Application

Manages an Application within Azure Active Directory.

NOTE: If you’re authenticating using a Service Principal then it must have permissions to both Read and write owned by applications and Sign in and read user profile within the Windows Azure Active Directory API.

Example Usage

using Pulumi;
using AzureAD = Pulumi.AzureAD;

class MyStack : Stack
{
    public MyStack()
    {
        var example = new AzureAD.Application("example", new AzureAD.ApplicationArgs
        {
            AppRoles = 
            {
                new AzureAD.Inputs.ApplicationAppRoleArgs
                {
                    AllowedMemberTypes = 
                    {
                        "User",
                        "Application",
                    },
                    Description = "Admins can manage roles and perform all task actions",
                    DisplayName = "Admin",
                    IsEnabled = true,
                    Value = "Admin",
                },
            },
            AvailableToOtherTenants = false,
            DisplayName = "example",
            Homepage = "https://homepage",
            IdentifierUris = 
            {
                "https://uri",
            },
            Oauth2AllowImplicitFlow = true,
            Oauth2Permissions = 
            {
                new AzureAD.Inputs.ApplicationOauth2PermissionArgs
                {
                    AdminConsentDescription = "Allow the application to access example on behalf of the signed-in user.",
                    AdminConsentDisplayName = "Access example",
                    IsEnabled = true,
                    Type = "User",
                    UserConsentDescription = "Allow the application to access example on your behalf.",
                    UserConsentDisplayName = "Access example",
                    Value = "user_impersonation",
                },
                new AzureAD.Inputs.ApplicationOauth2PermissionArgs
                {
                    AdminConsentDescription = "Administer the example application",
                    AdminConsentDisplayName = "Administer",
                    IsEnabled = true,
                    Type = "Admin",
                    Value = "administer",
                },
            },
            OptionalClaims = new AzureAD.Inputs.ApplicationOptionalClaimsArgs
            {
                AccessTokens = 
                {
                    new AzureAD.Inputs.ApplicationOptionalClaimsAccessTokenArgs
                    {
                        Name = "myclaim",
                    },
                    new AzureAD.Inputs.ApplicationOptionalClaimsAccessTokenArgs
                    {
                        Name = "otherclaim",
                    },
                },
                IdTokens = 
                {
                    new AzureAD.Inputs.ApplicationOptionalClaimsIdTokenArgs
                    {
                        AdditionalProperties = 
                        {
                            "emit_as_roles",
                        },
                        Essential = true,
                        Name = "userclaim",
                        Source = "user",
                    },
                },
            },
            Owners = 
            {
                "00000004-0000-0000-c000-000000000000",
            },
            ReplyUrls = 
            {
                "https://replyurl",
            },
            RequiredResourceAccesses = 
            {
                new AzureAD.Inputs.ApplicationRequiredResourceAccessArgs
                {
                    ResourceAccesses = 
                    {
                        new AzureAD.Inputs.ApplicationRequiredResourceAccessResourceAccessArgs
                        {
                            Id = "...",
                            Type = "Role",
                        },
                        new AzureAD.Inputs.ApplicationRequiredResourceAccessResourceAccessArgs
                        {
                            Id = "...",
                            Type = "Scope",
                        },
                        new AzureAD.Inputs.ApplicationRequiredResourceAccessResourceAccessArgs
                        {
                            Id = "...",
                            Type = "Scope",
                        },
                    },
                    ResourceAppId = "00000003-0000-0000-c000-000000000000",
                },
                new AzureAD.Inputs.ApplicationRequiredResourceAccessArgs
                {
                    ResourceAccesses = 
                    {
                        new AzureAD.Inputs.ApplicationRequiredResourceAccessResourceAccessArgs
                        {
                            Id = "...",
                            Type = "Scope",
                        },
                    },
                    ResourceAppId = "00000002-0000-0000-c000-000000000000",
                },
            },
            Type = "webapp/api",
        });
    }

