCookie boolean
    Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to false.
    footerLinks ZeroTrustAccessApplicationFooterLink[]
    The footer links of the app launcher.
    headerBgColor string
    The background color of the header bar in the app launcher.
    httpOnlyCookieAttribute boolean
    Option to add the HttpOnly cookie flag to access tokens.
    landingPageDesign ZeroTrustAccessApplicationLandingPageDesign
    The landing page design of the app launcher.
    logoUrl string
    Image URL for the logo shown in the app launcher dashboard.
    name string
    Friendly name of the Access Application.
    optionsPreflightBypass boolean
    Allows options preflight requests to bypass Access authentication and go directly to the origin. Cannot turn on if cors_headers is set. Defaults to false.
    policies string[]
    The policies associated with the application, in ascending order of precedence. Warning: Do not use this field while you still have this application ID referenced as application_id in any cloudflare.AccessPolicy resource, as it can result in an inconsistent state.
    saasApp ZeroTrustAccessApplicationSaasApp
    SaaS configuration for the Access Application.
    sameSiteCookieAttribute string
    Defines the same-site cookie setting for access tokens. Available values: none, lax, strict.
    scimConfig ZeroTrustAccessApplicationScimConfig
    Configuration for provisioning to this application via SCIM. This is currently in closed beta.
    selfHostedDomains string[]
    List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as domain.
    serviceAuth401Redirect boolean
    Option to return a 401 status code in service authentication rules on failed requests. Defaults to false.
    sessionDuration string
    How often a user will be forced to re-authorise. Must be in the format 48h or 2h45m. Defaults to 24h.
    skipAppLauncherLoginPage boolean
    Option to skip the App Launcher landing page. Defaults to false.
    skipInterstitial boolean
    Option to skip the authorization interstitial when using the CLI. Defaults to false.
    tags string[]
    The itags associated with the application.
    targetCriterias ZeroTrustAccessApplicationTargetCriteria[]
    The payload for an infrastructure application which defines the port, protocol, and target attributes. Only applicable to Infrastructure Applications, in which case this field is required.
    type string
    The application type. Available values: app_launcher, bookmark, biso, dash_sso, saas, self_hosted, ssh, vnc, warp, infrastructure. Defaults to self_hosted.
    zoneId string
    The zone identifier to target for the resource. Conflicts with account_id.
    account_id str
    The account identifier to target for the resource. Conflicts with zone_id.
    allow_authenticate_via_warp bool
    When set to true, users can authenticate to this application using their WARP session. When set to false this application will always require direct IdP authentication. This setting always overrides the organization setting for WARP authentication.
    allowed_idps Sequence[str]
    The identity providers selected for the application.
    app_launcher_logo_url str
    The logo URL of the app launcher.
    app_launcher_visible bool
    Option to show/hide applications in App Launcher. Defaults to true.
    auto_redirect_to_identity bool
    Option to skip identity provider selection if only one is configured in allowed_idps. Defaults to false.
    bg_color str
    The background color of the app launcher.
    cors_headers Sequence[ZeroTrustAccessApplicationCorsHeaderArgs]
    CORS configuration for the Access Application. See below for reference structure.
    custom_deny_message str
    Option that returns a custom error message when a user is denied access to the application.
    custom_deny_url str
    Option that redirects to a custom URL when a user is denied access to the application via identity based rules.
    custom_non_identity_deny_url str
    Option that redirects to a custom URL when a user is denied access to the application via non identity rules.
    custom_pages Sequence[str]
    The custom pages selected for the application.
    domain str
    The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed.
    enable_binding_cookie bool
    Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to false.
    footer_links Sequence[ZeroTrustAccessApplicationFooterLinkArgs]
    The footer links of the app launcher.
    header_bg_color str
    The background color of the header bar in the app launcher.
    http_only_cookie_attribute bool
    Option to add the HttpOnly cookie flag to access tokens.
    landing_page_design ZeroTrustAccessApplicationLandingPageDesignArgs
    The landing page design of the app launcher.
    logo_url str
    Image URL for the logo shown in the app launcher dashboard.
    name str
    Friendly name of the Access Application.
    options_preflight_bypass bool
    Allows options preflight requests to bypass Access authentication and go directly to the origin. Cannot turn on if cors_headers is set. Defaults to false.
    policies Sequence[str]
    The policies associated with the application, in ascending order of precedence. Warning: Do not use this field while you still have this application ID referenced as application_id in any cloudflare.AccessPolicy resource, as it can result in an inconsistent state.
    saas_app ZeroTrustAccessApplicationSaasAppArgs
    SaaS configuration for the Access Application.
    same_site_cookie_attribute str
    Defines the same-site cookie setting for access tokens. Available values: none, lax, strict.
    scim_config ZeroTrustAccessApplicationScimConfigArgs
    Configuration for provisioning to this application via SCIM. This is currently in closed beta.
    self_hosted_domains Sequence[str]
    List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as domain.
    service_auth401_redirect bool
    Option to return a 401 status code in service authentication rules on failed requests. Defaults to false.
    session_duration str
    How often a user will be forced to re-authorise. Must be in the format 48h or 2h45m. Defaults to 24h.
    skip_app_launcher_login_page bool
    Option to skip the App Launcher landing page. Defaults to false.
    skip_interstitial bool
    Option to skip the authorization interstitial when using the CLI. Defaults to false.
    tags Sequence[str]
    The itags associated with the application.
    target_criterias Sequence[ZeroTrustAccessApplicationTargetCriteriaArgs]
    The payload for an infrastructure application which defines the port, protocol, and target attributes. Only applicable to Infrastructure Applications, in which case this field is required.
    type str
    The application type. Available values: app_launcher, bookmark, biso, dash_sso, saas, self_hosted, ssh, vnc, warp, infrastructure. Defaults to self_hosted.
    zone_id str
    The zone identifier to target for the resource. Conflicts with account_id.
    accountId String
    The account identifier to target for the resource. Conflicts with zone_id.
    allowAuthenticateViaWarp Boolean
    When set to true, users can authenticate to this application using their WARP session. When set to false this application will always require direct IdP authentication. This setting always overrides the organization setting for WARP authentication.
    allowedIdps List<String>
    The identity providers selected for the application.
    appLauncherLogoUrl String
    The logo URL of the app launcher.
    appLauncherVisible Boolean
    Option to show/hide applications in App Launcher. Defaults to true.
    autoRedirectToIdentity Boolean
    Option to skip identity provider selection if only one is configured in allowed_idps. Defaults to false.
    bgColor String
    The background color of the app launcher.
    corsHeaders List<Property Map>
    CORS configuration for the Access Application. See below for reference structure.
    customDenyMessage String
    Option that returns a custom error message when a user is denied access to the application.
    customDenyUrl String
    Option that redirects to a custom URL when a user is denied access to the application via identity based rules.
    customNonIdentityDenyUrl String
    Option that redirects to a custom URL when a user is denied access to the application via non identity rules.
    customPages List<String>
    The custom pages selected for the application.
    domain String
    The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed.
    enableBindingCookie Boolean
    Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to false.
    footerLinks List<Property Map>
    The footer links of the app launcher.
    headerBgColor String
    The background color of the header bar in the app launcher.
    httpOnlyCookieAttribute Boolean
    Option to add the HttpOnly cookie flag to access tokens.
    landingPageDesign Property Map
    The landing page design of the app launcher.
    logoUrl String
    Image URL for the logo shown in the app launcher dashboard.
    name String
    Friendly name of the Access Application.
    optionsPreflightBypass Boolean
    Allows options preflight requests to bypass Access authentication and go directly to the origin. Cannot turn on if cors_headers is set. Defaults to false.
    policies List<String>
    The policies associated with the application, in ascending order of precedence. Warning: Do not use this field while you still have this application ID referenced as application_id in any cloudflare.AccessPolicy resource, as it can result in an inconsistent state.
    saasApp Property Map
    SaaS configuration for the Access Application.
    sameSiteCookieAttribute String
    Defines the same-site cookie setting for access tokens. Available values: none, lax, strict.
    scimConfig Property Map
    Configuration for provisioning to this application via SCIM. This is currently in closed beta.
    selfHostedDomains List<String>
    List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as domain.
    serviceAuth401Redirect Boolean
    Option to return a 401 status code in service authentication rules on failed requests. Defaults to false.
    sessionDuration String
    How often a user will be forced to re-authorise. Must be in the format 48h or 2h45m. Defaults to 24h.
    skipAppLauncherLoginPage Boolean
    Option to skip the App Launcher landing page. Defaults to false.
    skipInterstitial Boolean
    Option to skip the authorization interstitial when using the CLI. Defaults to false.
    tags List<String>
    The itags associated with the application.
    targetCriterias List<Property Map>
    The payload for an infrastructure application which defines the port, protocol, and target attributes. Only applicable to Infrastructure Applications, in which case this field is required.
    type String
    The application type. Available values: app_launcher, bookmark, biso, dash_sso, saas, self_hosted, ssh, vnc, warp, infrastructure. Defaults to self_hosted.
    zoneId String
    The zone identifier to target for the resource. Conflicts with account_id.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the ZeroTrustAccessApplication resource produces the following output properties:

    Aud string
    Application Audience (AUD) Tag of the application.
    Id string
    The provider-assigned unique ID for this managed resource.
    Aud string
    Application Audience (AUD) Tag of the application.
    Id string
    The provider-assigned unique ID for this managed resource.
    aud String
    Application Audience (AUD) Tag of the application.
    id String
    The provider-assigned unique ID for this managed resource.
    aud string
    Application Audience (AUD) Tag of the application.
    id string
    The provider-assigned unique ID for this managed resource.
    aud str
    Application Audience (AUD) Tag of the application.
    id str
    The provider-assigned unique ID for this managed resource.
    aud String
    Application Audience (AUD) Tag of the application.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing ZeroTrustAccessApplication Resource

