Auth0
Connection
With Auth0, you can define sources of users, otherwise known as connections, which may include identity providers (such as Google or LinkedIn), databases, or passwordless authentication methods. This resource allows you to configure and manage connections to be used with your clients and users.
Example Usage
using Pulumi;
using Auth0 = Pulumi.Auth0;
class MyStack : Stack
{
public MyStack()
{
var myConnection = new Auth0.Connection("myConnection", new Auth0.ConnectionArgs
{
Options = new Auth0.Inputs.ConnectionOptionsArgs
{
BruteForceProtection = true,
Configuration =
{
{ "bar", "baz" },
{ "foo", "bar" },
},
CustomScripts =
{
{ "getUser", @"function getByEmail (email, callback) {
return callback(new Error(""Whoops!""))
}
" },
},
EnabledDatabaseCustomization = true,
PasswordHistories =
{
new Auth0.Inputs.ConnectionOptionsPasswordHistoryArgs
{
Enable = true,
Size = 3,
},
},
PasswordPolicy = "excellent",
},
Strategy = "auth0",
});
}
}
package main
import (
"fmt"
"github.com/pulumi/pulumi-auth0/sdk/v2/go/auth0"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := auth0.NewConnection(ctx, "myConnection", &auth0.ConnectionArgs{
Options: &ConnectionOptionsArgs{
BruteForceProtection: pulumi.Bool(true),
Configuration: pulumi.StringMap{
"bar": pulumi.String("baz"),
"foo": pulumi.String("bar"),
},
CustomScripts: pulumi.StringMap{
"getUser": pulumi.String(fmt.Sprintf("%v%v%v%v", "function getByEmail (email, callback) {\n", " return callback(new Error(\"Whoops!\"))\n", "}\n", "\n")),
},
EnabledDatabaseCustomization: pulumi.Bool(true),
PasswordHistories: ConnectionOptionsPasswordHistoryArray{
&ConnectionOptionsPasswordHistoryArgs{
Enable: pulumi.Bool(true),
Size: pulumi.Int(3),
},
},
PasswordPolicy: pulumi.String("excellent"),
},
Strategy: pulumi.String("auth0"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import java.util.*;
import java.io.*;
import java.nio.*;
import com.pulumi.*;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var myConnection = new Connection("myConnection", ConnectionArgs.builder()
.options(ConnectionOptionsArgs.builder()
.bruteForceProtection("true")
.configuration(Map.ofEntries(
Map.entry("bar", "baz"),
Map.entry("foo", "bar")
))
.customScripts(Map.of("getUser", """
function getByEmail (email, callback) {
return callback(new Error("Whoops!"))
}
"""))
.enabledDatabaseCustomization("true")
.passwordHistories(ConnectionOptionsPasswordHistoryArgs.builder()
.enable(true)
.size(3)
.build())
.passwordPolicy("excellent")
.build())
.strategy("auth0")
.build());
}
}
import pulumi
import pulumi_auth0 as auth0
my_connection = auth0.Connection("myConnection",
options=auth0.ConnectionOptionsArgs(
brute_force_protection=True,
configuration={
"bar": "baz",
"foo": "bar",
},
custom_scripts={
"getUser": """function getByEmail (email, callback) {
return callback(new Error("Whoops!"))
}
""",
},
enabled_database_customization=True,
password_histories=[auth0.ConnectionOptionsPasswordHistoryArgs(
enable=True,
size=3,
)],
password_policy="excellent",
),
strategy="auth0")
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";
const myConnection = new auth0.Connection("my_connection", {
options: {
bruteForceProtection: true,
configuration: {
bar: "baz",
foo: "bar",
},
customScripts: {
get_user: `function getByEmail (email, callback) {
return callback(new Error("Whoops!"))
}
`,
},
enabledDatabaseCustomization: true,
passwordHistories: [{
enable: true,
size: 3,
}],
passwordPolicy: "excellent",
},
strategy: "auth0",
});
resources:
myConnection:
type: auth0:Connection
properties:
options:
bruteForceProtection: true
configuration:
bar: baz
foo: bar
customScripts:
getUser: |+
function getByEmail (email, callback) {
return callback(new Error("Whoops!"))
}
enabledDatabaseCustomization: true
passwordHistories:
- enable: true
size: 3
passwordPolicy: excellent
strategy: auth0
Create a Connection Resource
new Connection(name: string, args: ConnectionArgs, opts?: CustomResourceOptions);
@overload
def Connection(resource_name: str,
opts: Optional[ResourceOptions] = None,
display_name: Optional[str] = None,
enabled_clients: Optional[Sequence[str]] = None,
is_domain_connection: Optional[bool] = None,
name: Optional[str] = None,
options: Optional[ConnectionOptionsArgs] = None,
realms: Optional[Sequence[str]] = None,
show_as_button: Optional[bool] = None,
strategy: Optional[str] = None,
strategy_version: Optional[str] = None,
validation: Optional[Mapping[str, str]] = None)
@overload
def Connection(resource_name: str,
args: ConnectionArgs,
opts: Optional[ResourceOptions] = None)
func NewConnection(ctx *Context, name string, args ConnectionArgs, opts ...ResourceOption) (*Connection, error)
public Connection(string name, ConnectionArgs args, CustomResourceOptions? opts = null)
public Connection(String name, ConnectionArgs args)
public Connection(String name, ConnectionArgs args, CustomResourceOptions options)
type: auth0:Connection
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ConnectionArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ConnectionArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ConnectionArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ConnectionArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ConnectionArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Connection Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The Connection resource accepts the following input properties:
- Strategy string
Type of the connection, which indicates the identity provider. Options include
ad
,adfs
,amazon
,aol
,apple
,auth0
,auth0-adldap
,auth0-oidc
,baidu
,bitbucket
,bitly
,box
,custom
,daccount
,dropbox
,dwolla
,email
,evernote
,evernote-sandbox
,exact
,facebook
,fitbit
,flickr
,github
,google-apps
,google-oauth2
,guardian
,instagram
,ip
,line
,linkedin
,miicard
,oauth1
,oauth2
,office365
,oidc
,paypal
,paypal-sandbox
,pingfederate
,planningcenter
,renren
,salesforce
,salesforce-community
,salesforce-sandbox
samlp
,sharepoint
,shopify
,sms
,soundcloud
,thecity
,thecity-sandbox
,thirtysevensignals
,twitter
,untappd
,vkontakte
,waad
,weibo
,windowslive
,wordpress
,yahoo
,yammer
,yandex
.- Display
Name string Name used in login screen
- Enabled
Clients List<string> IDs of the clients for which the connection is enabled. If not specified, no clients are enabled.
- Is
Domain boolConnection Indicates whether the connection is domain level.
- Name string
Name of the connection.
- Options
Connection
Options Args Configuration settings for connection options. For details, see Options.
- Realms List<string>
Defines the realms for which the connection will be used (i.e., email domains). If not specified, the connection name is added as the realm.
- bool
Display connection as a button. Only available for enterprise connections.
- Strategy
Version string Version 1 is deprecated, use version 2.
- Validation Dictionary<string, string>
Validation of the minimum and maximum values allowed for a user to have as username. For details, see Validation.
- Strategy string
Type of the connection, which indicates the identity provider. Options include
ad
,adfs
,amazon
,aol
,apple
,auth0
,auth0-adldap
,auth0-oidc
,baidu
,bitbucket
,bitly
,box
,custom
,daccount
,dropbox
,dwolla
,email
,evernote
,evernote-sandbox
,exact
,facebook
,fitbit
,flickr
,github
,google-apps
,google-oauth2
,guardian
,instagram
,ip
,line
,linkedin
,miicard
,oauth1
,oauth2
,office365
,oidc
,paypal
,paypal-sandbox
,pingfederate
,planningcenter
,renren
,salesforce
,salesforce-community
,salesforce-sandbox
samlp
,sharepoint
,shopify
,sms
,soundcloud
,thecity
,thecity-sandbox
,thirtysevensignals
,twitter
,untappd
,vkontakte
,waad
,weibo
,windowslive
,wordpress
,yahoo
,yammer
,yandex
.- Display
Name string Name used in login screen
- Enabled
Clients []string IDs of the clients for which the connection is enabled. If not specified, no clients are enabled.
