Auth0
Guardian
Multi-Factor Authentication works by requiring additional factors during the login process to prevent unauthorized access. With this resource you can configure some options available for MFA.
Example Usage
using Pulumi;
using Auth0 = Pulumi.Auth0;
class MyStack : Stack
{
public MyStack()
{
var @default = new Auth0.Guardian("default", new Auth0.GuardianArgs
{
Email = true,
Otp = true,
Phone = new Auth0.Inputs.GuardianPhoneArgs
{
MessageTypes =
{
"sms",
},
Options = new Auth0.Inputs.GuardianPhoneOptionsArgs
{
EnrollmentMessage = "{{code}} is your verification code for {{tenant.friendly_name}}. Please enter this code to verify your enrollment.",
VerificationMessage = "{{code}} is your verification code for {{tenant.friendly_name}}.",
},
Provider = "auth0",
},
Policy = "all-applications",
});
}
}
package main
import (
"github.com/pulumi/pulumi-auth0/sdk/v2/go/auth0"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := auth0.NewGuardian(ctx, "default", &auth0.GuardianArgs{
Email: pulumi.Bool(true),
Otp: pulumi.Bool(true),
Phone: &GuardianPhoneArgs{
MessageTypes: pulumi.StringArray{
pulumi.String("sms"),
},
Options: &GuardianPhoneOptionsArgs{
EnrollmentMessage: pulumi.String("{{code}} is your verification code for {{tenant.friendly_name}}. Please enter this code to verify your enrollment."),
VerificationMessage: pulumi.String("{{code}} is your verification code for {{tenant.friendly_name}}."),
},
Provider: pulumi.String("auth0"),
},
Policy: pulumi.String("all-applications"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import java.util.*;
import java.io.*;
import java.nio.*;
import com.pulumi.*;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var default_ = new Guardian("default", GuardianArgs.builder()
.email(true)
.otp(true)
.phone(GuardianPhoneArgs.builder()
.messageTypes("sms")
.options(GuardianPhoneOptionsArgs.builder()
.enrollmentMessage("{{code}} is your verification code for {{tenant.friendly_name}}. Please enter this code to verify your enrollment.")
.verificationMessage("{{code}} is your verification code for {{tenant.friendly_name}}.")
.build())
.provider("auth0")
.build())
.policy("all-applications")
.build());
}
}
import pulumi
import pulumi_auth0 as auth0
default = auth0.Guardian("default",
email=True,
otp=True,
phone=auth0.GuardianPhoneArgs(
message_types=["sms"],
options=auth0.GuardianPhoneOptionsArgs(
enrollment_message="{{code}} is your verification code for {{tenant.friendly_name}}. Please enter this code to verify your enrollment.",
verification_message="{{code}} is your verification code for {{tenant.friendly_name}}.",
),
provider="auth0",
),
policy="all-applications")
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";
const defaultGuardian = new auth0.Guardian("default", {
email: true,
otp: true,
phone: {
messageTypes: ["sms"],
options: {
enrollmentMessage: "{{code}} is your verification code for {{tenant.friendly_name}}. Please enter this code to verify your enrollment.",
verificationMessage: "{{code}} is your verification code for {{tenant.friendly_name}}.",
},
provider: "auth0",
},
policy: "all-applications",
});
resources:
default:
type: auth0:Guardian
properties:
email: true
otp: true
phone:
messageTypes:
- sms
options:
enrollmentMessage: '{{code}} is your verification code for {{tenant.friendly_name}}. Please enter this code to verify your enrollment.'
verificationMessage: '{{code}} is your verification code for {{tenant.friendly_name}}.'
provider: auth0
policy: all-applications
Create a Guardian Resource
new Guardian(name: string, args: GuardianArgs, opts?: CustomResourceOptions);@overload
def Guardian(resource_name: str,
opts: Optional[ResourceOptions] = None,
email: Optional[bool] = None,
otp: Optional[bool] = None,
phone: Optional[GuardianPhoneArgs] = None,
policy: Optional[str] = None)
@overload
def Guardian(resource_name: str,
args: GuardianArgs,
opts: Optional[ResourceOptions] = None)func NewGuardian(ctx *Context, name string, args GuardianArgs, opts ...ResourceOption) (*Guardian, error)public Guardian(string name, GuardianArgs args, CustomResourceOptions? opts = null)
public Guardian(String name, GuardianArgs args)
public Guardian(String name, GuardianArgs args, CustomResourceOptions options)
type: auth0:Guardian
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args GuardianArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args GuardianArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args GuardianArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args GuardianArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args GuardianArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Guardian Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The Guardian resource accepts the following input properties:
- Policy string
String. Policy to use. Available options are
never,all-applicationsandconfidence-score. The optionconfidence-scoremeans the trigger of MFA will be adaptive. See Auth0 docs.- Email bool
Boolean. Indicates whether email MFA is enabled.
