getConnection

Auth0 v3.38.0, Feb 20 26

Viewing docs for Auth0 v3.38.0
published on Friday, Feb 20, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-auth0

Viewing docs for Auth0 v3.38.0
published on Friday, Feb 20, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-auth0

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";

// An Auth0 Connection loaded using its name.
const some_connection_by_name = auth0.getConnection({
    name: "Acceptance-Test-Connection-{{.testName}}",
});
// An Auth0 Connection loaded using its ID.
const some_connection_by_id = auth0.getConnection({
    connectionId: "con_abcdefghkijklmnopqrstuvwxyz0123456789",
});

import pulumi
import pulumi_auth0 as auth0

# An Auth0 Connection loaded using its name.
some_connection_by_name = auth0.get_connection(name="Acceptance-Test-Connection-{{.testName}}")
# An Auth0 Connection loaded using its ID.
some_connection_by_id = auth0.get_connection(connection_id="con_abcdefghkijklmnopqrstuvwxyz0123456789")

package main

import (
	"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		// An Auth0 Connection loaded using its name.
		_, err := auth0.LookupConnection(ctx, &auth0.LookupConnectionArgs{
			Name: pulumi.StringRef("Acceptance-Test-Connection-{{.testName}}"),
		}, nil)
		if err != nil {
			return err
		}
		// An Auth0 Connection loaded using its ID.
		_, err = auth0.LookupConnection(ctx, &auth0.LookupConnectionArgs{
			ConnectionId: pulumi.StringRef("con_abcdefghkijklmnopqrstuvwxyz0123456789"),
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Auth0 = Pulumi.Auth0;

return await Deployment.RunAsync(() => 
{
    // An Auth0 Connection loaded using its name.
    var some_connection_by_name = Auth0.GetConnection.Invoke(new()
    {
        Name = "Acceptance-Test-Connection-{{.testName}}",
    });

    // An Auth0 Connection loaded using its ID.
    var some_connection_by_id = Auth0.GetConnection.Invoke(new()
    {
        ConnectionId = "con_abcdefghkijklmnopqrstuvwxyz0123456789",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Auth0Functions;
import com.pulumi.auth0.inputs.GetConnectionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        // An Auth0 Connection loaded using its name.
        final var some-connection-by-name = Auth0Functions.getConnection(GetConnectionArgs.builder()
            .name("Acceptance-Test-Connection-{{.testName}}")
            .build());

        // An Auth0 Connection loaded using its ID.
        final var some-connection-by-id = Auth0Functions.getConnection(GetConnectionArgs.builder()
            .connectionId("con_abcdefghkijklmnopqrstuvwxyz0123456789")
            .build());

    }
}

variables:
  # An Auth0 Connection loaded using its name.
  some-connection-by-name:
    fn::invoke:
      function: auth0:getConnection
      arguments:
        name: Acceptance-Test-Connection-{{.testName}}
  # An Auth0 Connection loaded using its ID.
  some-connection-by-id:
    fn::invoke:
      function: auth0:getConnection
      arguments:
        connectionId: con_abcdefghkijklmnopqrstuvwxyz0123456789

Using getConnection

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getConnection(args: GetConnectionArgs, opts?: InvokeOptions): Promise<GetConnectionResult>
function getConnectionOutput(args: GetConnectionOutputArgs, opts?: InvokeOptions): Output<GetConnectionResult>

def get_connection(connection_id: Optional[str] = None,
                   name: Optional[str] = None,
                   opts: Optional[InvokeOptions] = None) -> GetConnectionResult
def get_connection_output(connection_id: Optional[pulumi.Input[str]] = None,
                   name: Optional[pulumi.Input[str]] = None,
                   opts: Optional[InvokeOptions] = None) -> Output[GetConnectionResult]

func LookupConnection(ctx *Context, args *LookupConnectionArgs, opts ...InvokeOption) (*LookupConnectionResult, error)
func LookupConnectionOutput(ctx *Context, args *LookupConnectionOutputArgs, opts ...InvokeOption) LookupConnectionResultOutput

> Note: This function is named LookupConnection in the Go SDK.

public static class GetConnection 
{
    public static Task<GetConnectionResult> InvokeAsync(GetConnectionArgs args, InvokeOptions? opts = null)
    public static Output<GetConnectionResult> Invoke(GetConnectionInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetConnectionResult> getConnection(GetConnectionArgs args, InvokeOptions options)
public static Output<GetConnectionResult> getConnection(GetConnectionArgs args, InvokeOptions options)

fn::invoke:
  function: auth0:index/getConnection:getConnection
  arguments:
    # arguments dictionary

The following arguments are supported:

ConnectionId string: The ID of the connection. If not provided, name must be set.
Name string: The name of the connection. If not provided, connection_id must be set.

ConnectionId string: The ID of the connection. If not provided, name must be set.
Name string: The name of the connection. If not provided, connection_id must be set.

connectionId String: The ID of the connection. If not provided, name must be set.
name String: The name of the connection. If not provided, connection_id must be set.

connectionId string: The ID of the connection. If not provided, name must be set.
name string: The name of the connection. If not provided, connection_id must be set.

connection_id str: The ID of the connection. If not provided, name must be set.
name str: The name of the connection. If not provided, connection_id must be set.

connectionId String: The ID of the connection. If not provided, name must be set.
name String: The name of the connection. If not provided, connection_id must be set.

getConnection Result

The following output properties are available:

Authentications List<GetConnectionAuthentication>: Configure the purpose of a connection to be used for authentication during login.
ConnectedAccounts List<GetConnectionConnectedAccount>: Configure the purpose of a connection to be used for connected accounts and Token Vault.
DisplayName string: Name used in login screen.
EnabledClients List<string>: IDs of the clients for which the connection is enabled.
Id string: The provider-assigned unique ID for this managed resource.
IsDomainConnection bool: Indicates whether the connection is domain level.
Metadata Dictionary<string, string>: Metadata associated with the connection, in the form of a map of string values (max 255 chars).
Options List<GetConnectionOption>: Configuration settings for connection options.
Realms List<string>: Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
ShowAsButton bool: Display connection as a button. Only available on enterprise connections.
Strategy string: Type of the connection, which indicates the identity provider.
ConnectionId string: The ID of the connection. If not provided, name must be set.
Name string: The name of the connection. If not provided, connection_id must be set.

Authentications []GetConnectionAuthentication: Configure the purpose of a connection to be used for authentication during login.
ConnectedAccounts []GetConnectionConnectedAccount: Configure the purpose of a connection to be used for connected accounts and Token Vault.
DisplayName string: Name used in login screen.
EnabledClients []string: IDs of the clients for which the connection is enabled.
Id string: The provider-assigned unique ID for this managed resource.
IsDomainConnection bool: Indicates whether the connection is domain level.
Metadata map[string]string: Metadata associated with the connection, in the form of a map of string values (max 255 chars).
Options []GetConnectionOption: Configuration settings for connection options.
Realms []string: Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
ShowAsButton bool: Display connection as a button. Only available on enterprise connections.
Strategy string: Type of the connection, which indicates the identity provider.
ConnectionId string: The ID of the connection. If not provided, name must be set.
Name string: The name of the connection. If not provided, connection_id must be set.

authentications List<GetConnectionAuthentication>: Configure the purpose of a connection to be used for authentication during login.
connectedAccounts List<GetConnectionConnectedAccount>: Configure the purpose of a connection to be used for connected accounts and Token Vault.
displayName String: Name used in login screen.
enabledClients List<String>: IDs of the clients for which the connection is enabled.
id String: The provider-assigned unique ID for this managed resource.
isDomainConnection Boolean: Indicates whether the connection is domain level.
metadata Map<String,String>: Metadata associated with the connection, in the form of a map of string values (max 255 chars).
options List<GetConnectionOption>: Configuration settings for connection options.
realms List<String>: Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
showAsButton Boolean: Display connection as a button. Only available on enterprise connections.
strategy String: Type of the connection, which indicates the identity provider.
connectionId String: The ID of the connection. If not provided, name must be set.
name String: The name of the connection. If not provided, connection_id must be set.

authentications GetConnectionAuthentication[]: Configure the purpose of a connection to be used for authentication during login.
connectedAccounts GetConnectionConnectedAccount[]: Configure the purpose of a connection to be used for connected accounts and Token Vault.
displayName string: Name used in login screen.
enabledClients string[]: IDs of the clients for which the connection is enabled.
id string: The provider-assigned unique ID for this managed resource.
isDomainConnection boolean: Indicates whether the connection is domain level.
metadata {[key: string]: string}: Metadata associated with the connection, in the form of a map of string values (max 255 chars).
options GetConnectionOption[]: Configuration settings for connection options.
realms string[]: Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
showAsButton boolean: Display connection as a button. Only available on enterprise connections.
strategy string: Type of the connection, which indicates the identity provider.
connectionId string: The ID of the connection. If not provided, name must be set.
name string: The name of the connection. If not provided, connection_id must be set.

authentications Sequence[GetConnectionAuthentication]: Configure the purpose of a connection to be used for authentication during login.
connected_accounts Sequence[GetConnectionConnectedAccount]: Configure the purpose of a connection to be used for connected accounts and Token Vault.
display_name str: Name used in login screen.
enabled_clients Sequence[str]: IDs of the clients for which the connection is enabled.
id str: The provider-assigned unique ID for this managed resource.
is_domain_connection bool: Indicates whether the connection is domain level.
metadata Mapping[str, str]: Metadata associated with the connection, in the form of a map of string values (max 255 chars).
options Sequence[GetConnectionOption]: Configuration settings for connection options.
realms Sequence[str]: Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
show_as_button bool: Display connection as a button. Only available on enterprise connections.
strategy str: Type of the connection, which indicates the identity provider.
connection_id str: The ID of the connection. If not provided, name must be set.
name str: The name of the connection. If not provided, connection_id must be set.

authentications List<Property Map>: Configure the purpose of a connection to be used for authentication during login.
connectedAccounts List<Property Map>: Configure the purpose of a connection to be used for connected accounts and Token Vault.
displayName String: Name used in login screen.
enabledClients List<String>: IDs of the clients for which the connection is enabled.
id String: The provider-assigned unique ID for this managed resource.
isDomainConnection Boolean: Indicates whether the connection is domain level.
metadata Map<String>: Metadata associated with the connection, in the form of a map of string values (max 255 chars).
options List<Property Map>: Configuration settings for connection options.
realms List<String>: Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
showAsButton Boolean: Display connection as a button. Only available on enterprise connections.
strategy String: Type of the connection, which indicates the identity provider.
connectionId String: The ID of the connection. If not provided, name must be set.
name String: The name of the connection. If not provided, connection_id must be set.

