azuread.Application
Explore with Pulumi AI
Example Usage
Create an application
import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";
import * as std from "@pulumi/std";
const current = azuread.getClientConfig({});
const example = new azuread.Application("example", {
displayName: "example",
identifierUris: ["api://example-app"],
logoImage: std.filebase64({
input: "/path/to/logo.png",
}).then(invoke => invoke.result),
owners: [current.then(current => current.objectId)],
signInAudience: "AzureADMultipleOrgs",
api: {
mappedClaimsEnabled: true,
requestedAccessTokenVersion: 2,
knownClientApplications: [
known1.applicationId,
known2.applicationId,
],
oauth2PermissionScopes: [
{
adminConsentDescription: "Allow the application to access example on behalf of the signed-in user.",
adminConsentDisplayName: "Access example",
enabled: true,
id: "96183846-204b-4b43-82e1-5d2222eb4b9b",
type: "User",
userConsentDescription: "Allow the application to access example on your behalf.",
userConsentDisplayName: "Access example",
value: "user_impersonation",
},
{
adminConsentDescription: "Administer the example application",
adminConsentDisplayName: "Administer",
enabled: true,
id: "be98fa3e-ab5b-4b11-83d9-04ba2b7946bc",
type: "Admin",
value: "administer",
},
],
},
appRoles: [
{
allowedMemberTypes: [
"User",
"Application",
],
description: "Admins can manage roles and perform all task actions",
displayName: "Admin",
enabled: true,
id: "1b19509b-32b1-4e9f-b71d-4992aa991967",
value: "admin",
},
{
allowedMemberTypes: ["User"],
description: "ReadOnly roles have limited query access",
displayName: "ReadOnly",
enabled: true,
id: "497406e4-012a-4267-bf18-45a1cb148a01",
value: "User",
},
],
featureTags: [{
enterprise: true,
gallery: true,
}],
optionalClaims: {
accessTokens: [
{
name: "myclaim",
},
{
name: "otherclaim",
},
],
idTokens: [{
name: "userclaim",
source: "user",
essential: true,
additionalProperties: ["emit_as_roles"],
}],
saml2Tokens: [{
name: "samlexample",
}],
},
requiredResourceAccesses: [
{
resourceAppId: "00000003-0000-0000-c000-000000000000",
resourceAccesses: [
{
id: "df021288-bdef-4463-88db-98f22de89214",
type: "Role",
},
{
id: "b4e74841-8e56-480b-be8b-910348b18b4c",
type: "Scope",
},
],
},
{
resourceAppId: "c5393580-f805-4401-95e8-94b7a6ef2fc2",
resourceAccesses: [{
id: "594c1fb6-4f81-4475-ae41-0c394909246c",
type: "Role",
}],
},
],
web: {
homepageUrl: "https://app.example.net",
logoutUrl: "https://app.example.net/logout",
redirectUris: ["https://app.example.net/account"],
implicitGrant: {
accessTokenIssuanceEnabled: true,
idTokenIssuanceEnabled: true,
},
},
});
import pulumi
import pulumi_azuread as azuread
import pulumi_std as std
current = azuread.get_client_config()
example = azuread.Application("example",
display_name="example",
identifier_uris=["api://example-app"],
logo_image=std.filebase64(input="/path/to/logo.png").result,
owners=[current.object_id],
sign_in_audience="AzureADMultipleOrgs",
api={
"mapped_claims_enabled": True,
"requested_access_token_version": 2,
"known_client_applications": [
known1["applicationId"],
known2["applicationId"],
],
"oauth2_permission_scopes": [
{
"admin_consent_description": "Allow the application to access example on behalf of the signed-in user.",
"admin_consent_display_name": "Access example",
"enabled": True,
"id": "96183846-204b-4b43-82e1-5d2222eb4b9b",
"type": "User",
"user_consent_description": "Allow the application to access example on your behalf.",
"user_consent_display_name": "Access example",
"value": "user_impersonation",
},
{
"admin_consent_description": "Administer the example application",
"admin_consent_display_name": "Administer",
"enabled": True,
"id": "be98fa3e-ab5b-4b11-83d9-04ba2b7946bc",
"type": "Admin",
"value": "administer",
},
],
},
app_roles=[
{
"allowed_member_types": [
"User",
"Application",
