1. Packages
  2. Auth0
  3. API Docs
  4. Tenant
Auth0 v3.3.3 published on Monday, Jun 3, 2024 by Pulumi

auth0.Tenant

Explore with Pulumi AI

auth0 logo
Auth0 v3.3.3 published on Monday, Jun 3, 2024 by Pulumi

    With this resource, you can manage Auth0 tenants, including setting logos and support contact information, setting error pages, and configuring default tenant behaviors.

    Creating tenants through the Management API is not currently supported. Therefore, this resource can only manage an existing tenant created through the Auth0 dashboard.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as auth0 from "@pulumi/auth0";
    
    const myTenant = new auth0.Tenant("my_tenant", {
        friendlyName: "Tenant Name",
        pictureUrl: "http://example.com/logo.png",
        supportEmail: "support@example.com",
        supportUrl: "http://example.com/support",
        allowedLogoutUrls: ["http://example.com/logout"],
        sessionLifetime: 8760,
        sandboxVersion: "12",
        enabledLocales: ["en"],
        defaultRedirectionUri: "https://example.com/login",
        flags: {
            disableClickjackProtectionHeaders: true,
            enablePublicSignupUserExistsError: true,
            useScopeDescriptionsForConsent: true,
            noDiscloseEnterpriseConnections: false,
            disableManagementApiSmsObfuscation: false,
            disableFieldsMapFix: false,
        },
        sessionCookie: {
            mode: "non-persistent",
        },
        sessions: {
            oidcLogoutPromptEnabled: false,
        },
    });
    
    import pulumi
    import pulumi_auth0 as auth0
    
    my_tenant = auth0.Tenant("my_tenant",
        friendly_name="Tenant Name",
        picture_url="http://example.com/logo.png",
        support_email="support@example.com",
        support_url="http://example.com/support",
        allowed_logout_urls=["http://example.com/logout"],
        session_lifetime=8760,
        sandbox_version="12",
        enabled_locales=["en"],
        default_redirection_uri="https://example.com/login",
        flags=auth0.TenantFlagsArgs(
            disable_clickjack_protection_headers=True,
            enable_public_signup_user_exists_error=True,
            use_scope_descriptions_for_consent=True,
            no_disclose_enterprise_connections=False,
            disable_management_api_sms_obfuscation=False,
            disable_fields_map_fix=False,
        ),
        session_cookie=auth0.TenantSessionCookieArgs(
            mode="non-persistent",
        ),
        sessions=auth0.TenantSessionsArgs(
            oidc_logout_prompt_enabled=False,
        ))
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := auth0.NewTenant(ctx, "my_tenant", &auth0.TenantArgs{
    			FriendlyName: pulumi.String("Tenant Name"),
    			PictureUrl:   pulumi.String("http://example.com/logo.png"),
    			SupportEmail: pulumi.String("support@example.com"),
    			SupportUrl:   pulumi.String("http://example.com/support"),
    			AllowedLogoutUrls: pulumi.StringArray{
    				pulumi.String("http://example.com/logout"),
    			},
    			SessionLifetime: pulumi.Float64(8760),
    			SandboxVersion:  pulumi.String("12"),
    			EnabledLocales: pulumi.StringArray{
    				pulumi.String("en"),
    			},
    			DefaultRedirectionUri: pulumi.String("https://example.com/login"),
    			Flags: &auth0.TenantFlagsArgs{
    				DisableClickjackProtectionHeaders:  pulumi.Bool(true),
    				EnablePublicSignupUserExistsError:  pulumi.Bool(true),
    				UseScopeDescriptionsForConsent:     pulumi.Bool(true),
    				NoDiscloseEnterpriseConnections:    pulumi.Bool(false),
    				DisableManagementApiSmsObfuscation: pulumi.Bool(false),
    				DisableFieldsMapFix:                pulumi.Bool(false),
    			},
    			SessionCookie: &auth0.TenantSessionCookieArgs{
    				Mode: pulumi.String("non-persistent"),
    			},
    			Sessions: &auth0.TenantSessionsArgs{
    				OidcLogoutPromptEnabled: pulumi.Bool(false),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Auth0 = Pulumi.Auth0;
    
    return await Deployment.RunAsync(() => 
    {
        var myTenant = new Auth0.Tenant("my_tenant", new()
        {
            FriendlyName = "Tenant Name",
            PictureUrl = "http://example.com/logo.png",
            SupportEmail = "support@example.com",
            SupportUrl = "http://example.com/support",
            AllowedLogoutUrls = new[]
            {
                "http://example.com/logout",
            },
            SessionLifetime = 8760,
            SandboxVersion = "12",
            EnabledLocales = new[]
            {
                "en",
            },
            DefaultRedirectionUri = "https://example.com/login",
            Flags = new Auth0.Inputs.TenantFlagsArgs
            {
                DisableClickjackProtectionHeaders = true,
                EnablePublicSignupUserExistsError = true,
                UseScopeDescriptionsForConsent = true,
                NoDiscloseEnterpriseConnections = false,
                DisableManagementApiSmsObfuscation = false,
                DisableFieldsMapFix = false,
            },
            SessionCookie = new Auth0.Inputs.TenantSessionCookieArgs
            {
                Mode = "non-persistent",
            },
            Sessions = new Auth0.Inputs.TenantSessionsArgs
            {
                OidcLogoutPromptEnabled = false,
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.auth0.Tenant;
    import com.pulumi.auth0.TenantArgs;
    import com.pulumi.auth0.inputs.TenantFlagsArgs;
    import com.pulumi.auth0.inputs.TenantSessionCookieArgs;
    import com.pulumi.auth0.inputs.TenantSessionsArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var myTenant = new Tenant("myTenant", TenantArgs.builder()
                .friendlyName("Tenant Name")
                .pictureUrl("http://example.com/logo.png")
                .supportEmail("support@example.com")
                .supportUrl("http://example.com/support")
                .allowedLogoutUrls("http://example.com/logout")
                .sessionLifetime(8760)
                .sandboxVersion("12")
                .enabledLocales("en")
                .defaultRedirectionUri("https://example.com/login")
                .flags(TenantFlagsArgs.builder()
                    .disableClickjackProtectionHeaders(true)
                    .enablePublicSignupUserExistsError(true)
                    .useScopeDescriptionsForConsent(true)
                    .noDiscloseEnterpriseConnections(false)
                    .disableManagementApiSmsObfuscation(false)
                    .disableFieldsMapFix(false)
                    .build())
                .sessionCookie(TenantSessionCookieArgs.builder()
                    .mode("non-persistent")
                    .build())
                .sessions(TenantSessionsArgs.builder()
                    .oidcLogoutPromptEnabled(false)
                    .build())
                .build());
    
        }
    }
    
    resources:
      myTenant:
        type: auth0:Tenant
        name: my_tenant
        properties:
          friendlyName: Tenant Name
          pictureUrl: http://example.com/logo.png
          supportEmail: support@example.com
          supportUrl: http://example.com/support
          allowedLogoutUrls:
            - http://example.com/logout
          sessionLifetime: 8760
          sandboxVersion: '12'
          enabledLocales:
            - en
          defaultRedirectionUri: https://example.com/login
          flags:
            disableClickjackProtectionHeaders: true
            enablePublicSignupUserExistsError: true
            useScopeDescriptionsForConsent: true
            noDiscloseEnterpriseConnections: false
            disableManagementApiSmsObfuscation: false
            disableFieldsMapFix: false
          sessionCookie:
            mode: non-persistent
          sessions:
            oidcLogoutPromptEnabled: false
    

    Create Tenant Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new Tenant(name: string, args?: TenantArgs, opts?: CustomResourceOptions);
    @overload
    def Tenant(resource_name: str,
               args: Optional[TenantArgs] = None,
               opts: Optional[ResourceOptions] = None)
    
