Package @pulumi/azuread

This page documents the language specification for the azuread package. If you're looking for help working with the inputs, outputs, or functions of azuread resources in a Pulumi program, please see the resource documentation for examples and API reference.

The Microsoft Azure Active Directory (Azure AD) provider package offers support for all Azure AD services and their properties. Services are exposed as types such as Application, Group, and User, among many others. Using this package allows you to programmatically declare instances of any Azure AD services using infrastructure as code, which Pulumi then uses to drive the Azure REST API.

This package is typically used in conjunction with the Pulumi Azure provider.

If this is your first time using this package, these two resources may be helpful:

Azure Getting Started Guide: Get up and running quickly.
Azure Pulumi Setup Documentation: How to configure Pulumi for use with your Azure account.

Use the navigation below to see detailed documentation, including sample code, for each of the supported Azure services.

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-azuread repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-azuread repo.

var azuread = require("@pulumi/azuread");

import * as azuread from "@pulumi/azuread";

Modules

Functions

getApplication
getClientConfig
getDomains
getGroup
getGroups
getServicePrincipal
getUser
getUsers

Others

Resources

Resource Application

class Application extends CustomResource

Manages an Application within Azure Active Directory.

NOTE: If you’re authenticating using a Service Principal then it must have permissions to both Read and write owned by applications and Sign in and read user profile within the Windows Azure Active Directory API.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";

const example = new azuread.Application("example", {
    appRoles: [{
        allowedMemberTypes: [
            "User",
            "Application",
        ],
        description: "Admins can manage roles and perform all task actions",
        displayName: "Admin",
        isEnabled: true,
        value: "Admin",
    }],
    availableToOtherTenants: false,
    homepage: "https://homepage",
    identifierUris: ["https://uri"],
    oauth2AllowImplicitFlow: true,
    oauth2Permissions: [
        {
            adminConsentDescription: "Allow the application to access example on behalf of the signed-in user.",
            adminConsentDisplayName: "Access example",
            isEnabled: true,
            type: "User",
            userConsentDescription: "Allow the application to access example on your behalf.",
            userConsentDisplayName: "Access example",
            value: "userImpersonation",
        },
        {
            adminConsentDescription: "Administer the example application",
            adminConsentDisplayName: "Administer",
            isEnabled: true,
            type: "Admin",
            value: "administer",
        },
    ],
    optionalClaims: {
        accessTokens: [
            {
                name: "myclaim",
            },
            {
                name: "otherclaim",
            },
        ],
        idTokens: [{
            additionalProperties: ["emitAsRoles"],
            essential: true,
            name: "userclaim",
            source: "user",
        }],
    },
    owners: ["00000004-0000-0000-c000-000000000000"],
    replyUrls: ["https://replyurl"],
    requiredResourceAccesses: [
        {
            resourceAccesses: [
                {
                    id: "...",
                    type: "Role",
                },
                {
                    id: "...",
                    type: "Scope",
                },
                {
                    id: "...",
                    type: "Scope",
                },
            ],
            resourceAppId: "00000003-0000-0000-c000-000000000000",
        },
        {
            resourceAccesses: [{
                id: "...",
                type: "Scope",
            }],
            resourceAppId: "00000002-0000-0000-c000-000000000000",
        },
    ],
    type: "webapp/api",
});

constructor

new Application(name: string, args?: ApplicationArgs, opts?: pulumi.CustomResourceOptions)

Create a Application resource with the given unique name, arguments, and options.

name The unique name of the resource.
args The arguments to use to populate this resource's properties.
opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ApplicationState, opts?: pulumi.CustomResourceOptions): Application

Get an existing Application resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is Application

Returns true if the given object is an instance of Application. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property appRoles

public appRoles: pulumi.Output<ApplicationAppRole[] | undefined>;

A collection of appRole blocks as documented below. For more information https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/app-roles

property applicationId

public applicationId: pulumi.Output<string>;

The Application ID.

property availableToOtherTenants

public availableToOtherTenants: pulumi.Output<boolean | undefined>;

Is this Azure AD Application available to other tenants? Defaults to false.

property groupMembershipClaims

public groupMembershipClaims: pulumi.Output<string | undefined>;

Configures the groups claim issued in a user or OAuth 2.0 access token that the app expects. Defaults to SecurityGroup. Possible values are None, SecurityGroup, DirectoryRole, ApplicationGroup or All.

property homepage

public homepage: pulumi.Output<string>;

The URL to the application’s home page. If no homepage is specified this defaults to https://{name}.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property identifierUris

public identifierUris: pulumi.Output<string[]>;

A list of user-defined URI(s) that uniquely identify a Web application within it’s Azure AD tenant, or within a verified custom domain if the application is multi-tenant.

property logoutUrl

public logoutUrl: pulumi.Output<string | undefined>;

The URL of the logout page.

property name

public name: pulumi.Output<string>;

The display name for the application.

property oauth2AllowImplicitFlow

public oauth2AllowImplicitFlow: pulumi.Output<boolean | undefined>;

Does this Azure AD Application allow OAuth2.0 implicit flow tokens? Defaults to false.

property oauth2Permissions

public oauth2Permissions: pulumi.Output<ApplicationOauth2Permission[]>;

A collection of OAuth 2.0 permission scopes that the web API (resource) app exposes to client apps. Each permission is covered by oauth2Permissions blocks as documented below.

property objectId

public objectId: pulumi.Output<string>;

The Application’s Object ID.

property optionalClaims

public optionalClaims: pulumi.Output<ApplicationOptionalClaims | undefined>;

A collection of accessToken or idToken blocks as documented below which list the optional claims configured for each token type. For more information see https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-optional-claims

property owners

public owners: pulumi.Output<string[]>;

A list of Azure AD Object IDs that will be granted ownership of the application. Defaults to the Object ID of the caller creating the application. If a list is specified the caller Object ID will no longer be included unless explicitly added to the list.

property publicClient

public publicClient: pulumi.Output<boolean>;

Is this Azure AD Application a public client? Defaults to false.

property replyUrls

public replyUrls: pulumi.Output<string[]>;

A list of URLs that user tokens are sent to for sign in, or the redirect URIs that OAuth 2.0 authorization codes and access tokens are sent to.

property requiredResourceAccesses

public requiredResourceAccesses: pulumi.Output<ApplicationRequiredResourceAccess[] | undefined>;

A collection of requiredResourceAccess blocks as documented below.

property type

public type: pulumi.Output<string | undefined>;

Type of an application: webapp/api or native. Defaults to webapp/api. For native apps type identifierUris property can not not be set.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource ApplicationCertificate

class ApplicationCertificate extends CustomResource

Manages a Certificate associated with an Application within Azure Active Directory.

