Viewing docs for Auth0 v2.24.3 (Older version)
published on Monday, Mar 9, 2026 by Pulumi
published on Monday, Mar 9, 2026 by Pulumi
Viewing docs for Auth0 v2.24.3 (Older version)
published on Monday, Mar 9, 2026 by Pulumi
published on Monday, Mar 9, 2026 by Pulumi
With this resource, you can manage Auth0 tenants, including setting logos and support contact information, setting error pages, and configuring default tenant behaviors.
Creating tenants through the Management API is not currently supported. Therefore, this resource can only manage an existing tenant created through the Auth0 dashboard.
Example Usage
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Auth0 = Pulumi.Auth0;
return await Deployment.RunAsync(() =>
{
var myTenant = new Auth0.Tenant("myTenant", new()
{
AllowedLogoutUrls = new[]
{
"http://example.com/logout",
},
ChangePassword = new Auth0.Inputs.TenantChangePasswordArgs
{
Enabled = true,
Html = "<html>Change Password</html>",
},
DefaultRedirectionUri = "https://example.com/login",
EnabledLocales = new[]
{
"en",
},
ErrorPage = new Auth0.Inputs.TenantErrorPageArgs
{
Html = "<html>Error Page</html>",
ShowLogLink = true,
Url = "https://example.com/errors",
},
Flags = new Auth0.Inputs.TenantFlagsArgs
{
DisableClickjackProtectionHeaders = true,
DisableFieldsMapFix = false,
DisableManagementApiSmsObfuscation = false,
EnablePublicSignupUserExistsError = true,
NoDiscloseEnterpriseConnections = false,
UniversalLogin = true,
UseScopeDescriptionsForConsent = true,
},
FriendlyName = "Tenant Name",
GuardianMfaPage = new Auth0.Inputs.TenantGuardianMfaPageArgs
{
Enabled = true,
Html = "<html>MFA</html>",
},
PictureUrl = "http://example.com/logo.png",
SandboxVersion = "12",
SessionCookie = new Auth0.Inputs.TenantSessionCookieArgs
{
Mode = "non-persistent",
},
SessionLifetime = 8760,
SupportEmail = "support@example.com",
SupportUrl = "http://example.com/support",
UniversalLogin = new Auth0.Inputs.TenantUniversalLoginArgs
{
Colors = new Auth0.Inputs.TenantUniversalLoginColorsArgs
{
PageBackground = "#000000",
Primary = "#0059d6",
},
},
});
});
package main
import (
"github.com/pulumi/pulumi-auth0/sdk/v2/go/auth0"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := auth0.NewTenant(ctx, "myTenant", &auth0.TenantArgs{
AllowedLogoutUrls: pulumi.StringArray{
pulumi.String("http://example.com/logout"),
},
ChangePassword: &auth0.TenantChangePasswordArgs{
Enabled: pulumi.Bool(true),
Html: pulumi.String("<html>Change Password</html>"),
},
DefaultRedirectionUri: pulumi.String("https://example.com/login"),
EnabledLocales: pulumi.StringArray{
pulumi.String("en"),
},
ErrorPage: &auth0.TenantErrorPageArgs{
Html: pulumi.String("<html>Error Page</html>"),
ShowLogLink: pulumi.Bool(true),
Url: pulumi.String("https://example.com/errors"),
},
Flags: &auth0.TenantFlagsArgs{
DisableClickjackProtectionHeaders: pulumi.Bool(true),
DisableFieldsMapFix: pulumi.Bool(false),
DisableManagementApiSmsObfuscation: pulumi.Bool(false),
EnablePublicSignupUserExistsError: pulumi.Bool(true),
NoDiscloseEnterpriseConnections: pulumi.Bool(false),
UniversalLogin: pulumi.Bool(true),
UseScopeDescriptionsForConsent: pulumi.Bool(true),
},
FriendlyName: pulumi.String("Tenant Name"),
GuardianMfaPage: &auth0.TenantGuardianMfaPageArgs{
Enabled: pulumi.Bool(true),
Html: pulumi.String("<html>MFA</html>"),
},
PictureUrl: pulumi.String("http://example.com/logo.png"),
SandboxVersion: pulumi.String("12"),
SessionCookie: &auth0.TenantSessionCookieArgs{
Mode: pulumi.String("non-persistent"),
},
SessionLifetime: pulumi.Float64(8760),
SupportEmail: pulumi.String("support@example.com"),
SupportUrl: pulumi.String("http://example.com/support"),
UniversalLogin: &auth0.TenantUniversalLoginArgs{
Colors: &auth0.TenantUniversalLoginColorsArgs{
PageBackground: pulumi.String("#000000"),
Primary: pulumi.String("#0059d6"),
},
},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Tenant;
import com.pulumi.auth0.TenantArgs;
import com.pulumi.auth0.inputs.TenantChangePasswordArgs;
import com.pulumi.auth0.inputs.TenantErrorPageArgs;
import com.pulumi.auth0.inputs.TenantFlagsArgs;
import com.pulumi.auth0.inputs.TenantGuardianMfaPageArgs;
import com.pulumi.auth0.inputs.TenantSessionCookieArgs;
import com.pulumi.auth0.inputs.TenantUniversalLoginArgs;
import com.pulumi.auth0.inputs.TenantUniversalLoginColorsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var myTenant = new Tenant("myTenant", TenantArgs.builder()
.allowedLogoutUrls("http://example.com/logout")
.changePassword(TenantChangePasswordArgs.builder()
.enabled(true)
.html("<html>Change Password</html>")
.build())
.defaultRedirectionUri("https://example.com/login")
.enabledLocales("en")
.errorPage(TenantErrorPageArgs.builder()
.html("<html>Error Page</html>")
.showLogLink(true)
.url("https://example.com/errors")
.build())
.flags(TenantFlagsArgs.builder()
.disableClickjackProtectionHeaders(true)
.disableFieldsMapFix(false)
.disableManagementApiSmsObfuscation(false)
.enablePublicSignupUserExistsError(true)
.noDiscloseEnterpriseConnections(false)
.universalLogin(true)
.useScopeDescriptionsForConsent(true)
.build())
.friendlyName("Tenant Name")
.guardianMfaPage(TenantGuardianMfaPageArgs.builder()
.enabled(true)
.html("<html>MFA</html>")
.build())
.pictureUrl("http://example.com/logo.png")
.sandboxVersion("12")
.sessionCookie(TenantSessionCookieArgs.builder()
.mode("non-persistent")
.build())
.sessionLifetime(8760)
.supportEmail("support@example.com")
.supportUrl("http://example.com/support")
.universalLogin(TenantUniversalLoginArgs.builder()
.colors(TenantUniversalLoginColorsArgs.builder()
.pageBackground("#000000")
.primary("#0059d6")
.build())
.build())
.build());
}
}
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";
const myTenant = new auth0.Tenant("myTenant", {
allowedLogoutUrls: ["http://example.com/logout"],
changePassword: {
enabled: true,
html: "<html>Change Password</html>",
},
defaultRedirectionUri: "https://example.com/login",
enabledLocales: ["en"],
errorPage: {
html: "<html>Error Page</html>",
showLogLink: true,
url: "https://example.com/errors",
},
flags: {
disableClickjackProtectionHeaders: true,
disableFieldsMapFix: false,
disableManagementApiSmsObfuscation: false,
enablePublicSignupUserExistsError: true,
noDiscloseEnterpriseConnections: false,
universalLogin: true,
useScopeDescriptionsForConsent: true,
},
friendlyName: "Tenant Name",
guardianMfaPage: {
enabled: true,
html: "<html>MFA</html>",
},
pictureUrl: "http://example.com/logo.png",
sandboxVersion: "12",
sessionCookie: {
mode: "non-persistent",
},
sessionLifetime: 8760,
supportEmail: "support@example.com",
supportUrl: "http://example.com/support",
universalLogin: {
colors: {
pageBackground: "#000000",
primary: "#0059d6",
},
},
});
import pulumi
import pulumi_auth0 as auth0
my_tenant = auth0.Tenant("myTenant",
allowed_logout_urls=["http://example.com/logout"],
change_password=auth0.TenantChangePasswordArgs(
enabled=True,
html="<html>Change Password</html>",
),
default_redirection_uri="https://example.com/login",
enabled_locales=["en"],
error_page=auth0.TenantErrorPageArgs(
html="<html>Error Page</html>",
show_log_link=True,
url="https://example.com/errors",
),
flags=auth0.TenantFlagsArgs(
disable_clickjack_protection_headers=True,
disable_fields_map_fix=False,
disable_management_api_sms_obfuscation=False,
enable_public_signup_user_exists_error=True,
no_disclose_enterprise_connections=False,
universal_login=True,
use_scope_descriptions_for_consent=True,
),
friendly_name="Tenant Name",
guardian_mfa_page=auth0.TenantGuardianMfaPageArgs(
enabled=True,
html="<html>MFA</html>",
),
picture_url="http://example.com/logo.png",
sandbox_version="12",
session_cookie=auth0.TenantSessionCookieArgs(
mode="non-persistent",
),
session_lifetime=8760,
support_email="support@example.com",
support_url="http://example.com/support",
universal_login=auth0.TenantUniversalLoginArgs(
