1. Packages
  2. Azure Active Directory (Azure AD)
  3. API Docs
  4. Application
Azure Active Directory (Azure AD) v5.53.1 published on Monday, Jul 1, 2024 by Pulumi

azuread.Application

Explore with Pulumi AI

azuread logo
Azure Active Directory (Azure AD) v5.53.1 published on Monday, Jul 1, 2024 by Pulumi

    Example Usage

    Create an application

    import * as pulumi from "@pulumi/pulumi";
    import * as azuread from "@pulumi/azuread";
    import * as std from "@pulumi/std";
    
    const current = azuread.getClientConfig({});
    const example = new azuread.Application("example", {
        displayName: "example",
        identifierUris: ["api://example-app"],
        logoImage: std.filebase64({
            input: "/path/to/logo.png",
        }).then(invoke => invoke.result),
        owners: [current.then(current => current.objectId)],
        signInAudience: "AzureADMultipleOrgs",
        api: {
            mappedClaimsEnabled: true,
            requestedAccessTokenVersion: 2,
            knownClientApplications: [
                known1.applicationId,
                known2.applicationId,
            ],
            oauth2PermissionScopes: [
                {
                    adminConsentDescription: "Allow the application to access example on behalf of the signed-in user.",
                    adminConsentDisplayName: "Access example",
                    enabled: true,
                    id: "96183846-204b-4b43-82e1-5d2222eb4b9b",
                    type: "User",
                    userConsentDescription: "Allow the application to access example on your behalf.",
                    userConsentDisplayName: "Access example",
                    value: "user_impersonation",
                },
                {
                    adminConsentDescription: "Administer the example application",
                    adminConsentDisplayName: "Administer",
                    enabled: true,
                    id: "be98fa3e-ab5b-4b11-83d9-04ba2b7946bc",
                    type: "Admin",
                    value: "administer",
                },
            ],
        },
        appRoles: [
            {
                allowedMemberTypes: [
                    "User",
                    "Application",
                ],
                description: "Admins can manage roles and perform all task actions",
                displayName: "Admin",
                enabled: true,
                id: "1b19509b-32b1-4e9f-b71d-4992aa991967",
                value: "admin",
            },
            {
                allowedMemberTypes: ["User"],
                description: "ReadOnly roles have limited query access",
                displayName: "ReadOnly",
                enabled: true,
                id: "497406e4-012a-4267-bf18-45a1cb148a01",
                value: "User",
            },
        ],
        featureTags: [{
            enterprise: true,
            gallery: true,
        }],
        optionalClaims: {
            accessTokens: [
                {
                    name: "myclaim",
                },
                {
                    name: "otherclaim",
                },
            ],
            idTokens: [{
                name: "userclaim",
                source: "user",
                essential: true,
                additionalProperties: ["emit_as_roles"],
            }],
            saml2Tokens: [{
                name: "samlexample",
            }],
        },
        requiredResourceAccesses: [
            {
                resourceAppId: "00000003-0000-0000-c000-000000000000",
                resourceAccesses: [
                    {
                        id: "df021288-bdef-4463-88db-98f22de89214",
                        type: "Role",
                    },
                    {
                        id: "b4e74841-8e56-480b-be8b-910348b18b4c",
                        type: "Scope",
                    },
                ],
            },
            {
                resourceAppId: "c5393580-f805-4401-95e8-94b7a6ef2fc2",
                resourceAccesses: [{
                    id: "594c1fb6-4f81-4475-ae41-0c394909246c",
                    type: "Role",
                }],
            },
        ],
        web: {
            homepageUrl: "https://app.example.net",
            logoutUrl: "https://app.example.net/logout",
            redirectUris: ["https://app.example.net/account"],
            implicitGrant: {
                accessTokenIssuanceEnabled: true,
                idTokenIssuanceEnabled: true,
            },
        },
    });
    
    import pulumi
    import pulumi_azuread as azuread
    import pulumi_std as std
    
    current = azuread.get_client_config()
    example = azuread.Application("example",
        display_name="example",
        identifier_uris=["api://example-app"],
        logo_image=std.filebase64(input="/path/to/logo.png").result,
        owners=[current.object_id],
        sign_in_audience="AzureADMultipleOrgs",
        api=azuread.ApplicationApiArgs(
            mapped_claims_enabled=True,
            requested_access_token_version=2,
            known_client_applications=[
                known1["applicationId"],
                known2["applicationId"],
            ],
            oauth2_permission_scopes=[
                azuread.ApplicationApiOauth2PermissionScopeArgs(
                    admin_consent_description="Allow the application to access example on behalf of the signed-in user.",
                    admin_consent_display_name="Access example",
                    enabled=True,
                    id="96183846-204b-4b43-82e1-5d2222eb4b9b",
                    type="User",
                    user_consent_description="Allow the application to access example on your behalf.",
                    user_consent_display_name="Access example",
                    value="user_impersonation",
                ),
                azuread.ApplicationApiOauth2PermissionScopeArgs(
                    admin_consent_description="Administer the example application",
                    admin_consent_display_name="Administer",
                    enabled=True,
                    id="be98fa3e-ab5b-4b11-83d9-04ba2b7946bc",
                    type="Admin",
                    value="administer",
                ),
            ],
        ),
        app_roles=[
            azuread.ApplicationAppRoleArgs(
                allowed_member_types=[
                    "User",
                    "Application",
                ],
                description="Admins can manage roles and perform all task actions",
                display_name="Admin",
                enabled=True,
                id="1b19509b-32b1-4e9f-b71d-4992aa991967",
                value="admin",
            ),
            azuread.ApplicationAppRoleArgs(
                allowed_member_types=["User"],
                description="ReadOnly roles have limited query access",
                display_name="ReadOnly",
                enabled=True,
                id="497406e4-012a-4267-bf18-45a1cb148a01",
                value="User",
            ),
        ],
        feature_tags=[azuread.ApplicationFeatureTagArgs(
            enterprise=True,
            gallery=True,
        )],
        optional_claims=azuread.ApplicationOptionalClaimsArgs(
            access_tokens=[
                azuread.ApplicationOptionalClaimsAccessTokenArgs(
                    name="myclaim",
                ),
                azuread.ApplicationOptionalClaimsAccessTokenArgs(
                    name="otherclaim",
                ),
            ],
            id_tokens=[azuread.ApplicationOptionalClaimsIdTokenArgs(
                name="userclaim",
                source="user",
                essential=True,
                additional_properties=["emit_as_roles"],
            )],
            saml2_tokens=[azuread.ApplicationOptionalClaimsSaml2TokenArgs(
                name="samlexample",
            )],
        ),
        required_resource_accesses=[
            azuread.ApplicationRequiredResourceAccessArgs(
                resource_app_id="00000003-0000-0000-c000-000000000000",
                resource_accesses=[
                    azuread.ApplicationRequiredResourceAccessResourceAccessArgs(
                        id="df021288-bdef-4463-88db-98f22de89214",
                        type="Role",
                    ),
                    azuread.ApplicationRequiredResourceAccessResourceAccessArgs(
                        id="b4e74841-8e56-480b-be8b-910348b18b4c",
                        type="Scope",
                    ),
                ],
            ),
            azuread.ApplicationRequiredResourceAccessArgs(
                resource_app_id="c5393580-f805-4401-95e8-94b7a6ef2fc2",
                resource_accesses=[azuread.ApplicationRequiredResourceAccessResourceAccessArgs(
                    id="594c1fb6-4f81-4475-ae41-0c394909246c",
                    type="Role",
                )],
            ),
        ],
        web=azuread.ApplicationWebArgs(
            homepage_url="https://app.example.net",
            logout_url="https://app.example.net/logout",
            redirect_uris=["https://app.example.net/account"],
            implicit_grant=azuread.ApplicationWebImplicitGrantArgs(
                access_token_issuance_enabled=True,
                id_token_issuance_enabled=True,
            ),
        ))
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread"
    	"github.com/pulumi/pulumi-std/sdk/go/std"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		current, err := azuread.GetClientConfig(ctx, nil, nil)
    		if err != nil {
    			return err
    		}
    		invokeFilebase64, err := std.Filebase64(ctx, &std.Filebase64Args{
    			Input: "/path/to/logo.png",
    		}, nil)
    		if err != nil {
    			return err
    		}
    		_, err = azuread.NewApplication(ctx, "example", &azuread.ApplicationArgs{
    			DisplayName: pulumi.String("example"),
    			IdentifierUris: pulumi.StringArray{
    				pulumi.String("api://example-app"),
    			},
    			LogoImage: invokeFilebase64.Result,
    			Owners: pulumi.StringArray{
    				pulumi.String(current.ObjectId),
    			},
    			SignInAudience: pulumi.String("AzureADMultipleOrgs"),
    			Api: &azuread.ApplicationApiArgs{
    				MappedClaimsEnabled:         pulumi.Bool(true),
    				RequestedAccessTokenVersion: pulumi.Int(2),
    				KnownClientApplications: pulumi.StringArray{
    					known1.ApplicationId,
    					known2.ApplicationId,
    				},
    				Oauth2PermissionScopes: azuread.ApplicationApiOauth2PermissionScopeArray{
    					&azuread.ApplicationApiOauth2PermissionScopeArgs{
    						AdminConsentDescription: pulumi.String("Allow the application to access example on behalf of the signed-in user."),
    						AdminConsentDisplayName: pulumi.String("Access example"),
    						Enabled:                 pulumi.Bool(true),
    						Id:                      pulumi.String("96183846-204b-4b43-82e1-5d2222eb4b9b"),
    						Type:                    pulumi.String("User"),
    						UserConsentDescription:  pulumi.String("Allow the application to access example on your behalf."),
    						UserConsentDisplayName:  pulumi.String("Access example"),
    						Value:                   pulumi.String("user_impersonation"),
    					},
    					&azuread.ApplicationApiOauth2PermissionScopeArgs{
    						AdminConsentDescription: pulumi.String("Administer the example application"),
    						AdminConsentDisplayName: pulumi.String("Administer"),
    						Enabled:                 pulumi.Bool(true),
    						Id:                      pulumi.String("be98fa3e-ab5b-4b11-83d9-04ba2b7946bc"),
    						Type:                    pulumi.String("Admin"),
    						Value:                   pulumi.String("administer"),
    					},
    				},
    			},
    			AppRoles: azuread.ApplicationAppRoleTypeArray{
    				&azuread.ApplicationAppRoleTypeArgs{
    					AllowedMemberTypes: pulumi.StringArray{
    						pulumi.String("User"),
    						pulumi.String("Application"),
    					},
    					Description: pulumi.String("Admins can manage roles and perform all task actions"),
    					DisplayName: pulumi.String("Admin"),
    					Enabled:     pulumi.Bool(true),
    					Id:          pulumi.String("1b19509b-32b1-4e9f-b71d-4992aa991967"),
    					Value:       pulumi.String("admin"),
    				},
    				&azuread.ApplicationAppRoleTypeArgs{
    					AllowedMemberTypes: pulumi.StringArray{
    						pulumi.String("User"),
    					},
    					Description: pulumi.String("ReadOnly roles have limited query access"),
    					DisplayName: pulumi.String("ReadOnly"),
    					Enabled:     pulumi.Bool(true),
    					Id:          pulumi.String("497406e4-012a-4267-bf18-45a1cb148a01"),
    					Value:       pulumi.String("User"),
    				},
    			},
    			FeatureTags: azuread.ApplicationFeatureTagArray{
    				&azuread.ApplicationFeatureTagArgs{
    					Enterprise: pulumi.Bool(true),
    					Gallery:    pulumi.Bool(true),
    				},
    			},
    			OptionalClaims: &azuread.ApplicationOptionalClaimsTypeArgs{
    				AccessTokens: azuread.ApplicationOptionalClaimsAccessTokenArray{
    					&azuread.ApplicationOptionalClaimsAccessTokenArgs{
    						Name: pulumi.String("myclaim"),
    					},
    					&azuread.ApplicationOptionalClaimsAccessTokenArgs{
    						Name: pulumi.String("otherclaim"),
    					},
    				},
    				IdTokens: azuread.ApplicationOptionalClaimsIdTokenArray{
    					&azuread.ApplicationOptionalClaimsIdTokenArgs{
    						Name:      pulumi.String("userclaim"),
    						Source:    pulumi.String("user"),
    						Essential: pulumi.Bool(true),
    						AdditionalProperties: pulumi.StringArray{
    							pulumi.String("emit_as_roles"),
    						},
    					},
    				},
    				Saml2Tokens: azuread.ApplicationOptionalClaimsSaml2TokenArray{
    					&azuread.ApplicationOptionalClaimsSaml2TokenArgs{
    						Name: pulumi.String("samlexample"),
    					},
    				},
    			},
    			RequiredResourceAccesses: azuread.ApplicationRequiredResourceAccessArray{
    				&azuread.ApplicationRequiredResourceAccessArgs{
    					ResourceAppId: pulumi.String("00000003-0000-0000-c000-000000000000"),
    					ResourceAccesses: azuread.ApplicationRequiredResourceAccessResourceAccessArray{
    						&azuread.ApplicationRequiredResourceAccessResourceAccessArgs{
    							Id:   pulumi.String("df021288-bdef-4463-88db-98f22de89214"),
    							Type: pulumi.String("Role"),
    						},
    						&azuread.ApplicationRequiredResourceAccessResourceAccessArgs{
    							Id:   pulumi.String("b4e74841-8e56-480b-be8b-910348b18b4c"),
    							Type: pulumi.String("Scope"),
    						},
    					},
    				},
    				&azuread.ApplicationRequiredResourceAccessArgs{
    					ResourceAppId: pulumi.String("c5393580-f805-4401-95e8-94b7a6ef2fc2"),
    					ResourceAccesses: azuread.ApplicationRequiredResourceAccessResourceAccessArray{
    						&azuread.ApplicationRequiredResourceAccessResourceAccessArgs{
    							Id:   pulumi.String("594c1fb6-4f81-4475-ae41-0c394909246c"),
    							Type: pulumi.String("Role"),
    						},
    					},
    				},
    			},
    			Web: &azuread.ApplicationWebArgs{
    				HomepageUrl: pulumi.String("https://app.example.net"),
    				LogoutUrl:   pulumi.String("https://app.example.net/logout"),
    				RedirectUris: pulumi.StringArray{
    					pulumi.String("https://app.example.net/account"),
    				},
    				ImplicitGrant: &azuread.ApplicationWebImplicitGrantArgs{
    					AccessTokenIssuanceEnabled: pulumi.Bool(true),
    					IdTokenIssuanceEnabled:     pulumi.Bool(true),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AzureAD = Pulumi.AzureAD;
    using Std = Pulumi.Std;
    
    return await Deployment.RunAsync(() => 
    {
        var current = AzureAD.GetClientConfig.Invoke();
    
        var example = new AzureAD.Application("example", new()
        {
            DisplayName = "example",
            IdentifierUris = new[]
            {
                "api://example-app",
            },
            LogoImage = Std.Filebase64.Invoke(new()
            {
                Input = "/path/to/logo.png",
            }).Apply(invoke => invoke.Result),
            Owners = new[]
            {
                current.Apply(getClientConfigResult => getClientConfigResult.ObjectId),
            },
            SignInAudience = "AzureADMultipleOrgs",
            Api = new AzureAD.Inputs.ApplicationApiArgs
            {
                MappedClaimsEnabled = true,
                RequestedAccessTokenVersion = 2,
                KnownClientApplications = new[]
                {
                    known1.ApplicationId,
                    known2.ApplicationId,
                },
                Oauth2PermissionScopes = new[]
                {
                    new AzureAD.Inputs.ApplicationApiOauth2PermissionScopeArgs
                    {
                        AdminConsentDescription = "Allow the application to access example on behalf of the signed-in user.",
                        AdminConsentDisplayName = "Access example",
                        Enabled = true,
                        Id = "96183846-204b-4b43-82e1-5d2222eb4b9b",
                        Type = "User",
                        UserConsentDescription = "Allow the application to access example on your behalf.",
                        UserConsentDisplayName = "Access example",
                        Value = "user_impersonation",
                    },
                    new AzureAD.Inputs.ApplicationApiOauth2PermissionScopeArgs
                    {
                        AdminConsentDescription = "Administer the example application",
                        AdminConsentDisplayName = "Administer",
                        Enabled = true,
                        Id = "be98fa3e-ab5b-4b11-83d9-04ba2b7946bc",
                        Type = "Admin",
                        Value = "administer",
                    },
                },
            },
            AppRoles = new[]
            {
                new AzureAD.Inputs.ApplicationAppRoleArgs
                {
                    AllowedMemberTypes = new[]
                    {
                        "User",
                        "Application",
                    },
                    Description = "Admins can manage roles and perform all task actions",
                    DisplayName = "Admin",
                    Enabled = true,
                    Id = "1b19509b-32b1-4e9f-b71d-4992aa991967",
                    Value = "admin",
                },
                new AzureAD.Inputs.ApplicationAppRoleArgs
                {
                    AllowedMemberTypes = new[]
                    {
                        "User",
                    },
                    Description = "ReadOnly roles have limited query access",
                    DisplayName = "ReadOnly",
                    Enabled = true,
                    Id = "497406e4-012a-4267-bf18-45a1cb148a01",
                    Value = "User",
                },
            },
            FeatureTags = new[]
            {
                new AzureAD.Inputs.ApplicationFeatureTagArgs
                {
                    Enterprise = true,
                    Gallery = true,
                },
            },
            OptionalClaims = new AzureAD.Inputs.ApplicationOptionalClaimsArgs
            {
                AccessTokens = new[]
                {
                    new AzureAD.Inputs.ApplicationOptionalClaimsAccessTokenArgs
                    {
                        Name = "myclaim",
                    },
                    new AzureAD.Inputs.ApplicationOptionalClaimsAccessTokenArgs
                    {
                        Name = "otherclaim",
                    },
                },
                IdTokens = new[]
                {
                    new AzureAD.Inputs.ApplicationOptionalClaimsIdTokenArgs
                    {
                        Name = "userclaim",
                        Source = "user",
                        Essential = true,
                        AdditionalProperties = new[]
                        {
                            "emit_as_roles",
                        },
                    },
                },
                Saml2Tokens = new[]
                {
                    new AzureAD.Inputs.ApplicationOptionalClaimsSaml2TokenArgs
                    {
                        Name = "samlexample",
                    },
                },
            },
            RequiredResourceAccesses = new[]
            {
                new AzureAD.Inputs.ApplicationRequiredResourceAccessArgs
                {
                    ResourceAppId = "00000003-0000-0000-c000-000000000000",
                    ResourceAccesses = new[]
                    {
                        new AzureAD.Inputs.ApplicationRequiredResourceAccessResourceAccessArgs
                        {
                            Id = "df021288-bdef-4463-88db-98f22de89214",
                            Type = "Role",
                        },
                        new AzureAD.Inputs.ApplicationRequiredResourceAccessResourceAccessArgs
                        {
                            Id = "b4e74841-8e56-480b-be8b-910348b18b4c",
                            Type = "Scope",
                        },
                    },
                },
                new AzureAD.Inputs.ApplicationRequiredResourceAccessArgs
                {
                    ResourceAppId = "c5393580-f805-4401-95e8-94b7a6ef2fc2",
                    ResourceAccesses = new[]
                    {
                        new AzureAD.Inputs.ApplicationRequiredResourceAccessResourceAccessArgs
                        {
                            Id = "594c1fb6-4f81-4475-ae41-0c394909246c",
                            Type = "Role",
                        },
                    },
                },
            },
            Web = new AzureAD.Inputs.ApplicationWebArgs
            {
                HomepageUrl = "https://app.example.net",
                LogoutUrl = "https://app.example.net/logout",
                RedirectUris = new[]
                {
                    "https://app.example.net/account",
                },
                ImplicitGrant = new AzureAD.Inputs.ApplicationWebImplicitGrantArgs
                {
                    AccessTokenIssuanceEnabled = true,
                    IdTokenIssuanceEnabled = true,
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azuread.AzureadFunctions;
    import com.pulumi.azuread.Application;
    import com.pulumi.azuread.ApplicationArgs;
    import com.pulumi.azuread.inputs.ApplicationApiArgs;
    import com.pulumi.azuread.inputs.ApplicationAppRoleArgs;
    import com.pulumi.azuread.inputs.ApplicationFeatureTagArgs;
    import com.pulumi.azuread.inputs.ApplicationOptionalClaimsArgs;
    import com.pulumi.azuread.inputs.ApplicationRequiredResourceAccessArgs;
    import com.pulumi.azuread.inputs.ApplicationWebArgs;
    import com.pulumi.azuread.inputs.ApplicationWebImplicitGrantArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            final var current = AzureadFunctions.getClientConfig();
    
