Auth0

Pulumi Official
Package maintained by Pulumi
v2.9.0 published on Thursday, May 26, 2022 by Pulumi

Connection

With Auth0, you can define sources of users, otherwise known as connections, which may include identity providers (such as Google or LinkedIn), databases, or passwordless authentication methods. This resource allows you to configure and manage connections to be used with your clients and users.

Example Usage

using Pulumi;
using Auth0 = Pulumi.Auth0;

class MyStack : Stack
{
    public MyStack()
    {
        var myConnection = new Auth0.Connection("myConnection", new Auth0.ConnectionArgs
        {
            Options = new Auth0.Inputs.ConnectionOptionsArgs
            {
                BruteForceProtection = true,
                Configuration = 
                {
                    { "bar", "baz" },
                    { "foo", "bar" },
                },
                CustomScripts = 
                {
                    { "getUser", @"function getByEmail (email, callback) {
  return callback(new Error(""Whoops!""))
}

" },
                },
                EnabledDatabaseCustomization = true,
                PasswordHistories = 
                {
                    new Auth0.Inputs.ConnectionOptionsPasswordHistoryArgs
                    {
                        Enable = true,
                        Size = 3,
                    },
                },
                PasswordPolicy = "excellent",
            },
            Strategy = "auth0",
        });
    }

}
package main

import (
	"fmt"

	"github.com/pulumi/pulumi-auth0/sdk/v2/go/auth0"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := auth0.NewConnection(ctx, "myConnection", &auth0.ConnectionArgs{
			Options: &ConnectionOptionsArgs{
				BruteForceProtection: pulumi.Bool(true),
				Configuration: pulumi.StringMap{
					"bar": pulumi.String("baz"),
					"foo": pulumi.String("bar"),
				},
				CustomScripts: pulumi.StringMap{
					"getUser": pulumi.String(fmt.Sprintf("%v%v%v%v", "function getByEmail (email, callback) {\n", "  return callback(new Error(\"Whoops!\"))\n", "}\n", "\n")),
				},
				EnabledDatabaseCustomization: pulumi.Bool(true),
				PasswordHistories: ConnectionOptionsPasswordHistoryArray{
					&ConnectionOptionsPasswordHistoryArgs{
						Enable: pulumi.Bool(true),
						Size:   pulumi.Int(3),
					},
				},
				PasswordPolicy: pulumi.String("excellent"),
			},
			Strategy: pulumi.String("auth0"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import java.util.*;
import java.io.*;
import java.nio.*;
import com.pulumi.*;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var myConnection = new Connection("myConnection", ConnectionArgs.builder()        
            .options(ConnectionOptionsArgs.builder()
                .bruteForceProtection("true")
                .configuration(Map.ofEntries(
                    Map.entry("bar", "baz"),
                    Map.entry("foo", "bar")
                ))
                .customScripts(Map.of("getUser", """
function getByEmail (email, callback) {
  return callback(new Error("Whoops!"))
}

                """))
                .enabledDatabaseCustomization("true")
                .passwordHistories(ConnectionOptionsPasswordHistoryArgs.builder()
                    .enable(true)
                    .size(3)
                    .build())
                .passwordPolicy("excellent")
                .build())
            .strategy("auth0")
            .build());

    }
}
import pulumi
import pulumi_auth0 as auth0

my_connection = auth0.Connection("myConnection",
    options=auth0.ConnectionOptionsArgs(
        brute_force_protection=True,
        configuration={
            "bar": "baz",
            "foo": "bar",
        },
        custom_scripts={
            "getUser": """function getByEmail (email, callback) {
  return callback(new Error("Whoops!"))
}

""",
        },
        enabled_database_customization=True,
        password_histories=[auth0.ConnectionOptionsPasswordHistoryArgs(
            enable=True,
            size=3,
        )],
        password_policy="excellent",
    ),
    strategy="auth0")
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";

const myConnection = new auth0.Connection("my_connection", {
    options: {
        bruteForceProtection: true,
        configuration: {
            bar: "baz",
            foo: "bar",
        },
        customScripts: {
            get_user: `function getByEmail (email, callback) {
  return callback(new Error("Whoops!"))
}
`,
        },
        enabledDatabaseCustomization: true,
        passwordHistories: [{
            enable: true,
            size: 3,
        }],
        passwordPolicy: "excellent",
    },
    strategy: "auth0",
});
resources:
  myConnection:
    type: auth0:Connection
    properties:
      options:
        bruteForceProtection: true
        configuration:
          bar: baz
          foo: bar
        customScripts:
          getUser: |+
            function getByEmail (email, callback) {
              return callback(new Error("Whoops!"))
            }            

        enabledDatabaseCustomization: true
        passwordHistories:
          - enable: true
            size: 3
        passwordPolicy: excellent
      strategy: auth0

Create a Connection Resource

new Connection(name: string, args: ConnectionArgs, opts?: CustomResourceOptions);
@overload
def Connection(resource_name: str,
               opts: Optional[ResourceOptions] = None,
               display_name: Optional[str] = None,
               enabled_clients: Optional[Sequence[str]] = None,
               is_domain_connection: Optional[bool] = None,
               name: Optional[str] = None,
               options: Optional[ConnectionOptionsArgs] = None,
               realms: Optional[Sequence[str]] = None,
               show_as_button: Optional[bool] = None,
               strategy: Optional[str] = None,
               strategy_version: Optional[str] = None,
               validation: Optional[Mapping[str, str]] = None)
@overload
def Connection(resource_name: str,
               args: ConnectionArgs,
               opts: Optional[ResourceOptions] = None)
func NewConnection(ctx *Context, name string, args ConnectionArgs, opts ...ResourceOption) (*Connection, error)
public Connection(string name, ConnectionArgs args, CustomResourceOptions? opts = null)
public Connection(String name, ConnectionArgs args)
public Connection(String name, ConnectionArgs args, CustomResourceOptions options)
type: auth0:Connection
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args ConnectionArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args ConnectionArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args ConnectionArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args ConnectionArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args ConnectionArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Connection Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The Connection resource accepts the following input properties:

Strategy string

Type of the connection, which indicates the identity provider. Options include ad, adfs, amazon, aol, apple, auth0, auth0-adldap, auth0-oidc, baidu, bitbucket, bitly, box, custom, daccount, dropbox, dwolla, email, evernote, evernote-sandbox, exact, facebook, fitbit, flickr, github, google-apps, google-oauth2, guardian, instagram, ip, line, linkedin, miicard, oauth1, oauth2, office365, oidc, paypal, paypal-sandbox, pingfederate, planningcenter, renren, salesforce, salesforce-community, salesforce-sandbox samlp, sharepoint, shopify, sms, soundcloud, thecity, thecity-sandbox, thirtysevensignals, twitter, untappd, vkontakte, waad, weibo, windowslive, wordpress, yahoo, yammer, yandex.

DisplayName string

Name used in login screen

EnabledClients List<string>

IDs of the clients for which the connection is enabled. If not specified, no clients are enabled.

IsDomainConnection bool

Indicates whether the connection is domain level.

Name string

Name of the connection.

Options ConnectionOptionsArgs

Configuration settings for connection options. For details, see Options.

Realms List<string>

Defines the realms for which the connection will be used (i.e., email domains). If not specified, the connection name is added as the realm.

ShowAsButton bool

Display connection as a button. Only available for enterprise connections.

StrategyVersion string

Version 1 is deprecated, use version 2.

Validation Dictionary<string, string>

Validation of the minimum and maximum values allowed for a user to have as username. For details, see Validation.

