Docs
PackagesCloudflare v5.33.1 published on Wednesday, Jun 26, 2024 by Pulumi
cloudflare.AccessApplication
Explore with Pulumi AI
Provides a Cloudflare Access Application resource. Access Applications are used to restrict access to a whole application using an authorisation gateway managed by Cloudflare.
It’s required that an
account_idorzone_idis provided and in most cases using either is fine. However, if you’re using a scoped access token, you must provide the argument that matches the token’s scope. For example, an access token that is scoped to the “example.com” zone needs to use thezone_idargument.
Create AccessApplication Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new AccessApplication(name: string, args?: AccessApplicationArgs, opts?: CustomResourceOptions);@overload
def AccessApplication(resource_name: str,
args: Optional[AccessApplicationArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def AccessApplication(resource_name: str,
opts: Optional[ResourceOptions] = None,
account_id: Optional[str] = None,
allow_authenticate_via_warp: Optional[bool] = None,
allowed_idps: Optional[Sequence[str]] = None,
app_launcher_logo_url: Optional[str] = None,
app_launcher_visible: Optional[bool] = None,
auto_redirect_to_identity: Optional[bool] = None,
bg_color: Optional[str] = None,
cors_headers: Optional[Sequence[AccessApplicationCorsHeaderArgs]] = None,
custom_deny_message: Optional[str] = None,
custom_deny_url: Optional[str] = None,
custom_non_identity_deny_url: Optional[str] = None,
custom_pages: Optional[Sequence[str]] = None,
domain: Optional[str] = None,
enable_binding_cookie: Optional[bool] = None,
footer_links: Optional[Sequence[AccessApplicationFooterLinkArgs]] = None,
header_bg_color: Optional[str] = None,
http_only_cookie_attribute: Optional[bool] = None,
landing_page_design: Optional[AccessApplicationLandingPageDesignArgs] = None,
logo_url: Optional[str] = None,
name: Optional[str] = None,
options_preflight_bypass: Optional[bool] = None,
policies: Optional[Sequence[str]] = None,
saas_app: Optional[AccessApplicationSaasAppArgs] = None,
same_site_cookie_attribute: Optional[str] = None,
scim_config: Optional[AccessApplicationScimConfigArgs] = None,
self_hosted_domains: Optional[Sequence[str]] = None,
service_auth401_redirect: Optional[bool] = None,
session_duration: Optional[str] = None,
skip_interstitial: Optional[bool] = None,
tags: Optional[Sequence[str]] = None,
type: Optional[str] = None,
zone_id: Optional[str] = None)func NewAccessApplication(ctx *Context, name string, args *AccessApplicationArgs, opts ...ResourceOption) (*AccessApplication, error)public AccessApplication(string name, AccessApplicationArgs? args = null, CustomResourceOptions? opts = null)
public AccessApplication(String name, AccessApplicationArgs args)
public AccessApplication(String name, AccessApplicationArgs args, CustomResourceOptions options)
type: cloudflare:AccessApplication
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args AccessApplicationArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AccessApplicationArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AccessApplicationArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AccessApplicationArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AccessApplicationArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var accessApplicationResource = new Cloudflare.AccessApplication("accessApplicationResource", new()
{
AccountId = "string",
AllowAuthenticateViaWarp = false,
AllowedIdps = new[]
{
"string",
},
AppLauncherLogoUrl = "string",
AppLauncherVisible = false,
AutoRedirectToIdentity = false,
BgColor = "string",
CorsHeaders = new[]
{
new Cloudflare.Inputs.AccessApplicationCorsHeaderArgs
{
AllowAllHeaders = false,
AllowAllMethods = false,
AllowAllOrigins = false,
AllowCredentials = false,
AllowedHeaders = new[]
{
"string",
},
AllowedMethods = new[]
{
"string",
},
AllowedOrigins = new[]
{
"string",
},
MaxAge = 0,
},
},
CustomDenyMessage = "string",
CustomDenyUrl = "string",
CustomNonIdentityDenyUrl = "string",
CustomPages = new[]
{
"string",
},
Domain = "string",
EnableBindingCookie = false,
FooterLinks = new[]
{
new Cloudflare.Inputs.AccessApplicationFooterLinkArgs
{
Name = "string",
Url = "string",
},
},
HeaderBgColor = "string",
HttpOnlyCookieAttribute = false,
LandingPageDesign = new Cloudflare.Inputs.AccessApplicationLandingPageDesignArgs
{
ButtonColor = "string",
ButtonTextColor = "string",
ImageUrl = "string",
Message = "string",
Title = "string",
},
LogoUrl = "string",
Name = "string",
OptionsPreflightBypass = false,
Policies = new[]
{
"string",
},
SaasApp = new Cloudflare.Inputs.AccessApplicationSaasAppArgs
{
AccessTokenLifetime = "string",
AllowPkceWithoutClientSecret = false,
AppLauncherUrl = "string",
AuthType = "string",
ClientId = "string",
ClientSecret = "string",
ConsumerServiceUrl = "string",
CustomAttributes = new[]
{
new Cloudflare.Inputs.AccessApplicationSaasAppCustomAttributeArgs
{
Source = new Cloudflare.Inputs.AccessApplicationSaasAppCustomAttributeSourceArgs
{
Name = "string",
NameByIdp =
{
{ "string", "string" },
},
},
FriendlyName = "string",
Name = "string",
NameFormat = "string",
Required = false,
},
},
CustomClaims = new[]
{
new Cloudflare.Inputs.AccessApplicationSaasAppCustomClaimArgs
{
Source = new Cloudflare.Inputs.AccessApplicationSaasAppCustomClaimSourceArgs
{
Name = "string",
NameByIdp =
{
{ "string", "string" },
},
},
Name = "string",
Required = false,
Scope = "string",
},
},
DefaultRelayState = "string",
GrantTypes = new[]
{
"string",
},
GroupFilterRegex = "string",
HybridAndImplicitOptions = new Cloudflare.Inputs.AccessApplicationSaasAppHybridAndImplicitOptionsArgs
{
ReturnAccessTokenFromAuthorizationEndpoint = false,
ReturnIdTokenFromAuthorizationEndpoint = false,
},
IdpEntityId = "string",
NameIdFormat = "string",
NameIdTransformJsonata = "string",
PublicKey = "string",
RedirectUris = new[]
{
"string",
},
RefreshTokenOptions = new[]
{
new Cloudflare.Inputs.AccessApplicationSaasAppRefreshTokenOptionArgs
{
Lifetime = "string",
},
},
SamlAttributeTransformJsonata = "string",
Scopes = new[]
{
"string",
},
SpEntityId = "string",
SsoEndpoint = "string",
},
SameSiteCookieAttribute = "string",
ScimConfig = new Cloudflare.Inputs.AccessApplicationScimConfigArgs
{
IdpUid = "string",
RemoteUri = "string",
Authentication = new Cloudflare.Inputs.AccessApplicationScimConfigAuthenticationArgs
{
Scheme = "string",
AuthorizationUrl = "string",
ClientId = "string",
ClientSecret = "string",
Password = "string",
Scopes = new[]
{
"string",
},
Token = "string",
TokenUrl = "string",
User = "string",
},
DeactivateOnDelete = false,
Enabled = false,
Mappings = new[]
{
new Cloudflare.Inputs.AccessApplicationScimConfigMappingArgs
{
Schema = "string",
Enabled = false,
Filter = "string",
Operations = new Cloudflare.Inputs.AccessApplicationScimConfigMappingOperationsArgs
{
Create = false,
Delete = false,
Update = false,
},
TransformJsonata = "string",
},
},
},
SelfHostedDomains = new[]
{
"string",
},
ServiceAuth401Redirect = false,
SessionDuration = "string",
SkipInterstitial = false,
Tags = new[]
{
"string",
},
Type = "string",
ZoneId = "string",
});
example, err := cloudflare.NewAccessApplication(ctx, "accessApplicationResource", &cloudflare.AccessApplicationArgs{
AccountId: pulumi.String("string"),
AllowAuthenticateViaWarp: pulumi.Bool(false),
AllowedIdps: pulumi.StringArray{
pulumi.String("string"),
},
AppLauncherLogoUrl: pulumi.String("string"),
AppLauncherVisible: pulumi.Bool(false),
AutoRedirectToIdentity: pulumi.Bool(false),
BgColor: pulumi.String("string"),
CorsHeaders: cloudflare.AccessApplicationCorsHeaderArray{
&cloudflare.AccessApplicationCorsHeaderArgs{
AllowAllHeaders: pulumi.Bool(false),
AllowAllMethods: pulumi.Bool(false),
AllowAllOrigins: pulumi.Bool(false),
AllowCredentials: pulumi.Bool(false),
AllowedHeaders: pulumi.StringArray{
pulumi.String("string"),
},
AllowedMethods: pulumi.StringArray{
pulumi.String("string"),
},
AllowedOrigins: pulumi.StringArray{
pulumi.String("string"),
},
MaxAge: pulumi.Int(0),
},
},
CustomDenyMessage: pulumi.String("string"),
CustomDenyUrl: pulumi.String("string"),
CustomNonIdentityDenyUrl: pulumi.String("string"),
CustomPages: pulumi.StringArray{
pulumi.String("string"),
},
Domain: pulumi.String("string"),
EnableBindingCookie: pulumi.Bool(false),
FooterLinks: cloudflare.AccessApplicationFooterLinkArray{
&cloudflare.AccessApplicationFooterLinkArgs{
Name: pulumi.String("string"),
Url: pulumi.String("string"),
},
},
HeaderBgColor: pulumi.String("string"),
HttpOnlyCookieAttribute: pulumi.Bool(false),
LandingPageDesign: &cloudflare.AccessApplicationLandingPageDesignArgs{
ButtonColor: pulumi.String("string"),
ButtonTextColor: pulumi.String("string"),
ImageUrl: pulumi.String("string"),
Message: pulumi.String("string"),
Title: pulumi.String("string"),
},
LogoUrl: pulumi.String("string"),
Name: pulumi.String("string"),
OptionsPreflightBypass: pulumi.Bool(false),
Policies: pulumi.StringArray{
pulumi.String("string"),
},
SaasApp: &cloudflare.AccessApplicationSaasAppArgs{
AccessTokenLifetime: pulumi.String("string"),
AllowPkceWithoutClientSecret: pulumi.Bool(false),
AppLauncherUrl: pulumi.String("string"),
AuthType: pulumi.String("string"),
ClientId: pulumi.String("string"),
ClientSecret: pulumi.String("string"),
ConsumerServiceUrl: pulumi.String("string"),
CustomAttributes: cloudflare.AccessApplicationSaasAppCustomAttributeArray{
&cloudflare.AccessApplicationSaasAppCustomAttributeArgs{
Source: &cloudflare.AccessApplicationSaasAppCustomAttributeSourceArgs{
Name: pulumi.String("string"),
NameByIdp: pulumi.StringMap{
"string": pulumi.String("string"),
},
},
FriendlyName: pulumi.String("string"),
Name: pulumi.String("string"),
NameFormat: pulumi.String("string"),
Required: pulumi.Bool(false),
},
},
CustomClaims: cloudflare.AccessApplicationSaasAppCustomClaimArray{
&cloudflare.AccessApplicationSaasAppCustomClaimArgs{
Source: &cloudflare.AccessApplicationSaasAppCustomClaimSourceArgs{
Name: pulumi.String("string"),
NameByIdp: pulumi.StringMap{
"string": pulumi.String("string"),
},
},
Name: pulumi.String("string"),
Required: pulumi.Bool(false),
Scope: pulumi.String("string"),
},
},
DefaultRelayState: pulumi.String("string"),
GrantTypes: pulumi.StringArray{
pulumi.String("string"),
},
GroupFilterRegex: pulumi.String("string"),
HybridAndImplicitOptions: &cloudflare.AccessApplicationSaasAppHybridAndImplicitOptionsArgs{
ReturnAccessTokenFromAuthorizationEndpoint: pulumi.Bool(false),
ReturnIdTokenFromAuthorizationEndpoint: pulumi.Bool(false),
},
IdpEntityId: pulumi.String("string"),
NameIdFormat: pulumi.String("string"),
NameIdTransformJsonata: pulumi.String("string"),
PublicKey: pulumi.String("string"),
RedirectUris: pulumi.StringArray{
pulumi.String("string"),
},
RefreshTokenOptions: cloudflare.AccessApplicationSaasAppRefreshTokenOptionArray{
&cloudflare.AccessApplicationSaasAppRefreshTokenOptionArgs{
Lifetime: pulumi.String("string"),
},
},
SamlAttributeTransformJsonata: pulumi.String("string"),
Scopes: pulumi.StringArray{
pulumi.String("string"),
},
SpEntityId: pulumi.String("string"),
SsoEndpoint: pulumi.String("string"),
},
SameSiteCookieAttribute: pulumi.String("string"),
ScimConfig: &cloudflare.AccessApplicationScimConfigArgs{
IdpUid: pulumi.String("string"),
RemoteUri: pulumi.String("string"),
Authentication: &cloudflare.AccessApplicationScimConfigAuthenticationArgs{
Scheme: pulumi.String("string"),
AuthorizationUrl: pulumi.String("string"),
ClientId: pulumi.String("string"),
ClientSecret: pulumi.String("string"),
Password: pulumi.String("string"),
Scopes: pulumi.StringArray{
pulumi.String("string"),
},
Token: pulumi.String("string"),
TokenUrl: pulumi.String("string"),
User: pulumi.String("string"),
},
DeactivateOnDelete: pulumi.Bool(false),
Enabled: pulumi.Bool(false),
Mappings: cloudflare.AccessApplicationScimConfigMappingArray{
&cloudflare.AccessApplicationScimConfigMappingArgs{
Schema: pulumi.String("string"),
Enabled: pulumi.Bool(false),
Filter: pulumi.String("string"),
Operations: &cloudflare.AccessApplicationScimConfigMappingOperationsArgs{
Create: pulumi.Bool(false),
Delete: pulumi.Bool(false),
Update: pulumi.Bool(false),
},
TransformJsonata: pulumi.String("string"),
},
},
},
SelfHostedDomains: pulumi.StringArray{
pulumi.String("string"),
},
ServiceAuth401Redirect: pulumi.Bool(false),
SessionDuration: pulumi.String("string"),
SkipInterstitial: pulumi.Bool(false),
Tags: pulumi.StringArray{
pulumi.String("string"),
},
Type: pulumi.String("string"),
ZoneId: pulumi.String("string"),
})
var accessApplicationResource = new AccessApplication("accessApplicationResource", AccessApplicationArgs.builder()
.accountId("string")