NOTE: If you’re authenticating using a Service Principal then it must have permissions to both Read and write all applications and Sign in and read user profile within the Windows Azure Active Directory API.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";
import * as fs from "fs";

const exampleApplication = new azuread.Application("example", {});
const exampleApplicationCertificate = new azuread.ApplicationCertificate("example", {
    applicationObjectId: exampleApplication.id,
    endDate: "2021-05-01T01:02:03Z",
    type: "AsymmetricX509Cert",
    value: fs.readFileSync("cert.pem", "utf-8"),
});

constructor

new ApplicationCertificate(name: string, args: ApplicationCertificateArgs, opts?: pulumi.CustomResourceOptions)

Create a ApplicationCertificate resource with the given unique name, arguments, and options.

name The unique name of the resource.
args The arguments to use to populate this resource's properties.
opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ApplicationCertificateState, opts?: pulumi.CustomResourceOptions): ApplicationCertificate

Get an existing ApplicationCertificate resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is ApplicationCertificate

Returns true if the given object is an instance of ApplicationCertificate. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property applicationObjectId

public applicationObjectId: pulumi.Output<string>;

The Object ID of the Application for which this Certificate should be created. Changing this field forces a new resource to be created.

property endDate

public endDate: pulumi.Output<string>;

The End Date which the Certificate is valid until, formatted as a RFC3339 date string (e.g. 2018-01-01T01:02:03Z). Changing this field forces a new resource to be created.

property endDateRelative

public endDateRelative: pulumi.Output<string | undefined>;

A relative duration for which the Certificate is valid until, for example 240h (10 days) or 2400h30m. Changing this field forces a new resource to be created.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property keyId

public keyId: pulumi.Output<string>;

A GUID used to uniquely identify this Certificate. If not specified a GUID will be created. Changing this field forces a new resource to be created.

property startDate

public startDate: pulumi.Output<string>;

The Start Date which the Certificate is valid from, formatted as a RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If this isn’t specified, the current date is used. Changing this field forces a new resource to be created.

property type

public type: pulumi.Output<string | undefined>;

The type of key/certificate. Must be one of AsymmetricX509Cert or Symmetric. Changing this fields forces a new resource to be created.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property value

public value: pulumi.Output<string>;

The Certificate for this Service Principal.

Resource ApplicationPassword

class ApplicationPassword extends CustomResource

Manages a Password associated with an Application within Azure Active Directory.

NOTE: If you’re authenticating using a Service Principal then it must have permissions to both Read and write all applications and Sign in and read user profile within the Windows Azure Active Directory API.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";

const exampleApplication = new azuread.Application("example", {
    availableToOtherTenants: false,
    homepage: "http://homepage",
    identifierUris: ["http://uri"],
    oauth2AllowImplicitFlow: true,
    replyUrls: ["http://replyurl"],
});
const exampleApplicationPassword = new azuread.ApplicationPassword("example", {
    applicationObjectId: exampleApplication.id,
    description: "My managed password",
    endDate: "2099-01-01T01:02:03Z",
    value: "VT=uSgbTanZhyz@%nL9Hpd+Tfay_MRV#",
});

constructor

new ApplicationPassword(name: string, args: ApplicationPasswordArgs, opts?: pulumi.CustomResourceOptions)

Create a ApplicationPassword resource with the given unique name, arguments, and options.

name The unique name of the resource.
args The arguments to use to populate this resource's properties.
opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ApplicationPasswordState, opts?: pulumi.CustomResourceOptions): ApplicationPassword

Get an existing ApplicationPassword resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is ApplicationPassword

Returns true if the given object is an instance of ApplicationPassword. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property applicationId

public applicationId: pulumi.Output<string>;

property applicationObjectId

public applicationObjectId: pulumi.Output<string>;

The Object ID of the Application for which this password should be created. Changing this field forces a new resource to be created.

property description

public description: pulumi.Output<string>;

A description for the Password.

property endDate

public endDate: pulumi.Output<string>;

The End Date which the Password is valid until, formatted as a RFC3339 date string (e.g. 2018-01-01T01:02:03Z). Changing this field forces a new resource to be created.

property endDateRelative

public endDateRelative: pulumi.Output<string | undefined>;

A relative duration for which the Password is valid until, for example 240h (10 days) or 2400h30m. Changing this field forces a new resource to be created.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property keyId

public keyId: pulumi.Output<string>;

A GUID used to uniquely identify this Password. If not specified a GUID will be created. Changing this field forces a new resource to be created.

property startDate

public startDate: pulumi.Output<string>;

The Start Date which the Password is valid from, formatted as a RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If this isn’t specified, the current date is used. Changing this field forces a new resource to be created.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property value

public value: pulumi.Output<string>;

The Password for this Application.

Resource Group

class Group extends CustomResource

constructor

new Group(name: string, args?: GroupArgs, opts?: pulumi.CustomResourceOptions)

Create a Group resource with the given unique name, arguments, and options.

name The unique name of the resource.
args The arguments to use to populate this resource's properties.
opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: GroupState, opts?: pulumi.CustomResourceOptions): Group

Get an existing Group resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is Group

Returns true if the given object is an instance of Group. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property description

public description: pulumi.Output<string | undefined>;

The description for the Group. Changing this forces a new resource to be created.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property members

public members: pulumi.Output<string[]>;

A set of members who should be present in this Group. Supported Object types are Users, Groups or Service Principals.

property name

public name: pulumi.Output<string>;

The display name for the Group. Changing this forces a new resource to be created.

property objectId

public objectId: pulumi.Output<string>;

property owners

public owners: pulumi.Output<string[]>;

A set of owners who own this Group. Supported Object types are Users or Service Principals.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource GroupMember

class GroupMember extends CustomResource

Manages a single Group Membership within Azure Active Directory.

NOTE: Do not use this resource at the same time as azuread_group.members.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";

const exampleUser = pulumi.output(azuread.getUser({
    userPrincipalName: "jdoe@hashicorp.com",
}, { async: true }));
const exampleGroup = new azuread.Group("example", {});
const exampleGroupMember = new azuread.GroupMember("example", {
    groupObjectId: exampleGroup.id,
    memberObjectId: exampleUser.id,
});

constructor

new GroupMember(name: string, args: GroupMemberArgs, opts?: pulumi.CustomResourceOptions)

Create a GroupMember resource with the given unique name, arguments, and options.

name The unique name of the resource.
args The arguments to use to populate this resource's properties.
opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: GroupMemberState, opts?: pulumi.CustomResourceOptions): GroupMember

Get an existing GroupMember resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is GroupMember

Returns true if the given object is an instance of GroupMember. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property groupObjectId

public groupObjectId: pulumi.Output<string>;

The Object ID of the Azure AD Group you want to add the Member to. Changing this forces a new resource to be created.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property memberObjectId

public memberObjectId: pulumi.Output<string>;

The Object ID of the Azure AD Object you want to add as a Member to the Group. Supported Object types are Users, Groups or Service Principals. Changing this forces a new resource to be created.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource Provider

class Provider extends ProviderResource

The provider type for the azuread package. By default, resources use package-wide configuration settings, however an explicit Provider instance may be created and passed during resource construction to achieve fine-grained programmatic control over provider settings. See the documentation for more information.

constructor

new Provider(name: string, args?: ProviderArgs, opts?: pulumi.ResourceOptions)

Create a Provider resource with the given unique name, arguments, and options.

name The unique name of the resource.
args The arguments to use to populate this resource's properties.
opts A bag of options that control this resource's behavior.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is Provider

Returns true if the given object is an instance of Provider. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

method register

static register(provider: ProviderResource | undefined): Promise<string | undefined>

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource ServicePrincipal

class ServicePrincipal extends CustomResource

Manages a Service Principal associated with an Application within Azure Active Directory.