            var example = new Application("example", ApplicationArgs.builder()
                .displayName("example")
                .identifierUris("api://example-app")
                .logoImage(StdFunctions.filebase64(Filebase64Args.builder()
                    .input("/path/to/logo.png")
                    .build()).result())
                .owners(current.applyValue(getClientConfigResult -> getClientConfigResult.objectId()))
                .signInAudience("AzureADMultipleOrgs")
                .api(ApplicationApiArgs.builder()
                    .mappedClaimsEnabled(true)
                    .requestedAccessTokenVersion(2)
                    .knownClientApplications(                
                        known1.applicationId(),
                        known2.applicationId())
                    .oauth2PermissionScopes(                
                        ApplicationApiOauth2PermissionScopeArgs.builder()
                            .adminConsentDescription("Allow the application to access example on behalf of the signed-in user.")
                            .adminConsentDisplayName("Access example")
                            .enabled(true)
                            .id("96183846-204b-4b43-82e1-5d2222eb4b9b")
                            .type("User")
                            .userConsentDescription("Allow the application to access example on your behalf.")
                            .userConsentDisplayName("Access example")
                            .value("user_impersonation")
                            .build(),
                        ApplicationApiOauth2PermissionScopeArgs.builder()
                            .adminConsentDescription("Administer the example application")
                            .adminConsentDisplayName("Administer")
                            .enabled(true)
                            .id("be98fa3e-ab5b-4b11-83d9-04ba2b7946bc")
                            .type("Admin")
                            .value("administer")
                            .build())
                    .build())
                .appRoles(            
                    ApplicationAppRoleArgs.builder()
                        .allowedMemberTypes(                    
                            "User",
                            "Application")
                        .description("Admins can manage roles and perform all task actions")
                        .displayName("Admin")
                        .enabled(true)
                        .id("1b19509b-32b1-4e9f-b71d-4992aa991967")
                        .value("admin")
                        .build(),
                    ApplicationAppRoleArgs.builder()
                        .allowedMemberTypes("User")
                        .description("ReadOnly roles have limited query access")
                        .displayName("ReadOnly")
                        .enabled(true)
                        .id("497406e4-012a-4267-bf18-45a1cb148a01")
                        .value("User")
                        .build())
                .featureTags(ApplicationFeatureTagArgs.builder()
                    .enterprise(true)
                    .gallery(true)
                    .build())
                .optionalClaims(ApplicationOptionalClaimsArgs.builder()
                    .accessTokens(                
                        ApplicationOptionalClaimsAccessTokenArgs.builder()
                            .name("myclaim")
                            .build(),
                        ApplicationOptionalClaimsAccessTokenArgs.builder()
                            .name("otherclaim")
                            .build())
                    .idTokens(ApplicationOptionalClaimsIdTokenArgs.builder()
                        .name("userclaim")
                        .source("user")
                        .essential(true)
                        .additionalProperties("emit_as_roles")
                        .build())
                    .saml2Tokens(ApplicationOptionalClaimsSaml2TokenArgs.builder()
                        .name("samlexample")
                        .build())
                    .build())
                .requiredResourceAccesses(            
                    ApplicationRequiredResourceAccessArgs.builder()
                        .resourceAppId("00000003-0000-0000-c000-000000000000")
                        .resourceAccesses(                    
                            ApplicationRequiredResourceAccessResourceAccessArgs.builder()
                                .id("df021288-bdef-4463-88db-98f22de89214")
                                .type("Role")
                                .build(),
                            ApplicationRequiredResourceAccessResourceAccessArgs.builder()
                                .id("b4e74841-8e56-480b-be8b-910348b18b4c")
                                .type("Scope")
                                .build())
                        .build(),
                    ApplicationRequiredResourceAccessArgs.builder()
                        .resourceAppId("c5393580-f805-4401-95e8-94b7a6ef2fc2")
                        .resourceAccesses(ApplicationRequiredResourceAccessResourceAccessArgs.builder()
                            .id("594c1fb6-4f81-4475-ae41-0c394909246c")
                            .type("Role")
                            .build())
                        .build())
                .web(ApplicationWebArgs.builder()
                    .homepageUrl("https://app.example.net")
                    .logoutUrl("https://app.example.net/logout")
                    .redirectUris("https://app.example.net/account")
                    .implicitGrant(ApplicationWebImplicitGrantArgs.builder()
                        .accessTokenIssuanceEnabled(true)
                        .idTokenIssuanceEnabled(true)
                        .build())
                    .build())
                .build());
    
        }
    }
    
    resources:
      example:
        type: azuread:Application
        properties:
          displayName: example
          identifierUris:
            - api://example-app
          logoImage:
            fn::invoke:
              Function: std:filebase64
              Arguments:
                input: /path/to/logo.png
              Return: result
          owners:
            - ${current.objectId}
          signInAudience: AzureADMultipleOrgs
          api:
            mappedClaimsEnabled: true
            requestedAccessTokenVersion: 2
            knownClientApplications:
              - ${known1.applicationId}
              - ${known2.applicationId}
            oauth2PermissionScopes:
              - adminConsentDescription: Allow the application to access example on behalf of the signed-in user.
                adminConsentDisplayName: Access example
                enabled: true
                id: 96183846-204b-4b43-82e1-5d2222eb4b9b
                type: User
                userConsentDescription: Allow the application to access example on your behalf.
                userConsentDisplayName: Access example
                value: user_impersonation
              - adminConsentDescription: Administer the example application
                adminConsentDisplayName: Administer
                enabled: true
                id: be98fa3e-ab5b-4b11-83d9-04ba2b7946bc
                type: Admin
                value: administer
          appRoles:
            - allowedMemberTypes:
                - User
                - Application
              description: Admins can manage roles and perform all task actions
              displayName: Admin
              enabled: true
              id: 1b19509b-32b1-4e9f-b71d-4992aa991967
              value: admin
            - allowedMemberTypes:
                - User
              description: ReadOnly roles have limited query access
              displayName: ReadOnly
              enabled: true
              id: 497406e4-012a-4267-bf18-45a1cb148a01
              value: User
          featureTags:
            - enterprise: true
              gallery: true
          optionalClaims:
            accessTokens:
              - name: myclaim
              - name: otherclaim
            idTokens:
              - name: userclaim
                source: user
                essential: true
                additionalProperties:
                  - emit_as_roles
            saml2Tokens:
              - name: samlexample
          requiredResourceAccesses:
            - resourceAppId: 00000003-0000-0000-c000-000000000000
              resourceAccesses:
                - id: df021288-bdef-4463-88db-98f22de89214
                  type: Role
                - id: b4e74841-8e56-480b-be8b-910348b18b4c
                  type: Scope
            - resourceAppId: c5393580-f805-4401-95e8-94b7a6ef2fc2
              resourceAccesses:
                - id: 594c1fb6-4f81-4475-ae41-0c394909246c
                  type: Role
          web:
            homepageUrl: https://app.example.net
            logoutUrl: https://app.example.net/logout
            redirectUris:
              - https://app.example.net/account
            implicitGrant:
              accessTokenIssuanceEnabled: true
              idTokenIssuanceEnabled: true
    variables:
      current:
        fn::invoke:
          Function: azuread:getClientConfig
          Arguments: {}
    

    Create application and generate a password

    Create Application Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new Application(name: string, args: ApplicationArgs, opts?: CustomResourceOptions);
    @overload
    def Application(resource_name: str,
                    args: ApplicationArgs,
                    opts: Optional[ResourceOptions] = None)
    
    @overload
    def Application(resource_name: str,
                    opts: Optional[ResourceOptions] = None,
                    display_name: Optional[str] = None,
                    owners: Optional[Sequence[str]] = None,
                    web: Optional[ApplicationWebArgs] = None,
                    optional_claims: Optional[ApplicationOptionalClaimsArgs] = None,
                    app_roles: Optional[Sequence[ApplicationAppRoleArgs]] = None,
                    fallback_public_client_enabled: Optional[bool] = None,
                    feature_tags: Optional[Sequence[ApplicationFeatureTagArgs]] = None,
                    group_membership_claims: Optional[Sequence[str]] = None,
                    identifier_uris: Optional[Sequence[str]] = None,
                    logo_image: Optional[str] = None,
                    marketing_url: Optional[str] = None,
                    notes: Optional[str] = None,
                    oauth2_post_response_required: Optional[bool] = None,
                    device_only_auth_enabled: Optional[bool] = None,
                    description: Optional[str] = None,
                    single_page_application: Optional[ApplicationSinglePageApplicationArgs] = None,
                    prevent_duplicate_names: Optional[bool] = None,
                    privacy_statement_url: Optional[str] = None,
                    public_client: Optional[ApplicationPublicClientArgs] = None,
                    required_resource_accesses: Optional[Sequence[ApplicationRequiredResourceAccessArgs]] = None,
                    service_management_reference: Optional[str] = None,
                    sign_in_audience: Optional[str] = None,
                    password: Optional[ApplicationPasswordArgs] = None,
                    support_url: Optional[str] = None,
                    tags: Optional[Sequence[str]] = None,
                    template_id: Optional[str] = None,
                    terms_of_service_url: Optional[str] = None,
                    api: Optional[ApplicationApiArgs] = None)
    func NewApplication(ctx *Context, name string, args ApplicationArgs, opts ...ResourceOption) (*Application, error)
    public Application(string name, ApplicationArgs args, CustomResourceOptions? opts = null)
    public Application(String name, ApplicationArgs args)
    public Application(String name, ApplicationArgs args, CustomResourceOptions options)
    
    type: azuread:Application
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args ApplicationArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args ApplicationArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args ApplicationArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args ApplicationArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args ApplicationArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var applicationResource = new AzureAD.Application("applicationResource", new()
    {
        DisplayName = "string",
        Owners = new[]
        {
            "string",
        },
        Web = new AzureAD.Inputs.ApplicationWebArgs
        {
            HomepageUrl = "string",
            ImplicitGrant = new AzureAD.Inputs.ApplicationWebImplicitGrantArgs
            {
                AccessTokenIssuanceEnabled = false,
                IdTokenIssuanceEnabled = false,
            },
            LogoutUrl = "string",
            RedirectUris = new[]
            {
                "string",
            },
        },
        OptionalClaims = new AzureAD.Inputs.ApplicationOptionalClaimsArgs
        {
            AccessTokens = new[]
            {
                new AzureAD.Inputs.ApplicationOptionalClaimsAccessTokenArgs
                {
                    Name = "string",
                    AdditionalProperties = new[]
                    {
                        "string",
                    },
                    Essential = false,
                    Source = "string",
                },
            },
            IdTokens = new[]
            {
                new AzureAD.Inputs.ApplicationOptionalClaimsIdTokenArgs
                {
                    Name = "string",
                    AdditionalProperties = new[]
                    {
                        "string",
                    },
                    Essential = false,
                    Source = "string",
                },
            },
            Saml2Tokens = new[]
            {
                new AzureAD.Inputs.ApplicationOptionalClaimsSaml2TokenArgs
                {
                    Name = "string",
                    AdditionalProperties = new[]
                    {
                        "string",
                    },
                    Essential = false,
                    Source = "string",
                },
            },
        },
        AppRoles = new[]
        {
            new AzureAD.Inputs.ApplicationAppRoleArgs
            {
                AllowedMemberTypes = new[]
                {
                    "string",
                },
                Description = "string",
                DisplayName = "string",
                Id = "string",
                Enabled = false,
                Value = "string",
            },
        },
        FallbackPublicClientEnabled = false,
        FeatureTags = new[]
        {
            new AzureAD.Inputs.ApplicationFeatureTagArgs
            {
                CustomSingleSignOn = false,
                Enterprise = false,
                Gallery = false,
                Hide = false,
            },
        },
        GroupMembershipClaims = new[]
        {
            "string",
        },
        IdentifierUris = new[]
        {
            "string",
        },
        LogoImage = "string",
        MarketingUrl = "string",
        Notes = "string",
        Oauth2PostResponseRequired = false,
        DeviceOnlyAuthEnabled = false,
        Description = "string",
        SinglePageApplication = new AzureAD.Inputs.ApplicationSinglePageApplicationArgs
        {
            RedirectUris = new[]
            {
                "string",
            },
        },
        PreventDuplicateNames = false,
        PrivacyStatementUrl = "string",
        PublicClient = new AzureAD.Inputs.ApplicationPublicClientArgs
        {
            RedirectUris = new[]
            {
                "string",
            },
        },
        RequiredResourceAccesses = new[]
        {
            new AzureAD.Inputs.ApplicationRequiredResourceAccessArgs
            {
                ResourceAccesses = new[]
                {
                    new AzureAD.Inputs.ApplicationRequiredResourceAccessResourceAccessArgs
                    {
                        Id = "string",
                        Type = "string",
                    },
                },
                ResourceAppId = "string",
            },
        },
        ServiceManagementReference = "string",
        SignInAudience = "string",
        Password = new AzureAD.Inputs.ApplicationPasswordArgs
        {
            DisplayName = "string",
            EndDate = "string",
            KeyId = "string",
            StartDate = "string",
            Value = "string",
        },
        SupportUrl = "string",
        Tags = new[]
        {
            "string",
        },
        TemplateId = "string",
        TermsOfServiceUrl = "string",
        Api = new AzureAD.Inputs.ApplicationApiArgs
        {
            KnownClientApplications = new[]
            {
                "string",
            },
            MappedClaimsEnabled = false,
            Oauth2PermissionScopes = new[]
            {
                new AzureAD.Inputs.ApplicationApiOauth2PermissionScopeArgs
                {
                    Id = "string",
                    AdminConsentDescription = "string",
                    AdminConsentDisplayName = "string",
                    Enabled = false,
                    Type = "string",
                    UserConsentDescription = "string",
                    UserConsentDisplayName = "string",
                    Value = "string",
                },
            },
            RequestedAccessTokenVersion = 0,
        },
    });
    
    example, err := azuread.NewApplication(ctx, "applicationResource", &azuread.ApplicationArgs{
    	DisplayName: pulumi.String("string"),
    	Owners: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	Web: &azuread.ApplicationWebArgs{
    		HomepageUrl: pulumi.String("string"),
    		ImplicitGrant: &azuread.ApplicationWebImplicitGrantArgs{
    			AccessTokenIssuanceEnabled: pulumi.Bool(false),
    			IdTokenIssuanceEnabled:     pulumi.Bool(false),
    		},
    		LogoutUrl: pulumi.String("string"),
    		RedirectUris: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    	},
    	OptionalClaims: &azuread.ApplicationOptionalClaimsTypeArgs{
    		AccessTokens: azuread.ApplicationOptionalClaimsAccessTokenArray{
    			&azuread.ApplicationOptionalClaimsAccessTokenArgs{
    				Name: pulumi.String("string"),
    				AdditionalProperties: pulumi.StringArray{
    					pulumi.String("string"),
    				},
    				Essential: pulumi.Bool(false),
    				Source:    pulumi.String("string"),
    			},
    		},
    		IdTokens: azuread.ApplicationOptionalClaimsIdTokenArray{
    			&azuread.ApplicationOptionalClaimsIdTokenArgs{
    				Name: pulumi.String("string"),
    				AdditionalProperties: pulumi.StringArray{
    					pulumi.String("string"),
    				},
    				Essential: pulumi.Bool(false),
    				Source:    pulumi.String("string"),
    			},
    		},
    		Saml2Tokens: azuread.ApplicationOptionalClaimsSaml2TokenArray{
    			&azuread.ApplicationOptionalClaimsSaml2TokenArgs{
    				Name: pulumi.String("string"),
    				AdditionalProperties: pulumi.StringArray{
    					pulumi.String("string"),
    				},
    				Essential: pulumi.Bool(false),
    				Source:    pulumi.String("string"),
    			},
    		},
    	},
    	AppRoles: azuread.ApplicationAppRoleTypeArray{
    		&azuread.ApplicationAppRoleTypeArgs{
    			AllowedMemberTypes: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			Description: pulumi.String("string"),
    			DisplayName: pulumi.String("string"),
    			Id:          pulumi.String("string"),
    			Enabled:     pulumi.Bool(false),
    			Value:       pulumi.String("string"),
    		},
    	},
    	FallbackPublicClientEnabled: pulumi.Bool(false),
    	FeatureTags: azuread.ApplicationFeatureTagArray{
    		&azuread.ApplicationFeatureTagArgs{
    			CustomSingleSignOn: pulumi.Bool(false),
    			Enterprise:         pulumi.Bool(false),
    			Gallery:            pulumi.Bool(false),
    			Hide:               pulumi.Bool(false),
    		},
    	},
    	GroupMembershipClaims: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	IdentifierUris: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	LogoImage:                  pulumi.String("string"),
    	MarketingUrl:               pulumi.String("string"),
    	Notes:                      pulumi.String("string"),
    	Oauth2PostResponseRequired: pulumi.Bool(false),
    	DeviceOnlyAuthEnabled:      pulumi.Bool(false),
    	Description:                pulumi.String("string"),
    	SinglePageApplication: &azuread.ApplicationSinglePageApplicationArgs{
    		RedirectUris: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    	},
    	PreventDuplicateNames: pulumi.Bool(false),
    	PrivacyStatementUrl:   pulumi.String("string"),
    	PublicClient: &azuread.ApplicationPublicClientArgs{
    		RedirectUris: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    	},
    	RequiredResourceAccesses: azuread.ApplicationRequiredResourceAccessArray{
    		&azuread.ApplicationRequiredResourceAccessArgs{
    			ResourceAccesses: azuread.ApplicationRequiredResourceAccessResourceAccessArray{
    				&azuread.ApplicationRequiredResourceAccessResourceAccessArgs{
    					Id:   pulumi.String("string"),
    					Type: pulumi.String("string"),
    				},
    			},
    			ResourceAppId: pulumi.String("string"),
    		},
    	},
    	ServiceManagementReference: pulumi.String("string"),
    	SignInAudience:             pulumi.String("string"),
    	Password: &azuread.ApplicationPasswordTypeArgs{
    		DisplayName: pulumi.String("string"),
    		EndDate:     pulumi.String("string"),
    		KeyId:       pulumi.String("string"),
    		StartDate:   pulumi.String("string"),
    		Value:       pulumi.String("string"),
    	},
    	SupportUrl: pulumi.String("string"),
    	Tags: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	TemplateId:        pulumi.String("string"),
    	TermsOfServiceUrl: pulumi.String("string"),
    	Api: &azuread.ApplicationApiArgs{
    		KnownClientApplications: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		MappedClaimsEnabled: pulumi.Bool(false),
    		Oauth2PermissionScopes: azuread.ApplicationApiOauth2PermissionScopeArray{
    			&azuread.ApplicationApiOauth2PermissionScopeArgs{
    				Id:                      pulumi.String("string"),
    				AdminConsentDescription: pulumi.String("string"),
    				AdminConsentDisplayName: pulumi.String("string"),
    				Enabled:                 pulumi.Bool(false),
    				Type:                    pulumi.String("string"),
    				UserConsentDescription:  pulumi.String("string"),
    				UserConsentDisplayName:  pulumi.String("string"),
    				Value:                   pulumi.String("string"),
    			},
    		},
    		RequestedAccessTokenVersion: pulumi.Int(0),
    	},
    })
    