    Get an existing ZeroTrustAccessApplication resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: ZeroTrustAccessApplicationState, opts?: CustomResourceOptions): ZeroTrustAccessApplication
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            account_id: Optional[str] = None,
            allow_authenticate_via_warp: Optional[bool] = None,
            allowed_idps: Optional[Sequence[str]] = None,
            app_launcher_logo_url: Optional[str] = None,
            app_launcher_visible: Optional[bool] = None,
            aud: Optional[str] = None,
            auto_redirect_to_identity: Optional[bool] = None,
            bg_color: Optional[str] = None,
            cors_headers: Optional[Sequence[ZeroTrustAccessApplicationCorsHeaderArgs]] = None,
            custom_deny_message: Optional[str] = None,
            custom_deny_url: Optional[str] = None,
            custom_non_identity_deny_url: Optional[str] = None,
            custom_pages: Optional[Sequence[str]] = None,
            domain: Optional[str] = None,
            enable_binding_cookie: Optional[bool] = None,
            footer_links: Optional[Sequence[ZeroTrustAccessApplicationFooterLinkArgs]] = None,
            header_bg_color: Optional[str] = None,
            http_only_cookie_attribute: Optional[bool] = None,
            landing_page_design: Optional[ZeroTrustAccessApplicationLandingPageDesignArgs] = None,
            logo_url: Optional[str] = None,
            name: Optional[str] = None,
            options_preflight_bypass: Optional[bool] = None,
            policies: Optional[Sequence[str]] = None,
            saas_app: Optional[ZeroTrustAccessApplicationSaasAppArgs] = None,
            same_site_cookie_attribute: Optional[str] = None,
            scim_config: Optional[ZeroTrustAccessApplicationScimConfigArgs] = None,
            self_hosted_domains: Optional[Sequence[str]] = None,
            service_auth401_redirect: Optional[bool] = None,
            session_duration: Optional[str] = None,
            skip_app_launcher_login_page: Optional[bool] = None,
            skip_interstitial: Optional[bool] = None,
            tags: Optional[Sequence[str]] = None,
            target_criterias: Optional[Sequence[ZeroTrustAccessApplicationTargetCriteriaArgs]] = None,
            type: Optional[str] = None,
            zone_id: Optional[str] = None) -> ZeroTrustAccessApplication
    func GetZeroTrustAccessApplication(ctx *Context, name string, id IDInput, state *ZeroTrustAccessApplicationState, opts ...ResourceOption) (*ZeroTrustAccessApplication, error)
    public static ZeroTrustAccessApplication Get(string name, Input<string> id, ZeroTrustAccessApplicationState? state, CustomResourceOptions? opts = null)
    public static ZeroTrustAccessApplication get(String name, Output<String> id, ZeroTrustAccessApplicationState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AccountId string
    The account identifier to target for the resource. Conflicts with zone_id.
    AllowAuthenticateViaWarp bool
    When set to true, users can authenticate to this application using their WARP session. When set to false this application will always require direct IdP authentication. This setting always overrides the organization setting for WARP authentication.
    AllowedIdps List<string>
    The identity providers selected for the application.
    AppLauncherLogoUrl string
    The logo URL of the app launcher.
    AppLauncherVisible bool
    Option to show/hide applications in App Launcher. Defaults to true.
    Aud string
    Application Audience (AUD) Tag of the application.
    AutoRedirectToIdentity bool
    Option to skip identity provider selection if only one is configured in allowed_idps. Defaults to false.
    BgColor string
    The background color of the app launcher.
    CorsHeaders List<ZeroTrustAccessApplicationCorsHeader>
    CORS configuration for the Access Application. See below for reference structure.
    CustomDenyMessage string
    Option that returns a custom error message when a user is denied access to the application.
    CustomDenyUrl string
    Option that redirects to a custom URL when a user is denied access to the application via identity based rules.
    CustomNonIdentityDenyUrl string
    Option that redirects to a custom URL when a user is denied access to the application via non identity rules.
    CustomPages List<string>
    The custom pages selected for the application.
    Domain string
    The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed.
    EnableBindingCookie bool
    Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to false.
    FooterLinks List<ZeroTrustAccessApplicationFooterLink>
    The footer links of the app launcher.
    HeaderBgColor string
    The background color of the header bar in the app launcher.
    HttpOnlyCookieAttribute bool
    Option to add the HttpOnly cookie flag to access tokens.
    LandingPageDesign ZeroTrustAccessApplicationLandingPageDesign
    The landing page design of the app launcher.
    LogoUrl string
    Image URL for the logo shown in the app launcher dashboard.
    Name string
    Friendly name of the Access Application.
    OptionsPreflightBypass bool
    Allows options preflight requests to bypass Access authentication and go directly to the origin. Cannot turn on if cors_headers is set. Defaults to false.
    Policies List<string>
    The policies associated with the application, in ascending order of precedence. Warning: Do not use this field while you still have this application ID referenced as application_id in any cloudflare.AccessPolicy resource, as it can result in an inconsistent state.
    SaasApp ZeroTrustAccessApplicationSaasApp
    SaaS configuration for the Access Application.
    SameSiteCookieAttribute string
    Defines the same-site cookie setting for access tokens. Available values: none, lax, strict.
    ScimConfig ZeroTrustAccessApplicationScimConfig
    Configuration for provisioning to this application via SCIM. This is currently in closed beta.
    SelfHostedDomains List<string>
    List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as domain.
    ServiceAuth401Redirect bool
    Option to return a 401 status code in service authentication rules on failed requests. Defaults to false.
    SessionDuration string
    How often a user will be forced to re-authorise. Must be in the format 48h or 2h45m. Defaults to 24h.
    SkipAppLauncherLoginPage bool
    Option to skip the App Launcher landing page. Defaults to false.
    SkipInterstitial bool
    Option to skip the authorization interstitial when using the CLI. Defaults to false.
    Tags List<string>
    The itags associated with the application.
    TargetCriterias List<ZeroTrustAccessApplicationTargetCriteria>
    The payload for an infrastructure application which defines the port, protocol, and target attributes. Only applicable to Infrastructure Applications, in which case this field is required.
    Type string
    The application type. Available values: app_launcher, bookmark, biso, dash_sso, saas, self_hosted, ssh, vnc, warp, infrastructure. Defaults to self_hosted.
    ZoneId string
    The zone identifier to target for the resource. Conflicts with account_id.
    AccountId string
    The account identifier to target for the resource. Conflicts with zone_id.
    AllowAuthenticateViaWarp bool
    When set to true, users can authenticate to this application using their WARP session. When set to false this application will always require direct IdP authentication. This setting always overrides the organization setting for WARP authentication.
    AllowedIdps []string
    The identity providers selected for the application.
    AppLauncherLogoUrl string
    The logo URL of the app launcher.
    AppLauncherVisible bool
    Option to show/hide applications in App Launcher. Defaults to true.
    Aud string
    Application Audience (AUD) Tag of the application.
    AutoRedirectToIdentity bool
    Option to skip identity provider selection if only one is configured in allowed_idps. Defaults to false.
    BgColor string
    The background color of the app launcher.
    CorsHeaders []ZeroTrustAccessApplicationCorsHeaderArgs
    CORS configuration for the Access Application. See below for reference structure.
    CustomDenyMessage string
    Option that returns a custom error message when a user is denied access to the application.
    CustomDenyUrl string
    Option that redirects to a custom URL when a user is denied access to the application via identity based rules.
    CustomNonIdentityDenyUrl string
    Option that redirects to a custom URL when a user is denied access to the application via non identity rules.
    CustomPages []string
    The custom pages selected for the application.
    Domain string
    The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed.
    EnableBindingCookie bool
    Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to false.
    FooterLinks []ZeroTrustAccessApplicationFooterLinkArgs
    The footer links of the app launcher.
    HeaderBgColor string
    The background color of the header bar in the app launcher.
    HttpOnlyCookieAttribute bool
    Option to add the HttpOnly cookie flag to access tokens.
    LandingPageDesign ZeroTrustAccessApplicationLandingPageDesignArgs
    The landing page design of the app launcher.
    LogoUrl string
    Image URL for the logo shown in the app launcher dashboard.
    Name string
    Friendly name of the Access Application.
    OptionsPreflightBypass bool
    Allows options preflight requests to bypass Access authentication and go directly to the origin. Cannot turn on if cors_headers is set. Defaults to false.
    Policies []string
    The policies associated with the application, in ascending order of precedence. Warning: Do not use this field while you still have this application ID referenced as application_id in any cloudflare.AccessPolicy resource, as it can result in an inconsistent state.
    SaasApp ZeroTrustAccessApplicationSaasAppArgs
    SaaS configuration for the Access Application.
    SameSiteCookieAttribute string
    Defines the same-site cookie setting for access tokens. Available values: none, lax, strict.
    ScimConfig ZeroTrustAccessApplicationScimConfigArgs
    Configuration for provisioning to this application via SCIM. This is currently in closed beta.
    SelfHostedDomains []string
    List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as domain.
    ServiceAuth401Redirect bool
    Option to return a 401 status code in service authentication rules on failed requests. Defaults to false.
    SessionDuration string
    How often a user will be forced to re-authorise. Must be in the format 48h or 2h45m. Defaults to 24h.
    SkipAppLauncherLoginPage bool
    Option to skip the App Launcher landing page. Defaults to false.
    SkipInterstitial bool
    Option to skip the authorization interstitial when using the CLI. Defaults to false.
    Tags []string
    The itags associated with the application.
    TargetCriterias []ZeroTrustAccessApplicationTargetCriteriaArgs
    The payload for an infrastructure application which defines the port, protocol, and target attributes. Only applicable to Infrastructure Applications, in which case this field is required.
    Type string
    The application type. Available values: app_launcher, bookmark, biso, dash_sso, saas, self_hosted, ssh, vnc, warp, infrastructure. Defaults to self_hosted.
    ZoneId string
    The zone identifier to target for the resource. Conflicts with account_id.
    accountId String
    The account identifier to target for the resource. Conflicts with zone_id.
    allowAuthenticateViaWarp Boolean
    When set to true, users can authenticate to this application using their WARP session. When set to false this application will always require direct IdP authentication. This setting always overrides the organization setting for WARP authentication.
    allowedIdps List<String>
    The identity providers selected for the application.
    appLauncherLogoUrl String
    The logo URL of the app launcher.
    appLauncherVisible Boolean
    Option to show/hide applications in App Launcher. Defaults to true.
    aud String
    Application Audience (AUD) Tag of the application.
    autoRedirectToIdentity Boolean
    Option to skip identity provider selection if only one is configured in allowed_idps. Defaults to false.
    bgColor String
    The background color of the app launcher.
    corsHeaders List<ZeroTrustAccessApplicationCorsHeader>
    CORS configuration for the Access Application. See below for reference structure.
    customDenyMessage String
    Option that returns a custom error message when a user is denied access to the application.
    customDenyUrl String
    Option that redirects to a custom URL when a user is denied access to the application via identity based rules.
    customNonIdentityDenyUrl String
    Option that redirects to a custom URL when a user is denied access to the application via non identity rules.
    customPages List<String>
    The custom pages selected for the application.
    domain String
    The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed.
    enableBindingCookie Boolean
    Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to false.
    footerLinks List<ZeroTrustAccessApplicationFooterLink>
    The footer links of the app launcher.
    headerBgColor String
    The background color of the header bar in the app launcher.
    httpOnlyCookieAttribute Boolean
    Option to add the HttpOnly cookie flag to access tokens.
    landingPageDesign ZeroTrustAccessApplicationLandingPageDesign
    The landing page design of the app launcher.
    logoUrl String
    Image URL for the logo shown in the app launcher dashboard.
    name String
    Friendly name of the Access Application.
    optionsPreflightBypass Boolean
    Allows options preflight requests to bypass Access authentication and go directly to the origin. Cannot turn on if cors_headers is set. Defaults to false.
    policies List<String>
    The policies associated with the application, in ascending order of precedence. Warning: Do not use this field while you still have this application ID referenced as application_id in any cloudflare.AccessPolicy resource, as it can result in an inconsistent state.
    saasApp ZeroTrustAccessApplicationSaasApp
    SaaS configuration for the Access Application.
