Module types/output

APIs

interface ClientAddonsSamlp

interface ClientAddonsSamlp

property audience

audience?: undefined | string;

String. Audience of the SAML Assertion. Default will be the Issuer on SAMLRequest.

property authnContextClassRef

authnContextClassRef?: undefined | string;

String. Class reference of the authentication context.

property binding

binding?: undefined | string;

String. Protocol binding used for SAML logout responses.

property createUpnClaim

createUpnClaim?: undefined | false | true;

Boolean, (Default=true) Indicates whether or not a UPN claim should be created.

property destination

destination?: undefined | string;

String. Destination of the SAML Response. If not specified, it will be AssertionConsumerUrlof SAMLRequest or Callback URL if there was no SAMLRequest.

property digestAlgorithm

digestAlgorithm?: undefined | string;

String, (Default=sha1). Algorithm used to calculate the digest of the SAML Assertion or response. Options include defaultsha1 and sha256.

property includeAttributeNameFormat

includeAttributeNameFormat?: undefined | false | true;

Boolean,(Default=true). Indicates whether or not we should infer the NameFormat based on the attribute name. If set to false, the attribute NameFormat is not set in the assertion.

property lifetimeInSeconds

lifetimeInSeconds?: undefined | number;

Integer, (Default=3600). Number of seconds during which the token is valid.

property logout

logout?: outputs.ClientAddonsSamlpLogout;

Map(Resource). Configuration settings for logout. For details, see Logout.

property mapIdentities

mapIdentities?: undefined | false | true;

Boolean, (Default=true). Indicates whether or not to add additional identity information in the token, such as the provider used and the access_token, if available.

property mapUnknownClaimsAsIs

mapUnknownClaimsAsIs?: undefined | false | true;

Boolean, (Default=false). Indicates whether or not to add a prefix of http://schema.auth0.com to any claims that are not mapped to the common profile when passed through in the output assertion.

property mappings

mappings?: undefined | {[key: string]: any};

Map(String). Mappings between the Auth0 user profile property name (name) and the output attributes on the SAML attribute in the assertion (value).

property nameIdentifierFormat

nameIdentifierFormat?: undefined | string;

String, (Default=urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified). Format of the name identifier.

property nameIdentifierProbes

nameIdentifierProbes?: string[];

List(String). Attributes that can be used for Subject/NameID. Auth0 will try each of the attributes of this array in order and use the first value it finds.

property passthroughClaimsWithNoMapping

passthroughClaimsWithNoMapping?: undefined | false | true;

Boolean, (Default=true). Indicates whether or not to passthrough claims that are not mapped to the common profile in the output assertion.

property recipient

recipient?: undefined | string;

String. Recipient of the SAML Assertion (SubjectConfirmationData). Default is AssertionConsumerUrl on SAMLRequest or Callback URL if no SAMLRequest was sent.

property signResponse

signResponse?: undefined | false | true;

Boolean. Indicates whether or not the SAML Response should be signed instead of the SAML Assertion.

property signatureAlgorithm

signatureAlgorithm?: undefined | string;

String, (Default=rsa-sha1). Algorithm used to sign the SAML Assertion or response. Options include rsa-sha1 and rsa-sha256.

property typedAttributes

typedAttributes?: undefined | false | true;

Boolean, (Default=true). Indicates whether or not we should infer the xs:type of the element. Types include xs:string, xs:boolean, xs:double, and xs:anyType. When set to false, all xs:type are xs:anyType.

interface ClientAddonsSamlpLogout

interface ClientAddonsSamlpLogout

property callback

callback?: undefined | string;

String. Service provider’s Single Logout Service URL, to which Auth0 will send logout requests and responses.

property sloEnabled

sloEnabled?: undefined | false | true;

Boolean. Indicates whether or not Auth0 should notify service providers of session termination.

interface ClientJwtConfiguration

interface ClientJwtConfiguration

property alg

alg?: undefined | string;

String. Algorithm used to sign JWTs.

property lifetimeInSeconds

lifetimeInSeconds: number;

Integer. Number of seconds during which the JWT will be valid.

property scopes

scopes?: undefined | {[key: string]: string};

Map(String). Permissions (scopes) included in JWTs.