- Is
Domain boolConnection Indicates whether the connection is domain level.
- Name string
Name of the connection.
- Options
Connection
Options Args Configuration settings for connection options. For details, see Options.
- Realms []string
Defines the realms for which the connection will be used (i.e., email domains). If not specified, the connection name is added as the realm.
- bool
Display connection as a button. Only available for enterprise connections.
- Strategy
Version string Version 1 is deprecated, use version 2.
- Validation map[string]string
Validation of the minimum and maximum values allowed for a user to have as username. For details, see Validation.
- strategy String
Type of the connection, which indicates the identity provider. Options include
ad
,adfs
,amazon
,aol
,apple
,auth0
,auth0-adldap
,auth0-oidc
,baidu
,bitbucket
,bitly
,box
,custom
,daccount
,dropbox
,dwolla
,email
,evernote
,evernote-sandbox
,exact
,facebook
,fitbit
,flickr
,github
,google-apps
,google-oauth2
,guardian
,instagram
,ip
,line
,linkedin
,miicard
,oauth1
,oauth2
,office365
,oidc
,paypal
,paypal-sandbox
,pingfederate
,planningcenter
,renren
,salesforce
,salesforce-community
,salesforce-sandbox
samlp
,sharepoint
,shopify
,sms
,soundcloud
,thecity
,thecity-sandbox
,thirtysevensignals
,twitter
,untappd
,vkontakte
,waad
,weibo
,windowslive
,wordpress
,yahoo
,yammer
,yandex
.- display
Name String Name used in login screen
- enabled
Clients List<String> IDs of the clients for which the connection is enabled. If not specified, no clients are enabled.
- is
Domain BooleanConnection Indicates whether the connection is domain level.
- name String
Name of the connection.
- options
Connection
Options Args Configuration settings for connection options. For details, see Options.
- realms List<String>
Defines the realms for which the connection will be used (i.e., email domains). If not specified, the connection name is added as the realm.
- Boolean
Display connection as a button. Only available for enterprise connections.
- strategy
Version String Version 1 is deprecated, use version 2.
- validation Map<String,String>
Validation of the minimum and maximum values allowed for a user to have as username. For details, see Validation.
- strategy string
Type of the connection, which indicates the identity provider. Options include
ad
,adfs
,amazon
,aol
,apple
,auth0
,auth0-adldap
,auth0-oidc
,baidu
,bitbucket
,bitly
,box
,custom
,daccount
,dropbox
,dwolla
,email
,evernote
,evernote-sandbox
,exact
,facebook
,fitbit
,flickr
,github
,google-apps
,google-oauth2
,guardian
,instagram
,ip
,line
,linkedin
,miicard
,oauth1
,oauth2
,office365
,oidc
,paypal
,paypal-sandbox
,pingfederate
,planningcenter
,renren
,salesforce
,salesforce-community
,salesforce-sandbox
samlp
,sharepoint
,shopify
,sms
,soundcloud
,thecity
,thecity-sandbox
,thirtysevensignals
,twitter
,untappd
,vkontakte
,waad
,weibo
,windowslive
,wordpress
,yahoo
,yammer
,yandex
.- display
Name string Name used in login screen
- enabled
Clients string[] IDs of the clients for which the connection is enabled. If not specified, no clients are enabled.
- is
Domain booleanConnection Indicates whether the connection is domain level.
- name string
Name of the connection.
- options
Connection
Options Args Configuration settings for connection options. For details, see Options.
- realms string[]
Defines the realms for which the connection will be used (i.e., email domains). If not specified, the connection name is added as the realm.
- boolean
Display connection as a button. Only available for enterprise connections.
- strategy
Version string Version 1 is deprecated, use version 2.
- validation {[key: string]: string}
Validation of the minimum and maximum values allowed for a user to have as username. For details, see Validation.
- strategy str
Type of the connection, which indicates the identity provider. Options include
ad
,adfs
,amazon
,aol
,apple
,auth0
,auth0-adldap
,auth0-oidc
,baidu
,bitbucket
,bitly
,box
,custom
,daccount
,dropbox
,dwolla
,email
,evernote
,evernote-sandbox
,exact
,facebook
,fitbit
,flickr
,github
,google-apps
,google-oauth2
,guardian
,instagram
,ip
,line
,linkedin
,miicard
,oauth1
,oauth2
,office365
,oidc
,paypal
,paypal-sandbox
,pingfederate
,planningcenter
,renren
,salesforce
,salesforce-community
,salesforce-sandbox
samlp
,sharepoint
,shopify
,sms
,soundcloud
,thecity
,thecity-sandbox
,thirtysevensignals
,twitter
,untappd
,vkontakte
,waad
,weibo
,windowslive
,wordpress
,yahoo
,yammer
,yandex
.- display_
name str Name used in login screen
- enabled_
clients Sequence[str] IDs of the clients for which the connection is enabled. If not specified, no clients are enabled.
- is_
domain_ boolconnection Indicates whether the connection is domain level.
- name str
Name of the connection.
- options
Connection
Options Args Configuration settings for connection options. For details, see Options.
- realms Sequence[str]
Defines the realms for which the connection will be used (i.e., email domains). If not specified, the connection name is added as the realm.
- bool
Display connection as a button. Only available for enterprise connections.
- strategy_
version str Version 1 is deprecated, use version 2.
- validation Mapping[str, str]
Validation of the minimum and maximum values allowed for a user to have as username. For details, see Validation.
- strategy String
Type of the connection, which indicates the identity provider. Options include
ad
,adfs
,amazon
,aol
,apple
,auth0
,auth0-adldap
,auth0-oidc
,baidu
,bitbucket
,bitly
,box
,custom
,daccount
,dropbox
,dwolla
,email
,evernote
,evernote-sandbox
,exact
,facebook
,fitbit
,flickr
,github
,google-apps
,google-oauth2
,guardian
,instagram
,ip
,line
,linkedin
,miicard
,oauth1
,oauth2
,office365
,oidc
,paypal
,paypal-sandbox
,pingfederate
,planningcenter
,renren
,salesforce
,salesforce-community
,salesforce-sandbox
samlp
,sharepoint
,shopify
,sms
,soundcloud
,thecity
,thecity-sandbox
,thirtysevensignals
,twitter
,untappd
,vkontakte
,waad
,weibo
,windowslive
,wordpress
,yahoo
,yammer
,yandex
.- display
Name String Name used in login screen
- enabled
Clients List<String> IDs of the clients for which the connection is enabled. If not specified, no clients are enabled.
- is
Domain BooleanConnection Indicates whether the connection is domain level.
- name String
Name of the connection.
- options Property Map
Configuration settings for connection options. For details, see Options.
- realms List<String>
Defines the realms for which the connection will be used (i.e., email domains). If not specified, the connection name is added as the realm.
- Boolean
Display connection as a button. Only available for enterprise connections.
- strategy
Version String Version 1 is deprecated, use version 2.
- validation Map<String>
Validation of the minimum and maximum values allowed for a user to have as username. For details, see Validation.
Outputs
All input properties are implicitly available as output properties. Additionally, the Connection resource produces the following output properties:
- Id string
The provider-assigned unique ID for this managed resource.
- Id string
The provider-assigned unique ID for this managed resource.
- id String
The provider-assigned unique ID for this managed resource.
- id string
The provider-assigned unique ID for this managed resource.
- id str
The provider-assigned unique ID for this managed resource.
- id String
The provider-assigned unique ID for this managed resource.