NOTE: If you’re authenticating using a Service Principal then it must have permissions to both Read and write all applications and Sign in and read user profile within the Windows Azure Active Directory API. Please see The Granting a Service Principal permission to manage AAD for the required steps.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";

const exampleApplication = new azuread.Application("example", {
    availableToOtherTenants: false,
    homepage: "http://homepage",
    identifierUris: ["http://uri"],
    oauth2AllowImplicitFlow: true,
    replyUrls: ["http://replyurl"],
});
const exampleServicePrincipal = new azuread.ServicePrincipal("example", {
    appRoleAssignmentRequired: false,
    applicationId: exampleApplication.applicationId,
    tags: [
        "example",
        "tags",
        "here",
    ],
});

constructor

new ServicePrincipal(name: string, args: ServicePrincipalArgs, opts?: pulumi.CustomResourceOptions)

Create a ServicePrincipal resource with the given unique name, arguments, and options.

name The unique name of the resource.
args The arguments to use to populate this resource's properties.
opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ServicePrincipalState, opts?: pulumi.CustomResourceOptions): ServicePrincipal

Get an existing ServicePrincipal resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is ServicePrincipal

Returns true if the given object is an instance of ServicePrincipal. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property appRoleAssignmentRequired

public appRoleAssignmentRequired: pulumi.Output<boolean | undefined>;

Does this Service Principal require an AppRoleAssignment to a user or group before Azure AD will issue a user or access token to the application? Defaults to false.

property applicationId

public applicationId: pulumi.Output<string>;

The ID of the Azure AD Application for which to create a Service Principal.

property displayName

public displayName: pulumi.Output<string>;

The Display Name of the Azure Active Directory Application associated with this Service Principal.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property oauth2Permissions

public oauth2Permissions: pulumi.Output<ServicePrincipalOauth2Permission[]>;

A collection of OAuth 2.0 permissions exposed by the associated application. Each permission is covered by a oauth2Permission block as documented below.

property objectId

public objectId: pulumi.Output<string>;

The Service Principal’s Object ID.

property tags

public tags: pulumi.Output<string[] | undefined>;

A list of tags to apply to the Service Principal.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource ServicePrincipalCertificate

class ServicePrincipalCertificate extends CustomResource

Manages a Certificate associated with a Service Principal within Azure Active Directory.

NOTE: If you’re authenticating using a Service Principal then it must have permissions to both Read and write all applications and Sign in and read user profile within the Windows Azure Active Directory API.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";
import * as fs from "fs";

const exampleApplication = new azuread.Application("example", {});
const exampleServicePrincipal = new azuread.ServicePrincipal("example", {
    applicationId: exampleApplication.applicationId,
});
const exampleServicePrincipalCertificate = new azuread.ServicePrincipalCertificate("example", {
    endDate: "2021-05-01T01:02:03Z",
    servicePrincipalId: exampleServicePrincipal.id,
    type: "AsymmetricX509Cert",
    value: fs.readFileSync("cert.pem", "utf-8"),
});

constructor

new ServicePrincipalCertificate(name: string, args: ServicePrincipalCertificateArgs, opts?: pulumi.CustomResourceOptions)

Create a ServicePrincipalCertificate resource with the given unique name, arguments, and options.

name The unique name of the resource.
args The arguments to use to populate this resource's properties.
opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ServicePrincipalCertificateState, opts?: pulumi.CustomResourceOptions): ServicePrincipalCertificate

Get an existing ServicePrincipalCertificate resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is ServicePrincipalCertificate

Returns true if the given object is an instance of ServicePrincipalCertificate. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property endDate

public endDate: pulumi.Output<string>;

The End Date which the Certificate is valid until, formatted as a RFC3339 date string (e.g. 2018-01-01T01:02:03Z). Changing this field forces a new resource to be created.

property endDateRelative

public endDateRelative: pulumi.Output<string | undefined>;

A relative duration for which the Certificate is valid until, for example 240h (10 days) or 2400h30m. Valid time units are “ns”, “us” (or “µs”), “ms”, “s”, “m”, “h”. Changing this field forces a new resource to be created.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property keyId

public keyId: pulumi.Output<string>;

A GUID used to uniquely identify this Certificate. If not specified a GUID will be created. Changing this field forces a new resource to be created.

property servicePrincipalId

public servicePrincipalId: pulumi.Output<string>;

The ID of the Service Principal for which this certificate should be created. Changing this field forces a new resource to be created.

property startDate

public startDate: pulumi.Output<string>;

property type

public type: pulumi.Output<string | undefined>;

The type of key/certificate. Must be one of AsymmetricX509Cert or Symmetric. Changing this fields forces a new resource to be created.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property value

public value: pulumi.Output<string>;

The Certificate for this Service Principal.

Resource ServicePrincipalPassword

class ServicePrincipalPassword extends CustomResource

Manages a Password associated with a Service Principal within Azure Active Directory.

NOTE: If you’re authenticating using a Service Principal then it must have permissions to both Read and write all applications and Sign in and read user profile within the Windows Azure Active Directory API.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";

const exampleApplication = new azuread.Application("example", {
    availableToOtherTenants: false,
    homepage: "http://homepage",
    identifierUris: ["http://uri"],
    oauth2AllowImplicitFlow: true,
    replyUrls: ["http://replyurl"],
});
const exampleServicePrincipal = new azuread.ServicePrincipal("example", {
    applicationId: exampleApplication.applicationId,
});
const exampleServicePrincipalPassword = new azuread.ServicePrincipalPassword("example", {
    description: "My managed password",
    endDate: "2099-01-01T01:02:03Z",
    servicePrincipalId: exampleServicePrincipal.id,
    value: "VT=uSgbTanZhyz@%nL9Hpd+Tfay_MRV#",
});

constructor

new ServicePrincipalPassword(name: string, args: ServicePrincipalPasswordArgs, opts?: pulumi.CustomResourceOptions)

Create a ServicePrincipalPassword resource with the given unique name, arguments, and options.

name The unique name of the resource.
args The arguments to use to populate this resource's properties.
opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ServicePrincipalPasswordState, opts?: pulumi.CustomResourceOptions): ServicePrincipalPassword

Get an existing ServicePrincipalPassword resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is ServicePrincipalPassword

Returns true if the given object is an instance of ServicePrincipalPassword. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property description

public description: pulumi.Output<string>;

A description for the Password.

property endDate

public endDate: pulumi.Output<string>;

The End Date which the Password is valid until, formatted as a RFC3339 date string (e.g. 2018-01-01T01:02:03Z). Changing this field forces a new resource to be created.

property endDateRelative

public endDateRelative: pulumi.Output<string | undefined>;

A relative duration for which the Password is valid until, for example 240h (10 days) or 2400h30m. Valid time units are “ns”, “us” (or “µs”), “ms”, “s”, “m”, “h”. Changing this field forces a new resource to be created.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property keyId

public keyId: pulumi.Output<string>;

A GUID used to uniquely identify this Key. If not specified a GUID will be created. Changing this field forces a new resource to be created.

property servicePrincipalId

public servicePrincipalId: pulumi.Output<string>;

The ID of the Service Principal for which this password should be created. Changing this field forces a new resource to be created.

property startDate

public startDate: pulumi.Output<string>;

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property value

public value: pulumi.Output<string>;

The Password for this Service Principal.