],
"description": "Admins can manage roles and perform all task actions",
"display_name": "Admin",
"enabled": True,
"id": "1b19509b-32b1-4e9f-b71d-4992aa991967",
"value": "admin",
},
{
"allowed_member_types": ["User"],
"description": "ReadOnly roles have limited query access",
"display_name": "ReadOnly",
"enabled": True,
"id": "497406e4-012a-4267-bf18-45a1cb148a01",
"value": "User",
},
],
feature_tags=[{
"enterprise": True,
"gallery": True,
}],
optional_claims={
"access_tokens": [
{
"name": "myclaim",
},
{
"name": "otherclaim",
},
],
"id_tokens": [{
"name": "userclaim",
"source": "user",
"essential": True,
"additional_properties": ["emit_as_roles"],
}],
"saml2_tokens": [{
"name": "samlexample",
}],
},
required_resource_accesses=[
{
"resource_app_id": "00000003-0000-0000-c000-000000000000",
"resource_accesses": [
{
"id": "df021288-bdef-4463-88db-98f22de89214",
"type": "Role",
},
{
"id": "b4e74841-8e56-480b-be8b-910348b18b4c",
"type": "Scope",
},
],
},
{
"resource_app_id": "c5393580-f805-4401-95e8-94b7a6ef2fc2",
"resource_accesses": [{
"id": "594c1fb6-4f81-4475-ae41-0c394909246c",
"type": "Role",
}],
},
],
web={
"homepage_url": "https://app.example.net",
"logout_url": "https://app.example.net/logout",
"redirect_uris": ["https://app.example.net/account"],
"implicit_grant": {
"access_token_issuance_enabled": True,
"id_token_issuance_enabled": True,
},
})
package main
import (
"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread"
"github.com/pulumi/pulumi-std/sdk/go/std"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
current, err := azuread.GetClientConfig(ctx, nil, nil)
if err != nil {
return err
}
invokeFilebase64, err := std.Filebase64(ctx, &std.Filebase64Args{
Input: "/path/to/logo.png",
}, nil)
if err != nil {
return err
}
_, err = azuread.NewApplication(ctx, "example", &azuread.ApplicationArgs{
DisplayName: pulumi.String("example"),
IdentifierUris: pulumi.StringArray{
pulumi.String("api://example-app"),
},
LogoImage: pulumi.String(invokeFilebase64.Result),
Owners: pulumi.StringArray{
pulumi.String(current.ObjectId),
},
SignInAudience: pulumi.String("AzureADMultipleOrgs"),
Api: &azuread.ApplicationApiArgs{
MappedClaimsEnabled: pulumi.Bool(true),
RequestedAccessTokenVersion: pulumi.Int(2),
KnownClientApplications: pulumi.StringArray{
known1.ApplicationId,
known2.ApplicationId,
},
Oauth2PermissionScopes: azuread.ApplicationApiOauth2PermissionScopeArray{
&azuread.ApplicationApiOauth2PermissionScopeArgs{
AdminConsentDescription: pulumi.String("Allow the application to access example on behalf of the signed-in user."),
AdminConsentDisplayName: pulumi.String("Access example"),
Enabled: pulumi.Bool(true),
Id: pulumi.String("96183846-204b-4b43-82e1-5d2222eb4b9b"),
Type: pulumi.String("User"),
UserConsentDescription: pulumi.String("Allow the application to access example on your behalf."),
UserConsentDisplayName: pulumi.String("Access example"),
Value: pulumi.String("user_impersonation"),
},
&azuread.ApplicationApiOauth2PermissionScopeArgs{
AdminConsentDescription: pulumi.String("Administer the example application"),
AdminConsentDisplayName: pulumi.String("Administer"),
Enabled: pulumi.Bool(true),
Id: pulumi.String("be98fa3e-ab5b-4b11-83d9-04ba2b7946bc"),
Type: pulumi.String("Admin"),
Value: pulumi.String("administer"),
},
},
},
AppRoles: azuread.ApplicationAppRoleTypeArray{
&azuread.ApplicationAppRoleTypeArgs{
AllowedMemberTypes: pulumi.StringArray{
pulumi.String("User"),
pulumi.String("Application"),
},
Description: pulumi.String("Admins can manage roles and perform all task actions"),
DisplayName: pulumi.String("Admin"),
Enabled: pulumi.Bool(true),
Id: pulumi.String("1b19509b-32b1-4e9f-b71d-4992aa991967"),
Value: pulumi.String("admin"),
},
&azuread.ApplicationAppRoleTypeArgs{
AllowedMemberTypes: pulumi.StringArray{
pulumi.String("User"),
