Auth0

Pulumi Official
Package maintained by Pulumi
v2.9.0 published on Thursday, May 26, 2022 by Pulumi

Guardian

Multi-Factor Authentication works by requiring additional factors during the login process to prevent unauthorized access. With this resource you can configure some options available for MFA.

Example Usage

using Pulumi;
using Auth0 = Pulumi.Auth0;

class MyStack : Stack
{
    public MyStack()
    {
        var @default = new Auth0.Guardian("default", new Auth0.GuardianArgs
        {
            Email = true,
            Otp = true,
            Phone = new Auth0.Inputs.GuardianPhoneArgs
            {
                MessageTypes = 
                {
                    "sms",
                },
                Options = new Auth0.Inputs.GuardianPhoneOptionsArgs
                {
                    EnrollmentMessage = "{{code}} is your verification code for {{tenant.friendly_name}}. Please enter this code to verify your enrollment.",
                    VerificationMessage = "{{code}} is your verification code for {{tenant.friendly_name}}.",
                },
                Provider = "auth0",
            },
            Policy = "all-applications",
        });
    }

}
package main

import (
	"github.com/pulumi/pulumi-auth0/sdk/v2/go/auth0"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := auth0.NewGuardian(ctx, "default", &auth0.GuardianArgs{
			Email: pulumi.Bool(true),
			Otp:   pulumi.Bool(true),
			Phone: &GuardianPhoneArgs{
				MessageTypes: pulumi.StringArray{
					pulumi.String("sms"),
				},
				Options: &GuardianPhoneOptionsArgs{
					EnrollmentMessage:   pulumi.String("{{code}} is your verification code for {{tenant.friendly_name}}. Please enter this code to verify your enrollment."),
					VerificationMessage: pulumi.String("{{code}} is your verification code for {{tenant.friendly_name}}."),
				},
				Provider: pulumi.String("auth0"),
			},
			Policy: pulumi.String("all-applications"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import java.util.*;
import java.io.*;
import java.nio.*;
import com.pulumi.*;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var default_ = new Guardian("default", GuardianArgs.builder()        
            .email(true)
            .otp(true)
            .phone(GuardianPhoneArgs.builder()
                .messageTypes("sms")
                .options(GuardianPhoneOptionsArgs.builder()
                    .enrollmentMessage("{{code}} is your verification code for {{tenant.friendly_name}}. Please enter this code to verify your enrollment.")
                    .verificationMessage("{{code}} is your verification code for {{tenant.friendly_name}}.")
                    .build())
                .provider("auth0")
                .build())
            .policy("all-applications")
            .build());

    }
}
import pulumi
import pulumi_auth0 as auth0

default = auth0.Guardian("default",
    email=True,
    otp=True,
    phone=auth0.GuardianPhoneArgs(
        message_types=["sms"],
        options=auth0.GuardianPhoneOptionsArgs(
            enrollment_message="{{code}} is your verification code for {{tenant.friendly_name}}. Please enter this code to verify your enrollment.",
            verification_message="{{code}} is your verification code for {{tenant.friendly_name}}.",
        ),
        provider="auth0",
    ),
    policy="all-applications")
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";

const defaultGuardian = new auth0.Guardian("default", {
    email: true,
    otp: true,
    phone: {
        messageTypes: ["sms"],
        options: {
            enrollmentMessage: "{{code}} is your verification code for {{tenant.friendly_name}}. Please enter this code to verify your enrollment.",
            verificationMessage: "{{code}} is your verification code for {{tenant.friendly_name}}.",
        },
        provider: "auth0",
    },
    policy: "all-applications",
});
resources:
  default:
    type: auth0:Guardian
    properties:
      email: true
      otp: true
      phone:
        messageTypes:
          - sms
        options:
          enrollmentMessage: '{{code}} is your verification code for {{tenant.friendly_name}}. Please enter this code to verify your enrollment.'
          verificationMessage: '{{code}} is your verification code for {{tenant.friendly_name}}.'
        provider: auth0
      policy: all-applications

Create a Guardian Resource

new Guardian(name: string, args: GuardianArgs, opts?: CustomResourceOptions);
@overload
def Guardian(resource_name: str,
             opts: Optional[ResourceOptions] = None,
             email: Optional[bool] = None,
             otp: Optional[bool] = None,
             phone: Optional[GuardianPhoneArgs] = None,
             policy: Optional[str] = None)
@overload
def Guardian(resource_name: str,
             args: GuardianArgs,
             opts: Optional[ResourceOptions] = None)
func NewGuardian(ctx *Context, name string, args GuardianArgs, opts ...ResourceOption) (*Guardian, error)
public Guardian(string name, GuardianArgs args, CustomResourceOptions? opts = null)
public Guardian(String name, GuardianArgs args)
public Guardian(String name, GuardianArgs args, CustomResourceOptions options)
type: auth0:Guardian
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args GuardianArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args GuardianArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args GuardianArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args GuardianArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args GuardianArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Guardian Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The Guardian resource accepts the following input properties:

Policy string

String. Policy to use. Available options are never, all-applications and confidence-score. The option confidence-score means the trigger of MFA will be adaptive. See Auth0 docs.

