1. Docs
  2. Reference
  3. API
  4. auth0
  5. Connection

Connection

With Auth0, you can define sources of users, otherwise known as connections, which may include identity providers (such as Google or LinkedIn), databases, or passwordless authentication methods. This resource allows you to configure and manage connections to be used with your clients and users.

Example Usage

using Pulumi;
using Auth0 = Pulumi.Auth0;

class MyStack : Stack
{
    public MyStack()
    {
        var myConnection = new Auth0.Connection("myConnection", new Auth0.ConnectionArgs
        {
            Options = new Auth0.Inputs.ConnectionOptionsArgs
            {
                BruteForceProtection = true,
                Configuration = 
                {
                    { "bar", "baz" },
                    { "foo", "bar" },
                },
                CustomScripts = 
                {
                    { "getUser", @"function getByEmail (email, callback) {
  return callback(new Error(""Whoops!""))
}

" },
                },
                EnabledDatabaseCustomization = true,
                PasswordHistory = 
                {
                    
                    {
                        { "enable", true },
                        { "size", 3 },
                    },
                },
                PasswordPolicy = "excellent",
            },
            Strategy = "auth0",
        });
        var myWaadConnection = new Auth0.Connection("myWaadConnection", new Auth0.ConnectionArgs
        {
            Options = new Auth0.Inputs.ConnectionOptionsArgs
            {
                ApiEnableUsers = true,
                AppDomain = "my-auth0-app.eu.auth0.com",
                BasicProfile = true,
                ClientId = "1234",
                ClientSecret = "1234",
                DomainAliases = 
                {
                    "example.io",
                },
                ExtGroups = true,
                ExtProfile = true,
                TenantDomain = "exmaple.onmicrosoft.com",
                UseWsfed = false,
                WaadCommonEndpoint = false,
                WaadProtocol = "openid-connect",
            },
            Strategy = "waad",
        });
    }

}

Coming soon!

import pulumi
import pulumi_auth0 as auth0

my_connection = auth0.Connection("myConnection",
    options={
        "bruteForceProtection": "true",
        "configuration": {
            "bar": "baz",
            "foo": "bar",
        },
        "customScripts": {
            "getUser": """function getByEmail (email, callback) {
  return callback(new Error("Whoops!"))
}

""",
        },
        "enabledDatabaseCustomization": "true",
        "passwordHistory": [{
            "enable": True,
            "size": 3,
        }],
        "passwordPolicy": "excellent",
    },
    strategy="auth0")
my_waad_connection = auth0.Connection("myWaadConnection",
    options={
        "apiEnableUsers": True,
        "appDomain": "my-auth0-app.eu.auth0.com",
        "basicProfile": True,
        "client_id": "1234",
        "client_secret": "1234",
        "domainAliases": ["example.io"],
        "extGroups": True,
        "extProfile": True,
        "tenantDomain": "exmaple.onmicrosoft.com",
        "useWsfed": False,
        "waadCommonEndpoint": False,
        "waadProtocol": "openid-connect",
    },
    strategy="waad")
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";

const myConnection = new auth0.Connection("my_connection", {
    options: {
        bruteForceProtection: true,
        configuration: {
            bar: "baz",
            foo: "bar",
        },
        customScripts: {
            get_user: `function getByEmail (email, callback) {
  return callback(new Error("Whoops!"))
}
`,
        },
        enabledDatabaseCustomization: true,
        passwordHistories: [{
            enable: true,
            size: 3,
        }],
        passwordPolicy: "excellent",
    },
    strategy: "auth0",
});
const myWaadConnection = new auth0.Connection("my_waad_connection", {
    options: {
        apiEnableUsers: true,
        appDomain: "my-auth0-app.eu.auth0.com",
        basicProfile: true,
        clientId: "1234",
        clientSecret: "1234",
        domainAliases: ["example.io"],
        extGroups: true,
        extProfile: true,
        tenantDomain: "exmaple.onmicrosoft.com",
        useWsfed: false,
        waadCommonEndpoint: false,
        waadProtocol: "openid-connect",
    },
    strategy: "waad",
});

Create a Connection Resource

new Connection(name: string, args: ConnectionArgs, opts?: CustomResourceOptions);
def Connection(resource_name, opts=None, display_name=None, enabled_clients=None, is_domain_connection=None, name=None, options=None, realms=None, strategy=None, strategy_version=None, __props__=None);
func NewConnection(ctx *Context, name string, args ConnectionArgs, opts ...ResourceOption) (*Connection, error)
public Connection(string name, ConnectionArgs args, CustomResourceOptions? opts = null)
name string
The unique name of the resource.
args ConnectionArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
opts ResourceOptions
A bag of options that control this resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args ConnectionArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args ConnectionArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.