property secretEncoded

secretEncoded: boolean;

Boolean. Indicates whether or not the client secret is base64 encoded.

interface ClientMobile

interface ClientMobile

property android

android?: outputs.ClientMobileAndroid;

List(Resource). Configuration settings for Android native apps. For details, see Android.

property ios

ios?: outputs.ClientMobileIos;

List(Resource). Configuration settings for i0S native apps. For details, see iOS.

interface ClientMobileAndroid

interface ClientMobileAndroid

property appPackageName

appPackageName?: undefined | string;

String

property sha256CertFingerprints

sha256CertFingerprints?: string[];

List(String)

interface ClientMobileIos

interface ClientMobileIos

property appBundleIdentifier

appBundleIdentifier?: undefined | string;

String

property teamId

teamId?: undefined | string;

String

interface ConnectionOptions

interface ConnectionOptions

property adfsServer

adfsServer?: undefined | string;

String. ADFS Metadata source.

property allowedAudiences

allowedAudiences?: string[];

property apiEnableUsers

apiEnableUsers?: undefined | false | true;

Boolean.

property appDomain

appDomain?: undefined | string;

String. Azure AD domain name.

property appId

appId?: undefined | string;

String

property authorizationEndpoint

authorizationEndpoint?: undefined | string;

String.

property bruteForceProtection

bruteForceProtection?: undefined | false | true;

Boolean. Indicates whether or not to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.

property clientId

clientId?: undefined | string;

String. Client ID given by your OIDC provider.

property clientSecret

clientSecret?: undefined | string;

String, Case-sensitive. Client secret given by your OIDC provider.

property communityBaseUrl

communityBaseUrl?: undefined | string;

String.

property configuration

configuration?: undefined | {[key: string]: string};

Map(String), Case-sensitive.

property customScripts

customScripts?: undefined | {[key: string]: string};

Map(String).

property disableCache

disableCache?: undefined | false | true;

property disableSignup

disableSignup?: undefined | false | true;

Boolean. Indicates whether or not to allow user sign-ups to your application.

property discoveryUrl

discoveryUrl?: undefined | string;

String. Usually an URL ending with /.well-known/openid-configuration

property domain

domain?: undefined | string;

property domainAliases

domainAliases?: string[];

List(String). List of the domains that can be authenticated using the Identity Provider. Only needed for Identifier First authentication flows.

property enabledDatabaseCustomization

enabledDatabaseCustomization?: undefined | false | true;

Boolean.

property from

from?: undefined | string;

String. SMS number for the sender. Used when SMS Source is From.

property iconUrl

iconUrl?: undefined | string;

property identityApi

identityApi?: undefined | string;

property importMode

importMode?: undefined | false | true;

Boolean. Indicates whether or not you have a legacy user store and want to gradually migrate those users to the Auth0 user store. Learn more.

property ips

ips?: string[];

property issuer

issuer?: undefined | string;

String. URL of the issuer.

property jwksUri

jwksUri?: undefined | string;

String.

property keyId

keyId?: undefined | string;

property maxGroupsToRetrieve

maxGroupsToRetrieve?: undefined | string;

String. Maximum number of groups to retrieve.

property messagingServiceSid

messagingServiceSid?: undefined | string;

String. SID for Copilot. Used when SMS Source is Copilot.

property name

name?: undefined | string;

String.

property passwordComplexityOptions

passwordComplexityOptions?: outputs.ConnectionOptionsPasswordComplexityOptions;

List(Resource). Configuration settings for password complexity. For details, see Password Complexity Options.

property passwordDictionary

passwordDictionary?: outputs.ConnectionOptionsPasswordDictionary;

List(Resource). Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary. For details, see Password Dictionary.

property passwordHistories

passwordHistories: ConnectionOptionsPasswordHistory[];

List(Resource). Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords. For details, see Password History.

property passwordNoPersonalInfo

passwordNoPersonalInfo?: outputs.ConnectionOptionsPasswordNoPersonalInfo;

List(Resource). Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user’s personal data, including user’s name, username, nickname, user_metadata.name, user_metadata.first, user_metadata.last, user’s email, or first part of the user’s email. For details, see Password No Personal Info.