},
Description: pulumi.String("ReadOnly roles have limited query access"),
DisplayName: pulumi.String("ReadOnly"),
Enabled: pulumi.Bool(true),
Id: pulumi.String("497406e4-012a-4267-bf18-45a1cb148a01"),
Value: pulumi.String("User"),
},
},
FeatureTags: azuread.ApplicationFeatureTagArray{
&azuread.ApplicationFeatureTagArgs{
Enterprise: pulumi.Bool(true),
Gallery: pulumi.Bool(true),
},
},
OptionalClaims: &azuread.ApplicationOptionalClaimsTypeArgs{
AccessTokens: azuread.ApplicationOptionalClaimsAccessTokenArray{
&azuread.ApplicationOptionalClaimsAccessTokenArgs{
Name: pulumi.String("myclaim"),
},
&azuread.ApplicationOptionalClaimsAccessTokenArgs{
Name: pulumi.String("otherclaim"),
},
},
IdTokens: azuread.ApplicationOptionalClaimsIdTokenArray{
&azuread.ApplicationOptionalClaimsIdTokenArgs{
Name: pulumi.String("userclaim"),
Source: pulumi.String("user"),
Essential: pulumi.Bool(true),
AdditionalProperties: pulumi.StringArray{
pulumi.String("emit_as_roles"),
},
},
},
Saml2Tokens: azuread.ApplicationOptionalClaimsSaml2TokenArray{
&azuread.ApplicationOptionalClaimsSaml2TokenArgs{
Name: pulumi.String("samlexample"),
},
},
},
RequiredResourceAccesses: azuread.ApplicationRequiredResourceAccessArray{
&azuread.ApplicationRequiredResourceAccessArgs{
ResourceAppId: pulumi.String("00000003-0000-0000-c000-000000000000"),
ResourceAccesses: azuread.ApplicationRequiredResourceAccessResourceAccessArray{
&azuread.ApplicationRequiredResourceAccessResourceAccessArgs{
Id: pulumi.String("df021288-bdef-4463-88db-98f22de89214"),
Type: pulumi.String("Role"),
},
&azuread.ApplicationRequiredResourceAccessResourceAccessArgs{
Id: pulumi.String("b4e74841-8e56-480b-be8b-910348b18b4c"),
Type: pulumi.String("Scope"),
},
},
},
&azuread.ApplicationRequiredResourceAccessArgs{
ResourceAppId: pulumi.String("c5393580-f805-4401-95e8-94b7a6ef2fc2"),
ResourceAccesses: azuread.ApplicationRequiredResourceAccessResourceAccessArray{
&azuread.ApplicationRequiredResourceAccessResourceAccessArgs{
Id: pulumi.String("594c1fb6-4f81-4475-ae41-0c394909246c"),
Type: pulumi.String("Role"),
},
},
},
},
Web: &azuread.ApplicationWebArgs{
HomepageUrl: pulumi.String("https://app.example.net"),
LogoutUrl: pulumi.String("https://app.example.net/logout"),
RedirectUris: pulumi.StringArray{
pulumi.String("https://app.example.net/account"),
},
ImplicitGrant: &azuread.ApplicationWebImplicitGrantArgs{
AccessTokenIssuanceEnabled: pulumi.Bool(true),
IdTokenIssuanceEnabled: pulumi.Bool(true),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureAD = Pulumi.AzureAD;
using Std = Pulumi.Std;
return await Deployment.RunAsync(() =>
{
var current = AzureAD.GetClientConfig.Invoke();
var example = new AzureAD.Application("example", new()
{
DisplayName = "example",
IdentifierUris = new[]
{
"api://example-app",
},
LogoImage = Std.Filebase64.Invoke(new()
{
Input = "/path/to/logo.png",
}).Apply(invoke => invoke.Result),
Owners = new[]
{
current.Apply(getClientConfigResult => getClientConfigResult.ObjectId),
},
SignInAudience = "AzureADMultipleOrgs",
Api = new AzureAD.Inputs.ApplicationApiArgs
{
MappedClaimsEnabled = true,
RequestedAccessTokenVersion = 2,
KnownClientApplications = new[]
{
known1.ApplicationId,
known2.ApplicationId,
},
Oauth2PermissionScopes = new[]
{
new AzureAD.Inputs.ApplicationApiOauth2PermissionScopeArgs
{
AdminConsentDescription = "Allow the application to access example on behalf of the signed-in user.",
AdminConsentDisplayName = "Access example",
Enabled = true,
Id = "96183846-204b-4b43-82e1-5d2222eb4b9b",
Type = "User",
UserConsentDescription = "Allow the application to access example on your behalf.",
UserConsentDisplayName = "Access example",
Value = "user_impersonation",
},
new AzureAD.Inputs.ApplicationApiOauth2PermissionScopeArgs
{
AdminConsentDescription = "Administer the example application",