    var applicationResource = new Application("applicationResource", ApplicationArgs.builder()
        .displayName("string")
        .owners("string")
        .web(ApplicationWebArgs.builder()
            .homepageUrl("string")
            .implicitGrant(ApplicationWebImplicitGrantArgs.builder()
                .accessTokenIssuanceEnabled(false)
                .idTokenIssuanceEnabled(false)
                .build())
            .logoutUrl("string")
            .redirectUris("string")
            .build())
        .optionalClaims(ApplicationOptionalClaimsArgs.builder()
            .accessTokens(ApplicationOptionalClaimsAccessTokenArgs.builder()
                .name("string")
                .additionalProperties("string")
                .essential(false)
                .source("string")
                .build())
            .idTokens(ApplicationOptionalClaimsIdTokenArgs.builder()
                .name("string")
                .additionalProperties("string")
                .essential(false)
                .source("string")
                .build())
            .saml2Tokens(ApplicationOptionalClaimsSaml2TokenArgs.builder()
                .name("string")
                .additionalProperties("string")
                .essential(false)
                .source("string")
                .build())
            .build())
        .appRoles(ApplicationAppRoleArgs.builder()
            .allowedMemberTypes("string")
            .description("string")
            .displayName("string")
            .id("string")
            .enabled(false)
            .value("string")
            .build())
        .fallbackPublicClientEnabled(false)
        .featureTags(ApplicationFeatureTagArgs.builder()
            .customSingleSignOn(false)
            .enterprise(false)
            .gallery(false)
            .hide(false)
            .build())
        .groupMembershipClaims("string")
        .identifierUris("string")
        .logoImage("string")
        .marketingUrl("string")
        .notes("string")
        .oauth2PostResponseRequired(false)
        .deviceOnlyAuthEnabled(false)
        .description("string")
        .singlePageApplication(ApplicationSinglePageApplicationArgs.builder()
            .redirectUris("string")
            .build())
        .preventDuplicateNames(false)
        .privacyStatementUrl("string")
        .publicClient(ApplicationPublicClientArgs.builder()
            .redirectUris("string")
            .build())
        .requiredResourceAccesses(ApplicationRequiredResourceAccessArgs.builder()
            .resourceAccesses(ApplicationRequiredResourceAccessResourceAccessArgs.builder()
                .id("string")
                .type("string")
                .build())
            .resourceAppId("string")
            .build())
        .serviceManagementReference("string")
        .signInAudience("string")
        .password(ApplicationPasswordArgs.builder()
            .displayName("string")
            .endDate("string")
            .keyId("string")
            .startDate("string")
            .value("string")
            .build())
        .supportUrl("string")
        .tags("string")
        .templateId("string")
        .termsOfServiceUrl("string")
        .api(ApplicationApiArgs.builder()
            .knownClientApplications("string")
            .mappedClaimsEnabled(false)
            .oauth2PermissionScopes(ApplicationApiOauth2PermissionScopeArgs.builder()
                .id("string")
                .adminConsentDescription("string")
                .adminConsentDisplayName("string")
                .enabled(false)
                .type("string")
                .userConsentDescription("string")
                .userConsentDisplayName("string")
                .value("string")
                .build())
            .requestedAccessTokenVersion(0)
            .build())
        .build());
    
    application_resource = azuread.Application("applicationResource",
        display_name="string",
        owners=["string"],
        web=azuread.ApplicationWebArgs(
            homepage_url="string",
            implicit_grant=azuread.ApplicationWebImplicitGrantArgs(
                access_token_issuance_enabled=False,
                id_token_issuance_enabled=False,
            ),
            logout_url="string",
            redirect_uris=["string"],
        ),
        optional_claims=azuread.ApplicationOptionalClaimsArgs(
            access_tokens=[azuread.ApplicationOptionalClaimsAccessTokenArgs(
                name="string",
                additional_properties=["string"],
                essential=False,
                source="string",
            )],
            id_tokens=[azuread.ApplicationOptionalClaimsIdTokenArgs(
                name="string",
                additional_properties=["string"],
                essential=False,
                source="string",
            )],
            saml2_tokens=[azuread.ApplicationOptionalClaimsSaml2TokenArgs(
                name="string",
                additional_properties=["string"],
                essential=False,
                source="string",
            )],
        ),
        app_roles=[azuread.ApplicationAppRoleArgs(
            allowed_member_types=["string"],
            description="string",
            display_name="string",
            id="string",
            enabled=False,
            value="string",
        )],
        fallback_public_client_enabled=False,
        feature_tags=[azuread.ApplicationFeatureTagArgs(
            custom_single_sign_on=False,
            enterprise=False,
            gallery=False,
            hide=False,
        )],
        group_membership_claims=["string"],
        identifier_uris=["string"],
        logo_image="string",
        marketing_url="string",
        notes="string",
        oauth2_post_response_required=False,
        device_only_auth_enabled=False,
        description="string",
        single_page_application=azuread.ApplicationSinglePageApplicationArgs(
            redirect_uris=["string"],
        ),
        prevent_duplicate_names=False,
        privacy_statement_url="string",
        public_client=azuread.ApplicationPublicClientArgs(
            redirect_uris=["string"],
        ),
        required_resource_accesses=[azuread.ApplicationRequiredResourceAccessArgs(
            resource_accesses=[azuread.ApplicationRequiredResourceAccessResourceAccessArgs(
                id="string",
                type="string",
            )],
            resource_app_id="string",
        )],
        service_management_reference="string",
        sign_in_audience="string",
        password=azuread.ApplicationPasswordArgs(
            display_name="string",
            end_date="string",
            key_id="string",
            start_date="string",
            value="string",
        ),
        support_url="string",
        tags=["string"],
        template_id="string",
        terms_of_service_url="string",
        api=azuread.ApplicationApiArgs(
            known_client_applications=["string"],
            mapped_claims_enabled=False,
            oauth2_permission_scopes=[azuread.ApplicationApiOauth2PermissionScopeArgs(
                id="string",
                admin_consent_description="string",
                admin_consent_display_name="string",
                enabled=False,
                type="string",
                user_consent_description="string",
                user_consent_display_name="string",
                value="string",
            )],
            requested_access_token_version=0,
        ))
    
    const applicationResource = new azuread.Application("applicationResource", {
        displayName: "string",
        owners: ["string"],
        web: {
            homepageUrl: "string",
            implicitGrant: {
                accessTokenIssuanceEnabled: false,
                idTokenIssuanceEnabled: false,
            },
            logoutUrl: "string",
            redirectUris: ["string"],
        },
        optionalClaims: {
            accessTokens: [{
                name: "string",
                additionalProperties: ["string"],
                essential: false,
                source: "string",
            }],
            idTokens: [{
                name: "string",
                additionalProperties: ["string"],
                essential: false,
                source: "string",
            }],
            saml2Tokens: [{
                name: "string",
                additionalProperties: ["string"],
                essential: false,
                source: "string",
            }],
        },
        appRoles: [{
            allowedMemberTypes: ["string"],
            description: "string",
            displayName: "string",
            id: "string",
            enabled: false,
            value: "string",
        }],
        fallbackPublicClientEnabled: false,
        featureTags: [{
            customSingleSignOn: false,
            enterprise: false,
            gallery: false,
            hide: false,
        }],
        groupMembershipClaims: ["string"],
        identifierUris: ["string"],
        logoImage: "string",
        marketingUrl: "string",
        notes: "string",
        oauth2PostResponseRequired: false,
        deviceOnlyAuthEnabled: false,
        description: "string",
        singlePageApplication: {
            redirectUris: ["string"],
        },
        preventDuplicateNames: false,
        privacyStatementUrl: "string",
        publicClient: {
            redirectUris: ["string"],
        },
        requiredResourceAccesses: [{
            resourceAccesses: [{
                id: "string",
                type: "string",
            }],
            resourceAppId: "string",
        }],
        serviceManagementReference: "string",
        signInAudience: "string",
        password: {
            displayName: "string",
            endDate: "string",
            keyId: "string",
            startDate: "string",
            value: "string",
        },
        supportUrl: "string",
        tags: ["string"],
        templateId: "string",
        termsOfServiceUrl: "string",
        api: {
            knownClientApplications: ["string"],
            mappedClaimsEnabled: false,
            oauth2PermissionScopes: [{
                id: "string",
                adminConsentDescription: "string",
                adminConsentDisplayName: "string",
                enabled: false,
                type: "string",
                userConsentDescription: "string",
                userConsentDisplayName: "string",
                value: "string",
            }],
            requestedAccessTokenVersion: 0,
        },
    });
    
    type: azuread:Application
    properties:
        api:
            knownClientApplications:
                - string
            mappedClaimsEnabled: false
            oauth2PermissionScopes:
                - adminConsentDescription: string
                  adminConsentDisplayName: string
                  enabled: false
                  id: string
                  type: string
                  userConsentDescription: string
                  userConsentDisplayName: string
                  value: string
            requestedAccessTokenVersion: 0
        appRoles:
            - allowedMemberTypes:
                - string
              description: string
              displayName: string
              enabled: false
              id: string
              value: string
        description: string
        deviceOnlyAuthEnabled: false
        displayName: string
        fallbackPublicClientEnabled: false
        featureTags:
            - customSingleSignOn: false
              enterprise: false
              gallery: false
              hide: false
        groupMembershipClaims:
            - string
        identifierUris:
            - string
        logoImage: string
        marketingUrl: string
        notes: string
        oauth2PostResponseRequired: false
        optionalClaims:
            accessTokens:
                - additionalProperties:
                    - string
                  essential: false
                  name: string
                  source: string
            idTokens:
                - additionalProperties:
                    - string
                  essential: false
                  name: string
                  source: string
            saml2Tokens:
                - additionalProperties:
                    - string
                  essential: false
                  name: string
                  source: string
        owners:
            - string
        password:
            displayName: string
            endDate: string
            keyId: string
            startDate: string
            value: string
        preventDuplicateNames: false
        privacyStatementUrl: string
        publicClient:
            redirectUris:
                - string
        requiredResourceAccesses:
            - resourceAccesses:
                - id: string
                  type: string
              resourceAppId: string
        serviceManagementReference: string
        signInAudience: string
        singlePageApplication:
            redirectUris:
                - string
        supportUrl: string
        tags:
            - string
        templateId: string
        termsOfServiceUrl: string
        web:
            homepageUrl: string
            implicitGrant:
                accessTokenIssuanceEnabled: false
                idTokenIssuanceEnabled: false
            logoutUrl: string
            redirectUris:
                - string
    

    Application Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The Application resource accepts the following input properties:

    DisplayName string
    The display name for the application.
    Api Pulumi.AzureAD.Inputs.ApplicationApi
    An api block as documented below, which configures API related settings for this application.
    AppRoles List<Pulumi.AzureAD.Inputs.ApplicationAppRole>
    A collection of app_role blocks as documented below. For more information see official documentation on Application Roles.
    Description string
    A description of the application, as shown to end users.
    DeviceOnlyAuthEnabled bool
    Specifies whether this application supports device authentication without a user. Defaults to false.
    FallbackPublicClientEnabled bool
    Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI. Defaults to false.
    FeatureTags List<Pulumi.AzureAD.Inputs.ApplicationFeatureTag>

    A feature_tags block as described below. Cannot be used together with the tags property.

    Features and Tags Features are configured for an application using tags, and are provided as a shortcut to set the corresponding magic tag value for each feature. You cannot configure feature_tags and tags for an application at the same time, so if you need to assign additional custom tags it's recommended to use the tags property instead. Tag values also propagate to any linked service principals.

    GroupMembershipClaims List<string>
    A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are None, SecurityGroup, DirectoryRole, ApplicationGroup or All.
    IdentifierUris List<string>
    A set of user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant.
    LogoImage string
    A logo image to upload for the application, as a raw base64-encoded string. The image should be in gif, jpeg or png format. Note that once an image has been uploaded, it is not possible to remove it without replacing it with another image.
    MarketingUrl string
    URL of the application's marketing page.
    Notes string
    User-specified notes relevant for the management of the application.
    Oauth2PostResponseRequired bool
    Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests. Defaults to false, which specifies that only GET requests are allowed.
    OptionalClaims Pulumi.AzureAD.Inputs.ApplicationOptionalClaims
    An optional_claims block as documented below.
    Owners List<string>
    A list of object IDs of principals that will be granted ownership of the application
    Password Pulumi.AzureAD.Inputs.ApplicationPassword

    A single password block as documented below. The password is generated during creation. By default, no password is generated.

    Creating a Password The password block supports a single password for the application, and is provided so that a password can be generated when a new application is created. This helps to make new applications available for authentication more quickly. To add additional passwords to an application, see the azuread.ApplicationPassword resource.

    PreventDuplicateNames bool
    If true, will return an error if an existing application is found with the same name. Defaults to false.
    PrivacyStatementUrl string
    URL of the application's privacy statement.
    PublicClient Pulumi.AzureAD.Inputs.ApplicationPublicClient
    A public_client block as documented below, which configures non-web app or non-web API application settings, for example mobile or other public clients such as an installed application running on a desktop device.
    RequiredResourceAccesses List<Pulumi.AzureAD.Inputs.ApplicationRequiredResourceAccess>
    A collection of required_resource_access blocks as documented below.
    ServiceManagementReference string
    References application context information from a Service or Asset Management database.
    SignInAudience string

    The Microsoft account types that are supported for the current application. Must be one of AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount. Defaults to AzureADMyOrg.

    Changing sign_in_audience for existing applications When updating an existing application to use a sign_in_audience value of AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount, your configuration may no longer be valid. Refer to official documentation to understand the differences in supported configurations. Where possible, the provider will attempt to validate your configuration and try to avoid applying unsupported settings to your application.

    SinglePageApplication Pulumi.AzureAD.Inputs.ApplicationSinglePageApplication
    A single_page_application block as documented below, which configures single-page application (SPA) related settings for this application.
    SupportUrl string
    URL of the application's support page.
    Tags List<string>

    A set of tags to apply to the application for configuring specific behaviours of the application and linked service principals. Note that these are not provided for use by practitioners. Cannot be used together with the feature_tags block.

    Tags and Features Azure Active Directory uses special tag values to configure the behavior of applications. These can be specified using either the tags property or with the feature_tags block. If you need to set any custom tag values not supported by the feature_tags block, it's recommended to use the tags property. Tag values also propagate to any linked service principals.

    TemplateId string

    Unique ID for a templated application in the Azure AD App Gallery, from which to create the application. Changing this forces a new resource to be created.

    Tip for Gallery Applications This resource can be used to instantiate a gallery application, however it will also attempt to manage the properties of the resulting application. If this is not desired, consider using the azuread.ApplicationRegistration resource instead.

    TermsOfServiceUrl string
    URL of the application's terms of service statement.
    Web Pulumi.AzureAD.Inputs.ApplicationWeb

    A web block as documented below, which configures web related settings for this application.

    Application Name Uniqueness Application names are not unique within Azure Active Directory. Use the prevent_duplicate_names argument to check for existing applications if you want to avoid name collisions.

    DisplayName string
    The display name for the application.
    Api ApplicationApiArgs
    An api block as documented below, which configures API related settings for this application.
    AppRoles []ApplicationAppRoleTypeArgs
    A collection of app_role blocks as documented below. For more information see official documentation on Application Roles.
    Description string
    A description of the application, as shown to end users.
    DeviceOnlyAuthEnabled bool
    Specifies whether this application supports device authentication without a user. Defaults to false.
    FallbackPublicClientEnabled bool
    Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI. Defaults to false.
    FeatureTags []ApplicationFeatureTagArgs

    A feature_tags block as described below. Cannot be used together with the tags property.

    Features and Tags Features are configured for an application using tags, and are provided as a shortcut to set the corresponding magic tag value for each feature. You cannot configure feature_tags and tags for an application at the same time, so if you need to assign additional custom tags it's recommended to use the tags property instead. Tag values also propagate to any linked service principals.

    GroupMembershipClaims []string
    A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are None, SecurityGroup, DirectoryRole, ApplicationGroup or All.
    IdentifierUris []string
    A set of user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant.
    LogoImage string
    A logo image to upload for the application, as a raw base64-encoded string. The image should be in gif, jpeg or png format. Note that once an image has been uploaded, it is not possible to remove it without replacing it with another image.
    MarketingUrl string
    URL of the application's marketing page.
    Notes string
    User-specified notes relevant for the management of the application.
    Oauth2PostResponseRequired bool
    Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests. Defaults to false, which specifies that only GET requests are allowed.
    OptionalClaims ApplicationOptionalClaimsTypeArgs
    An optional_claims block as documented below.
    Owners []string
    A list of object IDs of principals that will be granted ownership of the application
    Password ApplicationPasswordTypeArgs

    A single password block as documented below. The password is generated during creation. By default, no password is generated.

    Creating a Password The password block supports a single password for the application, and is provided so that a password can be generated when a new application is created. This helps to make new applications available for authentication more quickly. To add additional passwords to an application, see the azuread.ApplicationPassword resource.

    PreventDuplicateNames bool
    If true, will return an error if an existing application is found with the same name. Defaults to false.
    PrivacyStatementUrl string
    URL of the application's privacy statement.
    PublicClient ApplicationPublicClientArgs
    A public_client block as documented below, which configures non-web app or non-web API application settings, for example mobile or other public clients such as an installed application running on a desktop device.
    RequiredResourceAccesses []ApplicationRequiredResourceAccessArgs
    A collection of required_resource_access blocks as documented below.
    ServiceManagementReference string
    References application context information from a Service or Asset Management database.
    SignInAudience string

    The Microsoft account types that are supported for the current application. Must be one of AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount. Defaults to AzureADMyOrg.

    Changing sign_in_audience for existing applications When updating an existing application to use a sign_in_audience value of AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount, your configuration may no longer be valid. Refer to official documentation to understand the differences in supported configurations. Where possible, the provider will attempt to validate your configuration and try to avoid applying unsupported settings to your application.

    SinglePageApplication ApplicationSinglePageApplicationArgs
    A single_page_application block as documented below, which configures single-page application (SPA) related settings for this application.
    SupportUrl string
    URL of the application's support page.
    Tags []string

    A set of tags to apply to the application for configuring specific behaviours of the application and linked service principals. Note that these are not provided for use by practitioners. Cannot be used together with the feature_tags block.