Look up an Existing Connection Resource
Get an existing Connection resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ConnectionState, opts?: CustomResourceOptions): Connection
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
display_name: Optional[str] = None,
enabled_clients: Optional[Sequence[str]] = None,
is_domain_connection: Optional[bool] = None,
name: Optional[str] = None,
options: Optional[ConnectionOptionsArgs] = None,
realms: Optional[Sequence[str]] = None,
show_as_button: Optional[bool] = None,
strategy: Optional[str] = None,
strategy_version: Optional[str] = None,
validation: Optional[Mapping[str, str]] = None) -> Connection
func GetConnection(ctx *Context, name string, id IDInput, state *ConnectionState, opts ...ResourceOption) (*Connection, error)
public static Connection Get(string name, Input<string> id, ConnectionState? state, CustomResourceOptions? opts = null)
public static Connection get(String name, Output<String> id, ConnectionState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Display
Name string Name used in login screen
- Enabled
Clients List<string> IDs of the clients for which the connection is enabled. If not specified, no clients are enabled.
- Is
Domain boolConnection Indicates whether the connection is domain level.
- Name string
Name of the connection.
- Options
Connection
Options Args Configuration settings for connection options. For details, see Options.
- Realms List<string>
Defines the realms for which the connection will be used (i.e., email domains). If not specified, the connection name is added as the realm.
- bool
Display connection as a button. Only available for enterprise connections.
- Strategy string
Type of the connection, which indicates the identity provider. Options include
ad
,adfs
,amazon
,aol
,apple
,auth0
,auth0-adldap
,auth0-oidc
,baidu
,bitbucket
,bitly
,box
,custom
,daccount
,dropbox
,dwolla
,email
,evernote
,evernote-sandbox
,exact
,facebook
,fitbit
,flickr
,github
,google-apps
,google-oauth2
,guardian
,instagram
,ip
,line
,linkedin
,miicard
,oauth1
,oauth2
,office365
,oidc
,paypal
,paypal-sandbox
,pingfederate
,planningcenter
,renren
,salesforce
,salesforce-community
,salesforce-sandbox
samlp
,sharepoint
,shopify
,sms
,soundcloud
,thecity
,thecity-sandbox
,thirtysevensignals
,twitter
,untappd
,vkontakte
,waad
,weibo
,windowslive
,wordpress
,yahoo
,yammer
,yandex
.- Strategy
Version string Version 1 is deprecated, use version 2.
- Validation Dictionary<string, string>
Validation of the minimum and maximum values allowed for a user to have as username. For details, see Validation.
- Display
Name string Name used in login screen
- Enabled
Clients []string IDs of the clients for which the connection is enabled. If not specified, no clients are enabled.
- Is
Domain boolConnection Indicates whether the connection is domain level.
- Name string
Name of the connection.
- Options
Connection
Options Args Configuration settings for connection options. For details, see Options.
- Realms []string
Defines the realms for which the connection will be used (i.e., email domains). If not specified, the connection name is added as the realm.
- bool
Display connection as a button. Only available for enterprise connections.
- Strategy string
Type of the connection, which indicates the identity provider. Options include
ad
,adfs
,amazon
,aol
,apple
,auth0
,auth0-adldap
,auth0-oidc
,baidu
,bitbucket
,bitly
,box
,custom
,daccount
,dropbox
,dwolla
,email
,evernote
,evernote-sandbox
,exact
,facebook
,fitbit
,flickr
,github
,google-apps
,google-oauth2
,guardian
,instagram
,ip
,line
,linkedin
,miicard
,oauth1
,oauth2
,office365
,oidc
,paypal
,paypal-sandbox
,pingfederate
,planningcenter
,renren
,salesforce
,salesforce-community
,salesforce-sandbox
samlp
,sharepoint
,shopify
,sms
,soundcloud
,thecity
,thecity-sandbox
,thirtysevensignals
,twitter
,untappd
,vkontakte
,waad
,weibo
,windowslive
,wordpress
,yahoo
,yammer
,yandex
.- Strategy
Version string Version 1 is deprecated, use version 2.
- Validation map[string]string
Validation of the minimum and maximum values allowed for a user to have as username. For details, see Validation.
- display
Name String Name used in login screen
- enabled
Clients List<String> IDs of the clients for which the connection is enabled. If not specified, no clients are enabled.
- is
Domain BooleanConnection Indicates whether the connection is domain level.
- name String
Name of the connection.
- options
Connection
Options Args Configuration settings for connection options. For details, see Options.
- realms List<String>
Defines the realms for which the connection will be used (i.e., email domains). If not specified, the connection name is added as the realm.
- Boolean
Display connection as a button. Only available for enterprise connections.
- strategy String
Type of the connection, which indicates the identity provider. Options include
ad
,adfs
,amazon
,aol
,apple
,auth0
,auth0-adldap
,auth0-oidc
,baidu
,bitbucket
,bitly
,box
,custom
,daccount
,dropbox
,dwolla
,email
,evernote
,evernote-sandbox
,exact
,facebook
,fitbit
,flickr
,github
,google-apps
,google-oauth2
,guardian
,instagram
,ip
,line
,linkedin
,miicard
,oauth1
,oauth2
,office365
,oidc
,paypal
,paypal-sandbox
,pingfederate
,planningcenter
,renren
,salesforce
,salesforce-community
,salesforce-sandbox
samlp
,sharepoint
,shopify
,sms
,soundcloud
,thecity
,thecity-sandbox
,thirtysevensignals
,twitter
,untappd
,vkontakte
,waad
,weibo
,windowslive
,wordpress
,yahoo
,yammer
,yandex
.- strategy
Version String Version 1 is deprecated, use version 2.
- validation Map<String,String>
Validation of the minimum and maximum values allowed for a user to have as username. For details, see Validation.
- display
Name string Name used in login screen
- enabled
Clients string[] IDs of the clients for which the connection is enabled. If not specified, no clients are enabled.
- is
Domain booleanConnection Indicates whether the connection is domain level.
- name string
Name of the connection.
- options
Connection
Options Args Configuration settings for connection options. For details, see Options.
- realms string[]
Defines the realms for which the connection will be used (i.e., email domains). If not specified, the connection name is added as the realm.
- boolean
Display connection as a button. Only available for enterprise connections.
- strategy string
Type of the connection, which indicates the identity provider. Options include
ad
,adfs
,amazon
,aol
,apple
,auth0
,auth0-adldap
,auth0-oidc
,baidu
,bitbucket
,bitly
,box
,custom
,daccount
,dropbox
,dwolla
,email
,evernote
,evernote-sandbox
,exact
,facebook
,fitbit
,flickr
,github
,google-apps
,google-oauth2
,guardian
,instagram
,ip
,line
,linkedin
,miicard
,oauth1
,oauth2
,office365
,oidc
,paypal
,paypal-sandbox
,pingfederate
,planningcenter
,renren
,salesforce
,salesforce-community
,salesforce-sandbox
samlp
,sharepoint
,shopify
,sms
,soundcloud
,thecity
,thecity-sandbox
,thirtysevensignals
,twitter
,untappd
,vkontakte
,waad
,weibo
,windowslive
,wordpress
,yahoo
,yammer
,yandex
.- strategy
Version string Version 1 is deprecated, use version 2.
- validation {[key: string]: string}
Validation of the minimum and maximum values allowed for a user to have as username. For details, see Validation.
- display_
name str Name used in login screen
- enabled_
clients Sequence[str] IDs of the clients for which the connection is enabled. If not specified, no clients are enabled.
- is_
domain_ boolconnection Indicates whether the connection is domain level.
- name str
Name of the connection.
- options
Connection
Options Args Configuration settings for connection options. For details, see Options.
- realms Sequence[str]
Defines the realms for which the connection will be used (i.e., email domains). If not specified, the connection name is added as the realm.
- bool
Display connection as a button. Only available for enterprise connections.