}
package main

import (
	"github.com/pulumi/pulumi-azuread/sdk/v4/go/azuread"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := azuread.NewApplication(ctx, "example", &azuread.ApplicationArgs{
			AppRoles: azuread.ApplicationAppRoleArray{
				&azuread.ApplicationAppRoleArgs{
					AllowedMemberTypes: pulumi.StringArray{
						pulumi.String("User"),
						pulumi.String("Application"),
					},
					Description: pulumi.String("Admins can manage roles and perform all task actions"),
					DisplayName: pulumi.String("Admin"),
					IsEnabled:   pulumi.Bool(true),
					Value:       pulumi.String("Admin"),
				},
			},
			AvailableToOtherTenants: pulumi.Bool(false),
			DisplayName:             pulumi.String("example"),
			Homepage:                pulumi.String("https://homepage"),
			IdentifierUris: pulumi.StringArray{
				pulumi.String("https://uri"),
			},
			Oauth2AllowImplicitFlow: pulumi.Bool(true),
			Oauth2Permissions: azuread.ApplicationOauth2PermissionArray{
				&azuread.ApplicationOauth2PermissionArgs{
					AdminConsentDescription: pulumi.String("Allow the application to access example on behalf of the signed-in user."),
					AdminConsentDisplayName: pulumi.String("Access example"),
					IsEnabled:               pulumi.Bool(true),
					Type:                    pulumi.String("User"),
					UserConsentDescription:  pulumi.String("Allow the application to access example on your behalf."),
					UserConsentDisplayName:  pulumi.String("Access example"),
					Value:                   pulumi.String("user_impersonation"),
				},
				&azuread.ApplicationOauth2PermissionArgs{
					AdminConsentDescription: pulumi.String("Administer the example application"),
					AdminConsentDisplayName: pulumi.String("Administer"),
					IsEnabled:               pulumi.Bool(true),
					Type:                    pulumi.String("Admin"),
					Value:                   pulumi.String("administer"),
				},
			},
			OptionalClaims: &azuread.ApplicationOptionalClaimsArgs{
				AccessTokens: azuread.ApplicationOptionalClaimsAccessTokenArray{
					&azuread.ApplicationOptionalClaimsAccessTokenArgs{
						Name: pulumi.String("myclaim"),
					},
					&azuread.ApplicationOptionalClaimsAccessTokenArgs{
						Name: pulumi.String("otherclaim"),
					},
				},
				IdTokens: azuread.ApplicationOptionalClaimsIdTokenArray{
					&azuread.ApplicationOptionalClaimsIdTokenArgs{
						AdditionalProperties: pulumi.StringArray{
							pulumi.String("emit_as_roles"),
						},
						Essential: pulumi.Bool(true),
						Name:      pulumi.String("userclaim"),
						Source:    pulumi.String("user"),
					},
				},
			},
			Owners: pulumi.StringArray{
				pulumi.String("00000004-0000-0000-c000-000000000000"),
			},
			ReplyUrls: pulumi.StringArray{
				pulumi.String("https://replyurl"),
			},
			RequiredResourceAccesses: azuread.ApplicationRequiredResourceAccessArray{
				&azuread.ApplicationRequiredResourceAccessArgs{
					ResourceAccesses: azuread.ApplicationRequiredResourceAccessResourceAccessArray{
						&azuread.ApplicationRequiredResourceAccessResourceAccessArgs{
							Id:   pulumi.String("..."),
							Type: pulumi.String("Role"),
						},
						&azuread.ApplicationRequiredResourceAccessResourceAccessArgs{
							Id:   pulumi.String("..."),
							Type: pulumi.String("Scope"),
						},
						&azuread.ApplicationRequiredResourceAccessResourceAccessArgs{
							Id:   pulumi.String("..."),
							Type: pulumi.String("Scope"),
						},
					},
					ResourceAppId: pulumi.String("00000003-0000-0000-c000-000000000000"),
				},
				&azuread.ApplicationRequiredResourceAccessArgs{
					ResourceAccesses: azuread.ApplicationRequiredResourceAccessResourceAccessArray{
						&azuread.ApplicationRequiredResourceAccessResourceAccessArgs{
							Id:   pulumi.String("..."),
							Type: pulumi.String("Scope"),
						},
					},
					ResourceAppId: pulumi.String("00000002-0000-0000-c000-000000000000"),
				},
			},
			Type: pulumi.String("webapp/api"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
import pulumi
import pulumi_azuread as azuread

example = azuread.Application("example",
    app_roles=[azuread.ApplicationAppRoleArgs(
        allowed_member_types=[
            "User",
            "Application",
        ],
        description="Admins can manage roles and perform all task actions",
        display_name="Admin",
        is_enabled=True,
        value="Admin",
    )],
    available_to_other_tenants=False,
    display_name="example",
    homepage="https://homepage",
    identifier_uris=["https://uri"],
    oauth2_allow_implicit_flow=True,
    oauth2_permissions=[
        azuread.ApplicationOauth2PermissionArgs(
            admin_consent_description="Allow the application to access example on behalf of the signed-in user.",
            admin_consent_display_name="Access example",
            is_enabled=True,
            type="User",
            user_consent_description="Allow the application to access example on your behalf.",
            user_consent_display_name="Access example",
            value="user_impersonation",
        ),
        azuread.ApplicationOauth2PermissionArgs(
            admin_consent_description="Administer the example application",
            admin_consent_display_name="Administer",
            is_enabled=True,
            type="Admin",
            value="administer",
        ),
    ],
    optional_claims=azuread.ApplicationOptionalClaimsArgs(
        access_tokens=[
            azuread.ApplicationOptionalClaimsAccessTokenArgs(
                name="myclaim",
            ),
            azuread.ApplicationOptionalClaimsAccessTokenArgs(
                name="otherclaim",
            ),
        ],
        id_tokens=[azuread.ApplicationOptionalClaimsIdTokenArgs(
            additional_properties=["emit_as_roles"],
            essential=True,
            name="userclaim",
            source="user",
        )],
    ),
    owners=["00000004-0000-0000-c000-000000000000"],
    reply_urls=["https://replyurl"],
    required_resource_accesses=[
        azuread.ApplicationRequiredResourceAccessArgs(
            resource_accesses=[
                azuread.ApplicationRequiredResourceAccessResourceAccessArgs(
                    id="...",
                    type="Role",
                ),
                azuread.ApplicationRequiredResourceAccessResourceAccessArgs(
                    id="...",
                    type="Scope",
                ),
                azuread.ApplicationRequiredResourceAccessResourceAccessArgs(
                    id="...",
                    type="Scope",
                ),
            ],
            resource_app_id="00000003-0000-0000-c000-000000000000",
        ),
        azuread.ApplicationRequiredResourceAccessArgs(
            resource_accesses=[azuread.ApplicationRequiredResourceAccessResourceAccessArgs(
                id="...",
                type="Scope",
            )],
            resource_app_id="00000002-0000-0000-c000-000000000000",
        ),
    ],
    type="webapp/api")
import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";