- Otp bool
- Phone
Guardian
Phone Args List(Resource). Configuration settings for the phone MFA. For details, see Phone.
- Policy string
String. Policy to use. Available options are
never,all-applicationsandconfidence-score. The optionconfidence-scoremeans the trigger of MFA will be adaptive. See Auth0 docs.- Email bool
Boolean. Indicates whether email MFA is enabled.
- Otp bool
- Phone
Guardian
Phone Args List(Resource). Configuration settings for the phone MFA. For details, see Phone.
- policy String
String. Policy to use. Available options are
never,all-applicationsandconfidence-score. The optionconfidence-scoremeans the trigger of MFA will be adaptive. See Auth0 docs.- email Boolean
Boolean. Indicates whether email MFA is enabled.
- otp Boolean
- phone
Guardian
Phone Args List(Resource). Configuration settings for the phone MFA. For details, see Phone.
- policy string
String. Policy to use. Available options are
never,all-applicationsandconfidence-score. The optionconfidence-scoremeans the trigger of MFA will be adaptive. See Auth0 docs.- email boolean
Boolean. Indicates whether email MFA is enabled.
- otp boolean
- phone
Guardian
Phone Args List(Resource). Configuration settings for the phone MFA. For details, see Phone.
- policy str
String. Policy to use. Available options are
never,all-applicationsandconfidence-score. The optionconfidence-scoremeans the trigger of MFA will be adaptive. See Auth0 docs.- email bool
Boolean. Indicates whether email MFA is enabled.
- otp bool
- phone
Guardian
Phone Args List(Resource). Configuration settings for the phone MFA. For details, see Phone.
- policy String
String. Policy to use. Available options are
never,all-applicationsandconfidence-score. The optionconfidence-scoremeans the trigger of MFA will be adaptive. See Auth0 docs.- email Boolean
Boolean. Indicates whether email MFA is enabled.
- otp Boolean
- phone Property Map
List(Resource). Configuration settings for the phone MFA. For details, see Phone.
Outputs
All input properties are implicitly available as output properties. Additionally, the Guardian resource produces the following output properties:
- Id string
The provider-assigned unique ID for this managed resource.
- Id string
The provider-assigned unique ID for this managed resource.
- id String
The provider-assigned unique ID for this managed resource.
- id string
The provider-assigned unique ID for this managed resource.
- id str
The provider-assigned unique ID for this managed resource.
- id String
The provider-assigned unique ID for this managed resource.
Look up an Existing Guardian Resource
Get an existing Guardian resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: GuardianState, opts?: CustomResourceOptions): Guardian@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
email: Optional[bool] = None,
otp: Optional[bool] = None,
phone: Optional[GuardianPhoneArgs] = None,
policy: Optional[str] = None) -> Guardianfunc GetGuardian(ctx *Context, name string, id IDInput, state *GuardianState, opts ...ResourceOption) (*Guardian, error)public static Guardian Get(string name, Input<string> id, GuardianState? state, CustomResourceOptions? opts = null)public static Guardian get(String name, Output<String> id, GuardianState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Email bool
Boolean. Indicates whether email MFA is enabled.
- Otp bool
- Phone
Guardian
Phone Args List(Resource). Configuration settings for the phone MFA. For details, see Phone.
- Policy string
String. Policy to use. Available options are
never,all-applicationsandconfidence-score. The optionconfidence-scoremeans the trigger of MFA will be adaptive. See Auth0 docs.
- Email bool
Boolean. Indicates whether email MFA is enabled.
- Otp bool
- Phone
Guardian
Phone Args List(Resource). Configuration settings for the phone MFA. For details, see Phone.
- Policy string
String. Policy to use. Available options are
never,all-applicationsandconfidence-score. The optionconfidence-scoremeans the trigger of MFA will be adaptive. See Auth0 docs.
- email Boolean
Boolean. Indicates whether email MFA is enabled.
- otp Boolean
- phone
Guardian
Phone Args List(Resource). Configuration settings for the phone MFA. For details, see Phone.
- policy String
String. Policy to use. Available options are
never,all-applicationsandconfidence-score. The optionconfidence-scoremeans the trigger of MFA will be adaptive. See Auth0 docs.
- email boolean
Boolean. Indicates whether email MFA is enabled.
- otp boolean
- phone
Guardian
Phone Args List(Resource). Configuration settings for the phone MFA. For details, see Phone.
- policy string
String. Policy to use. Available options are
never,all-applicationsandconfidence-score. The optionconfidence-scoremeans the trigger of MFA will be adaptive. See Auth0 docs.
- email bool
Boolean. Indicates whether email MFA is enabled.
- otp bool
- phone
Guardian
Phone Args List(Resource). Configuration settings for the phone MFA. For details, see Phone.
- policy str
String. Policy to use. Available options are
never,all-applicationsandconfidence-score. The optionconfidence-scoremeans the trigger of MFA will be adaptive. See Auth0 docs.