Resource User

class User extends CustomResource

Manages a User within Azure Active Directory.

NOTE: If you’re authenticating using a Service Principal then it must have permissions to Directory.ReadWrite.All within the Windows Azure Active Directory API.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";

const example = new azuread.User("example", {
    displayName: "J. Doe",
    mailNickname: "jdoe",
    password: "SecretP@sswd99!",
    userPrincipalName: "jdo@hashicorp.com",
});

constructor

new User(name: string, args: UserArgs, opts?: pulumi.CustomResourceOptions)

Create a User resource with the given unique name, arguments, and options.

name The unique name of the resource.
args The arguments to use to populate this resource's properties.
opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: UserState, opts?: pulumi.CustomResourceOptions): User

Get an existing User resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is User

Returns true if the given object is an instance of User. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property accountEnabled

public accountEnabled: pulumi.Output<boolean | undefined>;

true if the account should be enabled, otherwise false. Defaults to true.

property displayName

public displayName: pulumi.Output<string>;

The name to display in the address book for the user.

property forcePasswordChange

public forcePasswordChange: pulumi.Output<boolean | undefined>;

true if the User is forced to change the password during the next sign-in. Defaults to false.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property immutableId

public immutableId: pulumi.Output<string>;

The value used to associate an on-premises Active Directory user account with their Azure AD user object. This must be specified if you are using a federated domain for the user’s userPrincipalName (UPN) property when creating a new user account.

property mail

public mail: pulumi.Output<string>;

The primary email address of the Azure AD User.

property mailNickname

public mailNickname: pulumi.Output<string>;

The mail alias for the user. Defaults to the user name part of the User Principal Name.

property objectId

public objectId: pulumi.Output<string>;

The Object ID of the Azure AD User.

property onpremisesSamAccountName

public onpremisesSamAccountName: pulumi.Output<string>;

The on premise sam account name of the Azure AD User.

property onpremisesUserPrincipalName

public onpremisesUserPrincipalName: pulumi.Output<string>;

The on premise user principal name of the Azure AD User.

property password

public password: pulumi.Output<string>;

The password for the User. The password must satisfy minimum requirements as specified by the password policy. The maximum length is 256 characters.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property usageLocation

public usageLocation: pulumi.Output<string>;

The usage location of the User. Required for users that will be assigned licenses due to legal requirement to check for availability of services in countries. The usage location is a two letter country code (ISO standard 3166). Examples include: NO, JP, and GB. Cannot be reset to null once set.

property userPrincipalName

public userPrincipalName: pulumi.Output<string>;

The User Principal Name of the Azure AD User.

Functions

Function getApplication

getApplication(args?: GetApplicationArgs, opts?: pulumi.InvokeOptions): Promise<GetApplicationResult>

Use this data source to access information about an existing Application within Azure Active Directory.

NOTE: If you’re authenticating using a Service Principal then it must have permissions to both Read and write all (or owned by) applications and Sign in and read user profile within the Windows Azure Active Directory API.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";

const example = pulumi.output(azuread.getApplication({
    name: "My First AzureAD Application",
}, { async: true }));

export const azureAdObjectId = example.id;

Function getClientConfig

getClientConfig(opts?: pulumi.InvokeOptions): Promise<GetClientConfigResult>

Use this data source to access the configuration of the AzureRM provider.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";

const current = azuread.getClientConfig({});
export const accountId = current.then(current => current.clientId);

Function getDomains

getDomains(args?: GetDomainsArgs, opts?: pulumi.InvokeOptions): Promise<GetDomainsResult>

Use this data source to access information about an existing Domains within Azure Active Directory.

NOTE: If you’re authenticating using a Service Principal then it must have permissions to Directory.Read.All within the Windows Azure Active Directory API.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";

const aadDomains = pulumi.output(azuread.getDomains({ async: true }));

export const domains = aadDomains.domains;

Function getGroup

getGroup(args?: GetGroupArgs, opts?: pulumi.InvokeOptions): Promise<GetGroupResult>

Gets information about an Azure Active Directory group.

NOTE: If you’re authenticating using a Service Principal then it must have permissions to Read directory data within the Windows Azure Active Directory API.

Example Usage (by Group Display Name)

import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";

const example = pulumi.output(azuread.getGroup({
    name: "A-AD-Group",
}, { async: true }));

Function getGroups

getGroups(args?: GetGroupsArgs, opts?: pulumi.InvokeOptions): Promise<GetGroupsResult>

Gets Object IDs or Display Names for multiple Azure Active Directory groups.

NOTE: If you’re authenticating using a Service Principal then it must have permissions to Read directory data within the Windows Azure Active Directory API.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";

const groups = pulumi.output(azuread.getGroups({
    names: [
        "group-a",
        "group-b",
    ],
}, { async: true }));

Function getServicePrincipal

getServicePrincipal(args?: GetServicePrincipalArgs, opts?: pulumi.InvokeOptions): Promise<GetServicePrincipalResult>

Gets information about an existing Service Principal associated with an Application within Azure Active Directory.

NOTE: If you’re authenticating using a Service Principal then it must have permissions to both Read and write all applications and Sign in and read user profile within the Windows Azure Active Directory API.

Example Usage (by Application Display Name)

import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";

const example = pulumi.output(azuread.getServicePrincipal({
    displayName: "my-awesome-application",
}, { async: true }));

Example Usage (by Application ID)

import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";

const example = pulumi.output(azuread.getServicePrincipal({
    applicationId: "00000000-0000-0000-0000-000000000000",
}, { async: true }));

Example Usage (by Object ID)

import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";

const example = pulumi.output(azuread.getServicePrincipal({
    objectId: "00000000-0000-0000-0000-000000000000",
}, { async: true }));

Function getUser

getUser(args?: GetUserArgs, opts?: pulumi.InvokeOptions): Promise<GetUserResult>

Gets information about an Azure Active Directory user.

NOTE: If you’re authenticating using a Service Principal then it must have permissions to Read directory data within the Windows Azure Active Directory API.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";

const example = pulumi.output(azuread.getUser({
    userPrincipalName: "user@hashicorp.com",
}, { async: true }));

Function getUsers

getUsers(args?: GetUsersArgs, opts?: pulumi.InvokeOptions): Promise<GetUsersResult>

Gets Object IDs or UPNs for multiple Azure Active Directory users.