AdminConsentDisplayName = "Administer",
Enabled = true,
Id = "be98fa3e-ab5b-4b11-83d9-04ba2b7946bc",
Type = "Admin",
Value = "administer",
},
},
},
AppRoles = new[]
{
new AzureAD.Inputs.ApplicationAppRoleArgs
{
AllowedMemberTypes = new[]
{
"User",
"Application",
},
Description = "Admins can manage roles and perform all task actions",
DisplayName = "Admin",
Enabled = true,
Id = "1b19509b-32b1-4e9f-b71d-4992aa991967",
Value = "admin",
},
new AzureAD.Inputs.ApplicationAppRoleArgs
{
AllowedMemberTypes = new[]
{
"User",
},
Description = "ReadOnly roles have limited query access",
DisplayName = "ReadOnly",
Enabled = true,
Id = "497406e4-012a-4267-bf18-45a1cb148a01",
Value = "User",
},
},
FeatureTags = new[]
{
new AzureAD.Inputs.ApplicationFeatureTagArgs
{
Enterprise = true,
Gallery = true,
},
},
OptionalClaims = new AzureAD.Inputs.ApplicationOptionalClaimsArgs
{
AccessTokens = new[]
{
new AzureAD.Inputs.ApplicationOptionalClaimsAccessTokenArgs
{
Name = "myclaim",
},
new AzureAD.Inputs.ApplicationOptionalClaimsAccessTokenArgs
{
Name = "otherclaim",
},
},
IdTokens = new[]
{
new AzureAD.Inputs.ApplicationOptionalClaimsIdTokenArgs
{
Name = "userclaim",
Source = "user",
Essential = true,
AdditionalProperties = new[]
{
"emit_as_roles",
},
},
},
Saml2Tokens = new[]
{
new AzureAD.Inputs.ApplicationOptionalClaimsSaml2TokenArgs
{
Name = "samlexample",
},
},
},
RequiredResourceAccesses = new[]
{
new AzureAD.Inputs.ApplicationRequiredResourceAccessArgs
{
ResourceAppId = "00000003-0000-0000-c000-000000000000",
ResourceAccesses = new[]
{
new AzureAD.Inputs.ApplicationRequiredResourceAccessResourceAccessArgs
{
Id = "df021288-bdef-4463-88db-98f22de89214",
Type = "Role",
},
new AzureAD.Inputs.ApplicationRequiredResourceAccessResourceAccessArgs
{
Id = "b4e74841-8e56-480b-be8b-910348b18b4c",
Type = "Scope",
},
},
},
new AzureAD.Inputs.ApplicationRequiredResourceAccessArgs
{
ResourceAppId = "c5393580-f805-4401-95e8-94b7a6ef2fc2",
ResourceAccesses = new[]
{
new AzureAD.Inputs.ApplicationRequiredResourceAccessResourceAccessArgs
{
Id = "594c1fb6-4f81-4475-ae41-0c394909246c",
Type = "Role",
},
},
},
},
Web = new AzureAD.Inputs.ApplicationWebArgs
{
HomepageUrl = "https://app.example.net",
LogoutUrl = "https://app.example.net/logout",
RedirectUris = new[]
{
"https://app.example.net/account",
},
ImplicitGrant = new AzureAD.Inputs.ApplicationWebImplicitGrantArgs
{
AccessTokenIssuanceEnabled = true,
IdTokenIssuanceEnabled = true,
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azuread.AzureadFunctions;
import com.pulumi.azuread.Application;
import com.pulumi.azuread.ApplicationArgs;
import com.pulumi.azuread.inputs.ApplicationApiArgs;
import com.pulumi.azuread.inputs.ApplicationAppRoleArgs;
import com.pulumi.azuread.inputs.ApplicationFeatureTagArgs;
import com.pulumi.azuread.inputs.ApplicationOptionalClaimsArgs;
import com.pulumi.azuread.inputs.ApplicationRequiredResourceAccessArgs;
import com.pulumi.azuread.inputs.ApplicationWebArgs;
import com.pulumi.azuread.inputs.ApplicationWebImplicitGrantArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var current = AzureadFunctions.getClientConfig();
var example = new Application("example", ApplicationArgs.builder()
.displayName("example")
.identifierUris("api://example-app")
.logoImage(StdFunctions.filebase64(Filebase64Args.builder()
.input("/path/to/logo.png")
.build()).result())
.owners(current.applyValue(getClientConfigResult -> getClientConfigResult.objectId()))
.signInAudience("AzureADMultipleOrgs")
.api(ApplicationApiArgs.builder()
.mappedClaimsEnabled(true)
.requestedAccessTokenVersion(2)
.knownClientApplications(
known1.applicationId(),
known2.applicationId())
.oauth2PermissionScopes(
ApplicationApiOauth2PermissionScopeArgs.builder()
.adminConsentDescription("Allow the application to access example on behalf of the signed-in user.")