Strategy string

Type of the connection, which indicates the identity provider. Options include ad, adfs, amazon, aol, apple, auth0, auth0-adldap, auth0-oidc, baidu, bitbucket, bitly, box, custom, daccount, dropbox, dwolla, email, evernote, evernote-sandbox, exact, facebook, fitbit, flickr, github, google-apps, google-oauth2, guardian, instagram, ip, line, linkedin, miicard, oauth1, oauth2, office365, oidc, paypal, paypal-sandbox, pingfederate, planningcenter, renren, salesforce, salesforce-community, salesforce-sandbox samlp, sharepoint, shopify, sms, soundcloud, thecity, thecity-sandbox, thirtysevensignals, twitter, untappd, vkontakte, waad, weibo, windowslive, wordpress, yahoo, yammer, yandex.

DisplayName string

Name used in login screen

EnabledClients []string

IDs of the clients for which the connection is enabled. If not specified, no clients are enabled.

IsDomainConnection bool

Indicates whether the connection is domain level.

Name string

Name of the connection.

Options ConnectionOptionsArgs

Configuration settings for connection options. For details, see Options.

Realms []string

Defines the realms for which the connection will be used (i.e., email domains). If not specified, the connection name is added as the realm.

ShowAsButton bool

Display connection as a button. Only available for enterprise connections.

StrategyVersion string

Version 1 is deprecated, use version 2.

Validation map[string]string

Validation of the minimum and maximum values allowed for a user to have as username. For details, see Validation.

strategy String

Type of the connection, which indicates the identity provider. Options include ad, adfs, amazon, aol, apple, auth0, auth0-adldap, auth0-oidc, baidu, bitbucket, bitly, box, custom, daccount, dropbox, dwolla, email, evernote, evernote-sandbox, exact, facebook, fitbit, flickr, github, google-apps, google-oauth2, guardian, instagram, ip, line, linkedin, miicard, oauth1, oauth2, office365, oidc, paypal, paypal-sandbox, pingfederate, planningcenter, renren, salesforce, salesforce-community, salesforce-sandbox samlp, sharepoint, shopify, sms, soundcloud, thecity, thecity-sandbox, thirtysevensignals, twitter, untappd, vkontakte, waad, weibo, windowslive, wordpress, yahoo, yammer, yandex.

displayName String

Name used in login screen

enabledClients List<String>

IDs of the clients for which the connection is enabled. If not specified, no clients are enabled.

isDomainConnection Boolean

Indicates whether the connection is domain level.

name String

Name of the connection.

options ConnectionOptionsArgs

Configuration settings for connection options. For details, see Options.

realms List<String>

Defines the realms for which the connection will be used (i.e., email domains). If not specified, the connection name is added as the realm.

showAsButton Boolean

Display connection as a button. Only available for enterprise connections.

strategyVersion String

Version 1 is deprecated, use version 2.

validation Map<String,String>

Validation of the minimum and maximum values allowed for a user to have as username. For details, see Validation.

strategy string

Type of the connection, which indicates the identity provider. Options include ad, adfs, amazon, aol, apple, auth0, auth0-adldap, auth0-oidc, baidu, bitbucket, bitly, box, custom, daccount, dropbox, dwolla, email, evernote, evernote-sandbox, exact, facebook, fitbit, flickr, github, google-apps, google-oauth2, guardian, instagram, ip, line, linkedin, miicard, oauth1, oauth2, office365, oidc, paypal, paypal-sandbox, pingfederate, planningcenter, renren, salesforce, salesforce-community, salesforce-sandbox samlp, sharepoint, shopify, sms, soundcloud, thecity, thecity-sandbox, thirtysevensignals, twitter, untappd, vkontakte, waad, weibo, windowslive, wordpress, yahoo, yammer, yandex.

displayName string

Name used in login screen

enabledClients string[]

IDs of the clients for which the connection is enabled. If not specified, no clients are enabled.

isDomainConnection boolean

Indicates whether the connection is domain level.

name string

Name of the connection.

options ConnectionOptionsArgs

Configuration settings for connection options. For details, see Options.

realms string[]

Defines the realms for which the connection will be used (i.e., email domains). If not specified, the connection name is added as the realm.

showAsButton boolean

Display connection as a button. Only available for enterprise connections.

strategyVersion string

Version 1 is deprecated, use version 2.

validation {[key: string]: string}

Validation of the minimum and maximum values allowed for a user to have as username. For details, see Validation.

strategy str

Type of the connection, which indicates the identity provider. Options include ad, adfs, amazon, aol, apple, auth0, auth0-adldap, auth0-oidc, baidu, bitbucket, bitly, box, custom, daccount, dropbox, dwolla, email, evernote, evernote-sandbox, exact, facebook, fitbit, flickr, github, google-apps, google-oauth2, guardian, instagram, ip, line, linkedin, miicard, oauth1, oauth2, office365, oidc, paypal, paypal-sandbox, pingfederate, planningcenter, renren, salesforce, salesforce-community, salesforce-sandbox samlp, sharepoint, shopify, sms, soundcloud, thecity, thecity-sandbox, thirtysevensignals, twitter, untappd, vkontakte, waad, weibo, windowslive, wordpress, yahoo, yammer, yandex.

display_name str

Name used in login screen

enabled_clients Sequence[str]

IDs of the clients for which the connection is enabled. If not specified, no clients are enabled.

is_domain_connection bool

Indicates whether the connection is domain level.

name str

Name of the connection.

options ConnectionOptionsArgs

Configuration settings for connection options. For details, see Options.

realms Sequence[str]

Defines the realms for which the connection will be used (i.e., email domains). If not specified, the connection name is added as the realm.

show_as_button bool

Display connection as a button. Only available for enterprise connections.

strategy_version str

Version 1 is deprecated, use version 2.

validation Mapping[str, str]

Validation of the minimum and maximum values allowed for a user to have as username. For details, see Validation.

strategy String

Type of the connection, which indicates the identity provider. Options include ad, adfs, amazon, aol, apple, auth0, auth0-adldap, auth0-oidc, baidu, bitbucket, bitly, box, custom, daccount, dropbox, dwolla, email, evernote, evernote-sandbox, exact, facebook, fitbit, flickr, github, google-apps, google-oauth2, guardian, instagram, ip, line, linkedin, miicard, oauth1, oauth2, office365, oidc, paypal, paypal-sandbox, pingfederate, planningcenter, renren, salesforce, salesforce-community, salesforce-sandbox samlp, sharepoint, shopify, sms, soundcloud, thecity, thecity-sandbox, thirtysevensignals, twitter, untappd, vkontakte, waad, weibo, windowslive, wordpress, yahoo, yammer, yandex.

displayName String

Name used in login screen

enabledClients List<String>

IDs of the clients for which the connection is enabled. If not specified, no clients are enabled.

isDomainConnection Boolean

Indicates whether the connection is domain level.

name String

Name of the connection.

options Property Map

Configuration settings for connection options. For details, see Options.

realms List<String>

Defines the realms for which the connection will be used (i.e., email domains). If not specified, the connection name is added as the realm.

showAsButton Boolean

Display connection as a button. Only available for enterprise connections.

strategyVersion String

Version 1 is deprecated, use version 2.

validation Map<String>

Validation of the minimum and maximum values allowed for a user to have as username. For details, see Validation.

Outputs

All input properties are implicitly available as output properties. Additionally, the Connection resource produces the following output properties:

Id string

The provider-assigned unique ID for this managed resource.

Id string

The provider-assigned unique ID for this managed resource.

id String

The provider-assigned unique ID for this managed resource.

id string

The provider-assigned unique ID for this managed resource.

id str

The provider-assigned unique ID for this managed resource.

id String

The provider-assigned unique ID for this managed resource.