colors=auth0.TenantUniversalLoginColorsArgs(
page_background="#000000",
primary="#0059d6",
),
))
resources:
myTenant:
type: auth0:Tenant
properties:
allowedLogoutUrls:
- http://example.com/logout
changePassword:
enabled: true
html: <html>Change Password</html>
defaultRedirectionUri: https://example.com/login
enabledLocales:
- en
errorPage:
html: <html>Error Page</html>
showLogLink: true
url: https://example.com/errors
flags:
disableClickjackProtectionHeaders: true
disableFieldsMapFix: false
disableManagementApiSmsObfuscation: false
enablePublicSignupUserExistsError: true
noDiscloseEnterpriseConnections: false
universalLogin: true
useScopeDescriptionsForConsent: true
friendlyName: Tenant Name
guardianMfaPage:
enabled: true
html: <html>MFA</html>
pictureUrl: http://example.com/logo.png
sandboxVersion: '12'
sessionCookie:
mode: non-persistent
sessionLifetime: 8760
supportEmail: support@example.com
supportUrl: http://example.com/support
universalLogin:
colors:
pageBackground: '#000000'
primary: '#0059d6'
Create Tenant Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Tenant(name: string, args?: TenantArgs, opts?: CustomResourceOptions);@overload
def Tenant(resource_name: str,
args: Optional[TenantArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def Tenant(resource_name: str,
opts: Optional[ResourceOptions] = None,
allowed_logout_urls: Optional[Sequence[str]] = None,
change_password: Optional[TenantChangePasswordArgs] = None,
default_audience: Optional[str] = None,
default_directory: Optional[str] = None,
default_redirection_uri: Optional[str] = None,
enabled_locales: Optional[Sequence[str]] = None,
error_page: Optional[TenantErrorPageArgs] = None,
flags: Optional[TenantFlagsArgs] = None,
friendly_name: Optional[str] = None,
guardian_mfa_page: Optional[TenantGuardianMfaPageArgs] = None,
idle_session_lifetime: Optional[float] = None,
picture_url: Optional[str] = None,
sandbox_version: Optional[str] = None,
session_cookie: Optional[TenantSessionCookieArgs] = None,
session_lifetime: Optional[float] = None,
support_email: Optional[str] = None,
support_url: Optional[str] = None,
universal_login: Optional[TenantUniversalLoginArgs] = None)func NewTenant(ctx *Context, name string, args *TenantArgs, opts ...ResourceOption) (*Tenant, error)public Tenant(string name, TenantArgs? args = null, CustomResourceOptions? opts = null)
public Tenant(String name, TenantArgs args)
public Tenant(String name, TenantArgs args, CustomResourceOptions options)
type: auth0:Tenant
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args TenantArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args TenantArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args TenantArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args TenantArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args TenantArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var tenantResource = new Auth0.Tenant("tenantResource", new()
{
AllowedLogoutUrls = new[]
{
"string",
},
DefaultAudience = "string",
DefaultDirectory = "string",
DefaultRedirectionUri = "string",
EnabledLocales = new[]
{
"string",
},
Flags = new Auth0.Inputs.TenantFlagsArgs
{
AllowLegacyDelegationGrantTypes = false,
AllowLegacyRoGrantTypes = false,
AllowLegacyTokeninfoEndpoint = false,
DashboardInsightsView = false,
DashboardLogStreamsNext = false,
DisableClickjackProtectionHeaders = false,
DisableFieldsMapFix = false,
DisableManagementApiSmsObfuscation = false,
EnableAdfsWaadEmailVerification = false,
EnableApisSection = false,
EnableClientConnections = false,
EnableCustomDomainInEmails = false,
EnableDynamicClientRegistration = false,
EnableIdtokenApi2 = false,
EnableLegacyLogsSearchV2 = false,
EnableLegacyProfile = false,
EnablePipeline2 = false,
EnablePublicSignupUserExistsError = false,
MfaShowFactorListOnEnrollment = false,
NoDiscloseEnterpriseConnections = false,
RevokeRefreshTokenGrant = false,
UseScopeDescriptionsForConsent = false,
},
FriendlyName = "string",
IdleSessionLifetime = 0,
PictureUrl = "string",
SandboxVersion = "string",
SessionCookie = new Auth0.Inputs.TenantSessionCookieArgs
{
Mode = "string",
},
SessionLifetime = 0,
SupportEmail = "string",
SupportUrl = "string",
});
example, err := auth0.NewTenant(ctx, "tenantResource", &auth0.TenantArgs{
AllowedLogoutUrls: pulumi.StringArray{
pulumi.String("string"),
},
DefaultAudience: pulumi.String("string"),
DefaultDirectory: pulumi.String("string"),
DefaultRedirectionUri: pulumi.String("string"),
EnabledLocales: pulumi.StringArray{
pulumi.String("string"),
},
Flags: &auth0.TenantFlagsArgs{
AllowLegacyDelegationGrantTypes: pulumi.Bool(false),
AllowLegacyRoGrantTypes: pulumi.Bool(false),
AllowLegacyTokeninfoEndpoint: pulumi.Bool(false),
DashboardInsightsView: pulumi.Bool(false),
DashboardLogStreamsNext: pulumi.Bool(false),
DisableClickjackProtectionHeaders: pulumi.Bool(false),
DisableFieldsMapFix: pulumi.Bool(false),
DisableManagementApiSmsObfuscation: pulumi.Bool(false),
EnableAdfsWaadEmailVerification: pulumi.Bool(false),
EnableApisSection: pulumi.Bool(false),
EnableClientConnections: pulumi.Bool(false),
EnableCustomDomainInEmails: pulumi.Bool(false),
EnableDynamicClientRegistration: pulumi.Bool(false),
EnableIdtokenApi2: pulumi.Bool(false),
EnableLegacyLogsSearchV2: pulumi.Bool(false),
EnableLegacyProfile: pulumi.Bool(false),
EnablePipeline2: pulumi.Bool(false),
EnablePublicSignupUserExistsError: pulumi.Bool(false),
MfaShowFactorListOnEnrollment: pulumi.Bool(false),
NoDiscloseEnterpriseConnections: pulumi.Bool(false),
RevokeRefreshTokenGrant: pulumi.Bool(false),
UseScopeDescriptionsForConsent: pulumi.Bool(false),
},
FriendlyName: pulumi.String("string"),
IdleSessionLifetime: pulumi.Float64(0),
PictureUrl: pulumi.String("string"),
SandboxVersion: pulumi.String("string"),
SessionCookie: &auth0.TenantSessionCookieArgs{
Mode: pulumi.String("string"),
},
SessionLifetime: pulumi.Float64(0),
SupportEmail: pulumi.String("string"),
SupportUrl: pulumi.String("string"),
})
var tenantResource = new Tenant("tenantResource", TenantArgs.builder()
.allowedLogoutUrls("string")
.defaultAudience("string")
.defaultDirectory("string")
.defaultRedirectionUri("string")
.enabledLocales("string")
.flags(TenantFlagsArgs.builder()
.allowLegacyDelegationGrantTypes(false)
.allowLegacyRoGrantTypes(false)
.allowLegacyTokeninfoEndpoint(false)
.dashboardInsightsView(false)
.dashboardLogStreamsNext(false)
.disableClickjackProtectionHeaders(false)
.disableFieldsMapFix(false)
.disableManagementApiSmsObfuscation(false)
.enableAdfsWaadEmailVerification(false)
.enableApisSection(false)
.enableClientConnections(false)
.enableCustomDomainInEmails(false)
.enableDynamicClientRegistration(false)
.enableIdtokenApi2(false)
.enableLegacyLogsSearchV2(false)
.enableLegacyProfile(false)
.enablePipeline2(false)
.enablePublicSignupUserExistsError(false)
.mfaShowFactorListOnEnrollment(false)
.noDiscloseEnterpriseConnections(false)
.revokeRefreshTokenGrant(false)
.useScopeDescriptionsForConsent(false)
.build())
.friendlyName("string")
.idleSessionLifetime(0.0)
.pictureUrl("string")
.sandboxVersion("string")
.sessionCookie(TenantSessionCookieArgs.builder()
.mode("string")
.build())
.sessionLifetime(0.0)
.supportEmail("string")
.supportUrl("string")
.build());
tenant_resource = auth0.Tenant("tenantResource",
allowed_logout_urls=["string"],
default_audience="string",
default_directory="string",
default_redirection_uri="string",
enabled_locales=["string"],
flags={
"allow_legacy_delegation_grant_types": False,
"allow_legacy_ro_grant_types": False,
"allow_legacy_tokeninfo_endpoint": False,
"dashboard_insights_view": False,
"dashboard_log_streams_next": False,
"disable_clickjack_protection_headers": False,
"disable_fields_map_fix": False,
"disable_management_api_sms_obfuscation": False,
"enable_adfs_waad_email_verification": False,
"enable_apis_section": False,
