Auth0

Pulumi Official

Package maintained by Pulumi

v2.9.0 published on Thursday, May 26, 2022 by Pulumi

Connection

With Auth0, you can define sources of users, otherwise known as connections, which may include identity providers (such as Google or LinkedIn), databases, or passwordless authentication methods. This resource allows you to configure and manage connections to be used with your clients and users.

Example Usage

using Pulumi;
using Auth0 = Pulumi.Auth0;

class MyStack : Stack
{
    public MyStack()
    {
        var myConnection = new Auth0.Connection("myConnection", new Auth0.ConnectionArgs
        {
            Options = new Auth0.Inputs.ConnectionOptionsArgs
            {
                BruteForceProtection = true,
                Configuration = 
                {
                    { "bar", "baz" },
                    { "foo", "bar" },
                },
                CustomScripts = 
                {
                    { "getUser", @"function getByEmail (email, callback) {
  return callback(new Error(""Whoops!""))
}

" },
                },
                EnabledDatabaseCustomization = true,
                PasswordHistories = 
                {
                    new Auth0.Inputs.ConnectionOptionsPasswordHistoryArgs
                    {
                        Enable = true,
                        Size = 3,
                    },
                },
                PasswordPolicy = "excellent",
            },
            Strategy = "auth0",
        });
    }

}

package main

import (
	"fmt"

	"github.com/pulumi/pulumi-auth0/sdk/v2/go/auth0"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := auth0.NewConnection(ctx, "myConnection", &auth0.ConnectionArgs{
			Options: &ConnectionOptionsArgs{
				BruteForceProtection: pulumi.Bool(true),
				Configuration: pulumi.StringMap{
					"bar": pulumi.String("baz"),
					"foo": pulumi.String("bar"),
				},
				CustomScripts: pulumi.StringMap{
					"getUser": pulumi.String(fmt.Sprintf("%v%v%v%v", "function getByEmail (email, callback) {\n", "  return callback(new Error(\"Whoops!\"))\n", "}\n", "\n")),
				},
				EnabledDatabaseCustomization: pulumi.Bool(true),
				PasswordHistories: ConnectionOptionsPasswordHistoryArray{
					&ConnectionOptionsPasswordHistoryArgs{
						Enable: pulumi.Bool(true),
						Size:   pulumi.Int(3),
					},
				},
				PasswordPolicy: pulumi.String("excellent"),
			},
			Strategy: pulumi.String("auth0"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;

import java.util.*;
import java.io.*;
import java.nio.*;
import com.pulumi.*;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var myConnection = new Connection("myConnection", ConnectionArgs.builder()        
            .options(ConnectionOptionsArgs.builder()
                .bruteForceProtection("true")
                .configuration(Map.ofEntries(
                    Map.entry("bar", "baz"),
                    Map.entry("foo", "bar")
                ))
                .customScripts(Map.of("getUser", """
function getByEmail (email, callback) {
  return callback(new Error("Whoops!"))
}

                """))
                .enabledDatabaseCustomization("true")
                .passwordHistories(ConnectionOptionsPasswordHistoryArgs.builder()
                    .enable(true)
                    .size(3)
                    .build())
                .passwordPolicy("excellent")
                .build())
            .strategy("auth0")
            .build());

    }
}

import pulumi
import pulumi_auth0 as auth0

my_connection = auth0.Connection("myConnection",
    options=auth0.ConnectionOptionsArgs(
        brute_force_protection=True,
        configuration={
            "bar": "baz",
            "foo": "bar",
        },
        custom_scripts={
            "getUser": """function getByEmail (email, callback) {
  return callback(new Error("Whoops!"))
}

""",
        },
        enabled_database_customization=True,
        password_histories=[auth0.ConnectionOptionsPasswordHistoryArgs(
            enable=True,
            size=3,
        )],
        password_policy="excellent",
    ),
    strategy="auth0")

import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";

const myConnection = new auth0.Connection("my_connection", {
    options: {
        bruteForceProtection: true,
        configuration: {
            bar: "baz",
            foo: "bar",
        },
        customScripts: {
            get_user: `function getByEmail (email, callback) {
  return callback(new Error("Whoops!"))
}
`,
        },
        enabledDatabaseCustomization: true,
        passwordHistories: [{
            enable: true,
            size: 3,
        }],
        passwordPolicy: "excellent",
    },
    strategy: "auth0",
});

resources:
  myConnection:
    type: auth0:Connection
    properties:
      options:
        bruteForceProtection: true
        configuration:
          bar: baz
          foo: bar
        customScripts:
          getUser: |+
            function getByEmail (email, callback) {
              return callback(new Error("Whoops!"))
            }            

        enabledDatabaseCustomization: true
        passwordHistories:
          - enable: true
            size: 3
        passwordPolicy: excellent
      strategy: auth0

Create a Connection Resource

new Connection(name: string, args: ConnectionArgs, opts?: CustomResourceOptions);

@overload
def Connection(resource_name: str,
               opts: Optional[ResourceOptions] = None,
               display_name: Optional[str] = None,
               enabled_clients: Optional[Sequence[str]] = None,
               is_domain_connection: Optional[bool] = None,
               name: Optional[str] = None,
               options: Optional[ConnectionOptionsArgs] = None,
               realms: Optional[Sequence[str]] = None,
               show_as_button: Optional[bool] = None,
               strategy: Optional[str] = None,
               strategy_version: Optional[str] = None,
               validation: Optional[Mapping[str, str]] = None)
@overload
def Connection(resource_name: str,
               args: ConnectionArgs,
               opts: Optional[ResourceOptions] = None)

func NewConnection(ctx *Context, name string, args ConnectionArgs, opts ...ResourceOption) (*Connection, error)

public Connection(string name, ConnectionArgs args, CustomResourceOptions? opts = null)

public Connection(String name, ConnectionArgs args)
public Connection(String name, ConnectionArgs args, CustomResourceOptions options)

type: auth0:Connection
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string: The unique name of the resource.
args ConnectionArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args ConnectionArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args ConnectionArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args ConnectionArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args ConnectionArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Connection Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The Connection resource accepts the following input properties:

Strategy string: Type of the connection, which indicates the identity provider. Options include ad, adfs, amazon, aol, apple, auth0, auth0-adldap, auth0-oidc, baidu, bitbucket, bitly, box, custom, daccount, dropbox, dwolla, email, evernote, evernote-sandbox, exact, facebook, fitbit, flickr, github, google-apps, google-oauth2, guardian, instagram, ip, line, linkedin, miicard, oauth1, oauth2, office365, oidc, paypal, paypal-sandbox, pingfederate, planningcenter, renren, salesforce, salesforce-community, salesforce-sandbox samlp, sharepoint, shopify, sms, soundcloud, thecity, thecity-sandbox, thirtysevensignals, twitter, untappd, vkontakte, waad, weibo, windowslive, wordpress, yahoo, yammer, yandex.
DisplayName string: Name used in login screen
EnabledClients List<string>: IDs of the clients for which the connection is enabled. If not specified, no clients are enabled.
IsDomainConnection bool: Indicates whether the connection is domain level.
Name string: Name of the connection.
Options ConnectionOptionsArgs: Configuration settings for connection options. For details, see Options.
Realms List<string>: Defines the realms for which the connection will be used (i.e., email domains). If not specified, the connection name is added as the realm.
ShowAsButton bool: Display connection as a button. Only available for enterprise connections.
StrategyVersion string: Version 1 is deprecated, use version 2.
Validation Dictionary<string, string>: Validation of the minimum and maximum values allowed for a user to have as username. For details, see Validation.