    @overload
    def Tenant(resource_name: str,
               opts: Optional[ResourceOptions] = None,
               allow_organization_name_in_authentication_api: Optional[bool] = None,
               allowed_logout_urls: Optional[Sequence[str]] = None,
               customize_mfa_in_postlogin_action: Optional[bool] = None,
               default_audience: Optional[str] = None,
               default_directory: Optional[str] = None,
               default_redirection_uri: Optional[str] = None,
               enabled_locales: Optional[Sequence[str]] = None,
               flags: Optional[TenantFlagsArgs] = None,
               friendly_name: Optional[str] = None,
               idle_session_lifetime: Optional[float] = None,
               picture_url: Optional[str] = None,
               sandbox_version: Optional[str] = None,
               session_cookie: Optional[TenantSessionCookieArgs] = None,
               session_lifetime: Optional[float] = None,
               sessions: Optional[TenantSessionsArgs] = None,
               support_email: Optional[str] = None,
               support_url: Optional[str] = None)
    func NewTenant(ctx *Context, name string, args *TenantArgs, opts ...ResourceOption) (*Tenant, error)
    public Tenant(string name, TenantArgs? args = null, CustomResourceOptions? opts = null)
    public Tenant(String name, TenantArgs args)
    public Tenant(String name, TenantArgs args, CustomResourceOptions options)
    
    type: auth0:Tenant
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args TenantArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args TenantArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args TenantArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args TenantArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args TenantArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Example

    The following reference example uses placeholder values for all input properties.

    var tenantResource = new Auth0.Tenant("tenantResource", new()
    {
        AllowOrganizationNameInAuthenticationApi = false,
        AllowedLogoutUrls = new[]
        {
            "string",
        },
        CustomizeMfaInPostloginAction = false,
        DefaultAudience = "string",
        DefaultDirectory = "string",
        DefaultRedirectionUri = "string",
        EnabledLocales = new[]
        {
            "string",
        },
        Flags = new Auth0.Inputs.TenantFlagsArgs
        {
            AllowLegacyDelegationGrantTypes = false,
            AllowLegacyRoGrantTypes = false,
            AllowLegacyTokeninfoEndpoint = false,
            DashboardInsightsView = false,
            DashboardLogStreamsNext = false,
            DisableClickjackProtectionHeaders = false,
            DisableFieldsMapFix = false,
            DisableManagementApiSmsObfuscation = false,
            EnableAdfsWaadEmailVerification = false,
            EnableApisSection = false,
            EnableClientConnections = false,
            EnableCustomDomainInEmails = false,
            EnableDynamicClientRegistration = false,
            EnableIdtokenApi2 = false,
            EnableLegacyLogsSearchV2 = false,
            EnableLegacyProfile = false,
            EnablePipeline2 = false,
            EnablePublicSignupUserExistsError = false,
            MfaShowFactorListOnEnrollment = false,
            NoDiscloseEnterpriseConnections = false,
            RequirePushedAuthorizationRequests = false,
            RevokeRefreshTokenGrant = false,
            UseScopeDescriptionsForConsent = false,
        },
        FriendlyName = "string",
        IdleSessionLifetime = 0,
        PictureUrl = "string",
        SandboxVersion = "string",
        SessionCookie = new Auth0.Inputs.TenantSessionCookieArgs
        {
            Mode = "string",
        },
        SessionLifetime = 0,
        Sessions = new Auth0.Inputs.TenantSessionsArgs
        {
            OidcLogoutPromptEnabled = false,
        },
        SupportEmail = "string",
        SupportUrl = "string",
    });
    
    example, err := auth0.NewTenant(ctx, "tenantResource", &auth0.TenantArgs{
    	AllowOrganizationNameInAuthenticationApi: pulumi.Bool(false),
    	AllowedLogoutUrls: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	CustomizeMfaInPostloginAction: pulumi.Bool(false),
    	DefaultAudience:               pulumi.String("string"),
    	DefaultDirectory:              pulumi.String("string"),
    	DefaultRedirectionUri:         pulumi.String("string"),
    	EnabledLocales: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	Flags: &auth0.TenantFlagsArgs{
    		AllowLegacyDelegationGrantTypes:    pulumi.Bool(false),
    		AllowLegacyRoGrantTypes:            pulumi.Bool(false),
    		AllowLegacyTokeninfoEndpoint:       pulumi.Bool(false),
    		DashboardInsightsView:              pulumi.Bool(false),
    		DashboardLogStreamsNext:            pulumi.Bool(false),
    		DisableClickjackProtectionHeaders:  pulumi.Bool(false),
    		DisableFieldsMapFix:                pulumi.Bool(false),
    		DisableManagementApiSmsObfuscation: pulumi.Bool(false),
    		EnableAdfsWaadEmailVerification:    pulumi.Bool(false),
    		EnableApisSection:                  pulumi.Bool(false),
    		EnableClientConnections:            pulumi.Bool(false),
    		EnableCustomDomainInEmails:         pulumi.Bool(false),
    		EnableDynamicClientRegistration:    pulumi.Bool(false),
    		EnableIdtokenApi2:                  pulumi.Bool(false),
    		EnableLegacyLogsSearchV2:           pulumi.Bool(false),
    		EnableLegacyProfile:                pulumi.Bool(false),
    		EnablePipeline2:                    pulumi.Bool(false),
    		EnablePublicSignupUserExistsError:  pulumi.Bool(false),
    		MfaShowFactorListOnEnrollment:      pulumi.Bool(false),
    		NoDiscloseEnterpriseConnections:    pulumi.Bool(false),
    		RequirePushedAuthorizationRequests: pulumi.Bool(false),
    		RevokeRefreshTokenGrant:            pulumi.Bool(false),
    		UseScopeDescriptionsForConsent:     pulumi.Bool(false),
    	},
    	FriendlyName:        pulumi.String("string"),
    	IdleSessionLifetime: pulumi.Float64(0),
    	PictureUrl:          pulumi.String("string"),
    	SandboxVersion:      pulumi.String("string"),
    	SessionCookie: &auth0.TenantSessionCookieArgs{
    		Mode: pulumi.String("string"),
    	},
    	SessionLifetime: pulumi.Float64(0),
    	Sessions: &auth0.TenantSessionsArgs{
    		OidcLogoutPromptEnabled: pulumi.Bool(false),
    	},
    	SupportEmail: pulumi.String("string"),
    	SupportUrl:   pulumi.String("string"),
    })
    
    var tenantResource = new Tenant("tenantResource", TenantArgs.builder()
        .allowOrganizationNameInAuthenticationApi(false)
        .allowedLogoutUrls("string")
        .customizeMfaInPostloginAction(false)
        .defaultAudience("string")
        .defaultDirectory("string")
        .defaultRedirectionUri("string")
        .enabledLocales("string")
        .flags(TenantFlagsArgs.builder()
            .allowLegacyDelegationGrantTypes(false)
            .allowLegacyRoGrantTypes(false)
            .allowLegacyTokeninfoEndpoint(false)
            .dashboardInsightsView(false)
            .dashboardLogStreamsNext(false)
            .disableClickjackProtectionHeaders(false)
            .disableFieldsMapFix(false)
            .disableManagementApiSmsObfuscation(false)
            .enableAdfsWaadEmailVerification(false)
            .enableApisSection(false)
            .enableClientConnections(false)
            .enableCustomDomainInEmails(false)
            .enableDynamicClientRegistration(false)
            .enableIdtokenApi2(false)
            .enableLegacyLogsSearchV2(false)
            .enableLegacyProfile(false)
            .enablePipeline2(false)
            .enablePublicSignupUserExistsError(false)
            .mfaShowFactorListOnEnrollment(false)
            .noDiscloseEnterpriseConnections(false)
            .requirePushedAuthorizationRequests(false)
            .revokeRefreshTokenGrant(false)
            .useScopeDescriptionsForConsent(false)
            .build())
        .friendlyName("string")
        .idleSessionLifetime(0)
        .pictureUrl("string")
        .sandboxVersion("string")
        .sessionCookie(TenantSessionCookieArgs.builder()
            .mode("string")
            .build())
        .sessionLifetime(0)
        .sessions(TenantSessionsArgs.builder()
            .oidcLogoutPromptEnabled(false)
            .build())
        .supportEmail("string")
        .supportUrl("string")
        .build());
    
