Connection

With Auth0, you can define sources of users, otherwise known as connections, which may include identity providers (such as Google or LinkedIn), databases, or passwordless authentication methods. This resource allows you to configure and manage connections to be used with your clients and users.

Example Usage

using Pulumi;
using Auth0 = Pulumi.Auth0;

class MyStack : Stack
{
    public MyStack()
    {
        var myConnection = new Auth0.Connection("myConnection", new Auth0.ConnectionArgs
        {
            Options = new Auth0.Inputs.ConnectionOptionsArgs
            {
                BruteForceProtection = true,
                Configuration = 
                {
                    { "bar", "baz" },
                    { "foo", "bar" },
                },
                CustomScripts = 
                {
                    { "getUser", @"function getByEmail (email, callback) {
  return callback(new Error(""Whoops!""))
}

" },
                },
                EnabledDatabaseCustomization = true,
                PasswordHistories = 
                {
                    new Auth0.Inputs.ConnectionOptionsPasswordHistoryArgs
                    {
                        Enable = true,
                        Size = 3,
                    },
                },
                PasswordPolicy = "excellent",
            },
            Strategy = "auth0",
        });
    }

}
package main

import (
	"fmt"

	"github.com/pulumi/pulumi-auth0/sdk/v2/go/auth0"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := auth0.NewConnection(ctx, "myConnection", &auth0.ConnectionArgs{
			Options: &auth0.ConnectionOptionsArgs{
				BruteForceProtection: pulumi.Bool(true),
				Configuration: pulumi.StringMap{
					"bar": pulumi.String("baz"),
					"foo": pulumi.String("bar"),
				},
				CustomScripts: pulumi.StringMap{
					"getUser": pulumi.String(fmt.Sprintf("%v%v%v%v", "function getByEmail (email, callback) {\n", "  return callback(new Error(\"Whoops!\"))\n", "}\n", "\n")),
				},
				EnabledDatabaseCustomization: pulumi.Bool(true),
				PasswordHistories: auth0.ConnectionOptionsPasswordHistoryArray{
					&auth0.ConnectionOptionsPasswordHistoryArgs{
						Enable: pulumi.Bool(true),
						Size:   pulumi.Int(3),
					},
				},
				PasswordPolicy: pulumi.String("excellent"),
			},
			Strategy: pulumi.String("auth0"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
import pulumi
import pulumi_auth0 as auth0

my_connection = auth0.Connection("myConnection",
    options=auth0.ConnectionOptionsArgs(
        brute_force_protection=True,
        configuration={
            "bar": "baz",
            "foo": "bar",
        },
        custom_scripts={
            "getUser": """function getByEmail (email, callback) {
  return callback(new Error("Whoops!"))
}

""",
        },
        enabled_database_customization=True,
        password_histories=[auth0.ConnectionOptionsPasswordHistoryArgs(
            enable=True,
            size=3,
        )],
        password_policy="excellent",
    ),
    strategy="auth0")
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";

const myConnection = new auth0.Connection("my_connection", {
    options: {
        bruteForceProtection: true,
        configuration: {
            bar: "baz",
            foo: "bar",
        },
        customScripts: {
            get_user: `function getByEmail (email, callback) {
  return callback(new Error("Whoops!"))
}
`,
        },
        enabledDatabaseCustomization: true,
        passwordHistories: [{
            enable: true,
            size: 3,
        }],
        passwordPolicy: "excellent",
    },
    strategy: "auth0",
});

Create a Connection Resource

new Connection(name: string, args: ConnectionArgs, opts?: CustomResourceOptions);
@overload
def Connection(resource_name: str,
               opts: Optional[ResourceOptions] = None,
               display_name: Optional[str] = None,
               enabled_clients: Optional[Sequence[str]] = None,
               is_domain_connection: Optional[bool] = None,
               name: Optional[str] = None,
               options: Optional[ConnectionOptionsArgs] = None,
               realms: Optional[Sequence[str]] = None,
               strategy: Optional[str] = None,
               strategy_version: Optional[str] = None,
               validation: Optional[Mapping[str, str]] = None)
@overload
def Connection(resource_name: str,
               args: ConnectionArgs,
               opts: Optional[ResourceOptions] = None)
func NewConnection(ctx *Context, name string, args ConnectionArgs, opts ...ResourceOption) (*Connection, error)
public Connection(string name, ConnectionArgs args, CustomResourceOptions? opts = null)
name string
The unique name of the resource.
args ConnectionArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args ConnectionArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args ConnectionArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args ConnectionArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.

Connection Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.