const example = new azuread.Application("example", {
    appRoles: [{
        allowedMemberTypes: [
            "User",
            "Application",
        ],
        description: "Admins can manage roles and perform all task actions",
        displayName: "Admin",
        isEnabled: true,
        value: "Admin",
    }],
    availableToOtherTenants: false,
    displayName: "example",
    homepage: "https://homepage",
    identifierUris: ["https://uri"],
    oauth2AllowImplicitFlow: true,
    oauth2Permissions: [
        {
            adminConsentDescription: "Allow the application to access example on behalf of the signed-in user.",
            adminConsentDisplayName: "Access example",
            isEnabled: true,
            type: "User",
            userConsentDescription: "Allow the application to access example on your behalf.",
            userConsentDisplayName: "Access example",
            value: "user_impersonation",
        },
        {
            adminConsentDescription: "Administer the example application",
            adminConsentDisplayName: "Administer",
            isEnabled: true,
            type: "Admin",
            value: "administer",
        },
    ],
    optionalClaims: {
        accessTokens: [
            {
                name: "myclaim",
            },
            {
                name: "otherclaim",
            },
        ],
        idTokens: [{
            additionalProperties: ["emit_as_roles"],
            essential: true,
            name: "userclaim",
            source: "user",
        }],
    },
    owners: ["00000004-0000-0000-c000-000000000000"],
    replyUrls: ["https://replyurl"],
    requiredResourceAccesses: [
        {
            resourceAccesses: [
                {
                    id: "...",
                    type: "Role",
                },
                {
                    id: "...",
                    type: "Scope",
                },
                {
                    id: "...",
                    type: "Scope",
                },
            ],
            resourceAppId: "00000003-0000-0000-c000-000000000000",
        },
        {
            resourceAccesses: [{
                id: "...",
                type: "Scope",
            }],
            resourceAppId: "00000002-0000-0000-c000-000000000000",
        },
    ],
    type: "webapp/api",
});

Create a Application Resource

new Application(name: string, args?: ApplicationArgs, opts?: CustomResourceOptions);
@overload
def Application(resource_name: str,
                opts: Optional[ResourceOptions] = None,
                app_roles: Optional[Sequence[ApplicationAppRoleArgs]] = None,
                available_to_other_tenants: Optional[bool] = None,
                display_name: Optional[str] = None,
                group_membership_claims: Optional[str] = None,
                homepage: Optional[str] = None,
                identifier_uris: Optional[Sequence[str]] = None,
                logout_url: Optional[str] = None,
                name: Optional[str] = None,
                oauth2_allow_implicit_flow: Optional[bool] = None,
                oauth2_permissions: Optional[Sequence[ApplicationOauth2PermissionArgs]] = None,
                optional_claims: Optional[ApplicationOptionalClaimsArgs] = None,
                owners: Optional[Sequence[str]] = None,
                prevent_duplicate_names: Optional[bool] = None,
                public_client: Optional[bool] = None,
                reply_urls: Optional[Sequence[str]] = None,
                required_resource_accesses: Optional[Sequence[ApplicationRequiredResourceAccessArgs]] = None,
                type: Optional[str] = None)
@overload
def Application(resource_name: str,
                args: Optional[ApplicationArgs] = None,
                opts: Optional[ResourceOptions] = None)
func NewApplication(ctx *Context, name string, args *ApplicationArgs, opts ...ResourceOption) (*Application, error)
public Application(string name, ApplicationArgs? args = null, CustomResourceOptions? opts = null)
name string
The unique name of the resource.
args ApplicationArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args ApplicationArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args ApplicationArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args ApplicationArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.

Application Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.

Inputs

The Application resource accepts the following input properties:

AppRoles List<Pulumi.AzureAD.Inputs.ApplicationAppRoleArgs>
A collection of app_role blocks as documented below. For more information https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/app-roles
AvailableToOtherTenants bool
Is this Azure AD Application available to other tenants? Defaults to false.
DisplayName string
The display name for the application.
GroupMembershipClaims string
Configures the groups claim issued in a user or OAuth 2.0 access token that the app expects. Defaults to SecurityGroup. Possible values are None, SecurityGroup, DirectoryRole, ApplicationGroup or All.
Homepage string
The URL to the application’s home page.
IdentifierUris List<string>
A list of user-defined URI(s) that uniquely identify a Web application within it’s Azure AD tenant, or within a verified custom domain if the application is multi-tenant.
LogoutUrl string
The URL of the logout page.
Name string
The name of the optional claim.

Deprecated: This property has been renamed to display_name and will be removed in version 2.0 of this provider.

Oauth2AllowImplicitFlow bool
Does this Azure AD Application allow OAuth2.0 implicit flow tokens? Defaults to false.
Oauth2Permissions List<Pulumi.AzureAD.Inputs.ApplicationOauth2PermissionArgs>
A collection of OAuth 2.0 permission scopes that the web API (resource) app exposes to client apps. Each permission is covered by oauth2_permissions blocks as documented below.
OptionalClaims Pulumi.AzureAD.Inputs.ApplicationOptionalClaimsArgs
A collection of access_token or id_token blocks as documented below which list the optional claims configured for each token type. For more information see https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-optional-claims
Owners List<string>
A list of Azure AD Object IDs that will be granted ownership of the application. Defaults to the Object ID of the caller creating the application. If a list is specified the caller Object ID will no longer be included unless explicitly added to the list.
PreventDuplicateNames bool
If true, will return an error when an existing Application is found with the same name. Defaults to false.
PublicClient bool
Is this Azure AD Application a public client? Defaults to false.
ReplyUrls List<string>
A list of URLs that user tokens are sent to for sign in, or the redirect URIs that OAuth 2.0 authorization codes and access tokens are sent to.
RequiredResourceAccesses List<Pulumi.AzureAD.Inputs.ApplicationRequiredResourceAccessArgs>
A collection of required_resource_access blocks as documented below.
Type string
Type of an application: webapp/api or native. Defaults to webapp/api. For native apps type identifier_uris property can not not be set.

Deprecated: This property is deprecated and will be removed in version 2.0 of this provider.