- strategy str
Type of the connection, which indicates the identity provider. Options include
ad
,adfs
,amazon
,aol
,apple
,auth0
,auth0-adldap
,auth0-oidc
,baidu
,bitbucket
,bitly
,box
,custom
,daccount
,dropbox
,dwolla
,email
,evernote
,evernote-sandbox
,exact
,facebook
,fitbit
,flickr
,github
,google-apps
,google-oauth2
,guardian
,instagram
,ip
,line
,linkedin
,miicard
,oauth1
,oauth2
,office365
,oidc
,paypal
,paypal-sandbox
,pingfederate
,planningcenter
,renren
,salesforce
,salesforce-community
,salesforce-sandbox
samlp
,sharepoint
,shopify
,sms
,soundcloud
,thecity
,thecity-sandbox
,thirtysevensignals
,twitter
,untappd
,vkontakte
,waad
,weibo
,windowslive
,wordpress
,yahoo
,yammer
,yandex
.- strategy_
version str Version 1 is deprecated, use version 2.
- validation Mapping[str, str]
Validation of the minimum and maximum values allowed for a user to have as username. For details, see Validation.
- display
Name String Name used in login screen
- enabled
Clients List<String> IDs of the clients for which the connection is enabled. If not specified, no clients are enabled.
- is
Domain BooleanConnection Indicates whether the connection is domain level.
- name String
Name of the connection.
- options Property Map
Configuration settings for connection options. For details, see Options.
- realms List<String>
Defines the realms for which the connection will be used (i.e., email domains). If not specified, the connection name is added as the realm.
- Boolean
Display connection as a button. Only available for enterprise connections.
- strategy String
Type of the connection, which indicates the identity provider. Options include
ad
,adfs
,amazon
,aol
,apple
,auth0
,auth0-adldap
,auth0-oidc
,baidu
,bitbucket
,bitly
,box
,custom
,daccount
,dropbox
,dwolla
,email
,evernote
,evernote-sandbox
,exact
,facebook
,fitbit
,flickr
,github
,google-apps
,google-oauth2
,guardian
,instagram
,ip
,line
,linkedin
,miicard
,oauth1
,oauth2
,office365
,oidc
,paypal
,paypal-sandbox
,pingfederate
,planningcenter
,renren
,salesforce
,salesforce-community
,salesforce-sandbox
samlp
,sharepoint
,shopify
,sms
,soundcloud
,thecity
,thecity-sandbox
,thirtysevensignals
,twitter
,untappd
,vkontakte
,waad
,weibo
,windowslive
,wordpress
,yahoo
,yammer
,yandex
.- strategy
Version String Version 1 is deprecated, use version 2.
- validation Map<String>
Validation of the minimum and maximum values allowed for a user to have as username. For details, see Validation.
Supporting Types
ConnectionOptions
- Adfs
Server string ADFS Metadata source.
- Allowed
Audiences List<string> List of allowed audiences.
- Api
Enable boolUsers - App
Domain string Azure AD domain name.
Use domain instead
- App
Id string Azure AD app ID.
- string
- Brute
Force boolProtection Indicates whether or not to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.
- Client
Id string OIDC provider client ID.
- Client
Secret string OIDC provider client secret.
- Community
Base stringUrl String.
- Configuration Dictionary<string, string>
A case-sensitive map of key value pairs used as configuration variables for the
custom_script
.- Custom
Scripts Dictionary<string, string> Custom database action scripts. For more information, read Custom Database Action Script Templates.
- Debug bool
(Boolean) When enabled additional debugging information will be generated.
- Digest
Algorithm string Sign Request Algorithm Digest
- Disable
Cache bool - Disable
Signup bool Boolean. Indicates whether or not to allow user sign-ups to your application.
- Discovery
Url string OpenID discovery URL. E.g.
https://auth.example.com/.well-known/openid-configuration
.- Domain string
- Domain
Aliases List<string> List of the domains that can be authenticated using the Identity Provider. Only needed for Identifier First authentication flows.
- Enabled
Database boolCustomization - Entity
Id string Custom Entity ID for the connection.
- Fields
Map Dictionary<string, string> SAML Attributes mapping. If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.
- Forward
Request boolInfo - From string
SMS number for the sender. Used when SMS Source is From.
- Gateway
Authentication ConnectionOptions Gateway Authentication - Gateway
Url string - Icon
Url string - Identity
Api string - Idp
Initiated ConnectionOptions Idp Initiated Configuration Options for IDP Initiated Authentication. This is an object with the properties:
client_id
,client_protocol
, andclient_authorize_query
- Import
Mode bool Indicates whether or not you have a legacy user store and want to gradually migrate those users to the Auth0 user store. Learn more.
- Ips List<string>
- Issuer string
Issuer URL. E.g.
https://auth.example.com
- Jwks
Uri string - Key
Id string Key ID.
- Max
Groups stringTo Retrieve Maximum number of groups to retrieve.
- Messaging
Service stringSid SID for Copilot. Used when SMS Source is Copilot.
- Mfa
Connection
Options Mfa Configuration settings Options for multifactor authentication. For details, see MFA Options.
- Name string
Name of the connection.
- Non
Persistent List<string>Attrs If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the denylist. See here for more info.
- Password
Complexity ConnectionOptions Options Password Complexity Options Configuration settings for password complexity. For details, see Password Complexity Options.
- Password
Dictionary ConnectionOptions Password Dictionary Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary. For details, see Password Dictionary.
- Password
Histories List<ConnectionOptions Password History> Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords. For details, see Password History.
- Password
No ConnectionPersonal Info Options Password No Personal Info Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user's personal data, including user's name, username, nickname, user_metadata.name, user_metadata.first, user_metadata.last, user's email, or first part of the user's email. For details, see Password No Personal Info.
- Password
Policy string Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include
none
,low
,fair
,good
,excellent
.- Protocol
Binding string The SAML Response Binding - how the SAML token is received by Auth0 from IdP. Two possible values are
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
(default) andurn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
- Provider string
- Request
Template string Template that formats the SAML request
- Requires
Username bool Indicates whether or not the user is required to provide a username in addition to an email address.
- Scopes List<string>
Scopes required by the connection. The value must be a list, for example
["openid", "profile", "email"]
.- Scripts Dictionary<string, string>
- Set
User stringRoot Attributes Determines whether the 'name', 'given_name', 'family_name', 'nickname', and 'picture' attributes can be independently updated when using the external IdP. Default is
on_each_login
and can be set toon_first_login
.- Should
Trust stringEmail Verified Connection Determines how Auth0 sets the email_verified field in the user profile. Can either be set to
never_set_emails_as_verified
oralways_set_emails_as_verified
.- Sign
In stringEndpoint SAML single login URL for the connection.
- Sign
Out stringEndpoint SAML single logout URL for the connection.
- Sign
Saml boolRequest (Boolean) When enabled, the SAML authentication request will be signed.
- Signature
Algorithm string Sign Request Algorithm
- Signing
Cert string The X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded
- Strategy
Version int Version 1 is deprecated, use version 2.
- Subject string
- Syntax string
Syntax of the SMS. Options include
markdown
andliquid
.- Team
Id string Team ID.
- Template string
Template for the SMS. You can use
@@password@@
as a placeholder for the password value.- Tenant
Domain string - Token
Endpoint string - Totp
Connection
Options Totp Configuration options for one-time passwords. For details, see TOTP.
- Twilio
Sid string SID for your Twilio account.
- Twilio
Token string AuthToken for your Twilio account.
- Type string
Value can be
back_channel
orfront_channel
.- Use
Cert boolAuth - Use
Kerberos bool - Use
Wsfed bool - User
Id stringAttribute Attribute in the SAML token that will be mapped to the user_id property in Auth0.
- Userinfo
Endpoint string - Validation
Connection
Options Validation Validation of the minimum and maximum values allowed for a user to have as username. For details, see Validation.
- Waad
Common boolEndpoint Indicates whether or not to use the common endpoint rather than the default endpoint. Typically enabled if you're using this for a multi-tenant application in Azure AD.