Inputs

The Connection resource accepts the following input properties:

Strategy string
Type of the connection, which indicates the identity provider. Options include ad, adfs, amazon, aol, apple, auth0, auth0-adldap, auth0-oidc, baidu, bitbucket, bitly, box, custom, daccount, dropbox, dwolla, email, evernote, evernote-sandbox, exact, facebook, fitbit, flickr, github, google-apps, google-oauth2, guardian, instagram, ip, line, linkedin, miicard, oauth1, oauth2, office365, oidc, paypal, paypal-sandbox, pingfederate, planningcenter, renren, salesforce, salesforce-community, salesforce-sandbox samlp, sharepoint, shopify, sms, soundcloud, thecity, thecity-sandbox, thirtysevensignals, twitter, untappd, vkontakte, waad, weibo, windowslive, wordpress, yahoo, yammer, yandex.
DisplayName string
Name used in login screen
EnabledClients List<string>
IDs of the clients for which the connection is enabled. If not specified, no clients are enabled.
IsDomainConnection bool
Indicates whether or not the connection is domain level.
Name string
Name of the connection.
Options ConnectionOptionsArgs
Configuration settings for connection options. For details, see Options.
Realms List<string>
Defines the realms for which the connection will be used (i.e., email domains). If not specified, the connection name is added as the realm.
StrategyVersion string
Version 1 is deprecated, use version 2.
Validation Dictionary<string, string>
Validation of the minimum and maximum values allowed for a user to have as username. For details, see Validation.
Strategy string
Type of the connection, which indicates the identity provider. Options include ad, adfs, amazon, aol, apple, auth0, auth0-adldap, auth0-oidc, baidu, bitbucket, bitly, box, custom, daccount, dropbox, dwolla, email, evernote, evernote-sandbox, exact, facebook, fitbit, flickr, github, google-apps, google-oauth2, guardian, instagram, ip, line, linkedin, miicard, oauth1, oauth2, office365, oidc, paypal, paypal-sandbox, pingfederate, planningcenter, renren, salesforce, salesforce-community, salesforce-sandbox samlp, sharepoint, shopify, sms, soundcloud, thecity, thecity-sandbox, thirtysevensignals, twitter, untappd, vkontakte, waad, weibo, windowslive, wordpress, yahoo, yammer, yandex.
DisplayName string
Name used in login screen
EnabledClients []string
IDs of the clients for which the connection is enabled. If not specified, no clients are enabled.
IsDomainConnection bool
Indicates whether or not the connection is domain level.
Name string
Name of the connection.
Options ConnectionOptions
Configuration settings for connection options. For details, see Options.
Realms []string
Defines the realms for which the connection will be used (i.e., email domains). If not specified, the connection name is added as the realm.
StrategyVersion string
Version 1 is deprecated, use version 2.
Validation map[string]string
Validation of the minimum and maximum values allowed for a user to have as username. For details, see Validation.
strategy string
Type of the connection, which indicates the identity provider. Options include ad, adfs, amazon, aol, apple, auth0, auth0-adldap, auth0-oidc, baidu, bitbucket, bitly, box, custom, daccount, dropbox, dwolla, email, evernote, evernote-sandbox, exact, facebook, fitbit, flickr, github, google-apps, google-oauth2, guardian, instagram, ip, line, linkedin, miicard, oauth1, oauth2, office365, oidc, paypal, paypal-sandbox, pingfederate, planningcenter, renren, salesforce, salesforce-community, salesforce-sandbox samlp, sharepoint, shopify, sms, soundcloud, thecity, thecity-sandbox, thirtysevensignals, twitter, untappd, vkontakte, waad, weibo, windowslive, wordpress, yahoo, yammer, yandex.
displayName string
Name used in login screen
enabledClients string[]
IDs of the clients for which the connection is enabled. If not specified, no clients are enabled.
isDomainConnection boolean
Indicates whether or not the connection is domain level.
name string
Name of the connection.
options ConnectionOptionsArgs
Configuration settings for connection options. For details, see Options.
realms string[]
Defines the realms for which the connection will be used (i.e., email domains). If not specified, the connection name is added as the realm.
strategyVersion string
Version 1 is deprecated, use version 2.
validation {[key: string]: string}
Validation of the minimum and maximum values allowed for a user to have as username. For details, see Validation.
strategy str
Type of the connection, which indicates the identity provider. Options include ad, adfs, amazon, aol, apple, auth0, auth0-adldap, auth0-oidc, baidu, bitbucket, bitly, box, custom, daccount, dropbox, dwolla, email, evernote, evernote-sandbox, exact, facebook, fitbit, flickr, github, google-apps, google-oauth2, guardian, instagram, ip, line, linkedin, miicard, oauth1, oauth2, office365, oidc, paypal, paypal-sandbox, pingfederate, planningcenter, renren, salesforce, salesforce-community, salesforce-sandbox samlp, sharepoint, shopify, sms, soundcloud, thecity, thecity-sandbox, thirtysevensignals, twitter, untappd, vkontakte, waad, weibo, windowslive, wordpress, yahoo, yammer, yandex.
display_name str
Name used in login screen
enabled_clients Sequence[str]
IDs of the clients for which the connection is enabled. If not specified, no clients are enabled.
is_domain_connection bool
Indicates whether or not the connection is domain level.
name str
Name of the connection.
options ConnectionOptionsArgs
Configuration settings for connection options. For details, see Options.
realms Sequence[str]
Defines the realms for which the connection will be used (i.e., email domains). If not specified, the connection name is added as the realm.
strategy_version str
Version 1 is deprecated, use version 2.
validation Mapping[str, str]
Validation of the minimum and maximum values allowed for a user to have as username. For details, see Validation.

Outputs

All input properties are implicitly available as output properties. Additionally, the Connection resource produces the following output properties:

Id string
The provider-assigned unique ID for this managed resource.
Id string
The provider-assigned unique ID for this managed resource.
id string
The provider-assigned unique ID for this managed resource.
id str
The provider-assigned unique ID for this managed resource.