- email Boolean
Boolean. Indicates whether email MFA is enabled.
- otp Boolean
- phone Property Map
List(Resource). Configuration settings for the phone MFA. For details, see Phone.
- policy String
String. Policy to use. Available options are
never,all-applicationsandconfidence-score. The optionconfidence-scoremeans the trigger of MFA will be adaptive. See Auth0 docs.
Supporting Types
GuardianPhone
- Message
Types List<string> List(String). Message types to use, array of
smsand orvoice. Adding both to array should enable the user to choose.- Provider string
String, Case-sensitive. Provider to use, one of
auth0,twilioorphone-message-hook.- Options
Guardian
Phone Options List(Resource). Options for the various providers. See Options.
- Message
Types []string List(String). Message types to use, array of
smsand orvoice. Adding both to array should enable the user to choose.- Provider string
String, Case-sensitive. Provider to use, one of
auth0,twilioorphone-message-hook.- Options
Guardian
Phone Options List(Resource). Options for the various providers. See Options.
- message
Types List<String> List(String). Message types to use, array of
smsand orvoice. Adding both to array should enable the user to choose.- provider String
String, Case-sensitive. Provider to use, one of
auth0,twilioorphone-message-hook.- options
Guardian
Phone Options List(Resource). Options for the various providers. See Options.
- message
Types string[] List(String). Message types to use, array of
smsand orvoice. Adding both to array should enable the user to choose.- provider string
String, Case-sensitive. Provider to use, one of
auth0,twilioorphone-message-hook.- options
Guardian
Phone Options List(Resource). Options for the various providers. See Options.
- message_
types Sequence[str] List(String). Message types to use, array of
smsand orvoice. Adding both to array should enable the user to choose.- provider str
String, Case-sensitive. Provider to use, one of
auth0,twilioorphone-message-hook.- options
Guardian
Phone Options List(Resource). Options for the various providers. See Options.
- message
Types List<String> List(String). Message types to use, array of
smsand orvoice. Adding both to array should enable the user to choose.- provider String
String, Case-sensitive. Provider to use, one of
auth0,twilioorphone-message-hook.- options Property Map
List(Resource). Options for the various providers. See Options.
GuardianPhoneOptions
- Auth
Token string String.
- Enrollment
Message string String. This message will be sent whenever a user enrolls a new device for the first time using MFA. Supports liquid syntax, see Auth0 docs.
- From string
String.
- Messaging
Service stringSid String.
- Sid string
String.
- Verification
Message string String. This message will be sent whenever a user logs in after the enrollment. Supports liquid syntax, see Auth0 docs.
- Auth
Token string String.
- Enrollment
Message string String. This message will be sent whenever a user enrolls a new device for the first time using MFA. Supports liquid syntax, see Auth0 docs.
- From string
String.
- Messaging
Service stringSid String.
- Sid string
String.
- Verification
Message string String. This message will be sent whenever a user logs in after the enrollment. Supports liquid syntax, see Auth0 docs.
- auth
Token String String.
- enrollment
Message String String. This message will be sent whenever a user enrolls a new device for the first time using MFA. Supports liquid syntax, see Auth0 docs.
- from String
String.
- messaging
Service StringSid String.
- sid String
String.
- verification
Message String String. This message will be sent whenever a user logs in after the enrollment. Supports liquid syntax, see Auth0 docs.
- auth
Token string String.
- enrollment
Message string String. This message will be sent whenever a user enrolls a new device for the first time using MFA. Supports liquid syntax, see Auth0 docs.
- from string
String.
- messaging
Service stringSid String.
- sid string
String.
- verification
Message string String. This message will be sent whenever a user logs in after the enrollment. Supports liquid syntax, see Auth0 docs.
- auth_
token str String.
- enrollment_
message str String. This message will be sent whenever a user enrolls a new device for the first time using MFA. Supports liquid syntax, see Auth0 docs.
- from_ str
String.
- messaging_
service_ strsid String.
- sid str
String.
- verification_
message str String. This message will be sent whenever a user logs in after the enrollment. Supports liquid syntax, see Auth0 docs.
- auth
Token String String.
- enrollment
Message String String. This message will be sent whenever a user enrolls a new device for the first time using MFA. Supports liquid syntax, see Auth0 docs.
- from String
String.
- messaging
Service StringSid String.
- sid String
String.
- verification
Message String String. This message will be sent whenever a user logs in after the enrollment. Supports liquid syntax, see Auth0 docs.
Import
As this is not a resource identifiable by an ID within the Auth0 Management API, guardian can be imported using a random string. We recommend Version 4 UUID e.g.
$ pulumi import auth0:index/guardian:Guardian default 24940d4b-4bd4-44e7-894e-f92e4de36a40
Package Details
- Repository
- https://github.com/pulumi/pulumi-auth0
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
auth0Terraform Provider.