- Waad
Protocol string
- Adfs
Server string ADFS Metadata source.
- Allowed
Audiences []string List of allowed audiences.
- Api
Enable boolUsers - App
Domain string Azure AD domain name.
Use domain instead
- App
Id string Azure AD app ID.
- string
- Brute
Force boolProtection Indicates whether or not to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.
- Client
Id string OIDC provider client ID.
- Client
Secret string OIDC provider client secret.
- Community
Base stringUrl String.
- Configuration map[string]string
A case-sensitive map of key value pairs used as configuration variables for the
custom_script
.- Custom
Scripts map[string]string Custom database action scripts. For more information, read Custom Database Action Script Templates.
- Debug bool
(Boolean) When enabled additional debugging information will be generated.
- Digest
Algorithm string Sign Request Algorithm Digest
- Disable
Cache bool - Disable
Signup bool Boolean. Indicates whether or not to allow user sign-ups to your application.
- Discovery
Url string OpenID discovery URL. E.g.
https://auth.example.com/.well-known/openid-configuration
.- Domain string
- Domain
Aliases []string List of the domains that can be authenticated using the Identity Provider. Only needed for Identifier First authentication flows.
- Enabled
Database boolCustomization - Entity
Id string Custom Entity ID for the connection.
- Fields
Map map[string]string SAML Attributes mapping. If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.
- Forward
Request boolInfo - From string
SMS number for the sender. Used when SMS Source is From.
- Gateway
Authentication ConnectionOptions Gateway Authentication - Gateway
Url string - Icon
Url string - Identity
Api string - Idp
Initiated ConnectionOptions Idp Initiated Configuration Options for IDP Initiated Authentication. This is an object with the properties:
client_id
,client_protocol
, andclient_authorize_query
- Import
Mode bool Indicates whether or not you have a legacy user store and want to gradually migrate those users to the Auth0 user store. Learn more.
- Ips []string
- Issuer string
Issuer URL. E.g.
https://auth.example.com
- Jwks
Uri string - Key
Id string Key ID.
- Max
Groups stringTo Retrieve Maximum number of groups to retrieve.
- Messaging
Service stringSid SID for Copilot. Used when SMS Source is Copilot.
- Mfa
Connection
Options Mfa Configuration settings Options for multifactor authentication. For details, see MFA Options.
- Name string
Name of the connection.
- Non
Persistent []stringAttrs If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the denylist. See here for more info.
- Password
Complexity ConnectionOptions Options Password Complexity Options Configuration settings for password complexity. For details, see Password Complexity Options.
- Password
Dictionary ConnectionOptions Password Dictionary Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary. For details, see Password Dictionary.
- Password
Histories []ConnectionOptions Password History Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords. For details, see Password History.
- Password
No ConnectionPersonal Info Options Password No Personal Info Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user's personal data, including user's name, username, nickname, user_metadata.name, user_metadata.first, user_metadata.last, user's email, or first part of the user's email. For details, see Password No Personal Info.
- Password
Policy string Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include
none
,low
,fair
,good
,excellent
.- Protocol
Binding string The SAML Response Binding - how the SAML token is received by Auth0 from IdP. Two possible values are
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
(default) andurn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
- Provider string
- Request
Template string Template that formats the SAML request
- Requires
Username bool Indicates whether or not the user is required to provide a username in addition to an email address.
- Scopes []string
Scopes required by the connection. The value must be a list, for example
["openid", "profile", "email"]
.- Scripts map[string]string
- Set
User stringRoot Attributes Determines whether the 'name', 'given_name', 'family_name', 'nickname', and 'picture' attributes can be independently updated when using the external IdP. Default is
on_each_login
and can be set toon_first_login
.- Should
Trust stringEmail Verified Connection Determines how Auth0 sets the email_verified field in the user profile. Can either be set to
never_set_emails_as_verified
oralways_set_emails_as_verified
.- Sign
In stringEndpoint SAML single login URL for the connection.
- Sign
Out stringEndpoint SAML single logout URL for the connection.
- Sign
Saml boolRequest (Boolean) When enabled, the SAML authentication request will be signed.
- Signature
Algorithm string Sign Request Algorithm
- Signing
Cert string The X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded
- Strategy
Version int Version 1 is deprecated, use version 2.
- Subject string
- Syntax string
Syntax of the SMS. Options include
markdown
andliquid
.- Team
Id string Team ID.
- Template string
Template for the SMS. You can use
@@password@@
as a placeholder for the password value.- Tenant
Domain string - Token
Endpoint string - Totp
Connection
Options Totp Configuration options for one-time passwords. For details, see TOTP.
- Twilio
Sid string SID for your Twilio account.
- Twilio
Token string AuthToken for your Twilio account.
- Type string
Value can be
back_channel
orfront_channel
.- Use
Cert boolAuth - Use
Kerberos bool - Use
Wsfed bool - User
Id stringAttribute Attribute in the SAML token that will be mapped to the user_id property in Auth0.
- Userinfo
Endpoint string - Validation
Connection
Options Validation Validation of the minimum and maximum values allowed for a user to have as username. For details, see Validation.
- Waad
Common boolEndpoint Indicates whether or not to use the common endpoint rather than the default endpoint. Typically enabled if you're using this for a multi-tenant application in Azure AD.
- Waad
Protocol string
- adfs
Server String ADFS Metadata source.
- allowed
Audiences List<String> List of allowed audiences.
- api
Enable BooleanUsers - app
Domain String Azure AD domain name.
Use domain instead
- app
Id String Azure AD app ID.
- String
- brute
Force BooleanProtection Indicates whether or not to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.
- client
Id String OIDC provider client ID.
- client
Secret String OIDC provider client secret.
- community
Base StringUrl String.
- configuration Map<String,String>
A case-sensitive map of key value pairs used as configuration variables for the
custom_script
.- custom
Scripts Map<String,String> Custom database action scripts. For more information, read Custom Database Action Script Templates.
- debug Boolean
(Boolean) When enabled additional debugging information will be generated.
- digest
Algorithm String Sign Request Algorithm Digest
- disable
Cache Boolean - disable
Signup Boolean Boolean. Indicates whether or not to allow user sign-ups to your application.
- discovery
Url String OpenID discovery URL. E.g.
https://auth.example.com/.well-known/openid-configuration
.- domain String
- domain
Aliases List<String> List of the domains that can be authenticated using the Identity Provider. Only needed for Identifier First authentication flows.
- enabled
Database BooleanCustomization - entity
Id String Custom Entity ID for the connection.
- fields
Map Map<String,String> SAML Attributes mapping. If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.
- forward
Request BooleanInfo - from String
SMS number for the sender. Used when SMS Source is From.
- gateway
Authentication ConnectionOptions Gateway Authentication - gateway
Url String - icon
Url String - identity
Api String - idp
Initiated ConnectionOptions Idp Initiated Configuration Options for IDP Initiated Authentication. This is an object with the properties:
client_id
,client_protocol
, andclient_authorize_query
- import
Mode Boolean Indicates whether or not you have a legacy user store and want to gradually migrate those users to the Auth0 user store. Learn more.
- ips List<String>
- issuer String
Issuer URL. E.g.
https://auth.example.com
- jwks
Uri String - key
Id String Key ID.
- max
Groups StringTo Retrieve Maximum number of groups to retrieve.
- messaging
Service StringSid SID for Copilot. Used when SMS Source is Copilot.
- mfa
Connection
Options Mfa Configuration settings Options for multifactor authentication. For details, see MFA Options.
- name String
Name of the connection.
- non
Persistent List<String>Attrs If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the denylist. See here for more info.
- password
Complexity ConnectionOptions Options Password Complexity Options Configuration settings for password complexity. For details, see Password Complexity Options.
- password
Dictionary ConnectionOptions Password Dictionary Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary. For details, see Password Dictionary.
- password
Histories List<ConnectionOptions Password History> Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords. For details, see Password History.