.allowAuthenticateViaWarp(false)
.allowedIdps("string")
.appLauncherLogoUrl("string")
.appLauncherVisible(false)
.autoRedirectToIdentity(false)
.bgColor("string")
.corsHeaders(AccessApplicationCorsHeaderArgs.builder()
.allowAllHeaders(false)
.allowAllMethods(false)
.allowAllOrigins(false)
.allowCredentials(false)
.allowedHeaders("string")
.allowedMethods("string")
.allowedOrigins("string")
.maxAge(0)
.build())
.customDenyMessage("string")
.customDenyUrl("string")
.customNonIdentityDenyUrl("string")
.customPages("string")
.domain("string")
.enableBindingCookie(false)
.footerLinks(AccessApplicationFooterLinkArgs.builder()
.name("string")
.url("string")
.build())
.headerBgColor("string")
.httpOnlyCookieAttribute(false)
.landingPageDesign(AccessApplicationLandingPageDesignArgs.builder()
.buttonColor("string")
.buttonTextColor("string")
.imageUrl("string")
.message("string")
.title("string")
.build())
.logoUrl("string")
.name("string")
.optionsPreflightBypass(false)
.policies("string")
.saasApp(AccessApplicationSaasAppArgs.builder()
.accessTokenLifetime("string")
.allowPkceWithoutClientSecret(false)
.appLauncherUrl("string")
.authType("string")
.clientId("string")
.clientSecret("string")
.consumerServiceUrl("string")
.customAttributes(AccessApplicationSaasAppCustomAttributeArgs.builder()
.source(AccessApplicationSaasAppCustomAttributeSourceArgs.builder()
.name("string")
.nameByIdp(Map.of("string", "string"))
.build())
.friendlyName("string")
.name("string")
.nameFormat("string")
.required(false)
.build())
.customClaims(AccessApplicationSaasAppCustomClaimArgs.builder()
.source(AccessApplicationSaasAppCustomClaimSourceArgs.builder()
.name("string")
.nameByIdp(Map.of("string", "string"))
.build())
.name("string")
.required(false)
.scope("string")
.build())
.defaultRelayState("string")
.grantTypes("string")
.groupFilterRegex("string")
.hybridAndImplicitOptions(AccessApplicationSaasAppHybridAndImplicitOptionsArgs.builder()
.returnAccessTokenFromAuthorizationEndpoint(false)
.returnIdTokenFromAuthorizationEndpoint(false)
.build())
.idpEntityId("string")
.nameIdFormat("string")
.nameIdTransformJsonata("string")
.publicKey("string")
.redirectUris("string")
.refreshTokenOptions(AccessApplicationSaasAppRefreshTokenOptionArgs.builder()
.lifetime("string")
.build())
.samlAttributeTransformJsonata("string")
.scopes("string")
.spEntityId("string")
.ssoEndpoint("string")
.build())
.sameSiteCookieAttribute("string")
.scimConfig(AccessApplicationScimConfigArgs.builder()
.idpUid("string")
.remoteUri("string")
.authentication(AccessApplicationScimConfigAuthenticationArgs.builder()
.scheme("string")
.authorizationUrl("string")
.clientId("string")
.clientSecret("string")
.password("string")
.scopes("string")
.token("string")
.tokenUrl("string")
.user("string")
.build())
.deactivateOnDelete(false)
.enabled(false)
.mappings(AccessApplicationScimConfigMappingArgs.builder()
.schema("string")
.enabled(false)
.filter("string")
.operations(AccessApplicationScimConfigMappingOperationsArgs.builder()
.create(false)
.delete(false)
.update(false)
.build())
.transformJsonata("string")
.build())
.build())
.selfHostedDomains("string")
.serviceAuth401Redirect(false)
.sessionDuration("string")
.skipInterstitial(false)
.tags("string")
.type("string")
.zoneId("string")
.build());
access_application_resource = cloudflare.AccessApplication("accessApplicationResource",
account_id="string",
allow_authenticate_via_warp=False,
allowed_idps=["string"],
app_launcher_logo_url="string",
app_launcher_visible=False,
auto_redirect_to_identity=False,
bg_color="string",
cors_headers=[cloudflare.AccessApplicationCorsHeaderArgs(
allow_all_headers=False,
allow_all_methods=False,
allow_all_origins=False,
allow_credentials=False,
allowed_headers=["string"],
allowed_methods=["string"],
allowed_origins=["string"],
max_age=0,
)],
custom_deny_message="string",
custom_deny_url="string",
custom_non_identity_deny_url="string",
custom_pages=["string"],
domain="string",
enable_binding_cookie=False,
footer_links=[cloudflare.AccessApplicationFooterLinkArgs(
name="string",
url="string",
)],
header_bg_color="string",
http_only_cookie_attribute=False,
landing_page_design=cloudflare.AccessApplicationLandingPageDesignArgs(
button_color="string",
button_text_color="string",
image_url="string",
message="string",
title="string",
),
logo_url="string",
name="string",
options_preflight_bypass=False,
policies=["string"],
saas_app=cloudflare.AccessApplicationSaasAppArgs(
access_token_lifetime="string",
allow_pkce_without_client_secret=False,
app_launcher_url="string",
auth_type="string",
client_id="string",
client_secret="string",
consumer_service_url="string",
custom_attributes=[cloudflare.AccessApplicationSaasAppCustomAttributeArgs(
source=cloudflare.AccessApplicationSaasAppCustomAttributeSourceArgs(
name="string",
name_by_idp={
"string": "string",
},
),
friendly_name="string",
name="string",
name_format="string",
required=False,
)],
custom_claims=[cloudflare.AccessApplicationSaasAppCustomClaimArgs(
source=cloudflare.AccessApplicationSaasAppCustomClaimSourceArgs(
name="string",
name_by_idp={
"string": "string",
},
),
name="string",
required=False,
scope="string",
)],
default_relay_state="string",
grant_types=["string"],
group_filter_regex="string",
hybrid_and_implicit_options=cloudflare.AccessApplicationSaasAppHybridAndImplicitOptionsArgs(
return_access_token_from_authorization_endpoint=False,
return_id_token_from_authorization_endpoint=False,
),
idp_entity_id="string",
name_id_format="string",
name_id_transform_jsonata="string",
public_key="string",
redirect_uris=["string"],
refresh_token_options=[cloudflare.AccessApplicationSaasAppRefreshTokenOptionArgs(
lifetime="string",
)],
saml_attribute_transform_jsonata="string",
scopes=["string"],
sp_entity_id="string",
sso_endpoint="string",
),
same_site_cookie_attribute="string",
scim_config=cloudflare.AccessApplicationScimConfigArgs(
idp_uid="string",
remote_uri="string",
authentication=cloudflare.AccessApplicationScimConfigAuthenticationArgs(
scheme="string",
authorization_url="string",
client_id="string",
client_secret="string",
password="string",
scopes=["string"],
token="string",
token_url="string",
user="string",
),
deactivate_on_delete=False,
enabled=False,
mappings=[cloudflare.AccessApplicationScimConfigMappingArgs(
schema="string",
enabled=False,
filter="string",
operations=cloudflare.AccessApplicationScimConfigMappingOperationsArgs(
create=False,
delete=False,
update=False,
),
transform_jsonata="string",
)],
),
self_hosted_domains=["string"],
service_auth401_redirect=False,
session_duration="string",
skip_interstitial=False,
tags=["string"],
type="string",
zone_id="string")
const accessApplicationResource = new cloudflare.AccessApplication("accessApplicationResource", {
accountId: "string",
allowAuthenticateViaWarp: false,
allowedIdps: ["string"],
appLauncherLogoUrl: "string",
appLauncherVisible: false,
autoRedirectToIdentity: false,
bgColor: "string",
corsHeaders: [{
allowAllHeaders: false,
allowAllMethods: false,
allowAllOrigins: false,
allowCredentials: false,
allowedHeaders: ["string"],
allowedMethods: ["string"],
allowedOrigins: ["string"],
maxAge: 0,
}],
customDenyMessage: "string",
customDenyUrl: "string",
customNonIdentityDenyUrl: "string",
customPages: ["string"],
domain: "string",
enableBindingCookie: false,
footerLinks: [{
name: "string",
url: "string",
}],
headerBgColor: "string",
httpOnlyCookieAttribute: false,
landingPageDesign: {
buttonColor: "string",
buttonTextColor: "string",
imageUrl: "string",
message: "string",
title: "string",
},
logoUrl: "string",
name: "string",
optionsPreflightBypass: false,
policies: ["string"],
saasApp: {
accessTokenLifetime: "string",
allowPkceWithoutClientSecret: false,
appLauncherUrl: "string",
authType: "string",
clientId: "string",
clientSecret: "string",
consumerServiceUrl: "string",
customAttributes: [{
source: {
name: "string",
nameByIdp: {
string: "string",
},
},
friendlyName: "string",
name: "string",
nameFormat: "string",
required: false,
}],
customClaims: [{
source: {
name: "string",
nameByIdp: {
string: "string",
},
},
name: "string",
required: false,
scope: "string",
}],
defaultRelayState: "string",
grantTypes: ["string"],
groupFilterRegex: "string",
hybridAndImplicitOptions: {
returnAccessTokenFromAuthorizationEndpoint: false,
returnIdTokenFromAuthorizationEndpoint: false,
},
idpEntityId: "string",
nameIdFormat: "string",
nameIdTransformJsonata: "string",
publicKey: "string",
redirectUris: ["string"],
refreshTokenOptions: [{
lifetime: "string",
}],
samlAttributeTransformJsonata: "string",
scopes: ["string"],
spEntityId: "string",
ssoEndpoint: "string",
},
sameSiteCookieAttribute: "string",
scimConfig: {
idpUid: "string",
remoteUri: "string",
authentication: {
scheme: "string",
authorizationUrl: "string",
clientId: "string",
clientSecret: "string",
password: "string",
scopes: ["string"],
token: "string",
tokenUrl: "string",
user: "string",
},
deactivateOnDelete: false,
enabled: false,
mappings: [{
schema: "string",
enabled: false,
filter: "string",
operations: {
create: false,
"delete": false,
update: false,
},
transformJsonata: "string",
}],
},
selfHostedDomains: ["string"],
serviceAuth401Redirect: false,
sessionDuration: "string",
skipInterstitial: false,
tags: ["string"],
type: "string",
zoneId: "string",
});
type: cloudflare:AccessApplication
properties:
accountId: string
allowAuthenticateViaWarp: false
allowedIdps:
- string
appLauncherLogoUrl: string
appLauncherVisible: false
autoRedirectToIdentity: false
bgColor: string
corsHeaders:
- allowAllHeaders: false
allowAllMethods: false
allowAllOrigins: false
allowCredentials: false
allowedHeaders:
- string
allowedMethods:
- string
allowedOrigins:
- string
maxAge: 0
customDenyMessage: string
customDenyUrl: string
customNonIdentityDenyUrl: string
customPages:
- string
domain: string
enableBindingCookie: false
footerLinks:
- name: string
url: string
headerBgColor: string
httpOnlyCookieAttribute: false
landingPageDesign:
buttonColor: string
buttonTextColor: string
imageUrl: string
message: string
title: string
logoUrl: string
name: string
optionsPreflightBypass: false
policies:
- string
saasApp:
accessTokenLifetime: string
allowPkceWithoutClientSecret: false
appLauncherUrl: string
authType: string
clientId: string
clientSecret: string
consumerServiceUrl: string
customAttributes:
- friendlyName: string
name: string
nameFormat: string
required: false
source:
name: string
nameByIdp:
string: string
customClaims:
- name: string
required: false
scope: string
source:
name: string
nameByIdp:
string: string
defaultRelayState: string
grantTypes:
- string
groupFilterRegex: string
hybridAndImplicitOptions:
returnAccessTokenFromAuthorizationEndpoint: false
returnIdTokenFromAuthorizationEndpoint: false
idpEntityId: string
nameIdFormat: string
nameIdTransformJsonata: string
publicKey: string
redirectUris:
- string
refreshTokenOptions:
- lifetime: string
samlAttributeTransformJsonata: string
scopes:
- string
spEntityId: string
ssoEndpoint: string
sameSiteCookieAttribute: string
scimConfig:
authentication:
authorizationUrl: string
clientId: string
clientSecret: string
password: string
scheme: string
scopes:
- string
token: string
tokenUrl: string
user: string
deactivateOnDelete: false
enabled: false
idpUid: string
mappings:
- enabled: false
filter: string
operations:
create: false
delete: false
update: false
schema: string
transformJsonata: string
remoteUri: string
selfHostedDomains:
- string
serviceAuth401Redirect: false
sessionDuration: string
skipInterstitial: false
tags:
- string
type: string
zoneId: string
AccessApplication Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The AccessApplication resource accepts the following input properties:
- Account
Id string - The account identifier to target for the resource. Conflicts with
zone_id. - Allow
Authenticate boolVia Warp - When set to true, users can authenticate to this application using their WARP session. When set to false this application will always require direct IdP authentication. This setting always overrides the organization setting for WARP authentication.
- Allowed
Idps List<string> - The identity providers selected for the application.
- App
Launcher stringLogo Url - The logo URL of the app launcher.
- App
Launcher boolVisible - Option to show/hide applications in App Launcher. Defaults to
true. - Auto
Redirect boolTo Identity - Option to skip identity provider selection if only one is configured in
allowed_idps. Defaults tofalse. - Bg
Color string - The background color of the app launcher.
- Cors
Headers List<AccessApplication Cors Header> - CORS configuration for the Access Application. See below for reference structure.