Connection Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.

Inputs

The Connection resource accepts the following input properties:

Strategy string

String. Type of the connection, which indicates the identity provider. Options include ad, adfs, amazon, aol, apple, auth0, auth0-adldap, auth0-oidc, baidu, bitbucket, bitly, box, custom, daccount, dropbox, dwolla, email, evernote, evernote-sandbox, exact, facebook, fitbit, flickr, github, google-apps, google-oauth2, guardian, instagram, ip, line, linkedin, miicard, oauth1, oauth2, office365, oidc, paypal, paypal-sandbox, pingfederate, planningcenter, renren, salesforce, salesforce-community, salesforce-sandbox samlp, sharepoint, shopify, sms, soundcloud, thecity, thecity-sandbox, thirtysevensignals, twitter, untappd, vkontakte, waad, weibo, windowslive, wordpress, yahoo, yammer, yandex.

DisplayName string

Name used in login screen

EnabledClients List<string>

Set(String). IDs of the clients for which the connection is enabled. If not specified, no clients are enabled.

IsDomainConnection bool

Boolean. Indicates whether or not the connection is domain level.

Name string

String. Name of the connection.

Options ConnectionOptionsArgs

List(Resource). Configuration settings for connection options. For details, see Options.

Realms List<string>

List(String). Defines the realms for which the connection will be used (i.e., email domains). If not specified, the connection name is added as the realm.

StrategyVersion string

Int. Version 1 is deprecated, use version 2.

Strategy string

String. Type of the connection, which indicates the identity provider. Options include ad, adfs, amazon, aol, apple, auth0, auth0-adldap, auth0-oidc, baidu, bitbucket, bitly, box, custom, daccount, dropbox, dwolla, email, evernote, evernote-sandbox, exact, facebook, fitbit, flickr, github, google-apps, google-oauth2, guardian, instagram, ip, line, linkedin, miicard, oauth1, oauth2, office365, oidc, paypal, paypal-sandbox, pingfederate, planningcenter, renren, salesforce, salesforce-community, salesforce-sandbox samlp, sharepoint, shopify, sms, soundcloud, thecity, thecity-sandbox, thirtysevensignals, twitter, untappd, vkontakte, waad, weibo, windowslive, wordpress, yahoo, yammer, yandex.

DisplayName string

Name used in login screen

EnabledClients []string

Set(String). IDs of the clients for which the connection is enabled. If not specified, no clients are enabled.

IsDomainConnection bool

Boolean. Indicates whether or not the connection is domain level.

Name string

String. Name of the connection.

Options ConnectionOptions

List(Resource). Configuration settings for connection options. For details, see Options.

Realms []string

List(String). Defines the realms for which the connection will be used (i.e., email domains). If not specified, the connection name is added as the realm.

StrategyVersion string

Int. Version 1 is deprecated, use version 2.

strategy string

String. Type of the connection, which indicates the identity provider. Options include ad, adfs, amazon, aol, apple, auth0, auth0-adldap, auth0-oidc, baidu, bitbucket, bitly, box, custom, daccount, dropbox, dwolla, email, evernote, evernote-sandbox, exact, facebook, fitbit, flickr, github, google-apps, google-oauth2, guardian, instagram, ip, line, linkedin, miicard, oauth1, oauth2, office365, oidc, paypal, paypal-sandbox, pingfederate, planningcenter, renren, salesforce, salesforce-community, salesforce-sandbox samlp, sharepoint, shopify, sms, soundcloud, thecity, thecity-sandbox, thirtysevensignals, twitter, untappd, vkontakte, waad, weibo, windowslive, wordpress, yahoo, yammer, yandex.

displayName string

Name used in login screen

enabledClients string[]

Set(String). IDs of the clients for which the connection is enabled. If not specified, no clients are enabled.

isDomainConnection boolean

Boolean. Indicates whether or not the connection is domain level.

name string

String. Name of the connection.

options ConnectionOptions

List(Resource). Configuration settings for connection options. For details, see Options.

realms string[]

List(String). Defines the realms for which the connection will be used (i.e., email domains). If not specified, the connection name is added as the realm.