    Tags and Features Azure Active Directory uses special tag values to configure the behavior of applications. These can be specified using either the tags property or with the feature_tags block. If you need to set any custom tag values not supported by the feature_tags block, it's recommended to use the tags property. Tag values also propagate to any linked service principals.

    TemplateId string

    Unique ID for a templated application in the Azure AD App Gallery, from which to create the application. Changing this forces a new resource to be created.

    Tip for Gallery Applications This resource can be used to instantiate a gallery application, however it will also attempt to manage the properties of the resulting application. If this is not desired, consider using the azuread.ApplicationRegistration resource instead.

    TermsOfServiceUrl string
    URL of the application's terms of service statement.
    Web ApplicationWebArgs

    A web block as documented below, which configures web related settings for this application.

    Application Name Uniqueness Application names are not unique within Azure Active Directory. Use the prevent_duplicate_names argument to check for existing applications if you want to avoid name collisions.

    displayName String
    The display name for the application.
    api ApplicationApi
    An api block as documented below, which configures API related settings for this application.
    appRoles List<ApplicationAppRole>
    A collection of app_role blocks as documented below. For more information see official documentation on Application Roles.
    description String
    A description of the application, as shown to end users.
    deviceOnlyAuthEnabled Boolean
    Specifies whether this application supports device authentication without a user. Defaults to false.
    fallbackPublicClientEnabled Boolean
    Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI. Defaults to false.
    featureTags List<ApplicationFeatureTag>

    A feature_tags block as described below. Cannot be used together with the tags property.

    Features and Tags Features are configured for an application using tags, and are provided as a shortcut to set the corresponding magic tag value for each feature. You cannot configure feature_tags and tags for an application at the same time, so if you need to assign additional custom tags it's recommended to use the tags property instead. Tag values also propagate to any linked service principals.

    groupMembershipClaims List<String>
    A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are None, SecurityGroup, DirectoryRole, ApplicationGroup or All.
    identifierUris List<String>
    A set of user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant.
    logoImage String
    A logo image to upload for the application, as a raw base64-encoded string. The image should be in gif, jpeg or png format. Note that once an image has been uploaded, it is not possible to remove it without replacing it with another image.
    marketingUrl String
    URL of the application's marketing page.
    notes String
    User-specified notes relevant for the management of the application.
    oauth2PostResponseRequired Boolean
    Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests. Defaults to false, which specifies that only GET requests are allowed.
    optionalClaims ApplicationOptionalClaims
    An optional_claims block as documented below.
    owners List<String>
    A list of object IDs of principals that will be granted ownership of the application
    password ApplicationPassword

    A single password block as documented below. The password is generated during creation. By default, no password is generated.

    Creating a Password The password block supports a single password for the application, and is provided so that a password can be generated when a new application is created. This helps to make new applications available for authentication more quickly. To add additional passwords to an application, see the azuread.ApplicationPassword resource.

    preventDuplicateNames Boolean
    If true, will return an error if an existing application is found with the same name. Defaults to false.
    privacyStatementUrl String
    URL of the application's privacy statement.
    publicClient ApplicationPublicClient
    A public_client block as documented below, which configures non-web app or non-web API application settings, for example mobile or other public clients such as an installed application running on a desktop device.
    requiredResourceAccesses List<ApplicationRequiredResourceAccess>
    A collection of required_resource_access blocks as documented below.
    serviceManagementReference String
    References application context information from a Service or Asset Management database.
    signInAudience String

    The Microsoft account types that are supported for the current application. Must be one of AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount. Defaults to AzureADMyOrg.

    Changing sign_in_audience for existing applications When updating an existing application to use a sign_in_audience value of AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount, your configuration may no longer be valid. Refer to official documentation to understand the differences in supported configurations. Where possible, the provider will attempt to validate your configuration and try to avoid applying unsupported settings to your application.

    singlePageApplication ApplicationSinglePageApplication
    A single_page_application block as documented below, which configures single-page application (SPA) related settings for this application.
    supportUrl String
    URL of the application's support page.
    tags List<String>

    A set of tags to apply to the application for configuring specific behaviours of the application and linked service principals. Note that these are not provided for use by practitioners. Cannot be used together with the feature_tags block.

    Tags and Features Azure Active Directory uses special tag values to configure the behavior of applications. These can be specified using either the tags property or with the feature_tags block. If you need to set any custom tag values not supported by the feature_tags block, it's recommended to use the tags property. Tag values also propagate to any linked service principals.

    templateId String

    Unique ID for a templated application in the Azure AD App Gallery, from which to create the application. Changing this forces a new resource to be created.

    Tip for Gallery Applications This resource can be used to instantiate a gallery application, however it will also attempt to manage the properties of the resulting application. If this is not desired, consider using the azuread.ApplicationRegistration resource instead.

    termsOfServiceUrl String
    URL of the application's terms of service statement.
    web ApplicationWeb

    A web block as documented below, which configures web related settings for this application.

    Application Name Uniqueness Application names are not unique within Azure Active Directory. Use the prevent_duplicate_names argument to check for existing applications if you want to avoid name collisions.

    displayName string
    The display name for the application.
    api ApplicationApi
    An api block as documented below, which configures API related settings for this application.
    appRoles ApplicationAppRole[]
    A collection of app_role blocks as documented below. For more information see official documentation on Application Roles.
    description string
    A description of the application, as shown to end users.
    deviceOnlyAuthEnabled boolean
    Specifies whether this application supports device authentication without a user. Defaults to false.
    fallbackPublicClientEnabled boolean
    Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI. Defaults to false.
    featureTags ApplicationFeatureTag[]

    A feature_tags block as described below. Cannot be used together with the tags property.

    Features and Tags Features are configured for an application using tags, and are provided as a shortcut to set the corresponding magic tag value for each feature. You cannot configure feature_tags and tags for an application at the same time, so if you need to assign additional custom tags it's recommended to use the tags property instead. Tag values also propagate to any linked service principals.

    groupMembershipClaims string[]
    A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are None, SecurityGroup, DirectoryRole, ApplicationGroup or All.
    identifierUris string[]
    A set of user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant.
    logoImage string
    A logo image to upload for the application, as a raw base64-encoded string. The image should be in gif, jpeg or png format. Note that once an image has been uploaded, it is not possible to remove it without replacing it with another image.
    marketingUrl string
    URL of the application's marketing page.
    notes string
    User-specified notes relevant for the management of the application.
    oauth2PostResponseRequired boolean
    Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests. Defaults to false, which specifies that only GET requests are allowed.
    optionalClaims ApplicationOptionalClaims
    An optional_claims block as documented below.
    owners string[]
    A list of object IDs of principals that will be granted ownership of the application
    password ApplicationPassword

    A single password block as documented below. The password is generated during creation. By default, no password is generated.

    Creating a Password The password block supports a single password for the application, and is provided so that a password can be generated when a new application is created. This helps to make new applications available for authentication more quickly. To add additional passwords to an application, see the azuread.ApplicationPassword resource.

    preventDuplicateNames boolean
    If true, will return an error if an existing application is found with the same name. Defaults to false.
    privacyStatementUrl string
    URL of the application's privacy statement.
    publicClient ApplicationPublicClient
    A public_client block as documented below, which configures non-web app or non-web API application settings, for example mobile or other public clients such as an installed application running on a desktop device.
    requiredResourceAccesses ApplicationRequiredResourceAccess[]
    A collection of required_resource_access blocks as documented below.
    serviceManagementReference string
    References application context information from a Service or Asset Management database.
    signInAudience string

    The Microsoft account types that are supported for the current application. Must be one of AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount. Defaults to AzureADMyOrg.

    Changing sign_in_audience for existing applications When updating an existing application to use a sign_in_audience value of AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount, your configuration may no longer be valid. Refer to official documentation to understand the differences in supported configurations. Where possible, the provider will attempt to validate your configuration and try to avoid applying unsupported settings to your application.

    singlePageApplication ApplicationSinglePageApplication
    A single_page_application block as documented below, which configures single-page application (SPA) related settings for this application.
    supportUrl string
    URL of the application's support page.
    tags string[]

    A set of tags to apply to the application for configuring specific behaviours of the application and linked service principals. Note that these are not provided for use by practitioners. Cannot be used together with the feature_tags block.

    Tags and Features Azure Active Directory uses special tag values to configure the behavior of applications. These can be specified using either the tags property or with the feature_tags block. If you need to set any custom tag values not supported by the feature_tags block, it's recommended to use the tags property. Tag values also propagate to any linked service principals.

    templateId string

    Unique ID for a templated application in the Azure AD App Gallery, from which to create the application. Changing this forces a new resource to be created.

    Tip for Gallery Applications This resource can be used to instantiate a gallery application, however it will also attempt to manage the properties of the resulting application. If this is not desired, consider using the azuread.ApplicationRegistration resource instead.

    termsOfServiceUrl string
    URL of the application's terms of service statement.
    web ApplicationWeb

    A web block as documented below, which configures web related settings for this application.

    Application Name Uniqueness Application names are not unique within Azure Active Directory. Use the prevent_duplicate_names argument to check for existing applications if you want to avoid name collisions.

    display_name str
    The display name for the application.
    api ApplicationApiArgs
    An api block as documented below, which configures API related settings for this application.
    app_roles Sequence[ApplicationAppRoleArgs]
    A collection of app_role blocks as documented below. For more information see official documentation on Application Roles.
    description str
    A description of the application, as shown to end users.
    device_only_auth_enabled bool
    Specifies whether this application supports device authentication without a user. Defaults to false.
    fallback_public_client_enabled bool
    Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI. Defaults to false.
    feature_tags Sequence[ApplicationFeatureTagArgs]

    A feature_tags block as described below. Cannot be used together with the tags property.

    Features and Tags Features are configured for an application using tags, and are provided as a shortcut to set the corresponding magic tag value for each feature. You cannot configure feature_tags and tags for an application at the same time, so if you need to assign additional custom tags it's recommended to use the tags property instead. Tag values also propagate to any linked service principals.

    group_membership_claims Sequence[str]
    A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are None, SecurityGroup, DirectoryRole, ApplicationGroup or All.
    identifier_uris Sequence[str]
    A set of user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant.
    logo_image str
    A logo image to upload for the application, as a raw base64-encoded string. The image should be in gif, jpeg or png format. Note that once an image has been uploaded, it is not possible to remove it without replacing it with another image.
    marketing_url str
    URL of the application's marketing page.
    notes str
    User-specified notes relevant for the management of the application.
    oauth2_post_response_required bool
    Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests. Defaults to false, which specifies that only GET requests are allowed.
    optional_claims ApplicationOptionalClaimsArgs
    An optional_claims block as documented below.
    owners Sequence[str]
    A list of object IDs of principals that will be granted ownership of the application
    password ApplicationPasswordArgs

    A single password block as documented below. The password is generated during creation. By default, no password is generated.

    Creating a Password The password block supports a single password for the application, and is provided so that a password can be generated when a new application is created. This helps to make new applications available for authentication more quickly. To add additional passwords to an application, see the azuread.ApplicationPassword resource.

    prevent_duplicate_names bool
    If true, will return an error if an existing application is found with the same name. Defaults to false.
    privacy_statement_url str
    URL of the application's privacy statement.
    public_client ApplicationPublicClientArgs
    A public_client block as documented below, which configures non-web app or non-web API application settings, for example mobile or other public clients such as an installed application running on a desktop device.
    required_resource_accesses Sequence[ApplicationRequiredResourceAccessArgs]
    A collection of required_resource_access blocks as documented below.
    service_management_reference str
    References application context information from a Service or Asset Management database.
    sign_in_audience str

    The Microsoft account types that are supported for the current application. Must be one of AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount. Defaults to AzureADMyOrg.

    Changing sign_in_audience for existing applications When updating an existing application to use a sign_in_audience value of AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount, your configuration may no longer be valid. Refer to official documentation to understand the differences in supported configurations. Where possible, the provider will attempt to validate your configuration and try to avoid applying unsupported settings to your application.

    single_page_application ApplicationSinglePageApplicationArgs
    A single_page_application block as documented below, which configures single-page application (SPA) related settings for this application.
    support_url str
    URL of the application's support page.
    tags Sequence[str]

    A set of tags to apply to the application for configuring specific behaviours of the application and linked service principals. Note that these are not provided for use by practitioners. Cannot be used together with the feature_tags block.

    Tags and Features Azure Active Directory uses special tag values to configure the behavior of applications. These can be specified using either the tags property or with the feature_tags block. If you need to set any custom tag values not supported by the feature_tags block, it's recommended to use the tags property. Tag values also propagate to any linked service principals.

    template_id str

    Unique ID for a templated application in the Azure AD App Gallery, from which to create the application. Changing this forces a new resource to be created.

    Tip for Gallery Applications This resource can be used to instantiate a gallery application, however it will also attempt to manage the properties of the resulting application. If this is not desired, consider using the azuread.ApplicationRegistration resource instead.

    terms_of_service_url str
    URL of the application's terms of service statement.
    web ApplicationWebArgs

    A web block as documented below, which configures web related settings for this application.

    Application Name Uniqueness Application names are not unique within Azure Active Directory. Use the prevent_duplicate_names argument to check for existing applications if you want to avoid name collisions.

    displayName String
    The display name for the application.
    api Property Map
    An api block as documented below, which configures API related settings for this application.
    appRoles List<Property Map>
    A collection of app_role blocks as documented below. For more information see official documentation on Application Roles.
    description String
    A description of the application, as shown to end users.
    deviceOnlyAuthEnabled Boolean
    Specifies whether this application supports device authentication without a user. Defaults to false.
    fallbackPublicClientEnabled Boolean
    Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI. Defaults to false.
    featureTags List<Property Map>

    A feature_tags block as described below. Cannot be used together with the tags property.

    Features and Tags Features are configured for an application using tags, and are provided as a shortcut to set the corresponding magic tag value for each feature. You cannot configure feature_tags and tags for an application at the same time, so if you need to assign additional custom tags it's recommended to use the tags property instead. Tag values also propagate to any linked service principals.

    groupMembershipClaims List<String>
    A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are None, SecurityGroup, DirectoryRole, ApplicationGroup or All.
    identifierUris List<String>
    A set of user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant.
    logoImage String
    A logo image to upload for the application, as a raw base64-encoded string. The image should be in gif, jpeg or png format. Note that once an image has been uploaded, it is not possible to remove it without replacing it with another image.
    marketingUrl String
    URL of the application's marketing page.
    notes String
    User-specified notes relevant for the management of the application.
    oauth2PostResponseRequired Boolean
    Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests. Defaults to false, which specifies that only GET requests are allowed.
    optionalClaims Property Map
    An optional_claims block as documented below.
    owners List<String>
    A list of object IDs of principals that will be granted ownership of the application
    password Property Map

    A single password block as documented below. The password is generated during creation. By default, no password is generated.

    Creating a Password The password block supports a single password for the application, and is provided so that a password can be generated when a new application is created. This helps to make new applications available for authentication more quickly. To add additional passwords to an application, see the azuread.ApplicationPassword resource.

    preventDuplicateNames Boolean
    If true, will return an error if an existing application is found with the same name. Defaults to false.
    privacyStatementUrl String
    URL of the application's privacy statement.
    publicClient Property Map
    A public_client block as documented below, which configures non-web app or non-web API application settings, for example mobile or other public clients such as an installed application running on a desktop device.
    requiredResourceAccesses List<Property Map>
    A collection of required_resource_access blocks as documented below.
    serviceManagementReference String
    References application context information from a Service or Asset Management database.
    signInAudience String

    The Microsoft account types that are supported for the current application. Must be one of AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount. Defaults to AzureADMyOrg.

    Changing sign_in_audience for existing applications When updating an existing application to use a sign_in_audience value of AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount, your configuration may no longer be valid. Refer to official documentation to understand the differences in supported configurations. Where possible, the provider will attempt to validate your configuration and try to avoid applying unsupported settings to your application.

    singlePageApplication Property Map
    A single_page_application block as documented below, which configures single-page application (SPA) related settings for this application.
    supportUrl String
    URL of the application's support page.
    tags List<String>

    A set of tags to apply to the application for configuring specific behaviours of the application and linked service principals. Note that these are not provided for use by practitioners. Cannot be used together with the feature_tags block.

    Tags and Features Azure Active Directory uses special tag values to configure the behavior of applications. These can be specified using either the tags property or with the feature_tags block. If you need to set any custom tag values not supported by the feature_tags block, it's recommended to use the tags property. Tag values also propagate to any linked service principals.

    templateId String

    Unique ID for a templated application in the Azure AD App Gallery, from which to create the application. Changing this forces a new resource to be created.

    Tip for Gallery Applications This resource can be used to instantiate a gallery application, however it will also attempt to manage the properties of the resulting application. If this is not desired, consider using the azuread.ApplicationRegistration resource instead.

    termsOfServiceUrl String
    URL of the application's terms of service statement.
    web Property Map

    A web block as documented below, which configures web related settings for this application.