Look up an Existing Connection Resource

Get an existing Connection resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: ConnectionState, opts?: CustomResourceOptions): Connection
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        display_name: Optional[str] = None,
        enabled_clients: Optional[Sequence[str]] = None,
        is_domain_connection: Optional[bool] = None,
        name: Optional[str] = None,
        options: Optional[ConnectionOptionsArgs] = None,
        realms: Optional[Sequence[str]] = None,
        strategy: Optional[str] = None,
        strategy_version: Optional[str] = None,
        validation: Optional[Mapping[str, str]] = None) -> Connection
func GetConnection(ctx *Context, name string, id IDInput, state *ConnectionState, opts ...ResourceOption) (*Connection, error)
public static Connection Get(string name, Input<string> id, ConnectionState? state, CustomResourceOptions? opts = null)
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.

The following state arguments are supported:

DisplayName string
Name used in login screen
EnabledClients List<string>
IDs of the clients for which the connection is enabled. If not specified, no clients are enabled.
IsDomainConnection bool
Indicates whether or not the connection is domain level.
Name string
Name of the connection.
Options ConnectionOptionsArgs
Configuration settings for connection options. For details, see Options.
Realms List<string>
Defines the realms for which the connection will be used (i.e., email domains). If not specified, the connection name is added as the realm.
Strategy string
Type of the connection, which indicates the identity provider. Options include ad, adfs, amazon, aol, apple, auth0, auth0-adldap, auth0-oidc, baidu, bitbucket, bitly, box, custom, daccount, dropbox, dwolla, email, evernote, evernote-sandbox, exact, facebook, fitbit, flickr, github, google-apps, google-oauth2, guardian, instagram, ip, line, linkedin, miicard, oauth1, oauth2, office365, oidc, paypal, paypal-sandbox, pingfederate, planningcenter, renren, salesforce, salesforce-community, salesforce-sandbox samlp, sharepoint, shopify, sms, soundcloud, thecity, thecity-sandbox, thirtysevensignals, twitter, untappd, vkontakte, waad, weibo, windowslive, wordpress, yahoo, yammer, yandex.
StrategyVersion string
Version 1 is deprecated, use version 2.
Validation Dictionary<string, string>
Validation of the minimum and maximum values allowed for a user to have as username. For details, see Validation.
DisplayName string
Name used in login screen
EnabledClients []string
IDs of the clients for which the connection is enabled. If not specified, no clients are enabled.
IsDomainConnection bool
Indicates whether or not the connection is domain level.
Name string
Name of the connection.
Options ConnectionOptions
Configuration settings for connection options. For details, see Options.
Realms []string
Defines the realms for which the connection will be used (i.e., email domains). If not specified, the connection name is added as the realm.
Strategy string
Type of the connection, which indicates the identity provider. Options include ad, adfs, amazon, aol, apple, auth0, auth0-adldap, auth0-oidc, baidu, bitbucket, bitly, box, custom, daccount, dropbox, dwolla, email, evernote, evernote-sandbox, exact, facebook, fitbit, flickr, github, google-apps, google-oauth2, guardian, instagram, ip, line, linkedin, miicard, oauth1, oauth2, office365, oidc, paypal, paypal-sandbox, pingfederate, planningcenter, renren, salesforce, salesforce-community, salesforce-sandbox samlp, sharepoint, shopify, sms, soundcloud, thecity, thecity-sandbox, thirtysevensignals, twitter, untappd, vkontakte, waad, weibo, windowslive, wordpress, yahoo, yammer, yandex.
StrategyVersion string
Version 1 is deprecated, use version 2.
Validation map[string]string
Validation of the minimum and maximum values allowed for a user to have as username. For details, see Validation.
displayName string
Name used in login screen
enabledClients string[]
IDs of the clients for which the connection is enabled. If not specified, no clients are enabled.
isDomainConnection boolean
Indicates whether or not the connection is domain level.
name string
Name of the connection.
options ConnectionOptionsArgs
Configuration settings for connection options. For details, see Options.
realms string[]
Defines the realms for which the connection will be used (i.e., email domains). If not specified, the connection name is added as the realm.
strategy string
Type of the connection, which indicates the identity provider. Options include ad, adfs, amazon, aol, apple, auth0, auth0-adldap, auth0-oidc, baidu, bitbucket, bitly, box, custom, daccount, dropbox, dwolla, email, evernote, evernote-sandbox, exact, facebook, fitbit, flickr, github, google-apps, google-oauth2, guardian, instagram, ip, line, linkedin, miicard, oauth1, oauth2, office365, oidc, paypal, paypal-sandbox, pingfederate, planningcenter, renren, salesforce, salesforce-community, salesforce-sandbox samlp, sharepoint, shopify, sms, soundcloud, thecity, thecity-sandbox, thirtysevensignals, twitter, untappd, vkontakte, waad, weibo, windowslive, wordpress, yahoo, yammer, yandex.
strategyVersion string
Version 1 is deprecated, use version 2.
validation {[key: string]: string}
Validation of the minimum and maximum values allowed for a user to have as username. For details, see Validation.
display_name str
Name used in login screen
enabled_clients Sequence[str]
IDs of the clients for which the connection is enabled. If not specified, no clients are enabled.
is_domain_connection bool
Indicates whether or not the connection is domain level.
name str
Name of the connection.
options ConnectionOptionsArgs
Configuration settings for connection options. For details, see Options.
realms Sequence[str]
Defines the realms for which the connection will be used (i.e., email domains). If not specified, the connection name is added as the realm.
strategy str
Type of the connection, which indicates the identity provider. Options include ad, adfs, amazon, aol, apple, auth0, auth0-adldap, auth0-oidc, baidu, bitbucket, bitly, box, custom, daccount, dropbox, dwolla, email, evernote, evernote-sandbox, exact, facebook, fitbit, flickr, github, google-apps, google-oauth2, guardian, instagram, ip, line, linkedin, miicard, oauth1, oauth2, office365, oidc, paypal, paypal-sandbox, pingfederate, planningcenter, renren, salesforce, salesforce-community, salesforce-sandbox samlp, sharepoint, shopify, sms, soundcloud, thecity, thecity-sandbox, thirtysevensignals, twitter, untappd, vkontakte, waad, weibo, windowslive, wordpress, yahoo, yammer, yandex.
strategy_version str
Version 1 is deprecated, use version 2.
validation Mapping[str, str]
Validation of the minimum and maximum values allowed for a user to have as username. For details, see Validation.