Email bool

Boolean. Indicates whether email MFA is enabled.

Otp bool
Phone GuardianPhoneArgs

List(Resource). Configuration settings for the phone MFA. For details, see Phone.

Policy string

String. Policy to use. Available options are never, all-applications and confidence-score. The option confidence-score means the trigger of MFA will be adaptive. See Auth0 docs.

Email bool

Boolean. Indicates whether email MFA is enabled.

Otp bool
Phone GuardianPhoneArgs

List(Resource). Configuration settings for the phone MFA. For details, see Phone.

policy String

String. Policy to use. Available options are never, all-applications and confidence-score. The option confidence-score means the trigger of MFA will be adaptive. See Auth0 docs.

email Boolean

Boolean. Indicates whether email MFA is enabled.

otp Boolean
phone GuardianPhoneArgs

List(Resource). Configuration settings for the phone MFA. For details, see Phone.

policy string

String. Policy to use. Available options are never, all-applications and confidence-score. The option confidence-score means the trigger of MFA will be adaptive. See Auth0 docs.

email boolean

Boolean. Indicates whether email MFA is enabled.

otp boolean
phone GuardianPhoneArgs

List(Resource). Configuration settings for the phone MFA. For details, see Phone.

policy str

String. Policy to use. Available options are never, all-applications and confidence-score. The option confidence-score means the trigger of MFA will be adaptive. See Auth0 docs.

email bool

Boolean. Indicates whether email MFA is enabled.

otp bool
phone GuardianPhoneArgs

List(Resource). Configuration settings for the phone MFA. For details, see Phone.

policy String

String. Policy to use. Available options are never, all-applications and confidence-score. The option confidence-score means the trigger of MFA will be adaptive. See Auth0 docs.

email Boolean

Boolean. Indicates whether email MFA is enabled.

otp Boolean
phone Property Map

List(Resource). Configuration settings for the phone MFA. For details, see Phone.

Outputs

All input properties are implicitly available as output properties. Additionally, the Guardian resource produces the following output properties:

Id string

The provider-assigned unique ID for this managed resource.

Id string

The provider-assigned unique ID for this managed resource.

id String

The provider-assigned unique ID for this managed resource.

id string

The provider-assigned unique ID for this managed resource.

id str

The provider-assigned unique ID for this managed resource.

id String

The provider-assigned unique ID for this managed resource.

Look up an Existing Guardian Resource

Get an existing Guardian resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: GuardianState, opts?: CustomResourceOptions): Guardian
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        email: Optional[bool] = None,
        otp: Optional[bool] = None,
        phone: Optional[GuardianPhoneArgs] = None,
        policy: Optional[str] = None) -> Guardian
func GetGuardian(ctx *Context, name string, id IDInput, state *GuardianState, opts ...ResourceOption) (*Guardian, error)
public static Guardian Get(string name, Input<string> id, GuardianState? state, CustomResourceOptions? opts = null)
public static Guardian get(String name, Output<String> id, GuardianState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
Email bool

Boolean. Indicates whether email MFA is enabled.

Otp bool
Phone GuardianPhoneArgs

List(Resource). Configuration settings for the phone MFA. For details, see Phone.

Policy string

String. Policy to use. Available options are never, all-applications and confidence-score. The option confidence-score means the trigger of MFA will be adaptive. See Auth0 docs.

Email bool

Boolean. Indicates whether email MFA is enabled.

Otp bool
Phone GuardianPhoneArgs

List(Resource). Configuration settings for the phone MFA. For details, see Phone.

Policy string

String. Policy to use. Available options are never, all-applications and confidence-score. The option confidence-score means the trigger of MFA will be adaptive. See Auth0 docs.

email Boolean

Boolean. Indicates whether email MFA is enabled.

otp Boolean
phone GuardianPhoneArgs

List(Resource). Configuration settings for the phone MFA. For details, see Phone.

policy String

String. Policy to use. Available options are never, all-applications and confidence-score. The option confidence-score means the trigger of MFA will be adaptive. See Auth0 docs.

email boolean

Boolean. Indicates whether email MFA is enabled.

otp boolean
phone GuardianPhoneArgs

List(Resource). Configuration settings for the phone MFA. For details, see Phone.

policy string

String. Policy to use. Available options are never, all-applications and confidence-score. The option confidence-score means the trigger of MFA will be adaptive. See Auth0 docs.

email bool

Boolean. Indicates whether email MFA is enabled.

otp bool
phone GuardianPhoneArgs

List(Resource). Configuration settings for the phone MFA. For details, see Phone.

policy str

String. Policy to use. Available options are never, all-applications and confidence-score. The option confidence-score means the trigger of MFA will be adaptive. See Auth0 docs.

email Boolean

Boolean. Indicates whether email MFA is enabled.

otp Boolean
phone Property Map

List(Resource). Configuration settings for the phone MFA. For details, see Phone.

policy String

String. Policy to use. Available options are never, all-applications and confidence-score. The option confidence-score means the trigger of MFA will be adaptive. See Auth0 docs.