    tenant_resource = auth0.Tenant("tenantResource",
        allow_organization_name_in_authentication_api=False,
        allowed_logout_urls=["string"],
        customize_mfa_in_postlogin_action=False,
        default_audience="string",
        default_directory="string",
        default_redirection_uri="string",
        enabled_locales=["string"],
        flags=auth0.TenantFlagsArgs(
            allow_legacy_delegation_grant_types=False,
            allow_legacy_ro_grant_types=False,
            allow_legacy_tokeninfo_endpoint=False,
            dashboard_insights_view=False,
            dashboard_log_streams_next=False,
            disable_clickjack_protection_headers=False,
            disable_fields_map_fix=False,
            disable_management_api_sms_obfuscation=False,
            enable_adfs_waad_email_verification=False,
            enable_apis_section=False,
            enable_client_connections=False,
            enable_custom_domain_in_emails=False,
            enable_dynamic_client_registration=False,
            enable_idtoken_api2=False,
            enable_legacy_logs_search_v2=False,
            enable_legacy_profile=False,
            enable_pipeline2=False,
            enable_public_signup_user_exists_error=False,
            mfa_show_factor_list_on_enrollment=False,
            no_disclose_enterprise_connections=False,
            require_pushed_authorization_requests=False,
            revoke_refresh_token_grant=False,
            use_scope_descriptions_for_consent=False,
        ),
        friendly_name="string",
        idle_session_lifetime=0,
        picture_url="string",
        sandbox_version="string",
        session_cookie=auth0.TenantSessionCookieArgs(
            mode="string",
        ),
        session_lifetime=0,
        sessions=auth0.TenantSessionsArgs(
            oidc_logout_prompt_enabled=False,
        ),
        support_email="string",
        support_url="string")
    
    const tenantResource = new auth0.Tenant("tenantResource", {
        allowOrganizationNameInAuthenticationApi: false,
        allowedLogoutUrls: ["string"],
        customizeMfaInPostloginAction: false,
        defaultAudience: "string",
        defaultDirectory: "string",
        defaultRedirectionUri: "string",
        enabledLocales: ["string"],
        flags: {
            allowLegacyDelegationGrantTypes: false,
            allowLegacyRoGrantTypes: false,
            allowLegacyTokeninfoEndpoint: false,
            dashboardInsightsView: false,
            dashboardLogStreamsNext: false,
            disableClickjackProtectionHeaders: false,
            disableFieldsMapFix: false,
            disableManagementApiSmsObfuscation: false,
            enableAdfsWaadEmailVerification: false,
            enableApisSection: false,
            enableClientConnections: false,
            enableCustomDomainInEmails: false,
            enableDynamicClientRegistration: false,
            enableIdtokenApi2: false,
            enableLegacyLogsSearchV2: false,
            enableLegacyProfile: false,
            enablePipeline2: false,
            enablePublicSignupUserExistsError: false,
            mfaShowFactorListOnEnrollment: false,
            noDiscloseEnterpriseConnections: false,
            requirePushedAuthorizationRequests: false,
            revokeRefreshTokenGrant: false,
            useScopeDescriptionsForConsent: false,
        },
        friendlyName: "string",
        idleSessionLifetime: 0,
        pictureUrl: "string",
        sandboxVersion: "string",
        sessionCookie: {
            mode: "string",
        },
        sessionLifetime: 0,
        sessions: {
            oidcLogoutPromptEnabled: false,
        },
        supportEmail: "string",
        supportUrl: "string",
    });
    
    type: auth0:Tenant
    properties:
        allowOrganizationNameInAuthenticationApi: false
        allowedLogoutUrls:
            - string
        customizeMfaInPostloginAction: false
        defaultAudience: string
        defaultDirectory: string
        defaultRedirectionUri: string
        enabledLocales:
            - string
        flags:
            allowLegacyDelegationGrantTypes: false
            allowLegacyRoGrantTypes: false
            allowLegacyTokeninfoEndpoint: false
            dashboardInsightsView: false
            dashboardLogStreamsNext: false
            disableClickjackProtectionHeaders: false
            disableFieldsMapFix: false
            disableManagementApiSmsObfuscation: false
            enableAdfsWaadEmailVerification: false
            enableApisSection: false
            enableClientConnections: false
            enableCustomDomainInEmails: false
            enableDynamicClientRegistration: false
            enableIdtokenApi2: false
            enableLegacyLogsSearchV2: false
            enableLegacyProfile: false
            enablePipeline2: false
            enablePublicSignupUserExistsError: false
            mfaShowFactorListOnEnrollment: false
            noDiscloseEnterpriseConnections: false
            requirePushedAuthorizationRequests: false
            revokeRefreshTokenGrant: false
            useScopeDescriptionsForConsent: false
        friendlyName: string
        idleSessionLifetime: 0
        pictureUrl: string
        sandboxVersion: string
        sessionCookie:
            mode: string
        sessionLifetime: 0
        sessions:
            oidcLogoutPromptEnabled: false
        supportEmail: string
        supportUrl: string
    

    Tenant Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The Tenant resource accepts the following input properties:

    AllowOrganizationNameInAuthenticationApi bool
    Whether to accept an organization name instead of an ID on auth endpoints.
    AllowedLogoutUrls List<string>
    URLs that Auth0 may redirect to after logout.
    CustomizeMfaInPostloginAction bool
    Whether to enable flexible factors for MFA in the PostLogin action.
    DefaultAudience string
    API Audience to use by default for API Authorization flows. This setting is equivalent to appending the audience to every authorization request made to the tenant for every application.
    DefaultDirectory string
    Name of the connection to be used for Password Grant exchanges. Options include auth0-adldap, ad, auth0, email, sms, waad, and adfs.
    DefaultRedirectionUri string
    The default absolute redirection URI. Must be HTTPS or an empty string.
    EnabledLocales List<string>
    Supported locales for the user interface. The first locale in the list will be used to set the default locale.
    Flags TenantFlags
    Configuration settings for tenant flags.
    FriendlyName string
    Friendly name for the tenant.
    IdleSessionLifetime double
    Number of hours during which a session can be inactive before the user must log in again.
    PictureUrl string
    URL of logo to be shown for the tenant. Recommended size is 150px x 150px. If no URL is provided, the Auth0 logo will be used.
    SandboxVersion string
    Selected sandbox version for the extensibility environment, which allows you to use custom scripts to extend parts of Auth0's functionality.
    SessionCookie TenantSessionCookie
    Alters behavior of tenant's session cookie. Contains a single mode property.
    SessionLifetime double
    Number of hours during which a session will stay valid.
    Sessions TenantSessions
    Sessions related settings for the tenant.
    SupportEmail string
    Support email address for authenticating users.
    SupportUrl string
    Support URL for authenticating users.
    AllowOrganizationNameInAuthenticationApi bool
    Whether to accept an organization name instead of an ID on auth endpoints.
    AllowedLogoutUrls []string
    URLs that Auth0 may redirect to after logout.
    CustomizeMfaInPostloginAction bool
    Whether to enable flexible factors for MFA in the PostLogin action.
    DefaultAudience string
    API Audience to use by default for API Authorization flows. This setting is equivalent to appending the audience to every authorization request made to the tenant for every application.
    DefaultDirectory string
    Name of the connection to be used for Password Grant exchanges. Options include auth0-adldap, ad, auth0, email, sms, waad, and adfs.
    DefaultRedirectionUri string
    The default absolute redirection URI. Must be HTTPS or an empty string.
    EnabledLocales []string
    Supported locales for the user interface. The first locale in the list will be used to set the default locale.
    Flags TenantFlagsArgs
    Configuration settings for tenant flags.
    FriendlyName string
    Friendly name for the tenant.
    IdleSessionLifetime float64
    Number of hours during which a session can be inactive before the user must log in again.
    PictureUrl string
    URL of logo to be shown for the tenant. Recommended size is 150px x 150px. If no URL is provided, the Auth0 logo will be used.
    SandboxVersion string
    Selected sandbox version for the extensibility environment, which allows you to use custom scripts to extend parts of Auth0's functionality.
    SessionCookie TenantSessionCookieArgs
    Alters behavior of tenant's session cookie. Contains a single mode property.
    SessionLifetime float64
    Number of hours during which a session will stay valid.
    Sessions TenantSessionsArgs
    Sessions related settings for the tenant.
    SupportEmail string
    Support email address for authenticating users.
    SupportUrl string
    Support URL for authenticating users.
    allowOrganizationNameInAuthenticationApi Boolean
    Whether to accept an organization name instead of an ID on auth endpoints.
    allowedLogoutUrls List<String>
    URLs that Auth0 may redirect to after logout.
    customizeMfaInPostloginAction Boolean
    Whether to enable flexible factors for MFA in the PostLogin action.
    defaultAudience String
    API Audience to use by default for API Authorization flows. This setting is equivalent to appending the audience to every authorization request made to the tenant for every application.
    defaultDirectory String
    Name of the connection to be used for Password Grant exchanges. Options include auth0-adldap, ad, auth0, email, sms, waad, and adfs.
    defaultRedirectionUri String
    The default absolute redirection URI. Must be HTTPS or an empty string.
    enabledLocales List<String>
    Supported locales for the user interface. The first locale in the list will be used to set the default locale.
    flags TenantFlags
    Configuration settings for tenant flags.
    friendlyName String
    Friendly name for the tenant.
    idleSessionLifetime Double
    Number of hours during which a session can be inactive before the user must log in again.
    pictureUrl String
    URL of logo to be shown for the tenant. Recommended size is 150px x 150px. If no URL is provided, the Auth0 logo will be used.
    sandboxVersion String
    Selected sandbox version for the extensibility environment, which allows you to use custom scripts to extend parts of Auth0's functionality.
    sessionCookie TenantSessionCookie
    Alters behavior of tenant's session cookie. Contains a single mode property.
    sessionLifetime Double
    Number of hours during which a session will stay valid.
    sessions TenantSessions
    Sessions related settings for the tenant.
    supportEmail String
    Support email address for authenticating users.
    supportUrl String
    Support URL for authenticating users.
    allowOrganizationNameInAuthenticationApi boolean
    Whether to accept an organization name instead of an ID on auth endpoints.
    allowedLogoutUrls string[]
    URLs that Auth0 may redirect to after logout.
    customizeMfaInPostloginAction boolean
    Whether to enable flexible factors for MFA in the PostLogin action.
    defaultAudience string
    API Audience to use by default for API Authorization flows. This setting is equivalent to appending the audience to every authorization request made to the tenant for every application.
    defaultDirectory string
    Name of the connection to be used for Password Grant exchanges. Options include auth0-adldap, ad, auth0, email, sms, waad, and adfs.
    defaultRedirectionUri string
    The default absolute redirection URI. Must be HTTPS or an empty string.
    enabledLocales string[]
    Supported locales for the user interface. The first locale in the list will be used to set the default locale.
    flags TenantFlags
    Configuration settings for tenant flags.
    friendlyName string
    Friendly name for the tenant.
    idleSessionLifetime number
    Number of hours during which a session can be inactive before the user must log in again.
    pictureUrl string
    URL of logo to be shown for the tenant. Recommended size is 150px x 150px. If no URL is provided, the Auth0 logo will be used.
    sandboxVersion string
    Selected sandbox version for the extensibility environment, which allows you to use custom scripts to extend parts of Auth0's functionality.
    sessionCookie TenantSessionCookie
    Alters behavior of tenant's session cookie. Contains a single mode property.
    sessionLifetime number
    Number of hours during which a session will stay valid.
    sessions TenantSessions
    Sessions related settings for the tenant.
    supportEmail string
    Support email address for authenticating users.
    supportUrl string
    Support URL for authenticating users.
    allow_organization_name_in_authentication_api bool
    Whether to accept an organization name instead of an ID on auth endpoints.
    allowed_logout_urls Sequence[str]
    URLs that Auth0 may redirect to after logout.
    customize_mfa_in_postlogin_action bool
    Whether to enable flexible factors for MFA in the PostLogin action.
    default_audience str
    API Audience to use by default for API Authorization flows. This setting is equivalent to appending the audience to every authorization request made to the tenant for every application.
    default_directory str
    Name of the connection to be used for Password Grant exchanges. Options include auth0-adldap, ad, auth0, email, sms, waad, and adfs.
    default_redirection_uri str
    The default absolute redirection URI. Must be HTTPS or an empty string.
    enabled_locales Sequence[str]
    Supported locales for the user interface. The first locale in the list will be used to set the default locale.
    flags TenantFlagsArgs
    Configuration settings for tenant flags.
    friendly_name str
    Friendly name for the tenant.
    idle_session_lifetime float
    Number of hours during which a session can be inactive before the user must log in again.
    picture_url str
    URL of logo to be shown for the tenant. Recommended size is 150px x 150px. If no URL is provided, the Auth0 logo will be used.
    sandbox_version str
    Selected sandbox version for the extensibility environment, which allows you to use custom scripts to extend parts of Auth0's functionality.
    session_cookie TenantSessionCookieArgs
    Alters behavior of tenant's session cookie. Contains a single mode property.
    session_lifetime float
    Number of hours during which a session will stay valid.
    sessions TenantSessionsArgs
    Sessions related settings for the tenant.
    support_email str
    Support email address for authenticating users.
    support_url str
    Support URL for authenticating users.
    allowOrganizationNameInAuthenticationApi Boolean
    Whether to accept an organization name instead of an ID on auth endpoints.
    allowedLogoutUrls List<String>
    URLs that Auth0 may redirect to after logout.
    customizeMfaInPostloginAction Boolean
    Whether to enable flexible factors for MFA in the PostLogin action.
    defaultAudience String
    API Audience to use by default for API Authorization flows. This setting is equivalent to appending the audience to every authorization request made to the tenant for every application.
    defaultDirectory String
    Name of the connection to be used for Password Grant exchanges. Options include auth0-adldap, ad, auth0, email, sms, waad, and adfs.
    defaultRedirectionUri String
    The default absolute redirection URI. Must be HTTPS or an empty string.
    enabledLocales List<String>
    Supported locales for the user interface. The first locale in the list will be used to set the default locale.
    flags Property Map
    Configuration settings for tenant flags.
    friendlyName String
    Friendly name for the tenant.
    idleSessionLifetime Number
    Number of hours during which a session can be inactive before the user must log in again.
    pictureUrl String
    URL of logo to be shown for the tenant. Recommended size is 150px x 150px. If no URL is provided, the Auth0 logo will be used.
    sandboxVersion String
    Selected sandbox version for the extensibility environment, which allows you to use custom scripts to extend parts of Auth0's functionality.
    sessionCookie Property Map
    Alters behavior of tenant's session cookie. Contains a single mode property.
    sessionLifetime Number
    Number of hours during which a session will stay valid.
    sessions Property Map
    Sessions related settings for the tenant.
    supportEmail String
    Support email address for authenticating users.
    supportUrl String
    Support URL for authenticating users.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Tenant resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing Tenant Resource