Strategy string: Type of the connection, which indicates the identity provider. Options include ad, adfs, amazon, aol, apple, auth0, auth0-adldap, auth0-oidc, baidu, bitbucket, bitly, box, custom, daccount, dropbox, dwolla, email, evernote, evernote-sandbox, exact, facebook, fitbit, flickr, github, google-apps, google-oauth2, guardian, instagram, ip, line, linkedin, miicard, oauth1, oauth2, office365, oidc, paypal, paypal-sandbox, pingfederate, planningcenter, renren, salesforce, salesforce-community, salesforce-sandbox samlp, sharepoint, shopify, sms, soundcloud, thecity, thecity-sandbox, thirtysevensignals, twitter, untappd, vkontakte, waad, weibo, windowslive, wordpress, yahoo, yammer, yandex.
DisplayName string: Name used in login screen
EnabledClients []string: IDs of the clients for which the connection is enabled. If not specified, no clients are enabled.
IsDomainConnection bool: Indicates whether the connection is domain level.
Name string: Name of the connection.
Options ConnectionOptionsArgs: Configuration settings for connection options. For details, see Options.
Realms []string: Defines the realms for which the connection will be used (i.e., email domains). If not specified, the connection name is added as the realm.
ShowAsButton bool: Display connection as a button. Only available for enterprise connections.
StrategyVersion string: Version 1 is deprecated, use version 2.
Validation map[string]string: Validation of the minimum and maximum values allowed for a user to have as username. For details, see Validation.

strategy String: Type of the connection, which indicates the identity provider. Options include ad, adfs, amazon, aol, apple, auth0, auth0-adldap, auth0-oidc, baidu, bitbucket, bitly, box, custom, daccount, dropbox, dwolla, email, evernote, evernote-sandbox, exact, facebook, fitbit, flickr, github, google-apps, google-oauth2, guardian, instagram, ip, line, linkedin, miicard, oauth1, oauth2, office365, oidc, paypal, paypal-sandbox, pingfederate, planningcenter, renren, salesforce, salesforce-community, salesforce-sandbox samlp, sharepoint, shopify, sms, soundcloud, thecity, thecity-sandbox, thirtysevensignals, twitter, untappd, vkontakte, waad, weibo, windowslive, wordpress, yahoo, yammer, yandex.
displayName String: Name used in login screen
enabledClients List<String>: IDs of the clients for which the connection is enabled. If not specified, no clients are enabled.
isDomainConnection Boolean: Indicates whether the connection is domain level.
name String: Name of the connection.
options ConnectionOptionsArgs: Configuration settings for connection options. For details, see Options.
realms List<String>: Defines the realms for which the connection will be used (i.e., email domains). If not specified, the connection name is added as the realm.
showAsButton Boolean: Display connection as a button. Only available for enterprise connections.
strategyVersion String: Version 1 is deprecated, use version 2.
validation Map<String,String>: Validation of the minimum and maximum values allowed for a user to have as username. For details, see Validation.

strategy string: Type of the connection, which indicates the identity provider. Options include ad, adfs, amazon, aol, apple, auth0, auth0-adldap, auth0-oidc, baidu, bitbucket, bitly, box, custom, daccount, dropbox, dwolla, email, evernote, evernote-sandbox, exact, facebook, fitbit, flickr, github, google-apps, google-oauth2, guardian, instagram, ip, line, linkedin, miicard, oauth1, oauth2, office365, oidc, paypal, paypal-sandbox, pingfederate, planningcenter, renren, salesforce, salesforce-community, salesforce-sandbox samlp, sharepoint, shopify, sms, soundcloud, thecity, thecity-sandbox, thirtysevensignals, twitter, untappd, vkontakte, waad, weibo, windowslive, wordpress, yahoo, yammer, yandex.
displayName string: Name used in login screen
enabledClients string[]: IDs of the clients for which the connection is enabled. If not specified, no clients are enabled.
isDomainConnection boolean: Indicates whether the connection is domain level.
name string: Name of the connection.
options ConnectionOptionsArgs: Configuration settings for connection options. For details, see Options.
realms string[]: Defines the realms for which the connection will be used (i.e., email domains). If not specified, the connection name is added as the realm.
showAsButton boolean: Display connection as a button. Only available for enterprise connections.
strategyVersion string: Version 1 is deprecated, use version 2.
validation {[key: string]: string}: Validation of the minimum and maximum values allowed for a user to have as username. For details, see Validation.

strategy str: Type of the connection, which indicates the identity provider. Options include ad, adfs, amazon, aol, apple, auth0, auth0-adldap, auth0-oidc, baidu, bitbucket, bitly, box, custom, daccount, dropbox, dwolla, email, evernote, evernote-sandbox, exact, facebook, fitbit, flickr, github, google-apps, google-oauth2, guardian, instagram, ip, line, linkedin, miicard, oauth1, oauth2, office365, oidc, paypal, paypal-sandbox, pingfederate, planningcenter, renren, salesforce, salesforce-community, salesforce-sandbox samlp, sharepoint, shopify, sms, soundcloud, thecity, thecity-sandbox, thirtysevensignals, twitter, untappd, vkontakte, waad, weibo, windowslive, wordpress, yahoo, yammer, yandex.
display_name str: Name used in login screen
enabled_clients Sequence[str]: IDs of the clients for which the connection is enabled. If not specified, no clients are enabled.
is_domain_connection bool: Indicates whether the connection is domain level.
name str: Name of the connection.
options ConnectionOptionsArgs: Configuration settings for connection options. For details, see Options.
realms Sequence[str]: Defines the realms for which the connection will be used (i.e., email domains). If not specified, the connection name is added as the realm.
show_as_button bool: Display connection as a button. Only available for enterprise connections.
strategy_version str: Version 1 is deprecated, use version 2.
validation Mapping[str, str]: Validation of the minimum and maximum values allowed for a user to have as username. For details, see Validation.

strategy String: Type of the connection, which indicates the identity provider. Options include ad, adfs, amazon, aol, apple, auth0, auth0-adldap, auth0-oidc, baidu, bitbucket, bitly, box, custom, daccount, dropbox, dwolla, email, evernote, evernote-sandbox, exact, facebook, fitbit, flickr, github, google-apps, google-oauth2, guardian, instagram, ip, line, linkedin, miicard, oauth1, oauth2, office365, oidc, paypal, paypal-sandbox, pingfederate, planningcenter, renren, salesforce, salesforce-community, salesforce-sandbox samlp, sharepoint, shopify, sms, soundcloud, thecity, thecity-sandbox, thirtysevensignals, twitter, untappd, vkontakte, waad, weibo, windowslive, wordpress, yahoo, yammer, yandex.
displayName String: Name used in login screen
enabledClients List<String>: IDs of the clients for which the connection is enabled. If not specified, no clients are enabled.
isDomainConnection Boolean: Indicates whether the connection is domain level.
name String: Name of the connection.
options Property Map: Configuration settings for connection options. For details, see Options.
realms List<String>: Defines the realms for which the connection will be used (i.e., email domains). If not specified, the connection name is added as the realm.
showAsButton Boolean: Display connection as a button. Only available for enterprise connections.
strategyVersion String: Version 1 is deprecated, use version 2.
validation Map<String>: Validation of the minimum and maximum values allowed for a user to have as username. For details, see Validation.