Supporting Types

GetConnectionAuthentication

Active bool

Active bool

active Boolean

active boolean

active bool

active Boolean

GetConnectionConnectedAccount

Active bool

Active bool

active Boolean

active boolean

active bool

active Boolean

GetConnectionOption

AccessTokenUrl string: URL used to exchange a user-authorized request token for an access token.
AdfsServer string: ADFS URL where to fetch the metadata source.
AllowedAudiences List<string>: List of allowed audiences.
ApiEnableUsers bool: Enable API Access to users.
AppId string: App ID.
AttributeMaps List<GetConnectionOptionAttributeMap>: OpenID Connect and Okta Workforce connections can automatically map claims received from the identity provider (IdP). You can configure this mapping through a library template provided by Auth0 or by entering your own template directly. Click here for more info.
Attributes List<GetConnectionOptionAttribute>: Order of attributes for precedence in identification.Valid values: email, phone_number, username. If Precedence is set, it must contain all values (email, phone_number, username) in specific order
AuthParams Dictionary<string, string>: Query string parameters to be included as part of the generated passwordless email link.
AuthenticationMethods List<GetConnectionOptionAuthenticationMethod>: Specifies the authentication methods and their configuration (enabled or disabled)
AuthorizationEndpoint string: Authorization endpoint.
BruteForceProtection bool: Indicates whether to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.
ClientId string: The strategy's client ID.
ClientSecret string: The strategy's client secret.
CommunityBaseUrl string: Salesforce community base URL.
Configuration Dictionary<string, string>: A case-sensitive map of key value pairs used as configuration variables for the custom_script.
ConnectionSettings List<GetConnectionOptionConnectionSetting>: Proof Key for Code Exchange (PKCE) configuration settings for an OIDC or Okta Workforce connection.
ConsumerKey string: Identifies the client to the service provider
ConsumerSecret string: Secret used to establish ownership of the consumer key.
CustomHeaders List<GetConnectionOptionCustomHeader>: Configure extra headers to the Token endpoint of an OAuth 2.0 provider
CustomPasswordHashes List<GetConnectionOptionCustomPasswordHash>: Configure custom password hashing within a connection. (EA only)
CustomScripts Dictionary<string, string>: A map of scripts used to integrate with a custom database.
Debug bool: When enabled, additional debug information will be generated.
DecryptionKeys List<GetConnectionOptionDecryptionKey>: The key used to decrypt encrypted responses from the connection. Uses the key and cert properties to provide the private key and certificate respectively.
DigestAlgorithm string: Sign Request Algorithm Digest.
DisableCache bool: Indicates whether to disable the cache or not.
DisableSelfServiceChangePassword bool: Indicates whether to remove the forgot password link within the New Universal Login.
DisableSignOut bool: When enabled, will disable sign out.
DisableSignup bool: Indicates whether to allow user sign-ups to your application.
DiscoveryUrl string: OpenID discovery URL, e.g. https://auth.example.com/.well-known/openid-configuration.
Domain string: Domain name.
DomainAliases List<string>: List of the domains that can be authenticated using the identity provider. Only needed for Identifier First authentication flows.
Email bool: Indicates whether to request the email scope. Used by some OAuth2 connections (e.g., LINE).
EnableScriptContext bool: Set to true to inject context into custom DB scripts (warning: cannot be disabled once enabled).
EnabledDatabaseCustomization bool: Set to true to use a legacy user store.
EntityId string: Custom Entity ID for the connection.
FedMetadataXml string: Federation Metadata for the ADFS connection.
FieldsMap string: If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.
ForwardRequestInfo bool: Specifies whether or not request info should be forwarded to sms gateway.
From string: Address to use as the sender.
GatewayAuthentications List<GetConnectionOptionGatewayAuthentication>: Defines the parameters used to generate the auth token for the custom gateway.
GatewayUrl string: Defines a custom sms gateway to use instead of Twilio.
GlobalTokenRevocationJwtIss string: Specifies the issuer of the JWT used for global token revocation for the SAML connection.
GlobalTokenRevocationJwtSub string: Specifies the subject of the JWT used for global token revocation for the SAML connection.
IconUrl string: Icon URL.
IdentityApi string: Azure AD Identity API. Available options are: microsoft-identity-platform-v2.0 or azure-active-directory-v1.0.
IdpInitiateds List<GetConnectionOptionIdpInitiated>: Configuration options for IDP Initiated Authentication. This is an object with the properties: client_id, client_protocol, and client_authorize_query.
ImportMode bool: Indicates whether you have a legacy user store and want to gradually migrate those users to the Auth0 user store.
Ips List<string>: A list of IPs.
Issuer string: Issuer URL, e.g. https://auth.example.com.
JwksUri string: JWKS URI.
KeyId string: Apple Key ID.
MapUserIdToId bool: By default Auth0 maps user_id to email. Enabling this setting changes the behavior to map user_id to 'id' instead. This can only be defined on a new Google Workspace connection and can not be changed once set.
MaxGroupsToRetrieve string: Maximum number of groups to retrieve.
MessagingServiceSid string: SID for Copilot. Used when SMS Source is Copilot.
MetadataUrl string: The URL of the SAML metadata document.
MetadataXml string: The XML content for the SAML metadata document. Values within the xml will take precedence over other attributes set on the options block.
Mfas List<GetConnectionOptionMfa>: Configuration options for multifactor authentication.
Name string: The public name of the email or SMS Connection. In most cases this is the same name as the connection name.
NonPersistentAttrs List<string>: If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the DenyList here.
PasskeyOptions List<GetConnectionOptionPasskeyOption>: Defines options for the passkey authentication method
PasswordComplexityOptions List<GetConnectionOptionPasswordComplexityOption>: Configuration settings for password complexity.
PasswordDictionaries List<GetConnectionOptionPasswordDictionary>: Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary.
PasswordHistories List<GetConnectionOptionPasswordHistory>: Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords.
PasswordNoPersonalInfos List<GetConnectionOptionPasswordNoPersonalInfo>: Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user's personal data, including user's name, username, nickname, user_metadata.name, user_metadata.first, user_metadata.last, user's email, or first part of the user's email.
PasswordPolicy string: Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include none, low, fair, good, excellent.
PingFederateBaseUrl string: Ping Federate Server URL.
PkceEnabled bool: Enables Proof Key for Code Exchange (PKCE) functionality for OAuth2 connections.
Precedences List<string>: Order of attributes for precedence in identification.Valid values: email, phone_number, username. If Precedence is set, it must contain all values (email, phone_number, username) in specific order
ProtocolBinding string: The SAML Response Binding: how the SAML token is received by Auth0 from the IdP.
Provider string: Defines the custom sms_gateway provider.
RealmFallback bool: Allows configuration if connections_realm_fallback flag is enabled for the tenant
RequestTemplate string: Template that formats the SAML request.
RequestTokenUrl string: URL used to obtain an unauthorized request token.
RequiresUsername bool: Indicates whether the user is required to provide a username in addition to an email address.
Scopes List<string>: Permissions to grant to the connection. Within the Auth0 dashboard these appear under the "Attributes" and "Extended Attributes" sections. Some examples: basic_profile, ext_profile, ext_nested_groups, etc.
Scripts Dictionary<string, string>: A map of scripts used for an OAuth connection. Only accepts a fetchUserProfile script.
SendBackChannelNonce bool: When true and type is 'back_channel', includes a cryptographic nonce in authorization requests to prevent replay attacks. The identity provider must include this nonce in the ID token for validation.
SessionKey string: Session Key for storing the request token.
SetUserRootAttributes string: Determines whether to sync user profile attributes (name, given_name, family_name, nickname, picture) at each login or only on the first login. Options include: on_each_login, on_first_login, never_on_login. Default value: on_each_login.
ShouldTrustEmailVerifiedConnection string: Choose how Auth0 sets the email_verified field in the user profile.
SignInEndpoint string: SAML single login URL for the connection.
SignOutEndpoint string: SAML single logout URL for the connection.
SignSamlRequest bool: When enabled, the SAML authentication request will be signed.
SignatureAlgorithm string: Sign Request Algorithm.
SignatureMethod string: Signature method used to sign the request
SigningCert string: X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded.
SigningKeys List<GetConnectionOptionSigningKey>: The key used to sign requests in the connection. Uses the key and cert properties to provide the private key and certificate respectively.
StrategyVersion int: Version 1 is deprecated, use version 2.
Subject string: Subject line of the email.
Syntax string: Syntax of the template body.
TeamId string: Apple Team ID.
Template string: Body of the template.
TenantDomain string: Tenant domain name.
TokenEndpoint string: Token endpoint.
TokenEndpointAuthMethod string: Specifies the authentication method for the token endpoint. (Okta/OIDC Connections)
TokenEndpointAuthSigningAlg string: Specifies the signing algorithm for the token endpoint. (Okta/OIDC Connections)
Totps List<GetConnectionOptionTotp>: Configuration options for one-time passwords.
TwilioSid string: SID for your Twilio account.
TwilioToken string: AuthToken for your Twilio account.
Type string: Value can be back_channel or front_channel. Front Channel will use OIDC protocol with response_mode=form_post and response_type=id_token. Back Channel will use response_type=code.
UpstreamParams string: You can pass provider-specific parameters to an identity provider during authentication. The values can either be static per connection or dynamic per user.
UseCertAuth bool: Indicates whether to use cert auth or not.
UseKerberos bool: Indicates whether to use Kerberos or not.
UseOauthSpecScope bool: Determines the scopes format: true makes it a space-separated string (per OAuth2 specification); false makes it an array.
UseWsfed bool: Whether to use WS-Fed.
UserAuthorizationUrl string: URL used to obtain user authorization.
UserIdAttribute string: Attribute in the token that will be mapped to the user_id property in Auth0.
UserinfoEndpoint string: User info endpoint.
Validations List<GetConnectionOptionValidation>: Validation of the minimum and maximum values allowed for a user to have as username.
WaadCommonEndpoint bool: Indicates whether to use the common endpoint rather than the default endpoint. Typically enabled if you're using this for a multi-tenant application in Azure AD.
WaadProtocol string: Protocol to use.

AccessTokenUrl string: URL used to exchange a user-authorized request token for an access token.
AdfsServer string: ADFS URL where to fetch the metadata source.
AllowedAudiences []string: List of allowed audiences.
ApiEnableUsers bool: Enable API Access to users.
AppId string: App ID.
AttributeMaps []GetConnectionOptionAttributeMap: OpenID Connect and Okta Workforce connections can automatically map claims received from the identity provider (IdP). You can configure this mapping through a library template provided by Auth0 or by entering your own template directly. Click here for more info.
Attributes []GetConnectionOptionAttribute: Order of attributes for precedence in identification.Valid values: email, phone_number, username. If Precedence is set, it must contain all values (email, phone_number, username) in specific order
AuthParams map[string]string: Query string parameters to be included as part of the generated passwordless email link.
AuthenticationMethods []GetConnectionOptionAuthenticationMethod: Specifies the authentication methods and their configuration (enabled or disabled)
AuthorizationEndpoint string: Authorization endpoint.
BruteForceProtection bool: Indicates whether to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.
ClientId string: The strategy's client ID.
ClientSecret string: The strategy's client secret.
CommunityBaseUrl string: Salesforce community base URL.
Configuration map[string]string: A case-sensitive map of key value pairs used as configuration variables for the custom_script.
ConnectionSettings []GetConnectionOptionConnectionSetting: Proof Key for Code Exchange (PKCE) configuration settings for an OIDC or Okta Workforce connection.
ConsumerKey string: Identifies the client to the service provider
ConsumerSecret string: Secret used to establish ownership of the consumer key.
CustomHeaders []GetConnectionOptionCustomHeader: Configure extra headers to the Token endpoint of an OAuth 2.0 provider
CustomPasswordHashes []GetConnectionOptionCustomPasswordHash: Configure custom password hashing within a connection. (EA only)
CustomScripts map[string]string: A map of scripts used to integrate with a custom database.
Debug bool: When enabled, additional debug information will be generated.
DecryptionKeys []GetConnectionOptionDecryptionKey: The key used to decrypt encrypted responses from the connection. Uses the key and cert properties to provide the private key and certificate respectively.
DigestAlgorithm string: Sign Request Algorithm Digest.
DisableCache bool: Indicates whether to disable the cache or not.
DisableSelfServiceChangePassword bool: Indicates whether to remove the forgot password link within the New Universal Login.
DisableSignOut bool: When enabled, will disable sign out.
DisableSignup bool: Indicates whether to allow user sign-ups to your application.
DiscoveryUrl string: OpenID discovery URL, e.g. https://auth.example.com/.well-known/openid-configuration.
Domain string: Domain name.
DomainAliases []string: List of the domains that can be authenticated using the identity provider. Only needed for Identifier First authentication flows.
Email bool: Indicates whether to request the email scope. Used by some OAuth2 connections (e.g., LINE).
EnableScriptContext bool: Set to true to inject context into custom DB scripts (warning: cannot be disabled once enabled).
EnabledDatabaseCustomization bool: Set to true to use a legacy user store.
EntityId string: Custom Entity ID for the connection.
FedMetadataXml string: Federation Metadata for the ADFS connection.
FieldsMap string: If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.
ForwardRequestInfo bool: Specifies whether or not request info should be forwarded to sms gateway.
From string: Address to use as the sender.
GatewayAuthentications []GetConnectionOptionGatewayAuthentication: Defines the parameters used to generate the auth token for the custom gateway.
GatewayUrl string: Defines a custom sms gateway to use instead of Twilio.
GlobalTokenRevocationJwtIss string: Specifies the issuer of the JWT used for global token revocation for the SAML connection.
GlobalTokenRevocationJwtSub string: Specifies the subject of the JWT used for global token revocation for the SAML connection.
IconUrl string: Icon URL.
IdentityApi string: Azure AD Identity API. Available options are: microsoft-identity-platform-v2.0 or azure-active-directory-v1.0.
IdpInitiateds []GetConnectionOptionIdpInitiated: Configuration options for IDP Initiated Authentication. This is an object with the properties: client_id, client_protocol, and client_authorize_query.
ImportMode bool: Indicates whether you have a legacy user store and want to gradually migrate those users to the Auth0 user store.
Ips []string: A list of IPs.
Issuer string: Issuer URL, e.g. https://auth.example.com.
JwksUri string: JWKS URI.
KeyId string: Apple Key ID.
MapUserIdToId bool: By default Auth0 maps user_id to email. Enabling this setting changes the behavior to map user_id to 'id' instead. This can only be defined on a new Google Workspace connection and can not be changed once set.
MaxGroupsToRetrieve string: Maximum number of groups to retrieve.
MessagingServiceSid string: SID for Copilot. Used when SMS Source is Copilot.
MetadataUrl string: The URL of the SAML metadata document.
MetadataXml string: The XML content for the SAML metadata document. Values within the xml will take precedence over other attributes set on the options block.
Mfas []GetConnectionOptionMfa: Configuration options for multifactor authentication.
Name string: The public name of the email or SMS Connection. In most cases this is the same name as the connection name.
NonPersistentAttrs []string: If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the DenyList here.
PasskeyOptions []GetConnectionOptionPasskeyOption: Defines options for the passkey authentication method
PasswordComplexityOptions []GetConnectionOptionPasswordComplexityOption: Configuration settings for password complexity.
PasswordDictionaries []GetConnectionOptionPasswordDictionary: Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary.
PasswordHistories []GetConnectionOptionPasswordHistory: Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords.
PasswordNoPersonalInfos []GetConnectionOptionPasswordNoPersonalInfo: Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user's personal data, including user's name, username, nickname, user_metadata.name, user_metadata.first, user_metadata.last, user's email, or first part of the user's email.
PasswordPolicy string: Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include none, low, fair, good, excellent.
PingFederateBaseUrl string: Ping Federate Server URL.
PkceEnabled bool: Enables Proof Key for Code Exchange (PKCE) functionality for OAuth2 connections.
Precedences []string: Order of attributes for precedence in identification.Valid values: email, phone_number, username. If Precedence is set, it must contain all values (email, phone_number, username) in specific order
ProtocolBinding string: The SAML Response Binding: how the SAML token is received by Auth0 from the IdP.
Provider string: Defines the custom sms_gateway provider.
RealmFallback bool: Allows configuration if connections_realm_fallback flag is enabled for the tenant
RequestTemplate string: Template that formats the SAML request.
RequestTokenUrl string: URL used to obtain an unauthorized request token.
RequiresUsername bool: Indicates whether the user is required to provide a username in addition to an email address.
Scopes []string: Permissions to grant to the connection. Within the Auth0 dashboard these appear under the "Attributes" and "Extended Attributes" sections. Some examples: basic_profile, ext_profile, ext_nested_groups, etc.
Scripts map[string]string: A map of scripts used for an OAuth connection. Only accepts a fetchUserProfile script.
SendBackChannelNonce bool: When true and type is 'back_channel', includes a cryptographic nonce in authorization requests to prevent replay attacks. The identity provider must include this nonce in the ID token for validation.
SessionKey string: Session Key for storing the request token.
SetUserRootAttributes string: Determines whether to sync user profile attributes (name, given_name, family_name, nickname, picture) at each login or only on the first login. Options include: on_each_login, on_first_login, never_on_login. Default value: on_each_login.
ShouldTrustEmailVerifiedConnection string: Choose how Auth0 sets the email_verified field in the user profile.
SignInEndpoint string: SAML single login URL for the connection.
SignOutEndpoint string: SAML single logout URL for the connection.
SignSamlRequest bool: When enabled, the SAML authentication request will be signed.
SignatureAlgorithm string: Sign Request Algorithm.
SignatureMethod string: Signature method used to sign the request
SigningCert string: X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded.
SigningKeys []GetConnectionOptionSigningKey: The key used to sign requests in the connection. Uses the key and cert properties to provide the private key and certificate respectively.
StrategyVersion int: Version 1 is deprecated, use version 2.
Subject string: Subject line of the email.
Syntax string: Syntax of the template body.
TeamId string: Apple Team ID.
Template string: Body of the template.
TenantDomain string: Tenant domain name.
TokenEndpoint string: Token endpoint.
TokenEndpointAuthMethod string: Specifies the authentication method for the token endpoint. (Okta/OIDC Connections)
TokenEndpointAuthSigningAlg string: Specifies the signing algorithm for the token endpoint. (Okta/OIDC Connections)
Totps []GetConnectionOptionTotp: Configuration options for one-time passwords.
TwilioSid string: SID for your Twilio account.
TwilioToken string: AuthToken for your Twilio account.
Type string: Value can be back_channel or front_channel. Front Channel will use OIDC protocol with response_mode=form_post and response_type=id_token. Back Channel will use response_type=code.
UpstreamParams string: You can pass provider-specific parameters to an identity provider during authentication. The values can either be static per connection or dynamic per user.
UseCertAuth bool: Indicates whether to use cert auth or not.
UseKerberos bool: Indicates whether to use Kerberos or not.
UseOauthSpecScope bool: Determines the scopes format: true makes it a space-separated string (per OAuth2 specification); false makes it an array.
UseWsfed bool: Whether to use WS-Fed.
UserAuthorizationUrl string: URL used to obtain user authorization.
UserIdAttribute string: Attribute in the token that will be mapped to the user_id property in Auth0.
UserinfoEndpoint string: User info endpoint.
Validations []GetConnectionOptionValidation: Validation of the minimum and maximum values allowed for a user to have as username.
WaadCommonEndpoint bool: Indicates whether to use the common endpoint rather than the default endpoint. Typically enabled if you're using this for a multi-tenant application in Azure AD.
WaadProtocol string: Protocol to use.