- Custom
Deny stringMessage - Option that returns a custom error message when a user is denied access to the application.
- Custom
Deny stringUrl - Option that redirects to a custom URL when a user is denied access to the application via identity based rules.
- Custom
Non stringIdentity Deny Url - Option that redirects to a custom URL when a user is denied access to the application via non identity rules.
- Custom
Pages List<string> - The custom pages selected for the application.
- Domain string
- The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed.
- bool
- Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to
false. -
List<Access
Application Footer Link> - The footer links of the app launcher.
- Header
Bg stringColor - The background color of the header bar in the app launcher.
- bool
- Option to add the
HttpOnlycookie flag to access tokens. - Landing
Page AccessDesign Application Landing Page Design - The landing page design of the app launcher.
- Logo
Url string - Image URL for the logo shown in the app launcher dashboard.
- Name string
- Friendly name of the Access Application.
- Options
Preflight boolBypass - Allows options preflight requests to bypass Access authentication and go directly to the origin. Cannot turn on if cors_headers is set. Defaults to
false. - Policies List<string>
- The policies associated with the application, in ascending order of precedence. When omitted, the application policies are not be updated. Warning: Do not use this field while you still have this application ID referenced as
application_idin anycloudflare.AccessPolicyresource, as it can result in an inconsistent state. - Saas
App AccessApplication Saas App - SaaS configuration for the Access Application.
- string
- Defines the same-site cookie setting for access tokens. Available values:
none,lax,strict. - Scim
Config AccessApplication Scim Config - Configuration for provisioning to this application via SCIM. This is currently in closed beta.
- Self
Hosted List<string>Domains - List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as
domain. - Service
Auth401Redirect bool - Option to return a 401 status code in service authentication rules on failed requests. Defaults to
false. - Session
Duration string - How often a user will be forced to re-authorise. Must be in the format
48hor2h45m. Defaults to24h. - Skip
Interstitial bool - Option to skip the authorization interstitial when using the CLI. Defaults to
false. - List<string>
- The itags associated with the application.
- Type string
- The application type. Available values:
app_launcher,bookmark,biso,dash_sso,saas,self_hosted,ssh,vnc,warp. Defaults toself_hosted. - Zone
Id string - The zone identifier to target for the resource. Conflicts with
account_id.
- Account
Id string - The account identifier to target for the resource. Conflicts with
zone_id. - Allow
Authenticate boolVia Warp - When set to true, users can authenticate to this application using their WARP session. When set to false this application will always require direct IdP authentication. This setting always overrides the organization setting for WARP authentication.
- Allowed
Idps []string - The identity providers selected for the application.
- App
Launcher stringLogo Url - The logo URL of the app launcher.
- App
Launcher boolVisible - Option to show/hide applications in App Launcher. Defaults to
true. - Auto
Redirect boolTo Identity - Option to skip identity provider selection if only one is configured in
allowed_idps. Defaults tofalse. - Bg
Color string - The background color of the app launcher.
- Cors
Headers []AccessApplication Cors Header Args - CORS configuration for the Access Application. See below for reference structure.
- Custom
Deny stringMessage - Option that returns a custom error message when a user is denied access to the application.
- Custom
Deny stringUrl - Option that redirects to a custom URL when a user is denied access to the application via identity based rules.
- Custom
Non stringIdentity Deny Url - Option that redirects to a custom URL when a user is denied access to the application via non identity rules.
- Custom
Pages []string - The custom pages selected for the application.
- Domain string
- The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed.
- bool
- Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to
false. -
[]Access
Application Footer Link Args - The footer links of the app launcher.
- Header
Bg stringColor - The background color of the header bar in the app launcher.
- bool
- Option to add the
HttpOnlycookie flag to access tokens. - Landing
Page AccessDesign Application Landing Page Design Args - The landing page design of the app launcher.
- Logo
Url string - Image URL for the logo shown in the app launcher dashboard.
- Name string
- Friendly name of the Access Application.
- Options
Preflight boolBypass - Allows options preflight requests to bypass Access authentication and go directly to the origin. Cannot turn on if cors_headers is set. Defaults to
false. - Policies []string
- The policies associated with the application, in ascending order of precedence. When omitted, the application policies are not be updated. Warning: Do not use this field while you still have this application ID referenced as
application_idin anycloudflare.AccessPolicyresource, as it can result in an inconsistent state. - Saas
App AccessApplication Saas App Args - SaaS configuration for the Access Application.
- string
- Defines the same-site cookie setting for access tokens. Available values:
none,lax,strict. - Scim
Config AccessApplication Scim Config Args - Configuration for provisioning to this application via SCIM. This is currently in closed beta.
- Self
Hosted []stringDomains - List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as
domain. - Service
Auth401Redirect bool - Option to return a 401 status code in service authentication rules on failed requests. Defaults to
false. - Session
Duration string - How often a user will be forced to re-authorise. Must be in the format
48hor2h45m. Defaults to24h. - Skip
Interstitial bool - Option to skip the authorization interstitial when using the CLI. Defaults to
false. - []string
- The itags associated with the application.
- Type string
- The application type. Available values:
app_launcher,bookmark,biso,dash_sso,saas,self_hosted,ssh,vnc,warp. Defaults toself_hosted. - Zone
Id string - The zone identifier to target for the resource. Conflicts with
account_id.
- account
Id String - The account identifier to target for the resource. Conflicts with
zone_id. - allow
Authenticate BooleanVia Warp - When set to true, users can authenticate to this application using their WARP session. When set to false this application will always require direct IdP authentication. This setting always overrides the organization setting for WARP authentication.
- allowed
Idps List<String> - The identity providers selected for the application.
- app
Launcher StringLogo Url - The logo URL of the app launcher.
- app
Launcher BooleanVisible - Option to show/hide applications in App Launcher. Defaults to
true. - auto
Redirect BooleanTo Identity - Option to skip identity provider selection if only one is configured in
allowed_idps. Defaults tofalse. - bg
Color String - The background color of the app launcher.
- cors
Headers List<AccessApplication Cors Header> - CORS configuration for the Access Application. See below for reference structure.
- custom
Deny StringMessage - Option that returns a custom error message when a user is denied access to the application.
- custom
Deny StringUrl - Option that redirects to a custom URL when a user is denied access to the application via identity based rules.
- custom
Non StringIdentity Deny Url - Option that redirects to a custom URL when a user is denied access to the application via non identity rules.
- custom
Pages List<String> - The custom pages selected for the application.
- domain String
- The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed.
- Boolean
- Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to
false. -
List<Access
Application Footer Link> - The footer links of the app launcher.
- header
Bg StringColor - The background color of the header bar in the app launcher.
- Boolean
- Option to add the
HttpOnlycookie flag to access tokens. - landing
Page AccessDesign Application Landing Page Design - The landing page design of the app launcher.
- logo
Url String - Image URL for the logo shown in the app launcher dashboard.
- name String
- Friendly name of the Access Application.
- options
Preflight BooleanBypass - Allows options preflight requests to bypass Access authentication and go directly to the origin. Cannot turn on if cors_headers is set. Defaults to
false. - policies List<String>
- The policies associated with the application, in ascending order of precedence. When omitted, the application policies are not be updated. Warning: Do not use this field while you still have this application ID referenced as
application_idin anycloudflare.AccessPolicyresource, as it can result in an inconsistent state. - saas
App AccessApplication Saas App - SaaS configuration for the Access Application.
- String
- Defines the same-site cookie setting for access tokens. Available values:
none,lax,strict. - scim
Config AccessApplication Scim Config - Configuration for provisioning to this application via SCIM. This is currently in closed beta.
- self
Hosted List<String>Domains - List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as
domain. - service
Auth401Redirect Boolean - Option to return a 401 status code in service authentication rules on failed requests. Defaults to
false. - session
Duration String - How often a user will be forced to re-authorise. Must be in the format
48hor2h45m. Defaults to24h. - skip
Interstitial Boolean - Option to skip the authorization interstitial when using the CLI. Defaults to
false. - List<String>
- The itags associated with the application.
- type String
- The application type. Available values:
app_launcher,bookmark,biso,dash_sso,saas,self_hosted,ssh,vnc,warp. Defaults toself_hosted. - zone
Id String - The zone identifier to target for the resource. Conflicts with
account_id.
- account
Id string - The account identifier to target for the resource. Conflicts with
zone_id. - allow
Authenticate booleanVia Warp - When set to true, users can authenticate to this application using their WARP session. When set to false this application will always require direct IdP authentication. This setting always overrides the organization setting for WARP authentication.
- allowed
Idps string[] - The identity providers selected for the application.
- app
Launcher stringLogo Url - The logo URL of the app launcher.
- app
Launcher booleanVisible - Option to show/hide applications in App Launcher. Defaults to
true. - auto
Redirect booleanTo Identity - Option to skip identity provider selection if only one is configured in
allowed_idps. Defaults tofalse. - bg
Color string - The background color of the app launcher.
- cors
Headers AccessApplication Cors Header[] - CORS configuration for the Access Application. See below for reference structure.
- custom
Deny stringMessage - Option that returns a custom error message when a user is denied access to the application.
- custom
Deny stringUrl - Option that redirects to a custom URL when a user is denied access to the application via identity based rules.
- custom
Non stringIdentity Deny Url - Option that redirects to a custom URL when a user is denied access to the application via non identity rules.
- custom
Pages string[] - The custom pages selected for the application.
- domain string
- The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed.
- boolean
- Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to
false. -
Access
Application Footer Link[] - The footer links of the app launcher.
- header
Bg stringColor - The background color of the header bar in the app launcher.
- boolean
- Option to add the
HttpOnlycookie flag to access tokens. - landing
Page AccessDesign Application Landing Page Design - The landing page design of the app launcher.
- logo
Url string - Image URL for the logo shown in the app launcher dashboard.
- name string
- Friendly name of the Access Application.
- options
Preflight booleanBypass - Allows options preflight requests to bypass Access authentication and go directly to the origin. Cannot turn on if cors_headers is set. Defaults to
false. - policies string[]
- The policies associated with the application, in ascending order of precedence. When omitted, the application policies are not be updated. Warning: Do not use this field while you still have this application ID referenced as
application_idin anycloudflare.AccessPolicyresource, as it can result in an inconsistent state. - saas
App AccessApplication Saas App - SaaS configuration for the Access Application.
- string
- Defines the same-site cookie setting for access tokens. Available values:
none,lax,strict. - scim
Config AccessApplication Scim Config - Configuration for provisioning to this application via SCIM. This is currently in closed beta.
- self
Hosted string[]Domains - List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as
domain. - service
Auth401Redirect boolean - Option to return a 401 status code in service authentication rules on failed requests. Defaults to
false. - session
Duration string - How often a user will be forced to re-authorise. Must be in the format
48hor2h45m. Defaults to24h. - skip
Interstitial boolean - Option to skip the authorization interstitial when using the CLI. Defaults to
false. - string[]
- The itags associated with the application.
- type string
- The application type. Available values:
app_launcher,bookmark,biso,dash_sso,saas,self_hosted,ssh,vnc,warp. Defaults toself_hosted. - zone
Id string - The zone identifier to target for the resource. Conflicts with
account_id.
- account_
id str - The account identifier to target for the resource. Conflicts with
zone_id. - allow_
authenticate_ boolvia_ warp - When set to true, users can authenticate to this application using their WARP session. When set to false this application will always require direct IdP authentication. This setting always overrides the organization setting for WARP authentication.
- allowed_
idps Sequence[str] - The identity providers selected for the application.
- app_
launcher_ strlogo_ url - The logo URL of the app launcher.
- app_
launcher_ boolvisible - Option to show/hide applications in App Launcher. Defaults to
true. - auto_
redirect_ boolto_ identity - Option to skip identity provider selection if only one is configured in
allowed_idps. Defaults tofalse. - bg_
color str - The background color of the app launcher.
- cors_
headers Sequence[AccessApplication Cors Header Args] - CORS configuration for the Access Application. See below for reference structure.
- custom_
deny_ strmessage - Option that returns a custom error message when a user is denied access to the application.
- custom_
deny_ strurl - Option that redirects to a custom URL when a user is denied access to the application via identity based rules.
- custom_
non_ stridentity_ deny_ url - Option that redirects to a custom URL when a user is denied access to the application via non identity rules.
- custom_
pages Sequence[str] - The custom pages selected for the application.
- domain str
- The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed.
- bool
- Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to
false. -
Sequence[Access
Application Footer Link Args] - The footer links of the app launcher.
- header_
bg_ strcolor - The background color of the header bar in the app launcher.
- bool
- Option to add the
HttpOnlycookie flag to access tokens. - landing_
page_ Accessdesign Application Landing Page Design Args - The landing page design of the app launcher.
- logo_
url str - Image URL for the logo shown in the app launcher dashboard.
- name str
- Friendly name of the Access Application.
- options_
preflight_ boolbypass - Allows options preflight requests to bypass Access authentication and go directly to the origin. Cannot turn on if cors_headers is set. Defaults to
false. - policies Sequence[str]
- The policies associated with the application, in ascending order of precedence. When omitted, the application policies are not be updated. Warning: Do not use this field while you still have this application ID referenced as
application_idin anycloudflare.AccessPolicyresource, as it can result in an inconsistent state. - saas_
app AccessApplication Saas App Args - SaaS configuration for the Access Application.
- str
- Defines the same-site cookie setting for access tokens. Available values:
none,lax,strict. - scim_
config AccessApplication Scim Config Args - Configuration for provisioning to this application via SCIM. This is currently in closed beta.
- self_
hosted_ Sequence[str]domains - List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as
domain. - service_
auth401_ boolredirect - Option to return a 401 status code in service authentication rules on failed requests. Defaults to
false. - session_
duration str - How often a user will be forced to re-authorise. Must be in the format
48hor2h45m. Defaults to24h. - skip_
interstitial bool - Option to skip the authorization interstitial when using the CLI. Defaults to
false. - Sequence[str]
- The itags associated with the application.