Outputs

All input properties are implicitly available as output properties. Additionally, the Connection resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

Look up an Existing Connection Resource

Get an existing Connection resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: ConnectionState, opts?: CustomResourceOptions): Connection

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        display_name: Optional[str] = None,
        enabled_clients: Optional[Sequence[str]] = None,
        is_domain_connection: Optional[bool] = None,
        name: Optional[str] = None,
        options: Optional[ConnectionOptionsArgs] = None,
        realms: Optional[Sequence[str]] = None,
        show_as_button: Optional[bool] = None,
        strategy: Optional[str] = None,
        strategy_version: Optional[str] = None,
        validation: Optional[Mapping[str, str]] = None) -> Connection

func GetConnection(ctx *Context, name string, id IDInput, state *ConnectionState, opts ...ResourceOption) (*Connection, error)

public static Connection Get(string name, Input<string> id, ConnectionState? state, CustomResourceOptions? opts = null)

public static Connection get(String name, Output<String> id, ConnectionState state, CustomResourceOptions options)

Resource lookup is not supported in YAML

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

DisplayName string: Name used in login screen
EnabledClients List<string>: IDs of the clients for which the connection is enabled. If not specified, no clients are enabled.
IsDomainConnection bool: Indicates whether the connection is domain level.
Name string: Name of the connection.
Options ConnectionOptionsArgs: Configuration settings for connection options. For details, see Options.
Realms List<string>: Defines the realms for which the connection will be used (i.e., email domains). If not specified, the connection name is added as the realm.
ShowAsButton bool: Display connection as a button. Only available for enterprise connections.
Strategy string: Type of the connection, which indicates the identity provider. Options include ad, adfs, amazon, aol, apple, auth0, auth0-adldap, auth0-oidc, baidu, bitbucket, bitly, box, custom, daccount, dropbox, dwolla, email, evernote, evernote-sandbox, exact, facebook, fitbit, flickr, github, google-apps, google-oauth2, guardian, instagram, ip, line, linkedin, miicard, oauth1, oauth2, office365, oidc, paypal, paypal-sandbox, pingfederate, planningcenter, renren, salesforce, salesforce-community, salesforce-sandbox samlp, sharepoint, shopify, sms, soundcloud, thecity, thecity-sandbox, thirtysevensignals, twitter, untappd, vkontakte, waad, weibo, windowslive, wordpress, yahoo, yammer, yandex.
StrategyVersion string: Version 1 is deprecated, use version 2.
Validation Dictionary<string, string>: Validation of the minimum and maximum values allowed for a user to have as username. For details, see Validation.

DisplayName string: Name used in login screen
EnabledClients []string: IDs of the clients for which the connection is enabled. If not specified, no clients are enabled.
IsDomainConnection bool: Indicates whether the connection is domain level.
Name string: Name of the connection.
Options ConnectionOptionsArgs: Configuration settings for connection options. For details, see Options.
Realms []string: Defines the realms for which the connection will be used (i.e., email domains). If not specified, the connection name is added as the realm.
ShowAsButton bool: Display connection as a button. Only available for enterprise connections.
Strategy string: Type of the connection, which indicates the identity provider. Options include ad, adfs, amazon, aol, apple, auth0, auth0-adldap, auth0-oidc, baidu, bitbucket, bitly, box, custom, daccount, dropbox, dwolla, email, evernote, evernote-sandbox, exact, facebook, fitbit, flickr, github, google-apps, google-oauth2, guardian, instagram, ip, line, linkedin, miicard, oauth1, oauth2, office365, oidc, paypal, paypal-sandbox, pingfederate, planningcenter, renren, salesforce, salesforce-community, salesforce-sandbox samlp, sharepoint, shopify, sms, soundcloud, thecity, thecity-sandbox, thirtysevensignals, twitter, untappd, vkontakte, waad, weibo, windowslive, wordpress, yahoo, yammer, yandex.
StrategyVersion string: Version 1 is deprecated, use version 2.
Validation map[string]string: Validation of the minimum and maximum values allowed for a user to have as username. For details, see Validation.

displayName String: Name used in login screen
enabledClients List<String>: IDs of the clients for which the connection is enabled. If not specified, no clients are enabled.
isDomainConnection Boolean: Indicates whether the connection is domain level.
name String: Name of the connection.
options ConnectionOptionsArgs: Configuration settings for connection options. For details, see Options.
realms List<String>: Defines the realms for which the connection will be used (i.e., email domains). If not specified, the connection name is added as the realm.
showAsButton Boolean: Display connection as a button. Only available for enterprise connections.
strategy String: Type of the connection, which indicates the identity provider. Options include ad, adfs, amazon, aol, apple, auth0, auth0-adldap, auth0-oidc, baidu, bitbucket, bitly, box, custom, daccount, dropbox, dwolla, email, evernote, evernote-sandbox, exact, facebook, fitbit, flickr, github, google-apps, google-oauth2, guardian, instagram, ip, line, linkedin, miicard, oauth1, oauth2, office365, oidc, paypal, paypal-sandbox, pingfederate, planningcenter, renren, salesforce, salesforce-community, salesforce-sandbox samlp, sharepoint, shopify, sms, soundcloud, thecity, thecity-sandbox, thirtysevensignals, twitter, untappd, vkontakte, waad, weibo, windowslive, wordpress, yahoo, yammer, yandex.
strategyVersion String: Version 1 is deprecated, use version 2.
validation Map<String,String>: Validation of the minimum and maximum values allowed for a user to have as username. For details, see Validation.

displayName string: Name used in login screen
enabledClients string[]: IDs of the clients for which the connection is enabled. If not specified, no clients are enabled.
isDomainConnection boolean: Indicates whether the connection is domain level.
name string: Name of the connection.
options ConnectionOptionsArgs: Configuration settings for connection options. For details, see Options.
realms string[]: Defines the realms for which the connection will be used (i.e., email domains). If not specified, the connection name is added as the realm.
showAsButton boolean: Display connection as a button. Only available for enterprise connections.
strategy string: Type of the connection, which indicates the identity provider. Options include ad, adfs, amazon, aol, apple, auth0, auth0-adldap, auth0-oidc, baidu, bitbucket, bitly, box, custom, daccount, dropbox, dwolla, email, evernote, evernote-sandbox, exact, facebook, fitbit, flickr, github, google-apps, google-oauth2, guardian, instagram, ip, line, linkedin, miicard, oauth1, oauth2, office365, oidc, paypal, paypal-sandbox, pingfederate, planningcenter, renren, salesforce, salesforce-community, salesforce-sandbox samlp, sharepoint, shopify, sms, soundcloud, thecity, thecity-sandbox, thirtysevensignals, twitter, untappd, vkontakte, waad, weibo, windowslive, wordpress, yahoo, yammer, yandex.
strategyVersion string: Version 1 is deprecated, use version 2.
validation {[key: string]: string}: Validation of the minimum and maximum values allowed for a user to have as username. For details, see Validation.

display_name str: Name used in login screen
enabled_clients Sequence[str]: IDs of the clients for which the connection is enabled. If not specified, no clients are enabled.
is_domain_connection bool: Indicates whether the connection is domain level.
name str: Name of the connection.
options ConnectionOptionsArgs: Configuration settings for connection options. For details, see Options.
realms Sequence[str]: Defines the realms for which the connection will be used (i.e., email domains). If not specified, the connection name is added as the realm.
show_as_button bool: Display connection as a button. Only available for enterprise connections.
strategy str: Type of the connection, which indicates the identity provider. Options include ad, adfs, amazon, aol, apple, auth0, auth0-adldap, auth0-oidc, baidu, bitbucket, bitly, box, custom, daccount, dropbox, dwolla, email, evernote, evernote-sandbox, exact, facebook, fitbit, flickr, github, google-apps, google-oauth2, guardian, instagram, ip, line, linkedin, miicard, oauth1, oauth2, office365, oidc, paypal, paypal-sandbox, pingfederate, planningcenter, renren, salesforce, salesforce-community, salesforce-sandbox samlp, sharepoint, shopify, sms, soundcloud, thecity, thecity-sandbox, thirtysevensignals, twitter, untappd, vkontakte, waad, weibo, windowslive, wordpress, yahoo, yammer, yandex.
strategy_version str: Version 1 is deprecated, use version 2.
validation Mapping[str, str]: Validation of the minimum and maximum values allowed for a user to have as username. For details, see Validation.