Look up an Existing Connection Resource

Get an existing Connection resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: ConnectionState, opts?: CustomResourceOptions): Connection
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        display_name: Optional[str] = None,
        enabled_clients: Optional[Sequence[str]] = None,
        is_domain_connection: Optional[bool] = None,
        name: Optional[str] = None,
        options: Optional[ConnectionOptionsArgs] = None,
        realms: Optional[Sequence[str]] = None,
        show_as_button: Optional[bool] = None,
        strategy: Optional[str] = None,
        strategy_version: Optional[str] = None,
        validation: Optional[Mapping[str, str]] = None) -> Connection
func GetConnection(ctx *Context, name string, id IDInput, state *ConnectionState, opts ...ResourceOption) (*Connection, error)
public static Connection Get(string name, Input<string> id, ConnectionState? state, CustomResourceOptions? opts = null)
public static Connection get(String name, Output<String> id, ConnectionState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
DisplayName string

Name used in login screen

EnabledClients List<string>

IDs of the clients for which the connection is enabled. If not specified, no clients are enabled.

IsDomainConnection bool

Indicates whether the connection is domain level.

Name string

Name of the connection.

Options ConnectionOptionsArgs

Configuration settings for connection options. For details, see Options.

Realms List<string>

Defines the realms for which the connection will be used (i.e., email domains). If not specified, the connection name is added as the realm.

ShowAsButton bool

Display connection as a button. Only available for enterprise connections.

Strategy string

Type of the connection, which indicates the identity provider. Options include ad, adfs, amazon, aol, apple, auth0, auth0-adldap, auth0-oidc, baidu, bitbucket, bitly, box, custom, daccount, dropbox, dwolla, email, evernote, evernote-sandbox, exact, facebook, fitbit, flickr, github, google-apps, google-oauth2, guardian, instagram, ip, line, linkedin, miicard, oauth1, oauth2, office365, oidc, paypal, paypal-sandbox, pingfederate, planningcenter, renren, salesforce, salesforce-community, salesforce-sandbox samlp, sharepoint, shopify, sms, soundcloud, thecity, thecity-sandbox, thirtysevensignals, twitter, untappd, vkontakte, waad, weibo, windowslive, wordpress, yahoo, yammer, yandex.

StrategyVersion string

Version 1 is deprecated, use version 2.

Validation Dictionary<string, string>

Validation of the minimum and maximum values allowed for a user to have as username. For details, see Validation.

DisplayName string

Name used in login screen

EnabledClients []string

IDs of the clients for which the connection is enabled. If not specified, no clients are enabled.

IsDomainConnection bool

Indicates whether the connection is domain level.

Name string

Name of the connection.

Options ConnectionOptionsArgs

Configuration settings for connection options. For details, see Options.

Realms []string

Defines the realms for which the connection will be used (i.e., email domains). If not specified, the connection name is added as the realm.

ShowAsButton bool

Display connection as a button. Only available for enterprise connections.

Strategy string

Type of the connection, which indicates the identity provider. Options include ad, adfs, amazon, aol, apple, auth0, auth0-adldap, auth0-oidc, baidu, bitbucket, bitly, box, custom, daccount, dropbox, dwolla, email, evernote, evernote-sandbox, exact, facebook, fitbit, flickr, github, google-apps, google-oauth2, guardian, instagram, ip, line, linkedin, miicard, oauth1, oauth2, office365, oidc, paypal, paypal-sandbox, pingfederate, planningcenter, renren, salesforce, salesforce-community, salesforce-sandbox samlp, sharepoint, shopify, sms, soundcloud, thecity, thecity-sandbox, thirtysevensignals, twitter, untappd, vkontakte, waad, weibo, windowslive, wordpress, yahoo, yammer, yandex.

StrategyVersion string

Version 1 is deprecated, use version 2.

Validation map[string]string

Validation of the minimum and maximum values allowed for a user to have as username. For details, see Validation.

displayName String

Name used in login screen

enabledClients List<String>

IDs of the clients for which the connection is enabled. If not specified, no clients are enabled.

isDomainConnection Boolean

Indicates whether the connection is domain level.

name String

Name of the connection.

options ConnectionOptionsArgs

Configuration settings for connection options. For details, see Options.

realms List<String>

Defines the realms for which the connection will be used (i.e., email domains). If not specified, the connection name is added as the realm.

showAsButton Boolean

Display connection as a button. Only available for enterprise connections.

strategy String

Type of the connection, which indicates the identity provider. Options include ad, adfs, amazon, aol, apple, auth0, auth0-adldap, auth0-oidc, baidu, bitbucket, bitly, box, custom, daccount, dropbox, dwolla, email, evernote, evernote-sandbox, exact, facebook, fitbit, flickr, github, google-apps, google-oauth2, guardian, instagram, ip, line, linkedin, miicard, oauth1, oauth2, office365, oidc, paypal, paypal-sandbox, pingfederate, planningcenter, renren, salesforce, salesforce-community, salesforce-sandbox samlp, sharepoint, shopify, sms, soundcloud, thecity, thecity-sandbox, thirtysevensignals, twitter, untappd, vkontakte, waad, weibo, windowslive, wordpress, yahoo, yammer, yandex.

strategyVersion String

Version 1 is deprecated, use version 2.

validation Map<String,String>

Validation of the minimum and maximum values allowed for a user to have as username. For details, see Validation.

displayName string

Name used in login screen

enabledClients string[]

IDs of the clients for which the connection is enabled. If not specified, no clients are enabled.

isDomainConnection boolean

Indicates whether the connection is domain level.

name string

Name of the connection.

options ConnectionOptionsArgs

Configuration settings for connection options. For details, see Options.

realms string[]

Defines the realms for which the connection will be used (i.e., email domains). If not specified, the connection name is added as the realm.

showAsButton boolean

Display connection as a button. Only available for enterprise connections.

strategy string

Type of the connection, which indicates the identity provider. Options include ad, adfs, amazon, aol, apple, auth0, auth0-adldap, auth0-oidc, baidu, bitbucket, bitly, box, custom, daccount, dropbox, dwolla, email, evernote, evernote-sandbox, exact, facebook, fitbit, flickr, github, google-apps, google-oauth2, guardian, instagram, ip, line, linkedin, miicard, oauth1, oauth2, office365, oidc, paypal, paypal-sandbox, pingfederate, planningcenter, renren, salesforce, salesforce-community, salesforce-sandbox samlp, sharepoint, shopify, sms, soundcloud, thecity, thecity-sandbox, thirtysevensignals, twitter, untappd, vkontakte, waad, weibo, windowslive, wordpress, yahoo, yammer, yandex.

strategyVersion string

Version 1 is deprecated, use version 2.

validation {[key: string]: string}

Validation of the minimum and maximum values allowed for a user to have as username. For details, see Validation.

display_name str

Name used in login screen

enabled_clients Sequence[str]

IDs of the clients for which the connection is enabled. If not specified, no clients are enabled.

is_domain_connection bool

Indicates whether the connection is domain level.

name str

Name of the connection.

options ConnectionOptionsArgs

Configuration settings for connection options. For details, see Options.

realms Sequence[str]

Defines the realms for which the connection will be used (i.e., email domains). If not specified, the connection name is added as the realm.

show_as_button bool

Display connection as a button. Only available for enterprise connections.

strategy str

Type of the connection, which indicates the identity provider. Options include ad, adfs, amazon, aol, apple, auth0, auth0-adldap, auth0-oidc, baidu, bitbucket, bitly, box, custom, daccount, dropbox, dwolla, email, evernote, evernote-sandbox, exact, facebook, fitbit, flickr, github, google-apps, google-oauth2, guardian, instagram, ip, line, linkedin, miicard, oauth1, oauth2, office365, oidc, paypal, paypal-sandbox, pingfederate, planningcenter, renren, salesforce, salesforce-community, salesforce-sandbox samlp, sharepoint, shopify, sms, soundcloud, thecity, thecity-sandbox, thirtysevensignals, twitter, untappd, vkontakte, waad, weibo, windowslive, wordpress, yahoo, yammer, yandex.

strategy_version str

Version 1 is deprecated, use version 2.

validation Mapping[str, str]

Validation of the minimum and maximum values allowed for a user to have as username. For details, see Validation.

displayName String

Name used in login screen

enabledClients List<String>

IDs of the clients for which the connection is enabled. If not specified, no clients are enabled.