"enable_client_connections": False,
"enable_custom_domain_in_emails": False,
"enable_dynamic_client_registration": False,
"enable_idtoken_api2": False,
"enable_legacy_logs_search_v2": False,
"enable_legacy_profile": False,
"enable_pipeline2": False,
"enable_public_signup_user_exists_error": False,
"mfa_show_factor_list_on_enrollment": False,
"no_disclose_enterprise_connections": False,
"revoke_refresh_token_grant": False,
"use_scope_descriptions_for_consent": False,
},
friendly_name="string",
idle_session_lifetime=0,
picture_url="string",
sandbox_version="string",
session_cookie={
"mode": "string",
},
session_lifetime=0,
support_email="string",
support_url="string")
const tenantResource = new auth0.Tenant("tenantResource", {
allowedLogoutUrls: ["string"],
defaultAudience: "string",
defaultDirectory: "string",
defaultRedirectionUri: "string",
enabledLocales: ["string"],
flags: {
allowLegacyDelegationGrantTypes: false,
allowLegacyRoGrantTypes: false,
allowLegacyTokeninfoEndpoint: false,
dashboardInsightsView: false,
dashboardLogStreamsNext: false,
disableClickjackProtectionHeaders: false,
disableFieldsMapFix: false,
disableManagementApiSmsObfuscation: false,
enableAdfsWaadEmailVerification: false,
enableApisSection: false,
enableClientConnections: false,
enableCustomDomainInEmails: false,
enableDynamicClientRegistration: false,
enableIdtokenApi2: false,
enableLegacyLogsSearchV2: false,
enableLegacyProfile: false,
enablePipeline2: false,
enablePublicSignupUserExistsError: false,
mfaShowFactorListOnEnrollment: false,
noDiscloseEnterpriseConnections: false,
revokeRefreshTokenGrant: false,
useScopeDescriptionsForConsent: false,
},
friendlyName: "string",
idleSessionLifetime: 0,
pictureUrl: "string",
sandboxVersion: "string",
sessionCookie: {
mode: "string",
},
sessionLifetime: 0,
supportEmail: "string",
supportUrl: "string",
});
type: auth0:Tenant
properties:
allowedLogoutUrls:
- string
defaultAudience: string
defaultDirectory: string
defaultRedirectionUri: string
enabledLocales:
- string
flags:
allowLegacyDelegationGrantTypes: false
allowLegacyRoGrantTypes: false
allowLegacyTokeninfoEndpoint: false
dashboardInsightsView: false
dashboardLogStreamsNext: false
disableClickjackProtectionHeaders: false
disableFieldsMapFix: false
disableManagementApiSmsObfuscation: false
enableAdfsWaadEmailVerification: false
enableApisSection: false
enableClientConnections: false
enableCustomDomainInEmails: false
enableDynamicClientRegistration: false
enableIdtokenApi2: false
enableLegacyLogsSearchV2: false
enableLegacyProfile: false
enablePipeline2: false
enablePublicSignupUserExistsError: false
mfaShowFactorListOnEnrollment: false
noDiscloseEnterpriseConnections: false
revokeRefreshTokenGrant: false
useScopeDescriptionsForConsent: false
friendlyName: string
idleSessionLifetime: 0
pictureUrl: string
sandboxVersion: string
sessionCookie:
mode: string
sessionLifetime: 0
supportEmail: string
supportUrl: string
Tenant Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Tenant resource accepts the following input properties:
- Allowed
Logout List<string>Urls - URLs that Auth0 may redirect to after logout.
- Change
Password TenantChange Password - Configuration settings for change password page. This attribute is deprecated in favor of the
auth0_pagesresource and it will be removed in a future major version. Check the MIGRATION_GUIDE for more info. - Default
Audience string - API Audience to use by default for API Authorization flows. This setting is equivalent to appending the audience to every authorization request made to the tenant for every application.
- Default
Directory string - Name of the connection to be used for Password Grant exchanges. Options include
auth0-adldap,ad,auth0,email,sms,waad, andadfs. - Default
Redirection stringUri - The default absolute redirection URI. Must be HTTPS or an empty string.
- Enabled
Locales List<string> - Supported locales for the user interface. The first locale in the list will be used to set the default locale.
- Error
Page TenantError Page - Configuration settings for error pages. This attribute is deprecated in favor of the
auth0_pagesresource and it will be removed in a future major version. Check the MIGRATION_GUIDE for more info. - Flags
Tenant
Flags - Configuration settings for tenant flags.
- Friendly
Name string - Friendly name for the tenant.
- Guardian
Mfa TenantPage Guardian Mfa Page - Configuration settings for the Guardian MFA page. This attribute is deprecated in favor of the
auth0_pagesresource and it will be removed in a future major version. Check the MIGRATION_GUIDE for more info. - Idle
Session doubleLifetime - Number of hours during which a session can be inactive before the user must log in again.
- Picture
Url string - URL of logo to be shown for the tenant. Recommended size is 150px x 150px. If no URL is provided, the Auth0 logo will be used.
- Sandbox
Version string - Selected sandbox version for the extensibility environment, which allows you to use custom scripts to extend parts of Auth0's functionality.
-
Tenant
Session Cookie - Alters behavior of tenant's session cookie. Contains a single
modeproperty. - Session
Lifetime double - Number of hours during which a session will stay valid.
- Support
Email string - Support email address for authenticating users.
- Support
Url string - Support URL for authenticating users.
- Universal
Login TenantUniversal Login - Configuration settings for Universal Login. These configuration settings have been deprecated. Migrate to managing these
settings through the
auth0_brandingresource. Check the MIGRATION_GUIDE for more info.
- Allowed
Logout []stringUrls - URLs that Auth0 may redirect to after logout.
- Change
Password TenantChange Password Args - Configuration settings for change password page. This attribute is deprecated in favor of the
auth0_pagesresource and it will be removed in a future major version. Check the MIGRATION_GUIDE for more info. - Default
Audience string - API Audience to use by default for API Authorization flows. This setting is equivalent to appending the audience to every authorization request made to the tenant for every application.
- Default
Directory string - Name of the connection to be used for Password Grant exchanges. Options include
auth0-adldap,ad,auth0,email,sms,waad, andadfs. - Default
Redirection stringUri - The default absolute redirection URI. Must be HTTPS or an empty string.
- Enabled
Locales []string - Supported locales for the user interface. The first locale in the list will be used to set the default locale.
- Error
Page TenantError Page Args - Configuration settings for error pages. This attribute is deprecated in favor of the
auth0_pagesresource and it will be removed in a future major version. Check the MIGRATION_GUIDE for more info. - Flags
Tenant
Flags Args - Configuration settings for tenant flags.
- Friendly
Name string - Friendly name for the tenant.
- Guardian
Mfa TenantPage Guardian Mfa Page Args - Configuration settings for the Guardian MFA page. This attribute is deprecated in favor of the
auth0_pagesresource and it will be removed in a future major version. Check the MIGRATION_GUIDE for more info. - Idle
Session float64Lifetime - Number of hours during which a session can be inactive before the user must log in again.
- Picture
Url string - URL of logo to be shown for the tenant. Recommended size is 150px x 150px. If no URL is provided, the Auth0 logo will be used.
- Sandbox
Version string - Selected sandbox version for the extensibility environment, which allows you to use custom scripts to extend parts of Auth0's functionality.
-
Tenant
Session Cookie Args - Alters behavior of tenant's session cookie. Contains a single
modeproperty. - Session
Lifetime float64 - Number of hours during which a session will stay valid.
- Support
Email string - Support email address for authenticating users.