property passwordPolicy

passwordPolicy: string;

String. Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include none, low, fair, good, excellent.

property requiresUsername

requiresUsername?: undefined | false | true;

Boolean. Indicates whether or not the user is required to provide a username in addition to an email address.

property scopes

scopes?: string[];

List(String). Value must be a list of scopes. For example ["openid", "profile", "email"]

property strategyVersion

strategyVersion: number;

Int. Version 1 is deprecated, use version 2.

property subject

subject?: undefined | string;

property syntax

syntax?: undefined | string;

String. Syntax of the SMS. Options include markdown and liquid.

property teamId

teamId?: undefined | string;

property template

template?: undefined | string;

String. Template for the SMS. You can use @@password@@ as a placeholder for the password value.

property tenantDomain

tenantDomain?: undefined | string;

String

property tokenEndpoint

tokenEndpoint?: undefined | string;

String.

property totp

totp?: outputs.ConnectionOptionsTotp;

Map(Resource). Configuration options for one-time passwords. For details, see TOTP.

property twilioSid

twilioSid?: undefined | string;

String. SID for your Twilio account.

property twilioToken

twilioToken?: undefined | string;

String, Case-sensitive. AuthToken for your Twilio account.

property type

type?: undefined | string;

String. Value must be backChannel or frontChannel

property useCertAuth

useCertAuth?: undefined | false | true;

property useKerberos

useKerberos?: undefined | false | true;

property useWsfed

useWsfed?: undefined | false | true;

Bool

property userinfoEndpoint

userinfoEndpoint?: undefined | string;

String.

property validation

validation?: undefined | {[key: string]: string};

String.

property waadCommonEndpoint

waadCommonEndpoint?: undefined | false | true;

Boolean. Indicates whether or not to use the common endpoint rather than the default endpoint. Typically enabled if you’re using this for a multi-tenant application in Azure AD.

property waadProtocol

waadProtocol?: undefined | string;

String

interface ConnectionOptionsPasswordComplexityOptions

interface ConnectionOptionsPasswordComplexityOptions

property minLength

minLength?: undefined | number;

Integer. Minimum number of characters allowed in passwords.

interface ConnectionOptionsPasswordDictionary

interface ConnectionOptionsPasswordDictionary

property dictionaries

dictionaries?: string[];

Set(String), (Maximum=2000 characters). Customized contents of the password dictionary. By default, the password dictionary contains a list of the 10,000 most common passwords; your customized content is used in addition to the default password dictionary. Matching is not case-sensitive.

property enable

enable?: undefined | false | true;

Boolean. Indicates whether password history is enabled for the connection. When enabled, any existing users in this connection will be unaffected; the system will maintain their password history going forward.

interface ConnectionOptionsPasswordHistory

interface ConnectionOptionsPasswordHistory

property enable

enable?: undefined | false | true;

property size

size?: undefined | number;

Integer, (Maximum=24). Indicates the number of passwords to keep in history.

interface ConnectionOptionsPasswordNoPersonalInfo

interface ConnectionOptionsPasswordNoPersonalInfo

property enable

enable?: undefined | false | true;

Boolean. Indicates whether the password personal info check is enabled for this connection.

interface ConnectionOptionsTotp

interface ConnectionOptionsTotp

property length

length?: undefined | number;

Integer. Length of the one-time password.

property timeStep

timeStep?: undefined | number;

Integer. Seconds between allowed generation of new passwords.

interface CustomDomainVerification

interface CustomDomainVerification

property methods

methods: any[];

List(Map). Verification methods for the domain.

interface EmailCredentials

interface EmailCredentials

property accessKeyId

accessKeyId?: undefined | string;

String, Case-sensitive. AWS Access Key ID. Used only for AWS.

property apiKey

apiKey?: undefined | string;

String, Case-sensitive. API Key for your email service. Will always be encrypted in our database.

property apiUser

apiUser?: undefined | string;

String. API User for your email service.

property domain

domain?: undefined | string;

property region

region?: undefined | string;

String. Default region. Used only for AWS, Mailgun, and SparkPost.

property secretAccessKey

secretAccessKey?: undefined | string;

String, Case-sensitive. AWS Secret Key. Will always be encrypted in our database. Used only for AWS.