    Application Name Uniqueness Application names are not unique within Azure Active Directory. Use the prevent_duplicate_names argument to check for existing applications if you want to avoid name collisions.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Application resource produces the following output properties:

    AppRoleIds Dictionary<string, string>
    A mapping of app role values to app role IDs, intended to be useful when referencing app roles in other resources in your configuration.
    ApplicationId string
    The Application ID (also called Client ID)

    Deprecated: The application_id attribute has been replaced by the client_id attribute and will be removed in version 3.0 of the AzureAD provider

    ClientId string
    The Client ID for the application.
    DisabledByMicrosoft string
    Whether Microsoft has disabled the registered application. If the application is disabled, this will be a string indicating the status/reason, e.g. DisabledDueToViolationOfServicesAgreement
    Id string
    The provider-assigned unique ID for this managed resource.
    LogoUrl string
    CDN URL to the application's logo, as uploaded with the logo_image property.
    Oauth2PermissionScopeIds Dictionary<string, string>
    A mapping of OAuth2.0 permission scope values to scope IDs, intended to be useful when referencing permission scopes in other resources in your configuration.
    ObjectId string
    The application's object ID.
    PublisherDomain string
    The verified publisher domain for the application.
    AppRoleIds map[string]string
    A mapping of app role values to app role IDs, intended to be useful when referencing app roles in other resources in your configuration.
    ApplicationId string
    The Application ID (also called Client ID)

    Deprecated: The application_id attribute has been replaced by the client_id attribute and will be removed in version 3.0 of the AzureAD provider

    ClientId string
    The Client ID for the application.
    DisabledByMicrosoft string
    Whether Microsoft has disabled the registered application. If the application is disabled, this will be a string indicating the status/reason, e.g. DisabledDueToViolationOfServicesAgreement
    Id string
    The provider-assigned unique ID for this managed resource.
    LogoUrl string
    CDN URL to the application's logo, as uploaded with the logo_image property.
    Oauth2PermissionScopeIds map[string]string
    A mapping of OAuth2.0 permission scope values to scope IDs, intended to be useful when referencing permission scopes in other resources in your configuration.
    ObjectId string
    The application's object ID.
    PublisherDomain string
    The verified publisher domain for the application.
    appRoleIds Map<String,String>
    A mapping of app role values to app role IDs, intended to be useful when referencing app roles in other resources in your configuration.
    applicationId String
    The Application ID (also called Client ID)

    Deprecated: The application_id attribute has been replaced by the client_id attribute and will be removed in version 3.0 of the AzureAD provider

    clientId String
    The Client ID for the application.
    disabledByMicrosoft String
    Whether Microsoft has disabled the registered application. If the application is disabled, this will be a string indicating the status/reason, e.g. DisabledDueToViolationOfServicesAgreement
    id String
    The provider-assigned unique ID for this managed resource.
    logoUrl String
    CDN URL to the application's logo, as uploaded with the logo_image property.
    oauth2PermissionScopeIds Map<String,String>
    A mapping of OAuth2.0 permission scope values to scope IDs, intended to be useful when referencing permission scopes in other resources in your configuration.
    objectId String
    The application's object ID.
    publisherDomain String
    The verified publisher domain for the application.
    appRoleIds {[key: string]: string}
    A mapping of app role values to app role IDs, intended to be useful when referencing app roles in other resources in your configuration.
    applicationId string
    The Application ID (also called Client ID)

    Deprecated: The application_id attribute has been replaced by the client_id attribute and will be removed in version 3.0 of the AzureAD provider

    clientId string
    The Client ID for the application.
    disabledByMicrosoft string
    Whether Microsoft has disabled the registered application. If the application is disabled, this will be a string indicating the status/reason, e.g. DisabledDueToViolationOfServicesAgreement
    id string
    The provider-assigned unique ID for this managed resource.
    logoUrl string
    CDN URL to the application's logo, as uploaded with the logo_image property.
    oauth2PermissionScopeIds {[key: string]: string}
    A mapping of OAuth2.0 permission scope values to scope IDs, intended to be useful when referencing permission scopes in other resources in your configuration.
    objectId string
    The application's object ID.
    publisherDomain string
    The verified publisher domain for the application.
    app_role_ids Mapping[str, str]
    A mapping of app role values to app role IDs, intended to be useful when referencing app roles in other resources in your configuration.
    application_id str
    The Application ID (also called Client ID)

    Deprecated: The application_id attribute has been replaced by the client_id attribute and will be removed in version 3.0 of the AzureAD provider

    client_id str
    The Client ID for the application.
    disabled_by_microsoft str
    Whether Microsoft has disabled the registered application. If the application is disabled, this will be a string indicating the status/reason, e.g. DisabledDueToViolationOfServicesAgreement
    id str
    The provider-assigned unique ID for this managed resource.
    logo_url str
    CDN URL to the application's logo, as uploaded with the logo_image property.
    oauth2_permission_scope_ids Mapping[str, str]
    A mapping of OAuth2.0 permission scope values to scope IDs, intended to be useful when referencing permission scopes in other resources in your configuration.
    object_id str
    The application's object ID.
    publisher_domain str
    The verified publisher domain for the application.
    appRoleIds Map<String>
    A mapping of app role values to app role IDs, intended to be useful when referencing app roles in other resources in your configuration.
    applicationId String
    The Application ID (also called Client ID)

    Deprecated: The application_id attribute has been replaced by the client_id attribute and will be removed in version 3.0 of the AzureAD provider

    clientId String
    The Client ID for the application.
    disabledByMicrosoft String
    Whether Microsoft has disabled the registered application. If the application is disabled, this will be a string indicating the status/reason, e.g. DisabledDueToViolationOfServicesAgreement
    id String
    The provider-assigned unique ID for this managed resource.
    logoUrl String
    CDN URL to the application's logo, as uploaded with the logo_image property.
    oauth2PermissionScopeIds Map<String>
    A mapping of OAuth2.0 permission scope values to scope IDs, intended to be useful when referencing permission scopes in other resources in your configuration.
    objectId String
    The application's object ID.
    publisherDomain String
    The verified publisher domain for the application.

    Look up Existing Application Resource

    Get an existing Application resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: ApplicationState, opts?: CustomResourceOptions): Application
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            api: Optional[ApplicationApiArgs] = None,
            app_role_ids: Optional[Mapping[str, str]] = None,
            app_roles: Optional[Sequence[ApplicationAppRoleArgs]] = None,
            application_id: Optional[str] = None,
            client_id: Optional[str] = None,
            description: Optional[str] = None,
            device_only_auth_enabled: Optional[bool] = None,
            disabled_by_microsoft: Optional[str] = None,
            display_name: Optional[str] = None,
            fallback_public_client_enabled: Optional[bool] = None,
            feature_tags: Optional[Sequence[ApplicationFeatureTagArgs]] = None,
            group_membership_claims: Optional[Sequence[str]] = None,
            identifier_uris: Optional[Sequence[str]] = None,
            logo_image: Optional[str] = None,
            logo_url: Optional[str] = None,
            marketing_url: Optional[str] = None,
            notes: Optional[str] = None,
            oauth2_permission_scope_ids: Optional[Mapping[str, str]] = None,
            oauth2_post_response_required: Optional[bool] = None,
            object_id: Optional[str] = None,
            optional_claims: Optional[ApplicationOptionalClaimsArgs] = None,
            owners: Optional[Sequence[str]] = None,
            password: Optional[ApplicationPasswordArgs] = None,
            prevent_duplicate_names: Optional[bool] = None,
            privacy_statement_url: Optional[str] = None,
            public_client: Optional[ApplicationPublicClientArgs] = None,
            publisher_domain: Optional[str] = None,
            required_resource_accesses: Optional[Sequence[ApplicationRequiredResourceAccessArgs]] = None,
            service_management_reference: Optional[str] = None,
            sign_in_audience: Optional[str] = None,
            single_page_application: Optional[ApplicationSinglePageApplicationArgs] = None,
            support_url: Optional[str] = None,
            tags: Optional[Sequence[str]] = None,
            template_id: Optional[str] = None,
            terms_of_service_url: Optional[str] = None,
            web: Optional[ApplicationWebArgs] = None) -> Application
    func GetApplication(ctx *Context, name string, id IDInput, state *ApplicationState, opts ...ResourceOption) (*Application, error)
    public static Application Get(string name, Input<string> id, ApplicationState? state, CustomResourceOptions? opts = null)
    public static Application get(String name, Output<String> id, ApplicationState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Api Pulumi.AzureAD.Inputs.ApplicationApi
    An api block as documented below, which configures API related settings for this application.
    AppRoleIds Dictionary<string, string>
    A mapping of app role values to app role IDs, intended to be useful when referencing app roles in other resources in your configuration.
    AppRoles List<Pulumi.AzureAD.Inputs.ApplicationAppRole>
    A collection of app_role blocks as documented below. For more information see official documentation on Application Roles.
    ApplicationId string
    The Application ID (also called Client ID)

    Deprecated: The application_id attribute has been replaced by the client_id attribute and will be removed in version 3.0 of the AzureAD provider

    ClientId string
    The Client ID for the application.
    Description string
    A description of the application, as shown to end users.
    DeviceOnlyAuthEnabled bool
    Specifies whether this application supports device authentication without a user. Defaults to false.
    DisabledByMicrosoft string
    Whether Microsoft has disabled the registered application. If the application is disabled, this will be a string indicating the status/reason, e.g. DisabledDueToViolationOfServicesAgreement
    DisplayName string
    The display name for the application.
    FallbackPublicClientEnabled bool
    Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI. Defaults to false.
    FeatureTags List<Pulumi.AzureAD.Inputs.ApplicationFeatureTag>

    A feature_tags block as described below. Cannot be used together with the tags property.

    Features and Tags Features are configured for an application using tags, and are provided as a shortcut to set the corresponding magic tag value for each feature. You cannot configure feature_tags and tags for an application at the same time, so if you need to assign additional custom tags it's recommended to use the tags property instead. Tag values also propagate to any linked service principals.

    GroupMembershipClaims List<string>
    A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are None, SecurityGroup, DirectoryRole, ApplicationGroup or All.
    IdentifierUris List<string>
    A set of user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant.
    LogoImage string
    A logo image to upload for the application, as a raw base64-encoded string. The image should be in gif, jpeg or png format. Note that once an image has been uploaded, it is not possible to remove it without replacing it with another image.
    LogoUrl string
    CDN URL to the application's logo, as uploaded with the logo_image property.
    MarketingUrl string
    URL of the application's marketing page.
    Notes string
    User-specified notes relevant for the management of the application.
    Oauth2PermissionScopeIds Dictionary<string, string>
    A mapping of OAuth2.0 permission scope values to scope IDs, intended to be useful when referencing permission scopes in other resources in your configuration.
    Oauth2PostResponseRequired bool
    Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests. Defaults to false, which specifies that only GET requests are allowed.
    ObjectId string
    The application's object ID.
    OptionalClaims Pulumi.AzureAD.Inputs.ApplicationOptionalClaims
    An optional_claims block as documented below.
    Owners List<string>
    A list of object IDs of principals that will be granted ownership of the application
    Password Pulumi.AzureAD.Inputs.ApplicationPassword

    A single password block as documented below. The password is generated during creation. By default, no password is generated.

    Creating a Password The password block supports a single password for the application, and is provided so that a password can be generated when a new application is created. This helps to make new applications available for authentication more quickly. To add additional passwords to an application, see the azuread.ApplicationPassword resource.

    PreventDuplicateNames bool
    If true, will return an error if an existing application is found with the same name. Defaults to false.
    PrivacyStatementUrl string
    URL of the application's privacy statement.
    PublicClient Pulumi.AzureAD.Inputs.ApplicationPublicClient
    A public_client block as documented below, which configures non-web app or non-web API application settings, for example mobile or other public clients such as an installed application running on a desktop device.
    PublisherDomain string
    The verified publisher domain for the application.
    RequiredResourceAccesses List<Pulumi.AzureAD.Inputs.ApplicationRequiredResourceAccess>
    A collection of required_resource_access blocks as documented below.
    ServiceManagementReference string
    References application context information from a Service or Asset Management database.
    SignInAudience string

    The Microsoft account types that are supported for the current application. Must be one of AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount. Defaults to AzureADMyOrg.

    Changing sign_in_audience for existing applications When updating an existing application to use a sign_in_audience value of AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount, your configuration may no longer be valid. Refer to official documentation to understand the differences in supported configurations. Where possible, the provider will attempt to validate your configuration and try to avoid applying unsupported settings to your application.

    SinglePageApplication Pulumi.AzureAD.Inputs.ApplicationSinglePageApplication
    A single_page_application block as documented below, which configures single-page application (SPA) related settings for this application.
    SupportUrl string
    URL of the application's support page.
    Tags List<string>

    A set of tags to apply to the application for configuring specific behaviours of the application and linked service principals. Note that these are not provided for use by practitioners. Cannot be used together with the feature_tags block.

    Tags and Features Azure Active Directory uses special tag values to configure the behavior of applications. These can be specified using either the tags property or with the feature_tags block. If you need to set any custom tag values not supported by the feature_tags block, it's recommended to use the tags property. Tag values also propagate to any linked service principals.

    TemplateId string

    Unique ID for a templated application in the Azure AD App Gallery, from which to create the application. Changing this forces a new resource to be created.

    Tip for Gallery Applications This resource can be used to instantiate a gallery application, however it will also attempt to manage the properties of the resulting application. If this is not desired, consider using the azuread.ApplicationRegistration resource instead.

    TermsOfServiceUrl string
    URL of the application's terms of service statement.
    Web Pulumi.AzureAD.Inputs.ApplicationWeb

    A web block as documented below, which configures web related settings for this application.

    Application Name Uniqueness Application names are not unique within Azure Active Directory. Use the prevent_duplicate_names argument to check for existing applications if you want to avoid name collisions.

    Api ApplicationApiArgs
    An api block as documented below, which configures API related settings for this application.
    AppRoleIds map[string]string
    A mapping of app role values to app role IDs, intended to be useful when referencing app roles in other resources in your configuration.
    AppRoles []ApplicationAppRoleTypeArgs
    A collection of app_role blocks as documented below. For more information see official documentation on Application Roles.
    ApplicationId string
    The Application ID (also called Client ID)

    Deprecated: The application_id attribute has been replaced by the client_id attribute and will be removed in version 3.0 of the AzureAD provider

    ClientId string
    The Client ID for the application.
    Description string
    A description of the application, as shown to end users.
    DeviceOnlyAuthEnabled bool
    Specifies whether this application supports device authentication without a user. Defaults to false.
    DisabledByMicrosoft string
    Whether Microsoft has disabled the registered application. If the application is disabled, this will be a string indicating the status/reason, e.g. DisabledDueToViolationOfServicesAgreement
    DisplayName string
    The display name for the application.
    FallbackPublicClientEnabled bool
    Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI. Defaults to false.
    FeatureTags []ApplicationFeatureTagArgs

    A feature_tags block as described below. Cannot be used together with the tags property.

    Features and Tags Features are configured for an application using tags, and are provided as a shortcut to set the corresponding magic tag value for each feature. You cannot configure feature_tags and tags for an application at the same time, so if you need to assign additional custom tags it's recommended to use the tags property instead. Tag values also propagate to any linked service principals.

    GroupMembershipClaims []string
    A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are None, SecurityGroup, DirectoryRole, ApplicationGroup or All.
    IdentifierUris []string
    A set of user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant.
    LogoImage string
    A logo image to upload for the application, as a raw base64-encoded string. The image should be in gif, jpeg or png format. Note that once an image has been uploaded, it is not possible to remove it without replacing it with another image.
    LogoUrl string
    CDN URL to the application's logo, as uploaded with the logo_image property.
    MarketingUrl string
    URL of the application's marketing page.
    Notes string
    User-specified notes relevant for the management of the application.
    Oauth2PermissionScopeIds map[string]string
    A mapping of OAuth2.0 permission scope values to scope IDs, intended to be useful when referencing permission scopes in other resources in your configuration.
    Oauth2PostResponseRequired bool
    Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests. Defaults to false, which specifies that only GET requests are allowed.
    ObjectId string
    The application's object ID.
    OptionalClaims ApplicationOptionalClaimsTypeArgs
    An optional_claims block as documented below.
    Owners []string
    A list of object IDs of principals that will be granted ownership of the application
    Password ApplicationPasswordTypeArgs

    A single password block as documented below. The password is generated during creation. By default, no password is generated.

    Creating a Password The password block supports a single password for the application, and is provided so that a password can be generated when a new application is created. This helps to make new applications available for authentication more quickly. To add additional passwords to an application, see the azuread.ApplicationPassword resource.

    PreventDuplicateNames bool
    If true, will return an error if an existing application is found with the same name. Defaults to false.
    PrivacyStatementUrl string
    URL of the application's privacy statement.
    PublicClient ApplicationPublicClientArgs
    A public_client block as documented below, which configures non-web app or non-web API application settings, for example mobile or other public clients such as an installed application running on a desktop device.
    PublisherDomain string
    The verified publisher domain for the application.
    RequiredResourceAccesses []ApplicationRequiredResourceAccessArgs
    A collection of required_resource_access blocks as documented below.
    ServiceManagementReference string
    References application context information from a Service or Asset Management database.
    SignInAudience string

    The Microsoft account types that are supported for the current application. Must be one of AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount. Defaults to AzureADMyOrg.

    Changing sign_in_audience for existing applications When updating an existing application to use a sign_in_audience value of AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount, your configuration may no longer be valid. Refer to official documentation to understand the differences in supported configurations. Where possible, the provider will attempt to validate your configuration and try to avoid applying unsupported settings to your application.

    SinglePageApplication ApplicationSinglePageApplicationArgs
    A single_page_application block as documented below, which configures single-page application (SPA) related settings for this application.
    SupportUrl string
    URL of the application's support page.
    Tags []string

    A set of tags to apply to the application for configuring specific behaviours of the application and linked service principals. Note that these are not provided for use by practitioners. Cannot be used together with the feature_tags block.

    Tags and Features Azure Active Directory uses special tag values to configure the behavior of applications. These can be specified using either the tags property or with the feature_tags block. If you need to set any custom tag values not supported by the feature_tags block, it's recommended to use the tags property. Tag values also propagate to any linked service principals.

    TemplateId string

    Unique ID for a templated application in the Azure AD App Gallery, from which to create the application. Changing this forces a new resource to be created.

    Tip for Gallery Applications This resource can be used to instantiate a gallery application, however it will also attempt to manage the properties of the resulting application. If this is not desired, consider using the azuread.ApplicationRegistration resource instead.

    TermsOfServiceUrl string
    URL of the application's terms of service statement.
    Web ApplicationWebArgs

    A web block as documented below, which configures web related settings for this application.

    Application Name Uniqueness Application names are not unique within Azure Active Directory. Use the prevent_duplicate_names argument to check for existing applications if you want to avoid name collisions.

    api ApplicationApi
    An api block as documented below, which configures API related settings for this application.
    appRoleIds Map<String,String>
    A mapping of app role values to app role IDs, intended to be useful when referencing app roles in other resources in your configuration.
    appRoles List<ApplicationAppRole>
    A collection of app_role blocks as documented below. For more information see official documentation on Application Roles.
    applicationId String
    The Application ID (also called Client ID)

    Deprecated: The application_id attribute has been replaced by the client_id attribute and will be removed in version 3.0 of the AzureAD provider

    clientId String
    The Client ID for the application.
    description String
    A description of the application, as shown to end users.
    deviceOnlyAuthEnabled Boolean
    Specifies whether this application supports device authentication without a user. Defaults to false.
    disabledByMicrosoft String
    Whether Microsoft has disabled the registered application. If the application is disabled, this will be a string indicating the status/reason, e.g. DisabledDueToViolationOfServicesAgreement
    displayName String
    The display name for the application.
    fallbackPublicClientEnabled Boolean
    Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI. Defaults to false.
    featureTags List<ApplicationFeatureTag>

    A feature_tags block as described below. Cannot be used together with the tags property.

    Features and Tags Features are configured for an application using tags, and are provided as a shortcut to set the corresponding magic tag value for each feature. You cannot configure feature_tags and tags for an application at the same time, so if you need to assign additional custom tags it's recommended to use the tags property instead. Tag values also propagate to any linked service principals.

    groupMembershipClaims List<String>
    A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are None, SecurityGroup, DirectoryRole, ApplicationGroup or All.
    identifierUris List<String>
    A set of user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant.
    logoImage String
    A logo image to upload for the application, as a raw base64-encoded string. The image should be in gif, jpeg or png format. Note that once an image has been uploaded, it is not possible to remove it without replacing it with another image.
    logoUrl String
    CDN URL to the application's logo, as uploaded with the logo_image property.
    marketingUrl String
    URL of the application's marketing page.
    notes String
    User-specified notes relevant for the management of the application.
    oauth2PermissionScopeIds Map<String,String>
    A mapping of OAuth2.0 permission scope values to scope IDs, intended to be useful when referencing permission scopes in other resources in your configuration.
    oauth2PostResponseRequired Boolean
    Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests. Defaults to false, which specifies that only GET requests are allowed.
    objectId String
    The application's object ID.
    optionalClaims ApplicationOptionalClaims
    An optional_claims block as documented below.
    owners List<String>
    A list of object IDs of principals that will be granted ownership of the application
    password ApplicationPassword

    A single password block as documented below. The password is generated during creation. By default, no password is generated.