    sameSiteCookieAttribute String
    Defines the same-site cookie setting for access tokens. Available values: none, lax, strict.
    scimConfig ZeroTrustAccessApplicationScimConfig
    Configuration for provisioning to this application via SCIM. This is currently in closed beta.
    selfHostedDomains List<String>
    List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as domain.
    serviceAuth401Redirect Boolean
    Option to return a 401 status code in service authentication rules on failed requests. Defaults to false.
    sessionDuration String
    How often a user will be forced to re-authorise. Must be in the format 48h or 2h45m. Defaults to 24h.
    skipAppLauncherLoginPage Boolean
    Option to skip the App Launcher landing page. Defaults to false.
    skipInterstitial Boolean
    Option to skip the authorization interstitial when using the CLI. Defaults to false.
    tags List<String>
    The itags associated with the application.
    targetCriterias List<ZeroTrustAccessApplicationTargetCriteria>
    The payload for an infrastructure application which defines the port, protocol, and target attributes. Only applicable to Infrastructure Applications, in which case this field is required.
    type String
    The application type. Available values: app_launcher, bookmark, biso, dash_sso, saas, self_hosted, ssh, vnc, warp, infrastructure. Defaults to self_hosted.
    zoneId String
    The zone identifier to target for the resource. Conflicts with account_id.
    accountId string
    The account identifier to target for the resource. Conflicts with zone_id.
    allowAuthenticateViaWarp boolean
    When set to true, users can authenticate to this application using their WARP session. When set to false this application will always require direct IdP authentication. This setting always overrides the organization setting for WARP authentication.
    allowedIdps string[]
    The identity providers selected for the application.
    appLauncherLogoUrl string
    The logo URL of the app launcher.
    appLauncherVisible boolean
    Option to show/hide applications in App Launcher. Defaults to true.
    aud string
    Application Audience (AUD) Tag of the application.
    autoRedirectToIdentity boolean
    Option to skip identity provider selection if only one is configured in allowed_idps. Defaults to false.
    bgColor string
    The background color of the app launcher.
    corsHeaders ZeroTrustAccessApplicationCorsHeader[]
    CORS configuration for the Access Application. See below for reference structure.
    customDenyMessage string
    Option that returns a custom error message when a user is denied access to the application.
    customDenyUrl string
    Option that redirects to a custom URL when a user is denied access to the application via identity based rules.
    customNonIdentityDenyUrl string
    Option that redirects to a custom URL when a user is denied access to the application via non identity rules.
    customPages string[]
    The custom pages selected for the application.
    domain string
    The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed.
    enableBindingCookie boolean
    Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to false.
    footerLinks ZeroTrustAccessApplicationFooterLink[]
    The footer links of the app launcher.
    headerBgColor string
    The background color of the header bar in the app launcher.
    httpOnlyCookieAttribute boolean
    Option to add the HttpOnly cookie flag to access tokens.
    landingPageDesign ZeroTrustAccessApplicationLandingPageDesign
    The landing page design of the app launcher.
    logoUrl string
    Image URL for the logo shown in the app launcher dashboard.
    name string
    Friendly name of the Access Application.
    optionsPreflightBypass boolean
    Allows options preflight requests to bypass Access authentication and go directly to the origin. Cannot turn on if cors_headers is set. Defaults to false.
    policies string[]
    The policies associated with the application, in ascending order of precedence. Warning: Do not use this field while you still have this application ID referenced as application_id in any cloudflare.AccessPolicy resource, as it can result in an inconsistent state.
    saasApp ZeroTrustAccessApplicationSaasApp
    SaaS configuration for the Access Application.
    sameSiteCookieAttribute string
    Defines the same-site cookie setting for access tokens. Available values: none, lax, strict.
    scimConfig ZeroTrustAccessApplicationScimConfig
    Configuration for provisioning to this application via SCIM. This is currently in closed beta.
    selfHostedDomains string[]
    List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as domain.
    serviceAuth401Redirect boolean
    Option to return a 401 status code in service authentication rules on failed requests. Defaults to false.
    sessionDuration string
    How often a user will be forced to re-authorise. Must be in the format 48h or 2h45m. Defaults to 24h.
    skipAppLauncherLoginPage boolean
    Option to skip the App Launcher landing page. Defaults to false.
    skipInterstitial boolean
    Option to skip the authorization interstitial when using the CLI. Defaults to false.
    tags string[]
    The itags associated with the application.
    targetCriterias ZeroTrustAccessApplicationTargetCriteria[]
    The payload for an infrastructure application which defines the port, protocol, and target attributes. Only applicable to Infrastructure Applications, in which case this field is required.
    type string
    The application type. Available values: app_launcher, bookmark, biso, dash_sso, saas, self_hosted, ssh, vnc, warp, infrastructure. Defaults to self_hosted.
    zoneId string
    The zone identifier to target for the resource. Conflicts with account_id.
    account_id str
    The account identifier to target for the resource. Conflicts with zone_id.
    allow_authenticate_via_warp bool
    When set to true, users can authenticate to this application using their WARP session. When set to false this application will always require direct IdP authentication. This setting always overrides the organization setting for WARP authentication.
    allowed_idps Sequence[str]
    The identity providers selected for the application.
    app_launcher_logo_url str
    The logo URL of the app launcher.
    app_launcher_visible bool
    Option to show/hide applications in App Launcher. Defaults to true.
    aud str
    Application Audience (AUD) Tag of the application.
    auto_redirect_to_identity bool
    Option to skip identity provider selection if only one is configured in allowed_idps. Defaults to false.
    bg_color str
    The background color of the app launcher.
    cors_headers Sequence[ZeroTrustAccessApplicationCorsHeaderArgs]
    CORS configuration for the Access Application. See below for reference structure.
    custom_deny_message str
    Option that returns a custom error message when a user is denied access to the application.
    custom_deny_url str
    Option that redirects to a custom URL when a user is denied access to the application via identity based rules.
    custom_non_identity_deny_url str
    Option that redirects to a custom URL when a user is denied access to the application via non identity rules.
    custom_pages Sequence[str]
    The custom pages selected for the application.
    domain str
    The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed.
    enable_binding_cookie bool
    Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to false.
    footer_links Sequence[ZeroTrustAccessApplicationFooterLinkArgs]
    The footer links of the app launcher.
    header_bg_color str
    The background color of the header bar in the app launcher.
    http_only_cookie_attribute bool
    Option to add the HttpOnly cookie flag to access tokens.
    landing_page_design ZeroTrustAccessApplicationLandingPageDesignArgs
    The landing page design of the app launcher.
    logo_url str
    Image URL for the logo shown in the app launcher dashboard.
    name str
    Friendly name of the Access Application.
    options_preflight_bypass bool
    Allows options preflight requests to bypass Access authentication and go directly to the origin. Cannot turn on if cors_headers is set. Defaults to false.
    policies Sequence[str]
    The policies associated with the application, in ascending order of precedence. Warning: Do not use this field while you still have this application ID referenced as application_id in any cloudflare.AccessPolicy resource, as it can result in an inconsistent state.
    saas_app ZeroTrustAccessApplicationSaasAppArgs
    SaaS configuration for the Access Application.
    same_site_cookie_attribute str
    Defines the same-site cookie setting for access tokens. Available values: none, lax, strict.
    scim_config ZeroTrustAccessApplicationScimConfigArgs
    Configuration for provisioning to this application via SCIM. This is currently in closed beta.
    self_hosted_domains Sequence[str]
    List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as domain.
    service_auth401_redirect bool
    Option to return a 401 status code in service authentication rules on failed requests. Defaults to false.
    session_duration str
    How often a user will be forced to re-authorise. Must be in the format 48h or 2h45m. Defaults to 24h.
    skip_app_launcher_login_page bool
    Option to skip the App Launcher landing page. Defaults to false.
    skip_interstitial bool
    Option to skip the authorization interstitial when using the CLI. Defaults to false.
    tags Sequence[str]
    The itags associated with the application.
    target_criterias Sequence[ZeroTrustAccessApplicationTargetCriteriaArgs]
    The payload for an infrastructure application which defines the port, protocol, and target attributes. Only applicable to Infrastructure Applications, in which case this field is required.
    type str
    The application type. Available values: app_launcher, bookmark, biso, dash_sso, saas, self_hosted, ssh, vnc, warp, infrastructure. Defaults to self_hosted.
    zone_id str
    The zone identifier to target for the resource. Conflicts with account_id.
    accountId String
    The account identifier to target for the resource. Conflicts with zone_id.
    allowAuthenticateViaWarp Boolean
    When set to true, users can authenticate to this application using their WARP session. When set to false this application will always require direct IdP authentication. This setting always overrides the organization setting for WARP authentication.
    allowedIdps List<String>
    The identity providers selected for the application.
    appLauncherLogoUrl String
    The logo URL of the app launcher.
    appLauncherVisible Boolean
    Option to show/hide applications in App Launcher. Defaults to true.
    aud String
    Application Audience (AUD) Tag of the application.
    autoRedirectToIdentity Boolean
    Option to skip identity provider selection if only one is configured in allowed_idps. Defaults to false.
    bgColor String
    The background color of the app launcher.
    corsHeaders List<Property Map>
    CORS configuration for the Access Application. See below for reference structure.
    customDenyMessage String
    Option that returns a custom error message when a user is denied access to the application.
    customDenyUrl String
    Option that redirects to a custom URL when a user is denied access to the application via identity based rules.
    customNonIdentityDenyUrl String
    Option that redirects to a custom URL when a user is denied access to the application via non identity rules.
    customPages List<String>
    The custom pages selected for the application.
    domain String
    The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed.
    enableBindingCookie Boolean
    Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to false.
    footerLinks List<Property Map>
    The footer links of the app launcher.
    headerBgColor String
    The background color of the header bar in the app launcher.
    httpOnlyCookieAttribute Boolean
    Option to add the HttpOnly cookie flag to access tokens.
    landingPageDesign Property Map
    The landing page design of the app launcher.
    logoUrl String
    Image URL for the logo shown in the app launcher dashboard.
    name String
    Friendly name of the Access Application.
    optionsPreflightBypass Boolean
    Allows options preflight requests to bypass Access authentication and go directly to the origin. Cannot turn on if cors_headers is set. Defaults to false.
    policies List<String>
    The policies associated with the application, in ascending order of precedence. Warning: Do not use this field while you still have this application ID referenced as application_id in any cloudflare.AccessPolicy resource, as it can result in an inconsistent state.
    saasApp Property Map
    SaaS configuration for the Access Application.
    sameSiteCookieAttribute String
    Defines the same-site cookie setting for access tokens. Available values: none, lax, strict.
    scimConfig Property Map
    Configuration for provisioning to this application via SCIM. This is currently in closed beta.
    selfHostedDomains List<String>
    List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as domain.
    serviceAuth401Redirect Boolean
    Option to return a 401 status code in service authentication rules on failed requests. Defaults to false.
    sessionDuration String
    How often a user will be forced to re-authorise. Must be in the format 48h or 2h45m. Defaults to 24h.
    skipAppLauncherLoginPage Boolean
    Option to skip the App Launcher landing page. Defaults to false.
    skipInterstitial Boolean
    Option to skip the authorization interstitial when using the CLI. Defaults to false.
    tags List<String>
    The itags associated with the application.
    targetCriterias List<Property Map>
    The payload for an infrastructure application which defines the port, protocol, and target attributes. Only applicable to Infrastructure Applications, in which case this field is required.
    type String
    The application type. Available values: app_launcher, bookmark, biso, dash_sso, saas, self_hosted, ssh, vnc, warp, infrastructure. Defaults to self_hosted.
    zoneId String
    The zone identifier to target for the resource. Conflicts with account_id.