displayName String: Name used in login screen
enabledClients List<String>: IDs of the clients for which the connection is enabled. If not specified, no clients are enabled.
isDomainConnection Boolean: Indicates whether the connection is domain level.
name String: Name of the connection.
options Property Map: Configuration settings for connection options. For details, see Options.
realms List<String>: Defines the realms for which the connection will be used (i.e., email domains). If not specified, the connection name is added as the realm.
showAsButton Boolean: Display connection as a button. Only available for enterprise connections.
strategy String: Type of the connection, which indicates the identity provider. Options include ad, adfs, amazon, aol, apple, auth0, auth0-adldap, auth0-oidc, baidu, bitbucket, bitly, box, custom, daccount, dropbox, dwolla, email, evernote, evernote-sandbox, exact, facebook, fitbit, flickr, github, google-apps, google-oauth2, guardian, instagram, ip, line, linkedin, miicard, oauth1, oauth2, office365, oidc, paypal, paypal-sandbox, pingfederate, planningcenter, renren, salesforce, salesforce-community, salesforce-sandbox samlp, sharepoint, shopify, sms, soundcloud, thecity, thecity-sandbox, thirtysevensignals, twitter, untappd, vkontakte, waad, weibo, windowslive, wordpress, yahoo, yammer, yandex.
strategyVersion String: Version 1 is deprecated, use version 2.
validation Map<String>: Validation of the minimum and maximum values allowed for a user to have as username. For details, see Validation.

Supporting Types

ConnectionOptions

AdfsServer string

ADFS Metadata source.

AllowedAudiences List<string>

List of allowed audiences.

ApiEnableUsers bool

AppDomain string

Azure AD domain name.

Deprecated:

Use domain instead

AppId string

Azure AD app ID.

AuthorizationEndpoint string

BruteForceProtection bool

Indicates whether or not to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.

ClientId string

OIDC provider client ID.

ClientSecret string

OIDC provider client secret.

CommunityBaseUrl string

String.

Configuration Dictionary<string, string>

A case-sensitive map of key value pairs used as configuration variables for the custom_script.

CustomScripts Dictionary<string, string>

Custom database action scripts. For more information, read Custom Database Action Script Templates.

Debug bool

(Boolean) When enabled additional debugging information will be generated.

DigestAlgorithm string

Sign Request Algorithm Digest

DisableCache bool

DisableSignup bool

Boolean. Indicates whether or not to allow user sign-ups to your application.

DiscoveryUrl string

OpenID discovery URL. E.g. https://auth.example.com/.well-known/openid-configuration.

Domain string

DomainAliases List<string>

List of the domains that can be authenticated using the Identity Provider. Only needed for Identifier First authentication flows.

EnabledDatabaseCustomization bool

EntityId string

Custom Entity ID for the connection.

FieldsMap Dictionary<string, string>

SAML Attributes mapping. If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.

ForwardRequestInfo bool

From string

SMS number for the sender. Used when SMS Source is From.

GatewayAuthentication ConnectionOptionsGatewayAuthentication

GatewayUrl string

IconUrl string

IdentityApi string

IdpInitiated ConnectionOptionsIdpInitiated

Configuration Options for IDP Initiated Authentication. This is an object with the properties: client_id, client_protocol, and client_authorize_query

ImportMode bool

Indicates whether or not you have a legacy user store and want to gradually migrate those users to the Auth0 user store. Learn more.

Ips List<string>

Issuer string

Issuer URL. E.g. https://auth.example.com

JwksUri string

KeyId string

Key ID.

MaxGroupsToRetrieve string

Maximum number of groups to retrieve.

MessagingServiceSid string

SID for Copilot. Used when SMS Source is Copilot.

Mfa ConnectionOptionsMfa

Configuration settings Options for multifactor authentication. For details, see MFA Options.

Name string

Name of the connection.

NonPersistentAttrs List<string>

If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the denylist. See here for more info.

PasswordComplexityOptions ConnectionOptionsPasswordComplexityOptions

Configuration settings for password complexity. For details, see Password Complexity Options.

PasswordDictionary ConnectionOptionsPasswordDictionary

Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary. For details, see Password Dictionary.

PasswordHistories List<ConnectionOptionsPasswordHistory>

Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords. For details, see Password History.

PasswordNoPersonalInfo ConnectionOptionsPasswordNoPersonalInfo

Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user's personal data, including user's name, username, nickname, user_metadata.name, user_metadata.first, user_metadata.last, user's email, or first part of the user's email. For details, see Password No Personal Info.

PasswordPolicy string

Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include none, low, fair, good, excellent.

ProtocolBinding string

The SAML Response Binding - how the SAML token is received by Auth0 from IdP. Two possible values are urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect (default) and urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST

Provider string

RequestTemplate string

Template that formats the SAML request

RequiresUsername bool

Indicates whether or not the user is required to provide a username in addition to an email address.

Scopes List<string>

Scopes required by the connection. The value must be a list, for example ["openid", "profile", "email"].

Scripts Dictionary<string, string>

SetUserRootAttributes string

Determines whether the 'name', 'given_name', 'family_name', 'nickname', and 'picture' attributes can be independently updated when using the external IdP. Default is on_each_login and can be set to on_first_login.

ShouldTrustEmailVerifiedConnection string

Determines how Auth0 sets the email_verified field in the user profile. Can either be set to never_set_emails_as_verified or always_set_emails_as_verified.

SignInEndpoint string

SAML single login URL for the connection.

SignOutEndpoint string

SAML single logout URL for the connection.

SignSamlRequest bool

(Boolean) When enabled, the SAML authentication request will be signed.

SignatureAlgorithm string

Sign Request Algorithm

SigningCert string

The X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded

StrategyVersion int

Version 1 is deprecated, use version 2.

Subject string

Syntax string

Syntax of the SMS. Options include markdown and liquid.

TeamId string

Team ID.

Template string

Template for the SMS. You can use @@password@@ as a placeholder for the password value.

TenantDomain string

TokenEndpoint string

Totp ConnectionOptionsTotp

Configuration options for one-time passwords. For details, see TOTP.

TwilioSid string

SID for your Twilio account.

TwilioToken string

AuthToken for your Twilio account.

Type string

Value can be back_channel or front_channel.

UseCertAuth bool

UseKerberos bool

UseWsfed bool

UserIdAttribute string

Attribute in the SAML token that will be mapped to the user_id property in Auth0.

UserinfoEndpoint string

Validation ConnectionOptionsValidation

Validation of the minimum and maximum values allowed for a user to have as username. For details, see Validation.

WaadCommonEndpoint bool

Indicates whether or not to use the common endpoint rather than the default endpoint. Typically enabled if you're using this for a multi-tenant application in Azure AD.

WaadProtocol string

AdfsServer string

ADFS Metadata source.

AllowedAudiences []string

List of allowed audiences.

ApiEnableUsers bool

AppDomain string

Azure AD domain name.

Deprecated:

Use domain instead

AppId string

Azure AD app ID.

AuthorizationEndpoint string

BruteForceProtection bool

Indicates whether or not to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.

ClientId string

OIDC provider client ID.

ClientSecret string

OIDC provider client secret.

CommunityBaseUrl string

String.