- password
No ConnectionPersonal Info Options Password No Personal Info Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user's personal data, including user's name, username, nickname, user_metadata.name, user_metadata.first, user_metadata.last, user's email, or first part of the user's email. For details, see Password No Personal Info.
- password
Policy String Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include
none
,low
,fair
,good
,excellent
.- protocol
Binding String The SAML Response Binding - how the SAML token is received by Auth0 from IdP. Two possible values are
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
(default) andurn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
- provider String
- request
Template String Template that formats the SAML request
- requires
Username Boolean Indicates whether or not the user is required to provide a username in addition to an email address.
- scopes List<String>
Scopes required by the connection. The value must be a list, for example
["openid", "profile", "email"]
.- scripts Map<String,String>
- set
User StringRoot Attributes Determines whether the 'name', 'given_name', 'family_name', 'nickname', and 'picture' attributes can be independently updated when using the external IdP. Default is
on_each_login
and can be set toon_first_login
.- should
Trust StringEmail Verified Connection Determines how Auth0 sets the email_verified field in the user profile. Can either be set to
never_set_emails_as_verified
oralways_set_emails_as_verified
.- sign
In StringEndpoint SAML single login URL for the connection.
- sign
Out StringEndpoint SAML single logout URL for the connection.
- sign
Saml BooleanRequest (Boolean) When enabled, the SAML authentication request will be signed.
- signature
Algorithm String Sign Request Algorithm
- signing
Cert String The X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded
- strategy
Version Integer Version 1 is deprecated, use version 2.
- subject String
- syntax String
Syntax of the SMS. Options include
markdown
andliquid
.- team
Id String Team ID.
- template String
Template for the SMS. You can use
@@password@@
as a placeholder for the password value.- tenant
Domain String - token
Endpoint String - totp
Connection
Options Totp Configuration options for one-time passwords. For details, see TOTP.
- twilio
Sid String SID for your Twilio account.
- twilio
Token String AuthToken for your Twilio account.
- type String
Value can be
back_channel
orfront_channel
.- use
Cert BooleanAuth - use
Kerberos Boolean - use
Wsfed Boolean - user
Id StringAttribute Attribute in the SAML token that will be mapped to the user_id property in Auth0.
- userinfo
Endpoint String - validation
Connection
Options Validation Validation of the minimum and maximum values allowed for a user to have as username. For details, see Validation.
- waad
Common BooleanEndpoint Indicates whether or not to use the common endpoint rather than the default endpoint. Typically enabled if you're using this for a multi-tenant application in Azure AD.
- waad
Protocol String
- adfs
Server string ADFS Metadata source.
- allowed
Audiences string[] List of allowed audiences.
- api
Enable booleanUsers - app
Domain string Azure AD domain name.
Use domain instead
- app
Id string Azure AD app ID.
- string
- brute
Force booleanProtection Indicates whether or not to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.
- client
Id string OIDC provider client ID.
- client
Secret string OIDC provider client secret.
- community
Base stringUrl String.
- configuration {[key: string]: string}
A case-sensitive map of key value pairs used as configuration variables for the
custom_script
.- custom
Scripts {[key: string]: string} Custom database action scripts. For more information, read Custom Database Action Script Templates.
- debug boolean
(Boolean) When enabled additional debugging information will be generated.
- digest
Algorithm string Sign Request Algorithm Digest
- disable
Cache boolean - disable
Signup boolean Boolean. Indicates whether or not to allow user sign-ups to your application.
- discovery
Url string OpenID discovery URL. E.g.
https://auth.example.com/.well-known/openid-configuration
.- domain string
- domain
Aliases string[] List of the domains that can be authenticated using the Identity Provider. Only needed for Identifier First authentication flows.
- enabled
Database booleanCustomization - entity
Id string Custom Entity ID for the connection.
- fields
Map {[key: string]: string} SAML Attributes mapping. If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.
- forward
Request booleanInfo - from string
SMS number for the sender. Used when SMS Source is From.
- gateway
Authentication ConnectionOptions Gateway Authentication - gateway
Url string - icon
Url string - identity
Api string - idp
Initiated ConnectionOptions Idp Initiated Configuration Options for IDP Initiated Authentication. This is an object with the properties:
client_id
,client_protocol
, andclient_authorize_query
- import
Mode boolean Indicates whether or not you have a legacy user store and want to gradually migrate those users to the Auth0 user store. Learn more.
- ips string[]
- issuer string
Issuer URL. E.g.
https://auth.example.com
- jwks
Uri string - key
Id string Key ID.
- max
Groups stringTo Retrieve Maximum number of groups to retrieve.
- messaging
Service stringSid SID for Copilot. Used when SMS Source is Copilot.
- mfa
Connection
Options Mfa Configuration settings Options for multifactor authentication. For details, see MFA Options.
- name string
Name of the connection.
- non
Persistent string[]Attrs If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the denylist. See here for more info.
- password
Complexity ConnectionOptions Options Password Complexity Options Configuration settings for password complexity. For details, see Password Complexity Options.
- password
Dictionary ConnectionOptions Password Dictionary Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary. For details, see Password Dictionary.
- password
Histories ConnectionOptions Password History[] Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords. For details, see Password History.
- password
No ConnectionPersonal Info Options Password No Personal Info Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user's personal data, including user's name, username, nickname, user_metadata.name, user_metadata.first, user_metadata.last, user's email, or first part of the user's email. For details, see Password No Personal Info.
- password
Policy string Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include
none
,low
,fair
,good
,excellent
.- protocol
Binding string The SAML Response Binding - how the SAML token is received by Auth0 from IdP. Two possible values are
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
(default) andurn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
- provider string
- request
Template string Template that formats the SAML request
- requires
Username boolean Indicates whether or not the user is required to provide a username in addition to an email address.
- scopes string[]
Scopes required by the connection. The value must be a list, for example
["openid", "profile", "email"]
.- scripts {[key: string]: string}
- set
User stringRoot Attributes Determines whether the 'name', 'given_name', 'family_name', 'nickname', and 'picture' attributes can be independently updated when using the external IdP. Default is
on_each_login
and can be set toon_first_login
.- should
Trust stringEmail Verified Connection Determines how Auth0 sets the email_verified field in the user profile. Can either be set to
never_set_emails_as_verified
oralways_set_emails_as_verified
.- sign
In stringEndpoint SAML single login URL for the connection.
- sign
Out stringEndpoint SAML single logout URL for the connection.
- sign
Saml booleanRequest (Boolean) When enabled, the SAML authentication request will be signed.
- signature
Algorithm string Sign Request Algorithm
- signing
Cert string The X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded
- strategy
Version number Version 1 is deprecated, use version 2.
- subject string
- syntax string
Syntax of the SMS. Options include
markdown
andliquid
.- team
Id string Team ID.
- template string
Template for the SMS. You can use
@@password@@
as a placeholder for the password value.- tenant
Domain string - token
Endpoint string - totp
Connection
Options Totp Configuration options for one-time passwords. For details, see TOTP.
- twilio
Sid string SID for your Twilio account.
- twilio
Token string AuthToken for your Twilio account.
- type string
Value can be
back_channel
orfront_channel
.- use
Cert booleanAuth - use
Kerberos boolean - use
Wsfed boolean - user
Id stringAttribute Attribute in the SAML token that will be mapped to the user_id property in Auth0.
- userinfo
Endpoint string - validation
Connection
Options Validation Validation of the minimum and maximum values allowed for a user to have as username. For details, see Validation.
- waad
Common booleanEndpoint Indicates whether or not to use the common endpoint rather than the default endpoint. Typically enabled if you're using this for a multi-tenant application in Azure AD.
- waad
Protocol string
- adfs_
server str ADFS Metadata source.
- allowed_
audiences Sequence[str] List of allowed audiences.
- api_
enable_ boolusers - app_
domain str Azure AD domain name.
Use domain instead
- app_
id str Azure AD app ID.