isDomainConnection Boolean

Indicates whether the connection is domain level.

name String

Name of the connection.

options Property Map

Configuration settings for connection options. For details, see Options.

realms List<String>

Defines the realms for which the connection will be used (i.e., email domains). If not specified, the connection name is added as the realm.

showAsButton Boolean

Display connection as a button. Only available for enterprise connections.

strategy String

Type of the connection, which indicates the identity provider. Options include ad, adfs, amazon, aol, apple, auth0, auth0-adldap, auth0-oidc, baidu, bitbucket, bitly, box, custom, daccount, dropbox, dwolla, email, evernote, evernote-sandbox, exact, facebook, fitbit, flickr, github, google-apps, google-oauth2, guardian, instagram, ip, line, linkedin, miicard, oauth1, oauth2, office365, oidc, paypal, paypal-sandbox, pingfederate, planningcenter, renren, salesforce, salesforce-community, salesforce-sandbox samlp, sharepoint, shopify, sms, soundcloud, thecity, thecity-sandbox, thirtysevensignals, twitter, untappd, vkontakte, waad, weibo, windowslive, wordpress, yahoo, yammer, yandex.

strategyVersion String

Version 1 is deprecated, use version 2.

validation Map<String>

Validation of the minimum and maximum values allowed for a user to have as username. For details, see Validation.

Supporting Types

ConnectionOptions

AdfsServer string

ADFS Metadata source.

AllowedAudiences List<string>

List of allowed audiences.

ApiEnableUsers bool
AppDomain string

Azure AD domain name.

Deprecated:

Use domain instead

AppId string

Azure AD app ID.

AuthorizationEndpoint string
BruteForceProtection bool

Indicates whether or not to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.

ClientId string

OIDC provider client ID.

ClientSecret string

OIDC provider client secret.

CommunityBaseUrl string

String.

Configuration Dictionary<string, string>

A case-sensitive map of key value pairs used as configuration variables for the custom_script.

CustomScripts Dictionary<string, string>

Custom database action scripts. For more information, read Custom Database Action Script Templates.

Debug bool

(Boolean) When enabled additional debugging information will be generated.

DigestAlgorithm string

Sign Request Algorithm Digest

DisableCache bool
DisableSignup bool

Boolean. Indicates whether or not to allow user sign-ups to your application.

DiscoveryUrl string

OpenID discovery URL. E.g. https://auth.example.com/.well-known/openid-configuration.

Domain string
DomainAliases List<string>

List of the domains that can be authenticated using the Identity Provider. Only needed for Identifier First authentication flows.

EnabledDatabaseCustomization bool
EntityId string

Custom Entity ID for the connection.

FieldsMap Dictionary<string, string>

SAML Attributes mapping. If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.

ForwardRequestInfo bool
From string

SMS number for the sender. Used when SMS Source is From.

GatewayAuthentication ConnectionOptionsGatewayAuthentication
GatewayUrl string
IconUrl string
IdentityApi string
IdpInitiated ConnectionOptionsIdpInitiated

Configuration Options for IDP Initiated Authentication. This is an object with the properties: client_id, client_protocol, and client_authorize_query

ImportMode bool

Indicates whether or not you have a legacy user store and want to gradually migrate those users to the Auth0 user store. Learn more.

Ips List<string>
Issuer string

Issuer URL. E.g. https://auth.example.com

JwksUri string
KeyId string

Key ID.

MaxGroupsToRetrieve string

Maximum number of groups to retrieve.

MessagingServiceSid string

SID for Copilot. Used when SMS Source is Copilot.

Mfa ConnectionOptionsMfa

Configuration settings Options for multifactor authentication. For details, see MFA Options.

Name string

Name of the connection.

NonPersistentAttrs List<string>

If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the denylist. See here for more info.

PasswordComplexityOptions ConnectionOptionsPasswordComplexityOptions

Configuration settings for password complexity. For details, see Password Complexity Options.

PasswordDictionary ConnectionOptionsPasswordDictionary

Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary. For details, see Password Dictionary.

PasswordHistories List<ConnectionOptionsPasswordHistory>

Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords. For details, see Password History.

PasswordNoPersonalInfo ConnectionOptionsPasswordNoPersonalInfo

Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user's personal data, including user's name, username, nickname, user_metadata.name, user_metadata.first, user_metadata.last, user's email, or first part of the user's email. For details, see Password No Personal Info.

PasswordPolicy string

Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include none, low, fair, good, excellent.

ProtocolBinding string

The SAML Response Binding - how the SAML token is received by Auth0 from IdP. Two possible values are urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect (default) and urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST

Provider string
RequestTemplate string

Template that formats the SAML request

RequiresUsername bool

Indicates whether or not the user is required to provide a username in addition to an email address.

Scopes List<string>

Scopes required by the connection. The value must be a list, for example ["openid", "profile", "email"].

Scripts Dictionary<string, string>
SetUserRootAttributes string

Determines whether the 'name', 'given_name', 'family_name', 'nickname', and 'picture' attributes can be independently updated when using the external IdP. Default is on_each_login and can be set to on_first_login.

ShouldTrustEmailVerifiedConnection string

Determines how Auth0 sets the email_verified field in the user profile. Can either be set to never_set_emails_as_verified or always_set_emails_as_verified.

SignInEndpoint string

SAML single login URL for the connection.

SignOutEndpoint string

SAML single logout URL for the connection.

SignSamlRequest bool

(Boolean) When enabled, the SAML authentication request will be signed.

SignatureAlgorithm string

Sign Request Algorithm

SigningCert string

The X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded

StrategyVersion int

Version 1 is deprecated, use version 2.

Subject string
Syntax string

Syntax of the SMS. Options include markdown and liquid.

TeamId string

Team ID.

Template string

Template for the SMS. You can use @@password@@ as a placeholder for the password value.

TenantDomain string
TokenEndpoint string
Totp ConnectionOptionsTotp

Configuration options for one-time passwords. For details, see TOTP.

TwilioSid string

SID for your Twilio account.

TwilioToken string

AuthToken for your Twilio account.

Type string

Value can be back_channel or front_channel.

UseCertAuth bool
UseKerberos bool
UseWsfed bool
UserIdAttribute string

Attribute in the SAML token that will be mapped to the user_id property in Auth0.

UserinfoEndpoint string
Validation ConnectionOptionsValidation

Validation of the minimum and maximum values allowed for a user to have as username. For details, see Validation.

WaadCommonEndpoint bool

Indicates whether or not to use the common endpoint rather than the default endpoint. Typically enabled if you're using this for a multi-tenant application in Azure AD.

WaadProtocol string
AdfsServer string

ADFS Metadata source.

AllowedAudiences []string

List of allowed audiences.

ApiEnableUsers bool
AppDomain string

Azure AD domain name.

Deprecated:

Use domain instead

AppId string

Azure AD app ID.

AuthorizationEndpoint string
BruteForceProtection bool

Indicates whether or not to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.

ClientId string

OIDC provider client ID.

ClientSecret string

OIDC provider client secret.

CommunityBaseUrl string

String.

Configuration map[string]string

A case-sensitive map of key value pairs used as configuration variables for the custom_script.

CustomScripts map[string]string

Custom database action scripts. For more information, read Custom Database Action Script Templates.

Debug bool

(Boolean) When enabled additional debugging information will be generated.

DigestAlgorithm string

Sign Request Algorithm Digest

DisableCache bool
DisableSignup bool

Boolean. Indicates whether or not to allow user sign-ups to your application.

DiscoveryUrl string

OpenID discovery URL. E.g. https://auth.example.com/.well-known/openid-configuration.

Domain string
DomainAliases []string

List of the domains that can be authenticated using the Identity Provider. Only needed for Identifier First authentication flows.

EnabledDatabaseCustomization bool
EntityId string

Custom Entity ID for the connection.