Configuration map[string]string

A case-sensitive map of key value pairs used as configuration variables for the custom_script.

CustomScripts map[string]string

Custom database action scripts. For more information, read Custom Database Action Script Templates.

Debug bool

(Boolean) When enabled additional debugging information will be generated.

DigestAlgorithm string

Sign Request Algorithm Digest

DisableCache bool

DisableSignup bool

Boolean. Indicates whether or not to allow user sign-ups to your application.

DiscoveryUrl string

OpenID discovery URL. E.g. https://auth.example.com/.well-known/openid-configuration.

Domain string

DomainAliases []string

List of the domains that can be authenticated using the Identity Provider. Only needed for Identifier First authentication flows.

EnabledDatabaseCustomization bool

EntityId string

Custom Entity ID for the connection.

FieldsMap map[string]string

SAML Attributes mapping. If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.

ForwardRequestInfo bool

From string

SMS number for the sender. Used when SMS Source is From.

GatewayAuthentication ConnectionOptionsGatewayAuthentication

GatewayUrl string

IconUrl string

IdentityApi string

IdpInitiated ConnectionOptionsIdpInitiated

Configuration Options for IDP Initiated Authentication. This is an object with the properties: client_id, client_protocol, and client_authorize_query

ImportMode bool

Indicates whether or not you have a legacy user store and want to gradually migrate those users to the Auth0 user store. Learn more.

Ips []string

Issuer string

Issuer URL. E.g. https://auth.example.com

JwksUri string

KeyId string

Key ID.

MaxGroupsToRetrieve string

Maximum number of groups to retrieve.

MessagingServiceSid string

SID for Copilot. Used when SMS Source is Copilot.

Mfa ConnectionOptionsMfa

Configuration settings Options for multifactor authentication. For details, see MFA Options.

Name string

Name of the connection.

NonPersistentAttrs []string

If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the denylist. See here for more info.

PasswordComplexityOptions ConnectionOptionsPasswordComplexityOptions

Configuration settings for password complexity. For details, see Password Complexity Options.

PasswordDictionary ConnectionOptionsPasswordDictionary

Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary. For details, see Password Dictionary.

PasswordHistories []ConnectionOptionsPasswordHistory

Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords. For details, see Password History.

PasswordNoPersonalInfo ConnectionOptionsPasswordNoPersonalInfo

PasswordPolicy string

ProtocolBinding string

Provider string

RequestTemplate string

Template that formats the SAML request

RequiresUsername bool

Indicates whether or not the user is required to provide a username in addition to an email address.

Scopes []string

Scopes required by the connection. The value must be a list, for example ["openid", "profile", "email"].

Scripts map[string]string

SetUserRootAttributes string

ShouldTrustEmailVerifiedConnection string

Determines how Auth0 sets the email_verified field in the user profile. Can either be set to never_set_emails_as_verified or always_set_emails_as_verified.

SignInEndpoint string

SAML single login URL for the connection.

SignOutEndpoint string

SAML single logout URL for the connection.

SignSamlRequest bool

(Boolean) When enabled, the SAML authentication request will be signed.

SignatureAlgorithm string

Sign Request Algorithm

SigningCert string

The X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded

StrategyVersion int

Version 1 is deprecated, use version 2.

Subject string

Syntax string

Syntax of the SMS. Options include markdown and liquid.

TeamId string

Team ID.

Template string

Template for the SMS. You can use @@password@@ as a placeholder for the password value.

TenantDomain string

TokenEndpoint string

Totp ConnectionOptionsTotp

Configuration options for one-time passwords. For details, see TOTP.

TwilioSid string

SID for your Twilio account.

TwilioToken string

AuthToken for your Twilio account.

Type string

Value can be back_channel or front_channel.

UseCertAuth bool

UseKerberos bool

UseWsfed bool

UserIdAttribute string

Attribute in the SAML token that will be mapped to the user_id property in Auth0.

UserinfoEndpoint string

Validation ConnectionOptionsValidation

Validation of the minimum and maximum values allowed for a user to have as username. For details, see Validation.

WaadCommonEndpoint bool

Indicates whether or not to use the common endpoint rather than the default endpoint. Typically enabled if you're using this for a multi-tenant application in Azure AD.

WaadProtocol string

adfsServer String

ADFS Metadata source.

allowedAudiences List<String>

List of allowed audiences.

apiEnableUsers Boolean

appDomain String

Azure AD domain name.

Deprecated:

Use domain instead

appId String

Azure AD app ID.

authorizationEndpoint String

bruteForceProtection Boolean

Indicates whether or not to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.

clientId String

OIDC provider client ID.

clientSecret String

OIDC provider client secret.

communityBaseUrl String

String.

configuration Map<String,String>

A case-sensitive map of key value pairs used as configuration variables for the custom_script.

customScripts Map<String,String>

Custom database action scripts. For more information, read Custom Database Action Script Templates.

debug Boolean

(Boolean) When enabled additional debugging information will be generated.

digestAlgorithm String

Sign Request Algorithm Digest

disableCache Boolean

disableSignup Boolean

Boolean. Indicates whether or not to allow user sign-ups to your application.

discoveryUrl String

OpenID discovery URL. E.g. https://auth.example.com/.well-known/openid-configuration.

domain String

domainAliases List<String>

List of the domains that can be authenticated using the Identity Provider. Only needed for Identifier First authentication flows.

enabledDatabaseCustomization Boolean

entityId String

Custom Entity ID for the connection.

fieldsMap Map<String,String>

SAML Attributes mapping. If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.

forwardRequestInfo Boolean

from String

SMS number for the sender. Used when SMS Source is From.

gatewayAuthentication ConnectionOptionsGatewayAuthentication

gatewayUrl String

iconUrl String

identityApi String

idpInitiated ConnectionOptionsIdpInitiated

Configuration Options for IDP Initiated Authentication. This is an object with the properties: client_id, client_protocol, and client_authorize_query

importMode Boolean

Indicates whether or not you have a legacy user store and want to gradually migrate those users to the Auth0 user store. Learn more.

ips List<String>

issuer String

Issuer URL. E.g. https://auth.example.com

jwksUri String

keyId String

Key ID.

maxGroupsToRetrieve String

Maximum number of groups to retrieve.

messagingServiceSid String

SID for Copilot. Used when SMS Source is Copilot.

mfa ConnectionOptionsMfa

Configuration settings Options for multifactor authentication. For details, see MFA Options.

name String

Name of the connection.

nonPersistentAttrs List<String>

If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the denylist. See here for more info.

passwordComplexityOptions ConnectionOptionsPasswordComplexityOptions

Configuration settings for password complexity. For details, see Password Complexity Options.

passwordDictionary ConnectionOptionsPasswordDictionary

Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary. For details, see Password Dictionary.

passwordHistories List<ConnectionOptionsPasswordHistory>

Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords. For details, see Password History.

passwordNoPersonalInfo ConnectionOptionsPasswordNoPersonalInfo

passwordPolicy String

protocolBinding String

provider String

requestTemplate String

Template that formats the SAML request

requiresUsername Boolean

Indicates whether or not the user is required to provide a username in addition to an email address.

scopes List<String>

Scopes required by the connection. The value must be a list, for example ["openid", "profile", "email"].

scripts Map<String,String>

setUserRootAttributes String

shouldTrustEmailVerifiedConnection String

Determines how Auth0 sets the email_verified field in the user profile. Can either be set to never_set_emails_as_verified or always_set_emails_as_verified.

signInEndpoint String

SAML single login URL for the connection.

signOutEndpoint String

SAML single logout URL for the connection.