Supporting Types

GuardianPhone

MessageTypes List<string>

List(String). Message types to use, array of sms and or voice. Adding both to array should enable the user to choose.

Provider string

String, Case-sensitive. Provider to use, one of auth0, twilio or phone-message-hook.

Options GuardianPhoneOptions

List(Resource). Options for the various providers. See Options.

MessageTypes []string

List(String). Message types to use, array of sms and or voice. Adding both to array should enable the user to choose.

Provider string

String, Case-sensitive. Provider to use, one of auth0, twilio or phone-message-hook.

Options GuardianPhoneOptions

List(Resource). Options for the various providers. See Options.

messageTypes List<String>

List(String). Message types to use, array of sms and or voice. Adding both to array should enable the user to choose.

provider String

String, Case-sensitive. Provider to use, one of auth0, twilio or phone-message-hook.

options GuardianPhoneOptions

List(Resource). Options for the various providers. See Options.

messageTypes string[]

List(String). Message types to use, array of sms and or voice. Adding both to array should enable the user to choose.

provider string

String, Case-sensitive. Provider to use, one of auth0, twilio or phone-message-hook.

options GuardianPhoneOptions

List(Resource). Options for the various providers. See Options.

message_types Sequence[str]

List(String). Message types to use, array of sms and or voice. Adding both to array should enable the user to choose.

provider str

String, Case-sensitive. Provider to use, one of auth0, twilio or phone-message-hook.

options GuardianPhoneOptions

List(Resource). Options for the various providers. See Options.

messageTypes List<String>

List(String). Message types to use, array of sms and or voice. Adding both to array should enable the user to choose.

provider String

String, Case-sensitive. Provider to use, one of auth0, twilio or phone-message-hook.

options Property Map

List(Resource). Options for the various providers. See Options.

GuardianPhoneOptions

AuthToken string

String.

EnrollmentMessage string

String. This message will be sent whenever a user enrolls a new device for the first time using MFA. Supports liquid syntax, see Auth0 docs.

From string

String.

MessagingServiceSid string

String.

Sid string

String.

VerificationMessage string

String. This message will be sent whenever a user logs in after the enrollment. Supports liquid syntax, see Auth0 docs.

AuthToken string

String.

EnrollmentMessage string

String. This message will be sent whenever a user enrolls a new device for the first time using MFA. Supports liquid syntax, see Auth0 docs.

From string

String.

MessagingServiceSid string

String.

Sid string

String.

VerificationMessage string

String. This message will be sent whenever a user logs in after the enrollment. Supports liquid syntax, see Auth0 docs.

authToken String

String.

enrollmentMessage String

String. This message will be sent whenever a user enrolls a new device for the first time using MFA. Supports liquid syntax, see Auth0 docs.

from String

String.

messagingServiceSid String

String.

sid String

String.

verificationMessage String

String. This message will be sent whenever a user logs in after the enrollment. Supports liquid syntax, see Auth0 docs.

authToken string

String.

enrollmentMessage string

String. This message will be sent whenever a user enrolls a new device for the first time using MFA. Supports liquid syntax, see Auth0 docs.

from string

String.

messagingServiceSid string

String.

sid string

String.

verificationMessage string

String. This message will be sent whenever a user logs in after the enrollment. Supports liquid syntax, see Auth0 docs.

auth_token str

String.

enrollment_message str

String. This message will be sent whenever a user enrolls a new device for the first time using MFA. Supports liquid syntax, see Auth0 docs.

from_ str

String.

messaging_service_sid str

String.

sid str

String.

verification_message str

String. This message will be sent whenever a user logs in after the enrollment. Supports liquid syntax, see Auth0 docs.

authToken String

String.

enrollmentMessage String

String. This message will be sent whenever a user enrolls a new device for the first time using MFA. Supports liquid syntax, see Auth0 docs.

from String

String.

messagingServiceSid String

String.

sid String

String.

verificationMessage String

String. This message will be sent whenever a user logs in after the enrollment. Supports liquid syntax, see Auth0 docs.

Import

As this is not a resource identifiable by an ID within the Auth0 Management API, guardian can be imported using a random string. We recommend Version 4 UUID e.g.

 $ pulumi import auth0:index/guardian:Guardian default 24940d4b-4bd4-44e7-894e-f92e4de36a40

Package Details

Repository
https://github.com/pulumi/pulumi-auth0
License
Apache-2.0
Notes

This Pulumi package is based on the auth0 Terraform Provider.