FieldsMap map[string]string

SAML Attributes mapping. If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.

ForwardRequestInfo bool
From string

SMS number for the sender. Used when SMS Source is From.

GatewayAuthentication ConnectionOptionsGatewayAuthentication
GatewayUrl string
IconUrl string
IdentityApi string
IdpInitiated ConnectionOptionsIdpInitiated

Configuration Options for IDP Initiated Authentication. This is an object with the properties: client_id, client_protocol, and client_authorize_query

ImportMode bool

Indicates whether or not you have a legacy user store and want to gradually migrate those users to the Auth0 user store. Learn more.

Ips []string
Issuer string

Issuer URL. E.g. https://auth.example.com

JwksUri string
KeyId string

Key ID.

MaxGroupsToRetrieve string

Maximum number of groups to retrieve.

MessagingServiceSid string

SID for Copilot. Used when SMS Source is Copilot.

Mfa ConnectionOptionsMfa

Configuration settings Options for multifactor authentication. For details, see MFA Options.

Name string

Name of the connection.

NonPersistentAttrs []string

If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the denylist. See here for more info.

PasswordComplexityOptions ConnectionOptionsPasswordComplexityOptions

Configuration settings for password complexity. For details, see Password Complexity Options.

PasswordDictionary ConnectionOptionsPasswordDictionary

Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary. For details, see Password Dictionary.

PasswordHistories []ConnectionOptionsPasswordHistory

Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords. For details, see Password History.

PasswordNoPersonalInfo ConnectionOptionsPasswordNoPersonalInfo

Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user's personal data, including user's name, username, nickname, user_metadata.name, user_metadata.first, user_metadata.last, user's email, or first part of the user's email. For details, see Password No Personal Info.

PasswordPolicy string

Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include none, low, fair, good, excellent.

ProtocolBinding string

The SAML Response Binding - how the SAML token is received by Auth0 from IdP. Two possible values are urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect (default) and urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST

Provider string
RequestTemplate string

Template that formats the SAML request

RequiresUsername bool

Indicates whether or not the user is required to provide a username in addition to an email address.

Scopes []string

Scopes required by the connection. The value must be a list, for example ["openid", "profile", "email"].

Scripts map[string]string
SetUserRootAttributes string

Determines whether the 'name', 'given_name', 'family_name', 'nickname', and 'picture' attributes can be independently updated when using the external IdP. Default is on_each_login and can be set to on_first_login.

ShouldTrustEmailVerifiedConnection string

Determines how Auth0 sets the email_verified field in the user profile. Can either be set to never_set_emails_as_verified or always_set_emails_as_verified.

SignInEndpoint string

SAML single login URL for the connection.

SignOutEndpoint string

SAML single logout URL for the connection.

SignSamlRequest bool

(Boolean) When enabled, the SAML authentication request will be signed.

SignatureAlgorithm string

Sign Request Algorithm

SigningCert string

The X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded

StrategyVersion int

Version 1 is deprecated, use version 2.

Subject string
Syntax string

Syntax of the SMS. Options include markdown and liquid.

TeamId string

Team ID.

Template string

Template for the SMS. You can use @@password@@ as a placeholder for the password value.

TenantDomain string
TokenEndpoint string
Totp ConnectionOptionsTotp

Configuration options for one-time passwords. For details, see TOTP.

TwilioSid string

SID for your Twilio account.

TwilioToken string

AuthToken for your Twilio account.

Type string

Value can be back_channel or front_channel.

UseCertAuth bool
UseKerberos bool
UseWsfed bool
UserIdAttribute string

Attribute in the SAML token that will be mapped to the user_id property in Auth0.

UserinfoEndpoint string
Validation ConnectionOptionsValidation

Validation of the minimum and maximum values allowed for a user to have as username. For details, see Validation.

WaadCommonEndpoint bool

Indicates whether or not to use the common endpoint rather than the default endpoint. Typically enabled if you're using this for a multi-tenant application in Azure AD.

WaadProtocol string
adfsServer String

ADFS Metadata source.

allowedAudiences List<String>

List of allowed audiences.

apiEnableUsers Boolean
appDomain String

Azure AD domain name.

Deprecated:

Use domain instead

appId String

Azure AD app ID.

authorizationEndpoint String
bruteForceProtection Boolean

Indicates whether or not to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.

clientId String

OIDC provider client ID.

clientSecret String

OIDC provider client secret.

communityBaseUrl String

String.

configuration Map<String,String>

A case-sensitive map of key value pairs used as configuration variables for the custom_script.

customScripts Map<String,String>

Custom database action scripts. For more information, read Custom Database Action Script Templates.

debug Boolean

(Boolean) When enabled additional debugging information will be generated.

digestAlgorithm String

Sign Request Algorithm Digest

disableCache Boolean
disableSignup Boolean

Boolean. Indicates whether or not to allow user sign-ups to your application.

discoveryUrl String

OpenID discovery URL. E.g. https://auth.example.com/.well-known/openid-configuration.

domain String
domainAliases List<String>

List of the domains that can be authenticated using the Identity Provider. Only needed for Identifier First authentication flows.

enabledDatabaseCustomization Boolean
entityId String

Custom Entity ID for the connection.

fieldsMap Map<String,String>

SAML Attributes mapping. If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.

forwardRequestInfo Boolean
from String

SMS number for the sender. Used when SMS Source is From.

gatewayAuthentication ConnectionOptionsGatewayAuthentication
gatewayUrl String
iconUrl String
identityApi String
idpInitiated ConnectionOptionsIdpInitiated

Configuration Options for IDP Initiated Authentication. This is an object with the properties: client_id, client_protocol, and client_authorize_query

importMode Boolean

Indicates whether or not you have a legacy user store and want to gradually migrate those users to the Auth0 user store. Learn more.

ips List<String>
issuer String

Issuer URL. E.g. https://auth.example.com

jwksUri String
keyId String

Key ID.

maxGroupsToRetrieve String

Maximum number of groups to retrieve.

messagingServiceSid String

SID for Copilot. Used when SMS Source is Copilot.

mfa ConnectionOptionsMfa

Configuration settings Options for multifactor authentication. For details, see MFA Options.

name String

Name of the connection.

nonPersistentAttrs List<String>

If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the denylist. See here for more info.

passwordComplexityOptions ConnectionOptionsPasswordComplexityOptions

Configuration settings for password complexity. For details, see Password Complexity Options.

passwordDictionary ConnectionOptionsPasswordDictionary

Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary. For details, see Password Dictionary.

passwordHistories List<ConnectionOptionsPasswordHistory>

Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords. For details, see Password History.

passwordNoPersonalInfo ConnectionOptionsPasswordNoPersonalInfo

Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user's personal data, including user's name, username, nickname, user_metadata.name, user_metadata.first, user_metadata.last, user's email, or first part of the user's email. For details, see Password No Personal Info.

passwordPolicy String

Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include none, low, fair, good, excellent.

protocolBinding String

The SAML Response Binding - how the SAML token is received by Auth0 from IdP. Two possible values are urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect (default) and urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST

provider String
requestTemplate String

Template that formats the SAML request

requiresUsername Boolean

Indicates whether or not the user is required to provide a username in addition to an email address.

scopes List<String>

Scopes required by the connection. The value must be a list, for example ["openid", "profile", "email"].

scripts Map<String,String>
setUserRootAttributes String

Determines whether the 'name', 'given_name', 'family_name', 'nickname', and 'picture' attributes can be independently updated when using the external IdP. Default is on_each_login and can be set to on_first_login.

shouldTrustEmailVerifiedConnection String

Determines how Auth0 sets the email_verified field in the user profile. Can either be set to never_set_emails_as_verified or always_set_emails_as_verified.

signInEndpoint String

SAML single login URL for the connection.

signOutEndpoint String

SAML single logout URL for the connection.