.adminConsentDisplayName("Access example")
.enabled(true)
.id("96183846-204b-4b43-82e1-5d2222eb4b9b")
.type("User")
.userConsentDescription("Allow the application to access example on your behalf.")
.userConsentDisplayName("Access example")
.value("user_impersonation")
.build(),
ApplicationApiOauth2PermissionScopeArgs.builder()
.adminConsentDescription("Administer the example application")
.adminConsentDisplayName("Administer")
.enabled(true)
.id("be98fa3e-ab5b-4b11-83d9-04ba2b7946bc")
.type("Admin")
.value("administer")
.build())
.build())
.appRoles(
ApplicationAppRoleArgs.builder()
.allowedMemberTypes(
"User",
"Application")
.description("Admins can manage roles and perform all task actions")
.displayName("Admin")
.enabled(true)
.id("1b19509b-32b1-4e9f-b71d-4992aa991967")
.value("admin")
.build(),
ApplicationAppRoleArgs.builder()
.allowedMemberTypes("User")
.description("ReadOnly roles have limited query access")
.displayName("ReadOnly")
.enabled(true)
.id("497406e4-012a-4267-bf18-45a1cb148a01")
.value("User")
.build())
.featureTags(ApplicationFeatureTagArgs.builder()
.enterprise(true)
.gallery(true)
.build())
.optionalClaims(ApplicationOptionalClaimsArgs.builder()
.accessTokens(
ApplicationOptionalClaimsAccessTokenArgs.builder()
.name("myclaim")
.build(),
ApplicationOptionalClaimsAccessTokenArgs.builder()
.name("otherclaim")
.build())
.idTokens(ApplicationOptionalClaimsIdTokenArgs.builder()
.name("userclaim")
.source("user")
.essential(true)
.additionalProperties("emit_as_roles")
.build())
.saml2Tokens(ApplicationOptionalClaimsSaml2TokenArgs.builder()
.name("samlexample")
.build())
.build())
.requiredResourceAccesses(
ApplicationRequiredResourceAccessArgs.builder()
.resourceAppId("00000003-0000-0000-c000-000000000000")
.resourceAccesses(
ApplicationRequiredResourceAccessResourceAccessArgs.builder()
.id("df021288-bdef-4463-88db-98f22de89214")
.type("Role")
.build(),
ApplicationRequiredResourceAccessResourceAccessArgs.builder()
.id("b4e74841-8e56-480b-be8b-910348b18b4c")
.type("Scope")
.build())
.build(),
ApplicationRequiredResourceAccessArgs.builder()
.resourceAppId("c5393580-f805-4401-95e8-94b7a6ef2fc2")
.resourceAccesses(ApplicationRequiredResourceAccessResourceAccessArgs.builder()
.id("594c1fb6-4f81-4475-ae41-0c394909246c")
.type("Role")
.build())
.build())
.web(ApplicationWebArgs.builder()
.homepageUrl("https://app.example.net")
.logoutUrl("https://app.example.net/logout")
.redirectUris("https://app.example.net/account")
.implicitGrant(ApplicationWebImplicitGrantArgs.builder()
.accessTokenIssuanceEnabled(true)
.idTokenIssuanceEnabled(true)
.build())
.build())
.build());
}
}
resources:
example:
type: azuread:Application
properties:
displayName: example
identifierUris:
- api://example-app
logoImage:
fn::invoke:
Function: std:filebase64
Arguments:
input: /path/to/logo.png
Return: result
owners:
- ${current.objectId}
signInAudience: AzureADMultipleOrgs
api:
mappedClaimsEnabled: true
requestedAccessTokenVersion: 2
knownClientApplications:
- ${known1.applicationId}
- ${known2.applicationId}
oauth2PermissionScopes:
- adminConsentDescription: Allow the application to access example on behalf of the signed-in user.
adminConsentDisplayName: Access example
enabled: true
id: 96183846-204b-4b43-82e1-5d2222eb4b9b
type: User
userConsentDescription: Allow the application to access example on your behalf.