- type str
- The application type. Available values:
app_launcher,bookmark,biso,dash_sso,saas,self_hosted,ssh,vnc,warp. Defaults toself_hosted. - zone_
id str - The zone identifier to target for the resource. Conflicts with
account_id.
- account
Id String - The account identifier to target for the resource. Conflicts with
zone_id. - allow
Authenticate BooleanVia Warp - When set to true, users can authenticate to this application using their WARP session. When set to false this application will always require direct IdP authentication. This setting always overrides the organization setting for WARP authentication.
- allowed
Idps List<String> - The identity providers selected for the application.
- app
Launcher StringLogo Url - The logo URL of the app launcher.
- app
Launcher BooleanVisible - Option to show/hide applications in App Launcher. Defaults to
true. - auto
Redirect BooleanTo Identity - Option to skip identity provider selection if only one is configured in
allowed_idps. Defaults tofalse. - bg
Color String - The background color of the app launcher.
- cors
Headers List<Property Map> - CORS configuration for the Access Application. See below for reference structure.
- custom
Deny StringMessage - Option that returns a custom error message when a user is denied access to the application.
- custom
Deny StringUrl - Option that redirects to a custom URL when a user is denied access to the application via identity based rules.
- custom
Non StringIdentity Deny Url - Option that redirects to a custom URL when a user is denied access to the application via non identity rules.
- custom
Pages List<String> - The custom pages selected for the application.
- domain String
- The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed.
- Boolean
- Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to
false. - List<Property Map>
- The footer links of the app launcher.
- header
Bg StringColor - The background color of the header bar in the app launcher.
- Boolean
- Option to add the
HttpOnlycookie flag to access tokens. - landing
Page Property MapDesign - The landing page design of the app launcher.
- logo
Url String - Image URL for the logo shown in the app launcher dashboard.
- name String
- Friendly name of the Access Application.
- options
Preflight BooleanBypass - Allows options preflight requests to bypass Access authentication and go directly to the origin. Cannot turn on if cors_headers is set. Defaults to
false. - policies List<String>
- The policies associated with the application, in ascending order of precedence. When omitted, the application policies are not be updated. Warning: Do not use this field while you still have this application ID referenced as
application_idin anycloudflare.AccessPolicyresource, as it can result in an inconsistent state. - saas
App Property Map - SaaS configuration for the Access Application.
- String
- Defines the same-site cookie setting for access tokens. Available values:
none,lax,strict. - scim
Config Property Map - Configuration for provisioning to this application via SCIM. This is currently in closed beta.
- self
Hosted List<String>Domains - List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as
domain. - service
Auth401Redirect Boolean - Option to return a 401 status code in service authentication rules on failed requests. Defaults to
false. - session
Duration String - How often a user will be forced to re-authorise. Must be in the format
48hor2h45m. Defaults to24h. - skip
Interstitial Boolean - Option to skip the authorization interstitial when using the CLI. Defaults to
false. - List<String>
- The itags associated with the application.
- type String
- The application type. Available values:
app_launcher,bookmark,biso,dash_sso,saas,self_hosted,ssh,vnc,warp. Defaults toself_hosted. - zone
Id String - The zone identifier to target for the resource. Conflicts with
account_id.
Outputs
All input properties are implicitly available as output properties. Additionally, the AccessApplication resource produces the following output properties:
Look up Existing AccessApplication Resource
Get an existing AccessApplication resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: AccessApplicationState, opts?: CustomResourceOptions): AccessApplication@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
account_id: Optional[str] = None,
allow_authenticate_via_warp: Optional[bool] = None,
allowed_idps: Optional[Sequence[str]] = None,
app_launcher_logo_url: Optional[str] = None,
app_launcher_visible: Optional[bool] = None,
aud: Optional[str] = None,
auto_redirect_to_identity: Optional[bool] = None,
bg_color: Optional[str] = None,
cors_headers: Optional[Sequence[AccessApplicationCorsHeaderArgs]] = None,
custom_deny_message: Optional[str] = None,
custom_deny_url: Optional[str] = None,
custom_non_identity_deny_url: Optional[str] = None,
custom_pages: Optional[Sequence[str]] = None,
domain: Optional[str] = None,
enable_binding_cookie: Optional[bool] = None,
footer_links: Optional[Sequence[AccessApplicationFooterLinkArgs]] = None,
header_bg_color: Optional[str] = None,
http_only_cookie_attribute: Optional[bool] = None,
landing_page_design: Optional[AccessApplicationLandingPageDesignArgs] = None,
logo_url: Optional[str] = None,
name: Optional[str] = None,
options_preflight_bypass: Optional[bool] = None,
policies: Optional[Sequence[str]] = None,
saas_app: Optional[AccessApplicationSaasAppArgs] = None,
same_site_cookie_attribute: Optional[str] = None,
scim_config: Optional[AccessApplicationScimConfigArgs] = None,
self_hosted_domains: Optional[Sequence[str]] = None,
service_auth401_redirect: Optional[bool] = None,
session_duration: Optional[str] = None,
skip_interstitial: Optional[bool] = None,
tags: Optional[Sequence[str]] = None,
type: Optional[str] = None,
zone_id: Optional[str] = None) -> AccessApplicationfunc GetAccessApplication(ctx *Context, name string, id IDInput, state *AccessApplicationState, opts ...ResourceOption) (*AccessApplication, error)public static AccessApplication Get(string name, Input<string> id, AccessApplicationState? state, CustomResourceOptions? opts = null)public static AccessApplication get(String name, Output<String> id, AccessApplicationState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Account
Id string - The account identifier to target for the resource. Conflicts with
zone_id. - Allow
Authenticate boolVia Warp - When set to true, users can authenticate to this application using their WARP session. When set to false this application will always require direct IdP authentication. This setting always overrides the organization setting for WARP authentication.
- Allowed
Idps List<string> - The identity providers selected for the application.
- App
Launcher stringLogo Url - The logo URL of the app launcher.
- App
Launcher boolVisible - Option to show/hide applications in App Launcher. Defaults to
true. - Aud string
- Application Audience (AUD) Tag of the application.
- Auto
Redirect boolTo Identity - Option to skip identity provider selection if only one is configured in
allowed_idps. Defaults tofalse. - Bg
Color string - The background color of the app launcher.
- Cors
Headers List<AccessApplication Cors Header> - CORS configuration for the Access Application. See below for reference structure.
- Custom
Deny stringMessage - Option that returns a custom error message when a user is denied access to the application.
- Custom
Deny stringUrl - Option that redirects to a custom URL when a user is denied access to the application via identity based rules.
- Custom
Non stringIdentity Deny Url - Option that redirects to a custom URL when a user is denied access to the application via non identity rules.
- Custom
Pages List<string> - The custom pages selected for the application.
- Domain string
- The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed.
- bool
- Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to
false. -
List<Access
Application Footer Link> - The footer links of the app launcher.
- Header
Bg stringColor - The background color of the header bar in the app launcher.
- bool
- Option to add the
HttpOnlycookie flag to access tokens. - Landing
Page AccessDesign Application Landing Page Design - The landing page design of the app launcher.
- Logo
Url string - Image URL for the logo shown in the app launcher dashboard.
- Name string
- Friendly name of the Access Application.
- Options
Preflight boolBypass - Allows options preflight requests to bypass Access authentication and go directly to the origin. Cannot turn on if cors_headers is set. Defaults to
false. - Policies List<string>
- The policies associated with the application, in ascending order of precedence. When omitted, the application policies are not be updated. Warning: Do not use this field while you still have this application ID referenced as
application_idin anycloudflare.AccessPolicyresource, as it can result in an inconsistent state. - Saas
App AccessApplication Saas App - SaaS configuration for the Access Application.
- string
- Defines the same-site cookie setting for access tokens. Available values:
none,lax,strict. - Scim
Config AccessApplication Scim Config - Configuration for provisioning to this application via SCIM. This is currently in closed beta.
- Self
Hosted List<string>Domains - List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as
domain. - Service
Auth401Redirect bool - Option to return a 401 status code in service authentication rules on failed requests. Defaults to
false. - Session
Duration string - How often a user will be forced to re-authorise. Must be in the format
48hor2h45m. Defaults to24h. - Skip
Interstitial bool - Option to skip the authorization interstitial when using the CLI. Defaults to
false. - List<string>
- The itags associated with the application.
- Type string
- The application type. Available values:
app_launcher,bookmark,biso,dash_sso,saas,self_hosted,ssh,vnc,warp. Defaults toself_hosted. - Zone
Id string - The zone identifier to target for the resource. Conflicts with
account_id.
- Account
Id string - The account identifier to target for the resource. Conflicts with
zone_id. - Allow
Authenticate boolVia Warp - When set to true, users can authenticate to this application using their WARP session. When set to false this application will always require direct IdP authentication. This setting always overrides the organization setting for WARP authentication.
- Allowed
Idps []string - The identity providers selected for the application.
- App
Launcher stringLogo Url - The logo URL of the app launcher.
- App
Launcher boolVisible - Option to show/hide applications in App Launcher. Defaults to
true. - Aud string
- Application Audience (AUD) Tag of the application.
- Auto
Redirect boolTo Identity - Option to skip identity provider selection if only one is configured in
allowed_idps. Defaults tofalse. - Bg
Color string - The background color of the app launcher.
- Cors
Headers []AccessApplication Cors Header Args - CORS configuration for the Access Application. See below for reference structure.
- Custom
Deny stringMessage - Option that returns a custom error message when a user is denied access to the application.
- Custom
Deny stringUrl - Option that redirects to a custom URL when a user is denied access to the application via identity based rules.
- Custom
Non stringIdentity Deny Url - Option that redirects to a custom URL when a user is denied access to the application via non identity rules.
- Custom
Pages []string - The custom pages selected for the application.
- Domain string
- The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed.
- bool
- Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to
false. -
[]Access
Application Footer Link Args - The footer links of the app launcher.
- Header
Bg stringColor - The background color of the header bar in the app launcher.
- bool
- Option to add the
HttpOnlycookie flag to access tokens. - Landing
Page AccessDesign Application Landing Page Design Args - The landing page design of the app launcher.
- Logo
Url string - Image URL for the logo shown in the app launcher dashboard.
- Name string
- Friendly name of the Access Application.
- Options
Preflight boolBypass - Allows options preflight requests to bypass Access authentication and go directly to the origin. Cannot turn on if cors_headers is set. Defaults to
false. - Policies []string
- The policies associated with the application, in ascending order of precedence. When omitted, the application policies are not be updated. Warning: Do not use this field while you still have this application ID referenced as
application_idin anycloudflare.AccessPolicyresource, as it can result in an inconsistent state. - Saas
App AccessApplication Saas App Args - SaaS configuration for the Access Application.
- string
- Defines the same-site cookie setting for access tokens. Available values:
none,lax,strict. - Scim
Config AccessApplication Scim Config Args - Configuration for provisioning to this application via SCIM. This is currently in closed beta.
- Self
Hosted []stringDomains - List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as
domain. - Service
Auth401Redirect bool - Option to return a 401 status code in service authentication rules on failed requests. Defaults to
false. - Session
Duration string - How often a user will be forced to re-authorise. Must be in the format
48hor2h45m. Defaults to24h. - Skip
Interstitial bool - Option to skip the authorization interstitial when using the CLI. Defaults to
false. - []string
- The itags associated with the application.
- Type string
- The application type. Available values:
app_launcher,bookmark,biso,dash_sso,saas,self_hosted,ssh,vnc,warp. Defaults toself_hosted. - Zone
Id string - The zone identifier to target for the resource. Conflicts with
account_id.
- account
Id String - The account identifier to target for the resource. Conflicts with
zone_id. - allow
Authenticate BooleanVia Warp - When set to true, users can authenticate to this application using their WARP session. When set to false this application will always require direct IdP authentication. This setting always overrides the organization setting for WARP authentication.
- allowed
Idps List<String> - The identity providers selected for the application.
- app
Launcher StringLogo Url - The logo URL of the app launcher.
- app
Launcher BooleanVisible - Option to show/hide applications in App Launcher. Defaults to
true. - aud String
- Application Audience (AUD) Tag of the application.
- auto
Redirect BooleanTo Identity - Option to skip identity provider selection if only one is configured in
allowed_idps. Defaults tofalse. - bg
Color String - The background color of the app launcher.
- cors
Headers List<AccessApplication Cors Header> - CORS configuration for the Access Application. See below for reference structure.
- custom
Deny StringMessage - Option that returns a custom error message when a user is denied access to the application.
- custom
Deny StringUrl - Option that redirects to a custom URL when a user is denied access to the application via identity based rules.
- custom
Non StringIdentity Deny Url - Option that redirects to a custom URL when a user is denied access to the application via non identity rules.
- custom
Pages List<String> - The custom pages selected for the application.
- domain String
- The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed.
- Boolean
- Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to
false. -
List<Access
Application Footer Link> - The footer links of the app launcher.
- header
Bg StringColor - The background color of the header bar in the app launcher.
- Boolean
- Option to add the
HttpOnlycookie flag to access tokens. - landing
Page AccessDesign Application Landing Page Design - The landing page design of the app launcher.
- logo
Url String - Image URL for the logo shown in the app launcher dashboard.
- name String
- Friendly name of the Access Application.
- options
Preflight BooleanBypass - Allows options preflight requests to bypass Access authentication and go directly to the origin. Cannot turn on if cors_headers is set. Defaults to
false. - policies List<String>
- The policies associated with the application, in ascending order of precedence. When omitted, the application policies are not be updated. Warning: Do not use this field while you still have this application ID referenced as
application_idin anycloudflare.AccessPolicyresource, as it can result in an inconsistent state. - saas
App AccessApplication Saas App - SaaS configuration for the Access Application.
- String
- Defines the same-site cookie setting for access tokens. Available values:
none,lax,strict. - scim
Config AccessApplication Scim Config - Configuration for provisioning to this application via SCIM. This is currently in closed beta.
- self
Hosted List<String>Domains - List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as
domain. - service
Auth401Redirect Boolean - Option to return a 401 status code in service authentication rules on failed requests. Defaults to
false. - session
Duration String - How often a user will be forced to re-authorise. Must be in the format
48hor2h45m. Defaults to24h. - skip
Interstitial Boolean - Option to skip the authorization interstitial when using the CLI. Defaults to
false. - List<String>
- The itags associated with the application.