NOTE: If you’re authenticating using a Service Principal then it must have permissions to Read directory data within the Windows Azure Active Directory API.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";

const users = pulumi.output(azuread.getUsers({
    userPrincipalNames: [
        "kat@hashicorp.com",
        "byte@hashicorp.com",
    ],
}, { async: true }));

Others

interface ApplicationArgs

interface ApplicationArgs

The set of arguments for constructing a Application resource.

property appRoles

appRoles?: pulumi.Input<pulumi.Input<ApplicationAppRole>[]>;

A collection of appRole blocks as documented below. For more information https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/app-roles

property availableToOtherTenants

availableToOtherTenants?: pulumi.Input<boolean>;

Is this Azure AD Application available to other tenants? Defaults to false.

property groupMembershipClaims

groupMembershipClaims?: pulumi.Input<string>;

property homepage

homepage?: pulumi.Input<string>;

The URL to the application’s home page. If no homepage is specified this defaults to https://{name}.

property identifierUris

identifierUris?: pulumi.Input<pulumi.Input<string>[]>;

A list of user-defined URI(s) that uniquely identify a Web application within it’s Azure AD tenant, or within a verified custom domain if the application is multi-tenant.

property logoutUrl

logoutUrl?: pulumi.Input<string>;

The URL of the logout page.

property name

name?: pulumi.Input<string>;

The display name for the application.

property oauth2AllowImplicitFlow

oauth2AllowImplicitFlow?: pulumi.Input<boolean>;

Does this Azure AD Application allow OAuth2.0 implicit flow tokens? Defaults to false.

property oauth2Permissions

oauth2Permissions?: pulumi.Input<pulumi.Input<ApplicationOauth2Permission>[]>;

A collection of OAuth 2.0 permission scopes that the web API (resource) app exposes to client apps. Each permission is covered by oauth2Permissions blocks as documented below.

property optionalClaims

optionalClaims?: pulumi.Input<ApplicationOptionalClaims>;

property owners

owners?: pulumi.Input<pulumi.Input<string>[]>;

property publicClient

publicClient?: pulumi.Input<boolean>;

Is this Azure AD Application a public client? Defaults to false.

property replyUrls

replyUrls?: pulumi.Input<pulumi.Input<string>[]>;

A list of URLs that user tokens are sent to for sign in, or the redirect URIs that OAuth 2.0 authorization codes and access tokens are sent to.

property requiredResourceAccesses

requiredResourceAccesses?: pulumi.Input<pulumi.Input<ApplicationRequiredResourceAccess>[]>;

A collection of requiredResourceAccess blocks as documented below.

property type

type?: pulumi.Input<string>;

Type of an application: webapp/api or native. Defaults to webapp/api. For native apps type identifierUris property can not not be set.

interface ApplicationCertificateArgs

interface ApplicationCertificateArgs

The set of arguments for constructing a ApplicationCertificate resource.

property applicationObjectId

applicationObjectId: pulumi.Input<string>;

The Object ID of the Application for which this Certificate should be created. Changing this field forces a new resource to be created.

property endDate

endDate?: pulumi.Input<string>;

The End Date which the Certificate is valid until, formatted as a RFC3339 date string (e.g. 2018-01-01T01:02:03Z). Changing this field forces a new resource to be created.

property endDateRelative

endDateRelative?: pulumi.Input<string>;

A relative duration for which the Certificate is valid until, for example 240h (10 days) or 2400h30m. Changing this field forces a new resource to be created.

property keyId

keyId?: pulumi.Input<string>;

A GUID used to uniquely identify this Certificate. If not specified a GUID will be created. Changing this field forces a new resource to be created.

property startDate

startDate?: pulumi.Input<string>;

property type

type?: pulumi.Input<string>;

The type of key/certificate. Must be one of AsymmetricX509Cert or Symmetric. Changing this fields forces a new resource to be created.

property value

value: pulumi.Input<string>;

The Certificate for this Service Principal.

interface ApplicationCertificateState

interface ApplicationCertificateState

Input properties used for looking up and filtering ApplicationCertificate resources.

property applicationObjectId

applicationObjectId?: pulumi.Input<string>;

The Object ID of the Application for which this Certificate should be created. Changing this field forces a new resource to be created.

property endDate

endDate?: pulumi.Input<string>;

The End Date which the Certificate is valid until, formatted as a RFC3339 date string (e.g. 2018-01-01T01:02:03Z). Changing this field forces a new resource to be created.

property endDateRelative

endDateRelative?: pulumi.Input<string>;

A relative duration for which the Certificate is valid until, for example 240h (10 days) or 2400h30m. Changing this field forces a new resource to be created.

property keyId

keyId?: pulumi.Input<string>;

A GUID used to uniquely identify this Certificate. If not specified a GUID will be created. Changing this field forces a new resource to be created.

property startDate

startDate?: pulumi.Input<string>;

property type

type?: pulumi.Input<string>;

The type of key/certificate. Must be one of AsymmetricX509Cert or Symmetric. Changing this fields forces a new resource to be created.

property value

value?: pulumi.Input<string>;

The Certificate for this Service Principal.

interface ApplicationPasswordArgs

interface ApplicationPasswordArgs

The set of arguments for constructing a ApplicationPassword resource.

property applicationId

applicationId?: pulumi.Input<string>;

property applicationObjectId

applicationObjectId?: pulumi.Input<string>;

The Object ID of the Application for which this password should be created. Changing this field forces a new resource to be created.

property description

description?: pulumi.Input<string>;

A description for the Password.

property endDate

endDate?: pulumi.Input<string>;

The End Date which the Password is valid until, formatted as a RFC3339 date string (e.g. 2018-01-01T01:02:03Z). Changing this field forces a new resource to be created.

property endDateRelative

endDateRelative?: pulumi.Input<string>;

A relative duration for which the Password is valid until, for example 240h (10 days) or 2400h30m. Changing this field forces a new resource to be created.

property keyId

keyId?: pulumi.Input<string>;

A GUID used to uniquely identify this Password. If not specified a GUID will be created. Changing this field forces a new resource to be created.

property startDate

startDate?: pulumi.Input<string>;

property value

value: pulumi.Input<string>;

The Password for this Application.

interface ApplicationPasswordState

interface ApplicationPasswordState

Input properties used for looking up and filtering ApplicationPassword resources.

property applicationId

applicationId?: pulumi.Input<string>;

property applicationObjectId

applicationObjectId?: pulumi.Input<string>;

The Object ID of the Application for which this password should be created. Changing this field forces a new resource to be created.

property description

description?: pulumi.Input<string>;

A description for the Password.

property endDate

endDate?: pulumi.Input<string>;

The End Date which the Password is valid until, formatted as a RFC3339 date string (e.g. 2018-01-01T01:02:03Z). Changing this field forces a new resource to be created.

property endDateRelative

endDateRelative?: pulumi.Input<string>;

A relative duration for which the Password is valid until, for example 240h (10 days) or 2400h30m. Changing this field forces a new resource to be created.

property keyId

keyId?: pulumi.Input<string>;

A GUID used to uniquely identify this Password. If not specified a GUID will be created. Changing this field forces a new resource to be created.

property startDate

startDate?: pulumi.Input<string>;

property value

value?: pulumi.Input<string>;

The Password for this Application.

interface ApplicationState

interface ApplicationState

Input properties used for looking up and filtering Application resources.

property appRoles

appRoles?: pulumi.Input<pulumi.Input<ApplicationAppRole>[]>;

A collection of appRole blocks as documented below. For more information https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/app-roles

property applicationId

applicationId?: pulumi.Input<string>;

The Application ID.

property availableToOtherTenants

availableToOtherTenants?: pulumi.Input<boolean>;

Is this Azure AD Application available to other tenants? Defaults to false.

property groupMembershipClaims

groupMembershipClaims?: pulumi.Input<string>;

property homepage

homepage?: pulumi.Input<string>;

The URL to the application’s home page. If no homepage is specified this defaults to https://{name}.

property identifierUris

identifierUris?: pulumi.Input<pulumi.Input<string>[]>;

A list of user-defined URI(s) that uniquely identify a Web application within it’s Azure AD tenant, or within a verified custom domain if the application is multi-tenant.