    Creating a Password The password block supports a single password for the application, and is provided so that a password can be generated when a new application is created. This helps to make new applications available for authentication more quickly. To add additional passwords to an application, see the azuread.ApplicationPassword resource.

    preventDuplicateNames Boolean
    If true, will return an error if an existing application is found with the same name. Defaults to false.
    privacyStatementUrl String
    URL of the application's privacy statement.
    publicClient ApplicationPublicClient
    A public_client block as documented below, which configures non-web app or non-web API application settings, for example mobile or other public clients such as an installed application running on a desktop device.
    publisherDomain String
    The verified publisher domain for the application.
    requiredResourceAccesses List<ApplicationRequiredResourceAccess>
    A collection of required_resource_access blocks as documented below.
    serviceManagementReference String
    References application context information from a Service or Asset Management database.
    signInAudience String

    The Microsoft account types that are supported for the current application. Must be one of AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount. Defaults to AzureADMyOrg.

    Changing sign_in_audience for existing applications When updating an existing application to use a sign_in_audience value of AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount, your configuration may no longer be valid. Refer to official documentation to understand the differences in supported configurations. Where possible, the provider will attempt to validate your configuration and try to avoid applying unsupported settings to your application.

    singlePageApplication ApplicationSinglePageApplication
    A single_page_application block as documented below, which configures single-page application (SPA) related settings for this application.
    supportUrl String
    URL of the application's support page.
    tags List<String>

    A set of tags to apply to the application for configuring specific behaviours of the application and linked service principals. Note that these are not provided for use by practitioners. Cannot be used together with the feature_tags block.

    Tags and Features Azure Active Directory uses special tag values to configure the behavior of applications. These can be specified using either the tags property or with the feature_tags block. If you need to set any custom tag values not supported by the feature_tags block, it's recommended to use the tags property. Tag values also propagate to any linked service principals.

    templateId String

    Unique ID for a templated application in the Azure AD App Gallery, from which to create the application. Changing this forces a new resource to be created.

    Tip for Gallery Applications This resource can be used to instantiate a gallery application, however it will also attempt to manage the properties of the resulting application. If this is not desired, consider using the azuread.ApplicationRegistration resource instead.

    termsOfServiceUrl String
    URL of the application's terms of service statement.
    web ApplicationWeb

    A web block as documented below, which configures web related settings for this application.

    Application Name Uniqueness Application names are not unique within Azure Active Directory. Use the prevent_duplicate_names argument to check for existing applications if you want to avoid name collisions.

    api ApplicationApi
    An api block as documented below, which configures API related settings for this application.
    appRoleIds {[key: string]: string}
    A mapping of app role values to app role IDs, intended to be useful when referencing app roles in other resources in your configuration.
    appRoles ApplicationAppRole[]
    A collection of app_role blocks as documented below. For more information see official documentation on Application Roles.
    applicationId string
    The Application ID (also called Client ID)

    Deprecated: The application_id attribute has been replaced by the client_id attribute and will be removed in version 3.0 of the AzureAD provider

    clientId string
    The Client ID for the application.
    description string
    A description of the application, as shown to end users.
    deviceOnlyAuthEnabled boolean
    Specifies whether this application supports device authentication without a user. Defaults to false.
    disabledByMicrosoft string
    Whether Microsoft has disabled the registered application. If the application is disabled, this will be a string indicating the status/reason, e.g. DisabledDueToViolationOfServicesAgreement
    displayName string
    The display name for the application.
    fallbackPublicClientEnabled boolean
    Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI. Defaults to false.
    featureTags ApplicationFeatureTag[]

    A feature_tags block as described below. Cannot be used together with the tags property.

    Features and Tags Features are configured for an application using tags, and are provided as a shortcut to set the corresponding magic tag value for each feature. You cannot configure feature_tags and tags for an application at the same time, so if you need to assign additional custom tags it's recommended to use the tags property instead. Tag values also propagate to any linked service principals.

    groupMembershipClaims string[]
    A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are None, SecurityGroup, DirectoryRole, ApplicationGroup or All.
    identifierUris string[]
    A set of user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant.
    logoImage string
    A logo image to upload for the application, as a raw base64-encoded string. The image should be in gif, jpeg or png format. Note that once an image has been uploaded, it is not possible to remove it without replacing it with another image.
    logoUrl string
    CDN URL to the application's logo, as uploaded with the logo_image property.
    marketingUrl string
    URL of the application's marketing page.
    notes string
    User-specified notes relevant for the management of the application.
    oauth2PermissionScopeIds {[key: string]: string}
    A mapping of OAuth2.0 permission scope values to scope IDs, intended to be useful when referencing permission scopes in other resources in your configuration.
    oauth2PostResponseRequired boolean
    Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests. Defaults to false, which specifies that only GET requests are allowed.
    objectId string
    The application's object ID.
    optionalClaims ApplicationOptionalClaims
    An optional_claims block as documented below.
    owners string[]
    A list of object IDs of principals that will be granted ownership of the application
    password ApplicationPassword

    A single password block as documented below. The password is generated during creation. By default, no password is generated.

    Creating a Password The password block supports a single password for the application, and is provided so that a password can be generated when a new application is created. This helps to make new applications available for authentication more quickly. To add additional passwords to an application, see the azuread.ApplicationPassword resource.

    preventDuplicateNames boolean
    If true, will return an error if an existing application is found with the same name. Defaults to false.
    privacyStatementUrl string
    URL of the application's privacy statement.
    publicClient ApplicationPublicClient
    A public_client block as documented below, which configures non-web app or non-web API application settings, for example mobile or other public clients such as an installed application running on a desktop device.
    publisherDomain string
    The verified publisher domain for the application.
    requiredResourceAccesses ApplicationRequiredResourceAccess[]
    A collection of required_resource_access blocks as documented below.
    serviceManagementReference string
    References application context information from a Service or Asset Management database.
    signInAudience string

    The Microsoft account types that are supported for the current application. Must be one of AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount. Defaults to AzureADMyOrg.

    Changing sign_in_audience for existing applications When updating an existing application to use a sign_in_audience value of AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount, your configuration may no longer be valid. Refer to official documentation to understand the differences in supported configurations. Where possible, the provider will attempt to validate your configuration and try to avoid applying unsupported settings to your application.

    singlePageApplication ApplicationSinglePageApplication
    A single_page_application block as documented below, which configures single-page application (SPA) related settings for this application.
    supportUrl string
    URL of the application's support page.
    tags string[]

    A set of tags to apply to the application for configuring specific behaviours of the application and linked service principals. Note that these are not provided for use by practitioners. Cannot be used together with the feature_tags block.

    Tags and Features Azure Active Directory uses special tag values to configure the behavior of applications. These can be specified using either the tags property or with the feature_tags block. If you need to set any custom tag values not supported by the feature_tags block, it's recommended to use the tags property. Tag values also propagate to any linked service principals.

    templateId string

    Unique ID for a templated application in the Azure AD App Gallery, from which to create the application. Changing this forces a new resource to be created.

    Tip for Gallery Applications This resource can be used to instantiate a gallery application, however it will also attempt to manage the properties of the resulting application. If this is not desired, consider using the azuread.ApplicationRegistration resource instead.

    termsOfServiceUrl string
    URL of the application's terms of service statement.
    web ApplicationWeb

    A web block as documented below, which configures web related settings for this application.

    Application Name Uniqueness Application names are not unique within Azure Active Directory. Use the prevent_duplicate_names argument to check for existing applications if you want to avoid name collisions.

    api ApplicationApiArgs
    An api block as documented below, which configures API related settings for this application.
    app_role_ids Mapping[str, str]
    A mapping of app role values to app role IDs, intended to be useful when referencing app roles in other resources in your configuration.
    app_roles Sequence[ApplicationAppRoleArgs]
    A collection of app_role blocks as documented below. For more information see official documentation on Application Roles.
    application_id str
    The Application ID (also called Client ID)

    Deprecated: The application_id attribute has been replaced by the client_id attribute and will be removed in version 3.0 of the AzureAD provider

    client_id str
    The Client ID for the application.
    description str
    A description of the application, as shown to end users.
    device_only_auth_enabled bool
    Specifies whether this application supports device authentication without a user. Defaults to false.
    disabled_by_microsoft str
    Whether Microsoft has disabled the registered application. If the application is disabled, this will be a string indicating the status/reason, e.g. DisabledDueToViolationOfServicesAgreement
    display_name str
    The display name for the application.
    fallback_public_client_enabled bool
    Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI. Defaults to false.
    feature_tags Sequence[ApplicationFeatureTagArgs]

    A feature_tags block as described below. Cannot be used together with the tags property.

    Features and Tags Features are configured for an application using tags, and are provided as a shortcut to set the corresponding magic tag value for each feature. You cannot configure feature_tags and tags for an application at the same time, so if you need to assign additional custom tags it's recommended to use the tags property instead. Tag values also propagate to any linked service principals.

    group_membership_claims Sequence[str]
    A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are None, SecurityGroup, DirectoryRole, ApplicationGroup or All.
    identifier_uris Sequence[str]
    A set of user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant.
    logo_image str
    A logo image to upload for the application, as a raw base64-encoded string. The image should be in gif, jpeg or png format. Note that once an image has been uploaded, it is not possible to remove it without replacing it with another image.
    logo_url str
    CDN URL to the application's logo, as uploaded with the logo_image property.
    marketing_url str
    URL of the application's marketing page.
    notes str
    User-specified notes relevant for the management of the application.
    oauth2_permission_scope_ids Mapping[str, str]
    A mapping of OAuth2.0 permission scope values to scope IDs, intended to be useful when referencing permission scopes in other resources in your configuration.
    oauth2_post_response_required bool
    Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests. Defaults to false, which specifies that only GET requests are allowed.
    object_id str
    The application's object ID.
    optional_claims ApplicationOptionalClaimsArgs
    An optional_claims block as documented below.
    owners Sequence[str]
    A list of object IDs of principals that will be granted ownership of the application
    password ApplicationPasswordArgs

    A single password block as documented below. The password is generated during creation. By default, no password is generated.

    Creating a Password The password block supports a single password for the application, and is provided so that a password can be generated when a new application is created. This helps to make new applications available for authentication more quickly. To add additional passwords to an application, see the azuread.ApplicationPassword resource.

    prevent_duplicate_names bool
    If true, will return an error if an existing application is found with the same name. Defaults to false.
    privacy_statement_url str
    URL of the application's privacy statement.
    public_client ApplicationPublicClientArgs
    A public_client block as documented below, which configures non-web app or non-web API application settings, for example mobile or other public clients such as an installed application running on a desktop device.
    publisher_domain str
    The verified publisher domain for the application.
    required_resource_accesses Sequence[ApplicationRequiredResourceAccessArgs]
    A collection of required_resource_access blocks as documented below.
    service_management_reference str
    References application context information from a Service or Asset Management database.
    sign_in_audience str

    The Microsoft account types that are supported for the current application. Must be one of AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount. Defaults to AzureADMyOrg.

    Changing sign_in_audience for existing applications When updating an existing application to use a sign_in_audience value of AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount, your configuration may no longer be valid. Refer to official documentation to understand the differences in supported configurations. Where possible, the provider will attempt to validate your configuration and try to avoid applying unsupported settings to your application.

    single_page_application ApplicationSinglePageApplicationArgs
    A single_page_application block as documented below, which configures single-page application (SPA) related settings for this application.
    support_url str
    URL of the application's support page.
    tags Sequence[str]

    A set of tags to apply to the application for configuring specific behaviours of the application and linked service principals. Note that these are not provided for use by practitioners. Cannot be used together with the feature_tags block.

    Tags and Features Azure Active Directory uses special tag values to configure the behavior of applications. These can be specified using either the tags property or with the feature_tags block. If you need to set any custom tag values not supported by the feature_tags block, it's recommended to use the tags property. Tag values also propagate to any linked service principals.

    template_id str

    Unique ID for a templated application in the Azure AD App Gallery, from which to create the application. Changing this forces a new resource to be created.

    Tip for Gallery Applications This resource can be used to instantiate a gallery application, however it will also attempt to manage the properties of the resulting application. If this is not desired, consider using the azuread.ApplicationRegistration resource instead.

    terms_of_service_url str
    URL of the application's terms of service statement.
    web ApplicationWebArgs

    A web block as documented below, which configures web related settings for this application.

    Application Name Uniqueness Application names are not unique within Azure Active Directory. Use the prevent_duplicate_names argument to check for existing applications if you want to avoid name collisions.

    api Property Map
    An api block as documented below, which configures API related settings for this application.
    appRoleIds Map<String>
    A mapping of app role values to app role IDs, intended to be useful when referencing app roles in other resources in your configuration.
    appRoles List<Property Map>
    A collection of app_role blocks as documented below. For more information see official documentation on Application Roles.
    applicationId String
    The Application ID (also called Client ID)

    Deprecated: The application_id attribute has been replaced by the client_id attribute and will be removed in version 3.0 of the AzureAD provider

    clientId String
    The Client ID for the application.
    description String
    A description of the application, as shown to end users.
    deviceOnlyAuthEnabled Boolean
    Specifies whether this application supports device authentication without a user. Defaults to false.
    disabledByMicrosoft String
    Whether Microsoft has disabled the registered application. If the application is disabled, this will be a string indicating the status/reason, e.g. DisabledDueToViolationOfServicesAgreement
    displayName String
    The display name for the application.
    fallbackPublicClientEnabled Boolean
    Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI. Defaults to false.
    featureTags List<Property Map>

    A feature_tags block as described below. Cannot be used together with the tags property.

    Features and Tags Features are configured for an application using tags, and are provided as a shortcut to set the corresponding magic tag value for each feature. You cannot configure feature_tags and tags for an application at the same time, so if you need to assign additional custom tags it's recommended to use the tags property instead. Tag values also propagate to any linked service principals.

    groupMembershipClaims List<String>
    A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are None, SecurityGroup, DirectoryRole, ApplicationGroup or All.
    identifierUris List<String>
    A set of user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant.
    logoImage String
    A logo image to upload for the application, as a raw base64-encoded string. The image should be in gif, jpeg or png format. Note that once an image has been uploaded, it is not possible to remove it without replacing it with another image.
    logoUrl String
    CDN URL to the application's logo, as uploaded with the logo_image property.
    marketingUrl String
    URL of the application's marketing page.
    notes String
    User-specified notes relevant for the management of the application.
    oauth2PermissionScopeIds Map<String>
    A mapping of OAuth2.0 permission scope values to scope IDs, intended to be useful when referencing permission scopes in other resources in your configuration.
    oauth2PostResponseRequired Boolean
    Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests. Defaults to false, which specifies that only GET requests are allowed.
    objectId String
    The application's object ID.
    optionalClaims Property Map
    An optional_claims block as documented below.
    owners List<String>
    A list of object IDs of principals that will be granted ownership of the application
    password Property Map

    A single password block as documented below. The password is generated during creation. By default, no password is generated.

    Creating a Password The password block supports a single password for the application, and is provided so that a password can be generated when a new application is created. This helps to make new applications available for authentication more quickly. To add additional passwords to an application, see the azuread.ApplicationPassword resource.

    preventDuplicateNames Boolean
    If true, will return an error if an existing application is found with the same name. Defaults to false.
    privacyStatementUrl String
    URL of the application's privacy statement.
    publicClient Property Map
    A public_client block as documented below, which configures non-web app or non-web API application settings, for example mobile or other public clients such as an installed application running on a desktop device.
    publisherDomain String
    The verified publisher domain for the application.
    requiredResourceAccesses List<Property Map>
    A collection of required_resource_access blocks as documented below.
    serviceManagementReference String
    References application context information from a Service or Asset Management database.
    signInAudience String

    The Microsoft account types that are supported for the current application. Must be one of AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount. Defaults to AzureADMyOrg.

    Changing sign_in_audience for existing applications When updating an existing application to use a sign_in_audience value of AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount, your configuration may no longer be valid. Refer to official documentation to understand the differences in supported configurations. Where possible, the provider will attempt to validate your configuration and try to avoid applying unsupported settings to your application.

    singlePageApplication Property Map
    A single_page_application block as documented below, which configures single-page application (SPA) related settings for this application.
    supportUrl String
    URL of the application's support page.
    tags List<String>

    A set of tags to apply to the application for configuring specific behaviours of the application and linked service principals. Note that these are not provided for use by practitioners. Cannot be used together with the feature_tags block.

    Tags and Features Azure Active Directory uses special tag values to configure the behavior of applications. These can be specified using either the tags property or with the feature_tags block. If you need to set any custom tag values not supported by the feature_tags block, it's recommended to use the tags property. Tag values also propagate to any linked service principals.

    templateId String

    Unique ID for a templated application in the Azure AD App Gallery, from which to create the application. Changing this forces a new resource to be created.

    Tip for Gallery Applications This resource can be used to instantiate a gallery application, however it will also attempt to manage the properties of the resulting application. If this is not desired, consider using the azuread.ApplicationRegistration resource instead.

    termsOfServiceUrl String
    URL of the application's terms of service statement.
    web Property Map

    A web block as documented below, which configures web related settings for this application.

    Application Name Uniqueness Application names are not unique within Azure Active Directory. Use the prevent_duplicate_names argument to check for existing applications if you want to avoid name collisions.

    Supporting Types

    ApplicationApi, ApplicationApiArgs

    KnownClientApplications List<string>
    A set of application IDs (client IDs), used for bundling consent if you have a solution that contains two parts: a client app and a custom web API app.
    MappedClaimsEnabled bool
    Allows an application to use claims mapping without specifying a custom signing key. Defaults to false.
    Oauth2PermissionScopes List<Pulumi.AzureAD.Inputs.ApplicationApiOauth2PermissionScope>
    One or more oauth2_permission_scope blocks as documented below, to describe delegated permissions exposed by the web API represented by this application.
    RequestedAccessTokenVersion int
    The access token version expected by this resource. Must be one of 1 or 2, and must be 2 when sign_in_audience is either AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount Defaults to 1.
    KnownClientApplications []string
    A set of application IDs (client IDs), used for bundling consent if you have a solution that contains two parts: a client app and a custom web API app.
    MappedClaimsEnabled bool
    Allows an application to use claims mapping without specifying a custom signing key. Defaults to false.
    Oauth2PermissionScopes []ApplicationApiOauth2PermissionScope
    One or more oauth2_permission_scope blocks as documented below, to describe delegated permissions exposed by the web API represented by this application.
    RequestedAccessTokenVersion int
    The access token version expected by this resource. Must be one of 1 or 2, and must be 2 when sign_in_audience is either AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount Defaults to 1.
    knownClientApplications List<String>
    A set of application IDs (client IDs), used for bundling consent if you have a solution that contains two parts: a client app and a custom web API app.
    mappedClaimsEnabled Boolean
    Allows an application to use claims mapping without specifying a custom signing key. Defaults to false.
    oauth2PermissionScopes List<ApplicationApiOauth2PermissionScope>
    One or more oauth2_permission_scope blocks as documented below, to describe delegated permissions exposed by the web API represented by this application.
    requestedAccessTokenVersion Integer
    The access token version expected by this resource. Must be one of 1 or 2, and must be 2 when sign_in_audience is either AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount Defaults to 1.
    knownClientApplications string[]
    A set of application IDs (client IDs), used for bundling consent if you have a solution that contains two parts: a client app and a custom web API app.
    mappedClaimsEnabled boolean
    Allows an application to use claims mapping without specifying a custom signing key. Defaults to false.
    oauth2PermissionScopes ApplicationApiOauth2PermissionScope[]
    One or more oauth2_permission_scope blocks as documented below, to describe delegated permissions exposed by the web API represented by this application.
    requestedAccessTokenVersion number
    The access token version expected by this resource. Must be one of 1 or 2, and must be 2 when sign_in_audience is either AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount Defaults to 1.
    known_client_applications Sequence[str]
    A set of application IDs (client IDs), used for bundling consent if you have a solution that contains two parts: a client app and a custom web API app.
    mapped_claims_enabled bool
    Allows an application to use claims mapping without specifying a custom signing key. Defaults to false.
    oauth2_permission_scopes Sequence[ApplicationApiOauth2PermissionScope]
    One or more oauth2_permission_scope blocks as documented below, to describe delegated permissions exposed by the web API represented by this application.
    requested_access_token_version int
    The access token version expected by this resource. Must be one of 1 or 2, and must be 2 when sign_in_audience is either AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount Defaults to 1.
    knownClientApplications List<String>
    A set of application IDs (client IDs), used for bundling consent if you have a solution that contains two parts: a client app and a custom web API app.
    mappedClaimsEnabled Boolean
    Allows an application to use claims mapping without specifying a custom signing key. Defaults to false.
    oauth2PermissionScopes List<Property Map>
    One or more oauth2_permission_scope blocks as documented below, to describe delegated permissions exposed by the web API represented by this application.
    requestedAccessTokenVersion Number
    The access token version expected by this resource. Must be one of 1 or 2, and must be 2 when sign_in_audience is either AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount Defaults to 1.