    Get an existing Tenant resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: TenantState, opts?: CustomResourceOptions): Tenant
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            allow_organization_name_in_authentication_api: Optional[bool] = None,
            allowed_logout_urls: Optional[Sequence[str]] = None,
            customize_mfa_in_postlogin_action: Optional[bool] = None,
            default_audience: Optional[str] = None,
            default_directory: Optional[str] = None,
            default_redirection_uri: Optional[str] = None,
            enabled_locales: Optional[Sequence[str]] = None,
            flags: Optional[TenantFlagsArgs] = None,
            friendly_name: Optional[str] = None,
            idle_session_lifetime: Optional[float] = None,
            picture_url: Optional[str] = None,
            sandbox_version: Optional[str] = None,
            session_cookie: Optional[TenantSessionCookieArgs] = None,
            session_lifetime: Optional[float] = None,
            sessions: Optional[TenantSessionsArgs] = None,
            support_email: Optional[str] = None,
            support_url: Optional[str] = None) -> Tenant
    func GetTenant(ctx *Context, name string, id IDInput, state *TenantState, opts ...ResourceOption) (*Tenant, error)
    public static Tenant Get(string name, Input<string> id, TenantState? state, CustomResourceOptions? opts = null)
    public static Tenant get(String name, Output<String> id, TenantState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AllowOrganizationNameInAuthenticationApi bool
    Whether to accept an organization name instead of an ID on auth endpoints.
    AllowedLogoutUrls List<string>
    URLs that Auth0 may redirect to after logout.
    CustomizeMfaInPostloginAction bool
    Whether to enable flexible factors for MFA in the PostLogin action.
    DefaultAudience string
    API Audience to use by default for API Authorization flows. This setting is equivalent to appending the audience to every authorization request made to the tenant for every application.
    DefaultDirectory string
    Name of the connection to be used for Password Grant exchanges. Options include auth0-adldap, ad, auth0, email, sms, waad, and adfs.
    DefaultRedirectionUri string
    The default absolute redirection URI. Must be HTTPS or an empty string.
    EnabledLocales List<string>
    Supported locales for the user interface. The first locale in the list will be used to set the default locale.
    Flags TenantFlags
    Configuration settings for tenant flags.
    FriendlyName string
    Friendly name for the tenant.
    IdleSessionLifetime double
    Number of hours during which a session can be inactive before the user must log in again.
    PictureUrl string
    URL of logo to be shown for the tenant. Recommended size is 150px x 150px. If no URL is provided, the Auth0 logo will be used.
    SandboxVersion string
    Selected sandbox version for the extensibility environment, which allows you to use custom scripts to extend parts of Auth0's functionality.
    SessionCookie TenantSessionCookie
    Alters behavior of tenant's session cookie. Contains a single mode property.
    SessionLifetime double
    Number of hours during which a session will stay valid.
    Sessions TenantSessions
    Sessions related settings for the tenant.
    SupportEmail string
    Support email address for authenticating users.
    SupportUrl string
    Support URL for authenticating users.
    AllowOrganizationNameInAuthenticationApi bool
    Whether to accept an organization name instead of an ID on auth endpoints.
    AllowedLogoutUrls []string
    URLs that Auth0 may redirect to after logout.
    CustomizeMfaInPostloginAction bool
    Whether to enable flexible factors for MFA in the PostLogin action.
    DefaultAudience string
    API Audience to use by default for API Authorization flows. This setting is equivalent to appending the audience to every authorization request made to the tenant for every application.
    DefaultDirectory string
    Name of the connection to be used for Password Grant exchanges. Options include auth0-adldap, ad, auth0, email, sms, waad, and adfs.
    DefaultRedirectionUri string
    The default absolute redirection URI. Must be HTTPS or an empty string.
    EnabledLocales []string
    Supported locales for the user interface. The first locale in the list will be used to set the default locale.
    Flags TenantFlagsArgs
    Configuration settings for tenant flags.
    FriendlyName string
    Friendly name for the tenant.
    IdleSessionLifetime float64
    Number of hours during which a session can be inactive before the user must log in again.
    PictureUrl string
    URL of logo to be shown for the tenant. Recommended size is 150px x 150px. If no URL is provided, the Auth0 logo will be used.
    SandboxVersion string
    Selected sandbox version for the extensibility environment, which allows you to use custom scripts to extend parts of Auth0's functionality.
    SessionCookie TenantSessionCookieArgs
    Alters behavior of tenant's session cookie. Contains a single mode property.
    SessionLifetime float64
    Number of hours during which a session will stay valid.
    Sessions TenantSessionsArgs
    Sessions related settings for the tenant.
    SupportEmail string
    Support email address for authenticating users.
    SupportUrl string
    Support URL for authenticating users.
    allowOrganizationNameInAuthenticationApi Boolean
    Whether to accept an organization name instead of an ID on auth endpoints.
    allowedLogoutUrls List<String>
    URLs that Auth0 may redirect to after logout.
    customizeMfaInPostloginAction Boolean
    Whether to enable flexible factors for MFA in the PostLogin action.
    defaultAudience String
    API Audience to use by default for API Authorization flows. This setting is equivalent to appending the audience to every authorization request made to the tenant for every application.
    defaultDirectory String
    Name of the connection to be used for Password Grant exchanges. Options include auth0-adldap, ad, auth0, email, sms, waad, and adfs.
    defaultRedirectionUri String
    The default absolute redirection URI. Must be HTTPS or an empty string.
    enabledLocales List<String>
    Supported locales for the user interface. The first locale in the list will be used to set the default locale.
    flags TenantFlags
    Configuration settings for tenant flags.
    friendlyName String
    Friendly name for the tenant.
    idleSessionLifetime Double
    Number of hours during which a session can be inactive before the user must log in again.
    pictureUrl String
    URL of logo to be shown for the tenant. Recommended size is 150px x 150px. If no URL is provided, the Auth0 logo will be used.
    sandboxVersion String
    Selected sandbox version for the extensibility environment, which allows you to use custom scripts to extend parts of Auth0's functionality.
    sessionCookie TenantSessionCookie
    Alters behavior of tenant's session cookie. Contains a single mode property.
    sessionLifetime Double
    Number of hours during which a session will stay valid.
    sessions TenantSessions
    Sessions related settings for the tenant.
    supportEmail String
    Support email address for authenticating users.
    supportUrl String
    Support URL for authenticating users.
    allowOrganizationNameInAuthenticationApi boolean
    Whether to accept an organization name instead of an ID on auth endpoints.
    allowedLogoutUrls string[]
    URLs that Auth0 may redirect to after logout.
    customizeMfaInPostloginAction boolean
    Whether to enable flexible factors for MFA in the PostLogin action.
    defaultAudience string
    API Audience to use by default for API Authorization flows. This setting is equivalent to appending the audience to every authorization request made to the tenant for every application.
    defaultDirectory string
    Name of the connection to be used for Password Grant exchanges. Options include auth0-adldap, ad, auth0, email, sms, waad, and adfs.
    defaultRedirectionUri string
    The default absolute redirection URI. Must be HTTPS or an empty string.
    enabledLocales string[]
    Supported locales for the user interface. The first locale in the list will be used to set the default locale.
    flags TenantFlags
    Configuration settings for tenant flags.
    friendlyName string
    Friendly name for the tenant.
    idleSessionLifetime number
    Number of hours during which a session can be inactive before the user must log in again.
    pictureUrl string
    URL of logo to be shown for the tenant. Recommended size is 150px x 150px. If no URL is provided, the Auth0 logo will be used.
    sandboxVersion string
    Selected sandbox version for the extensibility environment, which allows you to use custom scripts to extend parts of Auth0's functionality.
    sessionCookie TenantSessionCookie
    Alters behavior of tenant's session cookie. Contains a single mode property.
    sessionLifetime number
    Number of hours during which a session will stay valid.
    sessions TenantSessions
    Sessions related settings for the tenant.
    supportEmail string
    Support email address for authenticating users.
    supportUrl string
    Support URL for authenticating users.
    allow_organization_name_in_authentication_api bool
    Whether to accept an organization name instead of an ID on auth endpoints.
    allowed_logout_urls Sequence[str]
    URLs that Auth0 may redirect to after logout.
    customize_mfa_in_postlogin_action bool
    Whether to enable flexible factors for MFA in the PostLogin action.
    default_audience str
    API Audience to use by default for API Authorization flows. This setting is equivalent to appending the audience to every authorization request made to the tenant for every application.
    default_directory str
    Name of the connection to be used for Password Grant exchanges. Options include auth0-adldap, ad, auth0, email, sms, waad, and adfs.
    default_redirection_uri str
    The default absolute redirection URI. Must be HTTPS or an empty string.
    enabled_locales Sequence[str]
    Supported locales for the user interface. The first locale in the list will be used to set the default locale.
    flags TenantFlagsArgs
    Configuration settings for tenant flags.
    friendly_name str
    Friendly name for the tenant.
    idle_session_lifetime float
    Number of hours during which a session can be inactive before the user must log in again.
    picture_url str
    URL of logo to be shown for the tenant. Recommended size is 150px x 150px. If no URL is provided, the Auth0 logo will be used.
    sandbox_version str
    Selected sandbox version for the extensibility environment, which allows you to use custom scripts to extend parts of Auth0's functionality.
    session_cookie TenantSessionCookieArgs
    Alters behavior of tenant's session cookie. Contains a single mode property.
    session_lifetime float
    Number of hours during which a session will stay valid.
    sessions TenantSessionsArgs
    Sessions related settings for the tenant.
    support_email str
    Support email address for authenticating users.
    support_url str
    Support URL for authenticating users.
    allowOrganizationNameInAuthenticationApi Boolean
    Whether to accept an organization name instead of an ID on auth endpoints.
    allowedLogoutUrls List<String>
    URLs that Auth0 may redirect to after logout.
    customizeMfaInPostloginAction Boolean
    Whether to enable flexible factors for MFA in the PostLogin action.
    defaultAudience String
    API Audience to use by default for API Authorization flows. This setting is equivalent to appending the audience to every authorization request made to the tenant for every application.
    defaultDirectory String
    Name of the connection to be used for Password Grant exchanges. Options include auth0-adldap, ad, auth0, email, sms, waad, and adfs.
    defaultRedirectionUri String
    The default absolute redirection URI. Must be HTTPS or an empty string.
    enabledLocales List<String>
    Supported locales for the user interface. The first locale in the list will be used to set the default locale.
    flags Property Map
    Configuration settings for tenant flags.
    friendlyName String
    Friendly name for the tenant.
    idleSessionLifetime Number
    Number of hours during which a session can be inactive before the user must log in again.
    pictureUrl String
    URL of logo to be shown for the tenant. Recommended size is 150px x 150px. If no URL is provided, the Auth0 logo will be used.
    sandboxVersion String
    Selected sandbox version for the extensibility environment, which allows you to use custom scripts to extend parts of Auth0's functionality.
    sessionCookie Property Map
    Alters behavior of tenant's session cookie. Contains a single mode property.
    sessionLifetime Number
    Number of hours during which a session will stay valid.
    sessions Property Map
    Sessions related settings for the tenant.
    supportEmail String
    Support email address for authenticating users.
    supportUrl String
    Support URL for authenticating users.