    Supporting Types

    ZeroTrustAccessApplicationCorsHeader, ZeroTrustAccessApplicationCorsHeaderArgs

    AllowAllHeaders bool
    Value to determine whether all HTTP headers are exposed.
    AllowAllMethods bool
    Value to determine whether all methods are exposed.
    AllowAllOrigins bool
    Value to determine whether all origins are permitted to make CORS requests.
    AllowCredentials bool
    Value to determine if credentials (cookies, authorization headers, or TLS client certificates) are included with requests.
    AllowedHeaders List<string>
    List of HTTP headers to expose via CORS.
    AllowedMethods List<string>
    List of methods to expose via CORS.
    AllowedOrigins List<string>
    List of origins permitted to make CORS requests.
    MaxAge int
    The maximum time a preflight request will be cached.
    AllowAllHeaders bool
    Value to determine whether all HTTP headers are exposed.
    AllowAllMethods bool
    Value to determine whether all methods are exposed.
    AllowAllOrigins bool
    Value to determine whether all origins are permitted to make CORS requests.
    AllowCredentials bool
    Value to determine if credentials (cookies, authorization headers, or TLS client certificates) are included with requests.
    AllowedHeaders []string
    List of HTTP headers to expose via CORS.
    AllowedMethods []string
    List of methods to expose via CORS.
    AllowedOrigins []string
    List of origins permitted to make CORS requests.
    MaxAge int
    The maximum time a preflight request will be cached.
    allowAllHeaders Boolean
    Value to determine whether all HTTP headers are exposed.
    allowAllMethods Boolean
    Value to determine whether all methods are exposed.
    allowAllOrigins Boolean
    Value to determine whether all origins are permitted to make CORS requests.
    allowCredentials Boolean
    Value to determine if credentials (cookies, authorization headers, or TLS client certificates) are included with requests.
    allowedHeaders List<String>
    List of HTTP headers to expose via CORS.
    allowedMethods List<String>
    List of methods to expose via CORS.
    allowedOrigins List<String>
    List of origins permitted to make CORS requests.
    maxAge Integer
    The maximum time a preflight request will be cached.
    allowAllHeaders boolean
    Value to determine whether all HTTP headers are exposed.
    allowAllMethods boolean
    Value to determine whether all methods are exposed.
    allowAllOrigins boolean
    Value to determine whether all origins are permitted to make CORS requests.
    allowCredentials boolean
    Value to determine if credentials (cookies, authorization headers, or TLS client certificates) are included with requests.
    allowedHeaders string[]
    List of HTTP headers to expose via CORS.
    allowedMethods string[]
    List of methods to expose via CORS.
    allowedOrigins string[]
    List of origins permitted to make CORS requests.
    maxAge number
    The maximum time a preflight request will be cached.
    allow_all_headers bool
    Value to determine whether all HTTP headers are exposed.
    allow_all_methods bool
    Value to determine whether all methods are exposed.
    allow_all_origins bool
    Value to determine whether all origins are permitted to make CORS requests.
    allow_credentials bool
    Value to determine if credentials (cookies, authorization headers, or TLS client certificates) are included with requests.
    allowed_headers Sequence[str]
    List of HTTP headers to expose via CORS.
    allowed_methods Sequence[str]
    List of methods to expose via CORS.
    allowed_origins Sequence[str]
    List of origins permitted to make CORS requests.
    max_age int
    The maximum time a preflight request will be cached.
    allowAllHeaders Boolean
    Value to determine whether all HTTP headers are exposed.
    allowAllMethods Boolean
    Value to determine whether all methods are exposed.
    allowAllOrigins Boolean
    Value to determine whether all origins are permitted to make CORS requests.
    allowCredentials Boolean
    Value to determine if credentials (cookies, authorization headers, or TLS client certificates) are included with requests.
    allowedHeaders List<String>
    List of HTTP headers to expose via CORS.
    allowedMethods List<String>
    List of methods to expose via CORS.
    allowedOrigins List<String>
    List of origins permitted to make CORS requests.
    maxAge Number
    The maximum time a preflight request will be cached.
    Name string
    The name of the footer link.
    Url string
    The URL of the footer link.
    Name string
    The name of the footer link.
    Url string
    The URL of the footer link.
    name String
    The name of the footer link.
    url String
    The URL of the footer link.
    name string
    The name of the footer link.
    url string
    The URL of the footer link.
    name str
    The name of the footer link.
    url str
    The URL of the footer link.
    name String
    The name of the footer link.
    url String
    The URL of the footer link.

    ZeroTrustAccessApplicationLandingPageDesign, ZeroTrustAccessApplicationLandingPageDesignArgs

    ButtonColor string
    The button color of the landing page.
    ButtonTextColor string
    The button text color of the landing page.
    ImageUrl string
    The URL of the image to be displayed in the landing page.
    Message string
    The message of the landing page.
    Title string
    The title of the landing page.
    ButtonColor string
    The button color of the landing page.
    ButtonTextColor string
    The button text color of the landing page.
    ImageUrl string
    The URL of the image to be displayed in the landing page.
    Message string
    The message of the landing page.
    Title string
    The title of the landing page.
    buttonColor String
    The button color of the landing page.
    buttonTextColor String
    The button text color of the landing page.
    imageUrl String
    The URL of the image to be displayed in the landing page.
    message String
    The message of the landing page.
    title String
    The title of the landing page.
    buttonColor string
    The button color of the landing page.
    buttonTextColor string
    The button text color of the landing page.
    imageUrl string
    The URL of the image to be displayed in the landing page.
    message string
    The message of the landing page.
    title string
    The title of the landing page.
    button_color str
    The button color of the landing page.
    button_text_color str
    The button text color of the landing page.
    image_url str
    The URL of the image to be displayed in the landing page.
    message str
    The message of the landing page.
    title str
    The title of the landing page.
    buttonColor String
    The button color of the landing page.
    buttonTextColor String
    The button text color of the landing page.
    imageUrl String
    The URL of the image to be displayed in the landing page.
    message String
    The message of the landing page.
    title String
    The title of the landing page.