- Support
Url string - Support URL for authenticating users.
- Universal
Login TenantUniversal Login Args - Configuration settings for Universal Login. These configuration settings have been deprecated. Migrate to managing these
settings through the
auth0_brandingresource. Check the MIGRATION_GUIDE for more info.
- allowed
Logout List<String>Urls - URLs that Auth0 may redirect to after logout.
- change
Password TenantChange Password - Configuration settings for change password page. This attribute is deprecated in favor of the
auth0_pagesresource and it will be removed in a future major version. Check the MIGRATION_GUIDE for more info. - default
Audience String - API Audience to use by default for API Authorization flows. This setting is equivalent to appending the audience to every authorization request made to the tenant for every application.
- default
Directory String - Name of the connection to be used for Password Grant exchanges. Options include
auth0-adldap,ad,auth0,email,sms,waad, andadfs. - default
Redirection StringUri - The default absolute redirection URI. Must be HTTPS or an empty string.
- enabled
Locales List<String> - Supported locales for the user interface. The first locale in the list will be used to set the default locale.
- error
Page TenantError Page - Configuration settings for error pages. This attribute is deprecated in favor of the
auth0_pagesresource and it will be removed in a future major version. Check the MIGRATION_GUIDE for more info. - flags
Tenant
Flags - Configuration settings for tenant flags.
- friendly
Name String - Friendly name for the tenant.
- guardian
Mfa TenantPage Guardian Mfa Page - Configuration settings for the Guardian MFA page. This attribute is deprecated in favor of the
auth0_pagesresource and it will be removed in a future major version. Check the MIGRATION_GUIDE for more info. - idle
Session DoubleLifetime - Number of hours during which a session can be inactive before the user must log in again.
- picture
Url String - URL of logo to be shown for the tenant. Recommended size is 150px x 150px. If no URL is provided, the Auth0 logo will be used.
- sandbox
Version String - Selected sandbox version for the extensibility environment, which allows you to use custom scripts to extend parts of Auth0's functionality.
-
Tenant
Session Cookie - Alters behavior of tenant's session cookie. Contains a single
modeproperty. - session
Lifetime Double - Number of hours during which a session will stay valid.
- support
Email String - Support email address for authenticating users.
- support
Url String - Support URL for authenticating users.
- universal
Login TenantUniversal Login - Configuration settings for Universal Login. These configuration settings have been deprecated. Migrate to managing these
settings through the
auth0_brandingresource. Check the MIGRATION_GUIDE for more info.
- allowed
Logout string[]Urls - URLs that Auth0 may redirect to after logout.
- change
Password TenantChange Password - Configuration settings for change password page. This attribute is deprecated in favor of the
auth0_pagesresource and it will be removed in a future major version. Check the MIGRATION_GUIDE for more info. - default
Audience string - API Audience to use by default for API Authorization flows. This setting is equivalent to appending the audience to every authorization request made to the tenant for every application.
- default
Directory string - Name of the connection to be used for Password Grant exchanges. Options include
auth0-adldap,ad,auth0,email,sms,waad, andadfs. - default
Redirection stringUri - The default absolute redirection URI. Must be HTTPS or an empty string.
- enabled
Locales string[] - Supported locales for the user interface. The first locale in the list will be used to set the default locale.
- error
Page TenantError Page - Configuration settings for error pages. This attribute is deprecated in favor of the
auth0_pagesresource and it will be removed in a future major version. Check the MIGRATION_GUIDE for more info. - flags
Tenant
Flags - Configuration settings for tenant flags.
- friendly
Name string - Friendly name for the tenant.
- guardian
Mfa TenantPage Guardian Mfa Page - Configuration settings for the Guardian MFA page. This attribute is deprecated in favor of the
auth0_pagesresource and it will be removed in a future major version. Check the MIGRATION_GUIDE for more info. - idle
Session numberLifetime - Number of hours during which a session can be inactive before the user must log in again.
- picture
Url string - URL of logo to be shown for the tenant. Recommended size is 150px x 150px. If no URL is provided, the Auth0 logo will be used.
- sandbox
Version string - Selected sandbox version for the extensibility environment, which allows you to use custom scripts to extend parts of Auth0's functionality.
-
Tenant
Session Cookie - Alters behavior of tenant's session cookie. Contains a single
modeproperty. - session
Lifetime number - Number of hours during which a session will stay valid.
- support
Email string - Support email address for authenticating users.
- support
Url string - Support URL for authenticating users.
- universal
Login TenantUniversal Login - Configuration settings for Universal Login. These configuration settings have been deprecated. Migrate to managing these
settings through the
auth0_brandingresource. Check the MIGRATION_GUIDE for more info.
- allowed_
logout_ Sequence[str]urls - URLs that Auth0 may redirect to after logout.
- change_
password TenantChange Password Args - Configuration settings for change password page. This attribute is deprecated in favor of the
auth0_pagesresource and it will be removed in a future major version. Check the MIGRATION_GUIDE for more info. - default_
audience str - API Audience to use by default for API Authorization flows. This setting is equivalent to appending the audience to every authorization request made to the tenant for every application.
- default_
directory str - Name of the connection to be used for Password Grant exchanges. Options include
auth0-adldap,ad,auth0,email,sms,waad, andadfs. - default_
redirection_ struri - The default absolute redirection URI. Must be HTTPS or an empty string.
- enabled_
locales Sequence[str] - Supported locales for the user interface. The first locale in the list will be used to set the default locale.
- error_
page TenantError Page Args - Configuration settings for error pages. This attribute is deprecated in favor of the
auth0_pagesresource and it will be removed in a future major version. Check the MIGRATION_GUIDE for more info. - flags
Tenant
Flags Args - Configuration settings for tenant flags.
- friendly_
name str - Friendly name for the tenant.
- guardian_
mfa_ Tenantpage Guardian Mfa Page Args - Configuration settings for the Guardian MFA page. This attribute is deprecated in favor of the
auth0_pagesresource and it will be removed in a future major version. Check the MIGRATION_GUIDE for more info. - idle_
session_ floatlifetime - Number of hours during which a session can be inactive before the user must log in again.
- picture_
url str - URL of logo to be shown for the tenant. Recommended size is 150px x 150px. If no URL is provided, the Auth0 logo will be used.
- sandbox_
version str - Selected sandbox version for the extensibility environment, which allows you to use custom scripts to extend parts of Auth0's functionality.
-
Tenant
Session Cookie Args - Alters behavior of tenant's session cookie. Contains a single
modeproperty. - session_
lifetime float - Number of hours during which a session will stay valid.
- support_
email str - Support email address for authenticating users.
- support_
url str - Support URL for authenticating users.
- universal_
login TenantUniversal Login Args - Configuration settings for Universal Login. These configuration settings have been deprecated. Migrate to managing these
settings through the
auth0_brandingresource. Check the MIGRATION_GUIDE for more info.
- allowed
Logout List<String>Urls - URLs that Auth0 may redirect to after logout.
- change
Password Property Map - Configuration settings for change password page. This attribute is deprecated in favor of the
auth0_pagesresource and it will be removed in a future major version. Check the MIGRATION_GUIDE for more info. - default
Audience String - API Audience to use by default for API Authorization flows. This setting is equivalent to appending the audience to every authorization request made to the tenant for every application.
- default
Directory String - Name of the connection to be used for Password Grant exchanges. Options include
auth0-adldap,ad,auth0,email,sms,waad, andadfs. - default
Redirection StringUri - The default absolute redirection URI. Must be HTTPS or an empty string.
- enabled
Locales List<String> - Supported locales for the user interface. The first locale in the list will be used to set the default locale.
- error
Page Property Map - Configuration settings for error pages. This attribute is deprecated in favor of the
auth0_pagesresource and it will be removed in a future major version. Check the MIGRATION_GUIDE for more info. - flags Property Map
- Configuration settings for tenant flags.
- friendly
Name String - Friendly name for the tenant.
- guardian
Mfa Property MapPage - Configuration settings for the Guardian MFA page. This attribute is deprecated in favor of the
auth0_pagesresource and it will be removed in a future major version. Check the MIGRATION_GUIDE for more info. - idle
Session NumberLifetime - Number of hours during which a session can be inactive before the user must log in again.
- picture
Url String - URL of logo to be shown for the tenant. Recommended size is 150px x 150px. If no URL is provided, the Auth0 logo will be used.
- sandbox
Version String - Selected sandbox version for the extensibility environment, which allows you to use custom scripts to extend parts of Auth0's functionality.
- Property Map
- Alters behavior of tenant's session cookie. Contains a single
modeproperty. - session
Lifetime Number - Number of hours during which a session will stay valid.