Supporting Types

ConnectionOptions

AdfsServer string
ADFS Metadata source.
AllowedAudiences List<string>
List of allowed audiences.
ApiEnableUsers bool
AppDomain string
Azure AD domain name.

Deprecated: use domain instead

AppId string
Azure AD app ID.
AuthorizationEndpoint string
BruteForceProtection bool
Indicates whether or not to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.
ClientId string
OIDC provider client ID.
ClientSecret string
OIDC provider client secret.
CommunityBaseUrl string
String.
Configuration Dictionary<string, string>
A case-sensitive map of key value pairs used as configuration variables for the custom_script.
CustomScripts Dictionary<string, string>
Custom database action scripts. For more information, read Custom Database Action Script Templates.
Debug bool
(Boolean) When enabled additional debugging information will be generated.
DigestAlgorithm string
Sign Request Algorithm Digest
DisableCache bool
DisableSignup bool
Boolean. Indicates whether or not to allow user sign-ups to your application.
DiscoveryUrl string
OpenID discovery URL. E.g. https://auth.example.com/.well-known/openid-configuration.
Domain string
DomainAliases List<string>
List of the domains that can be authenticated using the Identity Provider. Only needed for Identifier First authentication flows.
EnabledDatabaseCustomization bool
FieldsMap Dictionary<string, string>
SAML Attributes mapping. If you’re configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.
From string
SMS number for the sender. Used when SMS Source is From.
IconUrl string
IdentityApi string
IdpInitiated ConnectionOptionsIdpInitiatedArgs
ImportMode bool
Indicates whether or not you have a legacy user store and want to gradually migrate those users to the Auth0 user store. Learn more.
Ips List<string>
Issuer string
Issuer URL. E.g. https://auth.example.com
JwksUri string
KeyId string
Key ID.
MaxGroupsToRetrieve string
Maximum number of groups to retrieve.
MessagingServiceSid string
SID for Copilot. Used when SMS Source is Copilot.
Mfa ConnectionOptionsMfaArgs
Configuration settings Options for multifactor authentication. For details, see MFA Options.
Name string
Name of the connection.
NonPersistentAttrs List<string>
If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the denylist. See here for more info.
PasswordComplexityOptions ConnectionOptionsPasswordComplexityOptionsArgs
Configuration settings for password complexity. For details, see Password Complexity Options.
PasswordDictionary ConnectionOptionsPasswordDictionaryArgs
Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary. For details, see Password Dictionary.
PasswordHistories List<ConnectionOptionsPasswordHistoryArgs>
Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords. For details, see Password History.
PasswordNoPersonalInfo ConnectionOptionsPasswordNoPersonalInfoArgs
Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user’s personal data, including user’s name, username, nickname, user_metadata.name, user_metadata.first, user_metadata.last, user’s email, or first part of the user’s email. For details, see Password No Personal Info.
PasswordPolicy string
Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include none, low, fair, good, excellent.
ProtocolBinding string
The SAML Response Binding - how the SAML token is received by Auth0 from IdP. Two possible values are urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect (default) and urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
RequestTemplate string
Template that formats the SAML request
RequiresUsername bool
Indicates whether or not the user is required to provide a username in addition to an email address.
Scopes List<string>
Scopes required by the connection. The value must be a list, for example ["openid", "profile", "email"].
Scripts Dictionary<string, string>
SetUserRootAttributes string
Determines whether the ‘name’, ‘given_name’, ‘family_name’, ‘nickname’, and ‘picture’ attributes can be independently updated when using the external IdP. Default is on_each_login and can be set to on_first_login.
ShouldTrustEmailVerifiedConnection string
Determines how Auth0 sets the email_verified field in the user profile. Can either be set to never_set_emails_as_verified or always_set_emails_as_verified.
SignInEndpoint string
SAML single login URL for the connection.
SignOutEndpoint string
SAML single logout URL for the connection.
SignSamlRequest bool
(Boolean) When enabled, the SAML authentication request will be signed.
SignatureAlgorithm string
Sign Request Algorithm
SigningCert string
The X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded
StrategyVersion int
Version 1 is deprecated, use version 2.
Subject string
Syntax string
Syntax of the SMS. Options include markdown and liquid.
TeamId string
Team ID.
Template string
Template for the SMS. You can use @@password@@ as a placeholder for the password value.
TenantDomain string
TokenEndpoint string
Totp ConnectionOptionsTotpArgs
Configuration options for one-time passwords. For details, see TOTP.
TwilioSid string
SID for your Twilio account.
TwilioToken string
AuthToken for your Twilio account.
Type string
Value can be back_channel or front_channel.
UseCertAuth bool
UseKerberos bool
UseWsfed bool
UserIdAttribute string
Attribute in the SAML token that will be mapped to the user_id property in Auth0.
UserinfoEndpoint string
Validation ConnectionOptionsValidationArgs
Validation of the minimum and maximum values allowed for a user to have as username. For details, see Validation.
WaadCommonEndpoint bool
Indicates whether or not to use the common endpoint rather than the default endpoint. Typically enabled if you’re using this for a multi-tenant application in Azure AD.
WaadProtocol string
AdfsServer string
ADFS Metadata source.
AllowedAudiences []string
List of allowed audiences.
ApiEnableUsers bool
AppDomain string
Azure AD domain name.