    ZeroTrustAccessApplicationSaasApp, ZeroTrustAccessApplicationSaasAppArgs

    AccessTokenLifetime string
    The lifetime of the Access Token after creation. Valid units are m and h. Must be greater than or equal to 1m and less than or equal to 24h.
    AllowPkceWithoutClientSecret bool
    Allow PKCE flow without a client secret.
    AppLauncherUrl string
    The URL where this applications tile redirects users.
    AuthType string
    Modifying this attribute will force creation of a new resource.
    ClientId string
    The application client id.
    ClientSecret string
    The application client secret, only returned on initial apply.
    ConsumerServiceUrl string
    The service provider's endpoint that is responsible for receiving and parsing a SAML assertion.
    CustomAttributes List<ZeroTrustAccessApplicationSaasAppCustomAttribute>
    Custom attribute mapped from IDPs.
    CustomClaims List<ZeroTrustAccessApplicationSaasAppCustomClaim>
    Custom claim mapped from IDPs.
    DefaultRelayState string
    The relay state used if not provided by the identity provider.
    GrantTypes List<string>
    The OIDC flows supported by this application.
    GroupFilterRegex string
    A regex to filter Cloudflare groups returned in ID token and userinfo endpoint.
    HybridAndImplicitOptions ZeroTrustAccessApplicationSaasAppHybridAndImplicitOptions
    Hybrid and Implicit Flow options.
    IdpEntityId string
    The unique identifier for the SaaS application.
    NameIdFormat string
    The format of the name identifier sent to the SaaS application.
    NameIdTransformJsonata string
    A JSONata expression that transforms an application's user identities into a NameID value for its SAML assertion. This expression should evaluate to a singular string. The output of this expression can override the name_id_format setting.
    PublicKey string
    The public certificate that will be used to verify identities.
    RedirectUris List<string>
    The permitted URL's for Cloudflare to return Authorization codes and Access/ID tokens.
    RefreshTokenOptions List<ZeroTrustAccessApplicationSaasAppRefreshTokenOption>
    Refresh token grant options.
    SamlAttributeTransformJsonata string
    A JSONata expression that transforms an application's user identities into attribute assertions in the SAML response. The expression can transform id, email, name, and groups values. It can also transform fields listed in the samlattributes or oidcfields of the identity provider used to authenticate. The output of this expression must be a JSON object.
    Scopes List<string>
    Define the user information shared with access.
    SpEntityId string
    A globally unique name for an identity or service provider.
    SsoEndpoint string
    The endpoint where the SaaS application will send login requests.
    AccessTokenLifetime string
    The lifetime of the Access Token after creation. Valid units are m and h. Must be greater than or equal to 1m and less than or equal to 24h.
    AllowPkceWithoutClientSecret bool
    Allow PKCE flow without a client secret.
    AppLauncherUrl string
    The URL where this applications tile redirects users.
    AuthType string
    Modifying this attribute will force creation of a new resource.
    ClientId string
    The application client id.
    ClientSecret string
    The application client secret, only returned on initial apply.
    ConsumerServiceUrl string
    The service provider's endpoint that is responsible for receiving and parsing a SAML assertion.
    CustomAttributes []ZeroTrustAccessApplicationSaasAppCustomAttribute
    Custom attribute mapped from IDPs.
    CustomClaims []ZeroTrustAccessApplicationSaasAppCustomClaim
    Custom claim mapped from IDPs.
    DefaultRelayState string
    The relay state used if not provided by the identity provider.
    GrantTypes []string
    The OIDC flows supported by this application.
    GroupFilterRegex string
    A regex to filter Cloudflare groups returned in ID token and userinfo endpoint.
    HybridAndImplicitOptions ZeroTrustAccessApplicationSaasAppHybridAndImplicitOptions
    Hybrid and Implicit Flow options.
    IdpEntityId string
    The unique identifier for the SaaS application.
    NameIdFormat string
    The format of the name identifier sent to the SaaS application.
    NameIdTransformJsonata string
    A JSONata expression that transforms an application's user identities into a NameID value for its SAML assertion. This expression should evaluate to a singular string. The output of this expression can override the name_id_format setting.
    PublicKey string
    The public certificate that will be used to verify identities.
    RedirectUris []string
    The permitted URL's for Cloudflare to return Authorization codes and Access/ID tokens.
    RefreshTokenOptions []ZeroTrustAccessApplicationSaasAppRefreshTokenOption
    Refresh token grant options.
    SamlAttributeTransformJsonata string
    A JSONata expression that transforms an application's user identities into attribute assertions in the SAML response. The expression can transform id, email, name, and groups values. It can also transform fields listed in the samlattributes or oidcfields of the identity provider used to authenticate. The output of this expression must be a JSON object.
    Scopes []string
    Define the user information shared with access.
    SpEntityId string
    A globally unique name for an identity or service provider.
    SsoEndpoint string
    The endpoint where the SaaS application will send login requests.
    accessTokenLifetime String
    The lifetime of the Access Token after creation. Valid units are m and h. Must be greater than or equal to 1m and less than or equal to 24h.
    allowPkceWithoutClientSecret Boolean
    Allow PKCE flow without a client secret.
    appLauncherUrl String
    The URL where this applications tile redirects users.
    authType String
    Modifying this attribute will force creation of a new resource.
    clientId String
    The application client id.
    clientSecret String
    The application client secret, only returned on initial apply.
    consumerServiceUrl String
    The service provider's endpoint that is responsible for receiving and parsing a SAML assertion.
    customAttributes List<ZeroTrustAccessApplicationSaasAppCustomAttribute>
    Custom attribute mapped from IDPs.
    customClaims List<ZeroTrustAccessApplicationSaasAppCustomClaim>
    Custom claim mapped from IDPs.
    defaultRelayState String
    The relay state used if not provided by the identity provider.
    grantTypes List<String>
    The OIDC flows supported by this application.
    groupFilterRegex String
    A regex to filter Cloudflare groups returned in ID token and userinfo endpoint.
    hybridAndImplicitOptions ZeroTrustAccessApplicationSaasAppHybridAndImplicitOptions
    Hybrid and Implicit Flow options.
    idpEntityId String
    The unique identifier for the SaaS application.
    nameIdFormat String
    The format of the name identifier sent to the SaaS application.
    nameIdTransformJsonata String
    A JSONata expression that transforms an application's user identities into a NameID value for its SAML assertion. This expression should evaluate to a singular string. The output of this expression can override the name_id_format setting.
    publicKey String
    The public certificate that will be used to verify identities.
    redirectUris List<String>
    The permitted URL's for Cloudflare to return Authorization codes and Access/ID tokens.
    refreshTokenOptions List<ZeroTrustAccessApplicationSaasAppRefreshTokenOption>
    Refresh token grant options.
    samlAttributeTransformJsonata String
    A JSONata expression that transforms an application's user identities into attribute assertions in the SAML response. The expression can transform id, email, name, and groups values. It can also transform fields listed in the samlattributes or oidcfields of the identity provider used to authenticate. The output of this expression must be a JSON object.
    scopes List<String>
    Define the user information shared with access.
    spEntityId String
    A globally unique name for an identity or service provider.
    ssoEndpoint String
    The endpoint where the SaaS application will send login requests.
    accessTokenLifetime string
    The lifetime of the Access Token after creation. Valid units are m and h. Must be greater than or equal to 1m and less than or equal to 24h.
    allowPkceWithoutClientSecret boolean
    Allow PKCE flow without a client secret.
    appLauncherUrl string
    The URL where this applications tile redirects users.
    authType string
    Modifying this attribute will force creation of a new resource.
    clientId string
    The application client id.
    clientSecret string
    The application client secret, only returned on initial apply.
    consumerServiceUrl string
    The service provider's endpoint that is responsible for receiving and parsing a SAML assertion.
    customAttributes ZeroTrustAccessApplicationSaasAppCustomAttribute[]
    Custom attribute mapped from IDPs.
    customClaims ZeroTrustAccessApplicationSaasAppCustomClaim[]
    Custom claim mapped from IDPs.
    defaultRelayState string
    The relay state used if not provided by the identity provider.
    grantTypes string[]
    The OIDC flows supported by this application.
    groupFilterRegex string
    A regex to filter Cloudflare groups returned in ID token and userinfo endpoint.
    hybridAndImplicitOptions ZeroTrustAccessApplicationSaasAppHybridAndImplicitOptions
    Hybrid and Implicit Flow options.
    idpEntityId string
    The unique identifier for the SaaS application.
    nameIdFormat string
    The format of the name identifier sent to the SaaS application.
    nameIdTransformJsonata string
    A JSONata expression that transforms an application's user identities into a NameID value for its SAML assertion. This expression should evaluate to a singular string. The output of this expression can override the name_id_format setting.
    publicKey string
    The public certificate that will be used to verify identities.
    redirectUris string[]
    The permitted URL's for Cloudflare to return Authorization codes and Access/ID tokens.
    refreshTokenOptions ZeroTrustAccessApplicationSaasAppRefreshTokenOption[]
    Refresh token grant options.
    samlAttributeTransformJsonata string
    A JSONata expression that transforms an application's user identities into attribute assertions in the SAML response. The expression can transform id, email, name, and groups values. It can also transform fields listed in the samlattributes or oidcfields of the identity provider used to authenticate. The output of this expression must be a JSON object.
    scopes string[]
    Define the user information shared with access.
    spEntityId string
    A globally unique name for an identity or service provider.
    ssoEndpoint string
    The endpoint where the SaaS application will send login requests.
    access_token_lifetime str
    The lifetime of the Access Token after creation. Valid units are m and h. Must be greater than or equal to 1m and less than or equal to 24h.
    allow_pkce_without_client_secret bool
    Allow PKCE flow without a client secret.
    app_launcher_url str
    The URL where this applications tile redirects users.
    auth_type str
    Modifying this attribute will force creation of a new resource.
    client_id str
    The application client id.
    client_secret str
    The application client secret, only returned on initial apply.
    consumer_service_url str
    The service provider's endpoint that is responsible for receiving and parsing a SAML assertion.
    custom_attributes Sequence[ZeroTrustAccessApplicationSaasAppCustomAttribute]
    Custom attribute mapped from IDPs.
    custom_claims Sequence[ZeroTrustAccessApplicationSaasAppCustomClaim]
    Custom claim mapped from IDPs.
    default_relay_state str
    The relay state used if not provided by the identity provider.
    grant_types Sequence[str]
    The OIDC flows supported by this application.
    group_filter_regex str
    A regex to filter Cloudflare groups returned in ID token and userinfo endpoint.
    hybrid_and_implicit_options ZeroTrustAccessApplicationSaasAppHybridAndImplicitOptions
    Hybrid and Implicit Flow options.
    idp_entity_id str
    The unique identifier for the SaaS application.
    name_id_format str
    The format of the name identifier sent to the SaaS application.
    name_id_transform_jsonata str
    A JSONata expression that transforms an application's user identities into a NameID value for its SAML assertion. This expression should evaluate to a singular string. The output of this expression can override the name_id_format setting.
    public_key str
    The public certificate that will be used to verify identities.
    redirect_uris Sequence[str]
    The permitted URL's for Cloudflare to return Authorization codes and Access/ID tokens.
    refresh_token_options Sequence[ZeroTrustAccessApplicationSaasAppRefreshTokenOption]
    Refresh token grant options.
    saml_attribute_transform_jsonata str
    A JSONata expression that transforms an application's user identities into attribute assertions in the SAML response. The expression can transform id, email, name, and groups values. It can also transform fields listed in the samlattributes or oidcfields of the identity provider used to authenticate. The output of this expression must be a JSON object.
    scopes Sequence[str]
    Define the user information shared with access.
    sp_entity_id str
    A globally unique name for an identity or service provider.
    sso_endpoint str
    The endpoint where the SaaS application will send login requests.
    accessTokenLifetime String
    The lifetime of the Access Token after creation. Valid units are m and h. Must be greater than or equal to 1m and less than or equal to 24h.
    allowPkceWithoutClientSecret Boolean
    Allow PKCE flow without a client secret.
    appLauncherUrl String
    The URL where this applications tile redirects users.
    authType String
    Modifying this attribute will force creation of a new resource.
    clientId String
    The application client id.
    clientSecret String
    The application client secret, only returned on initial apply.
    consumerServiceUrl String
    The service provider's endpoint that is responsible for receiving and parsing a SAML assertion.
    customAttributes List<Property Map>
    Custom attribute mapped from IDPs.
    customClaims List<Property Map>
    Custom claim mapped from IDPs.
    defaultRelayState String
    The relay state used if not provided by the identity provider.
    grantTypes List<String>
    The OIDC flows supported by this application.
    groupFilterRegex String
    A regex to filter Cloudflare groups returned in ID token and userinfo endpoint.
    hybridAndImplicitOptions Property Map
    Hybrid and Implicit Flow options.
    idpEntityId String
    The unique identifier for the SaaS application.
    nameIdFormat String
    The format of the name identifier sent to the SaaS application.
    nameIdTransformJsonata String
    A JSONata expression that transforms an application's user identities into a NameID value for its SAML assertion. This expression should evaluate to a singular string. The output of this expression can override the name_id_format setting.
    publicKey String
    The public certificate that will be used to verify identities.
    redirectUris List<String>
    The permitted URL's for Cloudflare to return Authorization codes and Access/ID tokens.
    refreshTokenOptions List<Property Map>
    Refresh token grant options.
    samlAttributeTransformJsonata String
    A JSONata expression that transforms an application's user identities into attribute assertions in the SAML response. The expression can transform id, email, name, and groups values. It can also transform fields listed in the samlattributes or oidcfields of the identity provider used to authenticate. The output of this expression must be a JSON object.
    scopes List<String>
    Define the user information shared with access.
    spEntityId String
    A globally unique name for an identity or service provider.
    ssoEndpoint String
    The endpoint where the SaaS application will send login requests.

    ZeroTrustAccessApplicationSaasAppCustomAttribute, ZeroTrustAccessApplicationSaasAppCustomAttributeArgs

    Source ZeroTrustAccessApplicationSaasAppCustomAttributeSource
    FriendlyName string
    A friendly name for the attribute as provided to the SaaS app.
    Name string
    The name of the attribute as provided to the SaaS app.
    NameFormat string
    A globally unique name for an identity or service provider.
    Required bool
    True if the attribute must be always present.
    Source ZeroTrustAccessApplicationSaasAppCustomAttributeSource
    FriendlyName string
    A friendly name for the attribute as provided to the SaaS app.
    Name string
    The name of the attribute as provided to the SaaS app.
    NameFormat string
    A globally unique name for an identity or service provider.
    Required bool
    True if the attribute must be always present.
    source ZeroTrustAccessApplicationSaasAppCustomAttributeSource
    friendlyName String
    A friendly name for the attribute as provided to the SaaS app.
    name String
    The name of the attribute as provided to the SaaS app.
    nameFormat String
    A globally unique name for an identity or service provider.
    required Boolean
    True if the attribute must be always present.
    source ZeroTrustAccessApplicationSaasAppCustomAttributeSource
    friendlyName string
    A friendly name for the attribute as provided to the SaaS app.
    name string
    The name of the attribute as provided to the SaaS app.
    nameFormat string
    A globally unique name for an identity or service provider.
    required boolean
    True if the attribute must be always present.
    source ZeroTrustAccessApplicationSaasAppCustomAttributeSource
    friendly_name str
    A friendly name for the attribute as provided to the SaaS app.
    name str
    The name of the attribute as provided to the SaaS app.
    name_format str
    A globally unique name for an identity or service provider.
    required bool
    True if the attribute must be always present.
    source Property Map
    friendlyName String
    A friendly name for the attribute as provided to the SaaS app.
    name String
    The name of the attribute as provided to the SaaS app.
    nameFormat String
    A globally unique name for an identity or service provider.
    required Boolean
    True if the attribute must be always present.

    ZeroTrustAccessApplicationSaasAppCustomAttributeSource, ZeroTrustAccessApplicationSaasAppCustomAttributeSourceArgs

    Name string
    The name of the attribute as provided by the IDP.
    NameByIdp Dictionary<string, string>
    A mapping from IdP ID to claim name.
    Name string
    The name of the attribute as provided by the IDP.
    NameByIdp map[string]string
    A mapping from IdP ID to claim name.
    name String
    The name of the attribute as provided by the IDP.
    nameByIdp Map<String,String>
    A mapping from IdP ID to claim name.
    name string
    The name of the attribute as provided by the IDP.
    nameByIdp {[key: string]: string}
    A mapping from IdP ID to claim name.
    name str
    The name of the attribute as provided by the IDP.
    name_by_idp Mapping[str, str]
    A mapping from IdP ID to claim name.
    name String
    The name of the attribute as provided by the IDP.
    nameByIdp Map<String>
    A mapping from IdP ID to claim name.