- type String
- The application type. Available values:
app_launcher,bookmark,biso,dash_sso,saas,self_hosted,ssh,vnc,warp. Defaults toself_hosted. - zone
Id String - The zone identifier to target for the resource. Conflicts with
account_id.
- account
Id string - The account identifier to target for the resource. Conflicts with
zone_id. - allow
Authenticate booleanVia Warp - When set to true, users can authenticate to this application using their WARP session. When set to false this application will always require direct IdP authentication. This setting always overrides the organization setting for WARP authentication.
- allowed
Idps string[] - The identity providers selected for the application.
- app
Launcher stringLogo Url - The logo URL of the app launcher.
- app
Launcher booleanVisible - Option to show/hide applications in App Launcher. Defaults to
true. - aud string
- Application Audience (AUD) Tag of the application.
- auto
Redirect booleanTo Identity - Option to skip identity provider selection if only one is configured in
allowed_idps. Defaults tofalse. - bg
Color string - The background color of the app launcher.
- cors
Headers AccessApplication Cors Header[] - CORS configuration for the Access Application. See below for reference structure.
- custom
Deny stringMessage - Option that returns a custom error message when a user is denied access to the application.
- custom
Deny stringUrl - Option that redirects to a custom URL when a user is denied access to the application via identity based rules.
- custom
Non stringIdentity Deny Url - Option that redirects to a custom URL when a user is denied access to the application via non identity rules.
- custom
Pages string[] - The custom pages selected for the application.
- domain string
- The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed.
- boolean
- Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to
false. -
Access
Application Footer Link[] - The footer links of the app launcher.
- header
Bg stringColor - The background color of the header bar in the app launcher.
- boolean
- Option to add the
HttpOnlycookie flag to access tokens. - landing
Page AccessDesign Application Landing Page Design - The landing page design of the app launcher.
- logo
Url string - Image URL for the logo shown in the app launcher dashboard.
- name string
- Friendly name of the Access Application.
- options
Preflight booleanBypass - Allows options preflight requests to bypass Access authentication and go directly to the origin. Cannot turn on if cors_headers is set. Defaults to
false. - policies string[]
- The policies associated with the application, in ascending order of precedence. When omitted, the application policies are not be updated. Warning: Do not use this field while you still have this application ID referenced as
application_idin anycloudflare.AccessPolicyresource, as it can result in an inconsistent state. - saas
App AccessApplication Saas App - SaaS configuration for the Access Application.
- string
- Defines the same-site cookie setting for access tokens. Available values:
none,lax,strict. - scim
Config AccessApplication Scim Config - Configuration for provisioning to this application via SCIM. This is currently in closed beta.
- self
Hosted string[]Domains - List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as
domain. - service
Auth401Redirect boolean - Option to return a 401 status code in service authentication rules on failed requests. Defaults to
false. - session
Duration string - How often a user will be forced to re-authorise. Must be in the format
48hor2h45m. Defaults to24h. - skip
Interstitial boolean - Option to skip the authorization interstitial when using the CLI. Defaults to
false. - string[]
- The itags associated with the application.
- type string
- The application type. Available values:
app_launcher,bookmark,biso,dash_sso,saas,self_hosted,ssh,vnc,warp. Defaults toself_hosted. - zone
Id string - The zone identifier to target for the resource. Conflicts with
account_id.
- account_
id str - The account identifier to target for the resource. Conflicts with
zone_id. - allow_
authenticate_ boolvia_ warp - When set to true, users can authenticate to this application using their WARP session. When set to false this application will always require direct IdP authentication. This setting always overrides the organization setting for WARP authentication.
- allowed_
idps Sequence[str] - The identity providers selected for the application.
- app_
launcher_ strlogo_ url - The logo URL of the app launcher.
- app_
launcher_ boolvisible - Option to show/hide applications in App Launcher. Defaults to
true. - aud str
- Application Audience (AUD) Tag of the application.
- auto_
redirect_ boolto_ identity - Option to skip identity provider selection if only one is configured in
allowed_idps. Defaults tofalse. - bg_
color str - The background color of the app launcher.
- cors_
headers Sequence[AccessApplication Cors Header Args] - CORS configuration for the Access Application. See below for reference structure.
- custom_
deny_ strmessage - Option that returns a custom error message when a user is denied access to the application.
- custom_
deny_ strurl - Option that redirects to a custom URL when a user is denied access to the application via identity based rules.
- custom_
non_ stridentity_ deny_ url - Option that redirects to a custom URL when a user is denied access to the application via non identity rules.
- custom_
pages Sequence[str] - The custom pages selected for the application.
- domain str
- The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed.
- bool
- Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to
false. -
Sequence[Access
Application Footer Link Args] - The footer links of the app launcher.
- header_
bg_ strcolor - The background color of the header bar in the app launcher.
- bool
- Option to add the
HttpOnlycookie flag to access tokens. - landing_
page_ Accessdesign Application Landing Page Design Args - The landing page design of the app launcher.
- logo_
url str - Image URL for the logo shown in the app launcher dashboard.
- name str
- Friendly name of the Access Application.
- options_
preflight_ boolbypass - Allows options preflight requests to bypass Access authentication and go directly to the origin. Cannot turn on if cors_headers is set. Defaults to
false. - policies Sequence[str]
- The policies associated with the application, in ascending order of precedence. When omitted, the application policies are not be updated. Warning: Do not use this field while you still have this application ID referenced as
application_idin anycloudflare.AccessPolicyresource, as it can result in an inconsistent state. - saas_
app AccessApplication Saas App Args - SaaS configuration for the Access Application.
- str
- Defines the same-site cookie setting for access tokens. Available values:
none,lax,strict. - scim_
config AccessApplication Scim Config Args - Configuration for provisioning to this application via SCIM. This is currently in closed beta.
- self_
hosted_ Sequence[str]domains - List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as
domain. - service_
auth401_ boolredirect - Option to return a 401 status code in service authentication rules on failed requests. Defaults to
false. - session_
duration str - How often a user will be forced to re-authorise. Must be in the format
48hor2h45m. Defaults to24h. - skip_
interstitial bool - Option to skip the authorization interstitial when using the CLI. Defaults to
false. - Sequence[str]
- The itags associated with the application.
- type str
- The application type. Available values:
app_launcher,bookmark,biso,dash_sso,saas,self_hosted,ssh,vnc,warp. Defaults toself_hosted. - zone_
id str - The zone identifier to target for the resource. Conflicts with
account_id.
- account
Id String - The account identifier to target for the resource. Conflicts with
zone_id. - allow
Authenticate BooleanVia Warp - When set to true, users can authenticate to this application using their WARP session. When set to false this application will always require direct IdP authentication. This setting always overrides the organization setting for WARP authentication.
- allowed
Idps List<String> - The identity providers selected for the application.
- app
Launcher StringLogo Url - The logo URL of the app launcher.
- app
Launcher BooleanVisible - Option to show/hide applications in App Launcher. Defaults to
true. - aud String
- Application Audience (AUD) Tag of the application.
- auto
Redirect BooleanTo Identity - Option to skip identity provider selection if only one is configured in
allowed_idps. Defaults tofalse. - bg
Color String - The background color of the app launcher.
- cors
Headers List<Property Map> - CORS configuration for the Access Application. See below for reference structure.
- custom
Deny StringMessage - Option that returns a custom error message when a user is denied access to the application.
- custom
Deny StringUrl - Option that redirects to a custom URL when a user is denied access to the application via identity based rules.
- custom
Non StringIdentity Deny Url - Option that redirects to a custom URL when a user is denied access to the application via non identity rules.
- custom
Pages List<String> - The custom pages selected for the application.
- domain String
- The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed.
- Boolean
- Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to
false. - List<Property Map>
- The footer links of the app launcher.
- header
Bg StringColor - The background color of the header bar in the app launcher.
- Boolean
- Option to add the
HttpOnlycookie flag to access tokens. - landing
Page Property MapDesign - The landing page design of the app launcher.
- logo
Url String - Image URL for the logo shown in the app launcher dashboard.
- name String
- Friendly name of the Access Application.
- options
Preflight BooleanBypass - Allows options preflight requests to bypass Access authentication and go directly to the origin. Cannot turn on if cors_headers is set. Defaults to
false. - policies List<String>
- The policies associated with the application, in ascending order of precedence. When omitted, the application policies are not be updated. Warning: Do not use this field while you still have this application ID referenced as
application_idin anycloudflare.AccessPolicyresource, as it can result in an inconsistent state. - saas
App Property Map - SaaS configuration for the Access Application.
- String
- Defines the same-site cookie setting for access tokens. Available values:
none,lax,strict. - scim
Config Property Map - Configuration for provisioning to this application via SCIM. This is currently in closed beta.
- self
Hosted List<String>Domains - List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as
domain. - service
Auth401Redirect Boolean - Option to return a 401 status code in service authentication rules on failed requests. Defaults to
false. - session
Duration String - How often a user will be forced to re-authorise. Must be in the format
48hor2h45m. Defaults to24h. - skip
Interstitial Boolean - Option to skip the authorization interstitial when using the CLI. Defaults to
false. - List<String>
- The itags associated with the application.
- type String
- The application type. Available values:
app_launcher,bookmark,biso,dash_sso,saas,self_hosted,ssh,vnc,warp. Defaults toself_hosted. - zone
Id String - The zone identifier to target for the resource. Conflicts with
account_id.
Supporting Types
AccessApplicationCorsHeader, AccessApplicationCorsHeaderArgs
- Allow
All boolHeaders - Value to determine whether all HTTP headers are exposed.
- Allow
All boolMethods - Value to determine whether all methods are exposed.
- Allow
All boolOrigins - Value to determine whether all origins are permitted to make CORS requests.
- Allow
Credentials bool - Value to determine if credentials (cookies, authorization headers, or TLS client certificates) are included with requests.
- Allowed
Headers List<string> - List of HTTP headers to expose via CORS.
- Allowed
Methods List<string> - List of methods to expose via CORS.
- Allowed
Origins List<string> - List of origins permitted to make CORS requests.
- Max
Age int - The maximum time a preflight request will be cached.
- Allow
All boolHeaders - Value to determine whether all HTTP headers are exposed.
- Allow
All boolMethods - Value to determine whether all methods are exposed.
- Allow
All boolOrigins - Value to determine whether all origins are permitted to make CORS requests.
- Allow
Credentials bool - Value to determine if credentials (cookies, authorization headers, or TLS client certificates) are included with requests.
- Allowed
Headers []string - List of HTTP headers to expose via CORS.
- Allowed
Methods []string - List of methods to expose via CORS.
- Allowed
Origins []string - List of origins permitted to make CORS requests.
- Max
Age int - The maximum time a preflight request will be cached.
- allow
All BooleanHeaders - Value to determine whether all HTTP headers are exposed.
- allow
All BooleanMethods - Value to determine whether all methods are exposed.
- allow
All BooleanOrigins - Value to determine whether all origins are permitted to make CORS requests.
- allow
Credentials Boolean - Value to determine if credentials (cookies, authorization headers, or TLS client certificates) are included with requests.
- allowed
Headers List<String> - List of HTTP headers to expose via CORS.
- allowed
Methods List<String> - List of methods to expose via CORS.
- allowed
Origins List<String> - List of origins permitted to make CORS requests.
- max
Age Integer - The maximum time a preflight request will be cached.
- allow
All booleanHeaders - Value to determine whether all HTTP headers are exposed.
- allow
All booleanMethods - Value to determine whether all methods are exposed.
- allow
All booleanOrigins - Value to determine whether all origins are permitted to make CORS requests.
- allow
Credentials boolean - Value to determine if credentials (cookies, authorization headers, or TLS client certificates) are included with requests.
- allowed
Headers string[] - List of HTTP headers to expose via CORS.
- allowed
Methods string[] - List of methods to expose via CORS.
- allowed
Origins string[] - List of origins permitted to make CORS requests.
- max
Age number - The maximum time a preflight request will be cached.
- allow_
all_ boolheaders - Value to determine whether all HTTP headers are exposed.
- allow_
all_ boolmethods - Value to determine whether all methods are exposed.
- allow_
all_ boolorigins - Value to determine whether all origins are permitted to make CORS requests.
- allow_
credentials bool - Value to determine if credentials (cookies, authorization headers, or TLS client certificates) are included with requests.
- allowed_
headers Sequence[str] - List of HTTP headers to expose via CORS.
- allowed_
methods Sequence[str] - List of methods to expose via CORS.
- allowed_
origins Sequence[str] - List of origins permitted to make CORS requests.
- max_
age int - The maximum time a preflight request will be cached.
- allow
All BooleanHeaders - Value to determine whether all HTTP headers are exposed.
- allow
All BooleanMethods - Value to determine whether all methods are exposed.
- allow
All BooleanOrigins - Value to determine whether all origins are permitted to make CORS requests.
- allow
Credentials Boolean - Value to determine if credentials (cookies, authorization headers, or TLS client certificates) are included with requests.
- allowed
Headers List<String> - List of HTTP headers to expose via CORS.
- allowed
Methods List<String> - List of methods to expose via CORS.
- allowed
Origins List<String> - List of origins permitted to make CORS requests.
- max
Age Number - The maximum time a preflight request will be cached.
AccessApplicationFooterLink, AccessApplicationFooterLinkArgs
AccessApplicationLandingPageDesign, AccessApplicationLandingPageDesignArgs
AccessApplicationSaasApp, AccessApplicationSaasAppArgs
- Access
Token stringLifetime - The lifetime of the Access Token after creation. Valid units are
mandh. Must be greater than or equal to 1m and less than or equal to 24h. - Allow
Pkce boolWithout Client Secret - Allow PKCE flow without a client secret.
- App
Launcher stringUrl - The URL where this applications tile redirects users.
- Auth
Type string - Modifying this attribute will force creation of a new resource.
- Client
Id string - The application client id.
- Client
Secret string - The application client secret, only returned on initial apply.