    Supporting Types

    TenantFlags, TenantFlagsArgs

    AllowLegacyDelegationGrantTypes bool
    Whether the legacy delegation endpoint will be enabled for your account (true) or not available (false).
    AllowLegacyRoGrantTypes bool
    Whether the legacy auth/ro endpoint (used with resource owner password and passwordless features) will be enabled for your account (true) or not available (false).
    AllowLegacyTokeninfoEndpoint bool
    If enabled, customers can use Tokeninfo Endpoint, otherwise they can not use it.
    DashboardInsightsView bool
    Enables new insights activity page view.
    DashboardLogStreamsNext bool
    Enables beta access to log streaming changes.
    DisableClickjackProtectionHeaders bool
    Indicates whether classic Universal Login prompts include additional security headers to prevent clickjacking.
    DisableFieldsMapFix bool
    Disables SAML fields map fix for bad mappings with repeated attributes.
    DisableManagementApiSmsObfuscation bool
    If true, SMS phone numbers will not be obfuscated in Management API GET calls.
    EnableAdfsWaadEmailVerification bool
    If enabled, users will be presented with an email verification prompt during their first login when using Azure AD or ADFS connections.
    EnableApisSection bool
    Indicates whether the APIs section is enabled for the tenant.
    EnableClientConnections bool
    Indicates whether all current connections should be enabled when a new client is created.
    EnableCustomDomainInEmails bool
    Indicates whether the tenant allows custom domains in emails. Before enabling this flag, you must have a custom domain with status: ready.
    EnableDynamicClientRegistration bool
    Indicates whether the tenant allows dynamic client registration.
    EnableIdtokenApi2 bool
    Whether ID tokens can be used to authorize some types of requests to API v2 (true) or not (false).
    EnableLegacyLogsSearchV2 bool
    Indicates whether to use the older v2 legacy logs search.
    EnableLegacyProfile bool
    Whether ID tokens and the userinfo endpoint includes a complete user profile (true) or only OpenID Connect claims (false).
    EnablePipeline2 bool
    Indicates whether advanced API Authorization scenarios are enabled.
    EnablePublicSignupUserExistsError bool
    Indicates whether the public sign up process shows a user_exists error if the user already exists.
    MfaShowFactorListOnEnrollment bool
    Used to allow users to pick which factor to enroll with from the list of available MFA factors.
    NoDiscloseEnterpriseConnections bool
    Do not Publish Enterprise Connections Information with IdP domains on the lock configuration file.
    RequirePushedAuthorizationRequests bool
    Makes the use of Pushed Authorization Requests mandatory for all clients across the tenant. This feature currently needs to be enabled on the tenant in order to make use of it.
    RevokeRefreshTokenGrant bool
    Delete underlying grant when a refresh token is revoked via the Authentication API.
    UseScopeDescriptionsForConsent bool
    Indicates whether to use scope descriptions for consent.
    AllowLegacyDelegationGrantTypes bool
    Whether the legacy delegation endpoint will be enabled for your account (true) or not available (false).
    AllowLegacyRoGrantTypes bool
    Whether the legacy auth/ro endpoint (used with resource owner password and passwordless features) will be enabled for your account (true) or not available (false).
    AllowLegacyTokeninfoEndpoint bool
    If enabled, customers can use Tokeninfo Endpoint, otherwise they can not use it.
    DashboardInsightsView bool
    Enables new insights activity page view.
    DashboardLogStreamsNext bool
    Enables beta access to log streaming changes.
    DisableClickjackProtectionHeaders bool
    Indicates whether classic Universal Login prompts include additional security headers to prevent clickjacking.
    DisableFieldsMapFix bool
    Disables SAML fields map fix for bad mappings with repeated attributes.
    DisableManagementApiSmsObfuscation bool
    If true, SMS phone numbers will not be obfuscated in Management API GET calls.
    EnableAdfsWaadEmailVerification bool
    If enabled, users will be presented with an email verification prompt during their first login when using Azure AD or ADFS connections.
    EnableApisSection bool
    Indicates whether the APIs section is enabled for the tenant.
    EnableClientConnections bool
    Indicates whether all current connections should be enabled when a new client is created.
    EnableCustomDomainInEmails bool
    Indicates whether the tenant allows custom domains in emails. Before enabling this flag, you must have a custom domain with status: ready.
    EnableDynamicClientRegistration bool
    Indicates whether the tenant allows dynamic client registration.
    EnableIdtokenApi2 bool
    Whether ID tokens can be used to authorize some types of requests to API v2 (true) or not (false).
    EnableLegacyLogsSearchV2 bool
    Indicates whether to use the older v2 legacy logs search.
    EnableLegacyProfile bool
    Whether ID tokens and the userinfo endpoint includes a complete user profile (true) or only OpenID Connect claims (false).
    EnablePipeline2 bool
    Indicates whether advanced API Authorization scenarios are enabled.
    EnablePublicSignupUserExistsError bool
    Indicates whether the public sign up process shows a user_exists error if the user already exists.
    MfaShowFactorListOnEnrollment bool
    Used to allow users to pick which factor to enroll with from the list of available MFA factors.
    NoDiscloseEnterpriseConnections bool
    Do not Publish Enterprise Connections Information with IdP domains on the lock configuration file.
    RequirePushedAuthorizationRequests bool
    Makes the use of Pushed Authorization Requests mandatory for all clients across the tenant. This feature currently needs to be enabled on the tenant in order to make use of it.
    RevokeRefreshTokenGrant bool
    Delete underlying grant when a refresh token is revoked via the Authentication API.
    UseScopeDescriptionsForConsent bool
    Indicates whether to use scope descriptions for consent.
    allowLegacyDelegationGrantTypes Boolean
    Whether the legacy delegation endpoint will be enabled for your account (true) or not available (false).
    allowLegacyRoGrantTypes Boolean
    Whether the legacy auth/ro endpoint (used with resource owner password and passwordless features) will be enabled for your account (true) or not available (false).
    allowLegacyTokeninfoEndpoint Boolean
    If enabled, customers can use Tokeninfo Endpoint, otherwise they can not use it.
    dashboardInsightsView Boolean
    Enables new insights activity page view.
    dashboardLogStreamsNext Boolean
    Enables beta access to log streaming changes.
    disableClickjackProtectionHeaders Boolean
    Indicates whether classic Universal Login prompts include additional security headers to prevent clickjacking.
    disableFieldsMapFix Boolean
    Disables SAML fields map fix for bad mappings with repeated attributes.
    disableManagementApiSmsObfuscation Boolean
    If true, SMS phone numbers will not be obfuscated in Management API GET calls.
    enableAdfsWaadEmailVerification Boolean
    If enabled, users will be presented with an email verification prompt during their first login when using Azure AD or ADFS connections.
    enableApisSection Boolean
    Indicates whether the APIs section is enabled for the tenant.
    enableClientConnections Boolean
    Indicates whether all current connections should be enabled when a new client is created.
    enableCustomDomainInEmails Boolean
    Indicates whether the tenant allows custom domains in emails. Before enabling this flag, you must have a custom domain with status: ready.
    enableDynamicClientRegistration Boolean
    Indicates whether the tenant allows dynamic client registration.
    enableIdtokenApi2 Boolean
    Whether ID tokens can be used to authorize some types of requests to API v2 (true) or not (false).
    enableLegacyLogsSearchV2 Boolean
    Indicates whether to use the older v2 legacy logs search.
    enableLegacyProfile Boolean
    Whether ID tokens and the userinfo endpoint includes a complete user profile (true) or only OpenID Connect claims (false).
    enablePipeline2 Boolean
    Indicates whether advanced API Authorization scenarios are enabled.
    enablePublicSignupUserExistsError Boolean
    Indicates whether the public sign up process shows a user_exists error if the user already exists.
    mfaShowFactorListOnEnrollment Boolean
    Used to allow users to pick which factor to enroll with from the list of available MFA factors.
    noDiscloseEnterpriseConnections Boolean
    Do not Publish Enterprise Connections Information with IdP domains on the lock configuration file.
    requirePushedAuthorizationRequests Boolean
    Makes the use of Pushed Authorization Requests mandatory for all clients across the tenant. This feature currently needs to be enabled on the tenant in order to make use of it.
    revokeRefreshTokenGrant Boolean
    Delete underlying grant when a refresh token is revoked via the Authentication API.
    useScopeDescriptionsForConsent Boolean
    Indicates whether to use scope descriptions for consent.
    allowLegacyDelegationGrantTypes boolean