signSamlRequest Boolean

(Boolean) When enabled, the SAML authentication request will be signed.

signatureAlgorithm String

Sign Request Algorithm

signingCert String

The X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded

strategyVersion Integer

Version 1 is deprecated, use version 2.

subject String

syntax String

Syntax of the SMS. Options include markdown and liquid.

teamId String

Team ID.

template String

Template for the SMS. You can use @@password@@ as a placeholder for the password value.

tenantDomain String

tokenEndpoint String

totp ConnectionOptionsTotp

Configuration options for one-time passwords. For details, see TOTP.

twilioSid String

SID for your Twilio account.

twilioToken String

AuthToken for your Twilio account.

type String

Value can be back_channel or front_channel.

useCertAuth Boolean

useKerberos Boolean

useWsfed Boolean

userIdAttribute String

Attribute in the SAML token that will be mapped to the user_id property in Auth0.

userinfoEndpoint String

validation ConnectionOptionsValidation

Validation of the minimum and maximum values allowed for a user to have as username. For details, see Validation.

waadCommonEndpoint Boolean

Indicates whether or not to use the common endpoint rather than the default endpoint. Typically enabled if you're using this for a multi-tenant application in Azure AD.

waadProtocol String

adfsServer string

ADFS Metadata source.

allowedAudiences string[]

List of allowed audiences.

apiEnableUsers boolean

appDomain string

Azure AD domain name.

Deprecated:

Use domain instead

appId string

Azure AD app ID.

authorizationEndpoint string

bruteForceProtection boolean

Indicates whether or not to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.

clientId string

OIDC provider client ID.

clientSecret string

OIDC provider client secret.

communityBaseUrl string

String.

configuration {[key: string]: string}

A case-sensitive map of key value pairs used as configuration variables for the custom_script.

customScripts {[key: string]: string}

Custom database action scripts. For more information, read Custom Database Action Script Templates.

debug boolean

(Boolean) When enabled additional debugging information will be generated.

digestAlgorithm string

Sign Request Algorithm Digest

disableCache boolean

disableSignup boolean

Boolean. Indicates whether or not to allow user sign-ups to your application.

discoveryUrl string

OpenID discovery URL. E.g. https://auth.example.com/.well-known/openid-configuration.

domain string

domainAliases string[]

List of the domains that can be authenticated using the Identity Provider. Only needed for Identifier First authentication flows.

enabledDatabaseCustomization boolean

entityId string

Custom Entity ID for the connection.

fieldsMap {[key: string]: string}

SAML Attributes mapping. If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.

forwardRequestInfo boolean

from string

SMS number for the sender. Used when SMS Source is From.

gatewayAuthentication ConnectionOptionsGatewayAuthentication

gatewayUrl string

iconUrl string

identityApi string

idpInitiated ConnectionOptionsIdpInitiated

Configuration Options for IDP Initiated Authentication. This is an object with the properties: client_id, client_protocol, and client_authorize_query

importMode boolean

Indicates whether or not you have a legacy user store and want to gradually migrate those users to the Auth0 user store. Learn more.

ips string[]

issuer string

Issuer URL. E.g. https://auth.example.com

jwksUri string

keyId string

Key ID.

maxGroupsToRetrieve string

Maximum number of groups to retrieve.

messagingServiceSid string

SID for Copilot. Used when SMS Source is Copilot.

mfa ConnectionOptionsMfa

Configuration settings Options for multifactor authentication. For details, see MFA Options.

name string

Name of the connection.

nonPersistentAttrs string[]

If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the denylist. See here for more info.

passwordComplexityOptions ConnectionOptionsPasswordComplexityOptions

Configuration settings for password complexity. For details, see Password Complexity Options.

passwordDictionary ConnectionOptionsPasswordDictionary

Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary. For details, see Password Dictionary.

passwordHistories ConnectionOptionsPasswordHistory[]

Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords. For details, see Password History.

passwordNoPersonalInfo ConnectionOptionsPasswordNoPersonalInfo

passwordPolicy string

protocolBinding string

provider string

requestTemplate string

Template that formats the SAML request

requiresUsername boolean

Indicates whether or not the user is required to provide a username in addition to an email address.

scopes string[]

Scopes required by the connection. The value must be a list, for example ["openid", "profile", "email"].

scripts {[key: string]: string}

setUserRootAttributes string

shouldTrustEmailVerifiedConnection string

Determines how Auth0 sets the email_verified field in the user profile. Can either be set to never_set_emails_as_verified or always_set_emails_as_verified.

signInEndpoint string

SAML single login URL for the connection.

signOutEndpoint string

SAML single logout URL for the connection.

signSamlRequest boolean

(Boolean) When enabled, the SAML authentication request will be signed.

signatureAlgorithm string

Sign Request Algorithm

signingCert string

The X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded

strategyVersion number

Version 1 is deprecated, use version 2.

subject string

syntax string

Syntax of the SMS. Options include markdown and liquid.

teamId string

Team ID.

template string

Template for the SMS. You can use @@password@@ as a placeholder for the password value.

tenantDomain string

tokenEndpoint string

totp ConnectionOptionsTotp

Configuration options for one-time passwords. For details, see TOTP.

twilioSid string

SID for your Twilio account.

twilioToken string

AuthToken for your Twilio account.

type string

Value can be back_channel or front_channel.

useCertAuth boolean

useKerberos boolean

useWsfed boolean

userIdAttribute string

Attribute in the SAML token that will be mapped to the user_id property in Auth0.

userinfoEndpoint string

validation ConnectionOptionsValidation

Validation of the minimum and maximum values allowed for a user to have as username. For details, see Validation.

waadCommonEndpoint boolean

Indicates whether or not to use the common endpoint rather than the default endpoint. Typically enabled if you're using this for a multi-tenant application in Azure AD.

waadProtocol string

adfs_server str

ADFS Metadata source.

allowed_audiences Sequence[str]

List of allowed audiences.

api_enable_users bool

app_domain str

Azure AD domain name.

Deprecated:

Use domain instead

app_id str

Azure AD app ID.

authorization_endpoint str

brute_force_protection bool

Indicates whether or not to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.

client_id str

OIDC provider client ID.

client_secret str

OIDC provider client secret.

community_base_url str

String.

configuration Mapping[str, str]

A case-sensitive map of key value pairs used as configuration variables for the custom_script.

custom_scripts Mapping[str, str]

Custom database action scripts. For more information, read Custom Database Action Script Templates.

debug bool

(Boolean) When enabled additional debugging information will be generated.

digest_algorithm str

Sign Request Algorithm Digest

disable_cache bool

disable_signup bool

Boolean. Indicates whether or not to allow user sign-ups to your application.

discovery_url str

OpenID discovery URL. E.g. https://auth.example.com/.well-known/openid-configuration.

domain str

domain_aliases Sequence[str]

List of the domains that can be authenticated using the Identity Provider. Only needed for Identifier First authentication flows.

enabled_database_customization bool

entity_id str

Custom Entity ID for the connection.

fields_map Mapping[str, str]

SAML Attributes mapping. If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.

forward_request_info bool

from_ str

SMS number for the sender. Used when SMS Source is From.

gateway_authentication ConnectionOptionsGatewayAuthentication

gateway_url str

icon_url str

identity_api str

idp_initiated ConnectionOptionsIdpInitiated

Configuration Options for IDP Initiated Authentication. This is an object with the properties: client_id, client_protocol, and client_authorize_query

import_mode bool

Indicates whether or not you have a legacy user store and want to gradually migrate those users to the Auth0 user store. Learn more.

ips Sequence[str]

issuer str

Issuer URL. E.g. https://auth.example.com

jwks_uri str

key_id str

Key ID.