accessTokenUrl String: URL used to exchange a user-authorized request token for an access token.
adfsServer String: ADFS URL where to fetch the metadata source.
allowedAudiences List<String>: List of allowed audiences.
apiEnableUsers Boolean: Enable API Access to users.
appId String: App ID.
attributeMaps List<GetConnectionOptionAttributeMap>: OpenID Connect and Okta Workforce connections can automatically map claims received from the identity provider (IdP). You can configure this mapping through a library template provided by Auth0 or by entering your own template directly. Click here for more info.
attributes List<GetConnectionOptionAttribute>: Order of attributes for precedence in identification.Valid values: email, phone_number, username. If Precedence is set, it must contain all values (email, phone_number, username) in specific order
authParams Map<String,String>: Query string parameters to be included as part of the generated passwordless email link.
authenticationMethods List<GetConnectionOptionAuthenticationMethod>: Specifies the authentication methods and their configuration (enabled or disabled)
authorizationEndpoint String: Authorization endpoint.
bruteForceProtection Boolean: Indicates whether to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.
clientId String: The strategy's client ID.
clientSecret String: The strategy's client secret.
communityBaseUrl String: Salesforce community base URL.
configuration Map<String,String>: A case-sensitive map of key value pairs used as configuration variables for the custom_script.
connectionSettings List<GetConnectionOptionConnectionSetting>: Proof Key for Code Exchange (PKCE) configuration settings for an OIDC or Okta Workforce connection.
consumerKey String: Identifies the client to the service provider
consumerSecret String: Secret used to establish ownership of the consumer key.
customHeaders List<GetConnectionOptionCustomHeader>: Configure extra headers to the Token endpoint of an OAuth 2.0 provider
customPasswordHashes List<GetConnectionOptionCustomPasswordHash>: Configure custom password hashing within a connection. (EA only)
customScripts Map<String,String>: A map of scripts used to integrate with a custom database.
debug Boolean: When enabled, additional debug information will be generated.
decryptionKeys List<GetConnectionOptionDecryptionKey>: The key used to decrypt encrypted responses from the connection. Uses the key and cert properties to provide the private key and certificate respectively.
digestAlgorithm String: Sign Request Algorithm Digest.
disableCache Boolean: Indicates whether to disable the cache or not.
disableSelfServiceChangePassword Boolean: Indicates whether to remove the forgot password link within the New Universal Login.
disableSignOut Boolean: When enabled, will disable sign out.
disableSignup Boolean: Indicates whether to allow user sign-ups to your application.
discoveryUrl String: OpenID discovery URL, e.g. https://auth.example.com/.well-known/openid-configuration.
domain String: Domain name.
domainAliases List<String>: List of the domains that can be authenticated using the identity provider. Only needed for Identifier First authentication flows.
email Boolean: Indicates whether to request the email scope. Used by some OAuth2 connections (e.g., LINE).
enableScriptContext Boolean: Set to true to inject context into custom DB scripts (warning: cannot be disabled once enabled).
enabledDatabaseCustomization Boolean: Set to true to use a legacy user store.
entityId String: Custom Entity ID for the connection.
fedMetadataXml String: Federation Metadata for the ADFS connection.
fieldsMap String: If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.
forwardRequestInfo Boolean: Specifies whether or not request info should be forwarded to sms gateway.
from String: Address to use as the sender.
gatewayAuthentications List<GetConnectionOptionGatewayAuthentication>: Defines the parameters used to generate the auth token for the custom gateway.
gatewayUrl String: Defines a custom sms gateway to use instead of Twilio.
globalTokenRevocationJwtIss String: Specifies the issuer of the JWT used for global token revocation for the SAML connection.
globalTokenRevocationJwtSub String: Specifies the subject of the JWT used for global token revocation for the SAML connection.
iconUrl String: Icon URL.
identityApi String: Azure AD Identity API. Available options are: microsoft-identity-platform-v2.0 or azure-active-directory-v1.0.
idpInitiateds List<GetConnectionOptionIdpInitiated>: Configuration options for IDP Initiated Authentication. This is an object with the properties: client_id, client_protocol, and client_authorize_query.
importMode Boolean: Indicates whether you have a legacy user store and want to gradually migrate those users to the Auth0 user store.
ips List<String>: A list of IPs.
issuer String: Issuer URL, e.g. https://auth.example.com.
jwksUri String: JWKS URI.
keyId String: Apple Key ID.
mapUserIdToId Boolean: By default Auth0 maps user_id to email. Enabling this setting changes the behavior to map user_id to 'id' instead. This can only be defined on a new Google Workspace connection and can not be changed once set.
maxGroupsToRetrieve String: Maximum number of groups to retrieve.
messagingServiceSid String: SID for Copilot. Used when SMS Source is Copilot.
metadataUrl String: The URL of the SAML metadata document.
metadataXml String: The XML content for the SAML metadata document. Values within the xml will take precedence over other attributes set on the options block.
mfas List<GetConnectionOptionMfa>: Configuration options for multifactor authentication.
name String: The public name of the email or SMS Connection. In most cases this is the same name as the connection name.
nonPersistentAttrs List<String>: If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the DenyList here.
passkeyOptions List<GetConnectionOptionPasskeyOption>: Defines options for the passkey authentication method
passwordComplexityOptions List<GetConnectionOptionPasswordComplexityOption>: Configuration settings for password complexity.
passwordDictionaries List<GetConnectionOptionPasswordDictionary>: Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary.
passwordHistories List<GetConnectionOptionPasswordHistory>: Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords.
passwordNoPersonalInfos List<GetConnectionOptionPasswordNoPersonalInfo>: Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user's personal data, including user's name, username, nickname, user_metadata.name, user_metadata.first, user_metadata.last, user's email, or first part of the user's email.
passwordPolicy String: Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include none, low, fair, good, excellent.
pingFederateBaseUrl String: Ping Federate Server URL.
pkceEnabled Boolean: Enables Proof Key for Code Exchange (PKCE) functionality for OAuth2 connections.
precedences List<String>: Order of attributes for precedence in identification.Valid values: email, phone_number, username. If Precedence is set, it must contain all values (email, phone_number, username) in specific order
protocolBinding String: The SAML Response Binding: how the SAML token is received by Auth0 from the IdP.
provider String: Defines the custom sms_gateway provider.
realmFallback Boolean: Allows configuration if connections_realm_fallback flag is enabled for the tenant
requestTemplate String: Template that formats the SAML request.
requestTokenUrl String: URL used to obtain an unauthorized request token.
requiresUsername Boolean: Indicates whether the user is required to provide a username in addition to an email address.
scopes List<String>: Permissions to grant to the connection. Within the Auth0 dashboard these appear under the "Attributes" and "Extended Attributes" sections. Some examples: basic_profile, ext_profile, ext_nested_groups, etc.
scripts Map<String,String>: A map of scripts used for an OAuth connection. Only accepts a fetchUserProfile script.
sendBackChannelNonce Boolean: When true and type is 'back_channel', includes a cryptographic nonce in authorization requests to prevent replay attacks. The identity provider must include this nonce in the ID token for validation.
sessionKey String: Session Key for storing the request token.
setUserRootAttributes String: Determines whether to sync user profile attributes (name, given_name, family_name, nickname, picture) at each login or only on the first login. Options include: on_each_login, on_first_login, never_on_login. Default value: on_each_login.
shouldTrustEmailVerifiedConnection String: Choose how Auth0 sets the email_verified field in the user profile.
signInEndpoint String: SAML single login URL for the connection.
signOutEndpoint String: SAML single logout URL for the connection.
signSamlRequest Boolean: When enabled, the SAML authentication request will be signed.
signatureAlgorithm String: Sign Request Algorithm.
signatureMethod String: Signature method used to sign the request
signingCert String: X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded.
signingKeys List<GetConnectionOptionSigningKey>: The key used to sign requests in the connection. Uses the key and cert properties to provide the private key and certificate respectively.
strategyVersion Integer: Version 1 is deprecated, use version 2.
subject String: Subject line of the email.
syntax String: Syntax of the template body.
teamId String: Apple Team ID.
template String: Body of the template.
tenantDomain String: Tenant domain name.
tokenEndpoint String: Token endpoint.
tokenEndpointAuthMethod String: Specifies the authentication method for the token endpoint. (Okta/OIDC Connections)
tokenEndpointAuthSigningAlg String: Specifies the signing algorithm for the token endpoint. (Okta/OIDC Connections)
totps List<GetConnectionOptionTotp>: Configuration options for one-time passwords.
twilioSid String: SID for your Twilio account.
twilioToken String: AuthToken for your Twilio account.
type String: Value can be back_channel or front_channel. Front Channel will use OIDC protocol with response_mode=form_post and response_type=id_token. Back Channel will use response_type=code.
upstreamParams String: You can pass provider-specific parameters to an identity provider during authentication. The values can either be static per connection or dynamic per user.
useCertAuth Boolean: Indicates whether to use cert auth or not.
useKerberos Boolean: Indicates whether to use Kerberos or not.
useOauthSpecScope Boolean: Determines the scopes format: true makes it a space-separated string (per OAuth2 specification); false makes it an array.
useWsfed Boolean: Whether to use WS-Fed.
userAuthorizationUrl String: URL used to obtain user authorization.
userIdAttribute String: Attribute in the token that will be mapped to the user_id property in Auth0.
userinfoEndpoint String: User info endpoint.
validations List<GetConnectionOptionValidation>: Validation of the minimum and maximum values allowed for a user to have as username.
waadCommonEndpoint Boolean: Indicates whether to use the common endpoint rather than the default endpoint. Typically enabled if you're using this for a multi-tenant application in Azure AD.
waadProtocol String: Protocol to use.