Deprecated: use domain instead

AppId string
Azure AD app ID.
AuthorizationEndpoint string
BruteForceProtection bool
Indicates whether or not to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.
ClientId string
OIDC provider client ID.
ClientSecret string
OIDC provider client secret.
CommunityBaseUrl string
String.
Configuration map[string]string
A case-sensitive map of key value pairs used as configuration variables for the custom_script.
CustomScripts map[string]string
Custom database action scripts. For more information, read Custom Database Action Script Templates.
Debug bool
(Boolean) When enabled additional debugging information will be generated.
DigestAlgorithm string
Sign Request Algorithm Digest
DisableCache bool
DisableSignup bool
Boolean. Indicates whether or not to allow user sign-ups to your application.
DiscoveryUrl string
OpenID discovery URL. E.g. https://auth.example.com/.well-known/openid-configuration.
Domain string
DomainAliases []string
List of the domains that can be authenticated using the Identity Provider. Only needed for Identifier First authentication flows.
EnabledDatabaseCustomization bool
FieldsMap map[string]string
SAML Attributes mapping. If you’re configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.
From string
SMS number for the sender. Used when SMS Source is From.
IconUrl string
IdentityApi string
IdpInitiated ConnectionOptionsIdpInitiated
ImportMode bool
Indicates whether or not you have a legacy user store and want to gradually migrate those users to the Auth0 user store. Learn more.
Ips []string
Issuer string
Issuer URL. E.g. https://auth.example.com
JwksUri string
KeyId string
Key ID.
MaxGroupsToRetrieve string
Maximum number of groups to retrieve.
MessagingServiceSid string
SID for Copilot. Used when SMS Source is Copilot.
Mfa ConnectionOptionsMfa
Configuration settings Options for multifactor authentication. For details, see MFA Options.
Name string
Name of the connection.
NonPersistentAttrs []string
If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the denylist. See here for more info.
PasswordComplexityOptions ConnectionOptionsPasswordComplexityOptions
Configuration settings for password complexity. For details, see Password Complexity Options.
PasswordDictionary ConnectionOptionsPasswordDictionary
Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary. For details, see Password Dictionary.
PasswordHistories []ConnectionOptionsPasswordHistory
Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords. For details, see Password History.
PasswordNoPersonalInfo ConnectionOptionsPasswordNoPersonalInfo
Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user’s personal data, including user’s name, username, nickname, user_metadata.name, user_metadata.first, user_metadata.last, user’s email, or first part of the user’s email. For details, see Password No Personal Info.
PasswordPolicy string
Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include none, low, fair, good, excellent.
ProtocolBinding string
The SAML Response Binding - how the SAML token is received by Auth0 from IdP. Two possible values are urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect (default) and urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
RequestTemplate string
Template that formats the SAML request
RequiresUsername bool
Indicates whether or not the user is required to provide a username in addition to an email address.
Scopes []string
Scopes required by the connection. The value must be a list, for example ["openid", "profile", "email"].
Scripts map[string]string
SetUserRootAttributes string
Determines whether the ‘name’, ‘given_name’, ‘family_name’, ‘nickname’, and ‘picture’ attributes can be independently updated when using the external IdP. Default is on_each_login and can be set to on_first_login.
ShouldTrustEmailVerifiedConnection string
Determines how Auth0 sets the email_verified field in the user profile. Can either be set to never_set_emails_as_verified or always_set_emails_as_verified.
SignInEndpoint string
SAML single login URL for the connection.
SignOutEndpoint string
SAML single logout URL for the connection.
SignSamlRequest bool
(Boolean) When enabled, the SAML authentication request will be signed.
SignatureAlgorithm string
Sign Request Algorithm
SigningCert string
The X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded
StrategyVersion int
Version 1 is deprecated, use version 2.
Subject string
Syntax string
Syntax of the SMS. Options include markdown and liquid.
TeamId string
Team ID.
Template string
Template for the SMS. You can use @@password@@ as a placeholder for the password value.
TenantDomain string
TokenEndpoint string
Totp ConnectionOptionsTotp
Configuration options for one-time passwords. For details, see TOTP.
TwilioSid string
SID for your Twilio account.
TwilioToken string
AuthToken for your Twilio account.
Type string
Value can be back_channel or front_channel.
UseCertAuth bool
UseKerberos bool
UseWsfed bool
UserIdAttribute string
Attribute in the SAML token that will be mapped to the user_id property in Auth0.
UserinfoEndpoint string
Validation ConnectionOptionsValidation
Validation of the minimum and maximum values allowed for a user to have as username. For details, see Validation.
WaadCommonEndpoint bool
Indicates whether or not to use the common endpoint rather than the default endpoint. Typically enabled if you’re using this for a multi-tenant application in Azure AD.
WaadProtocol string
adfsServer string
ADFS Metadata source.
allowedAudiences string[]
List of allowed audiences.
apiEnableUsers boolean
appDomain string
Azure AD domain name.