    ZeroTrustAccessApplicationSaasAppCustomClaim, ZeroTrustAccessApplicationSaasAppCustomClaimArgs

    Source ZeroTrustAccessApplicationSaasAppCustomClaimSource
    Name string
    The name of the attribute as provided to the SaaS app.
    Required bool
    True if the attribute must be always present.
    Scope string
    The scope of the claim.
    Source ZeroTrustAccessApplicationSaasAppCustomClaimSource
    Name string
    The name of the attribute as provided to the SaaS app.
    Required bool
    True if the attribute must be always present.
    Scope string
    The scope of the claim.
    source ZeroTrustAccessApplicationSaasAppCustomClaimSource
    name String
    The name of the attribute as provided to the SaaS app.
    required Boolean
    True if the attribute must be always present.
    scope String
    The scope of the claim.
    source ZeroTrustAccessApplicationSaasAppCustomClaimSource
    name string
    The name of the attribute as provided to the SaaS app.
    required boolean
    True if the attribute must be always present.
    scope string
    The scope of the claim.
    source ZeroTrustAccessApplicationSaasAppCustomClaimSource
    name str
    The name of the attribute as provided to the SaaS app.
    required bool
    True if the attribute must be always present.
    scope str
    The scope of the claim.
    source Property Map
    name String
    The name of the attribute as provided to the SaaS app.
    required Boolean
    True if the attribute must be always present.
    scope String
    The scope of the claim.

    ZeroTrustAccessApplicationSaasAppCustomClaimSource, ZeroTrustAccessApplicationSaasAppCustomClaimSourceArgs

    Name string
    The name of the attribute as provided by the IDP.
    NameByIdp Dictionary<string, string>
    A mapping from IdP ID to claim name.
    Name string
    The name of the attribute as provided by the IDP.
    NameByIdp map[string]string
    A mapping from IdP ID to claim name.
    name String
    The name of the attribute as provided by the IDP.
    nameByIdp Map<String,String>
    A mapping from IdP ID to claim name.
    name string
    The name of the attribute as provided by the IDP.
    nameByIdp {[key: string]: string}
    A mapping from IdP ID to claim name.
    name str
    The name of the attribute as provided by the IDP.
    name_by_idp Mapping[str, str]
    A mapping from IdP ID to claim name.
    name String
    The name of the attribute as provided by the IDP.
    nameByIdp Map<String>
    A mapping from IdP ID to claim name.

    ZeroTrustAccessApplicationSaasAppHybridAndImplicitOptions, ZeroTrustAccessApplicationSaasAppHybridAndImplicitOptionsArgs

    ReturnAccessTokenFromAuthorizationEndpoint bool
    If true, the authorization endpoint will return an access token.
    ReturnIdTokenFromAuthorizationEndpoint bool
    If true, the authorization endpoint will return an id token.
    ReturnAccessTokenFromAuthorizationEndpoint bool
    If true, the authorization endpoint will return an access token.
    ReturnIdTokenFromAuthorizationEndpoint bool
    If true, the authorization endpoint will return an id token.
    returnAccessTokenFromAuthorizationEndpoint Boolean
    If true, the authorization endpoint will return an access token.
    returnIdTokenFromAuthorizationEndpoint Boolean
    If true, the authorization endpoint will return an id token.
    returnAccessTokenFromAuthorizationEndpoint boolean
    If true, the authorization endpoint will return an access token.
    returnIdTokenFromAuthorizationEndpoint boolean
    If true, the authorization endpoint will return an id token.
    return_access_token_from_authorization_endpoint bool
    If true, the authorization endpoint will return an access token.
    return_id_token_from_authorization_endpoint bool
    If true, the authorization endpoint will return an id token.
    returnAccessTokenFromAuthorizationEndpoint Boolean
    If true, the authorization endpoint will return an access token.
    returnIdTokenFromAuthorizationEndpoint Boolean
    If true, the authorization endpoint will return an id token.

    ZeroTrustAccessApplicationSaasAppRefreshTokenOption, ZeroTrustAccessApplicationSaasAppRefreshTokenOptionArgs

    Lifetime string
    How long a refresh token will be valid for after creation. Valid units are m, h and d. Must be longer than 1m.
    Lifetime string
    How long a refresh token will be valid for after creation. Valid units are m, h and d. Must be longer than 1m.
    lifetime String
    How long a refresh token will be valid for after creation. Valid units are m, h and d. Must be longer than 1m.
    lifetime string
    How long a refresh token will be valid for after creation. Valid units are m, h and d. Must be longer than 1m.
    lifetime str
    How long a refresh token will be valid for after creation. Valid units are m, h and d. Must be longer than 1m.
    lifetime String
    How long a refresh token will be valid for after creation. Valid units are m, h and d. Must be longer than 1m.

    ZeroTrustAccessApplicationScimConfig, ZeroTrustAccessApplicationScimConfigArgs

    IdpUid string
    The UID of the IdP to use as the source for SCIM resources to provision to this application.
    RemoteUri string
    The base URI for the application's SCIM-compatible API.
    Authentication ZeroTrustAccessApplicationScimConfigAuthentication
    Attributes for configuring HTTP Basic, OAuth Bearer token, or OAuth 2 authentication schemes for SCIM provisioning to an application.
    DeactivateOnDelete bool
    If false, propagates DELETE requests to the target application for SCIM resources. If true, sets 'active' to false on the SCIM resource. Note: Some targets do not support DELETE operations.
    Enabled bool
    Whether SCIM provisioning is turned on for this application.
    Mappings List<ZeroTrustAccessApplicationScimConfigMapping>
    A list of mappings to apply to SCIM resources before provisioning them in this application. These can transform or filter the resources to be provisioned.
    IdpUid string
    The UID of the IdP to use as the source for SCIM resources to provision to this application.
    RemoteUri string
    The base URI for the application's SCIM-compatible API.
    Authentication ZeroTrustAccessApplicationScimConfigAuthentication
    Attributes for configuring HTTP Basic, OAuth Bearer token, or OAuth 2 authentication schemes for SCIM provisioning to an application.
    DeactivateOnDelete bool
    If false, propagates DELETE requests to the target application for SCIM resources. If true, sets 'active' to false on the SCIM resource. Note: Some targets do not support DELETE operations.
    Enabled bool
    Whether SCIM provisioning is turned on for this application.
    Mappings []ZeroTrustAccessApplicationScimConfigMapping
    A list of mappings to apply to SCIM resources before provisioning them in this application. These can transform or filter the resources to be provisioned.
    idpUid String
    The UID of the IdP to use as the source for SCIM resources to provision to this application.
    remoteUri String
    The base URI for the application's SCIM-compatible API.
    authentication ZeroTrustAccessApplicationScimConfigAuthentication
    Attributes for configuring HTTP Basic, OAuth Bearer token, or OAuth 2 authentication schemes for SCIM provisioning to an application.
    deactivateOnDelete Boolean
    If false, propagates DELETE requests to the target application for SCIM resources. If true, sets 'active' to false on the SCIM resource. Note: Some targets do not support DELETE operations.
    enabled Boolean
    Whether SCIM provisioning is turned on for this application.
    mappings List<ZeroTrustAccessApplicationScimConfigMapping>
    A list of mappings to apply to SCIM resources before provisioning them in this application. These can transform or filter the resources to be provisioned.
    idpUid string
    The UID of the IdP to use as the source for SCIM resources to provision to this application.
    remoteUri string
    The base URI for the application's SCIM-compatible API.
    authentication ZeroTrustAccessApplicationScimConfigAuthentication
    Attributes for configuring HTTP Basic, OAuth Bearer token, or OAuth 2 authentication schemes for SCIM provisioning to an application.
    deactivateOnDelete boolean
    If false, propagates DELETE requests to the target application for SCIM resources. If true, sets 'active' to false on the SCIM resource. Note: Some targets do not support DELETE operations.
    enabled boolean
    Whether SCIM provisioning is turned on for this application.
    mappings ZeroTrustAccessApplicationScimConfigMapping[]
    A list of mappings to apply to SCIM resources before provisioning them in this application. These can transform or filter the resources to be provisioned.
    idp_uid str
    The UID of the IdP to use as the source for SCIM resources to provision to this application.
    remote_uri str
    The base URI for the application's SCIM-compatible API.
    authentication ZeroTrustAccessApplicationScimConfigAuthentication
    Attributes for configuring HTTP Basic, OAuth Bearer token, or OAuth 2 authentication schemes for SCIM provisioning to an application.
    deactivate_on_delete bool
    If false, propagates DELETE requests to the target application for SCIM resources. If true, sets 'active' to false on the SCIM resource. Note: Some targets do not support DELETE operations.
    enabled bool
    Whether SCIM provisioning is turned on for this application.
    mappings Sequence[ZeroTrustAccessApplicationScimConfigMapping]
    A list of mappings to apply to SCIM resources before provisioning them in this application. These can transform or filter the resources to be provisioned.
    idpUid String
    The UID of the IdP to use as the source for SCIM resources to provision to this application.
    remoteUri String
    The base URI for the application's SCIM-compatible API.
    authentication Property Map
    Attributes for configuring HTTP Basic, OAuth Bearer token, or OAuth 2 authentication schemes for SCIM provisioning to an application.
    deactivateOnDelete Boolean
    If false, propagates DELETE requests to the target application for SCIM resources. If true, sets 'active' to false on the SCIM resource. Note: Some targets do not support DELETE operations.
    enabled Boolean
    Whether SCIM provisioning is turned on for this application.
    mappings List<Property Map>
    A list of mappings to apply to SCIM resources before provisioning them in this application. These can transform or filter the resources to be provisioned.