AppRoles []ApplicationAppRoleType
A collection of app_role blocks as documented below. For more information https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/app-roles
AvailableToOtherTenants bool
Is this Azure AD Application available to other tenants? Defaults to false.
DisplayName string
The display name for the application.
GroupMembershipClaims string
Configures the groups claim issued in a user or OAuth 2.0 access token that the app expects. Defaults to SecurityGroup. Possible values are None, SecurityGroup, DirectoryRole, ApplicationGroup or All.
Homepage string
The URL to the application’s home page.
IdentifierUris []string
A list of user-defined URI(s) that uniquely identify a Web application within it’s Azure AD tenant, or within a verified custom domain if the application is multi-tenant.
LogoutUrl string
The URL of the logout page.
Name string
The name of the optional claim.

Deprecated: This property has been renamed to display_name and will be removed in version 2.0 of this provider.

Oauth2AllowImplicitFlow bool
Does this Azure AD Application allow OAuth2.0 implicit flow tokens? Defaults to false.
Oauth2Permissions []ApplicationOauth2Permission
A collection of OAuth 2.0 permission scopes that the web API (resource) app exposes to client apps. Each permission is covered by oauth2_permissions blocks as documented below.
OptionalClaims ApplicationOptionalClaims
A collection of access_token or id_token blocks as documented below which list the optional claims configured for each token type. For more information see https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-optional-claims
Owners []string
A list of Azure AD Object IDs that will be granted ownership of the application. Defaults to the Object ID of the caller creating the application. If a list is specified the caller Object ID will no longer be included unless explicitly added to the list.
PreventDuplicateNames bool
If true, will return an error when an existing Application is found with the same name. Defaults to false.
PublicClient bool
Is this Azure AD Application a public client? Defaults to false.
ReplyUrls []string
A list of URLs that user tokens are sent to for sign in, or the redirect URIs that OAuth 2.0 authorization codes and access tokens are sent to.
RequiredResourceAccesses []ApplicationRequiredResourceAccess
A collection of required_resource_access blocks as documented below.
Type string
Type of an application: webapp/api or native. Defaults to webapp/api. For native apps type identifier_uris property can not not be set.

Deprecated: This property is deprecated and will be removed in version 2.0 of this provider.

appRoles ApplicationAppRoleArgs[]
A collection of app_role blocks as documented below. For more information https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/app-roles
availableToOtherTenants boolean
Is this Azure AD Application available to other tenants? Defaults to false.
displayName string
The display name for the application.
groupMembershipClaims string
Configures the groups claim issued in a user or OAuth 2.0 access token that the app expects. Defaults to SecurityGroup. Possible values are None, SecurityGroup, DirectoryRole, ApplicationGroup or All.
homepage string
The URL to the application’s home page.
identifierUris string[]
A list of user-defined URI(s) that uniquely identify a Web application within it’s Azure AD tenant, or within a verified custom domain if the application is multi-tenant.
logoutUrl string
The URL of the logout page.
name string
The name of the optional claim.

Deprecated: This property has been renamed to display_name and will be removed in version 2.0 of this provider.

oauth2AllowImplicitFlow boolean
Does this Azure AD Application allow OAuth2.0 implicit flow tokens? Defaults to false.
oauth2Permissions ApplicationOauth2PermissionArgs[]
A collection of OAuth 2.0 permission scopes that the web API (resource) app exposes to client apps. Each permission is covered by oauth2_permissions blocks as documented below.
optionalClaims ApplicationOptionalClaimsArgs
A collection of access_token or id_token blocks as documented below which list the optional claims configured for each token type. For more information see https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-optional-claims
owners string[]
A list of Azure AD Object IDs that will be granted ownership of the application. Defaults to the Object ID of the caller creating the application. If a list is specified the caller Object ID will no longer be included unless explicitly added to the list.
preventDuplicateNames boolean
If true, will return an error when an existing Application is found with the same name. Defaults to false.
publicClient boolean
Is this Azure AD Application a public client? Defaults to false.
replyUrls string[]
A list of URLs that user tokens are sent to for sign in, or the redirect URIs that OAuth 2.0 authorization codes and access tokens are sent to.
requiredResourceAccesses ApplicationRequiredResourceAccessArgs[]
A collection of required_resource_access blocks as documented below.
type string
Type of an application: webapp/api or native. Defaults to webapp/api. For native apps type identifier_uris property can not not be set.

Deprecated: This property is deprecated and will be removed in version 2.0 of this provider.

app_roles Sequence[ApplicationAppRoleArgs]
A collection of app_role blocks as documented below. For more information https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/app-roles
available_to_other_tenants bool
Is this Azure AD Application available to other tenants? Defaults to false.
display_name str
The display name for the application.
group_membership_claims str
Configures the groups claim issued in a user or OAuth 2.0 access token that the app expects. Defaults to SecurityGroup. Possible values are None, SecurityGroup, DirectoryRole, ApplicationGroup or All.
homepage str
The URL to the application’s home page.
identifier_uris Sequence[str]
A list of user-defined URI(s) that uniquely identify a Web application within it’s Azure AD tenant, or within a verified custom domain if the application is multi-tenant.
logout_url str
The URL of the logout page.
name str
The name of the optional claim.

Deprecated: This property has been renamed to display_name and will be removed in version 2.0 of this provider.

oauth2_allow_implicit_flow bool
Does this Azure AD Application allow OAuth2.0 implicit flow tokens? Defaults to false.
oauth2_permissions Sequence[ApplicationOauth2PermissionArgs]
A collection of OAuth 2.0 permission scopes that the web API (resource) app exposes to client apps. Each permission is covered by oauth2_permissions blocks as documented below.
optional_claims ApplicationOptionalClaimsArgs
A collection of access_token or id_token blocks as documented below which list the optional claims configured for each token type. For more information see https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-optional-claims
owners Sequence[str]
A list of Azure AD Object IDs that will be granted ownership of the application. Defaults to the Object ID of the caller creating the application. If a list is specified the caller Object ID will no longer be included unless explicitly added to the list.
prevent_duplicate_names bool
If true, will return an error when an existing Application is found with the same name. Defaults to false.
public_client bool
Is this Azure AD Application a public client? Defaults to false.
reply_urls Sequence[str]
A list of URLs that user tokens are sent to for sign in, or the redirect URIs that OAuth 2.0 authorization codes and access tokens are sent to.
required_resource_accesses Sequence[ApplicationRequiredResourceAccessArgs]
A collection of required_resource_access blocks as documented below.
type str
Type of an application: webapp/api or native. Defaults to webapp/api. For native apps type identifier_uris property can not not be set.