accessTokenUrl string: URL used to exchange a user-authorized request token for an access token.
adfsServer string: ADFS URL where to fetch the metadata source.
allowedAudiences string[]: List of allowed audiences.
apiEnableUsers boolean: Enable API Access to users.
appId string: App ID.
attributeMaps GetConnectionOptionAttributeMap[]: OpenID Connect and Okta Workforce connections can automatically map claims received from the identity provider (IdP). You can configure this mapping through a library template provided by Auth0 or by entering your own template directly. Click here for more info.
attributes GetConnectionOptionAttribute[]: Order of attributes for precedence in identification.Valid values: email, phone_number, username. If Precedence is set, it must contain all values (email, phone_number, username) in specific order
authParams {[key: string]: string}: Query string parameters to be included as part of the generated passwordless email link.
authenticationMethods GetConnectionOptionAuthenticationMethod[]: Specifies the authentication methods and their configuration (enabled or disabled)
authorizationEndpoint string: Authorization endpoint.
bruteForceProtection boolean: Indicates whether to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.
clientId string: The strategy's client ID.
clientSecret string: The strategy's client secret.
communityBaseUrl string: Salesforce community base URL.
configuration {[key: string]: string}: A case-sensitive map of key value pairs used as configuration variables for the custom_script.
connectionSettings GetConnectionOptionConnectionSetting[]: Proof Key for Code Exchange (PKCE) configuration settings for an OIDC or Okta Workforce connection.
consumerKey string: Identifies the client to the service provider
consumerSecret string: Secret used to establish ownership of the consumer key.
customHeaders GetConnectionOptionCustomHeader[]: Configure extra headers to the Token endpoint of an OAuth 2.0 provider
customPasswordHashes GetConnectionOptionCustomPasswordHash[]: Configure custom password hashing within a connection. (EA only)
customScripts {[key: string]: string}: A map of scripts used to integrate with a custom database.
debug boolean: When enabled, additional debug information will be generated.
decryptionKeys GetConnectionOptionDecryptionKey[]: The key used to decrypt encrypted responses from the connection. Uses the key and cert properties to provide the private key and certificate respectively.
digestAlgorithm string: Sign Request Algorithm Digest.
disableCache boolean: Indicates whether to disable the cache or not.
disableSelfServiceChangePassword boolean: Indicates whether to remove the forgot password link within the New Universal Login.
disableSignOut boolean: When enabled, will disable sign out.
disableSignup boolean: Indicates whether to allow user sign-ups to your application.
discoveryUrl string: OpenID discovery URL, e.g. https://auth.example.com/.well-known/openid-configuration.
domain string: Domain name.
domainAliases string[]: List of the domains that can be authenticated using the identity provider. Only needed for Identifier First authentication flows.
email boolean: Indicates whether to request the email scope. Used by some OAuth2 connections (e.g., LINE).
enableScriptContext boolean: Set to true to inject context into custom DB scripts (warning: cannot be disabled once enabled).
enabledDatabaseCustomization boolean: Set to true to use a legacy user store.
entityId string: Custom Entity ID for the connection.
fedMetadataXml string: Federation Metadata for the ADFS connection.
fieldsMap string: If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.
forwardRequestInfo boolean: Specifies whether or not request info should be forwarded to sms gateway.
from string: Address to use as the sender.
gatewayAuthentications GetConnectionOptionGatewayAuthentication[]: Defines the parameters used to generate the auth token for the custom gateway.
gatewayUrl string: Defines a custom sms gateway to use instead of Twilio.
globalTokenRevocationJwtIss string: Specifies the issuer of the JWT used for global token revocation for the SAML connection.
globalTokenRevocationJwtSub string: Specifies the subject of the JWT used for global token revocation for the SAML connection.
iconUrl string: Icon URL.
identityApi string: Azure AD Identity API. Available options are: microsoft-identity-platform-v2.0 or azure-active-directory-v1.0.
idpInitiateds GetConnectionOptionIdpInitiated[]: Configuration options for IDP Initiated Authentication. This is an object with the properties: client_id, client_protocol, and client_authorize_query.
importMode boolean: Indicates whether you have a legacy user store and want to gradually migrate those users to the Auth0 user store.
ips string[]: A list of IPs.
issuer string: Issuer URL, e.g. https://auth.example.com.
jwksUri string: JWKS URI.
keyId string: Apple Key ID.
mapUserIdToId boolean: By default Auth0 maps user_id to email. Enabling this setting changes the behavior to map user_id to 'id' instead. This can only be defined on a new Google Workspace connection and can not be changed once set.
maxGroupsToRetrieve string: Maximum number of groups to retrieve.
messagingServiceSid string: SID for Copilot. Used when SMS Source is Copilot.
metadataUrl string: The URL of the SAML metadata document.
metadataXml string: The XML content for the SAML metadata document. Values within the xml will take precedence over other attributes set on the options block.
mfas GetConnectionOptionMfa[]: Configuration options for multifactor authentication.
name string: The public name of the email or SMS Connection. In most cases this is the same name as the connection name.
nonPersistentAttrs string[]: If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the DenyList here.
passkeyOptions GetConnectionOptionPasskeyOption[]: Defines options for the passkey authentication method
passwordComplexityOptions GetConnectionOptionPasswordComplexityOption[]: Configuration settings for password complexity.
passwordDictionaries GetConnectionOptionPasswordDictionary[]: Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary.
passwordHistories GetConnectionOptionPasswordHistory[]: Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords.
passwordNoPersonalInfos GetConnectionOptionPasswordNoPersonalInfo[]: Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user's personal data, including user's name, username, nickname, user_metadata.name, user_metadata.first, user_metadata.last, user's email, or first part of the user's email.
passwordPolicy string: Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include none, low, fair, good, excellent.
pingFederateBaseUrl string: Ping Federate Server URL.
pkceEnabled boolean: Enables Proof Key for Code Exchange (PKCE) functionality for OAuth2 connections.
precedences string[]: Order of attributes for precedence in identification.Valid values: email, phone_number, username. If Precedence is set, it must contain all values (email, phone_number, username) in specific order
protocolBinding string: The SAML Response Binding: how the SAML token is received by Auth0 from the IdP.
provider string: Defines the custom sms_gateway provider.
realmFallback boolean: Allows configuration if connections_realm_fallback flag is enabled for the tenant
requestTemplate string: Template that formats the SAML request.
requestTokenUrl string: URL used to obtain an unauthorized request token.
requiresUsername boolean: Indicates whether the user is required to provide a username in addition to an email address.
scopes string[]: Permissions to grant to the connection. Within the Auth0 dashboard these appear under the "Attributes" and "Extended Attributes" sections. Some examples: basic_profile, ext_profile, ext_nested_groups, etc.
scripts {[key: string]: string}: A map of scripts used for an OAuth connection. Only accepts a fetchUserProfile script.
sendBackChannelNonce boolean: When true and type is 'back_channel', includes a cryptographic nonce in authorization requests to prevent replay attacks. The identity provider must include this nonce in the ID token for validation.
sessionKey string: Session Key for storing the request token.
setUserRootAttributes string: Determines whether to sync user profile attributes (name, given_name, family_name, nickname, picture) at each login or only on the first login. Options include: on_each_login, on_first_login, never_on_login. Default value: on_each_login.
shouldTrustEmailVerifiedConnection string: Choose how Auth0 sets the email_verified field in the user profile.
signInEndpoint string: SAML single login URL for the connection.
signOutEndpoint string: SAML single logout URL for the connection.
signSamlRequest boolean: When enabled, the SAML authentication request will be signed.
signatureAlgorithm string: Sign Request Algorithm.
signatureMethod string: Signature method used to sign the request
signingCert string: X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded.
signingKeys GetConnectionOptionSigningKey[]: The key used to sign requests in the connection. Uses the key and cert properties to provide the private key and certificate respectively.
strategyVersion number: Version 1 is deprecated, use version 2.
subject string: Subject line of the email.
syntax string: Syntax of the template body.
teamId string: Apple Team ID.
template string: Body of the template.
tenantDomain string: Tenant domain name.
tokenEndpoint string: Token endpoint.
tokenEndpointAuthMethod string: Specifies the authentication method for the token endpoint. (Okta/OIDC Connections)
tokenEndpointAuthSigningAlg string: Specifies the signing algorithm for the token endpoint. (Okta/OIDC Connections)
totps GetConnectionOptionTotp[]: Configuration options for one-time passwords.
twilioSid string: SID for your Twilio account.
twilioToken string: AuthToken for your Twilio account.
type string: Value can be back_channel or front_channel. Front Channel will use OIDC protocol with response_mode=form_post and response_type=id_token. Back Channel will use response_type=code.
upstreamParams string: You can pass provider-specific parameters to an identity provider during authentication. The values can either be static per connection or dynamic per user.
useCertAuth boolean: Indicates whether to use cert auth or not.
useKerberos boolean: Indicates whether to use Kerberos or not.
useOauthSpecScope boolean: Determines the scopes format: true makes it a space-separated string (per OAuth2 specification); false makes it an array.
useWsfed boolean: Whether to use WS-Fed.
userAuthorizationUrl string: URL used to obtain user authorization.
userIdAttribute string: Attribute in the token that will be mapped to the user_id property in Auth0.
userinfoEndpoint string: User info endpoint.
validations GetConnectionOptionValidation[]: Validation of the minimum and maximum values allowed for a user to have as username.
waadCommonEndpoint boolean: Indicates whether to use the common endpoint rather than the default endpoint. Typically enabled if you're using this for a multi-tenant application in Azure AD.
waadProtocol string: Protocol to use.