- str
- brute_
force_ boolprotection Indicates whether or not to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.
- client_
id str OIDC provider client ID.
- client_
secret str OIDC provider client secret.
- community_
base_ strurl String.
- configuration Mapping[str, str]
A case-sensitive map of key value pairs used as configuration variables for the
custom_script
.- custom_
scripts Mapping[str, str] Custom database action scripts. For more information, read Custom Database Action Script Templates.
- debug bool
(Boolean) When enabled additional debugging information will be generated.
- digest_
algorithm str Sign Request Algorithm Digest
- disable_
cache bool - disable_
signup bool Boolean. Indicates whether or not to allow user sign-ups to your application.
- discovery_
url str OpenID discovery URL. E.g.
https://auth.example.com/.well-known/openid-configuration
.- domain str
- domain_
aliases Sequence[str] List of the domains that can be authenticated using the Identity Provider. Only needed for Identifier First authentication flows.
- enabled_
database_ boolcustomization - entity_
id str Custom Entity ID for the connection.
- fields_
map Mapping[str, str] SAML Attributes mapping. If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.
- forward_
request_ boolinfo - from_ str
SMS number for the sender. Used when SMS Source is From.
- gateway_
authentication ConnectionOptions Gateway Authentication - gateway_
url str - icon_
url str - identity_
api str - idp_
initiated ConnectionOptions Idp Initiated Configuration Options for IDP Initiated Authentication. This is an object with the properties:
client_id
,client_protocol
, andclient_authorize_query
- import_
mode bool Indicates whether or not you have a legacy user store and want to gradually migrate those users to the Auth0 user store. Learn more.
- ips Sequence[str]
- issuer str
Issuer URL. E.g.
https://auth.example.com
- jwks_
uri str - key_
id str Key ID.
- max_
groups_ strto_ retrieve Maximum number of groups to retrieve.
- messaging_
service_ strsid SID for Copilot. Used when SMS Source is Copilot.
- mfa
Connection
Options Mfa Configuration settings Options for multifactor authentication. For details, see MFA Options.
- name str
Name of the connection.
- non_
persistent_ Sequence[str]attrs If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the denylist. See here for more info.
- password_
complexity_ Connectionoptions Options Password Complexity Options Configuration settings for password complexity. For details, see Password Complexity Options.
- password_
dictionary ConnectionOptions Password Dictionary Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary. For details, see Password Dictionary.
- password_
histories Sequence[ConnectionOptions Password History] Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords. For details, see Password History.
- password_
no_ Connectionpersonal_ info Options Password No Personal Info Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user's personal data, including user's name, username, nickname, user_metadata.name, user_metadata.first, user_metadata.last, user's email, or first part of the user's email. For details, see Password No Personal Info.
- password_
policy str Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include
none
,low
,fair
,good
,excellent
.- protocol_
binding str The SAML Response Binding - how the SAML token is received by Auth0 from IdP. Two possible values are
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
(default) andurn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
- provider str
- request_
template str Template that formats the SAML request
- requires_
username bool Indicates whether or not the user is required to provide a username in addition to an email address.
- scopes Sequence[str]
Scopes required by the connection. The value must be a list, for example
["openid", "profile", "email"]
.- scripts Mapping[str, str]
- set_
user_ strroot_ attributes Determines whether the 'name', 'given_name', 'family_name', 'nickname', and 'picture' attributes can be independently updated when using the external IdP. Default is
on_each_login
and can be set toon_first_login
.- should_
trust_ stremail_ verified_ connection Determines how Auth0 sets the email_verified field in the user profile. Can either be set to
never_set_emails_as_verified
oralways_set_emails_as_verified
.- sign_
in_ strendpoint SAML single login URL for the connection.
- sign_
out_ strendpoint SAML single logout URL for the connection.
- sign_
saml_ boolrequest (Boolean) When enabled, the SAML authentication request will be signed.
- signature_
algorithm str Sign Request Algorithm
- signing_
cert str The X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded
- strategy_
version int Version 1 is deprecated, use version 2.
- subject str
- syntax str
Syntax of the SMS. Options include
markdown
andliquid
.- team_
id str Team ID.
- template str
Template for the SMS. You can use
@@password@@
as a placeholder for the password value.- tenant_
domain str - token_
endpoint str - totp
Connection
Options Totp Configuration options for one-time passwords. For details, see TOTP.
- twilio_
sid str SID for your Twilio account.
- twilio_
token str AuthToken for your Twilio account.
- type str
Value can be
back_channel
orfront_channel
.- use_
cert_ boolauth - use_
kerberos bool - use_
wsfed bool - user_
id_ strattribute Attribute in the SAML token that will be mapped to the user_id property in Auth0.
- userinfo_
endpoint str - validation
Connection
Options Validation Validation of the minimum and maximum values allowed for a user to have as username. For details, see Validation.
- waad_
common_ boolendpoint Indicates whether or not to use the common endpoint rather than the default endpoint. Typically enabled if you're using this for a multi-tenant application in Azure AD.
- waad_
protocol str
- adfs
Server String ADFS Metadata source.
- allowed
Audiences List<String> List of allowed audiences.
- api
Enable BooleanUsers - app
Domain String Azure AD domain name.
Use domain instead
- app
Id String Azure AD app ID.
- String
- brute
Force BooleanProtection Indicates whether or not to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.
- client
Id String OIDC provider client ID.
- client
Secret String OIDC provider client secret.
- community
Base StringUrl String.
- configuration Map<String>
A case-sensitive map of key value pairs used as configuration variables for the
custom_script
.- custom
Scripts Map<String> Custom database action scripts. For more information, read Custom Database Action Script Templates.
- debug Boolean
(Boolean) When enabled additional debugging information will be generated.
- digest
Algorithm String Sign Request Algorithm Digest
- disable
Cache Boolean - disable
Signup Boolean Boolean. Indicates whether or not to allow user sign-ups to your application.
- discovery
Url String OpenID discovery URL. E.g.
https://auth.example.com/.well-known/openid-configuration
.- domain String
- domain
Aliases List<String> List of the domains that can be authenticated using the Identity Provider. Only needed for Identifier First authentication flows.
- enabled
Database BooleanCustomization - entity
Id String Custom Entity ID for the connection.
- fields
Map Map<String> SAML Attributes mapping. If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.
- forward
Request BooleanInfo - from String
SMS number for the sender. Used when SMS Source is From.
- gateway
Authentication Property Map - gateway
Url String - icon
Url String - identity
Api String - idp
Initiated Property Map Configuration Options for IDP Initiated Authentication. This is an object with the properties:
client_id
,client_protocol
, andclient_authorize_query
- import
Mode Boolean Indicates whether or not you have a legacy user store and want to gradually migrate those users to the Auth0 user store. Learn more.
- ips List<String>
- issuer String
Issuer URL. E.g.
https://auth.example.com
- jwks
Uri String - key
Id String Key ID.
- max
Groups StringTo Retrieve Maximum number of groups to retrieve.
- messaging
Service StringSid SID for Copilot. Used when SMS Source is Copilot.
- mfa Property Map
Configuration settings Options for multifactor authentication. For details, see MFA Options.
- name String
Name of the connection.
- non
Persistent List<String>Attrs If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the denylist. See here for more info.
- password
Complexity Property MapOptions Configuration settings for password complexity. For details, see Password Complexity Options.
- password
Dictionary Property Map Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary. For details, see Password Dictionary.
- password
Histories List<Property Map> Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords. For details, see Password History.
- password
No Property MapPersonal Info Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user's personal data, including user's name, username, nickname, user_metadata.name, user_metadata.first, user_metadata.last, user's email, or first part of the user's email. For details, see Password No Personal Info.
- password
Policy String Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include
none
,low
,fair
,good
,excellent
.- protocol
Binding String The SAML Response Binding - how the SAML token is received by Auth0 from IdP. Two possible values are
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
(default) andurn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
- provider String
- request
Template String Template that formats the SAML request
- requires
Username Boolean Indicates whether or not the user is required to provide a username in addition to an email address.