Deprecated: This property is deprecated and will be removed in version 2.0 of this provider.

Outputs

All input properties are implicitly available as output properties. Additionally, the Application resource produces the following output properties:

ApplicationId string
The Application ID (Client ID).
Id string
The provider-assigned unique ID for this managed resource.
ObjectId string
The Application’s Object ID.
ApplicationId string
The Application ID (Client ID).
Id string
The provider-assigned unique ID for this managed resource.
ObjectId string
The Application’s Object ID.
applicationId string
The Application ID (Client ID).
id string
The provider-assigned unique ID for this managed resource.
objectId string
The Application’s Object ID.
application_id str
The Application ID (Client ID).
id str
The provider-assigned unique ID for this managed resource.
object_id str
The Application’s Object ID.

Look up an Existing Application Resource

Get an existing Application resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: ApplicationState, opts?: CustomResourceOptions): Application
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        app_roles: Optional[Sequence[ApplicationAppRoleArgs]] = None,
        application_id: Optional[str] = None,
        available_to_other_tenants: Optional[bool] = None,
        display_name: Optional[str] = None,
        group_membership_claims: Optional[str] = None,
        homepage: Optional[str] = None,
        identifier_uris: Optional[Sequence[str]] = None,
        logout_url: Optional[str] = None,
        name: Optional[str] = None,
        oauth2_allow_implicit_flow: Optional[bool] = None,
        oauth2_permissions: Optional[Sequence[ApplicationOauth2PermissionArgs]] = None,
        object_id: Optional[str] = None,
        optional_claims: Optional[ApplicationOptionalClaimsArgs] = None,
        owners: Optional[Sequence[str]] = None,
        prevent_duplicate_names: Optional[bool] = None,
        public_client: Optional[bool] = None,
        reply_urls: Optional[Sequence[str]] = None,
        required_resource_accesses: Optional[Sequence[ApplicationRequiredResourceAccessArgs]] = None,
        type: Optional[str] = None) -> Application
func GetApplication(ctx *Context, name string, id IDInput, state *ApplicationState, opts ...ResourceOption) (*Application, error)
public static Application Get(string name, Input<string> id, ApplicationState? state, CustomResourceOptions? opts = null)
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.

The following state arguments are supported:

AppRoles List<Pulumi.AzureAD.Inputs.ApplicationAppRoleArgs>
A collection of app_role blocks as documented below. For more information https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/app-roles
ApplicationId string
The Application ID (Client ID).
AvailableToOtherTenants bool
Is this Azure AD Application available to other tenants? Defaults to false.
DisplayName string
The display name for the application.
GroupMembershipClaims string
Configures the groups claim issued in a user or OAuth 2.0 access token that the app expects. Defaults to SecurityGroup. Possible values are None, SecurityGroup, DirectoryRole, ApplicationGroup or All.
Homepage string
The URL to the application’s home page.
IdentifierUris List<string>
A list of user-defined URI(s) that uniquely identify a Web application within it’s Azure AD tenant, or within a verified custom domain if the application is multi-tenant.
LogoutUrl string
The URL of the logout page.
Name string
The name of the optional claim.

Deprecated: This property has been renamed to display_name and will be removed in version 2.0 of this provider.

Oauth2AllowImplicitFlow bool
Does this Azure AD Application allow OAuth2.0 implicit flow tokens? Defaults to false.
Oauth2Permissions List<Pulumi.AzureAD.Inputs.ApplicationOauth2PermissionArgs>
A collection of OAuth 2.0 permission scopes that the web API (resource) app exposes to client apps. Each permission is covered by oauth2_permissions blocks as documented below.
ObjectId string
The Application’s Object ID.
OptionalClaims Pulumi.AzureAD.Inputs.ApplicationOptionalClaimsArgs
A collection of access_token or id_token blocks as documented below which list the optional claims configured for each token type. For more information see https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-optional-claims
Owners List<string>
A list of Azure AD Object IDs that will be granted ownership of the application. Defaults to the Object ID of the caller creating the application. If a list is specified the caller Object ID will no longer be included unless explicitly added to the list.
PreventDuplicateNames bool
If true, will return an error when an existing Application is found with the same name. Defaults to false.
PublicClient bool
Is this Azure AD Application a public client? Defaults to false.
ReplyUrls List<string>
A list of URLs that user tokens are sent to for sign in, or the redirect URIs that OAuth 2.0 authorization codes and access tokens are sent to.
RequiredResourceAccesses List<Pulumi.AzureAD.Inputs.ApplicationRequiredResourceAccessArgs>
A collection of required_resource_access blocks as documented below.
Type string
Type of an application: webapp/api or native. Defaults to webapp/api. For native apps type identifier_uris property can not not be set.

Deprecated: This property is deprecated and will be removed in version 2.0 of this provider.

AppRoles []ApplicationAppRoleType
A collection of app_role blocks as documented below. For more information https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/app-roles
ApplicationId string
The Application ID (Client ID).
AvailableToOtherTenants bool
Is this Azure AD Application available to other tenants? Defaults to false.
DisplayName string
The display name for the application.
GroupMembershipClaims string
Configures the groups claim issued in a user or OAuth 2.0 access token that the app expects. Defaults to SecurityGroup. Possible values are None, SecurityGroup, DirectoryRole, ApplicationGroup or All.
Homepage string
The URL to the application’s home page.
IdentifierUris []string
A list of user-defined URI(s) that uniquely identify a Web application within it’s Azure AD tenant, or within a verified custom domain if the application is multi-tenant.
LogoutUrl string
The URL of the logout page.
Name string
The name of the optional claim.