access_token_url str: URL used to exchange a user-authorized request token for an access token.
adfs_server str: ADFS URL where to fetch the metadata source.
allowed_audiences Sequence[str]: List of allowed audiences.
api_enable_users bool: Enable API Access to users.
app_id str: App ID.
attribute_maps Sequence[GetConnectionOptionAttributeMap]: OpenID Connect and Okta Workforce connections can automatically map claims received from the identity provider (IdP). You can configure this mapping through a library template provided by Auth0 or by entering your own template directly. Click here for more info.
attributes Sequence[GetConnectionOptionAttribute]: Order of attributes for precedence in identification.Valid values: email, phone_number, username. If Precedence is set, it must contain all values (email, phone_number, username) in specific order
auth_params Mapping[str, str]: Query string parameters to be included as part of the generated passwordless email link.
authentication_methods Sequence[GetConnectionOptionAuthenticationMethod]: Specifies the authentication methods and their configuration (enabled or disabled)
authorization_endpoint str: Authorization endpoint.
brute_force_protection bool: Indicates whether to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.
client_id str: The strategy's client ID.
client_secret str: The strategy's client secret.
community_base_url str: Salesforce community base URL.
configuration Mapping[str, str]: A case-sensitive map of key value pairs used as configuration variables for the custom_script.
connection_settings Sequence[GetConnectionOptionConnectionSetting]: Proof Key for Code Exchange (PKCE) configuration settings for an OIDC or Okta Workforce connection.
consumer_key str: Identifies the client to the service provider
consumer_secret str: Secret used to establish ownership of the consumer key.
custom_headers Sequence[GetConnectionOptionCustomHeader]: Configure extra headers to the Token endpoint of an OAuth 2.0 provider
custom_password_hashes Sequence[GetConnectionOptionCustomPasswordHash]: Configure custom password hashing within a connection. (EA only)
custom_scripts Mapping[str, str]: A map of scripts used to integrate with a custom database.
debug bool: When enabled, additional debug information will be generated.
decryption_keys Sequence[GetConnectionOptionDecryptionKey]: The key used to decrypt encrypted responses from the connection. Uses the key and cert properties to provide the private key and certificate respectively.
digest_algorithm str: Sign Request Algorithm Digest.
disable_cache bool: Indicates whether to disable the cache or not.
disable_self_service_change_password bool: Indicates whether to remove the forgot password link within the New Universal Login.
disable_sign_out bool: When enabled, will disable sign out.
disable_signup bool: Indicates whether to allow user sign-ups to your application.
discovery_url str: OpenID discovery URL, e.g. https://auth.example.com/.well-known/openid-configuration.
domain str: Domain name.
domain_aliases Sequence[str]: List of the domains that can be authenticated using the identity provider. Only needed for Identifier First authentication flows.
email bool: Indicates whether to request the email scope. Used by some OAuth2 connections (e.g., LINE).
enable_script_context bool: Set to true to inject context into custom DB scripts (warning: cannot be disabled once enabled).
enabled_database_customization bool: Set to true to use a legacy user store.
entity_id str: Custom Entity ID for the connection.
fed_metadata_xml str: Federation Metadata for the ADFS connection.
fields_map str: If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.
forward_request_info bool: Specifies whether or not request info should be forwarded to sms gateway.
from_ str: Address to use as the sender.
gateway_authentications Sequence[GetConnectionOptionGatewayAuthentication]: Defines the parameters used to generate the auth token for the custom gateway.
gateway_url str: Defines a custom sms gateway to use instead of Twilio.
global_token_revocation_jwt_iss str: Specifies the issuer of the JWT used for global token revocation for the SAML connection.
global_token_revocation_jwt_sub str: Specifies the subject of the JWT used for global token revocation for the SAML connection.
icon_url str: Icon URL.
identity_api str: Azure AD Identity API. Available options are: microsoft-identity-platform-v2.0 or azure-active-directory-v1.0.
idp_initiateds Sequence[GetConnectionOptionIdpInitiated]: Configuration options for IDP Initiated Authentication. This is an object with the properties: client_id, client_protocol, and client_authorize_query.
import_mode bool: Indicates whether you have a legacy user store and want to gradually migrate those users to the Auth0 user store.
ips Sequence[str]: A list of IPs.
issuer str: Issuer URL, e.g. https://auth.example.com.
jwks_uri str: JWKS URI.
key_id str: Apple Key ID.
map_user_id_to_id bool: By default Auth0 maps user_id to email. Enabling this setting changes the behavior to map user_id to 'id' instead. This can only be defined on a new Google Workspace connection and can not be changed once set.
max_groups_to_retrieve str: Maximum number of groups to retrieve.
messaging_service_sid str: SID for Copilot. Used when SMS Source is Copilot.
metadata_url str: The URL of the SAML metadata document.
metadata_xml str: The XML content for the SAML metadata document. Values within the xml will take precedence over other attributes set on the options block.
mfas Sequence[GetConnectionOptionMfa]: Configuration options for multifactor authentication.
name str: The public name of the email or SMS Connection. In most cases this is the same name as the connection name.
non_persistent_attrs Sequence[str]: If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the DenyList here.
passkey_options Sequence[GetConnectionOptionPasskeyOption]: Defines options for the passkey authentication method
password_complexity_options Sequence[GetConnectionOptionPasswordComplexityOption]: Configuration settings for password complexity.
password_dictionaries Sequence[GetConnectionOptionPasswordDictionary]: Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary.
password_histories Sequence[GetConnectionOptionPasswordHistory]: Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords.
password_no_personal_infos Sequence[GetConnectionOptionPasswordNoPersonalInfo]: Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user's personal data, including user's name, username, nickname, user_metadata.name, user_metadata.first, user_metadata.last, user's email, or first part of the user's email.
password_policy str: Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include none, low, fair, good, excellent.
ping_federate_base_url str: Ping Federate Server URL.
pkce_enabled bool: Enables Proof Key for Code Exchange (PKCE) functionality for OAuth2 connections.
precedences Sequence[str]: Order of attributes for precedence in identification.Valid values: email, phone_number, username. If Precedence is set, it must contain all values (email, phone_number, username) in specific order
protocol_binding str: The SAML Response Binding: how the SAML token is received by Auth0 from the IdP.
provider str: Defines the custom sms_gateway provider.
realm_fallback bool: Allows configuration if connections_realm_fallback flag is enabled for the tenant
request_template str: Template that formats the SAML request.
request_token_url str: URL used to obtain an unauthorized request token.
requires_username bool: Indicates whether the user is required to provide a username in addition to an email address.
scopes Sequence[str]: Permissions to grant to the connection. Within the Auth0 dashboard these appear under the "Attributes" and "Extended Attributes" sections. Some examples: basic_profile, ext_profile, ext_nested_groups, etc.
scripts Mapping[str, str]: A map of scripts used for an OAuth connection. Only accepts a fetchUserProfile script.
send_back_channel_nonce bool: When true and type is 'back_channel', includes a cryptographic nonce in authorization requests to prevent replay attacks. The identity provider must include this nonce in the ID token for validation.
session_key str: Session Key for storing the request token.
set_user_root_attributes str: Determines whether to sync user profile attributes (name, given_name, family_name, nickname, picture) at each login or only on the first login. Options include: on_each_login, on_first_login, never_on_login. Default value: on_each_login.
should_trust_email_verified_connection str: Choose how Auth0 sets the email_verified field in the user profile.
sign_in_endpoint str: SAML single login URL for the connection.
sign_out_endpoint str: SAML single logout URL for the connection.
sign_saml_request bool: When enabled, the SAML authentication request will be signed.
signature_algorithm str: Sign Request Algorithm.
signature_method str: Signature method used to sign the request
signing_cert str: X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded.
signing_keys Sequence[GetConnectionOptionSigningKey]: The key used to sign requests in the connection. Uses the key and cert properties to provide the private key and certificate respectively.
strategy_version int: Version 1 is deprecated, use version 2.
subject str: Subject line of the email.
syntax str: Syntax of the template body.
team_id str: Apple Team ID.
template str: Body of the template.
tenant_domain str: Tenant domain name.
token_endpoint str: Token endpoint.
token_endpoint_auth_method str: Specifies the authentication method for the token endpoint. (Okta/OIDC Connections)
token_endpoint_auth_signing_alg str: Specifies the signing algorithm for the token endpoint. (Okta/OIDC Connections)
totps Sequence[GetConnectionOptionTotp]: Configuration options for one-time passwords.
twilio_sid str: SID for your Twilio account.
twilio_token str: AuthToken for your Twilio account.
type str: Value can be back_channel or front_channel. Front Channel will use OIDC protocol with response_mode=form_post and response_type=id_token. Back Channel will use response_type=code.
upstream_params str: You can pass provider-specific parameters to an identity provider during authentication. The values can either be static per connection or dynamic per user.
use_cert_auth bool: Indicates whether to use cert auth or not.
use_kerberos bool: Indicates whether to use Kerberos or not.
use_oauth_spec_scope bool: Determines the scopes format: true makes it a space-separated string (per OAuth2 specification); false makes it an array.
use_wsfed bool: Whether to use WS-Fed.
user_authorization_url str: URL used to obtain user authorization.
user_id_attribute str: Attribute in the token that will be mapped to the user_id property in Auth0.
userinfo_endpoint str: User info endpoint.
validations Sequence[GetConnectionOptionValidation]: Validation of the minimum and maximum values allowed for a user to have as username.
waad_common_endpoint bool: Indicates whether to use the common endpoint rather than the default endpoint. Typically enabled if you're using this for a multi-tenant application in Azure AD.
waad_protocol str: Protocol to use.

accessTokenUrl String: URL used to exchange a user-authorized request token for an access token.
adfsServer String: ADFS URL where to fetch the metadata source.
allowedAudiences List<String>: List of allowed audiences.
apiEnableUsers Boolean: Enable API Access to users.
appId String: App ID.
attributeMaps List<Property Map>: OpenID Connect and Okta Workforce connections can automatically map claims received from the identity provider (IdP). You can configure this mapping through a library template provided by Auth0 or by entering your own template directly. Click here for more info.
attributes List<Property Map>: Order of attributes for precedence in identification.Valid values: email, phone_number, username. If Precedence is set, it must contain all values (email, phone_number, username) in specific order
authParams Map<String>: Query string parameters to be included as part of the generated passwordless email link.
authenticationMethods List<Property Map>: Specifies the authentication methods and their configuration (enabled or disabled)
authorizationEndpoint String: Authorization endpoint.
bruteForceProtection Boolean: Indicates whether to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.
clientId String: The strategy's client ID.
clientSecret String: The strategy's client secret.
communityBaseUrl String: Salesforce community base URL.
configuration Map<String>: A case-sensitive map of key value pairs used as configuration variables for the custom_script.
connectionSettings List<Property Map>: Proof Key for Code Exchange (PKCE) configuration settings for an OIDC or Okta Workforce connection.
consumerKey String: Identifies the client to the service provider
consumerSecret String: Secret used to establish ownership of the consumer key.
customHeaders List<Property Map>: Configure extra headers to the Token endpoint of an OAuth 2.0 provider
customPasswordHashes List<Property Map>: Configure custom password hashing within a connection. (EA only)
customScripts Map<String>: A map of scripts used to integrate with a custom database.
debug Boolean: When enabled, additional debug information will be generated.
decryptionKeys List<Property Map>: The key used to decrypt encrypted responses from the connection. Uses the key and cert properties to provide the private key and certificate respectively.
digestAlgorithm String: Sign Request Algorithm Digest.
disableCache Boolean: Indicates whether to disable the cache or not.
disableSelfServiceChangePassword Boolean: Indicates whether to remove the forgot password link within the New Universal Login.
disableSignOut Boolean: When enabled, will disable sign out.
disableSignup Boolean: Indicates whether to allow user sign-ups to your application.
discoveryUrl String: OpenID discovery URL, e.g. https://auth.example.com/.well-known/openid-configuration.
domain String: Domain name.
domainAliases List<String>: List of the domains that can be authenticated using the identity provider. Only needed for Identifier First authentication flows.
email Boolean: Indicates whether to request the email scope. Used by some OAuth2 connections (e.g., LINE).
enableScriptContext Boolean: Set to true to inject context into custom DB scripts (warning: cannot be disabled once enabled).
enabledDatabaseCustomization Boolean: Set to true to use a legacy user store.
entityId String: Custom Entity ID for the connection.
fedMetadataXml String: Federation Metadata for the ADFS connection.
fieldsMap String: If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.
forwardRequestInfo Boolean: Specifies whether or not request info should be forwarded to sms gateway.
from String: Address to use as the sender.
gatewayAuthentications List<Property Map>: Defines the parameters used to generate the auth token for the custom gateway.
gatewayUrl String: Defines a custom sms gateway to use instead of Twilio.
globalTokenRevocationJwtIss String: Specifies the issuer of the JWT used for global token revocation for the SAML connection.
globalTokenRevocationJwtSub String: Specifies the subject of the JWT used for global token revocation for the SAML connection.
iconUrl String: Icon URL.
identityApi String: Azure AD Identity API. Available options are: microsoft-identity-platform-v2.0 or azure-active-directory-v1.0.
idpInitiateds List<Property Map>: Configuration options for IDP Initiated Authentication. This is an object with the properties: client_id, client_protocol, and client_authorize_query.
importMode Boolean: Indicates whether you have a legacy user store and want to gradually migrate those users to the Auth0 user store.
ips List<String>: A list of IPs.
issuer String: Issuer URL, e.g. https://auth.example.com.
jwksUri String: JWKS URI.
keyId String: Apple Key ID.
mapUserIdToId Boolean: By default Auth0 maps user_id to email. Enabling this setting changes the behavior to map user_id to 'id' instead. This can only be defined on a new Google Workspace connection and can not be changed once set.
maxGroupsToRetrieve String: Maximum number of groups to retrieve.
messagingServiceSid String: SID for Copilot. Used when SMS Source is Copilot.
metadataUrl String: The URL of the SAML metadata document.
metadataXml String: The XML content for the SAML metadata document. Values within the xml will take precedence over other attributes set on the options block.
mfas List<Property Map>: Configuration options for multifactor authentication.
name String: The public name of the email or SMS Connection. In most cases this is the same name as the connection name.
nonPersistentAttrs List<String>: If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the DenyList here.
passkeyOptions List<Property Map>: Defines options for the passkey authentication method
passwordComplexityOptions List<Property Map>: Configuration settings for password complexity.
passwordDictionaries List<Property Map>: Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary.
passwordHistories List<Property Map>: Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords.
passwordNoPersonalInfos List<Property Map>: Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user's personal data, including user's name, username, nickname, user_metadata.name, user_metadata.first, user_metadata.last, user's email, or first part of the user's email.
passwordPolicy String: Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include none, low, fair, good, excellent.
pingFederateBaseUrl String: Ping Federate Server URL.
pkceEnabled Boolean: Enables Proof Key for Code Exchange (PKCE) functionality for OAuth2 connections.
precedences List<String>: Order of attributes for precedence in identification.Valid values: email, phone_number, username. If Precedence is set, it must contain all values (email, phone_number, username) in specific order
protocolBinding String: The SAML Response Binding: how the SAML token is received by Auth0 from the IdP.
provider String: Defines the custom sms_gateway provider.
realmFallback Boolean: Allows configuration if connections_realm_fallback flag is enabled for the tenant
requestTemplate String: Template that formats the SAML request.
requestTokenUrl String: URL used to obtain an unauthorized request token.
requiresUsername Boolean: Indicates whether the user is required to provide a username in addition to an email address.
scopes List<String>: Permissions to grant to the connection. Within the Auth0 dashboard these appear under the "Attributes" and "Extended Attributes" sections. Some examples: basic_profile, ext_profile, ext_nested_groups, etc.
scripts Map<String>: A map of scripts used for an OAuth connection. Only accepts a fetchUserProfile script.
sendBackChannelNonce Boolean: When true and type is 'back_channel', includes a cryptographic nonce in authorization requests to prevent replay attacks. The identity provider must include this nonce in the ID token for validation.
sessionKey String: Session Key for storing the request token.
setUserRootAttributes String: Determines whether to sync user profile attributes (name, given_name, family_name, nickname, picture) at each login or only on the first login. Options include: on_each_login, on_first_login, never_on_login. Default value: on_each_login.
shouldTrustEmailVerifiedConnection String: Choose how Auth0 sets the email_verified field in the user profile.
signInEndpoint String: SAML single login URL for the connection.
signOutEndpoint String: SAML single logout URL for the connection.
signSamlRequest Boolean: When enabled, the SAML authentication request will be signed.
signatureAlgorithm String: Sign Request Algorithm.
signatureMethod String: Signature method used to sign the request
signingCert String: X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded.
signingKeys List<Property Map>: The key used to sign requests in the connection. Uses the key and cert properties to provide the private key and certificate respectively.
strategyVersion Number: Version 1 is deprecated, use version 2.
subject String: Subject line of the email.
syntax String: Syntax of the template body.
teamId String: Apple Team ID.
template String: Body of the template.
tenantDomain String: Tenant domain name.
tokenEndpoint String: Token endpoint.
tokenEndpointAuthMethod String: Specifies the authentication method for the token endpoint. (Okta/OIDC Connections)
tokenEndpointAuthSigningAlg String: Specifies the signing algorithm for the token endpoint. (Okta/OIDC Connections)
totps List<Property Map>: Configuration options for one-time passwords.
twilioSid String: SID for your Twilio account.
twilioToken String: AuthToken for your Twilio account.
type String: Value can be back_channel or front_channel. Front Channel will use OIDC protocol with response_mode=form_post and response_type=id_token. Back Channel will use response_type=code.
upstreamParams String: You can pass provider-specific parameters to an identity provider during authentication. The values can either be static per connection or dynamic per user.
useCertAuth Boolean: Indicates whether to use cert auth or not.
useKerberos Boolean: Indicates whether to use Kerberos or not.
useOauthSpecScope Boolean: Determines the scopes format: true makes it a space-separated string (per OAuth2 specification); false makes it an array.
useWsfed Boolean: Whether to use WS-Fed.
userAuthorizationUrl String: URL used to obtain user authorization.
userIdAttribute String: Attribute in the token that will be mapped to the user_id property in Auth0.
userinfoEndpoint String: User info endpoint.
validations List<Property Map>: Validation of the minimum and maximum values allowed for a user to have as username.
waadCommonEndpoint Boolean: Indicates whether to use the common endpoint rather than the default endpoint. Typically enabled if you're using this for a multi-tenant application in Azure AD.
waadProtocol String: Protocol to use.