property logoutUrl

logoutUrl?: pulumi.Input<string>;

The URL of the logout page.

property name

name?: pulumi.Input<string>;

The display name for the application.

property oauth2AllowImplicitFlow

oauth2AllowImplicitFlow?: pulumi.Input<boolean>;

Does this Azure AD Application allow OAuth2.0 implicit flow tokens? Defaults to false.

property oauth2Permissions

oauth2Permissions?: pulumi.Input<pulumi.Input<ApplicationOauth2Permission>[]>;

A collection of OAuth 2.0 permission scopes that the web API (resource) app exposes to client apps. Each permission is covered by oauth2Permissions blocks as documented below.

property objectId

objectId?: pulumi.Input<string>;

The Application’s Object ID.

property optionalClaims

optionalClaims?: pulumi.Input<ApplicationOptionalClaims>;

property owners

owners?: pulumi.Input<pulumi.Input<string>[]>;

property publicClient

publicClient?: pulumi.Input<boolean>;

Is this Azure AD Application a public client? Defaults to false.

property replyUrls

replyUrls?: pulumi.Input<pulumi.Input<string>[]>;

A list of URLs that user tokens are sent to for sign in, or the redirect URIs that OAuth 2.0 authorization codes and access tokens are sent to.

property requiredResourceAccesses

requiredResourceAccesses?: pulumi.Input<pulumi.Input<ApplicationRequiredResourceAccess>[]>;

A collection of requiredResourceAccess blocks as documented below.

property type

type?: pulumi.Input<string>;

Type of an application: webapp/api or native. Defaults to webapp/api. For native apps type identifierUris property can not not be set.

interface GetApplicationArgs

interface GetApplicationArgs

A collection of arguments for invoking getApplication.

property name

name?: undefined | string;

Specifies the name of the Application within Azure Active Directory.

property oauth2Permissions

oauth2Permissions?: GetApplicationOauth2Permission[];

A collection of OAuth 2.0 permission scopes that the web API (resource) app exposes to client apps. Each permission is covered by a oauth2Permission block as documented below.

property objectId

objectId?: undefined | string;

Specifies the Object ID of the Application within Azure Active Directory.

property optionalClaims

optionalClaims?: inputs.GetApplicationOptionalClaims;

interface GetApplicationResult

interface GetApplicationResult

A collection of values returned by getApplication.

property appRoles

appRoles: GetApplicationAppRole[];

A collection of appRole blocks as documented below. For more information https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/app-roles

property applicationId

applicationId: string;

the Application ID of the Azure Active Directory Application.

property availableToOtherTenants

availableToOtherTenants: boolean;

Is this Azure AD Application available to other tenants?

property groupMembershipClaims

groupMembershipClaims: string;

The groups claim issued in a user or OAuth 2.0 access token that the app expects.

property homepage

homepage: string;

property id

id: string;

The provider-assigned unique ID for this managed resource.

property identifierUris

identifierUris: string[];

A list of user-defined URI(s) that uniquely identify a Web application within it’s Azure AD tenant, or within a verified custom domain if the application is multi-tenant.

property logoutUrl

logoutUrl: string;

The URL of the logout page.

property name

name: string;

The name of the optional claim.

property oauth2AllowImplicitFlow

oauth2AllowImplicitFlow: boolean;

Does this Azure AD Application allow OAuth2.0 implicit flow tokens?

property oauth2Permissions

oauth2Permissions: GetApplicationOauth2Permission[];

A collection of OAuth 2.0 permission scopes that the web API (resource) app exposes to client apps. Each permission is covered by a oauth2Permission block as documented below.

property objectId

objectId: string;

the Object ID of the Azure Active Directory Application.

property optionalClaims

optionalClaims?: outputs.GetApplicationOptionalClaims;

property owners

owners: string[];

A list of User Object IDs that are assigned ownership of the application registration.

property replyUrls

replyUrls: string[];

A list of URLs that user tokens are sent to for sign in, or the redirect URIs that OAuth 2.0 authorization codes and access tokens are sent to.

property requiredResourceAccesses

requiredResourceAccesses: GetApplicationRequiredResourceAccess[];

A collection of requiredResourceAccess blocks as documented below.

property type

type: string;

The type of the permission

interface GetClientConfigResult

interface GetClientConfigResult

A collection of values returned by getClientConfig.

property clientId

clientId: string;

property id

id: string;

The provider-assigned unique ID for this managed resource.

property objectId

objectId: string;

property subscriptionId

subscriptionId: string;

property tenantId

tenantId: string;

interface GetDomainsArgs

interface GetDomainsArgs

A collection of arguments for invoking getDomains.

property includeUnverified

includeUnverified?: undefined | false | true;

Set to true if unverified Azure AD Domains should be included. Defaults to false.

property onlyDefault

onlyDefault?: undefined | false | true;

Set to true to only return the default domain.

property onlyInitial

onlyInitial?: undefined | false | true;

Set to true to only return the initial domain, which is your primary Azure Active Directory tenant domain. Defaults to false.

interface GetDomainsResult

interface GetDomainsResult

A collection of values returned by getDomains.

property domains

domains: GetDomainsDomain[];

One or more domain blocks as defined below.

property id

id: string;

The provider-assigned unique ID for this managed resource.

property includeUnverified

includeUnverified?: undefined | false | true;

property onlyDefault

onlyDefault?: undefined | false | true;

property onlyInitial

onlyInitial?: undefined | false | true;

function getEnv

getEnv(vars: string[]): string | undefined

function getEnvBoolean

getEnvBoolean(vars: string[]): boolean | undefined

function getEnvNumber

getEnvNumber(vars: string[]): number | undefined

interface GetGroupArgs

interface GetGroupArgs

A collection of arguments for invoking getGroup.

property name

name?: undefined | string;

The Name of the AD Group we want to lookup.

property objectId

objectId?: undefined | string;

Specifies the Object ID of the AD Group within Azure Active Directory.

interface GetGroupResult

interface GetGroupResult

A collection of values returned by getGroup.

property description

description: string;

The description of the AD Group.

property id

id: string;

The provider-assigned unique ID for this managed resource.

property members

members: string[];

The Object IDs of the Azure AD Group members.

property name

name: string;

The name of the Azure AD Group.

property objectId

objectId: string;

property owners

owners: string[];

The Object IDs of the Azure AD Group owners.

interface GetGroupsArgs

interface GetGroupsArgs

A collection of arguments for invoking getGroups.

property names

names?: string[];

The Display Names of the Azure AD Groups.

property objectIds

objectIds?: string[];

The Object IDs of the Azure AD Groups.

interface GetGroupsResult

interface GetGroupsResult

A collection of values returned by getGroups.

property id

id: string;

The provider-assigned unique ID for this managed resource.

property names

names: string[];

The Display Names of the Azure AD Groups.

property objectIds

objectIds: string[];

The Object IDs of the Azure AD Groups.

interface GetServicePrincipalArgs

interface GetServicePrincipalArgs

A collection of arguments for invoking getServicePrincipal.

property applicationId

applicationId?: undefined | string;

The ID of the Azure AD Application.

property displayName

displayName?: undefined | string;

The Display Name of the Azure AD Application associated with this Service Principal.

property oauth2Permissions

oauth2Permissions?: GetServicePrincipalOauth2Permission[];