userConsentDisplayName: Access example
value: user_impersonation
- adminConsentDescription: Administer the example application
adminConsentDisplayName: Administer
enabled: true
id: be98fa3e-ab5b-4b11-83d9-04ba2b7946bc
type: Admin
value: administer
appRoles:
- allowedMemberTypes:
- User
- Application
description: Admins can manage roles and perform all task actions
displayName: Admin
enabled: true
id: 1b19509b-32b1-4e9f-b71d-4992aa991967
value: admin
- allowedMemberTypes:
- User
description: ReadOnly roles have limited query access
displayName: ReadOnly
enabled: true
id: 497406e4-012a-4267-bf18-45a1cb148a01
value: User
featureTags:
- enterprise: true
gallery: true
optionalClaims:
accessTokens:
- name: myclaim
- name: otherclaim
idTokens:
- name: userclaim
source: user
essential: true
additionalProperties:
- emit_as_roles
saml2Tokens:
- name: samlexample
requiredResourceAccesses:
- resourceAppId: 00000003-0000-0000-c000-000000000000
resourceAccesses:
- id: df021288-bdef-4463-88db-98f22de89214
type: Role
- id: b4e74841-8e56-480b-be8b-910348b18b4c
type: Scope
- resourceAppId: c5393580-f805-4401-95e8-94b7a6ef2fc2
resourceAccesses:
- id: 594c1fb6-4f81-4475-ae41-0c394909246c
type: Role
web:
homepageUrl: https://app.example.net
logoutUrl: https://app.example.net/logout
redirectUris:
- https://app.example.net/account
implicitGrant:
accessTokenIssuanceEnabled: true
idTokenIssuanceEnabled: true
variables:
current:
fn::invoke:
Function: azuread:getClientConfig
Arguments: {}
Create application and generate a password
Create Application Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Application(name: string, args: ApplicationArgs, opts?: CustomResourceOptions);
@overload
def Application(resource_name: str,
args: ApplicationArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Application(resource_name: str,
opts: Optional[ResourceOptions] = None,
display_name: Optional[str] = None,
owners: Optional[Sequence[str]] = None,
web: Optional[ApplicationWebArgs] = None,
optional_claims: Optional[ApplicationOptionalClaimsArgs] = None,
app_roles: Optional[Sequence[ApplicationAppRoleArgs]] = None,
fallback_public_client_enabled: Optional[bool] = None,
feature_tags: Optional[Sequence[ApplicationFeatureTagArgs]] = None,
group_membership_claims: Optional[Sequence[str]] = None,
identifier_uris: Optional[Sequence[str]] = None,
logo_image: Optional[str] = None,
marketing_url: Optional[str] = None,
notes: Optional[str] = None,
oauth2_post_response_required: Optional[bool] = None,
device_only_auth_enabled: Optional[bool] = None,
description: Optional[str] = None,
single_page_application: Optional[ApplicationSinglePageApplicationArgs] = None,
prevent_duplicate_names: Optional[bool] = None,
privacy_statement_url: Optional[str] = None,
public_client: Optional[ApplicationPublicClientArgs] = None,
required_resource_accesses: Optional[Sequence[ApplicationRequiredResourceAccessArgs]] = None,
service_management_reference: Optional[str] = None,
sign_in_audience: Optional[str] = None,
password: Optional[ApplicationPasswordArgs] = None,
support_url: Optional[str] = None,
tags: Optional[Sequence[str]] = None,
template_id: Optional[str] = None,
terms_of_service_url: Optional[str] = None,
api: Optional[ApplicationApiArgs] = None)
func NewApplication(ctx *Context, name string, args ApplicationArgs, opts ...ResourceOption) (*Application, error)
public Application(string name, ApplicationArgs args, CustomResourceOptions? opts = null)
public Application(String name, ApplicationArgs args)
public Application(String name, ApplicationArgs args, CustomResourceOptions options)
type: azuread:Application
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ApplicationArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ApplicationArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ApplicationArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ApplicationArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ApplicationArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var applicationResource = new AzureAD.Application("applicationResource", new()