- scopes List<String>
Scopes required by the connection. The value must be a list, for example
["openid", "profile", "email"]
.- scripts Map<String>
- set
User StringRoot Attributes Determines whether the 'name', 'given_name', 'family_name', 'nickname', and 'picture' attributes can be independently updated when using the external IdP. Default is
on_each_login
and can be set toon_first_login
.- should
Trust StringEmail Verified Connection Determines how Auth0 sets the email_verified field in the user profile. Can either be set to
never_set_emails_as_verified
oralways_set_emails_as_verified
.- sign
In StringEndpoint SAML single login URL for the connection.
- sign
Out StringEndpoint SAML single logout URL for the connection.
- sign
Saml BooleanRequest (Boolean) When enabled, the SAML authentication request will be signed.
- signature
Algorithm String Sign Request Algorithm
- signing
Cert String The X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded
- strategy
Version Number Version 1 is deprecated, use version 2.
- subject String
- syntax String
Syntax of the SMS. Options include
markdown
andliquid
.- team
Id String Team ID.
- template String
Template for the SMS. You can use
@@password@@
as a placeholder for the password value.- tenant
Domain String - token
Endpoint String - totp Property Map
Configuration options for one-time passwords. For details, see TOTP.
- twilio
Sid String SID for your Twilio account.
- twilio
Token String AuthToken for your Twilio account.
- type String
Value can be
back_channel
orfront_channel
.- use
Cert BooleanAuth - use
Kerberos Boolean - use
Wsfed Boolean - user
Id StringAttribute Attribute in the SAML token that will be mapped to the user_id property in Auth0.
- userinfo
Endpoint String - validation Property Map
Validation of the minimum and maximum values allowed for a user to have as username. For details, see Validation.
- waad
Common BooleanEndpoint Indicates whether or not to use the common endpoint rather than the default endpoint. Typically enabled if you're using this for a multi-tenant application in Azure AD.
- waad
Protocol String
ConnectionOptionsGatewayAuthentication
- Audience string
- Method string
- Secret string
- Secret
Base64Encoded bool - Subject string
- Audience string
- Method string
- Secret string
- Secret
Base64Encoded bool - Subject string
- audience String
- method String
- secret String
- secret
Base64Encoded Boolean - subject String
- audience string
- method string
- secret string
- secret
Base64Encoded boolean - subject string
- audience str
- method str
- secret str
- secret_
base64_ boolencoded - subject str
- audience String
- method String
- secret String
- secret
Base64Encoded Boolean - subject String
ConnectionOptionsIdpInitiated
- string
- Client
Id string Google client ID.
- Client
Protocol string
- string
- Client
Id string Google client ID.
- Client
Protocol string
- String
- client
Id String Google client ID.
- client
Protocol String
- string
- client
Id string Google client ID.
- client
Protocol string
- str
- client_
id str Google client ID.
- client_
protocol str
- String
- client
Id String Google client ID.
- client
Protocol String
ConnectionOptionsMfa
- Active bool
Indicates whether multifactor authentication is enabled for this connection.
- Return
Enroll boolSettings Indicates whether multifactor authentication enrollment settings will be returned.
- Active bool
Indicates whether multifactor authentication is enabled for this connection.
- Return
Enroll boolSettings Indicates whether multifactor authentication enrollment settings will be returned.
- active Boolean
Indicates whether multifactor authentication is enabled for this connection.
- return
Enroll BooleanSettings Indicates whether multifactor authentication enrollment settings will be returned.
- active boolean
Indicates whether multifactor authentication is enabled for this connection.
- return
Enroll booleanSettings Indicates whether multifactor authentication enrollment settings will be returned.
- active bool
Indicates whether multifactor authentication is enabled for this connection.
- return_
enroll_ boolsettings Indicates whether multifactor authentication enrollment settings will be returned.
- active Boolean
Indicates whether multifactor authentication is enabled for this connection.
- return
Enroll BooleanSettings Indicates whether multifactor authentication enrollment settings will be returned.
ConnectionOptionsPasswordComplexityOptions
- Min
Length int Minimum number of characters allowed in passwords.
- Min
Length int Minimum number of characters allowed in passwords.
- min
Length Integer Minimum number of characters allowed in passwords.
- min
Length number Minimum number of characters allowed in passwords.
- min_
length int Minimum number of characters allowed in passwords.
- min
Length Number Minimum number of characters allowed in passwords.
ConnectionOptionsPasswordDictionary
- Dictionaries List<string>
Customized contents of the password dictionary. By default, the password dictionary contains a list of the 10,000 most common passwords; your customized content is used in addition to the default password dictionary. Matching is not case-sensitive.
- Enable bool
Indicates whether the password dictionary check is enabled for this connection.
- Dictionaries []string
Customized contents of the password dictionary. By default, the password dictionary contains a list of the 10,000 most common passwords; your customized content is used in addition to the default password dictionary. Matching is not case-sensitive.
- Enable bool
Indicates whether the password dictionary check is enabled for this connection.
- dictionaries List<String>
Customized contents of the password dictionary. By default, the password dictionary contains a list of the 10,000 most common passwords; your customized content is used in addition to the default password dictionary. Matching is not case-sensitive.
- enable Boolean
Indicates whether the password dictionary check is enabled for this connection.
- dictionaries string[]
Customized contents of the password dictionary. By default, the password dictionary contains a list of the 10,000 most common passwords; your customized content is used in addition to the default password dictionary. Matching is not case-sensitive.
- enable boolean
Indicates whether the password dictionary check is enabled for this connection.
- dictionaries Sequence[str]
Customized contents of the password dictionary. By default, the password dictionary contains a list of the 10,000 most common passwords; your customized content is used in addition to the default password dictionary. Matching is not case-sensitive.
- enable bool
Indicates whether the password dictionary check is enabled for this connection.
- dictionaries List<String>
Customized contents of the password dictionary. By default, the password dictionary contains a list of the 10,000 most common passwords; your customized content is used in addition to the default password dictionary. Matching is not case-sensitive.
- enable Boolean
Indicates whether the password dictionary check is enabled for this connection.
ConnectionOptionsPasswordHistory
- enable Boolean
Indicates whether password history is enabled for the connection. When enabled, any existing users in this connection will be unaffected; the system will maintain their password history going forward.
- size Integer
Indicates the number of passwords to keep in history with a maximum of 24.
ConnectionOptionsPasswordNoPersonalInfo
- Enable bool
Indicates whether the password personal info check is enabled for this connection.
- Enable bool
Indicates whether the password personal info check is enabled for this connection.
- enable Boolean
Indicates whether the password personal info check is enabled for this connection.
- enable boolean
Indicates whether the password personal info check is enabled for this connection.
- enable bool
Indicates whether the password personal info check is enabled for this connection.
- enable Boolean
Indicates whether the password personal info check is enabled for this connection.
ConnectionOptionsTotp
ConnectionOptionsValidation
- Username
Connection
Options Validation Username Specifies the
min
andmax
values of username length.min
andmax
are integers.
- Username
Connection
Options Validation Username Specifies the
min
andmax
values of username length.min
andmax
are integers.
- username
Connection
Options Validation Username Specifies the
min
andmax
values of username length.min
andmax
are integers.
- username
Connection
Options Validation Username Specifies the
min
andmax
values of username length.min
andmax
are integers.
- username
Connection
Options Validation Username Specifies the
min
andmax
values of username length.min
andmax
are integers.
- username Property Map
Specifies the
min
andmax
values of username length.min
andmax
are integers.
ConnectionOptionsValidationUsername
Import
Connections can be imported using their id, e.g.
$ pulumi import auth0:index/connection:Connection google con_a17f21fdb24d48a0
Package Details
- Repository
- https://github.com/pulumi/pulumi-auth0
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
auth0
Terraform Provider.