    Whether the legacy delegation endpoint will be enabled for your account (true) or not available (false).
    allowLegacyRoGrantTypes boolean
    Whether the legacy auth/ro endpoint (used with resource owner password and passwordless features) will be enabled for your account (true) or not available (false).
    allowLegacyTokeninfoEndpoint boolean
    If enabled, customers can use Tokeninfo Endpoint, otherwise they can not use it.
    dashboardInsightsView boolean
    Enables new insights activity page view.
    dashboardLogStreamsNext boolean
    Enables beta access to log streaming changes.
    disableClickjackProtectionHeaders boolean
    Indicates whether classic Universal Login prompts include additional security headers to prevent clickjacking.
    disableFieldsMapFix boolean
    Disables SAML fields map fix for bad mappings with repeated attributes.
    disableManagementApiSmsObfuscation boolean
    If true, SMS phone numbers will not be obfuscated in Management API GET calls.
    enableAdfsWaadEmailVerification boolean
    If enabled, users will be presented with an email verification prompt during their first login when using Azure AD or ADFS connections.
    enableApisSection boolean
    Indicates whether the APIs section is enabled for the tenant.
    enableClientConnections boolean
    Indicates whether all current connections should be enabled when a new client is created.
    enableCustomDomainInEmails boolean
    Indicates whether the tenant allows custom domains in emails. Before enabling this flag, you must have a custom domain with status: ready.
    enableDynamicClientRegistration boolean
    Indicates whether the tenant allows dynamic client registration.
    enableIdtokenApi2 boolean
    Whether ID tokens can be used to authorize some types of requests to API v2 (true) or not (false).
    enableLegacyLogsSearchV2 boolean
    Indicates whether to use the older v2 legacy logs search.
    enableLegacyProfile boolean
    Whether ID tokens and the userinfo endpoint includes a complete user profile (true) or only OpenID Connect claims (false).
    enablePipeline2 boolean
    Indicates whether advanced API Authorization scenarios are enabled.
    enablePublicSignupUserExistsError boolean
    Indicates whether the public sign up process shows a user_exists error if the user already exists.
    mfaShowFactorListOnEnrollment boolean
    Used to allow users to pick which factor to enroll with from the list of available MFA factors.
    noDiscloseEnterpriseConnections boolean
    Do not Publish Enterprise Connections Information with IdP domains on the lock configuration file.
    requirePushedAuthorizationRequests boolean
    Makes the use of Pushed Authorization Requests mandatory for all clients across the tenant. This feature currently needs to be enabled on the tenant in order to make use of it.
    revokeRefreshTokenGrant boolean
    Delete underlying grant when a refresh token is revoked via the Authentication API.
    useScopeDescriptionsForConsent boolean
    Indicates whether to use scope descriptions for consent.
    allow_legacy_delegation_grant_types bool
    Whether the legacy delegation endpoint will be enabled for your account (true) or not available (false).
    allow_legacy_ro_grant_types bool
    Whether the legacy auth/ro endpoint (used with resource owner password and passwordless features) will be enabled for your account (true) or not available (false).
    allow_legacy_tokeninfo_endpoint bool
    If enabled, customers can use Tokeninfo Endpoint, otherwise they can not use it.
    dashboard_insights_view bool
    Enables new insights activity page view.
    dashboard_log_streams_next bool
    Enables beta access to log streaming changes.
    disable_clickjack_protection_headers bool
    Indicates whether classic Universal Login prompts include additional security headers to prevent clickjacking.
    disable_fields_map_fix bool
    Disables SAML fields map fix for bad mappings with repeated attributes.
    disable_management_api_sms_obfuscation bool
    If true, SMS phone numbers will not be obfuscated in Management API GET calls.
    enable_adfs_waad_email_verification bool
    If enabled, users will be presented with an email verification prompt during their first login when using Azure AD or ADFS connections.
    enable_apis_section bool
    Indicates whether the APIs section is enabled for the tenant.
    enable_client_connections bool
    Indicates whether all current connections should be enabled when a new client is created.
    enable_custom_domain_in_emails bool
    Indicates whether the tenant allows custom domains in emails. Before enabling this flag, you must have a custom domain with status: ready.
    enable_dynamic_client_registration bool
    Indicates whether the tenant allows dynamic client registration.
    enable_idtoken_api2 bool
    Whether ID tokens can be used to authorize some types of requests to API v2 (true) or not (false).
    enable_legacy_logs_search_v2 bool
    Indicates whether to use the older v2 legacy logs search.
    enable_legacy_profile bool
    Whether ID tokens and the userinfo endpoint includes a complete user profile (true) or only OpenID Connect claims (false).
    enable_pipeline2 bool
    Indicates whether advanced API Authorization scenarios are enabled.
    enable_public_signup_user_exists_error bool
    Indicates whether the public sign up process shows a user_exists error if the user already exists.
    mfa_show_factor_list_on_enrollment bool
    Used to allow users to pick which factor to enroll with from the list of available MFA factors.
    no_disclose_enterprise_connections bool
    Do not Publish Enterprise Connections Information with IdP domains on the lock configuration file.
    require_pushed_authorization_requests bool
    Makes the use of Pushed Authorization Requests mandatory for all clients across the tenant. This feature currently needs to be enabled on the tenant in order to make use of it.
    revoke_refresh_token_grant bool
    Delete underlying grant when a refresh token is revoked via the Authentication API.
    use_scope_descriptions_for_consent bool
    Indicates whether to use scope descriptions for consent.
    allowLegacyDelegationGrantTypes Boolean
    Whether the legacy delegation endpoint will be enabled for your account (true) or not available (false).
    allowLegacyRoGrantTypes Boolean
    Whether the legacy auth/ro endpoint (used with resource owner password and passwordless features) will be enabled for your account (true) or not available (false).
    allowLegacyTokeninfoEndpoint Boolean
    If enabled, customers can use Tokeninfo Endpoint, otherwise they can not use it.
    dashboardInsightsView Boolean
    Enables new insights activity page view.
    dashboardLogStreamsNext Boolean
    Enables beta access to log streaming changes.
    disableClickjackProtectionHeaders Boolean
    Indicates whether classic Universal Login prompts include additional security headers to prevent clickjacking.
    disableFieldsMapFix Boolean
    Disables SAML fields map fix for bad mappings with repeated attributes.
    disableManagementApiSmsObfuscation Boolean
    If true, SMS phone numbers will not be obfuscated in Management API GET calls.
    enableAdfsWaadEmailVerification Boolean
    If enabled, users will be presented with an email verification prompt during their first login when using Azure AD or ADFS connections.
    enableApisSection Boolean
    Indicates whether the APIs section is enabled for the tenant.
    enableClientConnections Boolean
    Indicates whether all current connections should be enabled when a new client is created.
    enableCustomDomainInEmails Boolean
    Indicates whether the tenant allows custom domains in emails. Before enabling this flag, you must have a custom domain with status: ready.
    enableDynamicClientRegistration Boolean
    Indicates whether the tenant allows dynamic client registration.
    enableIdtokenApi2 Boolean
    Whether ID tokens can be used to authorize some types of requests to API v2 (true) or not (false).
    enableLegacyLogsSearchV2 Boolean
    Indicates whether to use the older v2 legacy logs search.
    enableLegacyProfile Boolean
    Whether ID tokens and the userinfo endpoint includes a complete user profile (true) or only OpenID Connect claims (false).
    enablePipeline2 Boolean
    Indicates whether advanced API Authorization scenarios are enabled.
    enablePublicSignupUserExistsError Boolean
    Indicates whether the public sign up process shows a user_exists error if the user already exists.
    mfaShowFactorListOnEnrollment Boolean
    Used to allow users to pick which factor to enroll with from the list of available MFA factors.
    noDiscloseEnterpriseConnections Boolean
    Do not Publish Enterprise Connections Information with IdP domains on the lock configuration file.
    requirePushedAuthorizationRequests Boolean
    Makes the use of Pushed Authorization Requests mandatory for all clients across the tenant. This feature currently needs to be enabled on the tenant in order to make use of it.
    revokeRefreshTokenGrant Boolean
    Delete underlying grant when a refresh token is revoked via the Authentication API.
    useScopeDescriptionsForConsent Boolean
    Indicates whether to use scope descriptions for consent.