- Consumer
Service stringUrl - The service provider's endpoint that is responsible for receiving and parsing a SAML assertion.
- Custom
Attributes List<AccessApplication Saas App Custom Attribute> - Custom attribute mapped from IDPs.
- Custom
Claims List<AccessApplication Saas App Custom Claim> - Custom claim mapped from IDPs.
- Default
Relay stringState - The relay state used if not provided by the identity provider.
- Grant
Types List<string> - The OIDC flows supported by this application.
- Group
Filter stringRegex - A regex to filter Cloudflare groups returned in ID token and userinfo endpoint.
- Hybrid
And AccessImplicit Options Application Saas App Hybrid And Implicit Options - Hybrid and Implicit Flow options.
- Idp
Entity stringId - The unique identifier for the SaaS application.
- Name
Id stringFormat - The format of the name identifier sent to the SaaS application.
- Name
Id stringTransform Jsonata - A JSONata expression that transforms an application's user identities into a NameID value for its SAML assertion. This expression should evaluate to a singular string. The output of this expression can override the
name_id_formatsetting. - Public
Key string - The public certificate that will be used to verify identities.
- Redirect
Uris List<string> - The permitted URL's for Cloudflare to return Authorization codes and Access/ID tokens.
- Refresh
Token List<AccessOptions Application Saas App Refresh Token Option> - Refresh token grant options.
- Saml
Attribute stringTransform Jsonata - A JSONata expression that transforms an application's user identities into attribute assertions in the SAML response. The expression can transform id, email, name, and groups values. It can also transform fields listed in the samlattributes or oidcfields of the identity provider used to authenticate. The output of this expression must be a JSON object.
- Scopes List<string>
- Define the user information shared with access.
- Sp
Entity stringId - A globally unique name for an identity or service provider.
- Sso
Endpoint string - The endpoint where the SaaS application will send login requests.
- Access
Token stringLifetime - The lifetime of the Access Token after creation. Valid units are
mandh. Must be greater than or equal to 1m and less than or equal to 24h. - Allow
Pkce boolWithout Client Secret - Allow PKCE flow without a client secret.
- App
Launcher stringUrl - The URL where this applications tile redirects users.
- Auth
Type string - Modifying this attribute will force creation of a new resource.
- Client
Id string - The application client id.
- Client
Secret string - The application client secret, only returned on initial apply.
- Consumer
Service stringUrl - The service provider's endpoint that is responsible for receiving and parsing a SAML assertion.
- Custom
Attributes []AccessApplication Saas App Custom Attribute - Custom attribute mapped from IDPs.
- Custom
Claims []AccessApplication Saas App Custom Claim - Custom claim mapped from IDPs.
- Default
Relay stringState - The relay state used if not provided by the identity provider.
- Grant
Types []string - The OIDC flows supported by this application.
- Group
Filter stringRegex - A regex to filter Cloudflare groups returned in ID token and userinfo endpoint.
- Hybrid
And AccessImplicit Options Application Saas App Hybrid And Implicit Options - Hybrid and Implicit Flow options.
- Idp
Entity stringId - The unique identifier for the SaaS application.
- Name
Id stringFormat - The format of the name identifier sent to the SaaS application.
- Name
Id stringTransform Jsonata - A JSONata expression that transforms an application's user identities into a NameID value for its SAML assertion. This expression should evaluate to a singular string. The output of this expression can override the
name_id_formatsetting. - Public
Key string - The public certificate that will be used to verify identities.
- Redirect
Uris []string - The permitted URL's for Cloudflare to return Authorization codes and Access/ID tokens.
- Refresh
Token []AccessOptions Application Saas App Refresh Token Option - Refresh token grant options.
- Saml
Attribute stringTransform Jsonata - A JSONata expression that transforms an application's user identities into attribute assertions in the SAML response. The expression can transform id, email, name, and groups values. It can also transform fields listed in the samlattributes or oidcfields of the identity provider used to authenticate. The output of this expression must be a JSON object.
- Scopes []string
- Define the user information shared with access.
- Sp
Entity stringId - A globally unique name for an identity or service provider.
- Sso
Endpoint string - The endpoint where the SaaS application will send login requests.
- access
Token StringLifetime - The lifetime of the Access Token after creation. Valid units are
mandh. Must be greater than or equal to 1m and less than or equal to 24h. - allow
Pkce BooleanWithout Client Secret - Allow PKCE flow without a client secret.
- app
Launcher StringUrl - The URL where this applications tile redirects users.
- auth
Type String - Modifying this attribute will force creation of a new resource.
- client
Id String - The application client id.
- client
Secret String - The application client secret, only returned on initial apply.
- consumer
Service StringUrl - The service provider's endpoint that is responsible for receiving and parsing a SAML assertion.
- custom
Attributes List<AccessApplication Saas App Custom Attribute> - Custom attribute mapped from IDPs.
- custom
Claims List<AccessApplication Saas App Custom Claim> - Custom claim mapped from IDPs.
- default
Relay StringState - The relay state used if not provided by the identity provider.
- grant
Types List<String> - The OIDC flows supported by this application.
- group
Filter StringRegex - A regex to filter Cloudflare groups returned in ID token and userinfo endpoint.
- hybrid
And AccessImplicit Options Application Saas App Hybrid And Implicit Options - Hybrid and Implicit Flow options.
- idp
Entity StringId - The unique identifier for the SaaS application.
- name
Id StringFormat - The format of the name identifier sent to the SaaS application.
- name
Id StringTransform Jsonata - A JSONata expression that transforms an application's user identities into a NameID value for its SAML assertion. This expression should evaluate to a singular string. The output of this expression can override the
name_id_formatsetting. - public
Key String - The public certificate that will be used to verify identities.
- redirect
Uris List<String> - The permitted URL's for Cloudflare to return Authorization codes and Access/ID tokens.
- refresh
Token List<AccessOptions Application Saas App Refresh Token Option> - Refresh token grant options.
- saml
Attribute StringTransform Jsonata - A JSONata expression that transforms an application's user identities into attribute assertions in the SAML response. The expression can transform id, email, name, and groups values. It can also transform fields listed in the samlattributes or oidcfields of the identity provider used to authenticate. The output of this expression must be a JSON object.
- scopes List<String>
- Define the user information shared with access.
- sp
Entity StringId - A globally unique name for an identity or service provider.
- sso
Endpoint String - The endpoint where the SaaS application will send login requests.
- access
Token stringLifetime - The lifetime of the Access Token after creation. Valid units are
mandh. Must be greater than or equal to 1m and less than or equal to 24h. - allow
Pkce booleanWithout Client Secret - Allow PKCE flow without a client secret.
- app
Launcher stringUrl - The URL where this applications tile redirects users.
- auth
Type string - Modifying this attribute will force creation of a new resource.
- client
Id string - The application client id.
- client
Secret string - The application client secret, only returned on initial apply.
- consumer
Service stringUrl - The service provider's endpoint that is responsible for receiving and parsing a SAML assertion.
- custom
Attributes AccessApplication Saas App Custom Attribute[] - Custom attribute mapped from IDPs.
- custom
Claims AccessApplication Saas App Custom Claim[] - Custom claim mapped from IDPs.
- default
Relay stringState - The relay state used if not provided by the identity provider.
- grant
Types string[] - The OIDC flows supported by this application.
- group
Filter stringRegex - A regex to filter Cloudflare groups returned in ID token and userinfo endpoint.
- hybrid
And AccessImplicit Options Application Saas App Hybrid And Implicit Options - Hybrid and Implicit Flow options.
- idp
Entity stringId - The unique identifier for the SaaS application.
- name
Id stringFormat - The format of the name identifier sent to the SaaS application.
- name
Id stringTransform Jsonata - A JSONata expression that transforms an application's user identities into a NameID value for its SAML assertion. This expression should evaluate to a singular string. The output of this expression can override the
name_id_formatsetting. - public
Key string - The public certificate that will be used to verify identities.
- redirect
Uris string[] - The permitted URL's for Cloudflare to return Authorization codes and Access/ID tokens.
- refresh
Token AccessOptions Application Saas App Refresh Token Option[] - Refresh token grant options.
- saml
Attribute stringTransform Jsonata - A JSONata expression that transforms an application's user identities into attribute assertions in the SAML response. The expression can transform id, email, name, and groups values. It can also transform fields listed in the samlattributes or oidcfields of the identity provider used to authenticate. The output of this expression must be a JSON object.
- scopes string[]
- Define the user information shared with access.
- sp
Entity stringId - A globally unique name for an identity or service provider.
- sso
Endpoint string - The endpoint where the SaaS application will send login requests.
- access_
token_ strlifetime - The lifetime of the Access Token after creation. Valid units are
mandh. Must be greater than or equal to 1m and less than or equal to 24h. - allow_
pkce_ boolwithout_ client_ secret - Allow PKCE flow without a client secret.
- app_
launcher_ strurl - The URL where this applications tile redirects users.
- auth_
type str - Modifying this attribute will force creation of a new resource.
- client_
id str - The application client id.
- client_
secret str - The application client secret, only returned on initial apply.
- consumer_
service_ strurl - The service provider's endpoint that is responsible for receiving and parsing a SAML assertion.
- custom_
attributes Sequence[AccessApplication Saas App Custom Attribute] - Custom attribute mapped from IDPs.
- custom_
claims Sequence[AccessApplication Saas App Custom Claim] - Custom claim mapped from IDPs.
- default_
relay_ strstate - The relay state used if not provided by the identity provider.
- grant_
types Sequence[str] - The OIDC flows supported by this application.
- group_
filter_ strregex - A regex to filter Cloudflare groups returned in ID token and userinfo endpoint.
- hybrid_
and_ Accessimplicit_ options Application Saas App Hybrid And Implicit Options - Hybrid and Implicit Flow options.
- idp_
entity_ strid - The unique identifier for the SaaS application.
- name_
id_ strformat - The format of the name identifier sent to the SaaS application.
- name_
id_ strtransform_ jsonata - A JSONata expression that transforms an application's user identities into a NameID value for its SAML assertion. This expression should evaluate to a singular string. The output of this expression can override the
name_id_formatsetting. - public_
key str - The public certificate that will be used to verify identities.
- redirect_
uris Sequence[str] - The permitted URL's for Cloudflare to return Authorization codes and Access/ID tokens.
- refresh_
token_ Sequence[Accessoptions Application Saas App Refresh Token Option] - Refresh token grant options.
- saml_
attribute_ strtransform_ jsonata - A JSONata expression that transforms an application's user identities into attribute assertions in the SAML response. The expression can transform id, email, name, and groups values. It can also transform fields listed in the samlattributes or oidcfields of the identity provider used to authenticate. The output of this expression must be a JSON object.
- scopes Sequence[str]
- Define the user information shared with access.
- sp_
entity_ strid - A globally unique name for an identity or service provider.
- sso_
endpoint str - The endpoint where the SaaS application will send login requests.
- access
Token StringLifetime - The lifetime of the Access Token after creation. Valid units are
mandh. Must be greater than or equal to 1m and less than or equal to 24h. - allow
Pkce BooleanWithout Client Secret - Allow PKCE flow without a client secret.
- app
Launcher StringUrl - The URL where this applications tile redirects users.
- auth
Type String - Modifying this attribute will force creation of a new resource.
- client
Id String - The application client id.
- client
Secret String - The application client secret, only returned on initial apply.
- consumer
Service StringUrl - The service provider's endpoint that is responsible for receiving and parsing a SAML assertion.
- custom
Attributes List<Property Map> - Custom attribute mapped from IDPs.
- custom
Claims List<Property Map> - Custom claim mapped from IDPs.
- default
Relay StringState - The relay state used if not provided by the identity provider.
- grant
Types List<String> - The OIDC flows supported by this application.
- group
Filter StringRegex - A regex to filter Cloudflare groups returned in ID token and userinfo endpoint.
- hybrid
And Property MapImplicit Options - Hybrid and Implicit Flow options.
- idp
Entity StringId - The unique identifier for the SaaS application.
- name
Id StringFormat - The format of the name identifier sent to the SaaS application.
- name
Id StringTransform Jsonata - A JSONata expression that transforms an application's user identities into a NameID value for its SAML assertion. This expression should evaluate to a singular string. The output of this expression can override the
name_id_formatsetting. - public
Key String - The public certificate that will be used to verify identities.
- redirect
Uris List<String> - The permitted URL's for Cloudflare to return Authorization codes and Access/ID tokens.
- refresh
Token List<Property Map>Options - Refresh token grant options.
- saml
Attribute StringTransform Jsonata - A JSONata expression that transforms an application's user identities into attribute assertions in the SAML response. The expression can transform id, email, name, and groups values. It can also transform fields listed in the samlattributes or oidcfields of the identity provider used to authenticate. The output of this expression must be a JSON object.
- scopes List<String>
- Define the user information shared with access.
- sp
Entity StringId - A globally unique name for an identity or service provider.
- sso
Endpoint String - The endpoint where the SaaS application will send login requests.
AccessApplicationSaasAppCustomAttribute, AccessApplicationSaasAppCustomAttributeArgs
- Source
Access
Application Saas App Custom Attribute Source - Friendly
Name string - A friendly name for the attribute as provided to the SaaS app.
- Name string
- The name of the attribute as provided to the SaaS app.
- Name
Format string - A globally unique name for an identity or service provider.
- Required bool
- True if the attribute must be always present.
- Source
Access
Application Saas App Custom Attribute Source - Friendly
Name string - A friendly name for the attribute as provided to the SaaS app.
- Name string
- The name of the attribute as provided to the SaaS app.
- Name
Format string - A globally unique name for an identity or service provider.
- Required bool
- True if the attribute must be always present.
- source
Access
Application Saas App Custom Attribute Source - friendly
Name String - A friendly name for the attribute as provided to the SaaS app.
- name String
- The name of the attribute as provided to the SaaS app.
- name
Format String - A globally unique name for an identity or service provider.
- required Boolean
- True if the attribute must be always present.
- source
Access
Application Saas App Custom Attribute Source - friendly
Name string - A friendly name for the attribute as provided to the SaaS app.