Deprecated: use domain instead

appId string
Azure AD app ID.
authorizationEndpoint string
bruteForceProtection boolean
Indicates whether or not to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.
clientId string
OIDC provider client ID.
clientSecret string
OIDC provider client secret.
communityBaseUrl string
String.
configuration {[key: string]: string}
A case-sensitive map of key value pairs used as configuration variables for the custom_script.
customScripts {[key: string]: string}
Custom database action scripts. For more information, read Custom Database Action Script Templates.
debug boolean
(Boolean) When enabled additional debugging information will be generated.
digestAlgorithm string
Sign Request Algorithm Digest
disableCache boolean
disableSignup boolean
Boolean. Indicates whether or not to allow user sign-ups to your application.
discoveryUrl string
OpenID discovery URL. E.g. https://auth.example.com/.well-known/openid-configuration.
domain string
domainAliases string[]
List of the domains that can be authenticated using the Identity Provider. Only needed for Identifier First authentication flows.
enabledDatabaseCustomization boolean
fieldsMap {[key: string]: string}
SAML Attributes mapping. If you’re configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.
from string
SMS number for the sender. Used when SMS Source is From.
iconUrl string
identityApi string
idpInitiated ConnectionOptionsIdpInitiatedArgs
importMode boolean
Indicates whether or not you have a legacy user store and want to gradually migrate those users to the Auth0 user store. Learn more.
ips string[]
issuer string
Issuer URL. E.g. https://auth.example.com
jwksUri string
keyId string
Key ID.
maxGroupsToRetrieve string
Maximum number of groups to retrieve.
messagingServiceSid string
SID for Copilot. Used when SMS Source is Copilot.
mfa ConnectionOptionsMfaArgs
Configuration settings Options for multifactor authentication. For details, see MFA Options.
name string
Name of the connection.
nonPersistentAttrs string[]
If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the denylist. See here for more info.
passwordComplexityOptions ConnectionOptionsPasswordComplexityOptionsArgs
Configuration settings for password complexity. For details, see Password Complexity Options.
passwordDictionary ConnectionOptionsPasswordDictionaryArgs
Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary. For details, see Password Dictionary.
passwordHistories ConnectionOptionsPasswordHistoryArgs[]
Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords. For details, see Password History.
passwordNoPersonalInfo ConnectionOptionsPasswordNoPersonalInfoArgs
Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user’s personal data, including user’s name, username, nickname, user_metadata.name, user_metadata.first, user_metadata.last, user’s email, or first part of the user’s email. For details, see Password No Personal Info.
passwordPolicy string
Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include none, low, fair, good, excellent.
protocolBinding string
The SAML Response Binding - how the SAML token is received by Auth0 from IdP. Two possible values are urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect (default) and urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
requestTemplate string
Template that formats the SAML request
requiresUsername boolean
Indicates whether or not the user is required to provide a username in addition to an email address.
scopes string[]
Scopes required by the connection. The value must be a list, for example ["openid", "profile", "email"].
scripts {[key: string]: string}
setUserRootAttributes string
Determines whether the ‘name’, ‘given_name’, ‘family_name’, ‘nickname’, and ‘picture’ attributes can be independently updated when using the external IdP. Default is on_each_login and can be set to on_first_login.
shouldTrustEmailVerifiedConnection string
Determines how Auth0 sets the email_verified field in the user profile. Can either be set to never_set_emails_as_verified or always_set_emails_as_verified.
signInEndpoint string
SAML single login URL for the connection.
signOutEndpoint string
SAML single logout URL for the connection.
signSamlRequest boolean
(Boolean) When enabled, the SAML authentication request will be signed.
signatureAlgorithm string
Sign Request Algorithm
signingCert string
The X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded
strategyVersion number
Version 1 is deprecated, use version 2.
subject string
syntax string
Syntax of the SMS. Options include markdown and liquid.
teamId string
Team ID.
template string
Template for the SMS. You can use @@password@@ as a placeholder for the password value.
tenantDomain string
tokenEndpoint string
totp ConnectionOptionsTotpArgs
Configuration options for one-time passwords. For details, see TOTP.
twilioSid string
SID for your Twilio account.
twilioToken string
AuthToken for your Twilio account.
type string
Value can be back_channel or front_channel.
useCertAuth boolean
useKerberos boolean
useWsfed boolean
userIdAttribute string
Attribute in the SAML token that will be mapped to the user_id property in Auth0.
userinfoEndpoint string
validation ConnectionOptionsValidationArgs
Validation of the minimum and maximum values allowed for a user to have as username. For details, see Validation.
waadCommonEndpoint boolean
Indicates whether or not to use the common endpoint rather than the default endpoint. Typically enabled if you’re using this for a multi-tenant application in Azure AD.
waadProtocol string
adfs_server str
ADFS Metadata source.
allowed_audiences Sequence[str]
List of allowed audiences.
api_enable_users bool
app_domain str
Azure AD domain name.