strategyVersion string

Int. Version 1 is deprecated, use version 2.

strategy str

String. Type of the connection, which indicates the identity provider. Options include ad, adfs, amazon, aol, apple, auth0, auth0-adldap, auth0-oidc, baidu, bitbucket, bitly, box, custom, daccount, dropbox, dwolla, email, evernote, evernote-sandbox, exact, facebook, fitbit, flickr, github, google-apps, google-oauth2, guardian, instagram, ip, line, linkedin, miicard, oauth1, oauth2, office365, oidc, paypal, paypal-sandbox, pingfederate, planningcenter, renren, salesforce, salesforce-community, salesforce-sandbox samlp, sharepoint, shopify, sms, soundcloud, thecity, thecity-sandbox, thirtysevensignals, twitter, untappd, vkontakte, waad, weibo, windowslive, wordpress, yahoo, yammer, yandex.

display_name str

Name used in login screen

enabled_clients List[str]

Set(String). IDs of the clients for which the connection is enabled. If not specified, no clients are enabled.

is_domain_connection bool

Boolean. Indicates whether or not the connection is domain level.

name str

String. Name of the connection.

options Dict[ConnectionOptions]

List(Resource). Configuration settings for connection options. For details, see Options.

realms List[str]

List(String). Defines the realms for which the connection will be used (i.e., email domains). If not specified, the connection name is added as the realm.

strategy_version str

Int. Version 1 is deprecated, use version 2.

Outputs

All input properties are implicitly available as output properties. Additionally, the Connection resource produces the following output properties:

Id string
The provider-assigned unique ID for this managed resource.
Id string
The provider-assigned unique ID for this managed resource.
id string
The provider-assigned unique ID for this managed resource.
id str
The provider-assigned unique ID for this managed resource.

Look up an Existing Connection Resource

Get an existing Connection resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: ConnectionState, opts?: CustomResourceOptions): Connection
static get(resource_name, id, opts=None, display_name=None, enabled_clients=None, is_domain_connection=None, name=None, options=None, realms=None, strategy=None, strategy_version=None, __props__=None);
func GetConnection(ctx *Context, name string, id IDInput, state *ConnectionState, opts ...ResourceOption) (*Connection, error)
public static Connection Get(string name, Input<string> id, ConnectionState? state, CustomResourceOptions? opts = null)
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.

The following state arguments are supported:

DisplayName string

Name used in login screen

EnabledClients List<string>

Set(String). IDs of the clients for which the connection is enabled. If not specified, no clients are enabled.

IsDomainConnection bool

Boolean. Indicates whether or not the connection is domain level.

Name string

String. Name of the connection.

Options ConnectionOptionsArgs

List(Resource). Configuration settings for connection options. For details, see Options.

Realms List<string>

List(String). Defines the realms for which the connection will be used (i.e., email domains). If not specified, the connection name is added as the realm.

Strategy string

String. Type of the connection, which indicates the identity provider. Options include ad, adfs, amazon, aol, apple, auth0, auth0-adldap, auth0-oidc, baidu, bitbucket, bitly, box, custom, daccount, dropbox, dwolla, email, evernote, evernote-sandbox, exact, facebook, fitbit, flickr, github, google-apps, google-oauth2, guardian, instagram, ip, line, linkedin, miicard, oauth1, oauth2, office365, oidc, paypal, paypal-sandbox, pingfederate, planningcenter, renren, salesforce, salesforce-community, salesforce-sandbox samlp, sharepoint, shopify, sms, soundcloud, thecity, thecity-sandbox, thirtysevensignals, twitter, untappd, vkontakte, waad, weibo, windowslive, wordpress, yahoo, yammer, yandex.

StrategyVersion string

Int. Version 1 is deprecated, use version 2.

DisplayName string

Name used in login screen

EnabledClients []string

Set(String). IDs of the clients for which the connection is enabled. If not specified, no clients are enabled.

IsDomainConnection bool

Boolean. Indicates whether or not the connection is domain level.

Name string

String. Name of the connection.

Options ConnectionOptions

List(Resource). Configuration settings for connection options. For details, see Options.

Realms []string

List(String). Defines the realms for which the connection will be used (i.e., email domains). If not specified, the connection name is added as the realm.