max_groups_to_retrieve str

Maximum number of groups to retrieve.

messaging_service_sid str

SID for Copilot. Used when SMS Source is Copilot.

mfa ConnectionOptionsMfa

Configuration settings Options for multifactor authentication. For details, see MFA Options.

name str

Name of the connection.

non_persistent_attrs Sequence[str]

If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the denylist. See here for more info.

password_complexity_options ConnectionOptionsPasswordComplexityOptions

Configuration settings for password complexity. For details, see Password Complexity Options.

password_dictionary ConnectionOptionsPasswordDictionary

Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary. For details, see Password Dictionary.

password_histories Sequence[ConnectionOptionsPasswordHistory]

Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords. For details, see Password History.

password_no_personal_info ConnectionOptionsPasswordNoPersonalInfo

password_policy str

protocol_binding str

provider str

request_template str

Template that formats the SAML request

requires_username bool

Indicates whether or not the user is required to provide a username in addition to an email address.

scopes Sequence[str]

Scopes required by the connection. The value must be a list, for example ["openid", "profile", "email"].

scripts Mapping[str, str]

set_user_root_attributes str

should_trust_email_verified_connection str

Determines how Auth0 sets the email_verified field in the user profile. Can either be set to never_set_emails_as_verified or always_set_emails_as_verified.

sign_in_endpoint str

SAML single login URL for the connection.

sign_out_endpoint str

SAML single logout URL for the connection.

sign_saml_request bool

(Boolean) When enabled, the SAML authentication request will be signed.

signature_algorithm str

Sign Request Algorithm

signing_cert str

The X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded

strategy_version int

Version 1 is deprecated, use version 2.

subject str

syntax str

Syntax of the SMS. Options include markdown and liquid.

team_id str

Team ID.

template str

Template for the SMS. You can use @@password@@ as a placeholder for the password value.

tenant_domain str

token_endpoint str

totp ConnectionOptionsTotp

Configuration options for one-time passwords. For details, see TOTP.

twilio_sid str

SID for your Twilio account.

twilio_token str

AuthToken for your Twilio account.

type str

Value can be back_channel or front_channel.

use_cert_auth bool

use_kerberos bool

use_wsfed bool

user_id_attribute str

Attribute in the SAML token that will be mapped to the user_id property in Auth0.

userinfo_endpoint str

validation ConnectionOptionsValidation

Validation of the minimum and maximum values allowed for a user to have as username. For details, see Validation.

waad_common_endpoint bool

Indicates whether or not to use the common endpoint rather than the default endpoint. Typically enabled if you're using this for a multi-tenant application in Azure AD.

waad_protocol str

adfsServer String

ADFS Metadata source.

allowedAudiences List<String>

List of allowed audiences.

apiEnableUsers Boolean

appDomain String

Azure AD domain name.

Deprecated:

Use domain instead

appId String

Azure AD app ID.

authorizationEndpoint String

bruteForceProtection Boolean

Indicates whether or not to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.

clientId String

OIDC provider client ID.

clientSecret String

OIDC provider client secret.

communityBaseUrl String

String.

configuration Map<String>

A case-sensitive map of key value pairs used as configuration variables for the custom_script.

customScripts Map<String>

Custom database action scripts. For more information, read Custom Database Action Script Templates.

debug Boolean

(Boolean) When enabled additional debugging information will be generated.

digestAlgorithm String

Sign Request Algorithm Digest

disableCache Boolean

disableSignup Boolean

Boolean. Indicates whether or not to allow user sign-ups to your application.

discoveryUrl String

OpenID discovery URL. E.g. https://auth.example.com/.well-known/openid-configuration.

domain String

domainAliases List<String>

List of the domains that can be authenticated using the Identity Provider. Only needed for Identifier First authentication flows.

enabledDatabaseCustomization Boolean

entityId String

Custom Entity ID for the connection.

fieldsMap Map<String>

SAML Attributes mapping. If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.

forwardRequestInfo Boolean

from String

SMS number for the sender. Used when SMS Source is From.

gatewayAuthentication Property Map

gatewayUrl String

iconUrl String

identityApi String

idpInitiated Property Map

Configuration Options for IDP Initiated Authentication. This is an object with the properties: client_id, client_protocol, and client_authorize_query

importMode Boolean

Indicates whether or not you have a legacy user store and want to gradually migrate those users to the Auth0 user store. Learn more.

ips List<String>

issuer String

Issuer URL. E.g. https://auth.example.com

jwksUri String

keyId String

Key ID.

maxGroupsToRetrieve String

Maximum number of groups to retrieve.

messagingServiceSid String

SID for Copilot. Used when SMS Source is Copilot.

mfa Property Map

Configuration settings Options for multifactor authentication. For details, see MFA Options.

name String

Name of the connection.

nonPersistentAttrs List<String>

If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the denylist. See here for more info.

passwordComplexityOptions Property Map

Configuration settings for password complexity. For details, see Password Complexity Options.

passwordDictionary Property Map

Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary. For details, see Password Dictionary.

passwordHistories List<Property Map>

Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords. For details, see Password History.

passwordNoPersonalInfo Property Map

passwordPolicy String

protocolBinding String

provider String

requestTemplate String

Template that formats the SAML request

requiresUsername Boolean

Indicates whether or not the user is required to provide a username in addition to an email address.

scopes List<String>

Scopes required by the connection. The value must be a list, for example ["openid", "profile", "email"].

scripts Map<String>

setUserRootAttributes String

shouldTrustEmailVerifiedConnection String

Determines how Auth0 sets the email_verified field in the user profile. Can either be set to never_set_emails_as_verified or always_set_emails_as_verified.

signInEndpoint String

SAML single login URL for the connection.

signOutEndpoint String

SAML single logout URL for the connection.

signSamlRequest Boolean

(Boolean) When enabled, the SAML authentication request will be signed.

signatureAlgorithm String

Sign Request Algorithm

signingCert String

The X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded

strategyVersion Number

Version 1 is deprecated, use version 2.

subject String

syntax String

Syntax of the SMS. Options include markdown and liquid.

teamId String

Team ID.

template String

Template for the SMS. You can use @@password@@ as a placeholder for the password value.

tenantDomain String

tokenEndpoint String

totp Property Map

Configuration options for one-time passwords. For details, see TOTP.

twilioSid String

SID for your Twilio account.

twilioToken String

AuthToken for your Twilio account.

type String

Value can be back_channel or front_channel.

useCertAuth Boolean

useKerberos Boolean

useWsfed Boolean

userIdAttribute String

Attribute in the SAML token that will be mapped to the user_id property in Auth0.

userinfoEndpoint String

validation Property Map

Validation of the minimum and maximum values allowed for a user to have as username. For details, see Validation.

waadCommonEndpoint Boolean

Indicates whether or not to use the common endpoint rather than the default endpoint. Typically enabled if you're using this for a multi-tenant application in Azure AD.

waadProtocol String

ConnectionOptionsGatewayAuthentication

Audience string
Method string
Secret string
SecretBase64Encoded bool
Subject string

Audience string
Method string
Secret string
SecretBase64Encoded bool
Subject string

audience String
method String
secret String
secretBase64Encoded Boolean
subject String

audience string
method string
secret string
secretBase64Encoded boolean
subject string

audience str
method str
secret str
secret_base64_encoded bool
subject str

audience String
method String
secret String
secretBase64Encoded Boolean
subject String

ConnectionOptionsIdpInitiated

ClientAuthorizeQuery string
ClientId string: Google client ID.
ClientProtocol string

ClientAuthorizeQuery string
ClientId string: Google client ID.
ClientProtocol string

clientAuthorizeQuery String
clientId String: Google client ID.
clientProtocol String

clientAuthorizeQuery string
clientId string: Google client ID.
clientProtocol string

client_authorize_query str
client_id str: Google client ID.
client_protocol str

clientAuthorizeQuery String
clientId String: Google client ID.
clientProtocol String

ConnectionOptionsMfa

Active bool: Indicates whether multifactor authentication is enabled for this connection.
ReturnEnrollSettings bool: Indicates whether multifactor authentication enrollment settings will be returned.