GetConnectionOptionAttribute

Emails List<GetConnectionOptionAttributeEmail>: Connection Options for Email Attribute
PhoneNumbers List<GetConnectionOptionAttributePhoneNumber>: Connection Options for Phone Number Attribute
Usernames List<GetConnectionOptionAttributeUsername>: Connection Options for User Name Attribute

Emails []GetConnectionOptionAttributeEmail: Connection Options for Email Attribute
PhoneNumbers []GetConnectionOptionAttributePhoneNumber: Connection Options for Phone Number Attribute
Usernames []GetConnectionOptionAttributeUsername: Connection Options for User Name Attribute

emails List<GetConnectionOptionAttributeEmail>: Connection Options for Email Attribute
phoneNumbers List<GetConnectionOptionAttributePhoneNumber>: Connection Options for Phone Number Attribute
usernames List<GetConnectionOptionAttributeUsername>: Connection Options for User Name Attribute

emails GetConnectionOptionAttributeEmail[]: Connection Options for Email Attribute
phoneNumbers GetConnectionOptionAttributePhoneNumber[]: Connection Options for Phone Number Attribute
usernames GetConnectionOptionAttributeUsername[]: Connection Options for User Name Attribute

emails Sequence[GetConnectionOptionAttributeEmail]: Connection Options for Email Attribute
phone_numbers Sequence[GetConnectionOptionAttributePhoneNumber]: Connection Options for Phone Number Attribute
usernames Sequence[GetConnectionOptionAttributeUsername]: Connection Options for User Name Attribute

emails List<Property Map>: Connection Options for Email Attribute
phoneNumbers List<Property Map>: Connection Options for Phone Number Attribute
usernames List<Property Map>: Connection Options for User Name Attribute

GetConnectionOptionAttributeEmail

Identifiers List<GetConnectionOptionAttributeEmailIdentifier>: Connection Options Email Attribute Identifier
ProfileRequired bool: Defines whether Profile is required
Signups List<GetConnectionOptionAttributeEmailSignup>: Defines signup settings for Email attribute
Unique bool: If set to false, it allow multiple accounts with the same email address
VerificationMethod string: Defines whether whether user will receive a link or an OTP during user signup for email verification and password reset for email verification

Identifiers []GetConnectionOptionAttributeEmailIdentifier: Connection Options Email Attribute Identifier
ProfileRequired bool: Defines whether Profile is required
Signups []GetConnectionOptionAttributeEmailSignup: Defines signup settings for Email attribute
Unique bool: If set to false, it allow multiple accounts with the same email address
VerificationMethod string: Defines whether whether user will receive a link or an OTP during user signup for email verification and password reset for email verification

identifiers List<GetConnectionOptionAttributeEmailIdentifier>: Connection Options Email Attribute Identifier
profileRequired Boolean: Defines whether Profile is required
signups List<GetConnectionOptionAttributeEmailSignup>: Defines signup settings for Email attribute
unique Boolean: If set to false, it allow multiple accounts with the same email address
verificationMethod String: Defines whether whether user will receive a link or an OTP during user signup for email verification and password reset for email verification

identifiers GetConnectionOptionAttributeEmailIdentifier[]: Connection Options Email Attribute Identifier
profileRequired boolean: Defines whether Profile is required
signups GetConnectionOptionAttributeEmailSignup[]: Defines signup settings for Email attribute
unique boolean: If set to false, it allow multiple accounts with the same email address
verificationMethod string: Defines whether whether user will receive a link or an OTP during user signup for email verification and password reset for email verification

identifiers Sequence[GetConnectionOptionAttributeEmailIdentifier]: Connection Options Email Attribute Identifier
profile_required bool: Defines whether Profile is required
signups Sequence[GetConnectionOptionAttributeEmailSignup]: Defines signup settings for Email attribute
unique bool: If set to false, it allow multiple accounts with the same email address
verification_method str: Defines whether whether user will receive a link or an OTP during user signup for email verification and password reset for email verification

identifiers List<Property Map>: Connection Options Email Attribute Identifier
profileRequired Boolean: Defines whether Profile is required
signups List<Property Map>: Defines signup settings for Email attribute
unique Boolean: If set to false, it allow multiple accounts with the same email address
verificationMethod String: Defines whether whether user will receive a link or an OTP during user signup for email verification and password reset for email verification

GetConnectionOptionAttributeEmailIdentifier

Active bool: Defines whether email attribute is active as an identifier
DefaultMethod string: Gets and Sets the default authentication method for the email identifier type. Valid values: password, email_otp

Active bool: Defines whether email attribute is active as an identifier
DefaultMethod string: Gets and Sets the default authentication method for the email identifier type. Valid values: password, email_otp

active Boolean: Defines whether email attribute is active as an identifier
defaultMethod String: Gets and Sets the default authentication method for the email identifier type. Valid values: password, email_otp

active boolean: Defines whether email attribute is active as an identifier
defaultMethod string: Gets and Sets the default authentication method for the email identifier type. Valid values: password, email_otp

active bool: Defines whether email attribute is active as an identifier
default_method str: Gets and Sets the default authentication method for the email identifier type. Valid values: password, email_otp

active Boolean: Defines whether email attribute is active as an identifier
defaultMethod String: Gets and Sets the default authentication method for the email identifier type. Valid values: password, email_otp

GetConnectionOptionAttributeEmailSignup

Status string: Defines signup status for Email Attribute
Verifications List<GetConnectionOptionAttributeEmailSignupVerification>: Defines settings for Verification under Email attribute

Status string: Defines signup status for Email Attribute
Verifications []GetConnectionOptionAttributeEmailSignupVerification: Defines settings for Verification under Email attribute

status String: Defines signup status for Email Attribute
verifications List<GetConnectionOptionAttributeEmailSignupVerification>: Defines settings for Verification under Email attribute

status string: Defines signup status for Email Attribute
verifications GetConnectionOptionAttributeEmailSignupVerification[]: Defines settings for Verification under Email attribute

status str: Defines signup status for Email Attribute
verifications Sequence[GetConnectionOptionAttributeEmailSignupVerification]: Defines settings for Verification under Email attribute

status String: Defines signup status for Email Attribute
verifications List<Property Map>: Defines settings for Verification under Email attribute

GetConnectionOptionAttributeEmailSignupVerification

Active bool: Defines verification settings for signup attribute

Active bool: Defines verification settings for signup attribute

active Boolean: Defines verification settings for signup attribute

active boolean: Defines verification settings for signup attribute

active bool: Defines verification settings for signup attribute

active Boolean: Defines verification settings for signup attribute

GetConnectionOptionAttributeMap

Attributes string: This property is an object containing mapping information that allows Auth0 to interpret incoming claims from the IdP. Mapping information must be provided as key/value pairs.
MappingMode string: Method used to map incoming claims. Possible values: use_map (Okta or OIDC), bind_all (OIDC) or basic_profile (Okta).
UserinfoScope string: This property defines the scopes that Auth0 sends to the IdP’s UserInfo endpoint when requested.

Attributes string: This property is an object containing mapping information that allows Auth0 to interpret incoming claims from the IdP. Mapping information must be provided as key/value pairs.
MappingMode string: Method used to map incoming claims. Possible values: use_map (Okta or OIDC), bind_all (OIDC) or basic_profile (Okta).
UserinfoScope string: This property defines the scopes that Auth0 sends to the IdP’s UserInfo endpoint when requested.

attributes String: This property is an object containing mapping information that allows Auth0 to interpret incoming claims from the IdP. Mapping information must be provided as key/value pairs.
mappingMode String: Method used to map incoming claims. Possible values: use_map (Okta or OIDC), bind_all (OIDC) or basic_profile (Okta).
userinfoScope String: This property defines the scopes that Auth0 sends to the IdP’s UserInfo endpoint when requested.

attributes string: This property is an object containing mapping information that allows Auth0 to interpret incoming claims from the IdP. Mapping information must be provided as key/value pairs.
mappingMode string: Method used to map incoming claims. Possible values: use_map (Okta or OIDC), bind_all (OIDC) or basic_profile (Okta).
userinfoScope string: This property defines the scopes that Auth0 sends to the IdP’s UserInfo endpoint when requested.

attributes str: This property is an object containing mapping information that allows Auth0 to interpret incoming claims from the IdP. Mapping information must be provided as key/value pairs.
mapping_mode str: Method used to map incoming claims. Possible values: use_map (Okta or OIDC), bind_all (OIDC) or basic_profile (Okta).
userinfo_scope str: This property defines the scopes that Auth0 sends to the IdP’s UserInfo endpoint when requested.

attributes String: This property is an object containing mapping information that allows Auth0 to interpret incoming claims from the IdP. Mapping information must be provided as key/value pairs.
mappingMode String: Method used to map incoming claims. Possible values: use_map (Okta or OIDC), bind_all (OIDC) or basic_profile (Okta).
userinfoScope String: This property defines the scopes that Auth0 sends to the IdP’s UserInfo endpoint when requested.