Strategy string

String. Type of the connection, which indicates the identity provider. Options include ad, adfs, amazon, aol, apple, auth0, auth0-adldap, auth0-oidc, baidu, bitbucket, bitly, box, custom, daccount, dropbox, dwolla, email, evernote, evernote-sandbox, exact, facebook, fitbit, flickr, github, google-apps, google-oauth2, guardian, instagram, ip, line, linkedin, miicard, oauth1, oauth2, office365, oidc, paypal, paypal-sandbox, pingfederate, planningcenter, renren, salesforce, salesforce-community, salesforce-sandbox samlp, sharepoint, shopify, sms, soundcloud, thecity, thecity-sandbox, thirtysevensignals, twitter, untappd, vkontakte, waad, weibo, windowslive, wordpress, yahoo, yammer, yandex.

StrategyVersion string

Int. Version 1 is deprecated, use version 2.

displayName string

Name used in login screen

enabledClients string[]

Set(String). IDs of the clients for which the connection is enabled. If not specified, no clients are enabled.

isDomainConnection boolean

Boolean. Indicates whether or not the connection is domain level.

name string

String. Name of the connection.

options ConnectionOptions

List(Resource). Configuration settings for connection options. For details, see Options.

realms string[]

List(String). Defines the realms for which the connection will be used (i.e., email domains). If not specified, the connection name is added as the realm.

strategy string

String. Type of the connection, which indicates the identity provider. Options include ad, adfs, amazon, aol, apple, auth0, auth0-adldap, auth0-oidc, baidu, bitbucket, bitly, box, custom, daccount, dropbox, dwolla, email, evernote, evernote-sandbox, exact, facebook, fitbit, flickr, github, google-apps, google-oauth2, guardian, instagram, ip, line, linkedin, miicard, oauth1, oauth2, office365, oidc, paypal, paypal-sandbox, pingfederate, planningcenter, renren, salesforce, salesforce-community, salesforce-sandbox samlp, sharepoint, shopify, sms, soundcloud, thecity, thecity-sandbox, thirtysevensignals, twitter, untappd, vkontakte, waad, weibo, windowslive, wordpress, yahoo, yammer, yandex.

strategyVersion string

Int. Version 1 is deprecated, use version 2.

display_name str

Name used in login screen

enabled_clients List[str]

Set(String). IDs of the clients for which the connection is enabled. If not specified, no clients are enabled.

is_domain_connection bool

Boolean. Indicates whether or not the connection is domain level.

name str

String. Name of the connection.

options Dict[ConnectionOptions]

List(Resource). Configuration settings for connection options. For details, see Options.

realms List[str]

List(String). Defines the realms for which the connection will be used (i.e., email domains). If not specified, the connection name is added as the realm.

strategy str

String. Type of the connection, which indicates the identity provider. Options include ad, adfs, amazon, aol, apple, auth0, auth0-adldap, auth0-oidc, baidu, bitbucket, bitly, box, custom, daccount, dropbox, dwolla, email, evernote, evernote-sandbox, exact, facebook, fitbit, flickr, github, google-apps, google-oauth2, guardian, instagram, ip, line, linkedin, miicard, oauth1, oauth2, office365, oidc, paypal, paypal-sandbox, pingfederate, planningcenter, renren, salesforce, salesforce-community, salesforce-sandbox samlp, sharepoint, shopify, sms, soundcloud, thecity, thecity-sandbox, thirtysevensignals, twitter, untappd, vkontakte, waad, weibo, windowslive, wordpress, yahoo, yammer, yandex.

strategy_version str

Int. Version 1 is deprecated, use version 2.

Supporting Types

ConnectionOptions

See the input and output API doc for this type.

See the input and output API doc for this type.

See the input and output API doc for this type.

AdfsServer string

String. ADFS Metadata source.

AllowedAudiences List<string>
ApiEnableUsers bool

Boolean.

AppDomain string

String. Azure AD domain name.

Deprecated: use domain instead

AppId string

String

AuthorizationEndpoint string

String.

BruteForceProtection bool

Boolean. Indicates whether or not to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.

ClientId string

String. Client ID given by your OIDC provider.

ClientSecret string

String, Case-sensitive. Client secret given by your OIDC provider.

CommunityBaseUrl string

String.

Configuration Dictionary<string, string>

Map(String), Case-sensitive.

CustomScripts Dictionary<string, string>

Map(String).

DisableCache bool
DisableSignup bool

Boolean. Indicates whether or not to allow user sign-ups to your application.