property smtpHost

smtpHost?: undefined | string;

String. Hostname or IP address of your SMTP server. Used only for SMTP.

property smtpPass

smtpPass?: undefined | string;

String, Case-sensitive. SMTP password. Used only for SMTP.

property smtpPort

smtpPort?: undefined | number;

Integer. Port used by your SMTP server. Please avoid using port 25 if possible because many providers have limitations on this port. Used only for SMTP.

property smtpUser

smtpUser?: undefined | string;

String. SMTP username. Used only for SMTP.

interface GlobalClientAddons

interface GlobalClientAddons

property aws

aws?: undefined | {[key: string]: any};

property azureBlob

azureBlob?: undefined | {[key: string]: any};

property azureSb

azureSb?: undefined | {[key: string]: any};

property box

box?: undefined | {[key: string]: any};

property cloudbees

cloudbees?: undefined | {[key: string]: any};

property concur

concur?: undefined | {[key: string]: any};

property dropbox

dropbox?: undefined | {[key: string]: any};

property echosign

echosign?: undefined | {[key: string]: any};

property egnyte

egnyte?: undefined | {[key: string]: any};

property firebase

firebase?: undefined | {[key: string]: any};

property layer

layer?: undefined | {[key: string]: any};

property mscrm

mscrm?: undefined | {[key: string]: any};

property newrelic

newrelic?: undefined | {[key: string]: any};

property office365

office365?: undefined | {[key: string]: any};

property rms

rms?: undefined | {[key: string]: any};

property salesforce

salesforce?: undefined | {[key: string]: any};

property salesforceApi

salesforceApi?: undefined | {[key: string]: any};

property salesforceSandboxApi

salesforceSandboxApi?: undefined | {[key: string]: any};

property samlp

samlp?: outputs.GlobalClientAddonsSamlp;

property sapApi

sapApi?: undefined | {[key: string]: any};

property sentry

sentry?: undefined | {[key: string]: any};

property sharepoint

sharepoint?: undefined | {[key: string]: any};

property slack

slack?: undefined | {[key: string]: any};

property springcm

springcm?: undefined | {[key: string]: any};

property wams

wams?: undefined | {[key: string]: any};

property wsfed

wsfed?: undefined | {[key: string]: any};

property zendesk

zendesk?: undefined | {[key: string]: any};

property zoom

zoom?: undefined | {[key: string]: any};

interface GlobalClientAddonsSamlp

interface GlobalClientAddonsSamlp

property audience

audience?: undefined | string;

property authnContextClassRef

authnContextClassRef?: undefined | string;

property binding

binding?: undefined | string;

property createUpnClaim

createUpnClaim?: undefined | false | true;

property destination

destination?: undefined | string;

property digestAlgorithm

digestAlgorithm?: undefined | string;

property includeAttributeNameFormat

includeAttributeNameFormat?: undefined | false | true;

property lifetimeInSeconds

lifetimeInSeconds?: undefined | number;

property logout

logout?: outputs.GlobalClientAddonsSamlpLogout;

property mapIdentities

mapIdentities?: undefined | false | true;

property mapUnknownClaimsAsIs

mapUnknownClaimsAsIs?: undefined | false | true;

property mappings

mappings?: undefined | {[key: string]: any};

property nameIdentifierFormat

nameIdentifierFormat?: undefined | string;

property nameIdentifierProbes

nameIdentifierProbes?: string[];

property passthroughClaimsWithNoMapping

passthroughClaimsWithNoMapping?: undefined | false | true;

property recipient

recipient?: undefined | string;

property signResponse

signResponse?: undefined | false | true;

property signatureAlgorithm

signatureAlgorithm?: undefined | string;

property typedAttributes

typedAttributes?: undefined | false | true;

interface GlobalClientAddonsSamlpLogout

interface GlobalClientAddonsSamlpLogout

property callback

callback?: undefined | string;

property sloEnabled

sloEnabled?: undefined | false | true;

interface GlobalClientJwtConfiguration

interface GlobalClientJwtConfiguration

property alg

alg?: undefined | string;

property lifetimeInSeconds

lifetimeInSeconds: number;