signSamlRequest Boolean

(Boolean) When enabled, the SAML authentication request will be signed.

signatureAlgorithm String

Sign Request Algorithm

signingCert String

The X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded

strategyVersion Integer

Version 1 is deprecated, use version 2.

subject String
syntax String

Syntax of the SMS. Options include markdown and liquid.

teamId String

Team ID.

template String

Template for the SMS. You can use @@password@@ as a placeholder for the password value.

tenantDomain String
tokenEndpoint String
totp ConnectionOptionsTotp

Configuration options for one-time passwords. For details, see TOTP.

twilioSid String

SID for your Twilio account.

twilioToken String

AuthToken for your Twilio account.

type String

Value can be back_channel or front_channel.

useCertAuth Boolean
useKerberos Boolean
useWsfed Boolean
userIdAttribute String

Attribute in the SAML token that will be mapped to the user_id property in Auth0.

userinfoEndpoint String
validation ConnectionOptionsValidation

Validation of the minimum and maximum values allowed for a user to have as username. For details, see Validation.

waadCommonEndpoint Boolean

Indicates whether or not to use the common endpoint rather than the default endpoint. Typically enabled if you're using this for a multi-tenant application in Azure AD.

waadProtocol String
adfsServer string

ADFS Metadata source.

allowedAudiences string[]

List of allowed audiences.

apiEnableUsers boolean
appDomain string

Azure AD domain name.

Deprecated:

Use domain instead

appId string

Azure AD app ID.

authorizationEndpoint string
bruteForceProtection boolean

Indicates whether or not to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.

clientId string

OIDC provider client ID.

clientSecret string

OIDC provider client secret.

communityBaseUrl string

String.

configuration {[key: string]: string}

A case-sensitive map of key value pairs used as configuration variables for the custom_script.

customScripts {[key: string]: string}

Custom database action scripts. For more information, read Custom Database Action Script Templates.

debug boolean

(Boolean) When enabled additional debugging information will be generated.

digestAlgorithm string

Sign Request Algorithm Digest

disableCache boolean
disableSignup boolean

Boolean. Indicates whether or not to allow user sign-ups to your application.

discoveryUrl string

OpenID discovery URL. E.g. https://auth.example.com/.well-known/openid-configuration.

domain string
domainAliases string[]

List of the domains that can be authenticated using the Identity Provider. Only needed for Identifier First authentication flows.

enabledDatabaseCustomization boolean
entityId string

Custom Entity ID for the connection.

fieldsMap {[key: string]: string}

SAML Attributes mapping. If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.

forwardRequestInfo boolean
from string

SMS number for the sender. Used when SMS Source is From.

gatewayAuthentication ConnectionOptionsGatewayAuthentication
gatewayUrl string
iconUrl string
identityApi string
idpInitiated ConnectionOptionsIdpInitiated

Configuration Options for IDP Initiated Authentication. This is an object with the properties: client_id, client_protocol, and client_authorize_query

importMode boolean

Indicates whether or not you have a legacy user store and want to gradually migrate those users to the Auth0 user store. Learn more.

ips string[]
issuer string

Issuer URL. E.g. https://auth.example.com

jwksUri string
keyId string

Key ID.

maxGroupsToRetrieve string

Maximum number of groups to retrieve.

messagingServiceSid string

SID for Copilot. Used when SMS Source is Copilot.

mfa ConnectionOptionsMfa

Configuration settings Options for multifactor authentication. For details, see MFA Options.

name string

Name of the connection.

nonPersistentAttrs string[]

If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the denylist. See here for more info.

passwordComplexityOptions ConnectionOptionsPasswordComplexityOptions

Configuration settings for password complexity. For details, see Password Complexity Options.

passwordDictionary ConnectionOptionsPasswordDictionary

Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary. For details, see Password Dictionary.

passwordHistories ConnectionOptionsPasswordHistory[]

Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords. For details, see Password History.

passwordNoPersonalInfo ConnectionOptionsPasswordNoPersonalInfo

Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user's personal data, including user's name, username, nickname, user_metadata.name, user_metadata.first, user_metadata.last, user's email, or first part of the user's email. For details, see Password No Personal Info.

passwordPolicy string

Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include none, low, fair, good, excellent.

protocolBinding string

The SAML Response Binding - how the SAML token is received by Auth0 from IdP. Two possible values are urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect (default) and urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST

provider string
requestTemplate string

Template that formats the SAML request

requiresUsername boolean

Indicates whether or not the user is required to provide a username in addition to an email address.

scopes string[]

Scopes required by the connection. The value must be a list, for example ["openid", "profile", "email"].

scripts {[key: string]: string}
setUserRootAttributes string

Determines whether the 'name', 'given_name', 'family_name', 'nickname', and 'picture' attributes can be independently updated when using the external IdP. Default is on_each_login and can be set to on_first_login.

shouldTrustEmailVerifiedConnection string

Determines how Auth0 sets the email_verified field in the user profile. Can either be set to never_set_emails_as_verified or always_set_emails_as_verified.

signInEndpoint string

SAML single login URL for the connection.

signOutEndpoint string

SAML single logout URL for the connection.

signSamlRequest boolean

(Boolean) When enabled, the SAML authentication request will be signed.

signatureAlgorithm string

Sign Request Algorithm

signingCert string

The X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded

strategyVersion number

Version 1 is deprecated, use version 2.

subject string
syntax string

Syntax of the SMS. Options include markdown and liquid.

teamId string

Team ID.

template string

Template for the SMS. You can use @@password@@ as a placeholder for the password value.

tenantDomain string
tokenEndpoint string
totp ConnectionOptionsTotp

Configuration options for one-time passwords. For details, see TOTP.

twilioSid string

SID for your Twilio account.

twilioToken string

AuthToken for your Twilio account.

type string

Value can be back_channel or front_channel.

useCertAuth boolean
useKerberos boolean
useWsfed boolean
userIdAttribute string

Attribute in the SAML token that will be mapped to the user_id property in Auth0.

userinfoEndpoint string
validation ConnectionOptionsValidation

Validation of the minimum and maximum values allowed for a user to have as username. For details, see Validation.

waadCommonEndpoint boolean

Indicates whether or not to use the common endpoint rather than the default endpoint. Typically enabled if you're using this for a multi-tenant application in Azure AD.

waadProtocol string
adfs_server str

ADFS Metadata source.

allowed_audiences Sequence[str]

List of allowed audiences.

api_enable_users bool
app_domain str

Azure AD domain name.

Deprecated:

Use domain instead

app_id str

Azure AD app ID.

authorization_endpoint str
brute_force_protection bool

Indicates whether or not to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.

client_id str

OIDC provider client ID.

client_secret str

OIDC provider client secret.

community_base_url str

String.

configuration Mapping[str, str]

A case-sensitive map of key value pairs used as configuration variables for the custom_script.

custom_scripts Mapping[str, str]

Custom database action scripts. For more information, read Custom Database Action Script Templates.

debug bool

(Boolean) When enabled additional debugging information will be generated.

digest_algorithm str

Sign Request Algorithm Digest

disable_cache bool
disable_signup bool

Boolean. Indicates whether or not to allow user sign-ups to your application.

discovery_url str

OpenID discovery URL. E.g. https://auth.example.com/.well-known/openid-configuration.

domain str
domain_aliases Sequence[str]

List of the domains that can be authenticated using the Identity Provider. Only needed for Identifier First authentication flows.

enabled_database_customization bool
entity_id str

Custom Entity ID for the connection.

fields_map Mapping[str, str]

SAML Attributes mapping. If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.

forward_request_info bool
from_ str

SMS number for the sender. Used when SMS Source is From.

gateway_authentication ConnectionOptionsGatewayAuthentication
gateway_url str
icon_url str
identity_api str
idp_initiated ConnectionOptionsIdpInitiated