Deprecated: This property has been renamed to display_name and will be removed in version 2.0 of this provider.

Oauth2AllowImplicitFlow bool
Does this Azure AD Application allow OAuth2.0 implicit flow tokens? Defaults to false.
Oauth2Permissions []ApplicationOauth2Permission
A collection of OAuth 2.0 permission scopes that the web API (resource) app exposes to client apps. Each permission is covered by oauth2_permissions blocks as documented below.
ObjectId string
The Application’s Object ID.
OptionalClaims ApplicationOptionalClaims
A collection of access_token or id_token blocks as documented below which list the optional claims configured for each token type. For more information see https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-optional-claims
Owners []string
A list of Azure AD Object IDs that will be granted ownership of the application. Defaults to the Object ID of the caller creating the application. If a list is specified the caller Object ID will no longer be included unless explicitly added to the list.
PreventDuplicateNames bool
If true, will return an error when an existing Application is found with the same name. Defaults to false.
PublicClient bool
Is this Azure AD Application a public client? Defaults to false.
ReplyUrls []string
A list of URLs that user tokens are sent to for sign in, or the redirect URIs that OAuth 2.0 authorization codes and access tokens are sent to.
RequiredResourceAccesses []ApplicationRequiredResourceAccess
A collection of required_resource_access blocks as documented below.
Type string
Type of an application: webapp/api or native. Defaults to webapp/api. For native apps type identifier_uris property can not not be set.

Deprecated: This property is deprecated and will be removed in version 2.0 of this provider.

appRoles ApplicationAppRoleArgs[]
A collection of app_role blocks as documented below. For more information https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/app-roles
applicationId string
The Application ID (Client ID).
availableToOtherTenants boolean
Is this Azure AD Application available to other tenants? Defaults to false.
displayName string
The display name for the application.
groupMembershipClaims string
Configures the groups claim issued in a user or OAuth 2.0 access token that the app expects. Defaults to SecurityGroup. Possible values are None, SecurityGroup, DirectoryRole, ApplicationGroup or All.
homepage string
The URL to the application’s home page.
identifierUris string[]
A list of user-defined URI(s) that uniquely identify a Web application within it’s Azure AD tenant, or within a verified custom domain if the application is multi-tenant.
logoutUrl string
The URL of the logout page.
name string
The name of the optional claim.

Deprecated: This property has been renamed to display_name and will be removed in version 2.0 of this provider.

oauth2AllowImplicitFlow boolean
Does this Azure AD Application allow OAuth2.0 implicit flow tokens? Defaults to false.
oauth2Permissions ApplicationOauth2PermissionArgs[]
A collection of OAuth 2.0 permission scopes that the web API (resource) app exposes to client apps. Each permission is covered by oauth2_permissions blocks as documented below.
objectId string
The Application’s Object ID.
optionalClaims ApplicationOptionalClaimsArgs
A collection of access_token or id_token blocks as documented below which list the optional claims configured for each token type. For more information see https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-optional-claims
owners string[]
A list of Azure AD Object IDs that will be granted ownership of the application. Defaults to the Object ID of the caller creating the application. If a list is specified the caller Object ID will no longer be included unless explicitly added to the list.
preventDuplicateNames boolean
If true, will return an error when an existing Application is found with the same name. Defaults to false.
publicClient boolean
Is this Azure AD Application a public client? Defaults to false.
replyUrls string[]
A list of URLs that user tokens are sent to for sign in, or the redirect URIs that OAuth 2.0 authorization codes and access tokens are sent to.
requiredResourceAccesses ApplicationRequiredResourceAccessArgs[]
A collection of required_resource_access blocks as documented below.
type string
Type of an application: webapp/api or native. Defaults to webapp/api. For native apps type identifier_uris property can not not be set.

Deprecated: This property is deprecated and will be removed in version 2.0 of this provider.

app_roles Sequence[ApplicationAppRoleArgs]
A collection of app_role blocks as documented below. For more information https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/app-roles
application_id str
The Application ID (Client ID).
available_to_other_tenants bool
Is this Azure AD Application available to other tenants? Defaults to false.
display_name str
The display name for the application.
group_membership_claims str
Configures the groups claim issued in a user or OAuth 2.0 access token that the app expects. Defaults to SecurityGroup. Possible values are None, SecurityGroup, DirectoryRole, ApplicationGroup or All.
homepage str
The URL to the application’s home page.
identifier_uris Sequence[str]
A list of user-defined URI(s) that uniquely identify a Web application within it’s Azure AD tenant, or within a verified custom domain if the application is multi-tenant.
logout_url str
The URL of the logout page.
name str
The name of the optional claim.

Deprecated: This property has been renamed to display_name and will be removed in version 2.0 of this provider.

oauth2_allow_implicit_flow bool
Does this Azure AD Application allow OAuth2.0 implicit flow tokens? Defaults to false.
oauth2_permissions Sequence[ApplicationOauth2PermissionArgs]
A collection of OAuth 2.0 permission scopes that the web API (resource) app exposes to client apps. Each permission is covered by oauth2_permissions blocks as documented below.
object_id str
The Application’s Object ID.
optional_claims ApplicationOptionalClaimsArgs
A collection of access_token or id_token blocks as documented below which list the optional claims configured for each token type. For more information see https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-optional-claims
owners Sequence[str]
A list of Azure AD Object IDs that will be granted ownership of the application. Defaults to the Object ID of the caller creating the application. If a list is specified the caller Object ID will no longer be included unless explicitly added to the list.
prevent_duplicate_names bool
If true, will return an error when an existing Application is found with the same name. Defaults to false.
public_client bool
Is this Azure AD Application a public client? Defaults to false.
reply_urls Sequence[str]
A list of URLs that user tokens are sent to for sign in, or the redirect URIs that OAuth 2.0 authorization codes and access tokens are sent to.
required_resource_accesses Sequence[ApplicationRequiredResourceAccessArgs]
A collection of required_resource_access blocks as documented below.
type str
Type of an application: webapp/api or native. Defaults to webapp/api. For native apps type identifier_uris property can not not be set.