- support
Email String - Support email address for authenticating users.
- support
Url String - Support URL for authenticating users.
- universal
Login Property Map - Configuration settings for Universal Login. These configuration settings have been deprecated. Migrate to managing these
settings through the
auth0_brandingresource. Check the MIGRATION_GUIDE for more info.
Outputs
All input properties are implicitly available as output properties. Additionally, the Tenant resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing Tenant Resource
Get an existing Tenant resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: TenantState, opts?: CustomResourceOptions): Tenant@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
allowed_logout_urls: Optional[Sequence[str]] = None,
change_password: Optional[TenantChangePasswordArgs] = None,
default_audience: Optional[str] = None,
default_directory: Optional[str] = None,
default_redirection_uri: Optional[str] = None,
enabled_locales: Optional[Sequence[str]] = None,
error_page: Optional[TenantErrorPageArgs] = None,
flags: Optional[TenantFlagsArgs] = None,
friendly_name: Optional[str] = None,
guardian_mfa_page: Optional[TenantGuardianMfaPageArgs] = None,
idle_session_lifetime: Optional[float] = None,
picture_url: Optional[str] = None,
sandbox_version: Optional[str] = None,
session_cookie: Optional[TenantSessionCookieArgs] = None,
session_lifetime: Optional[float] = None,
support_email: Optional[str] = None,
support_url: Optional[str] = None,
universal_login: Optional[TenantUniversalLoginArgs] = None) -> Tenantfunc GetTenant(ctx *Context, name string, id IDInput, state *TenantState, opts ...ResourceOption) (*Tenant, error)public static Tenant Get(string name, Input<string> id, TenantState? state, CustomResourceOptions? opts = null)public static Tenant get(String name, Output<String> id, TenantState state, CustomResourceOptions options)resources: _: type: auth0:Tenant get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Allowed
Logout List<string>Urls - URLs that Auth0 may redirect to after logout.
- Change
Password TenantChange Password - Configuration settings for change password page. This attribute is deprecated in favor of the
auth0_pagesresource and it will be removed in a future major version. Check the MIGRATION_GUIDE for more info. - Default
Audience string - API Audience to use by default for API Authorization flows. This setting is equivalent to appending the audience to every authorization request made to the tenant for every application.
- Default
Directory string - Name of the connection to be used for Password Grant exchanges. Options include
auth0-adldap,ad,auth0,email,sms,waad, andadfs. - Default
Redirection stringUri - The default absolute redirection URI. Must be HTTPS or an empty string.
- Enabled
Locales List<string> - Supported locales for the user interface. The first locale in the list will be used to set the default locale.
- Error
Page TenantError Page - Configuration settings for error pages. This attribute is deprecated in favor of the
auth0_pagesresource and it will be removed in a future major version. Check the MIGRATION_GUIDE for more info. - Flags
Tenant
Flags - Configuration settings for tenant flags.
- Friendly
Name string - Friendly name for the tenant.
- Guardian
Mfa TenantPage Guardian Mfa Page - Configuration settings for the Guardian MFA page. This attribute is deprecated in favor of the
auth0_pagesresource and it will be removed in a future major version. Check the MIGRATION_GUIDE for more info. - Idle
Session doubleLifetime - Number of hours during which a session can be inactive before the user must log in again.
- Picture
Url string - URL of logo to be shown for the tenant. Recommended size is 150px x 150px. If no URL is provided, the Auth0 logo will be used.
- Sandbox
Version string - Selected sandbox version for the extensibility environment, which allows you to use custom scripts to extend parts of Auth0's functionality.
-
Tenant
Session Cookie - Alters behavior of tenant's session cookie. Contains a single
modeproperty. - Session
Lifetime double - Number of hours during which a session will stay valid.
- Support
Email string - Support email address for authenticating users.
- Support
Url string - Support URL for authenticating users.
- Universal
Login TenantUniversal Login - Configuration settings for Universal Login. These configuration settings have been deprecated. Migrate to managing these
settings through the
auth0_brandingresource. Check the MIGRATION_GUIDE for more info.
- Allowed
Logout []stringUrls - URLs that Auth0 may redirect to after logout.
- Change
Password TenantChange Password Args - Configuration settings for change password page. This attribute is deprecated in favor of the
auth0_pagesresource and it will be removed in a future major version. Check the MIGRATION_GUIDE for more info. - Default
Audience string - API Audience to use by default for API Authorization flows. This setting is equivalent to appending the audience to every authorization request made to the tenant for every application.
- Default
Directory string - Name of the connection to be used for Password Grant exchanges. Options include
auth0-adldap,ad,auth0,email,sms,waad, andadfs. - Default
Redirection stringUri - The default absolute redirection URI. Must be HTTPS or an empty string.
- Enabled
Locales []string - Supported locales for the user interface. The first locale in the list will be used to set the default locale.
- Error
Page TenantError Page Args - Configuration settings for error pages. This attribute is deprecated in favor of the
auth0_pagesresource and it will be removed in a future major version. Check the MIGRATION_GUIDE for more info. - Flags
Tenant
Flags Args - Configuration settings for tenant flags.
- Friendly
Name string - Friendly name for the tenant.
- Guardian
Mfa TenantPage Guardian Mfa Page Args - Configuration settings for the Guardian MFA page. This attribute is deprecated in favor of the
auth0_pagesresource and it will be removed in a future major version. Check the MIGRATION_GUIDE for more info. - Idle
Session float64Lifetime - Number of hours during which a session can be inactive before the user must log in again.
- Picture
Url string - URL of logo to be shown for the tenant. Recommended size is 150px x 150px. If no URL is provided, the Auth0 logo will be used.
- Sandbox
Version string - Selected sandbox version for the extensibility environment, which allows you to use custom scripts to extend parts of Auth0's functionality.
-
Tenant
Session Cookie Args - Alters behavior of tenant's session cookie. Contains a single
modeproperty. - Session
Lifetime float64 - Number of hours during which a session will stay valid.
- Support
Email string - Support email address for authenticating users.
- Support
Url string - Support URL for authenticating users.
- Universal
Login TenantUniversal Login Args - Configuration settings for Universal Login. These configuration settings have been deprecated. Migrate to managing these
settings through the
auth0_brandingresource. Check the MIGRATION_GUIDE for more info.
- allowed
Logout List<String>Urls - URLs that Auth0 may redirect to after logout.
- change
Password TenantChange Password - Configuration settings for change password page. This attribute is deprecated in favor of the
auth0_pagesresource and it will be removed in a future major version. Check the MIGRATION_GUIDE for more info. - default
Audience String - API Audience to use by default for API Authorization flows. This setting is equivalent to appending the audience to every authorization request made to the tenant for every application.
- default
Directory String - Name of the connection to be used for Password Grant exchanges. Options include
auth0-adldap,ad,auth0,email,sms,waad, andadfs. - default
Redirection StringUri - The default absolute redirection URI. Must be HTTPS or an empty string.
- enabled
Locales List<String> - Supported locales for the user interface. The first locale in the list will be used to set the default locale.
- error
Page TenantError Page - Configuration settings for error pages. This attribute is deprecated in favor of the
auth0_pagesresource and it will be removed in a future major version. Check the MIGRATION_GUIDE for more info. - flags
Tenant
Flags - Configuration settings for tenant flags.
- friendly
Name String - Friendly name for the tenant.
- guardian
Mfa TenantPage Guardian Mfa Page - Configuration settings for the Guardian MFA page. This attribute is deprecated in favor of the
auth0_pagesresource and it will be removed in a future major version. Check the MIGRATION_GUIDE for more info. - idle
Session DoubleLifetime - Number of hours during which a session can be inactive before the user must log in again.
- picture
Url String - URL of logo to be shown for the tenant. Recommended size is 150px x 150px. If no URL is provided, the Auth0 logo will be used.
- sandbox
Version String - Selected sandbox version for the extensibility environment, which allows you to use custom scripts to extend parts of Auth0's functionality.
-
Tenant
Session Cookie - Alters behavior of tenant's session cookie. Contains a single
modeproperty. - session
Lifetime Double - Number of hours during which a session will stay valid.
- support
Email String - Support email address for authenticating users.
- support
Url String - Support URL for authenticating users.
- universal
Login TenantUniversal Login - Configuration settings for Universal Login. These configuration settings have been deprecated. Migrate to managing these
settings through the
auth0_brandingresource. Check the MIGRATION_GUIDE for more info.
- allowed
Logout string[]Urls - URLs that Auth0 may redirect to after logout.