property scopes

scopes?: undefined | {[key: string]: string};

property secretEncoded

secretEncoded: boolean;

interface GlobalClientMobile

interface GlobalClientMobile

property android

android?: outputs.GlobalClientMobileAndroid;

property ios

ios?: outputs.GlobalClientMobileIos;

interface GlobalClientMobileAndroid

interface GlobalClientMobileAndroid

property appPackageName

appPackageName?: undefined | string;

property sha256CertFingerprints

sha256CertFingerprints?: string[];

interface GlobalClientMobileIos

interface GlobalClientMobileIos

property appBundleIdentifier

appBundleIdentifier?: undefined | string;

property teamId

teamId?: undefined | string;

interface ResourceServerScope

interface ResourceServerScope

property description

description?: undefined | string;

String. Description of the permission (scope).

property value

value: string;

String. Name of the permission (scope). Examples include read:appointments or delete:appointments.

interface RolePermission

interface RolePermission

property name

name: string;

String. Name of the permission (scope).

property resourceServerIdentifier

resourceServerIdentifier: string;

String. Unique identifier for the resource server.

interface TenantChangePassword

interface TenantChangePassword

property enabled

enabled: boolean;

Boolean. Indicates whether or not to use the custom change password page.

property html

html: string;

String, HTML format with supported Liquid syntax. Customized content of the change password page.

interface TenantErrorPage

interface TenantErrorPage

property html

html: string;

String, HTML format with supported Liquid syntax. Customized content of the error page.

property showLogLink

showLogLink: boolean;

Boolean. Indicates whether or not to show the link to logs as part of the default error page.

property url

url: string;

String. URL to redirect to when an error occurs rather than showing the default error page.

interface TenantFlags

interface TenantFlags

property changePwdFlowV1

changePwdFlowV1: boolean;

Boolean. Indicates whether or not to use the older v1 change password flow. Not recommended except for backward compatibility.

property disableClickjackProtectionHeaders

disableClickjackProtectionHeaders: boolean;

Boolean. Indicated whether or not classic Universal Login prompts include additional security headers to prevent clickjacking.

property enableApisSection

enableApisSection: boolean;

Boolean. Indicates whether or not the APIs section is enabled for the tenant.

property enableClientConnections

enableClientConnections: boolean;

Boolean. Indicates whether or not all current connections should be enabled when a new client is created.

property enableCustomDomainInEmails

enableCustomDomainInEmails: boolean;

Boolean. Indicates whether or not the tenant allows custom domains in emails.

property enableDynamicClientRegistration

enableDynamicClientRegistration: boolean;

Boolean. Indicates whether or not the tenant allows dynamic client registration.

property enableLegacyLogsSearchV2

enableLegacyLogsSearchV2: boolean;

Boolean. Indicates whether or not to use the older v2 legacy logs search.

property enablePipeline2

enablePipeline2: boolean;

Boolean. Indicates whether or not advanced API Authorization scenarios are enabled.

property enablePublicSignupUserExistsError

enablePublicSignupUserExistsError: boolean;

Boolean. Indicates whether or not the public sign up process shows a userExists error if the user already exists.

property universalLogin

universalLogin: boolean;

Boolean. Indicates whether or not the tenant uses universal login.

property useScopeDescriptionsForConsent

useScopeDescriptionsForConsent: boolean;

interface TenantGuardianMfaPage

interface TenantGuardianMfaPage

property enabled

enabled: boolean;

Boolean. Indicates whether or not to use the custom Guardian page.

property html

html: string;

String, HTML format with supported Liquid syntax. Customized content of the Guardian page.

interface TenantUniversalLogin

interface TenantUniversalLogin

property colors

colors?: outputs.TenantUniversalLoginColors;

List(Resource). Configuration settings for Universal Login colors. See Universal Login - Colors.

interface TenantUniversalLoginColors

interface TenantUniversalLoginColors

property pageBackground

pageBackground: string;

String, Hexadecimal. Background color of login pages.

property primary

primary: string;

String, Hexadecimal. Primary button background color.

The Pulumi Platform

Get Started

Migrate to Pulumi

Solutions for All Teams and Engineers

Any Code

Any Cloud

Module types/output

APIs

APIs