{
DisplayName = "string",
Owners = new[]
{
"string",
},
Web = new AzureAD.Inputs.ApplicationWebArgs
{
HomepageUrl = "string",
ImplicitGrant = new AzureAD.Inputs.ApplicationWebImplicitGrantArgs
{
AccessTokenIssuanceEnabled = false,
IdTokenIssuanceEnabled = false,
},
LogoutUrl = "string",
RedirectUris = new[]
{
"string",
},
},
OptionalClaims = new AzureAD.Inputs.ApplicationOptionalClaimsArgs
{
AccessTokens = new[]
{
new AzureAD.Inputs.ApplicationOptionalClaimsAccessTokenArgs
{
Name = "string",
AdditionalProperties = new[]
{
"string",
},
Essential = false,
Source = "string",
},
},
IdTokens = new[]
{
new AzureAD.Inputs.ApplicationOptionalClaimsIdTokenArgs
{
Name = "string",
AdditionalProperties = new[]
{
"string",
},
Essential = false,
Source = "string",
},
},
Saml2Tokens = new[]
{
new AzureAD.Inputs.ApplicationOptionalClaimsSaml2TokenArgs
{
Name = "string",
AdditionalProperties = new[]
{
"string",
},
Essential = false,
Source = "string",
},
},
},
AppRoles = new[]
{
new AzureAD.Inputs.ApplicationAppRoleArgs
{
AllowedMemberTypes = new[]
{
"string",
},
Description = "string",
DisplayName = "string",
Id = "string",
Enabled = false,
Value = "string",
},
},
FallbackPublicClientEnabled = false,
FeatureTags = new[]
{
new AzureAD.Inputs.ApplicationFeatureTagArgs
{
CustomSingleSignOn = false,
Enterprise = false,
Gallery = false,
Hide = false,
},
},
GroupMembershipClaims = new[]
{
"string",
},
IdentifierUris = new[]
{
"string",
},
LogoImage = "string",
MarketingUrl = "string",
Notes = "string",
Oauth2PostResponseRequired = false,
DeviceOnlyAuthEnabled = false,
Description = "string",
SinglePageApplication = new AzureAD.Inputs.ApplicationSinglePageApplicationArgs
{
RedirectUris = new[]
{
"string",
},
},
PreventDuplicateNames = false,
PrivacyStatementUrl = "string",
PublicClient = new AzureAD.Inputs.ApplicationPublicClientArgs
{
RedirectUris = new[]
{
"string",
},
},
RequiredResourceAccesses = new[]
{
new AzureAD.Inputs.ApplicationRequiredResourceAccessArgs
{
ResourceAccesses = new[]
{
new AzureAD.Inputs.ApplicationRequiredResourceAccessResourceAccessArgs
{
Id = "string",
Type = "string",
},
},
ResourceAppId = "string",
},
},
ServiceManagementReference = "string",
SignInAudience = "string",
Password = new AzureAD.Inputs.ApplicationPasswordArgs
{
DisplayName = "string",
EndDate = "string",
KeyId = "string",
StartDate = "string",
Value = "string",
},
SupportUrl = "string",
Tags = new[]
{
"string",
},
TemplateId = "string",
TermsOfServiceUrl = "string",
Api = new AzureAD.Inputs.ApplicationApiArgs
{
KnownClientApplications = new[]
{
"string",
},
MappedClaimsEnabled = false,
Oauth2PermissionScopes = new[]
{
new AzureAD.Inputs.ApplicationApiOauth2PermissionScopeArgs
{
Id = "string",
AdminConsentDescription = "string",
AdminConsentDisplayName = "string",
Enabled = false,
Type = "string",
UserConsentDescription = "string",
UserConsentDisplayName = "string",
Value = "string",
},
},
RequestedAccessTokenVersion = 0,
},
});
example, err := azuread.NewApplication(ctx, "applicationResource", &azuread.ApplicationArgs{
DisplayName: pulumi.String("string"),
Owners: pulumi.StringArray{
pulumi.String("string"),
},
Web: &azuread.ApplicationWebArgs{
HomepageUrl: pulumi.String("string"),
ImplicitGrant: &azuread.ApplicationWebImplicitGrantArgs{
AccessTokenIssuanceEnabled: pulumi.Bool(false),
IdTokenIssuanceEnabled: pulumi.Bool(false),
},
LogoutUrl: pulumi.String("string"),
RedirectUris: pulumi.StringArray{
pulumi.String("string"),
},
},
OptionalClaims: &azuread.ApplicationOptionalClaimsTypeArgs{
AccessTokens: azuread.ApplicationOptionalClaimsAccessTokenArray{
&azuread.ApplicationOptionalClaimsAccessTokenArgs{