- change
Password TenantChange Password - Configuration settings for change password page. This attribute is deprecated in favor of the
auth0_pagesresource and it will be removed in a future major version. Check the MIGRATION_GUIDE for more info. - default
Audience string - API Audience to use by default for API Authorization flows. This setting is equivalent to appending the audience to every authorization request made to the tenant for every application.
- default
Directory string - Name of the connection to be used for Password Grant exchanges. Options include
auth0-adldap,ad,auth0,email,sms,waad, andadfs. - default
Redirection stringUri - The default absolute redirection URI. Must be HTTPS or an empty string.
- enabled
Locales string[] - Supported locales for the user interface. The first locale in the list will be used to set the default locale.
- error
Page TenantError Page - Configuration settings for error pages. This attribute is deprecated in favor of the
auth0_pagesresource and it will be removed in a future major version. Check the MIGRATION_GUIDE for more info. - flags
Tenant
Flags - Configuration settings for tenant flags.
- friendly
Name string - Friendly name for the tenant.
- guardian
Mfa TenantPage Guardian Mfa Page - Configuration settings for the Guardian MFA page. This attribute is deprecated in favor of the
auth0_pagesresource and it will be removed in a future major version. Check the MIGRATION_GUIDE for more info. - idle
Session numberLifetime - Number of hours during which a session can be inactive before the user must log in again.
- picture
Url string - URL of logo to be shown for the tenant. Recommended size is 150px x 150px. If no URL is provided, the Auth0 logo will be used.
- sandbox
Version string - Selected sandbox version for the extensibility environment, which allows you to use custom scripts to extend parts of Auth0's functionality.
-
Tenant
Session Cookie - Alters behavior of tenant's session cookie. Contains a single
modeproperty. - session
Lifetime number - Number of hours during which a session will stay valid.
- support
Email string - Support email address for authenticating users.
- support
Url string - Support URL for authenticating users.
- universal
Login TenantUniversal Login - Configuration settings for Universal Login. These configuration settings have been deprecated. Migrate to managing these
settings through the
auth0_brandingresource. Check the MIGRATION_GUIDE for more info.
- allowed_
logout_ Sequence[str]urls - URLs that Auth0 may redirect to after logout.
- change_
password TenantChange Password Args - Configuration settings for change password page. This attribute is deprecated in favor of the
auth0_pagesresource and it will be removed in a future major version. Check the MIGRATION_GUIDE for more info. - default_
audience str - API Audience to use by default for API Authorization flows. This setting is equivalent to appending the audience to every authorization request made to the tenant for every application.
- default_
directory str - Name of the connection to be used for Password Grant exchanges. Options include
auth0-adldap,ad,auth0,email,sms,waad, andadfs. - default_
redirection_ struri - The default absolute redirection URI. Must be HTTPS or an empty string.
- enabled_
locales Sequence[str] - Supported locales for the user interface. The first locale in the list will be used to set the default locale.
- error_
page TenantError Page Args - Configuration settings for error pages. This attribute is deprecated in favor of the
auth0_pagesresource and it will be removed in a future major version. Check the MIGRATION_GUIDE for more info. - flags
Tenant
Flags Args - Configuration settings for tenant flags.
- friendly_
name str - Friendly name for the tenant.
- guardian_
mfa_ Tenantpage Guardian Mfa Page Args - Configuration settings for the Guardian MFA page. This attribute is deprecated in favor of the
auth0_pagesresource and it will be removed in a future major version. Check the MIGRATION_GUIDE for more info. - idle_
session_ floatlifetime - Number of hours during which a session can be inactive before the user must log in again.
- picture_
url str - URL of logo to be shown for the tenant. Recommended size is 150px x 150px. If no URL is provided, the Auth0 logo will be used.
- sandbox_
version str - Selected sandbox version for the extensibility environment, which allows you to use custom scripts to extend parts of Auth0's functionality.
-
Tenant
Session Cookie Args - Alters behavior of tenant's session cookie. Contains a single
modeproperty. - session_
lifetime float - Number of hours during which a session will stay valid.
- support_
email str - Support email address for authenticating users.
- support_
url str - Support URL for authenticating users.
- universal_
login TenantUniversal Login Args - Configuration settings for Universal Login. These configuration settings have been deprecated. Migrate to managing these
settings through the
auth0_brandingresource. Check the MIGRATION_GUIDE for more info.
- allowed
Logout List<String>Urls - URLs that Auth0 may redirect to after logout.
- change
Password Property Map - Configuration settings for change password page. This attribute is deprecated in favor of the
auth0_pagesresource and it will be removed in a future major version. Check the MIGRATION_GUIDE for more info. - default
Audience String - API Audience to use by default for API Authorization flows. This setting is equivalent to appending the audience to every authorization request made to the tenant for every application.
- default
Directory String - Name of the connection to be used for Password Grant exchanges. Options include
auth0-adldap,ad,auth0,email,sms,waad, andadfs. - default
Redirection StringUri - The default absolute redirection URI. Must be HTTPS or an empty string.
- enabled
Locales List<String> - Supported locales for the user interface. The first locale in the list will be used to set the default locale.
- error
Page Property Map - Configuration settings for error pages. This attribute is deprecated in favor of the
auth0_pagesresource and it will be removed in a future major version. Check the MIGRATION_GUIDE for more info. - flags Property Map
- Configuration settings for tenant flags.
- friendly
Name String - Friendly name for the tenant.
- guardian
Mfa Property MapPage - Configuration settings for the Guardian MFA page. This attribute is deprecated in favor of the
auth0_pagesresource and it will be removed in a future major version. Check the MIGRATION_GUIDE for more info. - idle
Session NumberLifetime - Number of hours during which a session can be inactive before the user must log in again.
- picture
Url String - URL of logo to be shown for the tenant. Recommended size is 150px x 150px. If no URL is provided, the Auth0 logo will be used.
- sandbox
Version String - Selected sandbox version for the extensibility environment, which allows you to use custom scripts to extend parts of Auth0's functionality.
- Property Map
- Alters behavior of tenant's session cookie. Contains a single
modeproperty. - session
Lifetime Number - Number of hours during which a session will stay valid.
- support
Email String - Support email address for authenticating users.
- support
Url String - Support URL for authenticating users.
- universal
Login Property Map - Configuration settings for Universal Login. These configuration settings have been deprecated. Migrate to managing these
settings through the
auth0_brandingresource. Check the MIGRATION_GUIDE for more info.
Supporting Types
TenantChangePassword, TenantChangePasswordArgs
TenantErrorPage, TenantErrorPageArgs
- Html string
- HTML format with supported Liquid syntax. Customized content of the error page.
- Show
Log boolLink - Indicates whether to show the link to logs as part of the default error page.
- Url string
- URL to redirect to when an error occurs rather than showing the default error page.
- Html string
- HTML format with supported Liquid syntax. Customized content of the error page.
- Show
Log boolLink - Indicates whether to show the link to logs as part of the default error page.
- Url string
- URL to redirect to when an error occurs rather than showing the default error page.
- html String
- HTML format with supported Liquid syntax. Customized content of the error page.
- show
Log BooleanLink - Indicates whether to show the link to logs as part of the default error page.
- url String
- URL to redirect to when an error occurs rather than showing the default error page.
- html string
- HTML format with supported Liquid syntax. Customized content of the error page.
- show
Log booleanLink - Indicates whether to show the link to logs as part of the default error page.
- url string
- URL to redirect to when an error occurs rather than showing the default error page.
- html str
- HTML format with supported Liquid syntax. Customized content of the error page.
- show_
log_ boollink - Indicates whether to show the link to logs as part of the default error page.
- url str
- URL to redirect to when an error occurs rather than showing the default error page.
- html String
- HTML format with supported Liquid syntax. Customized content of the error page.
- show
Log BooleanLink - Indicates whether to show the link to logs as part of the default error page.
- url String
- URL to redirect to when an error occurs rather than showing the default error page.
TenantFlags, TenantFlagsArgs
- Allow
Legacy boolDelegation Grant Types - Whether the legacy delegation endpoint will be enabled for your account (true) or not available (false).
- Allow
Legacy boolRo Grant Types - Whether the legacy
auth/roendpoint (used with resource owner password and passwordless features) will be enabled for your account (true) or not available (false). - Allow
Legacy boolTokeninfo Endpoint - If enabled, customers can use Tokeninfo Endpoint, otherwise they can not use it.
- Dashboard
Insights boolView - Enables new insights activity page view.
- Dashboard
Log boolStreams Next - Enables beta access to log streaming changes.