DiscoveryUrl string

String. Usually an URL ending with /.well-known/openid-configuration

Domain string
DomainAliases List<string>

List(String). List of the domains that can be authenticated using the Identity Provider. Only needed for Identifier First authentication flows.

EnabledDatabaseCustomization bool

Boolean.

From string

String. SMS number for the sender. Used when SMS Source is From.

IconUrl string
IdentityApi string
ImportMode bool

Boolean. Indicates whether or not you have a legacy user store and want to gradually migrate those users to the Auth0 user store. Learn more.

Ips List<string>
Issuer string

String. URL of the issuer.

JwksUri string

String.

KeyId string
MaxGroupsToRetrieve string

String. Maximum number of groups to retrieve.

MessagingServiceSid string

String. SID for Copilot. Used when SMS Source is Copilot.

Name string

String.

PasswordComplexityOptions ConnectionOptionsPasswordComplexityOptionsArgs

List(Resource). Configuration settings for password complexity. For details, see Password Complexity Options.

PasswordDictionary ConnectionOptionsPasswordDictionaryArgs

List(Resource). Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary. For details, see Password Dictionary.

PasswordHistories List<ConnectionOptionsPasswordHistoryArgs>

List(Resource). Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords. For details, see Password History.

PasswordNoPersonalInfo ConnectionOptionsPasswordNoPersonalInfoArgs

List(Resource). Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user’s personal data, including user’s name, username, nickname, user_metadata.name, user_metadata.first, user_metadata.last, user’s email, or first part of the user’s email. For details, see Password No Personal Info.

PasswordPolicy string

String. Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include none, low, fair, good, excellent.

RequiresUsername bool

Boolean. Indicates whether or not the user is required to provide a username in addition to an email address.

Scopes List<string>

List(String). Value must be a list of scopes. For example ["openid", "profile", "email"]

StrategyVersion int

Int. Version 1 is deprecated, use version 2.

Subject string
Syntax string

String. Syntax of the SMS. Options include markdown and liquid.

TeamId string
Template string

String. Template for the SMS. You can use @@password@@ as a placeholder for the password value.

TenantDomain string

String

TokenEndpoint string

String.

Totp ConnectionOptionsTotpArgs

Map(Resource). Configuration options for one-time passwords. For details, see TOTP.

TwilioSid string

String. SID for your Twilio account.

TwilioToken string

String, Case-sensitive. AuthToken for your Twilio account.

Type string

String. Value must be back_channel or front_channel

UseCertAuth bool
UseKerberos bool
UseWsfed bool

Bool

UserinfoEndpoint string

String.

Validation Dictionary<string, string>

String.

WaadCommonEndpoint bool

Boolean. Indicates whether or not to use the common endpoint rather than the default endpoint. Typically enabled if you’re using this for a multi-tenant application in Azure AD.

WaadProtocol string

String

AdfsServer string

String. ADFS Metadata source.

AllowedAudiences []string
ApiEnableUsers bool

Boolean.

AppDomain string

String. Azure AD domain name.

Deprecated: use domain instead

AppId string

String

AuthorizationEndpoint string

String.

BruteForceProtection bool

Boolean. Indicates whether or not to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.

ClientId string

String. Client ID given by your OIDC provider.

ClientSecret string

String, Case-sensitive. Client secret given by your OIDC provider.

CommunityBaseUrl string

String.

Configuration map[string]string

Map(String), Case-sensitive.

CustomScripts map[string]string

Map(String).

DisableCache bool
DisableSignup bool

Boolean. Indicates whether or not to allow user sign-ups to your application.

DiscoveryUrl string

String. Usually an URL ending with /.well-known/openid-configuration

Domain string
DomainAliases []string

List(String). List of the domains that can be authenticated using the Identity Provider. Only needed for Identifier First authentication flows.

EnabledDatabaseCustomization bool

Boolean.

From string

String. SMS number for the sender. Used when SMS Source is From.

IconUrl string
IdentityApi string
ImportMode bool

Boolean. Indicates whether or not you have a legacy user store and want to gradually migrate those users to the Auth0 user store. Learn more.

Ips []string
Issuer string

String. URL of the issuer.

JwksUri string

String.

KeyId string
MaxGroupsToRetrieve string

String. Maximum number of groups to retrieve.

MessagingServiceSid string

String. SID for Copilot. Used when SMS Source is Copilot.

Name string

String.