Active bool: Indicates whether multifactor authentication is enabled for this connection.
ReturnEnrollSettings bool: Indicates whether multifactor authentication enrollment settings will be returned.

active Boolean: Indicates whether multifactor authentication is enabled for this connection.
returnEnrollSettings Boolean: Indicates whether multifactor authentication enrollment settings will be returned.

active boolean: Indicates whether multifactor authentication is enabled for this connection.
returnEnrollSettings boolean: Indicates whether multifactor authentication enrollment settings will be returned.

active bool: Indicates whether multifactor authentication is enabled for this connection.
return_enroll_settings bool: Indicates whether multifactor authentication enrollment settings will be returned.

active Boolean: Indicates whether multifactor authentication is enabled for this connection.
returnEnrollSettings Boolean: Indicates whether multifactor authentication enrollment settings will be returned.

ConnectionOptionsPasswordComplexityOptions

MinLength int: Minimum number of characters allowed in passwords.

MinLength int: Minimum number of characters allowed in passwords.

minLength Integer: Minimum number of characters allowed in passwords.

minLength number: Minimum number of characters allowed in passwords.

min_length int: Minimum number of characters allowed in passwords.

minLength Number: Minimum number of characters allowed in passwords.

ConnectionOptionsPasswordDictionary

Dictionaries List<string>: Customized contents of the password dictionary. By default, the password dictionary contains a list of the 10,000 most common passwords; your customized content is used in addition to the default password dictionary. Matching is not case-sensitive.
Enable bool: Indicates whether the password dictionary check is enabled for this connection.

Dictionaries []string: Customized contents of the password dictionary. By default, the password dictionary contains a list of the 10,000 most common passwords; your customized content is used in addition to the default password dictionary. Matching is not case-sensitive.
Enable bool: Indicates whether the password dictionary check is enabled for this connection.

dictionaries List<String>: Customized contents of the password dictionary. By default, the password dictionary contains a list of the 10,000 most common passwords; your customized content is used in addition to the default password dictionary. Matching is not case-sensitive.
enable Boolean: Indicates whether the password dictionary check is enabled for this connection.

dictionaries string[]: Customized contents of the password dictionary. By default, the password dictionary contains a list of the 10,000 most common passwords; your customized content is used in addition to the default password dictionary. Matching is not case-sensitive.
enable boolean: Indicates whether the password dictionary check is enabled for this connection.

dictionaries Sequence[str]: Customized contents of the password dictionary. By default, the password dictionary contains a list of the 10,000 most common passwords; your customized content is used in addition to the default password dictionary. Matching is not case-sensitive.
enable bool: Indicates whether the password dictionary check is enabled for this connection.

dictionaries List<String>: Customized contents of the password dictionary. By default, the password dictionary contains a list of the 10,000 most common passwords; your customized content is used in addition to the default password dictionary. Matching is not case-sensitive.
enable Boolean: Indicates whether the password dictionary check is enabled for this connection.

ConnectionOptionsPasswordHistory

Enable bool: Indicates whether password history is enabled for the connection. When enabled, any existing users in this connection will be unaffected; the system will maintain their password history going forward.
Size int: Indicates the number of passwords to keep in history with a maximum of 24.

Enable bool: Indicates whether password history is enabled for the connection. When enabled, any existing users in this connection will be unaffected; the system will maintain their password history going forward.
Size int: Indicates the number of passwords to keep in history with a maximum of 24.

enable Boolean: Indicates whether password history is enabled for the connection. When enabled, any existing users in this connection will be unaffected; the system will maintain their password history going forward.
size Integer: Indicates the number of passwords to keep in history with a maximum of 24.

enable boolean: Indicates whether password history is enabled for the connection. When enabled, any existing users in this connection will be unaffected; the system will maintain their password history going forward.
size number: Indicates the number of passwords to keep in history with a maximum of 24.

enable bool: Indicates whether password history is enabled for the connection. When enabled, any existing users in this connection will be unaffected; the system will maintain their password history going forward.
size int: Indicates the number of passwords to keep in history with a maximum of 24.

enable Boolean: Indicates whether password history is enabled for the connection. When enabled, any existing users in this connection will be unaffected; the system will maintain their password history going forward.
size Number: Indicates the number of passwords to keep in history with a maximum of 24.

ConnectionOptionsPasswordNoPersonalInfo

Enable bool: Indicates whether the password personal info check is enabled for this connection.

Enable bool: Indicates whether the password personal info check is enabled for this connection.

enable Boolean: Indicates whether the password personal info check is enabled for this connection.

enable boolean: Indicates whether the password personal info check is enabled for this connection.

enable bool: Indicates whether the password personal info check is enabled for this connection.

enable Boolean: Indicates whether the password personal info check is enabled for this connection.

ConnectionOptionsTotp

Length int: Integer. Length of the one-time password.
TimeStep int: Integer. Seconds between allowed generation of new passwords.

Length int: Integer. Length of the one-time password.
TimeStep int: Integer. Seconds between allowed generation of new passwords.

length Integer: Integer. Length of the one-time password.
timeStep Integer: Integer. Seconds between allowed generation of new passwords.

length number: Integer. Length of the one-time password.
timeStep number: Integer. Seconds between allowed generation of new passwords.

length int: Integer. Length of the one-time password.
time_step int: Integer. Seconds between allowed generation of new passwords.

length Number: Integer. Length of the one-time password.
timeStep Number: Integer. Seconds between allowed generation of new passwords.

ConnectionOptionsValidation

Username ConnectionOptionsValidationUsername: Specifies the min and max values of username length. min and max are integers.

Username ConnectionOptionsValidationUsername: Specifies the min and max values of username length. min and max are integers.

username ConnectionOptionsValidationUsername: Specifies the min and max values of username length. min and max are integers.

username ConnectionOptionsValidationUsername: Specifies the min and max values of username length. min and max are integers.

username ConnectionOptionsValidationUsername: Specifies the min and max values of username length. min and max are integers.

username Property Map: Specifies the min and max values of username length. min and max are integers.

ConnectionOptionsValidationUsername

Max int
Min int

Max int
Min int

max Integer
min Integer

max number
min number

max int
min int

max Number
min Number

Import

Connections can be imported using their id, e.g.

 $ pulumi import auth0:index/connection:Connection google con_a17f21fdb24d48a0

Package Details

Repository: https://github.com/pulumi/pulumi-auth0
License: Apache-2.0
Notes: This Pulumi package is based on the auth0 Terraform Provider.

Auth0

Connection

Example Usage

Create a Connection Resource

Connection Resource Properties

Inputs

Outputs

Look up an Existing Connection Resource

Supporting Types

ConnectionOptions

ConnectionOptionsGatewayAuthentication

ConnectionOptionsIdpInitiated

ConnectionOptionsMfa

ConnectionOptionsPasswordComplexityOptions

ConnectionOptionsPasswordDictionary

ConnectionOptionsPasswordHistory

ConnectionOptionsPasswordNoPersonalInfo

ConnectionOptionsTotp

ConnectionOptionsValidation

ConnectionOptionsValidationUsername

Import

Package Details

Contents