- Disable
Clickjack boolProtection Headers - Indicates whether classic Universal Login prompts include additional security headers to prevent clickjacking.
- Disable
Fields boolMap Fix - Disables SAML fields map fix for bad mappings with repeated attributes.
- Disable
Management boolApi Sms Obfuscation - If true, SMS phone numbers will not be obfuscated in Management API GET calls.
- Enable
Adfs boolWaad Email Verification - If enabled, users will be presented with an email verification prompt during their first login when using Azure AD or ADFS connections.
- Enable
Apis boolSection - Indicates whether the APIs section is enabled for the tenant.
- Enable
Client boolConnections - Indicates whether all current connections should be enabled when a new client is created.
- Enable
Custom boolDomain In Emails - Indicates whether the tenant allows custom domains in emails.
- Enable
Dynamic boolClient Registration - Indicates whether the tenant allows dynamic client registration.
- Enable
Idtoken boolApi2 - Whether ID tokens can be used to authorize some types of requests to API v2 (true) or not (false).
- Enable
Legacy boolLogs Search V2 - Indicates whether to use the older v2 legacy logs search.
- Enable
Legacy boolProfile - Whether ID tokens and the userinfo endpoint includes a complete user profile (true) or only OpenID Connect claims (false).
- Enable
Pipeline2 bool - Indicates whether advanced API Authorization scenarios are enabled.
- Enable
Public boolSignup User Exists Error - Indicates whether the public sign up process shows a
user_existserror if the user already exists. - Mfa
Show boolFactor List On Enrollment - Used to allow users to pick which factor to enroll with from the list of available MFA factors.
- No
Disclose boolEnterprise Connections - Do not Publish Enterprise Connections Information with IdP domains on the lock configuration file.
- Revoke
Refresh boolToken Grant - Delete underlying grant when a refresh token is revoked via the Authentication API.
- Universal
Login bool - Indicates whether the New Universal Login Experience is enabled.
- Use
Scope boolDescriptions For Consent - Indicates whether to use scope descriptions for consent.
- Allow
Legacy boolDelegation Grant Types - Whether the legacy delegation endpoint will be enabled for your account (true) or not available (false).
- Allow
Legacy boolRo Grant Types - Whether the legacy
auth/roendpoint (used with resource owner password and passwordless features) will be enabled for your account (true) or not available (false). - Allow
Legacy boolTokeninfo Endpoint - If enabled, customers can use Tokeninfo Endpoint, otherwise they can not use it.
- Dashboard
Insights boolView - Enables new insights activity page view.
- Dashboard
Log boolStreams Next - Enables beta access to log streaming changes.
- Disable
Clickjack boolProtection Headers - Indicates whether classic Universal Login prompts include additional security headers to prevent clickjacking.
- Disable
Fields boolMap Fix - Disables SAML fields map fix for bad mappings with repeated attributes.
- Disable
Management boolApi Sms Obfuscation - If true, SMS phone numbers will not be obfuscated in Management API GET calls.
- Enable
Adfs boolWaad Email Verification - If enabled, users will be presented with an email verification prompt during their first login when using Azure AD or ADFS connections.
- Enable
Apis boolSection - Indicates whether the APIs section is enabled for the tenant.
- Enable
Client boolConnections - Indicates whether all current connections should be enabled when a new client is created.
- Enable
Custom boolDomain In Emails - Indicates whether the tenant allows custom domains in emails.
- Enable
Dynamic boolClient Registration - Indicates whether the tenant allows dynamic client registration.
- Enable
Idtoken boolApi2 - Whether ID tokens can be used to authorize some types of requests to API v2 (true) or not (false).
- Enable
Legacy boolLogs Search V2 - Indicates whether to use the older v2 legacy logs search.
- Enable
Legacy boolProfile - Whether ID tokens and the userinfo endpoint includes a complete user profile (true) or only OpenID Connect claims (false).
- Enable
Pipeline2 bool - Indicates whether advanced API Authorization scenarios are enabled.
- Enable
Public boolSignup User Exists Error - Indicates whether the public sign up process shows a
user_existserror if the user already exists. - Mfa
Show boolFactor List On Enrollment - Used to allow users to pick which factor to enroll with from the list of available MFA factors.
- No
Disclose boolEnterprise Connections - Do not Publish Enterprise Connections Information with IdP domains on the lock configuration file.
- Revoke
Refresh boolToken Grant - Delete underlying grant when a refresh token is revoked via the Authentication API.
- Universal
Login bool - Indicates whether the New Universal Login Experience is enabled.
- Use
Scope boolDescriptions For Consent - Indicates whether to use scope descriptions for consent.
- allow
Legacy BooleanDelegation Grant Types - Whether the legacy delegation endpoint will be enabled for your account (true) or not available (false).
- allow
Legacy BooleanRo Grant Types - Whether the legacy
auth/roendpoint (used with resource owner password and passwordless features) will be enabled for your account (true) or not available (false). - allow
Legacy BooleanTokeninfo Endpoint - If enabled, customers can use Tokeninfo Endpoint, otherwise they can not use it.
- dashboard
Insights BooleanView - Enables new insights activity page view.
- dashboard
Log BooleanStreams Next - Enables beta access to log streaming changes.
- disable
Clickjack BooleanProtection Headers - Indicates whether classic Universal Login prompts include additional security headers to prevent clickjacking.
- disable
Fields BooleanMap Fix - Disables SAML fields map fix for bad mappings with repeated attributes.
- disable
Management BooleanApi Sms Obfuscation - If true, SMS phone numbers will not be obfuscated in Management API GET calls.
- enable
Adfs BooleanWaad Email Verification - If enabled, users will be presented with an email verification prompt during their first login when using Azure AD or ADFS connections.
- enable
Apis BooleanSection - Indicates whether the APIs section is enabled for the tenant.
- enable
Client BooleanConnections - Indicates whether all current connections should be enabled when a new client is created.
- enable
Custom BooleanDomain In Emails - Indicates whether the tenant allows custom domains in emails.
- enable
Dynamic BooleanClient Registration - Indicates whether the tenant allows dynamic client registration.
- enable
Idtoken BooleanApi2 - Whether ID tokens can be used to authorize some types of requests to API v2 (true) or not (false).
- enable
Legacy BooleanLogs Search V2 - Indicates whether to use the older v2 legacy logs search.
- enable
Legacy BooleanProfile - Whether ID tokens and the userinfo endpoint includes a complete user profile (true) or only OpenID Connect claims (false).
- enable
Pipeline2 Boolean - Indicates whether advanced API Authorization scenarios are enabled.
- enable
Public BooleanSignup User Exists Error - Indicates whether the public sign up process shows a
user_existserror if the user already exists. - mfa
Show BooleanFactor List On Enrollment - Used to allow users to pick which factor to enroll with from the list of available MFA factors.
- no
Disclose BooleanEnterprise Connections - Do not Publish Enterprise Connections Information with IdP domains on the lock configuration file.
- revoke
Refresh BooleanToken Grant - Delete underlying grant when a refresh token is revoked via the Authentication API.
- universal
Login Boolean - Indicates whether the New Universal Login Experience is enabled.
- use
Scope BooleanDescriptions For Consent - Indicates whether to use scope descriptions for consent.
- allow
Legacy booleanDelegation Grant Types - Whether the legacy delegation endpoint will be enabled for your account (true) or not available (false).
- allow
Legacy booleanRo Grant Types - Whether the legacy
auth/roendpoint (used with resource owner password and passwordless features) will be enabled for your account (true) or not available (false). - allow
Legacy booleanTokeninfo Endpoint - If enabled, customers can use Tokeninfo Endpoint, otherwise they can not use it.
- dashboard
Insights booleanView - Enables new insights activity page view.
- dashboard
Log booleanStreams Next - Enables beta access to log streaming changes.
- disable
Clickjack booleanProtection Headers - Indicates whether classic Universal Login prompts include additional security headers to prevent clickjacking.
- disable
Fields booleanMap Fix - Disables SAML fields map fix for bad mappings with repeated attributes.
- disable
Management booleanApi Sms Obfuscation - If true, SMS phone numbers will not be obfuscated in Management API GET calls.
- enable
Adfs booleanWaad Email Verification - If enabled, users will be presented with an email verification prompt during their first login when using Azure AD or ADFS connections.
- enable
Apis booleanSection - Indicates whether the APIs section is enabled for the tenant.
- enable
Client booleanConnections - Indicates whether all current connections should be enabled when a new client is created.
- enable
Custom booleanDomain In Emails - Indicates whether the tenant allows custom domains in emails.