PasswordComplexityOptions ConnectionOptionsPasswordComplexityOptions

List(Resource). Configuration settings for password complexity. For details, see Password Complexity Options.

PasswordDictionary ConnectionOptionsPasswordDictionary

List(Resource). Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary. For details, see Password Dictionary.

PasswordHistories []ConnectionOptionsPasswordHistory

List(Resource). Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords. For details, see Password History.

PasswordNoPersonalInfo ConnectionOptionsPasswordNoPersonalInfo

List(Resource). Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user’s personal data, including user’s name, username, nickname, user_metadata.name, user_metadata.first, user_metadata.last, user’s email, or first part of the user’s email. For details, see Password No Personal Info.

PasswordPolicy string

String. Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include none, low, fair, good, excellent.

RequiresUsername bool

Boolean. Indicates whether or not the user is required to provide a username in addition to an email address.

Scopes []string

List(String). Value must be a list of scopes. For example ["openid", "profile", "email"]

StrategyVersion int

Int. Version 1 is deprecated, use version 2.

Subject string
Syntax string

String. Syntax of the SMS. Options include markdown and liquid.

TeamId string
Template string

String. Template for the SMS. You can use @@password@@ as a placeholder for the password value.

TenantDomain string

String

TokenEndpoint string

String.

Totp ConnectionOptionsTotp

Map(Resource). Configuration options for one-time passwords. For details, see TOTP.

TwilioSid string

String. SID for your Twilio account.

TwilioToken string

String, Case-sensitive. AuthToken for your Twilio account.

Type string

String. Value must be back_channel or front_channel

UseCertAuth bool
UseKerberos bool
UseWsfed bool

Bool

UserinfoEndpoint string

String.

Validation map[string]string

String.

WaadCommonEndpoint bool

Boolean. Indicates whether or not to use the common endpoint rather than the default endpoint. Typically enabled if you’re using this for a multi-tenant application in Azure AD.

WaadProtocol string

String

adfsServer string

String. ADFS Metadata source.

allowedAudiences string[]
apiEnableUsers boolean

Boolean.

appDomain string

String. Azure AD domain name.

Deprecated: use domain instead

appId string

String

authorizationEndpoint string

String.

bruteForceProtection boolean

Boolean. Indicates whether or not to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.

clientId string

String. Client ID given by your OIDC provider.

clientSecret string

String, Case-sensitive. Client secret given by your OIDC provider.

communityBaseUrl string

String.

configuration {[key: string]: string}

Map(String), Case-sensitive.

customScripts {[key: string]: string}

Map(String).

disableCache boolean
disableSignup boolean

Boolean. Indicates whether or not to allow user sign-ups to your application.

discoveryUrl string

String. Usually an URL ending with /.well-known/openid-configuration

domain string
domainAliases string[]

List(String). List of the domains that can be authenticated using the Identity Provider. Only needed for Identifier First authentication flows.

enabledDatabaseCustomization boolean

Boolean.

from string

String. SMS number for the sender. Used when SMS Source is From.

iconUrl string
identityApi string
importMode boolean

Boolean. Indicates whether or not you have a legacy user store and want to gradually migrate those users to the Auth0 user store. Learn more.

ips string[]
issuer string

String. URL of the issuer.

jwksUri string

String.

keyId string
maxGroupsToRetrieve string

String. Maximum number of groups to retrieve.

messagingServiceSid string

String. SID for Copilot. Used when SMS Source is Copilot.

name string

String.

passwordComplexityOptions ConnectionOptionsPasswordComplexityOptions

List(Resource). Configuration settings for password complexity. For details, see Password Complexity Options.

passwordDictionary ConnectionOptionsPasswordDictionary

List(Resource). Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary. For details, see Password Dictionary.

passwordHistories ConnectionOptionsPasswordHistory[]

List(Resource). Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords. For details, see Password History.

passwordNoPersonalInfo ConnectionOptionsPasswordNoPersonalInfo

List(Resource). Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user’s personal data, including user’s name, username, nickname, user_metadata.name, user_metadata.first, user_metadata.last, user’s email, or first part of the user’s email. For details, see Password No Personal Info.

passwordPolicy string

String. Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include none, low, fair, good, excellent.

requiresUsername boolean

Boolean. Indicates whether or not the user is required to provide a username in addition to an email address.

scopes string[]

List(String). Value must be a list of scopes. For example ["openid", "profile", "email"]

strategyVersion number

Int. Version 1 is deprecated, use version 2.