GetConnectionOptionAttributePhoneNumber

Identifiers List<GetConnectionOptionAttributePhoneNumberIdentifier>: Connection Options Phone Number Attribute Identifier
ProfileRequired bool: Defines whether Profile is required
Signups List<GetConnectionOptionAttributePhoneNumberSignup>: Defines signup settings for Phone Number attribute

Identifiers []GetConnectionOptionAttributePhoneNumberIdentifier: Connection Options Phone Number Attribute Identifier
ProfileRequired bool: Defines whether Profile is required
Signups []GetConnectionOptionAttributePhoneNumberSignup: Defines signup settings for Phone Number attribute

identifiers List<GetConnectionOptionAttributePhoneNumberIdentifier>: Connection Options Phone Number Attribute Identifier
profileRequired Boolean: Defines whether Profile is required
signups List<GetConnectionOptionAttributePhoneNumberSignup>: Defines signup settings for Phone Number attribute

identifiers GetConnectionOptionAttributePhoneNumberIdentifier[]: Connection Options Phone Number Attribute Identifier
profileRequired boolean: Defines whether Profile is required
signups GetConnectionOptionAttributePhoneNumberSignup[]: Defines signup settings for Phone Number attribute

identifiers Sequence[GetConnectionOptionAttributePhoneNumberIdentifier]: Connection Options Phone Number Attribute Identifier
profile_required bool: Defines whether Profile is required
signups Sequence[GetConnectionOptionAttributePhoneNumberSignup]: Defines signup settings for Phone Number attribute

identifiers List<Property Map>: Connection Options Phone Number Attribute Identifier
profileRequired Boolean: Defines whether Profile is required
signups List<Property Map>: Defines signup settings for Phone Number attribute

GetConnectionOptionAttributePhoneNumberIdentifier

Active bool: Defines whether Phone Number attribute is active as an identifier
DefaultMethod string: Gets and Sets the default authentication method for the phone_number identifier type. Valid values: password, phone_otp

Active bool: Defines whether Phone Number attribute is active as an identifier
DefaultMethod string: Gets and Sets the default authentication method for the phone_number identifier type. Valid values: password, phone_otp

active Boolean: Defines whether Phone Number attribute is active as an identifier
defaultMethod String: Gets and Sets the default authentication method for the phone_number identifier type. Valid values: password, phone_otp

active boolean: Defines whether Phone Number attribute is active as an identifier
defaultMethod string: Gets and Sets the default authentication method for the phone_number identifier type. Valid values: password, phone_otp

active bool: Defines whether Phone Number attribute is active as an identifier
default_method str: Gets and Sets the default authentication method for the phone_number identifier type. Valid values: password, phone_otp

active Boolean: Defines whether Phone Number attribute is active as an identifier
defaultMethod String: Gets and Sets the default authentication method for the phone_number identifier type. Valid values: password, phone_otp

GetConnectionOptionAttributePhoneNumberSignup

Status string: Defines status of signup for Phone Number attribute
Verifications List<GetConnectionOptionAttributePhoneNumberSignupVerification>: Defines verification settings for Phone Number attribute

Status string: Defines status of signup for Phone Number attribute
Verifications []GetConnectionOptionAttributePhoneNumberSignupVerification: Defines verification settings for Phone Number attribute

status String: Defines status of signup for Phone Number attribute
verifications List<GetConnectionOptionAttributePhoneNumberSignupVerification>: Defines verification settings for Phone Number attribute

status string: Defines status of signup for Phone Number attribute
verifications GetConnectionOptionAttributePhoneNumberSignupVerification[]: Defines verification settings for Phone Number attribute

status str: Defines status of signup for Phone Number attribute
verifications Sequence[GetConnectionOptionAttributePhoneNumberSignupVerification]: Defines verification settings for Phone Number attribute

status String: Defines status of signup for Phone Number attribute
verifications List<Property Map>: Defines verification settings for Phone Number attribute

GetConnectionOptionAttributePhoneNumberSignupVerification

Active bool: Defines verification settings for Phone Number attribute

Active bool: Defines verification settings for Phone Number attribute

active Boolean: Defines verification settings for Phone Number attribute

active boolean: Defines verification settings for Phone Number attribute

active bool: Defines verification settings for Phone Number attribute

active Boolean: Defines verification settings for Phone Number attribute

GetConnectionOptionAttributeUsername

Identifiers List<GetConnectionOptionAttributeUsernameIdentifier>: Connection options for User Name Attribute Identifier
ProfileRequired bool: Defines whether Profile is required
Signups List<GetConnectionOptionAttributeUsernameSignup>: Defines signup settings for User Name attribute
Validations List<GetConnectionOptionAttributeUsernameValidation>: Defines validation settings for User Name attribute

Identifiers []GetConnectionOptionAttributeUsernameIdentifier: Connection options for User Name Attribute Identifier
ProfileRequired bool: Defines whether Profile is required
Signups []GetConnectionOptionAttributeUsernameSignup: Defines signup settings for User Name attribute
Validations []GetConnectionOptionAttributeUsernameValidation: Defines validation settings for User Name attribute

identifiers List<GetConnectionOptionAttributeUsernameIdentifier>: Connection options for User Name Attribute Identifier
profileRequired Boolean: Defines whether Profile is required
signups List<GetConnectionOptionAttributeUsernameSignup>: Defines signup settings for User Name attribute
validations List<GetConnectionOptionAttributeUsernameValidation>: Defines validation settings for User Name attribute

identifiers GetConnectionOptionAttributeUsernameIdentifier[]: Connection options for User Name Attribute Identifier
profileRequired boolean: Defines whether Profile is required
signups GetConnectionOptionAttributeUsernameSignup[]: Defines signup settings for User Name attribute
validations GetConnectionOptionAttributeUsernameValidation[]: Defines validation settings for User Name attribute

identifiers Sequence[GetConnectionOptionAttributeUsernameIdentifier]: Connection options for User Name Attribute Identifier
profile_required bool: Defines whether Profile is required
signups Sequence[GetConnectionOptionAttributeUsernameSignup]: Defines signup settings for User Name attribute
validations Sequence[GetConnectionOptionAttributeUsernameValidation]: Defines validation settings for User Name attribute

identifiers List<Property Map>: Connection options for User Name Attribute Identifier
profileRequired Boolean: Defines whether Profile is required
signups List<Property Map>: Defines signup settings for User Name attribute
validations List<Property Map>: Defines validation settings for User Name attribute

GetConnectionOptionAttributeUsernameIdentifier

Active bool: Defines whether UserName attribute is active as an identifier
DefaultMethod string: Gets and Sets the default authentication method for the username identifier type. Valid value: password

Active bool: Defines whether UserName attribute is active as an identifier
DefaultMethod string: Gets and Sets the default authentication method for the username identifier type. Valid value: password

active Boolean: Defines whether UserName attribute is active as an identifier
defaultMethod String: Gets and Sets the default authentication method for the username identifier type. Valid value: password

active boolean: Defines whether UserName attribute is active as an identifier
defaultMethod string: Gets and Sets the default authentication method for the username identifier type. Valid value: password

active bool: Defines whether UserName attribute is active as an identifier
default_method str: Gets and Sets the default authentication method for the username identifier type. Valid value: password

active Boolean: Defines whether UserName attribute is active as an identifier
defaultMethod String: Gets and Sets the default authentication method for the username identifier type. Valid value: password

GetConnectionOptionAttributeUsernameSignup

Status string: Defines whether User Name attribute is active as an identifier

Status string: Defines whether User Name attribute is active as an identifier

status String: Defines whether User Name attribute is active as an identifier

status string: Defines whether User Name attribute is active as an identifier

status str: Defines whether User Name attribute is active as an identifier

status String: Defines whether User Name attribute is active as an identifier

GetConnectionOptionAttributeUsernameValidation

AllowedTypes List<GetConnectionOptionAttributeUsernameValidationAllowedType>: Defines allowed types for for UserName attribute
MaxLength int: Defines Max Length for User Name attribute
MinLength int: Defines Min Length for User Name attribute

AllowedTypes []GetConnectionOptionAttributeUsernameValidationAllowedType: Defines allowed types for for UserName attribute
MaxLength int: Defines Max Length for User Name attribute
MinLength int: Defines Min Length for User Name attribute

allowedTypes List<GetConnectionOptionAttributeUsernameValidationAllowedType>: Defines allowed types for for UserName attribute
maxLength Integer: Defines Max Length for User Name attribute
minLength Integer: Defines Min Length for User Name attribute

allowedTypes GetConnectionOptionAttributeUsernameValidationAllowedType[]: Defines allowed types for for UserName attribute
maxLength number: Defines Max Length for User Name attribute
minLength number: Defines Min Length for User Name attribute

allowed_types Sequence[GetConnectionOptionAttributeUsernameValidationAllowedType]: Defines allowed types for for UserName attribute
max_length int: Defines Max Length for User Name attribute
min_length int: Defines Min Length for User Name attribute

allowedTypes List<Property Map>: Defines allowed types for for UserName attribute
maxLength Number: Defines Max Length for User Name attribute
minLength Number: Defines Min Length for User Name attribute

GetConnectionOptionAttributeUsernameValidationAllowedType

Email bool: One of the allowed types for UserName signup attribute
PhoneNumber bool: One of the allowed types for UserName signup attribute

Email bool: One of the allowed types for UserName signup attribute
PhoneNumber bool: One of the allowed types for UserName signup attribute

email Boolean: One of the allowed types for UserName signup attribute
phoneNumber Boolean: One of the allowed types for UserName signup attribute

email boolean: One of the allowed types for UserName signup attribute
phoneNumber boolean: One of the allowed types for UserName signup attribute

email bool: One of the allowed types for UserName signup attribute
phone_number bool: One of the allowed types for UserName signup attribute

email Boolean: One of the allowed types for UserName signup attribute
phoneNumber Boolean: One of the allowed types for UserName signup attribute

GetConnectionOptionAuthenticationMethod

EmailOtps List<GetConnectionOptionAuthenticationMethodEmailOtp>: Configures Email OTP authentication
Passkeys List<GetConnectionOptionAuthenticationMethodPasskey>: Configures passkey authentication
Passwords List<GetConnectionOptionAuthenticationMethodPassword>: Configures password authentication
PhoneOtps List<GetConnectionOptionAuthenticationMethodPhoneOtp>: Configures Phone OTP authentication

EmailOtps []GetConnectionOptionAuthenticationMethodEmailOtp: Configures Email OTP authentication
Passkeys []GetConnectionOptionAuthenticationMethodPasskey: Configures passkey authentication
Passwords []GetConnectionOptionAuthenticationMethodPassword: Configures password authentication
PhoneOtps []GetConnectionOptionAuthenticationMethodPhoneOtp: Configures Phone OTP authentication

emailOtps List<GetConnectionOptionAuthenticationMethodEmailOtp>: Configures Email OTP authentication
passkeys List<GetConnectionOptionAuthenticationMethodPasskey>: Configures passkey authentication
passwords List<GetConnectionOptionAuthenticationMethodPassword>: Configures password authentication
phoneOtps List<GetConnectionOptionAuthenticationMethodPhoneOtp>: Configures Phone OTP authentication

emailOtps GetConnectionOptionAuthenticationMethodEmailOtp[]: Configures Email OTP authentication
passkeys GetConnectionOptionAuthenticationMethodPasskey[]: Configures passkey authentication
passwords GetConnectionOptionAuthenticationMethodPassword[]: Configures password authentication
phoneOtps GetConnectionOptionAuthenticationMethodPhoneOtp[]: Configures Phone OTP authentication

email_otps Sequence[GetConnectionOptionAuthenticationMethodEmailOtp]: Configures Email OTP authentication
passkeys Sequence[GetConnectionOptionAuthenticationMethodPasskey]: Configures passkey authentication
passwords Sequence[GetConnectionOptionAuthenticationMethodPassword]: Configures password authentication
phone_otps Sequence[GetConnectionOptionAuthenticationMethodPhoneOtp]: Configures Phone OTP authentication

emailOtps List<Property Map>: Configures Email OTP authentication
passkeys List<Property Map>: Configures passkey authentication
passwords List<Property Map>: Configures password authentication
phoneOtps List<Property Map>: Configures Phone OTP authentication

GetConnectionOptionAuthenticationMethodEmailOtp

Enabled bool: Enables Email OTP authentication

Enabled bool: Enables Email OTP authentication

enabled Boolean: Enables Email OTP authentication

enabled boolean: Enables Email OTP authentication

enabled bool: Enables Email OTP authentication

enabled Boolean: Enables Email OTP authentication

GetConnectionOptionAuthenticationMethodPasskey

Enabled bool: Enables passkey authentication

Enabled bool: Enables passkey authentication

enabled Boolean: Enables passkey authentication

enabled boolean: Enables passkey authentication

enabled bool: Enables passkey authentication

enabled Boolean: Enables passkey authentication

GetConnectionOptionAuthenticationMethodPassword

Enabled bool: Enables password authentication

Enabled bool: Enables password authentication

enabled Boolean: Enables password authentication

enabled boolean: Enables password authentication

enabled bool: Enables password authentication

enabled Boolean: Enables password authentication

GetConnectionOptionAuthenticationMethodPhoneOtp

Enabled bool: Enables Phone OTP authentication

Enabled bool: Enables Phone OTP authentication

enabled Boolean: Enables Phone OTP authentication

enabled boolean: Enables Phone OTP authentication

enabled bool: Enables Phone OTP authentication

enabled Boolean: Enables Phone OTP authentication

GetConnectionOptionConnectionSetting

Pkce string: PKCE configuration. Possible values: auto (uses the strongest algorithm available), S256 (uses the SHA-256 algorithm), plain (uses plaintext as described in the PKCE specification) or disabled (disables support for PKCE).