Deprecated: use domain instead

app_id str
Azure AD app ID.
authorization_endpoint str
brute_force_protection bool
Indicates whether or not to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.
client_id str
OIDC provider client ID.
client_secret str
OIDC provider client secret.
community_base_url str
String.
configuration Mapping[str, str]
A case-sensitive map of key value pairs used as configuration variables for the custom_script.
custom_scripts Mapping[str, str]
Custom database action scripts. For more information, read Custom Database Action Script Templates.
debug bool
(Boolean) When enabled additional debugging information will be generated.
digest_algorithm str
Sign Request Algorithm Digest
disable_cache bool
disable_signup bool
Boolean. Indicates whether or not to allow user sign-ups to your application.
discovery_url str
OpenID discovery URL. E.g. https://auth.example.com/.well-known/openid-configuration.
domain str
domain_aliases Sequence[str]
List of the domains that can be authenticated using the Identity Provider. Only needed for Identifier First authentication flows.
enabled_database_customization bool
fields_map Mapping[str, str]
SAML Attributes mapping. If you’re configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.
from_ str
SMS number for the sender. Used when SMS Source is From.
icon_url str
identity_api str
idp_initiated ConnectionOptionsIdpInitiatedArgs
import_mode bool
Indicates whether or not you have a legacy user store and want to gradually migrate those users to the Auth0 user store. Learn more.
ips Sequence[str]
issuer str
Issuer URL. E.g. https://auth.example.com
jwks_uri str
key_id str
Key ID.
max_groups_to_retrieve str
Maximum number of groups to retrieve.
messaging_service_sid str
SID for Copilot. Used when SMS Source is Copilot.
mfa ConnectionOptionsMfaArgs
Configuration settings Options for multifactor authentication. For details, see MFA Options.
name str
Name of the connection.
non_persistent_attrs Sequence[str]
If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the denylist. See here for more info.
password_complexity_options ConnectionOptionsPasswordComplexityOptionsArgs
Configuration settings for password complexity. For details, see Password Complexity Options.
password_dictionary ConnectionOptionsPasswordDictionaryArgs
Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary. For details, see Password Dictionary.
password_histories Sequence[ConnectionOptionsPasswordHistoryArgs]
Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords. For details, see Password History.
password_no_personal_info ConnectionOptionsPasswordNoPersonalInfoArgs
Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user’s personal data, including user’s name, username, nickname, user_metadata.name, user_metadata.first, user_metadata.last, user’s email, or first part of the user’s email. For details, see Password No Personal Info.
password_policy str
Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include none, low, fair, good, excellent.
protocol_binding str
The SAML Response Binding - how the SAML token is received by Auth0 from IdP. Two possible values are urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect (default) and urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
request_template str
Template that formats the SAML request
requires_username bool
Indicates whether or not the user is required to provide a username in addition to an email address.
scopes Sequence[str]
Scopes required by the connection. The value must be a list, for example ["openid", "profile", "email"].
scripts Mapping[str, str]
set_user_root_attributes str
Determines whether the ‘name’, ‘given_name’, ‘family_name’, ‘nickname’, and ‘picture’ attributes can be independently updated when using the external IdP. Default is on_each_login and can be set to on_first_login.
should_trust_email_verified_connection str
Determines how Auth0 sets the email_verified field in the user profile. Can either be set to never_set_emails_as_verified or always_set_emails_as_verified.
sign_in_endpoint str
SAML single login URL for the connection.
sign_out_endpoint str
SAML single logout URL for the connection.
sign_saml_request bool
(Boolean) When enabled, the SAML authentication request will be signed.
signature_algorithm str
Sign Request Algorithm
signing_cert str
The X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded
strategy_version int
Version 1 is deprecated, use version 2.
subject str
syntax str
Syntax of the SMS. Options include markdown and liquid.
team_id str
Team ID.
template str
Template for the SMS. You can use @@password@@ as a placeholder for the password value.
tenant_domain str
token_endpoint str
totp ConnectionOptionsTotpArgs
Configuration options for one-time passwords. For details, see TOTP.
twilio_sid str
SID for your Twilio account.
twilio_token str
AuthToken for your Twilio account.
type str
Value can be back_channel or front_channel.
use_cert_auth bool
use_kerberos bool
use_wsfed bool
user_id_attribute str
Attribute in the SAML token that will be mapped to the user_id property in Auth0.
userinfo_endpoint str
validation ConnectionOptionsValidationArgs
Validation of the minimum and maximum values allowed for a user to have as username. For details, see Validation.
waad_common_endpoint bool
Indicates whether or not to use the common endpoint rather than the default endpoint. Typically enabled if you’re using this for a multi-tenant application in Azure AD.
waad_protocol str