    ZeroTrustAccessApplicationScimConfigAuthentication, ZeroTrustAccessApplicationScimConfigAuthenticationArgs

    Scheme string
    The authentication scheme to use when making SCIM requests to this application.
    AuthorizationUrl string
    URL used to generate the auth code used during token generation. Required when using scim_config.0.authentication.0.client_secret, scim_config.0.authentication.0.client_id, scim_config.0.authentication.0.token_url. Conflicts with scim_config.0.authentication.0.user, scim_config.0.authentication.0.password, scim_config.0.authentication.0.token.
    ClientId string
    Client ID used to authenticate when generating a token for authenticating with the remote SCIM service. Required when using scim_config.0.authentication.0.client_secret, scim_config.0.authentication.0.authorization_url, scim_config.0.authentication.0.token_url. Conflicts with scim_config.0.authentication.0.user, scim_config.0.authentication.0.password, scim_config.0.authentication.0.token.
    ClientSecret string
    Secret used to authenticate when generating a token for authenticating with the remove SCIM service. Required when using scim_config.0.authentication.0.client_id, scim_config.0.authentication.0.authorization_url, scim_config.0.authentication.0.token_url. Conflicts with scim_config.0.authentication.0.user, scim_config.0.authentication.0.password, scim_config.0.authentication.0.token.
    Password string
    Required when using scim_config.0.authentication.0.user. Conflicts with scim_config.0.authentication.0.token, scim_config.0.authentication.0.client_id, scim_config.0.authentication.0.client_secret, scim_config.0.authentication.0.authorization_url, scim_config.0.authentication.0.token_url, scim_config.0.authentication.0.scopes.
    Scopes List<string>
    The authorization scopes to request when generating the token used to authenticate with the remove SCIM service. Conflicts with scim_config.0.authentication.0.user, scim_config.0.authentication.0.password, scim_config.0.authentication.0.token.
    Token string
    Token used to authenticate with the remote SCIM service. Conflicts with scim_config.0.authentication.0.user, scim_config.0.authentication.0.password, scim_config.0.authentication.0.client_id, scim_config.0.authentication.0.client_secret, scim_config.0.authentication.0.authorization_url, scim_config.0.authentication.0.token_url, scim_config.0.authentication.0.scopes.
    TokenUrl string
    URL used to generate the token used to authenticate with the remote SCIM service. Required when using scim_config.0.authentication.0.client_secret, scim_config.0.authentication.0.authorization_url, scim_config.0.authentication.0.client_id. Conflicts with scim_config.0.authentication.0.user, scim_config.0.authentication.0.password, scim_config.0.authentication.0.token.
    User string
    User name used to authenticate with the remote SCIM service. Required when using scim_config.0.authentication.0.password. Conflicts with scim_config.0.authentication.0.token, scim_config.0.authentication.0.client_id, scim_config.0.authentication.0.client_secret, scim_config.0.authentication.0.authorization_url, scim_config.0.authentication.0.token_url, scim_config.0.authentication.0.scopes.
    Scheme string
    The authentication scheme to use when making SCIM requests to this application.
    AuthorizationUrl string
    URL used to generate the auth code used during token generation. Required when using scim_config.0.authentication.0.client_secret, scim_config.0.authentication.0.client_id, scim_config.0.authentication.0.token_url. Conflicts with scim_config.0.authentication.0.user, scim_config.0.authentication.0.password, scim_config.0.authentication.0.token.
    ClientId string
    Client ID used to authenticate when generating a token for authenticating with the remote SCIM service. Required when using scim_config.0.authentication.0.client_secret, scim_config.0.authentication.0.authorization_url, scim_config.0.authentication.0.token_url. Conflicts with scim_config.0.authentication.0.user, scim_config.0.authentication.0.password, scim_config.0.authentication.0.token.
    ClientSecret string
    Secret used to authenticate when generating a token for authenticating with the remove SCIM service. Required when using scim_config.0.authentication.0.client_id, scim_config.0.authentication.0.authorization_url, scim_config.0.authentication.0.token_url. Conflicts with scim_config.0.authentication.0.user, scim_config.0.authentication.0.password, scim_config.0.authentication.0.token.
    Password string
    Required when using scim_config.0.authentication.0.user. Conflicts with scim_config.0.authentication.0.token, scim_config.0.authentication.0.client_id, scim_config.0.authentication.0.client_secret, scim_config.0.authentication.0.authorization_url, scim_config.0.authentication.0.token_url, scim_config.0.authentication.0.scopes.
    Scopes []string
    The authorization scopes to request when generating the token used to authenticate with the remove SCIM service. Conflicts with scim_config.0.authentication.0.user, scim_config.0.authentication.0.password, scim_config.0.authentication.0.token.
    Token string
    Token used to authenticate with the remote SCIM service. Conflicts with scim_config.0.authentication.0.user, scim_config.0.authentication.0.password, scim_config.0.authentication.0.client_id, scim_config.0.authentication.0.client_secret, scim_config.0.authentication.0.authorization_url, scim_config.0.authentication.0.token_url, scim_config.0.authentication.0.scopes.
    TokenUrl string
    URL used to generate the token used to authenticate with the remote SCIM service. Required when using scim_config.0.authentication.0.client_secret, scim_config.0.authentication.0.authorization_url, scim_config.0.authentication.0.client_id. Conflicts with scim_config.0.authentication.0.user, scim_config.0.authentication.0.password, scim_config.0.authentication.0.token.
    User string
    User name used to authenticate with the remote SCIM service. Required when using scim_config.0.authentication.0.password. Conflicts with scim_config.0.authentication.0.token, scim_config.0.authentication.0.client_id, scim_config.0.authentication.0.client_secret, scim_config.0.authentication.0.authorization_url, scim_config.0.authentication.0.token_url, scim_config.0.authentication.0.scopes.
    scheme String
    The authentication scheme to use when making SCIM requests to this application.
    authorizationUrl String
    URL used to generate the auth code used during token generation. Required when using scim_config.0.authentication.0.client_secret, scim_config.0.authentication.0.client_id, scim_config.0.authentication.0.token_url. Conflicts with scim_config.0.authentication.0.user, scim_config.0.authentication.0.password, scim_config.0.authentication.0.token.
    clientId String
    Client ID used to authenticate when generating a token for authenticating with the remote SCIM service. Required when using scim_config.0.authentication.0.client_secret, scim_config.0.authentication.0.authorization_url, scim_config.0.authentication.0.token_url. Conflicts with scim_config.0.authentication.0.user, scim_config.0.authentication.0.password, scim_config.0.authentication.0.token.
    clientSecret String
    Secret used to authenticate when generating a token for authenticating with the remove SCIM service. Required when using scim_config.0.authentication.0.client_id, scim_config.0.authentication.0.authorization_url, scim_config.0.authentication.0.token_url. Conflicts with scim_config.0.authentication.0.user, scim_config.0.authentication.0.password, scim_config.0.authentication.0.token.
    password String
    Required when using scim_config.0.authentication.0.user. Conflicts with scim_config.0.authentication.0.token, scim_config.0.authentication.0.client_id, scim_config.0.authentication.0.client_secret, scim_config.0.authentication.0.authorization_url, scim_config.0.authentication.0.token_url, scim_config.0.authentication.0.scopes.
    scopes List<String>
    The authorization scopes to request when generating the token used to authenticate with the remove SCIM service. Conflicts with scim_config.0.authentication.0.user, scim_config.0.authentication.0.password, scim_config.0.authentication.0.token.
    token String
    Token used to authenticate with the remote SCIM service. Conflicts with scim_config.0.authentication.0.user, scim_config.0.authentication.0.password, scim_config.0.authentication.0.client_id, scim_config.0.authentication.0.client_secret, scim_config.0.authentication.0.authorization_url, scim_config.0.authentication.0.token_url, scim_config.0.authentication.0.scopes.
    tokenUrl String
    URL used to generate the token used to authenticate with the remote SCIM service. Required when using scim_config.0.authentication.0.client_secret, scim_config.0.authentication.0.authorization_url, scim_config.0.authentication.0.client_id. Conflicts with scim_config.0.authentication.0.user, scim_config.0.authentication.0.password, scim_config.0.authentication.0.token.
    user String
    User name used to authenticate with the remote SCIM service. Required when using scim_config.0.authentication.0.password. Conflicts with scim_config.0.authentication.0.token, scim_config.0.authentication.0.client_id, scim_config.0.authentication.0.client_secret, scim_config.0.authentication.0.authorization_url, scim_config.0.authentication.0.token_url, scim_config.0.authentication.0.scopes.
    scheme string
    The authentication scheme to use when making SCIM requests to this application.
    authorizationUrl string
    URL used to generate the auth code used during token generation. Required when using scim_config.0.authentication.0.client_secret, scim_config.0.authentication.0.client_id, scim_config.0.authentication.0.token_url. Conflicts with scim_config.0.authentication.0.user, scim_config.0.authentication.0.password, scim_config.0.authentication.0.token.
    clientId string
    Client ID used to authenticate when generating a token for authenticating with the remote SCIM service. Required when using scim_config.0.authentication.0.client_secret, scim_config.0.authentication.0.authorization_url, scim_config.0.authentication.0.token_url. Conflicts with scim_config.0.authentication.0.user, scim_config.0.authentication.0.password, scim_config.0.authentication.0.token.
    clientSecret string
    Secret used to authenticate when generating a token for authenticating with the remove SCIM service. Required when using scim_config.0.authentication.0.client_id, scim_config.0.authentication.0.authorization_url, scim_config.0.authentication.0.token_url. Conflicts with scim_config.0.authentication.0.user, scim_config.0.authentication.0.password, scim_config.0.authentication.0.token.
    password string
    Required when using scim_config.0.authentication.0.user. Conflicts with scim_config.0.authentication.0.token, scim_config.0.authentication.0.client_id, scim_config.0.authentication.0.client_secret, scim_config.0.authentication.0.authorization_url, scim_config.0.authentication.0.token_url, scim_config.0.authentication.0.scopes.
    scopes string[]
    The authorization scopes to request when generating the token used to authenticate with the remove SCIM service. Conflicts with scim_config.0.authentication.0.user, scim_config.0.authentication.0.password, scim_config.0.authentication.0.token.
    token string
    Token used to authenticate with the remote SCIM service. Conflicts with scim_config.0.authentication.0.user, scim_config.0.authentication.0.password, scim_config.0.authentication.0.client_id, scim_config.0.authentication.0.client_secret, scim_config.0.authentication.0.authorization_url, scim_config.0.authentication.0.token_url, scim_config.0.authentication.0.scopes.
    tokenUrl string
    URL used to generate the token used to authenticate with the remote SCIM service. Required when using scim_config.0.authentication.0.client_secret, scim_config.0.authentication.0.authorization_url, scim_config.0.authentication.0.client_id. Conflicts with scim_config.0.authentication.0.user, scim_config.0.authentication.0.password, scim_config.0.authentication.0.token.
    user string
    User name used to authenticate with the remote SCIM service. Required when using scim_config.0.authentication.0.password. Conflicts with scim_config.0.authentication.0.token, scim_config.0.authentication.0.client_id, scim_config.0.authentication.0.client_secret, scim_config.0.authentication.0.authorization_url, scim_config.0.authentication.0.token_url, scim_config.0.authentication.0.scopes.
    scheme str
    The authentication scheme to use when making SCIM requests to this application.
    authorization_url str
    URL used to generate the auth code used during token generation. Required when using scim_config.0.authentication.0.client_secret, scim_config.0.authentication.0.client_id, scim_config.0.authentication.0.token_url. Conflicts with scim_config.0.authentication.0.user, scim_config.0.authentication.0.password, scim_config.0.authentication.0.token.
    client_id str
    Client ID used to authenticate when generating a token for authenticating with the remote SCIM service. Required when using scim_config.0.authentication.0.client_secret, scim_config.0.authentication.0.authorization_url, scim_config.0.authentication.0.token_url. Conflicts with scim_config.0.authentication.0.user, scim_config.0.authentication.0.password, scim_config.0.authentication.0.token.
    client_secret str
    Secret used to authenticate when generating a token for authenticating with the remove SCIM service. Required when using scim_config.0.authentication.0.client_id, scim_config.0.authentication.0.authorization_url, scim_config.0.authentication.0.token_url. Conflicts with scim_config.0.authentication.0.user, scim_config.0.authentication.0.password, scim_config.0.authentication.0.token.
    password str
    Required when using scim_config.0.authentication.0.user. Conflicts with scim_config.0.authentication.0.token, scim_config.0.authentication.0.client_id, scim_config.0.authentication.0.client_secret, scim_config.0.authentication.0.authorization_url, scim_config.0.authentication.0.token_url, scim_config.0.authentication.0.scopes.
    scopes Sequence[str]
    The authorization scopes to request when generating the token used to authenticate with the remove SCIM service. Conflicts with scim_config.0.authentication.0.user, scim_config.0.authentication.0.password, scim_config.0.authentication.0.token.
    token str
    Token used to authenticate with the remote SCIM service. Conflicts with scim_config.0.authentication.0.user, scim_config.0.authentication.0.password, scim_config.0.authentication.0.client_id, scim_config.0.authentication.0.client_secret, scim_config.0.authentication.0.authorization_url, scim_config.0.authentication.0.token_url, scim_config.0.authentication.0.scopes.
    token_url str
    URL used to generate the token used to authenticate with the remote SCIM service. Required when using scim_config.0.authentication.0.client_secret, scim_config.0.authentication.0.authorization_url, scim_config.0.authentication.0.client_id. Conflicts with scim_config.0.authentication.0.user, scim_config.0.authentication.0.password, scim_config.0.authentication.0.token.
    user str
    User name used to authenticate with the remote SCIM service. Required when using scim_config.0.authentication.0.password. Conflicts with scim_config.0.authentication.0.token, scim_config.0.authentication.0.client_id, scim_config.0.authentication.0.client_secret, scim_config.0.authentication.0.authorization_url, scim_config.0.authentication.0.token_url, scim_config.0.authentication.0.scopes.
    scheme String
    The authentication scheme to use when making SCIM requests to this application.
    authorizationUrl String
    URL used to generate the auth code used during token generation. Required when using scim_config.0.authentication.0.client_secret, scim_config.0.authentication.0.client_id, scim_config.0.authentication.0.token_url. Conflicts with scim_config.0.authentication.0.user, scim_config.0.authentication.0.password, scim_config.0.authentication.0.token.
    clientId String
    Client ID used to authenticate when generating a token for authenticating with the remote SCIM service. Required when using scim_config.0.authentication.0.client_secret, scim_config.0.authentication.0.authorization_url, scim_config.0.authentication.0.token_url. Conflicts with scim_config.0.authentication.0.user, scim_config.0.authentication.0.password, scim_config.0.authentication.0.token.
    clientSecret String
    Secret used to authenticate when generating a token for authenticating with the remove SCIM service. Required when using scim_config.0.authentication.0.client_id, scim_config.0.authentication.0.authorization_url, scim_config.0.authentication.0.token_url. Conflicts with scim_config.0.authentication.0.user, scim_config.0.authentication.0.password, scim_config.0.authentication.0.token.
    password String
    Required when using scim_config.0.authentication.0.user. Conflicts with scim_config.0.authentication.0.token, scim_config.0.authentication.0.client_id, scim_config.0.authentication.0.client_secret, scim_config.0.authentication.0.authorization_url, scim_config.0.authentication.0.token_url, scim_config.0.authentication.0.scopes.
    scopes List<String>
    The authorization scopes to request when generating the token used to authenticate with the remove SCIM service. Conflicts with scim_config.0.authentication.0.user, scim_config.0.authentication.0.password, scim_config.0.authentication.0.token.
    token String
    Token used to authenticate with the remote SCIM service. Conflicts with scim_config.0.authentication.0.user, scim_config.0.authentication.0.password, scim_config.0.authentication.0.client_id, scim_config.0.authentication.0.client_secret, scim_config.0.authentication.0.authorization_url, scim_config.0.authentication.0.token_url, scim_config.0.authentication.0.scopes.
    tokenUrl String
    URL used to generate the token used to authenticate with the remote SCIM service. Required when using scim_config.0.authentication.0.client_secret, scim_config.0.authentication.0.authorization_url, scim_config.0.authentication.0.client_id. Conflicts with scim_config.0.authentication.0.user, scim_config.0.authentication.0.password, scim_config.0.authentication.0.token.
    user String
    User name used to authenticate with the remote SCIM service. Required when using scim_config.0.authentication.0.password. Conflicts with scim_config.0.authentication.0.token, scim_config.0.authentication.0.client_id, scim_config.0.authentication.0.client_secret, scim_config.0.authentication.0.authorization_url, scim_config.0.authentication.0.token_url, scim_config.0.authentication.0.scopes.