    ApplicationApiOauth2PermissionScope, ApplicationApiOauth2PermissionScopeArgs

    Id string

    The unique identifier of the delegated permission. Must be a valid UUID.

    Tip: Generating a UUID for the id field To generate a value for the id field in cases where the actual UUID is not important, you can use the random_uuid resource. See the application example in the provider repository.

    AdminConsentDescription string
    Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users.
    AdminConsentDisplayName string
    Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users.
    Enabled bool
    Determines if the permission scope is enabled. Defaults to true.
    Type string
    Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions. Defaults to User. Possible values are User or Admin.
    UserConsentDescription string
    Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf.
    UserConsentDisplayName string
    Display name for the delegated permission that appears in the end user consent experience.
    Value string
    The value that is used for the scp claim in OAuth 2.0 access tokens
    Id string

    The unique identifier of the delegated permission. Must be a valid UUID.

    Tip: Generating a UUID for the id field To generate a value for the id field in cases where the actual UUID is not important, you can use the random_uuid resource. See the application example in the provider repository.

    AdminConsentDescription string
    Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users.
    AdminConsentDisplayName string
    Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users.
    Enabled bool
    Determines if the permission scope is enabled. Defaults to true.
    Type string
    Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions. Defaults to User. Possible values are User or Admin.
    UserConsentDescription string
    Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf.
    UserConsentDisplayName string
    Display name for the delegated permission that appears in the end user consent experience.
    Value string
    The value that is used for the scp claim in OAuth 2.0 access tokens
    id String

    The unique identifier of the delegated permission. Must be a valid UUID.

    Tip: Generating a UUID for the id field To generate a value for the id field in cases where the actual UUID is not important, you can use the random_uuid resource. See the application example in the provider repository.

    adminConsentDescription String
    Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users.
    adminConsentDisplayName String
    Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users.
    enabled Boolean
    Determines if the permission scope is enabled. Defaults to true.
    type String
    Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions. Defaults to User. Possible values are User or Admin.
    userConsentDescription String
    Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf.
    userConsentDisplayName String
    Display name for the delegated permission that appears in the end user consent experience.
    value String
    The value that is used for the scp claim in OAuth 2.0 access tokens
    id string

    The unique identifier of the delegated permission. Must be a valid UUID.

    Tip: Generating a UUID for the id field To generate a value for the id field in cases where the actual UUID is not important, you can use the random_uuid resource. See the application example in the provider repository.

    adminConsentDescription string
    Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users.
    adminConsentDisplayName string
    Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users.
    enabled boolean
    Determines if the permission scope is enabled. Defaults to true.
    type string
    Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions. Defaults to User. Possible values are User or Admin.
    userConsentDescription string
    Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf.
    userConsentDisplayName string
    Display name for the delegated permission that appears in the end user consent experience.
    value string
    The value that is used for the scp claim in OAuth 2.0 access tokens
    id str

    The unique identifier of the delegated permission. Must be a valid UUID.

    Tip: Generating a UUID for the id field To generate a value for the id field in cases where the actual UUID is not important, you can use the random_uuid resource. See the application example in the provider repository.

    admin_consent_description str
    Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users.
    admin_consent_display_name str
    Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users.
    enabled bool
    Determines if the permission scope is enabled. Defaults to true.
    type str
    Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions. Defaults to User. Possible values are User or Admin.
    user_consent_description str
    Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf.
    user_consent_display_name str
    Display name for the delegated permission that appears in the end user consent experience.
    value str
    The value that is used for the scp claim in OAuth 2.0 access tokens
    id String

    The unique identifier of the delegated permission. Must be a valid UUID.

    Tip: Generating a UUID for the id field To generate a value for the id field in cases where the actual UUID is not important, you can use the random_uuid resource. See the application example in the provider repository.

    adminConsentDescription String
    Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users.
    adminConsentDisplayName String
    Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users.
    enabled Boolean
    Determines if the permission scope is enabled. Defaults to true.
    type String
    Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions. Defaults to User. Possible values are User or Admin.
    userConsentDescription String
    Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf.
    userConsentDisplayName String
    Display name for the delegated permission that appears in the end user consent experience.
    value String
    The value that is used for the scp claim in OAuth 2.0 access tokens

    ApplicationAppRole, ApplicationAppRoleArgs

    AllowedMemberTypes List<string>
    Specifies whether this app role definition can be assigned to users and groups by setting to User, or to other applications (that are accessing this application in a standalone scenario) by setting to Application, or to both.
    Description string
    Description of the app role that appears when the role is being assigned and, if the role functions as an application permissions, during the consent experiences.
    DisplayName string
    Display name for the app role that appears during app role assignment and in consent experiences.
    Id string

    The unique identifier of the app role. Must be a valid UUID.

    Tip: Generating a UUID for the id field To generate a value for the id field in cases where the actual UUID is not important, you can use the random_uuid resource. See the application example in the provider repository.

    Enabled bool
    Determines if the app role is enabled. Defaults to true.
    Value string
    The value that is used for the roles claim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal
    AllowedMemberTypes []string
    Specifies whether this app role definition can be assigned to users and groups by setting to User, or to other applications (that are accessing this application in a standalone scenario) by setting to Application, or to both.
    Description string
    Description of the app role that appears when the role is being assigned and, if the role functions as an application permissions, during the consent experiences.
    DisplayName string
    Display name for the app role that appears during app role assignment and in consent experiences.
    Id string

    The unique identifier of the app role. Must be a valid UUID.

    Tip: Generating a UUID for the id field To generate a value for the id field in cases where the actual UUID is not important, you can use the random_uuid resource. See the application example in the provider repository.

    Enabled bool
    Determines if the app role is enabled. Defaults to true.
    Value string
    The value that is used for the roles claim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal
    allowedMemberTypes List<String>
    Specifies whether this app role definition can be assigned to users and groups by setting to User, or to other applications (that are accessing this application in a standalone scenario) by setting to Application, or to both.
    description String
    Description of the app role that appears when the role is being assigned and, if the role functions as an application permissions, during the consent experiences.
    displayName String
    Display name for the app role that appears during app role assignment and in consent experiences.
    id String

    The unique identifier of the app role. Must be a valid UUID.

    Tip: Generating a UUID for the id field To generate a value for the id field in cases where the actual UUID is not important, you can use the random_uuid resource. See the application example in the provider repository.

    enabled Boolean
    Determines if the app role is enabled. Defaults to true.
    value String
    The value that is used for the roles claim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal
    allowedMemberTypes string[]
    Specifies whether this app role definition can be assigned to users and groups by setting to User, or to other applications (that are accessing this application in a standalone scenario) by setting to Application, or to both.
    description string
    Description of the app role that appears when the role is being assigned and, if the role functions as an application permissions, during the consent experiences.
    displayName string
    Display name for the app role that appears during app role assignment and in consent experiences.
    id string

    The unique identifier of the app role. Must be a valid UUID.

    Tip: Generating a UUID for the id field To generate a value for the id field in cases where the actual UUID is not important, you can use the random_uuid resource. See the application example in the provider repository.

    enabled boolean
    Determines if the app role is enabled. Defaults to true.
    value string
    The value that is used for the roles claim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal
    allowed_member_types Sequence[str]
    Specifies whether this app role definition can be assigned to users and groups by setting to User, or to other applications (that are accessing this application in a standalone scenario) by setting to Application, or to both.
    description str
    Description of the app role that appears when the role is being assigned and, if the role functions as an application permissions, during the consent experiences.
    display_name str
    Display name for the app role that appears during app role assignment and in consent experiences.
    id str

    The unique identifier of the app role. Must be a valid UUID.

    Tip: Generating a UUID for the id field To generate a value for the id field in cases where the actual UUID is not important, you can use the random_uuid resource. See the application example in the provider repository.

    enabled bool
    Determines if the app role is enabled. Defaults to true.
    value str
    The value that is used for the roles claim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal
    allowedMemberTypes List<String>
    Specifies whether this app role definition can be assigned to users and groups by setting to User, or to other applications (that are accessing this application in a standalone scenario) by setting to Application, or to both.
    description String
    Description of the app role that appears when the role is being assigned and, if the role functions as an application permissions, during the consent experiences.
    displayName String
    Display name for the app role that appears during app role assignment and in consent experiences.
    id String

    The unique identifier of the app role. Must be a valid UUID.

    Tip: Generating a UUID for the id field To generate a value for the id field in cases where the actual UUID is not important, you can use the random_uuid resource. See the application example in the provider repository.

    enabled Boolean
    Determines if the app role is enabled. Defaults to true.
    value String
    The value that is used for the roles claim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal

    ApplicationFeatureTag, ApplicationFeatureTagArgs

    CustomSingleSignOn bool
    Whether this application represents a custom SAML application for linked service principals. Enabling this will assign the WindowsAzureActiveDirectoryCustomSingleSignOnApplication tag. Defaults to false.
    Enterprise bool
    Whether this application represents an Enterprise Application for linked service principals. Enabling this will assign the WindowsAzureActiveDirectoryIntegratedApp tag. Defaults to false.
    Gallery bool
    Whether this application represents a gallery application for linked service principals. Enabling this will assign the WindowsAzureActiveDirectoryGalleryApplicationNonPrimaryV1 tag. Defaults to false.
    Hide bool
    Whether this app is invisible to users in My Apps and Office 365 Launcher. Enabling this will assign the HideApp tag. Defaults to false.
    CustomSingleSignOn bool
    Whether this application represents a custom SAML application for linked service principals. Enabling this will assign the WindowsAzureActiveDirectoryCustomSingleSignOnApplication tag. Defaults to false.
    Enterprise bool
    Whether this application represents an Enterprise Application for linked service principals. Enabling this will assign the WindowsAzureActiveDirectoryIntegratedApp tag. Defaults to false.
    Gallery bool
    Whether this application represents a gallery application for linked service principals. Enabling this will assign the WindowsAzureActiveDirectoryGalleryApplicationNonPrimaryV1 tag. Defaults to false.
    Hide bool
    Whether this app is invisible to users in My Apps and Office 365 Launcher. Enabling this will assign the HideApp tag. Defaults to false.
    customSingleSignOn Boolean
    Whether this application represents a custom SAML application for linked service principals. Enabling this will assign the WindowsAzureActiveDirectoryCustomSingleSignOnApplication tag. Defaults to false.
    enterprise Boolean
    Whether this application represents an Enterprise Application for linked service principals. Enabling this will assign the WindowsAzureActiveDirectoryIntegratedApp tag. Defaults to false.
    gallery Boolean
    Whether this application represents a gallery application for linked service principals. Enabling this will assign the WindowsAzureActiveDirectoryGalleryApplicationNonPrimaryV1 tag. Defaults to false.
    hide Boolean
    Whether this app is invisible to users in My Apps and Office 365 Launcher. Enabling this will assign the HideApp tag. Defaults to false.
    customSingleSignOn boolean
    Whether this application represents a custom SAML application for linked service principals. Enabling this will assign the WindowsAzureActiveDirectoryCustomSingleSignOnApplication tag. Defaults to false.
    enterprise boolean
    Whether this application represents an Enterprise Application for linked service principals. Enabling this will assign the WindowsAzureActiveDirectoryIntegratedApp tag. Defaults to false.
    gallery boolean
    Whether this application represents a gallery application for linked service principals. Enabling this will assign the WindowsAzureActiveDirectoryGalleryApplicationNonPrimaryV1 tag. Defaults to false.
    hide boolean
    Whether this app is invisible to users in My Apps and Office 365 Launcher. Enabling this will assign the HideApp tag. Defaults to false.
    custom_single_sign_on bool
    Whether this application represents a custom SAML application for linked service principals. Enabling this will assign the WindowsAzureActiveDirectoryCustomSingleSignOnApplication tag. Defaults to false.
    enterprise bool
    Whether this application represents an Enterprise Application for linked service principals. Enabling this will assign the WindowsAzureActiveDirectoryIntegratedApp tag. Defaults to false.
    gallery bool
    Whether this application represents a gallery application for linked service principals. Enabling this will assign the WindowsAzureActiveDirectoryGalleryApplicationNonPrimaryV1 tag. Defaults to false.
    hide bool
    Whether this app is invisible to users in My Apps and Office 365 Launcher. Enabling this will assign the HideApp tag. Defaults to false.
    customSingleSignOn Boolean
    Whether this application represents a custom SAML application for linked service principals. Enabling this will assign the WindowsAzureActiveDirectoryCustomSingleSignOnApplication tag. Defaults to false.
    enterprise Boolean
    Whether this application represents an Enterprise Application for linked service principals. Enabling this will assign the WindowsAzureActiveDirectoryIntegratedApp tag. Defaults to false.
    gallery Boolean
    Whether this application represents a gallery application for linked service principals. Enabling this will assign the WindowsAzureActiveDirectoryGalleryApplicationNonPrimaryV1 tag. Defaults to false.
    hide Boolean
    Whether this app is invisible to users in My Apps and Office 365 Launcher. Enabling this will assign the HideApp tag. Defaults to false.

    ApplicationOptionalClaims, ApplicationOptionalClaimsArgs

    AccessTokens List<Pulumi.AzureAD.Inputs.ApplicationOptionalClaimsAccessToken>
    One or more access_token blocks as documented below.
    IdTokens List<Pulumi.AzureAD.Inputs.ApplicationOptionalClaimsIdToken>
    One or more id_token blocks as documented below.
    Saml2Tokens List<Pulumi.AzureAD.Inputs.ApplicationOptionalClaimsSaml2Token>
    One or more saml2_token blocks as documented below.
    AccessTokens []ApplicationOptionalClaimsAccessToken
    One or more access_token blocks as documented below.
    IdTokens []ApplicationOptionalClaimsIdToken
    One or more id_token blocks as documented below.
    Saml2Tokens []ApplicationOptionalClaimsSaml2Token
    One or more saml2_token blocks as documented below.
    accessTokens List<ApplicationOptionalClaimsAccessToken>
    One or more access_token blocks as documented below.
    idTokens List<ApplicationOptionalClaimsIdToken>
    One or more id_token blocks as documented below.
    saml2Tokens List<ApplicationOptionalClaimsSaml2Token>
    One or more saml2_token blocks as documented below.
    accessTokens ApplicationOptionalClaimsAccessToken[]
    One or more access_token blocks as documented below.
    idTokens ApplicationOptionalClaimsIdToken[]
    One or more id_token blocks as documented below.
    saml2Tokens ApplicationOptionalClaimsSaml2Token[]
    One or more saml2_token blocks as documented below.
    access_tokens Sequence[ApplicationOptionalClaimsAccessToken]
    One or more access_token blocks as documented below.
    id_tokens Sequence[ApplicationOptionalClaimsIdToken]
    One or more id_token blocks as documented below.
    saml2_tokens Sequence[ApplicationOptionalClaimsSaml2Token]
    One or more saml2_token blocks as documented below.
    accessTokens List<Property Map>
    One or more access_token blocks as documented below.
    idTokens List<Property Map>
    One or more id_token blocks as documented below.
    saml2Tokens List<Property Map>
    One or more saml2_token blocks as documented below.

    ApplicationOptionalClaimsAccessToken, ApplicationOptionalClaimsAccessTokenArgs

    Name string
    The name of the optional claim.
    AdditionalProperties List<string>
    List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are: cloud_displayname, dns_domain_and_sam_account_name, emit_as_roles, include_externally_authenticated_upn_without_hash, include_externally_authenticated_upn, max_size_limit, netbios_domain_and_sam_account_name, on_premise_security_identifier, sam_account_name, and use_guid.
    Essential bool
    Whether the claim specified by the client is necessary to ensure a smooth authorization experience.
    Source string
    The source of the claim. If source is absent, the claim is a predefined optional claim. If source is user, the value of name is the extension property from the user object.
    Name string
    The name of the optional claim.
    AdditionalProperties []string
    List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are: cloud_displayname, dns_domain_and_sam_account_name, emit_as_roles, include_externally_authenticated_upn_without_hash, include_externally_authenticated_upn, max_size_limit, netbios_domain_and_sam_account_name, on_premise_security_identifier, sam_account_name, and use_guid.
    Essential bool
    Whether the claim specified by the client is necessary to ensure a smooth authorization experience.
    Source string
    The source of the claim. If source is absent, the claim is a predefined optional claim. If source is user, the value of name is the extension property from the user object.
    name String
    The name of the optional claim.
    additionalProperties List<String>
    List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are: cloud_displayname, dns_domain_and_sam_account_name, emit_as_roles, include_externally_authenticated_upn_without_hash, include_externally_authenticated_upn, max_size_limit, netbios_domain_and_sam_account_name, on_premise_security_identifier, sam_account_name, and use_guid.
    essential Boolean
    Whether the claim specified by the client is necessary to ensure a smooth authorization experience.
    source String
    The source of the claim. If source is absent, the claim is a predefined optional claim. If source is user, the value of name is the extension property from the user object.
    name string
    The name of the optional claim.
    additionalProperties string[]
    List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are: cloud_displayname, dns_domain_and_sam_account_name, emit_as_roles, include_externally_authenticated_upn_without_hash, include_externally_authenticated_upn, max_size_limit, netbios_domain_and_sam_account_name, on_premise_security_identifier, sam_account_name, and use_guid.
    essential boolean
    Whether the claim specified by the client is necessary to ensure a smooth authorization experience.
    source string
    The source of the claim. If source is absent, the claim is a predefined optional claim. If source is user, the value of name is the extension property from the user object.
    name str
    The name of the optional claim.
    additional_properties Sequence[str]
    List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are: cloud_displayname, dns_domain_and_sam_account_name, emit_as_roles, include_externally_authenticated_upn_without_hash, include_externally_authenticated_upn, max_size_limit, netbios_domain_and_sam_account_name, on_premise_security_identifier, sam_account_name, and use_guid.
    essential bool
    Whether the claim specified by the client is necessary to ensure a smooth authorization experience.
    source str
    The source of the claim. If source is absent, the claim is a predefined optional claim. If source is user, the value of name is the extension property from the user object.
    name String
    The name of the optional claim.
    additionalProperties List<String>
    List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are: cloud_displayname, dns_domain_and_sam_account_name, emit_as_roles, include_externally_authenticated_upn_without_hash, include_externally_authenticated_upn, max_size_limit, netbios_domain_and_sam_account_name, on_premise_security_identifier, sam_account_name, and use_guid.
    essential Boolean
    Whether the claim specified by the client is necessary to ensure a smooth authorization experience.
    source String
    The source of the claim. If source is absent, the claim is a predefined optional claim. If source is user, the value of name is the extension property from the user object.