A collection of OAuth 2.0 permissions exposed by the associated application. Each permission is covered by a oauth2Permission block as documented below.

property objectId

objectId?: undefined | string;

The ID of the Azure AD Service Principal.

interface GetServicePrincipalResult

interface GetServicePrincipalResult

A collection of values returned by getServicePrincipal.

property appRoles

appRoles: GetServicePrincipalAppRole[];

property applicationId

applicationId: string;

property displayName

displayName: string;

Display name for the permission that appears in the admin consent and app assignment experiences.

property id

id: string;

The provider-assigned unique ID for this managed resource.

property oauth2Permissions

oauth2Permissions: GetServicePrincipalOauth2Permission[];

property objectId

objectId: string;

interface GetUserArgs

interface GetUserArgs

A collection of arguments for invoking getUser.

property mailNickname

mailNickname?: undefined | string;

The email alias of the Azure AD User.

property objectId

objectId?: undefined | string;

Specifies the Object ID of the Application within Azure Active Directory.

property userPrincipalName

userPrincipalName?: undefined | string;

The User Principal Name of the Azure AD User.

interface GetUserResult

interface GetUserResult

A collection of values returned by getUser.

property accountEnabled

accountEnabled: boolean;

True if the account is enabled; otherwise False.

property displayName

displayName: string;

The Display Name of the Azure AD User.

property id

id: string;

The provider-assigned unique ID for this managed resource.

property immutableId

immutableId: string;

The value used to associate an on-premises Active Directory user account with their Azure AD user object.

property mail

mail: string;

The primary email address of the Azure AD User.

property mailNickname

mailNickname: string;

The email alias of the Azure AD User.

property objectId

objectId: string;

property onpremisesSamAccountName

onpremisesSamAccountName: string;

The on premise sam account name of the Azure AD User.

property onpremisesUserPrincipalName

onpremisesUserPrincipalName: string;

The on premise user principal name of the Azure AD User.

property usageLocation

usageLocation: string;

The usage location of the Azure AD User.

property userPrincipalName

userPrincipalName: string;

The User Principal Name of the Azure AD User.

interface GetUsersArgs

interface GetUsersArgs

A collection of arguments for invoking getUsers.

property mailNicknames

mailNicknames?: string[];

The email aliases of the Azure AD Users.

property objectIds

objectIds?: string[];

The Object IDs of the Azure AD Users.

property userPrincipalNames

userPrincipalNames?: string[];

The User Principal Names of the Azure AD Users.

interface GetUsersResult

interface GetUsersResult

A collection of values returned by getUsers.

property id

id: string;

The provider-assigned unique ID for this managed resource.

property mailNicknames

mailNicknames: string[];

The email aliases of the Azure AD Users.

property objectIds

objectIds: string[];

The Object IDs of the Azure AD Users.

property userPrincipalNames

userPrincipalNames: string[];

The User Principal Names of the Azure AD Users.

function getVersion

getVersion(): string

interface GroupArgs

interface GroupArgs

The set of arguments for constructing a Group resource.

property description

description?: pulumi.Input<string>;

The description for the Group. Changing this forces a new resource to be created.

property members

members?: pulumi.Input<pulumi.Input<string>[]>;

A set of members who should be present in this Group. Supported Object types are Users, Groups or Service Principals.

property name

name?: pulumi.Input<string>;

The display name for the Group. Changing this forces a new resource to be created.

property owners

owners?: pulumi.Input<pulumi.Input<string>[]>;

A set of owners who own this Group. Supported Object types are Users or Service Principals.

interface GroupMemberArgs

interface GroupMemberArgs

The set of arguments for constructing a GroupMember resource.

property groupObjectId

groupObjectId: pulumi.Input<string>;

The Object ID of the Azure AD Group you want to add the Member to. Changing this forces a new resource to be created.

property memberObjectId

memberObjectId: pulumi.Input<string>;

The Object ID of the Azure AD Object you want to add as a Member to the Group. Supported Object types are Users, Groups or Service Principals. Changing this forces a new resource to be created.

interface GroupMemberState

interface GroupMemberState

Input properties used for looking up and filtering GroupMember resources.

property groupObjectId

groupObjectId?: pulumi.Input<string>;

The Object ID of the Azure AD Group you want to add the Member to. Changing this forces a new resource to be created.

property memberObjectId

memberObjectId?: pulumi.Input<string>;

The Object ID of the Azure AD Object you want to add as a Member to the Group. Supported Object types are Users, Groups or Service Principals. Changing this forces a new resource to be created.

interface GroupState

interface GroupState

Input properties used for looking up and filtering Group resources.

property description

description?: pulumi.Input<string>;

The description for the Group. Changing this forces a new resource to be created.

property members

members?: pulumi.Input<pulumi.Input<string>[]>;

A set of members who should be present in this Group. Supported Object types are Users, Groups or Service Principals.

property name

name?: pulumi.Input<string>;

The display name for the Group. Changing this forces a new resource to be created.

property objectId

objectId?: pulumi.Input<string>;

property owners

owners?: pulumi.Input<pulumi.Input<string>[]>;

A set of owners who own this Group. Supported Object types are Users or Service Principals.

interface ProviderArgs

interface ProviderArgs

The set of arguments for constructing a Provider resource.

property clientCertificatePassword

clientCertificatePassword?: pulumi.Input<string>;

property clientCertificatePath

clientCertificatePath?: pulumi.Input<string>;

property clientId

clientId?: pulumi.Input<string>;

property clientSecret

clientSecret?: pulumi.Input<string>;

property environment

environment?: pulumi.Input<string>;

property msiEndpoint

msiEndpoint?: pulumi.Input<string>;

property subscriptionId

subscriptionId?: pulumi.Input<string>;

property tenantId

tenantId?: pulumi.Input<string>;

property useMsi

useMsi?: pulumi.Input<boolean>;

interface ServicePrincipalArgs

interface ServicePrincipalArgs

The set of arguments for constructing a ServicePrincipal resource.

property appRoleAssignmentRequired

appRoleAssignmentRequired?: pulumi.Input<boolean>;

Does this Service Principal require an AppRoleAssignment to a user or group before Azure AD will issue a user or access token to the application? Defaults to false.

property applicationId

applicationId: pulumi.Input<string>;

The ID of the Azure AD Application for which to create a Service Principal.

property oauth2Permissions

oauth2Permissions?: pulumi.Input<pulumi.Input<ServicePrincipalOauth2Permission>[]>;

A collection of OAuth 2.0 permissions exposed by the associated application. Each permission is covered by a oauth2Permission block as documented below.

property tags

tags?: pulumi.Input<pulumi.Input<string>[]>;

A list of tags to apply to the Service Principal.

interface ServicePrincipalCertificateArgs

interface ServicePrincipalCertificateArgs

The set of arguments for constructing a ServicePrincipalCertificate resource.

property endDate

endDate?: pulumi.Input<string>;

The End Date which the Certificate is valid until, formatted as a RFC3339 date string (e.g. 2018-01-01T01:02:03Z). Changing this field forces a new resource to be created.

property endDateRelative

endDateRelative?: pulumi.Input<string>;

property keyId

keyId?: pulumi.Input<string>;

A GUID used to uniquely identify this Certificate. If not specified a GUID will be created. Changing this field forces a new resource to be created.