Configuration Options for IDP Initiated Authentication. This is an object with the properties: client_id, client_protocol, and client_authorize_query

import_mode bool

Indicates whether or not you have a legacy user store and want to gradually migrate those users to the Auth0 user store. Learn more.

ips Sequence[str]
issuer str

Issuer URL. E.g. https://auth.example.com

jwks_uri str
key_id str

Key ID.

max_groups_to_retrieve str

Maximum number of groups to retrieve.

messaging_service_sid str

SID for Copilot. Used when SMS Source is Copilot.

mfa ConnectionOptionsMfa

Configuration settings Options for multifactor authentication. For details, see MFA Options.

name str

Name of the connection.

non_persistent_attrs Sequence[str]

If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the denylist. See here for more info.

password_complexity_options ConnectionOptionsPasswordComplexityOptions

Configuration settings for password complexity. For details, see Password Complexity Options.

password_dictionary ConnectionOptionsPasswordDictionary

Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary. For details, see Password Dictionary.

password_histories Sequence[ConnectionOptionsPasswordHistory]

Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords. For details, see Password History.

password_no_personal_info ConnectionOptionsPasswordNoPersonalInfo

Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user's personal data, including user's name, username, nickname, user_metadata.name, user_metadata.first, user_metadata.last, user's email, or first part of the user's email. For details, see Password No Personal Info.

password_policy str

Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include none, low, fair, good, excellent.

protocol_binding str

The SAML Response Binding - how the SAML token is received by Auth0 from IdP. Two possible values are urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect (default) and urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST

provider str
request_template str

Template that formats the SAML request

requires_username bool

Indicates whether or not the user is required to provide a username in addition to an email address.

scopes Sequence[str]

Scopes required by the connection. The value must be a list, for example ["openid", "profile", "email"].

scripts Mapping[str, str]
set_user_root_attributes str

Determines whether the 'name', 'given_name', 'family_name', 'nickname', and 'picture' attributes can be independently updated when using the external IdP. Default is on_each_login and can be set to on_first_login.

should_trust_email_verified_connection str

Determines how Auth0 sets the email_verified field in the user profile. Can either be set to never_set_emails_as_verified or always_set_emails_as_verified.

sign_in_endpoint str

SAML single login URL for the connection.

sign_out_endpoint str

SAML single logout URL for the connection.

sign_saml_request bool

(Boolean) When enabled, the SAML authentication request will be signed.

signature_algorithm str

Sign Request Algorithm

signing_cert str

The X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded

strategy_version int

Version 1 is deprecated, use version 2.

subject str
syntax str

Syntax of the SMS. Options include markdown and liquid.

team_id str

Team ID.

template str

Template for the SMS. You can use @@password@@ as a placeholder for the password value.

tenant_domain str
token_endpoint str
totp ConnectionOptionsTotp

Configuration options for one-time passwords. For details, see TOTP.

twilio_sid str

SID for your Twilio account.

twilio_token str

AuthToken for your Twilio account.

type str

Value can be back_channel or front_channel.

use_cert_auth bool
use_kerberos bool
use_wsfed bool
user_id_attribute str

Attribute in the SAML token that will be mapped to the user_id property in Auth0.

userinfo_endpoint str
validation ConnectionOptionsValidation

Validation of the minimum and maximum values allowed for a user to have as username. For details, see Validation.

waad_common_endpoint bool

Indicates whether or not to use the common endpoint rather than the default endpoint. Typically enabled if you're using this for a multi-tenant application in Azure AD.

waad_protocol str
adfsServer String

ADFS Metadata source.

allowedAudiences List<String>

List of allowed audiences.

apiEnableUsers Boolean
appDomain String

Azure AD domain name.

Deprecated:

Use domain instead

appId String

Azure AD app ID.

authorizationEndpoint String
bruteForceProtection Boolean

Indicates whether or not to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.

clientId String

OIDC provider client ID.

clientSecret String

OIDC provider client secret.

communityBaseUrl String

String.

configuration Map<String>

A case-sensitive map of key value pairs used as configuration variables for the custom_script.

customScripts Map<String>

Custom database action scripts. For more information, read Custom Database Action Script Templates.

debug Boolean

(Boolean) When enabled additional debugging information will be generated.

digestAlgorithm String

Sign Request Algorithm Digest

disableCache Boolean
disableSignup Boolean

Boolean. Indicates whether or not to allow user sign-ups to your application.

discoveryUrl String

OpenID discovery URL. E.g. https://auth.example.com/.well-known/openid-configuration.

domain String
domainAliases List<String>

List of the domains that can be authenticated using the Identity Provider. Only needed for Identifier First authentication flows.

enabledDatabaseCustomization Boolean
entityId String

Custom Entity ID for the connection.

fieldsMap Map<String>

SAML Attributes mapping. If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.

forwardRequestInfo Boolean
from String

SMS number for the sender. Used when SMS Source is From.

gatewayAuthentication Property Map
gatewayUrl String
iconUrl String
identityApi String
idpInitiated Property Map

Configuration Options for IDP Initiated Authentication. This is an object with the properties: client_id, client_protocol, and client_authorize_query

importMode Boolean

Indicates whether or not you have a legacy user store and want to gradually migrate those users to the Auth0 user store. Learn more.

ips List<String>
issuer String

Issuer URL. E.g. https://auth.example.com

jwksUri String
keyId String

Key ID.

maxGroupsToRetrieve String

Maximum number of groups to retrieve.

messagingServiceSid String

SID for Copilot. Used when SMS Source is Copilot.

mfa Property Map

Configuration settings Options for multifactor authentication. For details, see MFA Options.

name String

Name of the connection.

nonPersistentAttrs List<String>

If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the denylist. See here for more info.

passwordComplexityOptions Property Map

Configuration settings for password complexity. For details, see Password Complexity Options.

passwordDictionary Property Map

Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary. For details, see Password Dictionary.

passwordHistories List<Property Map>

Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords. For details, see Password History.

passwordNoPersonalInfo Property Map

Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user's personal data, including user's name, username, nickname, user_metadata.name, user_metadata.first, user_metadata.last, user's email, or first part of the user's email. For details, see Password No Personal Info.

passwordPolicy String

Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include none, low, fair, good, excellent.

protocolBinding String

The SAML Response Binding - how the SAML token is received by Auth0 from IdP. Two possible values are urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect (default) and urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST

provider String
requestTemplate String

Template that formats the SAML request

requiresUsername Boolean

Indicates whether or not the user is required to provide a username in addition to an email address.

scopes List<String>

Scopes required by the connection. The value must be a list, for example ["openid", "profile", "email"].

scripts Map<String>
setUserRootAttributes String

Determines whether the 'name', 'given_name', 'family_name', 'nickname', and 'picture' attributes can be independently updated when using the external IdP. Default is on_each_login and can be set to on_first_login.

shouldTrustEmailVerifiedConnection String

Determines how Auth0 sets the email_verified field in the user profile. Can either be set to never_set_emails_as_verified or always_set_emails_as_verified.

signInEndpoint String

SAML single login URL for the connection.

signOutEndpoint String

SAML single logout URL for the connection.

signSamlRequest Boolean

(Boolean) When enabled, the SAML authentication request will be signed.

signatureAlgorithm String

Sign Request Algorithm

signingCert String

The X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded

strategyVersion Number

Version 1 is deprecated, use version 2.

subject String
syntax String

Syntax of the SMS. Options include markdown and liquid.

teamId String

Team ID.

template String

Template for the SMS. You can use @@password@@ as a placeholder for the password value.

tenantDomain String
tokenEndpoint String
totp Property Map

Configuration options for one-time passwords. For details, see TOTP.

twilioSid String

SID for your Twilio account.

twilioToken String

AuthToken for your Twilio account.

type String

Value can be back_channel or front_channel.

useCertAuth Boolean
useKerberos Boolean
useWsfed Boolean
userIdAttribute String

Attribute in the SAML token that will be mapped to the user_id property in Auth0.

userinfoEndpoint String
validation Property Map

Validation of the minimum and maximum values allowed for a user to have as username. For details, see Validation.

waadCommonEndpoint Boolean

Indicates whether or not to use the common endpoint rather than the default endpoint. Typically enabled if you're using this for a multi-tenant application in Azure AD.

waadProtocol String

ConnectionOptionsGatewayAuthentication

Audience string
Method string
Secret string
SecretBase64Encoded bool
Subject string
Audience string
Method string
Secret string
SecretBase64Encoded bool
Subject string
audience String
method String
secret String
secretBase64Encoded Boolean
subject String
audience string
method string
secret string
secretBase64Encoded boolean
subject string
audience String
method String
secret String
secretBase64Encoded Boolean
subject String

ConnectionOptionsIdpInitiated

ClientAuthorizeQuery string
ClientId string

Google client ID.