    TenantSessionCookie, TenantSessionCookieArgs

    Mode string
    Behavior of tenant session cookie. Accepts either "persistent" or "non-persistent".
    Mode string
    Behavior of tenant session cookie. Accepts either "persistent" or "non-persistent".
    mode String
    Behavior of tenant session cookie. Accepts either "persistent" or "non-persistent".
    mode string
    Behavior of tenant session cookie. Accepts either "persistent" or "non-persistent".
    mode str
    Behavior of tenant session cookie. Accepts either "persistent" or "non-persistent".
    mode String
    Behavior of tenant session cookie. Accepts either "persistent" or "non-persistent".

    TenantSessions, TenantSessionsArgs

    OidcLogoutPromptEnabled bool
    When active, users will be presented with a consent prompt to confirm the logout request if the request is not trustworthy. Turn off the consent prompt to bypass user confirmation.
    OidcLogoutPromptEnabled bool
    When active, users will be presented with a consent prompt to confirm the logout request if the request is not trustworthy. Turn off the consent prompt to bypass user confirmation.
    oidcLogoutPromptEnabled Boolean
    When active, users will be presented with a consent prompt to confirm the logout request if the request is not trustworthy. Turn off the consent prompt to bypass user confirmation.
    oidcLogoutPromptEnabled boolean
    When active, users will be presented with a consent prompt to confirm the logout request if the request is not trustworthy. Turn off the consent prompt to bypass user confirmation.
    oidc_logout_prompt_enabled bool
    When active, users will be presented with a consent prompt to confirm the logout request if the request is not trustworthy. Turn off the consent prompt to bypass user confirmation.
    oidcLogoutPromptEnabled Boolean
    When active, users will be presented with a consent prompt to confirm the logout request if the request is not trustworthy. Turn off the consent prompt to bypass user confirmation.

    Import

    As this is not a resource identifiable by an ID within the Auth0 Management API,

    tenant can be imported using a random string.

    We recommend Version 4 UUID

    Example:

    $ pulumi import auth0:index/tenant:Tenant my_tenant "82f4f21b-017a-319d-92e7-2291c1ca36c4"
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Auth0 pulumi/pulumi-auth0
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the auth0 Terraform Provider.
    auth0 logo
    Auth0 v3.3.3 published on Monday, Jun 3, 2024 by Pulumi