Deprecated: This property is deprecated and will be removed in version 2.0 of this provider.

Supporting Types

ApplicationAppRole

AllowedMemberTypes List<string>
Specifies whether this app role definition can be assigned to users and groups by setting to User, or to other applications (that are accessing this application in daemon service scenarios) by setting to Application, or to both.
Description string
Permission help text that appears in the admin app assignment and consent experiences.
DisplayName string
Display name for the permission that appears in the admin consent and app assignment experiences.
Id string
The unique identifier of the permision. This attribute is computed and cannot be specified manually in this block. If you need to specify a custom id, it’s recommended to use the azuread.ApplicationOAuth2Permission resource.
IsEnabled bool
Determines if the permission is enabled: defaults to true.
Value string
The value of the scope claim that the resource application should expect in the OAuth 2.0 access token.
AllowedMemberTypes []string
Specifies whether this app role definition can be assigned to users and groups by setting to User, or to other applications (that are accessing this application in daemon service scenarios) by setting to Application, or to both.
Description string
Permission help text that appears in the admin app assignment and consent experiences.
DisplayName string
Display name for the permission that appears in the admin consent and app assignment experiences.
Id string
The unique identifier of the permision. This attribute is computed and cannot be specified manually in this block. If you need to specify a custom id, it’s recommended to use the azuread.ApplicationOAuth2Permission resource.
IsEnabled bool
Determines if the permission is enabled: defaults to true.
Value string
The value of the scope claim that the resource application should expect in the OAuth 2.0 access token.
allowedMemberTypes string[]
Specifies whether this app role definition can be assigned to users and groups by setting to User, or to other applications (that are accessing this application in daemon service scenarios) by setting to Application, or to both.
description string
Permission help text that appears in the admin app assignment and consent experiences.
displayName string
Display name for the permission that appears in the admin consent and app assignment experiences.
id string
The unique identifier of the permision. This attribute is computed and cannot be specified manually in this block. If you need to specify a custom id, it’s recommended to use the azuread.ApplicationOAuth2Permission resource.
isEnabled boolean
Determines if the permission is enabled: defaults to true.
value string
The value of the scope claim that the resource application should expect in the OAuth 2.0 access token.
allowed_member_types Sequence[str]
Specifies whether this app role definition can be assigned to users and groups by setting to User, or to other applications (that are accessing this application in daemon service scenarios) by setting to Application, or to both.
description str
Permission help text that appears in the admin app assignment and consent experiences.
display_name str
Display name for the permission that appears in the admin consent and app assignment experiences.
id str
The unique identifier of the permision. This attribute is computed and cannot be specified manually in this block. If you need to specify a custom id, it’s recommended to use the azuread.ApplicationOAuth2Permission resource.
is_enabled bool
Determines if the permission is enabled: defaults to true.
value str
The value of the scope claim that the resource application should expect in the OAuth 2.0 access token.

ApplicationOauth2Permission

AdminConsentDescription string
Permission help text that appears in the admin consent and app assignment experiences.
AdminConsentDisplayName string
Display name for the permission that appears in the admin consent and app assignment experiences.
Id string
The unique identifier of the app role. This attribute is computed and cannot be specified manually in this block. If you need to specify a custom id, it’s recommended to use the azuread.ApplicationAppRole resource.
IsEnabled bool
Determines if the app role is enabled: Defaults to true.
Type string
Type of an application: webapp/api or native. Defaults to webapp/api. For native apps type identifier_uris property can not not be set.
UserConsentDescription string
Permission help text that appears in the end user consent experience.
UserConsentDisplayName string
Display name for the permission that appears in the end user consent experience.
Value string
Specifies the value of the roles claim that the application should expect in the authentication and access tokens.
AdminConsentDescription string
Permission help text that appears in the admin consent and app assignment experiences.
AdminConsentDisplayName string
Display name for the permission that appears in the admin consent and app assignment experiences.
Id string
The unique identifier of the app role. This attribute is computed and cannot be specified manually in this block. If you need to specify a custom id, it’s recommended to use the azuread.ApplicationAppRole resource.
IsEnabled bool
Determines if the app role is enabled: Defaults to true.
Type string
Type of an application: webapp/api or native. Defaults to webapp/api. For native apps type identifier_uris property can not not be set.
UserConsentDescription string
Permission help text that appears in the end user consent experience.
UserConsentDisplayName string
Display name for the permission that appears in the end user consent experience.
Value string
Specifies the value of the roles claim that the application should expect in the authentication and access tokens.
adminConsentDescription string
Permission help text that appears in the admin consent and app assignment experiences.
adminConsentDisplayName string
Display name for the permission that appears in the admin consent and app assignment experiences.
id string
The unique identifier of the app role. This attribute is computed and cannot be specified manually in this block. If you need to specify a custom id, it’s recommended to use the azuread.ApplicationAppRole resource.
isEnabled boolean
Determines if the app role is enabled: Defaults to true.
type string
Type of an application: webapp/api or native. Defaults to webapp/api. For native apps type identifier_uris property can not not be set.
userConsentDescription string
Permission help text that appears in the end user consent experience.
userConsentDisplayName string
Display name for the permission that appears in the end user consent experience.
value string
Specifies the value of the roles claim that the application should expect in the authentication and access tokens.
admin_consent_description str
Permission help text that appears in the admin consent and app assignment experiences.
admin_consent_display_name str
Display name for the permission that appears in the admin consent and app assignment experiences.
id str
The unique identifier of the app role. This attribute is computed and cannot be specified manually in this block. If you need to specify a custom id, it’s recommended to use the azuread.ApplicationAppRole resource.
is_enabled bool
Determines if the app role is enabled: Defaults to true.
type str
Type of an application: webapp/api or native. Defaults to webapp/api. For native apps type identifier_uris property can not not be set.
user_consent_description str
Permission help text that appears in the end user consent experience.
user_consent_display_name str
Display name for the permission that appears in the end user consent experience.
value str
Specifies the value of the roles claim that the application should expect in the authentication and access tokens.