property servicePrincipalId

servicePrincipalId: pulumi.Input<string>;

The ID of the Service Principal for which this certificate should be created. Changing this field forces a new resource to be created.

property startDate

startDate?: pulumi.Input<string>;

property type

type?: pulumi.Input<string>;

The type of key/certificate. Must be one of AsymmetricX509Cert or Symmetric. Changing this fields forces a new resource to be created.

property value

value: pulumi.Input<string>;

The Certificate for this Service Principal.

interface ServicePrincipalCertificateState

interface ServicePrincipalCertificateState

Input properties used for looking up and filtering ServicePrincipalCertificate resources.

property endDate

endDate?: pulumi.Input<string>;

The End Date which the Certificate is valid until, formatted as a RFC3339 date string (e.g. 2018-01-01T01:02:03Z). Changing this field forces a new resource to be created.

property endDateRelative

endDateRelative?: pulumi.Input<string>;

property keyId

keyId?: pulumi.Input<string>;

A GUID used to uniquely identify this Certificate. If not specified a GUID will be created. Changing this field forces a new resource to be created.

property servicePrincipalId

servicePrincipalId?: pulumi.Input<string>;

The ID of the Service Principal for which this certificate should be created. Changing this field forces a new resource to be created.

property startDate

startDate?: pulumi.Input<string>;

property type

type?: pulumi.Input<string>;

The type of key/certificate. Must be one of AsymmetricX509Cert or Symmetric. Changing this fields forces a new resource to be created.

property value

value?: pulumi.Input<string>;

The Certificate for this Service Principal.

interface ServicePrincipalPasswordArgs

interface ServicePrincipalPasswordArgs

The set of arguments for constructing a ServicePrincipalPassword resource.

property description

description?: pulumi.Input<string>;

A description for the Password.

property endDate

endDate?: pulumi.Input<string>;

The End Date which the Password is valid until, formatted as a RFC3339 date string (e.g. 2018-01-01T01:02:03Z). Changing this field forces a new resource to be created.

property endDateRelative

endDateRelative?: pulumi.Input<string>;

property keyId

keyId?: pulumi.Input<string>;

A GUID used to uniquely identify this Key. If not specified a GUID will be created. Changing this field forces a new resource to be created.

property servicePrincipalId

servicePrincipalId: pulumi.Input<string>;

The ID of the Service Principal for which this password should be created. Changing this field forces a new resource to be created.

property startDate

startDate?: pulumi.Input<string>;

property value

value: pulumi.Input<string>;

The Password for this Service Principal.

interface ServicePrincipalPasswordState

interface ServicePrincipalPasswordState

Input properties used for looking up and filtering ServicePrincipalPassword resources.

property description

description?: pulumi.Input<string>;

A description for the Password.

property endDate

endDate?: pulumi.Input<string>;

The End Date which the Password is valid until, formatted as a RFC3339 date string (e.g. 2018-01-01T01:02:03Z). Changing this field forces a new resource to be created.

property endDateRelative

endDateRelative?: pulumi.Input<string>;

property keyId

keyId?: pulumi.Input<string>;

A GUID used to uniquely identify this Key. If not specified a GUID will be created. Changing this field forces a new resource to be created.

property servicePrincipalId

servicePrincipalId?: pulumi.Input<string>;

The ID of the Service Principal for which this password should be created. Changing this field forces a new resource to be created.

property startDate

startDate?: pulumi.Input<string>;

property value

value?: pulumi.Input<string>;

The Password for this Service Principal.

interface ServicePrincipalState

interface ServicePrincipalState

Input properties used for looking up and filtering ServicePrincipal resources.

property appRoleAssignmentRequired

appRoleAssignmentRequired?: pulumi.Input<boolean>;

Does this Service Principal require an AppRoleAssignment to a user or group before Azure AD will issue a user or access token to the application? Defaults to false.

property applicationId

applicationId?: pulumi.Input<string>;

The ID of the Azure AD Application for which to create a Service Principal.

property displayName

displayName?: pulumi.Input<string>;

The Display Name of the Azure Active Directory Application associated with this Service Principal.

property oauth2Permissions

oauth2Permissions?: pulumi.Input<pulumi.Input<ServicePrincipalOauth2Permission>[]>;

A collection of OAuth 2.0 permissions exposed by the associated application. Each permission is covered by a oauth2Permission block as documented below.

property objectId

objectId?: pulumi.Input<string>;

The Service Principal’s Object ID.

property tags

tags?: pulumi.Input<pulumi.Input<string>[]>;

A list of tags to apply to the Service Principal.

interface UserArgs

interface UserArgs

The set of arguments for constructing a User resource.

property accountEnabled

accountEnabled?: pulumi.Input<boolean>;

true if the account should be enabled, otherwise false. Defaults to true.

property displayName

displayName: pulumi.Input<string>;

The name to display in the address book for the user.

property forcePasswordChange

forcePasswordChange?: pulumi.Input<boolean>;

true if the User is forced to change the password during the next sign-in. Defaults to false.

property immutableId

immutableId?: pulumi.Input<string>;

property mailNickname

mailNickname?: pulumi.Input<string>;

The mail alias for the user. Defaults to the user name part of the User Principal Name.

property password

password: pulumi.Input<string>;

The password for the User. The password must satisfy minimum requirements as specified by the password policy. The maximum length is 256 characters.

property usageLocation

usageLocation?: pulumi.Input<string>;

property userPrincipalName

userPrincipalName: pulumi.Input<string>;

The User Principal Name of the Azure AD User.

interface UserState

interface UserState

Input properties used for looking up and filtering User resources.

property accountEnabled

accountEnabled?: pulumi.Input<boolean>;

true if the account should be enabled, otherwise false. Defaults to true.

property displayName

displayName?: pulumi.Input<string>;

The name to display in the address book for the user.

property forcePasswordChange

forcePasswordChange?: pulumi.Input<boolean>;

true if the User is forced to change the password during the next sign-in. Defaults to false.

property immutableId

immutableId?: pulumi.Input<string>;

property mail

mail?: pulumi.Input<string>;

The primary email address of the Azure AD User.

property mailNickname

mailNickname?: pulumi.Input<string>;

The mail alias for the user. Defaults to the user name part of the User Principal Name.

property objectId

objectId?: pulumi.Input<string>;

The Object ID of the Azure AD User.

property onpremisesSamAccountName

onpremisesSamAccountName?: pulumi.Input<string>;

The on premise sam account name of the Azure AD User.

property onpremisesUserPrincipalName

onpremisesUserPrincipalName?: pulumi.Input<string>;

The on premise user principal name of the Azure AD User.

property password

password?: pulumi.Input<string>;

The password for the User. The password must satisfy minimum requirements as specified by the password policy. The maximum length is 256 characters.

property usageLocation

usageLocation?: pulumi.Input<string>;

property userPrincipalName

userPrincipalName?: pulumi.Input<string>;

The User Principal Name of the Azure AD User.

The Pulumi Platform

Get Started

Migrate to Pulumi

Solutions for All Teams and Engineers

Any Code

Any Cloud

Package @pulumi/azuread

Modules

Resources

Functions

Others

Resources

Example Usage

Example Usage

Example Usage

Example Usage

Example Usage

Example Usage

Example Usage

Example Usage