    ZeroTrustAccessApplicationScimConfigMapping, ZeroTrustAccessApplicationScimConfigMappingArgs

    Schema string
    Which SCIM resource type this mapping applies to.
    Enabled bool
    Whether or not this mapping is enabled.
    Filter string
    A SCIM filter expression that matches resources that should be provisioned to this application.
    Operations ZeroTrustAccessApplicationScimConfigMappingOperations
    Whether or not this mapping applies to creates, updates, or deletes.
    TransformJsonata string
    A JSONata expression that transforms the resource before provisioning it in the application.
    Schema string
    Which SCIM resource type this mapping applies to.
    Enabled bool
    Whether or not this mapping is enabled.
    Filter string
    A SCIM filter expression that matches resources that should be provisioned to this application.
    Operations ZeroTrustAccessApplicationScimConfigMappingOperations
    Whether or not this mapping applies to creates, updates, or deletes.
    TransformJsonata string
    A JSONata expression that transforms the resource before provisioning it in the application.
    schema String
    Which SCIM resource type this mapping applies to.
    enabled Boolean
    Whether or not this mapping is enabled.
    filter String
    A SCIM filter expression that matches resources that should be provisioned to this application.
    operations ZeroTrustAccessApplicationScimConfigMappingOperations
    Whether or not this mapping applies to creates, updates, or deletes.
    transformJsonata String
    A JSONata expression that transforms the resource before provisioning it in the application.
    schema string
    Which SCIM resource type this mapping applies to.
    enabled boolean
    Whether or not this mapping is enabled.
    filter string
    A SCIM filter expression that matches resources that should be provisioned to this application.
    operations ZeroTrustAccessApplicationScimConfigMappingOperations
    Whether or not this mapping applies to creates, updates, or deletes.
    transformJsonata string
    A JSONata expression that transforms the resource before provisioning it in the application.
    schema str
    Which SCIM resource type this mapping applies to.
    enabled bool
    Whether or not this mapping is enabled.
    filter str
    A SCIM filter expression that matches resources that should be provisioned to this application.
    operations ZeroTrustAccessApplicationScimConfigMappingOperations
    Whether or not this mapping applies to creates, updates, or deletes.
    transform_jsonata str
    A JSONata expression that transforms the resource before provisioning it in the application.
    schema String
    Which SCIM resource type this mapping applies to.
    enabled Boolean
    Whether or not this mapping is enabled.
    filter String
    A SCIM filter expression that matches resources that should be provisioned to this application.
    operations Property Map
    Whether or not this mapping applies to creates, updates, or deletes.
    transformJsonata String
    A JSONata expression that transforms the resource before provisioning it in the application.

    ZeroTrustAccessApplicationScimConfigMappingOperations, ZeroTrustAccessApplicationScimConfigMappingOperationsArgs

    Create bool
    Whether or not this mapping applies to create (POST) operations.
    Delete bool
    Whether or not this mapping applies to DELETE operations.
    Update bool
    Whether or not this mapping applies to update (PATCH/PUT) operations.
    Create bool
    Whether or not this mapping applies to create (POST) operations.
    Delete bool
    Whether or not this mapping applies to DELETE operations.
    Update bool
    Whether or not this mapping applies to update (PATCH/PUT) operations.
    create Boolean
    Whether or not this mapping applies to create (POST) operations.
    delete Boolean
    Whether or not this mapping applies to DELETE operations.
    update Boolean
    Whether or not this mapping applies to update (PATCH/PUT) operations.
    create boolean
    Whether or not this mapping applies to create (POST) operations.
    delete boolean
    Whether or not this mapping applies to DELETE operations.
    update boolean
    Whether or not this mapping applies to update (PATCH/PUT) operations.
    create bool
    Whether or not this mapping applies to create (POST) operations.
    delete bool
    Whether or not this mapping applies to DELETE operations.
    update bool
    Whether or not this mapping applies to update (PATCH/PUT) operations.
    create Boolean
    Whether or not this mapping applies to create (POST) operations.
    delete Boolean
    Whether or not this mapping applies to DELETE operations.
    update Boolean
    Whether or not this mapping applies to update (PATCH/PUT) operations.

    ZeroTrustAccessApplicationTargetCriteria, ZeroTrustAccessApplicationTargetCriteriaArgs

    Port int
    The port that the targets use for the chosen communication protocol. A port cannot be assigned to multiple protocols.
    Protocol string
    The communication protocol your application secures.
    TargetAttributes List<ZeroTrustAccessApplicationTargetCriteriaTargetAttribute>
    Contains a map of target attribute keys to target attribute values.
    Port int
    The port that the targets use for the chosen communication protocol. A port cannot be assigned to multiple protocols.
    Protocol string
    The communication protocol your application secures.
    TargetAttributes []ZeroTrustAccessApplicationTargetCriteriaTargetAttribute
    Contains a map of target attribute keys to target attribute values.
    port Integer
    The port that the targets use for the chosen communication protocol. A port cannot be assigned to multiple protocols.
    protocol String
    The communication protocol your application secures.
    targetAttributes List<ZeroTrustAccessApplicationTargetCriteriaTargetAttribute>
    Contains a map of target attribute keys to target attribute values.
    port number
    The port that the targets use for the chosen communication protocol. A port cannot be assigned to multiple protocols.
    protocol string
    The communication protocol your application secures.
    targetAttributes ZeroTrustAccessApplicationTargetCriteriaTargetAttribute[]
    Contains a map of target attribute keys to target attribute values.
    port int
    The port that the targets use for the chosen communication protocol. A port cannot be assigned to multiple protocols.
    protocol str
    The communication protocol your application secures.
    target_attributes Sequence[ZeroTrustAccessApplicationTargetCriteriaTargetAttribute]
    Contains a map of target attribute keys to target attribute values.
    port Number
    The port that the targets use for the chosen communication protocol. A port cannot be assigned to multiple protocols.
    protocol String
    The communication protocol your application secures.
    targetAttributes List<Property Map>
    Contains a map of target attribute keys to target attribute values.

    ZeroTrustAccessApplicationTargetCriteriaTargetAttribute, ZeroTrustAccessApplicationTargetCriteriaTargetAttributeArgs

    Name string
    The key of the attribute.
    Values List<string>
    The values of the attribute.
    Name string
    The key of the attribute.
    Values []string
    The values of the attribute.
    name String
    The key of the attribute.
    values List<String>
    The values of the attribute.
    name string
    The key of the attribute.
    values string[]
    The values of the attribute.
    name str
    The key of the attribute.
    values Sequence[str]
    The values of the attribute.
    name String
    The key of the attribute.
    values List<String>
    The values of the attribute.

    Import

    $ pulumi import cloudflare:index/zeroTrustAccessApplication:ZeroTrustAccessApplication example <account_id>/<application_id>
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Cloudflare pulumi/pulumi-cloudflare
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the cloudflare Terraform Provider.
    cloudflare logo
    Cloudflare v5.43.0 published on Wednesday, Nov 13, 2024 by Pulumi