ApplicationOptionalClaims

ApplicationOptionalClaimsAccessToken

Name string
The name of the optional claim.
AdditionalProperties List<string>
List of Additional Properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim.
Essential bool
Whether the claim specified by the client is necessary to ensure a smooth authorization experience.
Source string
The source of the claim. If source is absent, the claim is a predefined optional claim. If source is user, the value of name is the extension property from the user object.
Name string
The name of the optional claim.
AdditionalProperties []string
List of Additional Properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim.
Essential bool
Whether the claim specified by the client is necessary to ensure a smooth authorization experience.
Source string
The source of the claim. If source is absent, the claim is a predefined optional claim. If source is user, the value of name is the extension property from the user object.
name string
The name of the optional claim.
additionalProperties string[]
List of Additional Properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim.
essential boolean
Whether the claim specified by the client is necessary to ensure a smooth authorization experience.
source string
The source of the claim. If source is absent, the claim is a predefined optional claim. If source is user, the value of name is the extension property from the user object.
name str
The name of the optional claim.
additional_properties Sequence[str]
List of Additional Properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim.
essential bool
Whether the claim specified by the client is necessary to ensure a smooth authorization experience.
source str
The source of the claim. If source is absent, the claim is a predefined optional claim. If source is user, the value of name is the extension property from the user object.

ApplicationOptionalClaimsIdToken

Name string
The name of the optional claim.
AdditionalProperties List<string>
List of Additional Properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim.
Essential bool
Whether the claim specified by the client is necessary to ensure a smooth authorization experience.
Source string
The source of the claim. If source is absent, the claim is a predefined optional claim. If source is user, the value of name is the extension property from the user object.
Name string
The name of the optional claim.
AdditionalProperties []string
List of Additional Properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim.
Essential bool
Whether the claim specified by the client is necessary to ensure a smooth authorization experience.
Source string
The source of the claim. If source is absent, the claim is a predefined optional claim. If source is user, the value of name is the extension property from the user object.
name string
The name of the optional claim.
additionalProperties string[]
List of Additional Properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim.
essential boolean
Whether the claim specified by the client is necessary to ensure a smooth authorization experience.
source string
The source of the claim. If source is absent, the claim is a predefined optional claim. If source is user, the value of name is the extension property from the user object.
name str
The name of the optional claim.
additional_properties Sequence[str]
List of Additional Properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim.
essential bool
Whether the claim specified by the client is necessary to ensure a smooth authorization experience.
source str
The source of the claim. If source is absent, the claim is a predefined optional claim. If source is user, the value of name is the extension property from the user object.

ApplicationRequiredResourceAccess

ResourceAccesses List<Pulumi.AzureAD.Inputs.ApplicationRequiredResourceAccessResourceAccessArgs>
A collection of resource_access blocks as documented below.
ResourceAppId string
The unique identifier for the resource that the application requires access to. This should be equal to the appId declared on the target resource application.
ResourceAccesses []ApplicationRequiredResourceAccessResourceAccess
A collection of resource_access blocks as documented below.
ResourceAppId string
The unique identifier for the resource that the application requires access to. This should be equal to the appId declared on the target resource application.
resourceAccesses ApplicationRequiredResourceAccessResourceAccessArgs[]
A collection of resource_access blocks as documented below.
resourceAppId string
The unique identifier for the resource that the application requires access to. This should be equal to the appId declared on the target resource application.
resource_accesses Sequence[ApplicationRequiredResourceAccessResourceAccessArgs]
A collection of resource_access blocks as documented below.
resource_app_id str
The unique identifier for the resource that the application requires access to. This should be equal to the appId declared on the target resource application.

ApplicationRequiredResourceAccessResourceAccess

Id string
The unique identifier for one of the OAuth2Permission or AppRole instances that the resource application exposes.
Type string
Specifies whether the id property references an OAuth2Permission or an AppRole. Possible values are Scope or Role.
Id string
The unique identifier for one of the OAuth2Permission or AppRole instances that the resource application exposes.
Type string
Specifies whether the id property references an OAuth2Permission or an AppRole. Possible values are Scope or Role.
id string
The unique identifier for one of the OAuth2Permission or AppRole instances that the resource application exposes.
type string
Specifies whether the id property references an OAuth2Permission or an AppRole. Possible values are Scope or Role.
id str
The unique identifier for one of the OAuth2Permission or AppRole instances that the resource application exposes.
type str
Specifies whether the id property references an OAuth2Permission or an AppRole. Possible values are Scope or Role.

Import

Azure Active Directory Applications can be imported using the object id, e.g.

 $ pulumi import azuread:index/application:Application test 00000000-0000-0000-0000-000000000000

Package Details

Repository
https://github.com/pulumi/pulumi-azuread
License
Apache-2.0
Notes
This Pulumi package is based on the azuread Terraform Provider.