Pkce string: PKCE configuration. Possible values: auto (uses the strongest algorithm available), S256 (uses the SHA-256 algorithm), plain (uses plaintext as described in the PKCE specification) or disabled (disables support for PKCE).

pkce String: PKCE configuration. Possible values: auto (uses the strongest algorithm available), S256 (uses the SHA-256 algorithm), plain (uses plaintext as described in the PKCE specification) or disabled (disables support for PKCE).

pkce string: PKCE configuration. Possible values: auto (uses the strongest algorithm available), S256 (uses the SHA-256 algorithm), plain (uses plaintext as described in the PKCE specification) or disabled (disables support for PKCE).

pkce str: PKCE configuration. Possible values: auto (uses the strongest algorithm available), S256 (uses the SHA-256 algorithm), plain (uses plaintext as described in the PKCE specification) or disabled (disables support for PKCE).

pkce String: PKCE configuration. Possible values: auto (uses the strongest algorithm available), S256 (uses the SHA-256 algorithm), plain (uses plaintext as described in the PKCE specification) or disabled (disables support for PKCE).

GetConnectionOptionCustomHeader

Header string
Value string

Header string
Value string

header String
value String

header string
value string

header str
value str

header String
value String

GetConnectionOptionCustomPasswordHash

ActionId string: Id of an existing action that should be invoked when validating a universal password hash. This action must support password-hash-migration trigger

ActionId string: Id of an existing action that should be invoked when validating a universal password hash. This action must support password-hash-migration trigger

actionId String: Id of an existing action that should be invoked when validating a universal password hash. This action must support password-hash-migration trigger

actionId string: Id of an existing action that should be invoked when validating a universal password hash. This action must support password-hash-migration trigger

action_id str: Id of an existing action that should be invoked when validating a universal password hash. This action must support password-hash-migration trigger

actionId String: Id of an existing action that should be invoked when validating a universal password hash. This action must support password-hash-migration trigger

GetConnectionOptionDecryptionKey

Cert string
Key string

Cert string
Key string

cert String
key String

cert string
key string

cert str
key str

cert String
key String

GetConnectionOptionGatewayAuthentication

Audience string: Audience claim for the HS256 token sent to gateway_url.
Method string: Authentication method (default is bearer token).
Secret string: Secret used to sign the HS256 token sent to gateway_url.
SecretBase64Encoded bool: Specifies whether or not the secret is Base64-encoded.
Subject string: Subject claim for the HS256 token sent to gateway_url.

Audience string: Audience claim for the HS256 token sent to gateway_url.
Method string: Authentication method (default is bearer token).
Secret string: Secret used to sign the HS256 token sent to gateway_url.
SecretBase64Encoded bool: Specifies whether or not the secret is Base64-encoded.
Subject string: Subject claim for the HS256 token sent to gateway_url.

audience String: Audience claim for the HS256 token sent to gateway_url.
method String: Authentication method (default is bearer token).
secret String: Secret used to sign the HS256 token sent to gateway_url.
secretBase64Encoded Boolean: Specifies whether or not the secret is Base64-encoded.
subject String: Subject claim for the HS256 token sent to gateway_url.

audience string: Audience claim for the HS256 token sent to gateway_url.
method string: Authentication method (default is bearer token).
secret string: Secret used to sign the HS256 token sent to gateway_url.
secretBase64Encoded boolean: Specifies whether or not the secret is Base64-encoded.
subject string: Subject claim for the HS256 token sent to gateway_url.

audience str: Audience claim for the HS256 token sent to gateway_url.
method str: Authentication method (default is bearer token).
secret str: Secret used to sign the HS256 token sent to gateway_url.
secret_base64_encoded bool: Specifies whether or not the secret is Base64-encoded.
subject str: Subject claim for the HS256 token sent to gateway_url.

audience String: Audience claim for the HS256 token sent to gateway_url.
method String: Authentication method (default is bearer token).
secret String: Secret used to sign the HS256 token sent to gateway_url.
secretBase64Encoded Boolean: Specifies whether or not the secret is Base64-encoded.
subject String: Subject claim for the HS256 token sent to gateway_url.

GetConnectionOptionIdpInitiated

ClientAuthorizeQuery string
ClientId string
ClientProtocol string
Enabled bool

ClientAuthorizeQuery string
ClientId string
ClientProtocol string
Enabled bool

clientAuthorizeQuery String
clientId String
clientProtocol String
enabled Boolean

clientAuthorizeQuery string
clientId string
clientProtocol string
enabled boolean

client_authorize_query str
client_id str
client_protocol str
enabled bool

clientAuthorizeQuery String
clientId String
clientProtocol String
enabled Boolean

GetConnectionOptionMfa

Active bool: Indicates whether multifactor authentication is enabled for this connection.
ReturnEnrollSettings bool: Indicates whether multifactor authentication enrollment settings will be returned.

Active bool: Indicates whether multifactor authentication is enabled for this connection.
ReturnEnrollSettings bool: Indicates whether multifactor authentication enrollment settings will be returned.

active Boolean: Indicates whether multifactor authentication is enabled for this connection.
returnEnrollSettings Boolean: Indicates whether multifactor authentication enrollment settings will be returned.

active boolean: Indicates whether multifactor authentication is enabled for this connection.
returnEnrollSettings boolean: Indicates whether multifactor authentication enrollment settings will be returned.

active bool: Indicates whether multifactor authentication is enabled for this connection.
return_enroll_settings bool: Indicates whether multifactor authentication enrollment settings will be returned.

active Boolean: Indicates whether multifactor authentication is enabled for this connection.
returnEnrollSettings Boolean: Indicates whether multifactor authentication enrollment settings will be returned.

GetConnectionOptionPasskeyOption

ChallengeUi string: Controls the UI used to challenge the user for their passkey
LocalEnrollmentEnabled bool: Enables or disables enrollment prompt for local passkey when user authenticates using a cross-device passkey for the connection
ProgressiveEnrollmentEnabled bool: Enables or disables progressive enrollment of passkeys for the connection

ChallengeUi string: Controls the UI used to challenge the user for their passkey
LocalEnrollmentEnabled bool: Enables or disables enrollment prompt for local passkey when user authenticates using a cross-device passkey for the connection
ProgressiveEnrollmentEnabled bool: Enables or disables progressive enrollment of passkeys for the connection

challengeUi String: Controls the UI used to challenge the user for their passkey
localEnrollmentEnabled Boolean: Enables or disables enrollment prompt for local passkey when user authenticates using a cross-device passkey for the connection
progressiveEnrollmentEnabled Boolean: Enables or disables progressive enrollment of passkeys for the connection

challengeUi string: Controls the UI used to challenge the user for their passkey
localEnrollmentEnabled boolean: Enables or disables enrollment prompt for local passkey when user authenticates using a cross-device passkey for the connection
progressiveEnrollmentEnabled boolean: Enables or disables progressive enrollment of passkeys for the connection

challenge_ui str: Controls the UI used to challenge the user for their passkey
local_enrollment_enabled bool: Enables or disables enrollment prompt for local passkey when user authenticates using a cross-device passkey for the connection
progressive_enrollment_enabled bool: Enables or disables progressive enrollment of passkeys for the connection

challengeUi String: Controls the UI used to challenge the user for their passkey
localEnrollmentEnabled Boolean: Enables or disables enrollment prompt for local passkey when user authenticates using a cross-device passkey for the connection
progressiveEnrollmentEnabled Boolean: Enables or disables progressive enrollment of passkeys for the connection

GetConnectionOptionPasswordComplexityOption

MinLength int: Minimum number of characters allowed in passwords.

MinLength int: Minimum number of characters allowed in passwords.

minLength Integer: Minimum number of characters allowed in passwords.

minLength number: Minimum number of characters allowed in passwords.

min_length int: Minimum number of characters allowed in passwords.

minLength Number: Minimum number of characters allowed in passwords.

GetConnectionOptionPasswordDictionary

Dictionaries List<string>: Customized contents of the password dictionary. By default, the password dictionary contains a list of the 10,000 most common passwords; your customized content is used in addition to the default password dictionary. Matching is not case-sensitive.
Enable bool: Indicates whether the password dictionary check is enabled for this connection.

Dictionaries []string: Customized contents of the password dictionary. By default, the password dictionary contains a list of the 10,000 most common passwords; your customized content is used in addition to the default password dictionary. Matching is not case-sensitive.
Enable bool: Indicates whether the password dictionary check is enabled for this connection.

dictionaries List<String>: Customized contents of the password dictionary. By default, the password dictionary contains a list of the 10,000 most common passwords; your customized content is used in addition to the default password dictionary. Matching is not case-sensitive.
enable Boolean: Indicates whether the password dictionary check is enabled for this connection.

dictionaries string[]: Customized contents of the password dictionary. By default, the password dictionary contains a list of the 10,000 most common passwords; your customized content is used in addition to the default password dictionary. Matching is not case-sensitive.
enable boolean: Indicates whether the password dictionary check is enabled for this connection.

dictionaries Sequence[str]: Customized contents of the password dictionary. By default, the password dictionary contains a list of the 10,000 most common passwords; your customized content is used in addition to the default password dictionary. Matching is not case-sensitive.
enable bool: Indicates whether the password dictionary check is enabled for this connection.

dictionaries List<String>: Customized contents of the password dictionary. By default, the password dictionary contains a list of the 10,000 most common passwords; your customized content is used in addition to the default password dictionary. Matching is not case-sensitive.
enable Boolean: Indicates whether the password dictionary check is enabled for this connection.

GetConnectionOptionPasswordHistory

Enable bool
Size int

Enable bool
Size int

enable Boolean
size Integer

enable boolean
size number

enable bool
size int

enable Boolean
size Number

GetConnectionOptionPasswordNoPersonalInfo

Enable bool

Enable bool

enable Boolean

enable boolean

enable bool

enable Boolean

GetConnectionOptionSigningKey

Cert string
Key string

Cert string
Key string

cert String
key String

cert string
key string

cert str
key str

cert String
key String

GetConnectionOptionTotp

Length int: Length of the one-time password.
TimeStep int: Seconds between allowed generation of new passwords.

Length int: Length of the one-time password.
TimeStep int: Seconds between allowed generation of new passwords.

length Integer: Length of the one-time password.
timeStep Integer: Seconds between allowed generation of new passwords.

length number: Length of the one-time password.
timeStep number: Seconds between allowed generation of new passwords.

length int: Length of the one-time password.
time_step int: Seconds between allowed generation of new passwords.

length Number: Length of the one-time password.
timeStep Number: Seconds between allowed generation of new passwords.

GetConnectionOptionValidation

Usernames List<GetConnectionOptionValidationUsername>: Specifies the min and max values of username length.

Usernames []GetConnectionOptionValidationUsername: Specifies the min and max values of username length.

usernames List<GetConnectionOptionValidationUsername>: Specifies the min and max values of username length.

usernames GetConnectionOptionValidationUsername[]: Specifies the min and max values of username length.

usernames Sequence[GetConnectionOptionValidationUsername]: Specifies the min and max values of username length.

usernames List<Property Map>: Specifies the min and max values of username length.

GetConnectionOptionValidationUsername

Max int
Min int

Max int
Min int

max Integer
min Integer

max number
min number

max int
min int

max Number
min Number

Package Details

Repository: Auth0 pulumi/pulumi-auth0
License: Apache-2.0
Notes: This Pulumi package is based on the auth0 Terraform Provider.

Viewing docs for Auth0 v3.38.0
published on Friday, Feb 20, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-auth0

auth0.getConnection

On this page

On this page

Example Usage

Using getConnection

getConnection Result

Supporting Types

GetConnectionAuthentication

GetConnectionConnectedAccount

GetConnectionOption

GetConnectionOptionAttribute

GetConnectionOptionAttributeEmail

GetConnectionOptionAttributeEmailIdentifier

GetConnectionOptionAttributeEmailSignup

GetConnectionOptionAttributeEmailSignupVerification

GetConnectionOptionAttributeMap

GetConnectionOptionAttributePhoneNumber

GetConnectionOptionAttributePhoneNumberIdentifier

GetConnectionOptionAttributePhoneNumberSignup

GetConnectionOptionAttributePhoneNumberSignupVerification

GetConnectionOptionAttributeUsername

GetConnectionOptionAttributeUsernameIdentifier

GetConnectionOptionAttributeUsernameSignup

GetConnectionOptionAttributeUsernameValidation

GetConnectionOptionAttributeUsernameValidationAllowedType

GetConnectionOptionAuthenticationMethod

GetConnectionOptionAuthenticationMethodEmailOtp

GetConnectionOptionAuthenticationMethodPasskey

GetConnectionOptionAuthenticationMethodPassword

GetConnectionOptionAuthenticationMethodPhoneOtp

GetConnectionOptionConnectionSetting

GetConnectionOptionCustomHeader

GetConnectionOptionCustomPasswordHash

GetConnectionOptionDecryptionKey

GetConnectionOptionGatewayAuthentication

GetConnectionOptionIdpInitiated

GetConnectionOptionMfa

GetConnectionOptionPasskeyOption

GetConnectionOptionPasswordComplexityOption

GetConnectionOptionPasswordDictionary

GetConnectionOptionPasswordHistory

GetConnectionOptionPasswordNoPersonalInfo

GetConnectionOptionSigningKey

GetConnectionOptionTotp

GetConnectionOptionValidation

GetConnectionOptionValidationUsername

Package Details

On this page

On this page