subject string
syntax string

String. Syntax of the SMS. Options include markdown and liquid.

teamId string
template string

String. Template for the SMS. You can use @@password@@ as a placeholder for the password value.

tenantDomain string

String

tokenEndpoint string

String.

totp ConnectionOptionsTotp

Map(Resource). Configuration options for one-time passwords. For details, see TOTP.

twilioSid string

String. SID for your Twilio account.

twilioToken string

String, Case-sensitive. AuthToken for your Twilio account.

type string

String. Value must be back_channel or front_channel

useCertAuth boolean
useKerberos boolean
useWsfed boolean

Bool

userinfoEndpoint string

String.

validation {[key: string]: string}

String.

waadCommonEndpoint boolean

Boolean. Indicates whether or not to use the common endpoint rather than the default endpoint. Typically enabled if you’re using this for a multi-tenant application in Azure AD.

waadProtocol string

String

adfsServer str

String. ADFS Metadata source.

allowedAudiences List[str]
apiEnableUsers bool

Boolean.

appDomain str

String. Azure AD domain name.

Deprecated: use domain instead

appId str

String

authorizationEndpoint str

String.

bruteForceProtection bool

Boolean. Indicates whether or not to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.

client_id str

String. Client ID given by your OIDC provider.

client_secret str

String, Case-sensitive. Client secret given by your OIDC provider.

communityBaseUrl str

String.

configuration Dict[str, str]

Map(String), Case-sensitive.

customScripts Dict[str, str]

Map(String).

disableCache bool
disableSignup bool

Boolean. Indicates whether or not to allow user sign-ups to your application.

discoveryUrl str

String. Usually an URL ending with /.well-known/openid-configuration

domain str
domainAliases List[str]

List(String). List of the domains that can be authenticated using the Identity Provider. Only needed for Identifier First authentication flows.

enabledDatabaseCustomization bool

Boolean.

from_ str

String. SMS number for the sender. Used when SMS Source is From.

iconUrl str
identityApi str
importMode bool

Boolean. Indicates whether or not you have a legacy user store and want to gradually migrate those users to the Auth0 user store. Learn more.

ips List[str]
issuer str

String. URL of the issuer.

jwksUri str

String.

keyId str
maxGroupsToRetrieve str

String. Maximum number of groups to retrieve.

messagingServiceSid str

String. SID for Copilot. Used when SMS Source is Copilot.

name str

String.

passwordComplexityOptions Dict[ConnectionOptionsPasswordComplexityOptions]

List(Resource). Configuration settings for password complexity. For details, see Password Complexity Options.

passwordDictionary Dict[ConnectionOptionsPasswordDictionary]

List(Resource). Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary. For details, see Password Dictionary.

passwordHistories List[ConnectionOptionsPasswordHistory]

List(Resource). Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords. For details, see Password History.

passwordNoPersonalInfo Dict[ConnectionOptionsPasswordNoPersonalInfo]

List(Resource). Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user’s personal data, including user’s name, username, nickname, user_metadata.name, user_metadata.first, user_metadata.last, user’s email, or first part of the user’s email. For details, see Password No Personal Info.

passwordPolicy str

String. Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include none, low, fair, good, excellent.

requiresUsername bool

Boolean. Indicates whether or not the user is required to provide a username in addition to an email address.

scopes List[str]

List(String). Value must be a list of scopes. For example ["openid", "profile", "email"]

strategy_version float

Int. Version 1 is deprecated, use version 2.

subject str
syntax str

String. Syntax of the SMS. Options include markdown and liquid.

teamId str
template str

String. Template for the SMS. You can use @@password@@ as a placeholder for the password value.

tenantDomain str

String

tokenEndpoint str

String.

totp Dict[ConnectionOptionsTotp]

Map(Resource). Configuration options for one-time passwords. For details, see TOTP.

twilioSid str

String. SID for your Twilio account.

twilioToken str

String, Case-sensitive. AuthToken for your Twilio account.

type str

String. Value must be back_channel or front_channel

useCertAuth bool
useKerberos bool
useWsfed bool

Bool

userinfoEndpoint str

String.

validation Dict[str, str]

String.

waadCommonEndpoint bool

Boolean. Indicates whether or not to use the common endpoint rather than the default endpoint. Typically enabled if you’re using this for a multi-tenant application in Azure AD.

waadProtocol str

String

ConnectionOptionsPasswordComplexityOptions

See the input and output API doc for this type.