- name string
- The name of the attribute as provided to the SaaS app.
- name
Format string - A globally unique name for an identity or service provider.
- required boolean
- True if the attribute must be always present.
- source
Access
Application Saas App Custom Attribute Source - friendly_
name str - A friendly name for the attribute as provided to the SaaS app.
- name str
- The name of the attribute as provided to the SaaS app.
- name_
format str - A globally unique name for an identity or service provider.
- required bool
- True if the attribute must be always present.
- source Property Map
- friendly
Name String - A friendly name for the attribute as provided to the SaaS app.
- name String
- The name of the attribute as provided to the SaaS app.
- name
Format String - A globally unique name for an identity or service provider.
- required Boolean
- True if the attribute must be always present.
AccessApplicationSaasAppCustomAttributeSource, AccessApplicationSaasAppCustomAttributeSourceArgs
- name str
- The name of the attribute as provided by the IDP.
- name_
by_ Mapping[str, str]idp - A mapping from IdP ID to claim name.
AccessApplicationSaasAppCustomClaim, AccessApplicationSaasAppCustomClaimArgs
- Source
Access
Application Saas App Custom Claim Source - Name string
- The name of the attribute as provided to the SaaS app.
- Required bool
- True if the attribute must be always present.
- Scope string
- The scope of the claim.
- Source
Access
Application Saas App Custom Claim Source - Name string
- The name of the attribute as provided to the SaaS app.
- Required bool
- True if the attribute must be always present.
- Scope string
- The scope of the claim.
- source
Access
Application Saas App Custom Claim Source - name String
- The name of the attribute as provided to the SaaS app.
- required Boolean
- True if the attribute must be always present.
- scope String
- The scope of the claim.
- source
Access
Application Saas App Custom Claim Source - name string
- The name of the attribute as provided to the SaaS app.
- required boolean
- True if the attribute must be always present.
- scope string
- The scope of the claim.
- source
Access
Application Saas App Custom Claim Source - name str
- The name of the attribute as provided to the SaaS app.
- required bool
- True if the attribute must be always present.
- scope str
- The scope of the claim.
- source Property Map
- name String
- The name of the attribute as provided to the SaaS app.
- required Boolean
- True if the attribute must be always present.
- scope String
- The scope of the claim.
AccessApplicationSaasAppCustomClaimSource, AccessApplicationSaasAppCustomClaimSourceArgs
- name str
- The name of the attribute as provided by the IDP.
- name_
by_ Mapping[str, str]idp - A mapping from IdP ID to claim name.
AccessApplicationSaasAppHybridAndImplicitOptions, AccessApplicationSaasAppHybridAndImplicitOptionsArgs
- bool
- If true, the authorization endpoint will return an access token.
- bool
- If true, the authorization endpoint will return an id token.
- bool
- If true, the authorization endpoint will return an access token.
- bool
- If true, the authorization endpoint will return an id token.
- Boolean
- If true, the authorization endpoint will return an access token.
- Boolean
- If true, the authorization endpoint will return an id token.
- boolean
- If true, the authorization endpoint will return an access token.
- boolean
- If true, the authorization endpoint will return an id token.
- bool
- If true, the authorization endpoint will return an access token.
- bool
- If true, the authorization endpoint will return an id token.
- Boolean
- If true, the authorization endpoint will return an access token.
- Boolean
- If true, the authorization endpoint will return an id token.
AccessApplicationSaasAppRefreshTokenOption, AccessApplicationSaasAppRefreshTokenOptionArgs
- Lifetime string
- How long a refresh token will be valid for after creation. Valid units are
m,handd. Must be longer than 1m.
- Lifetime string
- How long a refresh token will be valid for after creation. Valid units are
m,handd. Must be longer than 1m.
- lifetime String
- How long a refresh token will be valid for after creation. Valid units are
m,handd. Must be longer than 1m.
- lifetime string
- How long a refresh token will be valid for after creation. Valid units are
m,handd. Must be longer than 1m.
- lifetime str
- How long a refresh token will be valid for after creation. Valid units are
m,handd. Must be longer than 1m.
- lifetime String
- How long a refresh token will be valid for after creation. Valid units are
m,handd. Must be longer than 1m.
AccessApplicationScimConfig, AccessApplicationScimConfigArgs
- Idp
Uid string - The UID of the IdP to use as the source for SCIM resources to provision to this application.
- Remote
Uri string - The base URI for the application's SCIM-compatible API.
- Authentication
Access
Application Scim Config Authentication - Attributes for configuring HTTP Basic, OAuth Bearer token, or OAuth 2 authentication schemes for SCIM provisioning to an application.
- Deactivate
On boolDelete - If false, propagates DELETE requests to the target application for SCIM resources. If true, sets 'active' to false on the SCIM resource. Note: Some targets do not support DELETE operations.
- Enabled bool
- Whether SCIM provisioning is turned on for this application.
- Mappings
List<Access
Application Scim Config Mapping> - A list of mappings to apply to SCIM resources before provisioning them in this application. These can transform or filter the resources to be provisioned.
- Idp
Uid string - The UID of the IdP to use as the source for SCIM resources to provision to this application.
- Remote
Uri string - The base URI for the application's SCIM-compatible API.
- Authentication
Access
Application Scim Config Authentication - Attributes for configuring HTTP Basic, OAuth Bearer token, or OAuth 2 authentication schemes for SCIM provisioning to an application.
- Deactivate
On boolDelete - If false, propagates DELETE requests to the target application for SCIM resources. If true, sets 'active' to false on the SCIM resource. Note: Some targets do not support DELETE operations.
- Enabled bool
- Whether SCIM provisioning is turned on for this application.
- Mappings
[]Access
Application Scim Config Mapping - A list of mappings to apply to SCIM resources before provisioning them in this application. These can transform or filter the resources to be provisioned.
- idp
Uid String - The UID of the IdP to use as the source for SCIM resources to provision to this application.
- remote
Uri String - The base URI for the application's SCIM-compatible API.
- authentication
Access
Application Scim Config Authentication - Attributes for configuring HTTP Basic, OAuth Bearer token, or OAuth 2 authentication schemes for SCIM provisioning to an application.
- deactivate
On BooleanDelete - If false, propagates DELETE requests to the target application for SCIM resources. If true, sets 'active' to false on the SCIM resource. Note: Some targets do not support DELETE operations.
- enabled Boolean
- Whether SCIM provisioning is turned on for this application.
- mappings
List<Access
Application Scim Config Mapping> - A list of mappings to apply to SCIM resources before provisioning them in this application. These can transform or filter the resources to be provisioned.
- idp
Uid string - The UID of the IdP to use as the source for SCIM resources to provision to this application.
- remote
Uri string - The base URI for the application's SCIM-compatible API.
- authentication
Access
Application Scim Config Authentication - Attributes for configuring HTTP Basic, OAuth Bearer token, or OAuth 2 authentication schemes for SCIM provisioning to an application.
- deactivate
On booleanDelete - If false, propagates DELETE requests to the target application for SCIM resources. If true, sets 'active' to false on the SCIM resource. Note: Some targets do not support DELETE operations.
- enabled boolean
- Whether SCIM provisioning is turned on for this application.
- mappings
Access
Application Scim Config Mapping[] - A list of mappings to apply to SCIM resources before provisioning them in this application. These can transform or filter the resources to be provisioned.
- idp_
uid str - The UID of the IdP to use as the source for SCIM resources to provision to this application.
- remote_
uri str - The base URI for the application's SCIM-compatible API.
- authentication
Access
Application Scim Config Authentication - Attributes for configuring HTTP Basic, OAuth Bearer token, or OAuth 2 authentication schemes for SCIM provisioning to an application.
- deactivate_
on_ booldelete - If false, propagates DELETE requests to the target application for SCIM resources. If true, sets 'active' to false on the SCIM resource. Note: Some targets do not support DELETE operations.
- enabled bool
- Whether SCIM provisioning is turned on for this application.
- mappings
Sequence[Access
Application Scim Config Mapping] - A list of mappings to apply to SCIM resources before provisioning them in this application. These can transform or filter the resources to be provisioned.
- idp
Uid String - The UID of the IdP to use as the source for SCIM resources to provision to this application.
- remote
Uri String - The base URI for the application's SCIM-compatible API.
- authentication Property Map
- Attributes for configuring HTTP Basic, OAuth Bearer token, or OAuth 2 authentication schemes for SCIM provisioning to an application.
- deactivate
On BooleanDelete - If false, propagates DELETE requests to the target application for SCIM resources. If true, sets 'active' to false on the SCIM resource. Note: Some targets do not support DELETE operations.
- enabled Boolean
- Whether SCIM provisioning is turned on for this application.
- mappings List<Property Map>
- A list of mappings to apply to SCIM resources before provisioning them in this application. These can transform or filter the resources to be provisioned.
AccessApplicationScimConfigAuthentication, AccessApplicationScimConfigAuthenticationArgs
- Scheme string
- The authentication scheme to use when making SCIM requests to this application.
- string
- URL used to generate the auth code used during token generation. Required when using
scim_config.0.authentication.0.client_secret,scim_config.0.authentication.0.client_id,scim_config.0.authentication.0.token_url. Conflicts withscim_config.0.authentication.0.user,scim_config.0.authentication.0.password,scim_config.0.authentication.0.token. - Client
Id string - Client ID used to authenticate when generating a token for authenticating with the remote SCIM service. Required when using
scim_config.0.authentication.0.client_secret,scim_config.0.authentication.0.authorization_url,scim_config.0.authentication.0.token_url. Conflicts withscim_config.0.authentication.0.user,scim_config.0.authentication.0.password,scim_config.0.authentication.0.token. - Client
Secret string - Secret used to authenticate when generating a token for authenticating with the remove SCIM service. Required when using
scim_config.0.authentication.0.client_id,scim_config.0.authentication.0.authorization_url,scim_config.0.authentication.0.token_url. Conflicts withscim_config.0.authentication.0.user,scim_config.0.authentication.0.password,scim_config.0.authentication.0.token. - Password string
- Required when using
scim_config.0.authentication.0.user. Conflicts withscim_config.0.authentication.0.token,scim_config.0.authentication.0.client_id,scim_config.0.authentication.0.client_secret,scim_config.0.authentication.0.authorization_url,scim_config.0.authentication.0.token_url,scim_config.0.authentication.0.scopes. - Scopes List<string>
- The authorization scopes to request when generating the token used to authenticate with the remove SCIM service. Conflicts with
scim_config.0.authentication.0.user,scim_config.0.authentication.0.password,scim_config.0.authentication.0.token. - Token string
- Token used to authenticate with the remote SCIM service. Conflicts with
scim_config.0.authentication.0.user,scim_config.0.authentication.0.password,scim_config.0.authentication.0.client_id,scim_config.0.authentication.0.client_secret,scim_config.0.authentication.0.authorization_url,scim_config.0.authentication.0.token_url,scim_config.0.authentication.0.scopes. - Token
Url string - URL used to generate the token used to authenticate with the remote SCIM service. Required when using
scim_config.0.authentication.0.client_secret,scim_config.0.authentication.0.authorization_url,scim_config.0.authentication.0.client_id. Conflicts withscim_config.0.authentication.0.user,scim_config.0.authentication.0.password,scim_config.0.authentication.0.token. - User string
- User name used to authenticate with the remote SCIM service. Required when using
scim_config.0.authentication.0.password. Conflicts withscim_config.0.authentication.0.token,scim_config.0.authentication.0.client_id,scim_config.0.authentication.0.client_secret,scim_config.0.authentication.0.authorization_url,scim_config.0.authentication.0.token_url,scim_config.0.authentication.0.scopes.
- Scheme string
- The authentication scheme to use when making SCIM requests to this application.
- string
- URL used to generate the auth code used during token generation. Required when using
scim_config.0.authentication.0.client_secret,scim_config.0.authentication.0.client_id,scim_config.0.authentication.0.token_url. Conflicts withscim_config.0.authentication.0.user,scim_config.0.authentication.0.password,scim_config.0.authentication.0.token. - Client
Id string - Client ID used to authenticate when generating a token for authenticating with the remote SCIM service. Required when using
scim_config.0.authentication.0.client_secret,scim_config.0.authentication.0.authorization_url,scim_config.0.authentication.0.token_url. Conflicts withscim_config.0.authentication.0.user,scim_config.0.authentication.0.password,scim_config.0.authentication.0.token. - Client
Secret string - Secret used to authenticate when generating a token for authenticating with the remove SCIM service. Required when using
scim_config.0.authentication.0.client_id,scim_config.0.authentication.0.authorization_url,scim_config.0.authentication.0.token_url. Conflicts withscim_config.0.authentication.0.user,scim_config.0.authentication.0.password,scim_config.0.authentication.0.token. - Password string
- Required when using
scim_config.0.authentication.0.user. Conflicts withscim_config.0.authentication.0.token,scim_config.0.authentication.0.client_id,scim_config.0.authentication.0.client_secret,scim_config.0.authentication.0.authorization_url,scim_config.0.authentication.0.token_url,scim_config.0.authentication.0.scopes. - Scopes []string
- The authorization scopes to request when generating the token used to authenticate with the remove SCIM service. Conflicts with
scim_config.0.authentication.0.user,scim_config.0.authentication.0.password,scim_config.0.authentication.0.token. - Token string
- Token used to authenticate with the remote SCIM service. Conflicts with
scim_config.0.authentication.0.user,scim_config.0.authentication.0.password,scim_config.0.authentication.0.client_id,scim_config.0.authentication.0.client_secret,scim_config.0.authentication.0.authorization_url,scim_config.0.authentication.0.token_url,scim_config.0.authentication.0.scopes. - Token
Url string - URL used to generate the token used to authenticate with the remote SCIM service. Required when using
scim_config.0.authentication.0.client_secret,scim_config.0.authentication.0.authorization_url,scim_config.0.authentication.0.client_id. Conflicts withscim_config.0.authentication.0.user,scim_config.0.authentication.0.password,scim_config.0.authentication.0.token. - User string
- User name used to authenticate with the remote SCIM service. Required when using
scim_config.0.authentication.0.password. Conflicts withscim_config.0.authentication.0.token,scim_config.0.authentication.0.client_id,scim_config.0.authentication.0.client_secret,scim_config.0.authentication.0.authorization_url,scim_config.0.authentication.0.token_url,scim_config.0.authentication.0.scopes.