    ApplicationOptionalClaimsIdToken, ApplicationOptionalClaimsIdTokenArgs

    Name string
    The name of the optional claim.
    AdditionalProperties List<string>
    List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are: cloud_displayname, dns_domain_and_sam_account_name, emit_as_roles, include_externally_authenticated_upn_without_hash, include_externally_authenticated_upn, max_size_limit, netbios_domain_and_sam_account_name, on_premise_security_identifier, sam_account_name, and use_guid.
    Essential bool
    Whether the claim specified by the client is necessary to ensure a smooth authorization experience.
    Source string
    The source of the claim. If source is absent, the claim is a predefined optional claim. If source is user, the value of name is the extension property from the user object.
    Name string
    The name of the optional claim.
    AdditionalProperties []string
    List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are: cloud_displayname, dns_domain_and_sam_account_name, emit_as_roles, include_externally_authenticated_upn_without_hash, include_externally_authenticated_upn, max_size_limit, netbios_domain_and_sam_account_name, on_premise_security_identifier, sam_account_name, and use_guid.
    Essential bool
    Whether the claim specified by the client is necessary to ensure a smooth authorization experience.
    Source string
    The source of the claim. If source is absent, the claim is a predefined optional claim. If source is user, the value of name is the extension property from the user object.
    name String
    The name of the optional claim.
    additionalProperties List<String>
    List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are: cloud_displayname, dns_domain_and_sam_account_name, emit_as_roles, include_externally_authenticated_upn_without_hash, include_externally_authenticated_upn, max_size_limit, netbios_domain_and_sam_account_name, on_premise_security_identifier, sam_account_name, and use_guid.
    essential Boolean
    Whether the claim specified by the client is necessary to ensure a smooth authorization experience.
    source String
    The source of the claim. If source is absent, the claim is a predefined optional claim. If source is user, the value of name is the extension property from the user object.
    name string
    The name of the optional claim.
    additionalProperties string[]
    List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are: cloud_displayname, dns_domain_and_sam_account_name, emit_as_roles, include_externally_authenticated_upn_without_hash, include_externally_authenticated_upn, max_size_limit, netbios_domain_and_sam_account_name, on_premise_security_identifier, sam_account_name, and use_guid.
    essential boolean
    Whether the claim specified by the client is necessary to ensure a smooth authorization experience.
    source string
    The source of the claim. If source is absent, the claim is a predefined optional claim. If source is user, the value of name is the extension property from the user object.
    name str
    The name of the optional claim.
    additional_properties Sequence[str]
    List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are: cloud_displayname, dns_domain_and_sam_account_name, emit_as_roles, include_externally_authenticated_upn_without_hash, include_externally_authenticated_upn, max_size_limit, netbios_domain_and_sam_account_name, on_premise_security_identifier, sam_account_name, and use_guid.
    essential bool
    Whether the claim specified by the client is necessary to ensure a smooth authorization experience.
    source str
    The source of the claim. If source is absent, the claim is a predefined optional claim. If source is user, the value of name is the extension property from the user object.
    name String
    The name of the optional claim.
    additionalProperties List<String>
    List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are: cloud_displayname, dns_domain_and_sam_account_name, emit_as_roles, include_externally_authenticated_upn_without_hash, include_externally_authenticated_upn, max_size_limit, netbios_domain_and_sam_account_name, on_premise_security_identifier, sam_account_name, and use_guid.
    essential Boolean
    Whether the claim specified by the client is necessary to ensure a smooth authorization experience.
    source String
    The source of the claim. If source is absent, the claim is a predefined optional claim. If source is user, the value of name is the extension property from the user object.

    ApplicationOptionalClaimsSaml2Token, ApplicationOptionalClaimsSaml2TokenArgs

    Name string
    The name of the optional claim.
    AdditionalProperties List<string>
    List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are: cloud_displayname, dns_domain_and_sam_account_name, emit_as_roles, include_externally_authenticated_upn_without_hash, include_externally_authenticated_upn, max_size_limit, netbios_domain_and_sam_account_name, on_premise_security_identifier, sam_account_name, and use_guid.
    Essential bool
    Whether the claim specified by the client is necessary to ensure a smooth authorization experience.
    Source string
    The source of the claim. If source is absent, the claim is a predefined optional claim. If source is user, the value of name is the extension property from the user object.
    Name string
    The name of the optional claim.
    AdditionalProperties []string
    List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are: cloud_displayname, dns_domain_and_sam_account_name, emit_as_roles, include_externally_authenticated_upn_without_hash, include_externally_authenticated_upn, max_size_limit, netbios_domain_and_sam_account_name, on_premise_security_identifier, sam_account_name, and use_guid.
    Essential bool
    Whether the claim specified by the client is necessary to ensure a smooth authorization experience.
    Source string
    The source of the claim. If source is absent, the claim is a predefined optional claim. If source is user, the value of name is the extension property from the user object.
    name String
    The name of the optional claim.
    additionalProperties List<String>
    List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are: cloud_displayname, dns_domain_and_sam_account_name, emit_as_roles, include_externally_authenticated_upn_without_hash, include_externally_authenticated_upn, max_size_limit, netbios_domain_and_sam_account_name, on_premise_security_identifier, sam_account_name, and use_guid.
    essential Boolean
    Whether the claim specified by the client is necessary to ensure a smooth authorization experience.
    source String
    The source of the claim. If source is absent, the claim is a predefined optional claim. If source is user, the value of name is the extension property from the user object.
    name string
    The name of the optional claim.
    additionalProperties string[]
    List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are: cloud_displayname, dns_domain_and_sam_account_name, emit_as_roles, include_externally_authenticated_upn_without_hash, include_externally_authenticated_upn, max_size_limit, netbios_domain_and_sam_account_name, on_premise_security_identifier, sam_account_name, and use_guid.
    essential boolean
    Whether the claim specified by the client is necessary to ensure a smooth authorization experience.
    source string
    The source of the claim. If source is absent, the claim is a predefined optional claim. If source is user, the value of name is the extension property from the user object.
    name str
    The name of the optional claim.
    additional_properties Sequence[str]
    List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are: cloud_displayname, dns_domain_and_sam_account_name, emit_as_roles, include_externally_authenticated_upn_without_hash, include_externally_authenticated_upn, max_size_limit, netbios_domain_and_sam_account_name, on_premise_security_identifier, sam_account_name, and use_guid.
    essential bool
    Whether the claim specified by the client is necessary to ensure a smooth authorization experience.
    source str
    The source of the claim. If source is absent, the claim is a predefined optional claim. If source is user, the value of name is the extension property from the user object.
    name String
    The name of the optional claim.
    additionalProperties List<String>
    List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are: cloud_displayname, dns_domain_and_sam_account_name, emit_as_roles, include_externally_authenticated_upn_without_hash, include_externally_authenticated_upn, max_size_limit, netbios_domain_and_sam_account_name, on_premise_security_identifier, sam_account_name, and use_guid.
    essential Boolean
    Whether the claim specified by the client is necessary to ensure a smooth authorization experience.
    source String
    The source of the claim. If source is absent, the claim is a predefined optional claim. If source is user, the value of name is the extension property from the user object.

    ApplicationPassword, ApplicationPasswordArgs

    DisplayName string
    A display name for the password. Changing this field forces a new resource to be created.
    EndDate string
    The end date until which the password is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). Changing this field forces a new resource to be created.
    KeyId string
    (Required) The unique key ID for the generated password.
    StartDate string
    The start date from which the password is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If this isn't specified, the current date is used. Changing this field forces a new resource to be created.
    Value string
    (Required) The generated password for the application.
    DisplayName string
    A display name for the password. Changing this field forces a new resource to be created.
    EndDate string
    The end date until which the password is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). Changing this field forces a new resource to be created.
    KeyId string
    (Required) The unique key ID for the generated password.
    StartDate string
    The start date from which the password is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If this isn't specified, the current date is used. Changing this field forces a new resource to be created.
    Value string
    (Required) The generated password for the application.
    displayName String
    A display name for the password. Changing this field forces a new resource to be created.
    endDate String
    The end date until which the password is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). Changing this field forces a new resource to be created.
    keyId String
    (Required) The unique key ID for the generated password.
    startDate String
    The start date from which the password is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If this isn't specified, the current date is used. Changing this field forces a new resource to be created.
    value String
    (Required) The generated password for the application.
    displayName string
    A display name for the password. Changing this field forces a new resource to be created.
    endDate string
    The end date until which the password is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). Changing this field forces a new resource to be created.
    keyId string
    (Required) The unique key ID for the generated password.
    startDate string
    The start date from which the password is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If this isn't specified, the current date is used. Changing this field forces a new resource to be created.
    value string
    (Required) The generated password for the application.
    display_name str
    A display name for the password. Changing this field forces a new resource to be created.
    end_date str
    The end date until which the password is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). Changing this field forces a new resource to be created.
    key_id str
    (Required) The unique key ID for the generated password.
    start_date str
    The start date from which the password is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If this isn't specified, the current date is used. Changing this field forces a new resource to be created.
    value str
    (Required) The generated password for the application.
    displayName String
    A display name for the password. Changing this field forces a new resource to be created.
    endDate String
    The end date until which the password is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). Changing this field forces a new resource to be created.
    keyId String
    (Required) The unique key ID for the generated password.
    startDate String
    The start date from which the password is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If this isn't specified, the current date is used. Changing this field forces a new resource to be created.
    value String
    (Required) The generated password for the application.

    ApplicationPublicClient, ApplicationPublicClientArgs

    RedirectUris List<string>
    A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid https or ms-appx-web URL.
    RedirectUris []string
    A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid https or ms-appx-web URL.
    redirectUris List<String>
    A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid https or ms-appx-web URL.
    redirectUris string[]
    A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid https or ms-appx-web URL.
    redirect_uris Sequence[str]
    A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid https or ms-appx-web URL.
    redirectUris List<String>
    A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid https or ms-appx-web URL.

    ApplicationRequiredResourceAccess, ApplicationRequiredResourceAccessArgs

    ResourceAccesses List<Pulumi.AzureAD.Inputs.ApplicationRequiredResourceAccessResourceAccess>
    A collection of resource_access blocks as documented below, describing OAuth2.0 permission scopes and app roles that the application requires from the specified resource.
    ResourceAppId string

    The unique identifier for the resource that the application requires access to. This should be the Application ID of the target application.

    Note: Documentation on resource_app_id values for Microsoft APIs can be difficult to find, but you can use the Azure CLI to find them. (e.g. az ad sp list --display-name "Microsoft Graph" --query '[].{appDisplayName:appDisplayName, appId:appId}')

    ResourceAccesses []ApplicationRequiredResourceAccessResourceAccess
    A collection of resource_access blocks as documented below, describing OAuth2.0 permission scopes and app roles that the application requires from the specified resource.
    ResourceAppId string

    The unique identifier for the resource that the application requires access to. This should be the Application ID of the target application.

    Note: Documentation on resource_app_id values for Microsoft APIs can be difficult to find, but you can use the Azure CLI to find them. (e.g. az ad sp list --display-name "Microsoft Graph" --query '[].{appDisplayName:appDisplayName, appId:appId}')

    resourceAccesses List<ApplicationRequiredResourceAccessResourceAccess>
    A collection of resource_access blocks as documented below, describing OAuth2.0 permission scopes and app roles that the application requires from the specified resource.
    resourceAppId String

    The unique identifier for the resource that the application requires access to. This should be the Application ID of the target application.

    Note: Documentation on resource_app_id values for Microsoft APIs can be difficult to find, but you can use the Azure CLI to find them. (e.g. az ad sp list --display-name "Microsoft Graph" --query '[].{appDisplayName:appDisplayName, appId:appId}')

    resourceAccesses ApplicationRequiredResourceAccessResourceAccess[]
    A collection of resource_access blocks as documented below, describing OAuth2.0 permission scopes and app roles that the application requires from the specified resource.
    resourceAppId string

    The unique identifier for the resource that the application requires access to. This should be the Application ID of the target application.

    Note: Documentation on resource_app_id values for Microsoft APIs can be difficult to find, but you can use the Azure CLI to find them. (e.g. az ad sp list --display-name "Microsoft Graph" --query '[].{appDisplayName:appDisplayName, appId:appId}')

    resource_accesses Sequence[ApplicationRequiredResourceAccessResourceAccess]
    A collection of resource_access blocks as documented below, describing OAuth2.0 permission scopes and app roles that the application requires from the specified resource.
    resource_app_id str

    The unique identifier for the resource that the application requires access to. This should be the Application ID of the target application.

    Note: Documentation on resource_app_id values for Microsoft APIs can be difficult to find, but you can use the Azure CLI to find them. (e.g. az ad sp list --display-name "Microsoft Graph" --query '[].{appDisplayName:appDisplayName, appId:appId}')

    resourceAccesses List<Property Map>
    A collection of resource_access blocks as documented below, describing OAuth2.0 permission scopes and app roles that the application requires from the specified resource.
    resourceAppId String

    The unique identifier for the resource that the application requires access to. This should be the Application ID of the target application.

    Note: Documentation on resource_app_id values for Microsoft APIs can be difficult to find, but you can use the Azure CLI to find them. (e.g. az ad sp list --display-name "Microsoft Graph" --query '[].{appDisplayName:appDisplayName, appId:appId}')

    ApplicationRequiredResourceAccessResourceAccess, ApplicationRequiredResourceAccessResourceAccessArgs

    Id string
    The unique identifier for an app role or OAuth2 permission scope published by the resource application.
    Type string
    Specifies whether the id property references an app role or an OAuth2 permission scope. Possible values are Role or Scope.
    Id string
    The unique identifier for an app role or OAuth2 permission scope published by the resource application.
    Type string
    Specifies whether the id property references an app role or an OAuth2 permission scope. Possible values are Role or Scope.
    id String
    The unique identifier for an app role or OAuth2 permission scope published by the resource application.
    type String
    Specifies whether the id property references an app role or an OAuth2 permission scope. Possible values are Role or Scope.
    id string
    The unique identifier for an app role or OAuth2 permission scope published by the resource application.
    type string
    Specifies whether the id property references an app role or an OAuth2 permission scope. Possible values are Role or Scope.
    id str
    The unique identifier for an app role or OAuth2 permission scope published by the resource application.
    type str
    Specifies whether the id property references an app role or an OAuth2 permission scope. Possible values are Role or Scope.
    id String
    The unique identifier for an app role or OAuth2 permission scope published by the resource application.
    type String
    Specifies whether the id property references an app role or an OAuth2 permission scope. Possible values are Role or Scope.

    ApplicationSinglePageApplication, ApplicationSinglePageApplicationArgs

    RedirectUris List<string>
    A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid https URL.
    RedirectUris []string
    A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid https URL.
    redirectUris List<String>
    A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid https URL.
    redirectUris string[]
    A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid https URL.
    redirect_uris Sequence[str]
    A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid https URL.
    redirectUris List<String>
    A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid https URL.

    ApplicationWeb, ApplicationWebArgs

    HomepageUrl string
    Home page or landing page of the application.
    ImplicitGrant Pulumi.AzureAD.Inputs.ApplicationWebImplicitGrant
    An implicit_grant block as documented above.
    LogoutUrl string
    The URL that will be used by Microsoft's authorization service to sign out a user using front-channel, back-channel or SAML logout protocols.
    RedirectUris List<string>
    A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid http URL or a URN.
    HomepageUrl string
    Home page or landing page of the application.
    ImplicitGrant ApplicationWebImplicitGrant
    An implicit_grant block as documented above.
    LogoutUrl string
    The URL that will be used by Microsoft's authorization service to sign out a user using front-channel, back-channel or SAML logout protocols.
    RedirectUris []string
    A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid http URL or a URN.
    homepageUrl String
    Home page or landing page of the application.
    implicitGrant ApplicationWebImplicitGrant
    An implicit_grant block as documented above.
    logoutUrl String
    The URL that will be used by Microsoft's authorization service to sign out a user using front-channel, back-channel or SAML logout protocols.
    redirectUris List<String>
    A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid http URL or a URN.
    homepageUrl string
    Home page or landing page of the application.
    implicitGrant ApplicationWebImplicitGrant
    An implicit_grant block as documented above.
    logoutUrl string
    The URL that will be used by Microsoft's authorization service to sign out a user using front-channel, back-channel or SAML logout protocols.
    redirectUris string[]
    A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid http URL or a URN.
    homepage_url str
    Home page or landing page of the application.
    implicit_grant ApplicationWebImplicitGrant
    An implicit_grant block as documented above.
    logout_url str
    The URL that will be used by Microsoft's authorization service to sign out a user using front-channel, back-channel or SAML logout protocols.
    redirect_uris Sequence[str]
    A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid http URL or a URN.
    homepageUrl String
    Home page or landing page of the application.
    implicitGrant Property Map
    An implicit_grant block as documented above.
    logoutUrl String
    The URL that will be used by Microsoft's authorization service to sign out a user using front-channel, back-channel or SAML logout protocols.
    redirectUris List<String>
    A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid http URL or a URN.

    ApplicationWebImplicitGrant, ApplicationWebImplicitGrantArgs

    AccessTokenIssuanceEnabled bool
    Whether this web application can request an access token using OAuth 2.0 implicit flow.
    IdTokenIssuanceEnabled bool
    Whether this web application can request an ID token using OAuth 2.0 implicit flow.
    AccessTokenIssuanceEnabled bool
    Whether this web application can request an access token using OAuth 2.0 implicit flow.
    IdTokenIssuanceEnabled bool
    Whether this web application can request an ID token using OAuth 2.0 implicit flow.
    accessTokenIssuanceEnabled Boolean
    Whether this web application can request an access token using OAuth 2.0 implicit flow.
    idTokenIssuanceEnabled Boolean
    Whether this web application can request an ID token using OAuth 2.0 implicit flow.
    accessTokenIssuanceEnabled boolean
    Whether this web application can request an access token using OAuth 2.0 implicit flow.
    idTokenIssuanceEnabled boolean
    Whether this web application can request an ID token using OAuth 2.0 implicit flow.
    access_token_issuance_enabled bool
    Whether this web application can request an access token using OAuth 2.0 implicit flow.
    id_token_issuance_enabled bool
    Whether this web application can request an ID token using OAuth 2.0 implicit flow.
    accessTokenIssuanceEnabled Boolean
    Whether this web application can request an access token using OAuth 2.0 implicit flow.
    idTokenIssuanceEnabled Boolean
    Whether this web application can request an ID token using OAuth 2.0 implicit flow.

    Import

    Applications can be imported using the object ID of the application, in the following format.

    $ pulumi import azuread:index/application:Application example /applications/00000000-0000-0000-0000-000000000000
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Azure Active Directory (Azure AD) pulumi/pulumi-azuread
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the azuread Terraform Provider.
    azuread logo
    Azure Active Directory (Azure AD) v5.53.1 published on Monday, Jul 1, 2024 by Pulumi