See the input and output API doc for this type.

See the input and output API doc for this type.

MinLength int

Integer. Minimum number of characters allowed in passwords.

MinLength int

Integer. Minimum number of characters allowed in passwords.

minLength number

Integer. Minimum number of characters allowed in passwords.

minLength float

Integer. Minimum number of characters allowed in passwords.

ConnectionOptionsPasswordDictionary

See the input and output API doc for this type.

See the input and output API doc for this type.

See the input and output API doc for this type.

Dictionaries List<string>

Set(String), (Maximum=2000 characters). Customized contents of the password dictionary. By default, the password dictionary contains a list of the 10,000 most common passwords; your customized content is used in addition to the default password dictionary. Matching is not case-sensitive.

Enable bool

Boolean. Indicates whether password history is enabled for the connection. When enabled, any existing users in this connection will be unaffected; the system will maintain their password history going forward.

Dictionaries []string

Set(String), (Maximum=2000 characters). Customized contents of the password dictionary. By default, the password dictionary contains a list of the 10,000 most common passwords; your customized content is used in addition to the default password dictionary. Matching is not case-sensitive.

Enable bool

Boolean. Indicates whether password history is enabled for the connection. When enabled, any existing users in this connection will be unaffected; the system will maintain their password history going forward.

dictionaries string[]

Set(String), (Maximum=2000 characters). Customized contents of the password dictionary. By default, the password dictionary contains a list of the 10,000 most common passwords; your customized content is used in addition to the default password dictionary. Matching is not case-sensitive.

enable boolean

Boolean. Indicates whether password history is enabled for the connection. When enabled, any existing users in this connection will be unaffected; the system will maintain their password history going forward.

dictionaries List[str]

Set(String), (Maximum=2000 characters). Customized contents of the password dictionary. By default, the password dictionary contains a list of the 10,000 most common passwords; your customized content is used in addition to the default password dictionary. Matching is not case-sensitive.

enable bool

Boolean. Indicates whether password history is enabled for the connection. When enabled, any existing users in this connection will be unaffected; the system will maintain their password history going forward.

ConnectionOptionsPasswordHistory

See the input and output API doc for this type.

See the input and output API doc for this type.

See the input and output API doc for this type.

Enable bool

Boolean. Indicates whether password history is enabled for the connection. When enabled, any existing users in this connection will be unaffected; the system will maintain their password history going forward.

Size int

Integer, (Maximum=24). Indicates the number of passwords to keep in history.

Enable bool

Boolean. Indicates whether password history is enabled for the connection. When enabled, any existing users in this connection will be unaffected; the system will maintain their password history going forward.

Size int

Integer, (Maximum=24). Indicates the number of passwords to keep in history.

enable boolean

Boolean. Indicates whether password history is enabled for the connection. When enabled, any existing users in this connection will be unaffected; the system will maintain their password history going forward.

size number

Integer, (Maximum=24). Indicates the number of passwords to keep in history.

enable bool

Boolean. Indicates whether password history is enabled for the connection. When enabled, any existing users in this connection will be unaffected; the system will maintain their password history going forward.

size float

Integer, (Maximum=24). Indicates the number of passwords to keep in history.

ConnectionOptionsPasswordNoPersonalInfo

See the input and output API doc for this type.

See the input and output API doc for this type.

See the input and output API doc for this type.

Enable bool

Boolean. Indicates whether the password personal info check is enabled for this connection.

Enable bool

Boolean. Indicates whether the password personal info check is enabled for this connection.

enable boolean

Boolean. Indicates whether the password personal info check is enabled for this connection.

enable bool

Boolean. Indicates whether the password personal info check is enabled for this connection.

ConnectionOptionsTotp

See the input and output API doc for this type.

See the input and output API doc for this type.

See the input and output API doc for this type.

Length int

Integer. Length of the one-time password.

TimeStep int

Integer. Seconds between allowed generation of new passwords.

Length int

Integer. Length of the one-time password.

TimeStep int

Integer. Seconds between allowed generation of new passwords.

length number

Integer. Length of the one-time password.

timeStep number

Integer. Seconds between allowed generation of new passwords.

length float

Integer. Length of the one-time password.

timeStep float

Integer. Seconds between allowed generation of new passwords.

Package Details

Repository
https://github.com/pulumi/pulumi-auth0
License
Apache-2.0
Notes
This Pulumi package is based on the auth0 Terraform Provider.