- scheme String
- The authentication scheme to use when making SCIM requests to this application.
- String
- URL used to generate the auth code used during token generation. Required when using
scim_config.0.authentication.0.client_secret,scim_config.0.authentication.0.client_id,scim_config.0.authentication.0.token_url. Conflicts withscim_config.0.authentication.0.user,scim_config.0.authentication.0.password,scim_config.0.authentication.0.token. - client
Id String - Client ID used to authenticate when generating a token for authenticating with the remote SCIM service. Required when using
scim_config.0.authentication.0.client_secret,scim_config.0.authentication.0.authorization_url,scim_config.0.authentication.0.token_url. Conflicts withscim_config.0.authentication.0.user,scim_config.0.authentication.0.password,scim_config.0.authentication.0.token. - client
Secret String - Secret used to authenticate when generating a token for authenticating with the remove SCIM service. Required when using
scim_config.0.authentication.0.client_id,scim_config.0.authentication.0.authorization_url,scim_config.0.authentication.0.token_url. Conflicts withscim_config.0.authentication.0.user,scim_config.0.authentication.0.password,scim_config.0.authentication.0.token. - password String
- Required when using
scim_config.0.authentication.0.user. Conflicts withscim_config.0.authentication.0.token,scim_config.0.authentication.0.client_id,scim_config.0.authentication.0.client_secret,scim_config.0.authentication.0.authorization_url,scim_config.0.authentication.0.token_url,scim_config.0.authentication.0.scopes. - scopes List<String>
- The authorization scopes to request when generating the token used to authenticate with the remove SCIM service. Conflicts with
scim_config.0.authentication.0.user,scim_config.0.authentication.0.password,scim_config.0.authentication.0.token. - token String
- Token used to authenticate with the remote SCIM service. Conflicts with
scim_config.0.authentication.0.user,scim_config.0.authentication.0.password,scim_config.0.authentication.0.client_id,scim_config.0.authentication.0.client_secret,scim_config.0.authentication.0.authorization_url,scim_config.0.authentication.0.token_url,scim_config.0.authentication.0.scopes. - token
Url String - URL used to generate the token used to authenticate with the remote SCIM service. Required when using
scim_config.0.authentication.0.client_secret,scim_config.0.authentication.0.authorization_url,scim_config.0.authentication.0.client_id. Conflicts withscim_config.0.authentication.0.user,scim_config.0.authentication.0.password,scim_config.0.authentication.0.token. - user String
- User name used to authenticate with the remote SCIM service. Required when using
scim_config.0.authentication.0.password. Conflicts withscim_config.0.authentication.0.token,scim_config.0.authentication.0.client_id,scim_config.0.authentication.0.client_secret,scim_config.0.authentication.0.authorization_url,scim_config.0.authentication.0.token_url,scim_config.0.authentication.0.scopes.
- scheme string
- The authentication scheme to use when making SCIM requests to this application.
- string
- URL used to generate the auth code used during token generation. Required when using
scim_config.0.authentication.0.client_secret,scim_config.0.authentication.0.client_id,scim_config.0.authentication.0.token_url. Conflicts withscim_config.0.authentication.0.user,scim_config.0.authentication.0.password,scim_config.0.authentication.0.token. - client
Id string - Client ID used to authenticate when generating a token for authenticating with the remote SCIM service. Required when using
scim_config.0.authentication.0.client_secret,scim_config.0.authentication.0.authorization_url,scim_config.0.authentication.0.token_url. Conflicts withscim_config.0.authentication.0.user,scim_config.0.authentication.0.password,scim_config.0.authentication.0.token. - client
Secret string - Secret used to authenticate when generating a token for authenticating with the remove SCIM service. Required when using
scim_config.0.authentication.0.client_id,scim_config.0.authentication.0.authorization_url,scim_config.0.authentication.0.token_url. Conflicts withscim_config.0.authentication.0.user,scim_config.0.authentication.0.password,scim_config.0.authentication.0.token. - password string
- Required when using
scim_config.0.authentication.0.user. Conflicts withscim_config.0.authentication.0.token,scim_config.0.authentication.0.client_id,scim_config.0.authentication.0.client_secret,scim_config.0.authentication.0.authorization_url,scim_config.0.authentication.0.token_url,scim_config.0.authentication.0.scopes. - scopes string[]
- The authorization scopes to request when generating the token used to authenticate with the remove SCIM service. Conflicts with
scim_config.0.authentication.0.user,scim_config.0.authentication.0.password,scim_config.0.authentication.0.token. - token string
- Token used to authenticate with the remote SCIM service. Conflicts with
scim_config.0.authentication.0.user,scim_config.0.authentication.0.password,scim_config.0.authentication.0.client_id,scim_config.0.authentication.0.client_secret,scim_config.0.authentication.0.authorization_url,scim_config.0.authentication.0.token_url,scim_config.0.authentication.0.scopes. - token
Url string - URL used to generate the token used to authenticate with the remote SCIM service. Required when using
scim_config.0.authentication.0.client_secret,scim_config.0.authentication.0.authorization_url,scim_config.0.authentication.0.client_id. Conflicts withscim_config.0.authentication.0.user,scim_config.0.authentication.0.password,scim_config.0.authentication.0.token. - user string
- User name used to authenticate with the remote SCIM service. Required when using
scim_config.0.authentication.0.password. Conflicts withscim_config.0.authentication.0.token,scim_config.0.authentication.0.client_id,scim_config.0.authentication.0.client_secret,scim_config.0.authentication.0.authorization_url,scim_config.0.authentication.0.token_url,scim_config.0.authentication.0.scopes.
- scheme str
- The authentication scheme to use when making SCIM requests to this application.
- str
- URL used to generate the auth code used during token generation. Required when using
scim_config.0.authentication.0.client_secret,scim_config.0.authentication.0.client_id,scim_config.0.authentication.0.token_url. Conflicts withscim_config.0.authentication.0.user,scim_config.0.authentication.0.password,scim_config.0.authentication.0.token. - client_
id str - Client ID used to authenticate when generating a token for authenticating with the remote SCIM service. Required when using
scim_config.0.authentication.0.client_secret,scim_config.0.authentication.0.authorization_url,scim_config.0.authentication.0.token_url. Conflicts withscim_config.0.authentication.0.user,scim_config.0.authentication.0.password,scim_config.0.authentication.0.token. - client_
secret str - Secret used to authenticate when generating a token for authenticating with the remove SCIM service. Required when using
scim_config.0.authentication.0.client_id,scim_config.0.authentication.0.authorization_url,scim_config.0.authentication.0.token_url. Conflicts withscim_config.0.authentication.0.user,scim_config.0.authentication.0.password,scim_config.0.authentication.0.token. - password str
- Required when using
scim_config.0.authentication.0.user. Conflicts withscim_config.0.authentication.0.token,scim_config.0.authentication.0.client_id,scim_config.0.authentication.0.client_secret,scim_config.0.authentication.0.authorization_url,scim_config.0.authentication.0.token_url,scim_config.0.authentication.0.scopes. - scopes Sequence[str]
- The authorization scopes to request when generating the token used to authenticate with the remove SCIM service. Conflicts with
scim_config.0.authentication.0.user,scim_config.0.authentication.0.password,scim_config.0.authentication.0.token. - token str
- Token used to authenticate with the remote SCIM service. Conflicts with
scim_config.0.authentication.0.user,scim_config.0.authentication.0.password,scim_config.0.authentication.0.client_id,scim_config.0.authentication.0.client_secret,scim_config.0.authentication.0.authorization_url,scim_config.0.authentication.0.token_url,scim_config.0.authentication.0.scopes. - token_
url str - URL used to generate the token used to authenticate with the remote SCIM service. Required when using
scim_config.0.authentication.0.client_secret,scim_config.0.authentication.0.authorization_url,scim_config.0.authentication.0.client_id. Conflicts withscim_config.0.authentication.0.user,scim_config.0.authentication.0.password,scim_config.0.authentication.0.token. - user str
- User name used to authenticate with the remote SCIM service. Required when using
scim_config.0.authentication.0.password. Conflicts withscim_config.0.authentication.0.token,scim_config.0.authentication.0.client_id,scim_config.0.authentication.0.client_secret,scim_config.0.authentication.0.authorization_url,scim_config.0.authentication.0.token_url,scim_config.0.authentication.0.scopes.
- scheme String
- The authentication scheme to use when making SCIM requests to this application.
- String
- URL used to generate the auth code used during token generation. Required when using
scim_config.0.authentication.0.client_secret,scim_config.0.authentication.0.client_id,scim_config.0.authentication.0.token_url. Conflicts withscim_config.0.authentication.0.user,scim_config.0.authentication.0.password,scim_config.0.authentication.0.token. - client
Id String - Client ID used to authenticate when generating a token for authenticating with the remote SCIM service. Required when using
scim_config.0.authentication.0.client_secret,scim_config.0.authentication.0.authorization_url,scim_config.0.authentication.0.token_url. Conflicts withscim_config.0.authentication.0.user,scim_config.0.authentication.0.password,scim_config.0.authentication.0.token. - client
Secret String - Secret used to authenticate when generating a token for authenticating with the remove SCIM service. Required when using
scim_config.0.authentication.0.client_id,scim_config.0.authentication.0.authorization_url,scim_config.0.authentication.0.token_url. Conflicts withscim_config.0.authentication.0.user,scim_config.0.authentication.0.password,scim_config.0.authentication.0.token. - password String
- Required when using
scim_config.0.authentication.0.user. Conflicts withscim_config.0.authentication.0.token,scim_config.0.authentication.0.client_id,scim_config.0.authentication.0.client_secret,scim_config.0.authentication.0.authorization_url,scim_config.0.authentication.0.token_url,scim_config.0.authentication.0.scopes. - scopes List<String>
- The authorization scopes to request when generating the token used to authenticate with the remove SCIM service. Conflicts with
scim_config.0.authentication.0.user,scim_config.0.authentication.0.password,scim_config.0.authentication.0.token. - token String
- Token used to authenticate with the remote SCIM service. Conflicts with
scim_config.0.authentication.0.user,scim_config.0.authentication.0.password,scim_config.0.authentication.0.client_id,scim_config.0.authentication.0.client_secret,scim_config.0.authentication.0.authorization_url,scim_config.0.authentication.0.token_url,scim_config.0.authentication.0.scopes. - token
Url String - URL used to generate the token used to authenticate with the remote SCIM service. Required when using
scim_config.0.authentication.0.client_secret,scim_config.0.authentication.0.authorization_url,scim_config.0.authentication.0.client_id. Conflicts withscim_config.0.authentication.0.user,scim_config.0.authentication.0.password,scim_config.0.authentication.0.token. - user String
- User name used to authenticate with the remote SCIM service. Required when using
scim_config.0.authentication.0.password. Conflicts withscim_config.0.authentication.0.token,scim_config.0.authentication.0.client_id,scim_config.0.authentication.0.client_secret,scim_config.0.authentication.0.authorization_url,scim_config.0.authentication.0.token_url,scim_config.0.authentication.0.scopes.
AccessApplicationScimConfigMapping, AccessApplicationScimConfigMappingArgs
- Schema string
- Which SCIM resource type this mapping applies to.
- Enabled bool
- Whether or not this mapping is enabled.
- Filter string
- A SCIM filter expression that matches resources that should be provisioned to this application.
- Operations
Access
Application Scim Config Mapping Operations - Whether or not this mapping applies to creates, updates, or deletes.
- Transform
Jsonata string - A JSONata expression that transforms the resource before provisioning it in the application.
- Schema string
- Which SCIM resource type this mapping applies to.
- Enabled bool
- Whether or not this mapping is enabled.
- Filter string
- A SCIM filter expression that matches resources that should be provisioned to this application.
- Operations
Access
Application Scim Config Mapping Operations - Whether or not this mapping applies to creates, updates, or deletes.
- Transform
Jsonata string - A JSONata expression that transforms the resource before provisioning it in the application.
- schema String
- Which SCIM resource type this mapping applies to.
- enabled Boolean
- Whether or not this mapping is enabled.
- filter String
- A SCIM filter expression that matches resources that should be provisioned to this application.
- operations
Access
Application Scim Config Mapping Operations - Whether or not this mapping applies to creates, updates, or deletes.
- transform
Jsonata String - A JSONata expression that transforms the resource before provisioning it in the application.
- schema string
- Which SCIM resource type this mapping applies to.
- enabled boolean
- Whether or not this mapping is enabled.
- filter string
- A SCIM filter expression that matches resources that should be provisioned to this application.
- operations
Access
Application Scim Config Mapping Operations - Whether or not this mapping applies to creates, updates, or deletes.
- transform
Jsonata string - A JSONata expression that transforms the resource before provisioning it in the application.
- schema str
- Which SCIM resource type this mapping applies to.
- enabled bool
- Whether or not this mapping is enabled.
- filter str
- A SCIM filter expression that matches resources that should be provisioned to this application.
- operations
Access
Application Scim Config Mapping Operations - Whether or not this mapping applies to creates, updates, or deletes.
- transform_
jsonata str - A JSONata expression that transforms the resource before provisioning it in the application.
- schema String
- Which SCIM resource type this mapping applies to.
- enabled Boolean
- Whether or not this mapping is enabled.
- filter String
- A SCIM filter expression that matches resources that should be provisioned to this application.
- operations Property Map
- Whether or not this mapping applies to creates, updates, or deletes.
- transform
Jsonata String - A JSONata expression that transforms the resource before provisioning it in the application.
AccessApplicationScimConfigMappingOperations, AccessApplicationScimConfigMappingOperationsArgs
Import
$ pulumi import cloudflare:index/accessApplication:AccessApplication example <account_id>/<application_id>
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Cloudflare pulumi/pulumi-cloudflare
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
cloudflareTerraform Provider.