ConnectionOptionsIdpInitiated

ClientAuthorizeQuery string
ClientId string
Google client ID.
ClientProtocol string
ClientAuthorizeQuery string
ClientId string
Google client ID.
ClientProtocol string
clientAuthorizeQuery string
clientId string
Google client ID.
clientProtocol string

ConnectionOptionsMfa

Active bool
Indicates whether multifactor authentication is enabled for this connection.
ReturnEnrollSettings bool
Indicates whether multifactor authentication enrollment settings will be returned.
Active bool
Indicates whether multifactor authentication is enabled for this connection.
ReturnEnrollSettings bool
Indicates whether multifactor authentication enrollment settings will be returned.
active boolean
Indicates whether multifactor authentication is enabled for this connection.
returnEnrollSettings boolean
Indicates whether multifactor authentication enrollment settings will be returned.
active bool
Indicates whether multifactor authentication is enabled for this connection.
return_enroll_settings bool
Indicates whether multifactor authentication enrollment settings will be returned.

ConnectionOptionsPasswordComplexityOptions

MinLength int
Minimum number of characters allowed in passwords.
MinLength int
Minimum number of characters allowed in passwords.
minLength number
Minimum number of characters allowed in passwords.
min_length int
Minimum number of characters allowed in passwords.

ConnectionOptionsPasswordDictionary

Dictionaries List<string>
Customized contents of the password dictionary. By default, the password dictionary contains a list of the 10,000 most common passwords; your customized content is used in addition to the default password dictionary. Matching is not case-sensitive.
Enable bool
Indicates whether password history is enabled for the connection. When enabled, any existing users in this connection will be unaffected; the system will maintain their password history going forward.
Dictionaries []string
Customized contents of the password dictionary. By default, the password dictionary contains a list of the 10,000 most common passwords; your customized content is used in addition to the default password dictionary. Matching is not case-sensitive.
Enable bool
Indicates whether password history is enabled for the connection. When enabled, any existing users in this connection will be unaffected; the system will maintain their password history going forward.
dictionaries string[]
Customized contents of the password dictionary. By default, the password dictionary contains a list of the 10,000 most common passwords; your customized content is used in addition to the default password dictionary. Matching is not case-sensitive.
enable boolean
Indicates whether password history is enabled for the connection. When enabled, any existing users in this connection will be unaffected; the system will maintain their password history going forward.
dictionaries Sequence[str]
Customized contents of the password dictionary. By default, the password dictionary contains a list of the 10,000 most common passwords; your customized content is used in addition to the default password dictionary. Matching is not case-sensitive.
enable bool
Indicates whether password history is enabled for the connection. When enabled, any existing users in this connection will be unaffected; the system will maintain their password history going forward.

ConnectionOptionsPasswordHistory

Enable bool
Indicates whether password history is enabled for the connection. When enabled, any existing users in this connection will be unaffected; the system will maintain their password history going forward.
Size int
Indicates the number of passwords to keep in history with a maximum of 24.
Enable bool
Indicates whether password history is enabled for the connection. When enabled, any existing users in this connection will be unaffected; the system will maintain their password history going forward.
Size int
Indicates the number of passwords to keep in history with a maximum of 24.
enable boolean
Indicates whether password history is enabled for the connection. When enabled, any existing users in this connection will be unaffected; the system will maintain their password history going forward.
size number
Indicates the number of passwords to keep in history with a maximum of 24.
enable bool
Indicates whether password history is enabled for the connection. When enabled, any existing users in this connection will be unaffected; the system will maintain their password history going forward.
size int
Indicates the number of passwords to keep in history with a maximum of 24.

ConnectionOptionsPasswordNoPersonalInfo

Enable bool
Indicates whether the password personal info check is enabled for this connection.
Enable bool
Indicates whether the password personal info check is enabled for this connection.
enable boolean
Indicates whether the password personal info check is enabled for this connection.
enable bool
Indicates whether the password personal info check is enabled for this connection.

ConnectionOptionsTotp

Length int
Integer. Length of the one-time password.
TimeStep int
Integer. Seconds between allowed generation of new passwords.
Length int
Integer. Length of the one-time password.
TimeStep int
Integer. Seconds between allowed generation of new passwords.
length number
Integer. Length of the one-time password.
timeStep number
Integer. Seconds between allowed generation of new passwords.
length int
Integer. Length of the one-time password.
time_step int
Integer. Seconds between allowed generation of new passwords.

ConnectionOptionsValidation

Username ConnectionOptionsValidationUsernameArgs
Specifies the min and max values of username length. min and max are integers.
Username ConnectionOptionsValidationUsername
Specifies the min and max values of username length. min and max are integers.
username ConnectionOptionsValidationUsernameArgs
Specifies the min and max values of username length. min and max are integers.
username ConnectionOptionsValidationUsernameArgs
Specifies the min and max values of username length. min and max are integers.

ConnectionOptionsValidationUsername

Max int
Min int
Max int
Min int
max number
min number
max int
min int

Package Details

Repository
https://github.com/pulumi/pulumi-auth0
License
Apache-2.0
Notes
This Pulumi package is based on the auth0 Terraform Provider.