- enable
Dynamic booleanClient Registration - Indicates whether the tenant allows dynamic client registration.
- enable
Idtoken booleanApi2 - Whether ID tokens can be used to authorize some types of requests to API v2 (true) or not (false).
- enable
Legacy booleanLogs Search V2 - Indicates whether to use the older v2 legacy logs search.
- enable
Legacy booleanProfile - Whether ID tokens and the userinfo endpoint includes a complete user profile (true) or only OpenID Connect claims (false).
- enable
Pipeline2 boolean - Indicates whether advanced API Authorization scenarios are enabled.
- enable
Public booleanSignup User Exists Error - Indicates whether the public sign up process shows a
user_existserror if the user already exists. - mfa
Show booleanFactor List On Enrollment - Used to allow users to pick which factor to enroll with from the list of available MFA factors.
- no
Disclose booleanEnterprise Connections - Do not Publish Enterprise Connections Information with IdP domains on the lock configuration file.
- revoke
Refresh booleanToken Grant - Delete underlying grant when a refresh token is revoked via the Authentication API.
- universal
Login boolean - Indicates whether the New Universal Login Experience is enabled.
- use
Scope booleanDescriptions For Consent - Indicates whether to use scope descriptions for consent.
- allow_
legacy_ booldelegation_ grant_ types - Whether the legacy delegation endpoint will be enabled for your account (true) or not available (false).
- allow_
legacy_ boolro_ grant_ types - Whether the legacy
auth/roendpoint (used with resource owner password and passwordless features) will be enabled for your account (true) or not available (false). - allow_
legacy_ booltokeninfo_ endpoint - If enabled, customers can use Tokeninfo Endpoint, otherwise they can not use it.
- dashboard_
insights_ boolview - Enables new insights activity page view.
- dashboard_
log_ boolstreams_ next - Enables beta access to log streaming changes.
- disable_
clickjack_ boolprotection_ headers - Indicates whether classic Universal Login prompts include additional security headers to prevent clickjacking.
- disable_
fields_ boolmap_ fix - Disables SAML fields map fix for bad mappings with repeated attributes.
- disable_
management_ boolapi_ sms_ obfuscation - If true, SMS phone numbers will not be obfuscated in Management API GET calls.
- enable_
adfs_ boolwaad_ email_ verification - If enabled, users will be presented with an email verification prompt during their first login when using Azure AD or ADFS connections.
- enable_
apis_ boolsection - Indicates whether the APIs section is enabled for the tenant.
- enable_
client_ boolconnections - Indicates whether all current connections should be enabled when a new client is created.
- enable_
custom_ booldomain_ in_ emails - Indicates whether the tenant allows custom domains in emails.
- enable_
dynamic_ boolclient_ registration - Indicates whether the tenant allows dynamic client registration.
- enable_
idtoken_ boolapi2 - Whether ID tokens can be used to authorize some types of requests to API v2 (true) or not (false).
- enable_
legacy_ boollogs_ search_ v2 - Indicates whether to use the older v2 legacy logs search.
- enable_
legacy_ boolprofile - Whether ID tokens and the userinfo endpoint includes a complete user profile (true) or only OpenID Connect claims (false).
- enable_
pipeline2 bool - Indicates whether advanced API Authorization scenarios are enabled.
- enable_
public_ boolsignup_ user_ exists_ error - Indicates whether the public sign up process shows a
user_existserror if the user already exists. - mfa_
show_ boolfactor_ list_ on_ enrollment - Used to allow users to pick which factor to enroll with from the list of available MFA factors.
- no_
disclose_ boolenterprise_ connections - Do not Publish Enterprise Connections Information with IdP domains on the lock configuration file.
- revoke_
refresh_ booltoken_ grant - Delete underlying grant when a refresh token is revoked via the Authentication API.
- universal_
login bool - Indicates whether the New Universal Login Experience is enabled.
- use_
scope_ booldescriptions_ for_ consent - Indicates whether to use scope descriptions for consent.
- allow
Legacy BooleanDelegation Grant Types - Whether the legacy delegation endpoint will be enabled for your account (true) or not available (false).
- allow
Legacy BooleanRo Grant Types - Whether the legacy
auth/roendpoint (used with resource owner password and passwordless features) will be enabled for your account (true) or not available (false). - allow
Legacy BooleanTokeninfo Endpoint - If enabled, customers can use Tokeninfo Endpoint, otherwise they can not use it.
- dashboard
Insights BooleanView - Enables new insights activity page view.
- dashboard
Log BooleanStreams Next - Enables beta access to log streaming changes.
- disable
Clickjack BooleanProtection Headers - Indicates whether classic Universal Login prompts include additional security headers to prevent clickjacking.
- disable
Fields BooleanMap Fix - Disables SAML fields map fix for bad mappings with repeated attributes.
- disable
Management BooleanApi Sms Obfuscation - If true, SMS phone numbers will not be obfuscated in Management API GET calls.
- enable
Adfs BooleanWaad Email Verification - If enabled, users will be presented with an email verification prompt during their first login when using Azure AD or ADFS connections.
- enable
Apis BooleanSection - Indicates whether the APIs section is enabled for the tenant.
- enable
Client BooleanConnections - Indicates whether all current connections should be enabled when a new client is created.
- enable
Custom BooleanDomain In Emails - Indicates whether the tenant allows custom domains in emails.
- enable
Dynamic BooleanClient Registration - Indicates whether the tenant allows dynamic client registration.
- enable
Idtoken BooleanApi2 - Whether ID tokens can be used to authorize some types of requests to API v2 (true) or not (false).
- enable
Legacy BooleanLogs Search V2 - Indicates whether to use the older v2 legacy logs search.
- enable
Legacy BooleanProfile - Whether ID tokens and the userinfo endpoint includes a complete user profile (true) or only OpenID Connect claims (false).
- enable
Pipeline2 Boolean - Indicates whether advanced API Authorization scenarios are enabled.
- enable
Public BooleanSignup User Exists Error - Indicates whether the public sign up process shows a
user_existserror if the user already exists. - mfa
Show BooleanFactor List On Enrollment - Used to allow users to pick which factor to enroll with from the list of available MFA factors.
- no
Disclose BooleanEnterprise Connections - Do not Publish Enterprise Connections Information with IdP domains on the lock configuration file.
- revoke
Refresh BooleanToken Grant - Delete underlying grant when a refresh token is revoked via the Authentication API.
- universal
Login Boolean - Indicates whether the New Universal Login Experience is enabled.
- use
Scope BooleanDescriptions For Consent - Indicates whether to use scope descriptions for consent.
TenantGuardianMfaPage, TenantGuardianMfaPageArgs
TenantSessionCookie, TenantSessionCookieArgs
- Mode string
- Behavior of tenant session cookie. Accepts either "persistent" or "non-persistent".
- Mode string
- Behavior of tenant session cookie. Accepts either "persistent" or "non-persistent".
- mode String
- Behavior of tenant session cookie. Accepts either "persistent" or "non-persistent".
- mode string
- Behavior of tenant session cookie. Accepts either "persistent" or "non-persistent".
- mode str
- Behavior of tenant session cookie. Accepts either "persistent" or "non-persistent".
- mode String
- Behavior of tenant session cookie. Accepts either "persistent" or "non-persistent".
TenantUniversalLogin, TenantUniversalLoginArgs
- Colors
Tenant
Universal Login Colors - Configuration settings for Universal Login colors.
- Colors
Tenant
Universal Login Colors - Configuration settings for Universal Login colors.
- colors
Tenant
Universal Login Colors - Configuration settings for Universal Login colors.
- colors
Tenant
Universal Login Colors - Configuration settings for Universal Login colors.
- colors
Tenant
Universal Login Colors - Configuration settings for Universal Login colors.
- colors Property Map
- Configuration settings for Universal Login colors.
TenantUniversalLoginColors, TenantUniversalLoginColorsArgs
- Page
Background string - Primary string
- Page
Background string - Primary string
- page
Background String - primary String
- page
Background string - primary string
- page_
background str - primary str
- page
Background String - primary String
Import
As this is not a resource identifiable by an ID within the Auth0 Management API, tenant can be imported using a random string. # We recommend Version 4 UUID # Example
$ pulumi import auth0:index/tenant:Tenant my_tenant 82f4f21b-017a-319d-92e7-2291c1ca36c4
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Auth0 pulumi/pulumi-auth0
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
auth0Terraform Provider.
Viewing docs for Auth0 v2.24.3 (Older version)
published on Monday, Mar 9, 2026 by Pulumi
published on Monday, Mar 9, 2026 by Pulumi