ClientProtocol string
ClientAuthorizeQuery string
ClientId string

Google client ID.

ClientProtocol string
clientAuthorizeQuery String
clientId String

Google client ID.

clientProtocol String
clientAuthorizeQuery string
clientId string

Google client ID.

clientProtocol string
clientAuthorizeQuery String
clientId String

Google client ID.

clientProtocol String

ConnectionOptionsMfa

Active bool

Indicates whether multifactor authentication is enabled for this connection.

ReturnEnrollSettings bool

Indicates whether multifactor authentication enrollment settings will be returned.

Active bool

Indicates whether multifactor authentication is enabled for this connection.

ReturnEnrollSettings bool

Indicates whether multifactor authentication enrollment settings will be returned.

active Boolean

Indicates whether multifactor authentication is enabled for this connection.

returnEnrollSettings Boolean

Indicates whether multifactor authentication enrollment settings will be returned.

active boolean

Indicates whether multifactor authentication is enabled for this connection.

returnEnrollSettings boolean

Indicates whether multifactor authentication enrollment settings will be returned.

active bool

Indicates whether multifactor authentication is enabled for this connection.

return_enroll_settings bool

Indicates whether multifactor authentication enrollment settings will be returned.

active Boolean

Indicates whether multifactor authentication is enabled for this connection.

returnEnrollSettings Boolean

Indicates whether multifactor authentication enrollment settings will be returned.

ConnectionOptionsPasswordComplexityOptions

MinLength int

Minimum number of characters allowed in passwords.

MinLength int

Minimum number of characters allowed in passwords.

minLength Integer

Minimum number of characters allowed in passwords.

minLength number

Minimum number of characters allowed in passwords.

min_length int

Minimum number of characters allowed in passwords.

minLength Number

Minimum number of characters allowed in passwords.

ConnectionOptionsPasswordDictionary

Dictionaries List<string>

Customized contents of the password dictionary. By default, the password dictionary contains a list of the 10,000 most common passwords; your customized content is used in addition to the default password dictionary. Matching is not case-sensitive.

Enable bool

Indicates whether the password dictionary check is enabled for this connection.

Dictionaries []string

Customized contents of the password dictionary. By default, the password dictionary contains a list of the 10,000 most common passwords; your customized content is used in addition to the default password dictionary. Matching is not case-sensitive.

Enable bool

Indicates whether the password dictionary check is enabled for this connection.

dictionaries List<String>

Customized contents of the password dictionary. By default, the password dictionary contains a list of the 10,000 most common passwords; your customized content is used in addition to the default password dictionary. Matching is not case-sensitive.

enable Boolean

Indicates whether the password dictionary check is enabled for this connection.

dictionaries string[]

Customized contents of the password dictionary. By default, the password dictionary contains a list of the 10,000 most common passwords; your customized content is used in addition to the default password dictionary. Matching is not case-sensitive.

enable boolean

Indicates whether the password dictionary check is enabled for this connection.

dictionaries Sequence[str]

Customized contents of the password dictionary. By default, the password dictionary contains a list of the 10,000 most common passwords; your customized content is used in addition to the default password dictionary. Matching is not case-sensitive.

enable bool

Indicates whether the password dictionary check is enabled for this connection.

dictionaries List<String>

Customized contents of the password dictionary. By default, the password dictionary contains a list of the 10,000 most common passwords; your customized content is used in addition to the default password dictionary. Matching is not case-sensitive.

enable Boolean

Indicates whether the password dictionary check is enabled for this connection.

ConnectionOptionsPasswordHistory

Enable bool

Indicates whether password history is enabled for the connection. When enabled, any existing users in this connection will be unaffected; the system will maintain their password history going forward.

Size int

Indicates the number of passwords to keep in history with a maximum of 24.

Enable bool

Indicates whether password history is enabled for the connection. When enabled, any existing users in this connection will be unaffected; the system will maintain their password history going forward.

Size int

Indicates the number of passwords to keep in history with a maximum of 24.

enable Boolean

Indicates whether password history is enabled for the connection. When enabled, any existing users in this connection will be unaffected; the system will maintain their password history going forward.

size Integer

Indicates the number of passwords to keep in history with a maximum of 24.

enable boolean

Indicates whether password history is enabled for the connection. When enabled, any existing users in this connection will be unaffected; the system will maintain their password history going forward.

size number

Indicates the number of passwords to keep in history with a maximum of 24.

enable bool

Indicates whether password history is enabled for the connection. When enabled, any existing users in this connection will be unaffected; the system will maintain their password history going forward.

size int

Indicates the number of passwords to keep in history with a maximum of 24.

enable Boolean

Indicates whether password history is enabled for the connection. When enabled, any existing users in this connection will be unaffected; the system will maintain their password history going forward.

size Number

Indicates the number of passwords to keep in history with a maximum of 24.

ConnectionOptionsPasswordNoPersonalInfo

Enable bool

Indicates whether the password personal info check is enabled for this connection.

Enable bool

Indicates whether the password personal info check is enabled for this connection.

enable Boolean

Indicates whether the password personal info check is enabled for this connection.

enable boolean

Indicates whether the password personal info check is enabled for this connection.

enable bool

Indicates whether the password personal info check is enabled for this connection.

enable Boolean

Indicates whether the password personal info check is enabled for this connection.

ConnectionOptionsTotp

Length int

Integer. Length of the one-time password.

TimeStep int

Integer. Seconds between allowed generation of new passwords.

Length int

Integer. Length of the one-time password.

TimeStep int

Integer. Seconds between allowed generation of new passwords.

length Integer

Integer. Length of the one-time password.

timeStep Integer

Integer. Seconds between allowed generation of new passwords.

length number

Integer. Length of the one-time password.

timeStep number

Integer. Seconds between allowed generation of new passwords.

length int

Integer. Length of the one-time password.

time_step int

Integer. Seconds between allowed generation of new passwords.

length Number

Integer. Length of the one-time password.

timeStep Number

Integer. Seconds between allowed generation of new passwords.

ConnectionOptionsValidation

Username ConnectionOptionsValidationUsername

Specifies the min and max values of username length. min and max are integers.

Username ConnectionOptionsValidationUsername

Specifies the min and max values of username length. min and max are integers.

username ConnectionOptionsValidationUsername

Specifies the min and max values of username length. min and max are integers.

username ConnectionOptionsValidationUsername

Specifies the min and max values of username length. min and max are integers.

username ConnectionOptionsValidationUsername

Specifies the min and max values of username length. min and max are integers.

username Property Map

Specifies the min and max values of username length. min and max are integers.

ConnectionOptionsValidationUsername

Max int
Min int
Max int
Min int
max Integer
min Integer
max number
min number
max int
min int
max Number
min Number

Import

Connections can be imported using their id, e.g.

 $ pulumi import auth0:index/connection:Connection google con_a17f21fdb24d48a0

Package Details

Repository
https://github.com/pulumi/pulumi-auth0
License
Apache-2.0
Notes

This Pulumi package is based on the auth0 Terraform Provider.