Name: pulumi.String("string"),
AdditionalProperties: pulumi.StringArray{
pulumi.String("string"),
},
Essential: pulumi.Bool(false),
Source: pulumi.String("string"),
},
},
IdTokens: azuread.ApplicationOptionalClaimsIdTokenArray{
&azuread.ApplicationOptionalClaimsIdTokenArgs{
Name: pulumi.String("string"),
AdditionalProperties: pulumi.StringArray{
pulumi.String("string"),
},
Essential: pulumi.Bool(false),
Source: pulumi.String("string"),
},
},
Saml2Tokens: azuread.ApplicationOptionalClaimsSaml2TokenArray{
&azuread.ApplicationOptionalClaimsSaml2TokenArgs{
Name: pulumi.String("string"),
AdditionalProperties: pulumi.StringArray{
pulumi.String("string"),
},
Essential: pulumi.Bool(false),
Source: pulumi.String("string"),
},
},
},
AppRoles: azuread.ApplicationAppRoleTypeArray{
&azuread.ApplicationAppRoleTypeArgs{
AllowedMemberTypes: pulumi.StringArray{
pulumi.String("string"),
},
Description: pulumi.String("string"),
DisplayName: pulumi.String("string"),
Id: pulumi.String("string"),
Enabled: pulumi.Bool(false),
Value: pulumi.String("string"),
},
},
FallbackPublicClientEnabled: pulumi.Bool(false),
FeatureTags: azuread.ApplicationFeatureTagArray{
&azuread.ApplicationFeatureTagArgs{
CustomSingleSignOn: pulumi.Bool(false),
Enterprise: pulumi.Bool(false),
Gallery: pulumi.Bool(false),
Hide: pulumi.Bool(false),
},
},
GroupMembershipClaims: pulumi.StringArray{
pulumi.String("string"),
},
IdentifierUris: pulumi.StringArray{
pulumi.String("string"),
},
LogoImage: pulumi.String("string"),
MarketingUrl: pulumi.String("string"),
Notes: pulumi.String("string"),
Oauth2PostResponseRequired: pulumi.Bool(false),
DeviceOnlyAuthEnabled: pulumi.Bool(false),
Description: pulumi.String("string"),
SinglePageApplication: &azuread.ApplicationSinglePageApplicationArgs{
RedirectUris: pulumi.StringArray{
pulumi.String("string"),
},
},
PreventDuplicateNames: pulumi.Bool(false),
PrivacyStatementUrl: pulumi.String("string"),
PublicClient: &azuread.ApplicationPublicClientArgs{
RedirectUris: pulumi.StringArray{
pulumi.String("string"),
},
},
RequiredResourceAccesses: azuread.ApplicationRequiredResourceAccessArray{
&azuread.ApplicationRequiredResourceAccessArgs{
ResourceAccesses: azuread.ApplicationRequiredResourceAccessResourceAccessArray{
&azuread.ApplicationRequiredResourceAccessResourceAccessArgs{
Id: pulumi.String("string"),
Type: pulumi.String("string"),
},
},
ResourceAppId: pulumi.String("string"),
},
},
ServiceManagementReference: pulumi.String("string"),
SignInAudience: pulumi.String("string"),
Password: &azuread.ApplicationPasswordTypeArgs{
DisplayName: pulumi.String("string"),
EndDate: pulumi.String("string"),
KeyId: pulumi.String("string"),
StartDate: pulumi.String("string"),
Value: pulumi.String("string"),
},
SupportUrl: pulumi.String("string"),
Tags: pulumi.StringArray{
pulumi.String("string"),
},
TemplateId: pulumi.String("string"),
TermsOfServiceUrl: pulumi.String("string"),
Api: &azuread.ApplicationApiArgs{
KnownClientApplications: pulumi.StringArray{
pulumi.String("string"),
},
MappedClaimsEnabled: pulumi.Bool(false),
Oauth2PermissionScopes: azuread.ApplicationApiOauth2PermissionScopeArray{
&azuread.ApplicationApiOauth2PermissionScopeArgs{
Id: pulumi.String("string"),
AdminConsentDescription: pulumi.String("string"),
AdminConsentDisplayName: pulumi.String("string"),
Enabled: pulumi.Bool(false),
Type: pulumi.String("string"),
UserConsentDescription: pulumi.String("string"),
UserConsentDisplayName: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
RequestedAccessTokenVersion: pulumi.Int(0),
},
})
var applicationResource = new Application("applicationResource", ApplicationArgs.builder()
.displayName("string")
.owners("string")
.web(ApplicationWebArgs.builder()
.homepageUrl("string")
.implicitGrant(ApplicationWebImplicitGrantArgs.builder()
.accessTokenIssuanceEnabled(false)
.idTokenIssuanceEnabled(false)
.build())
.logoutUrl("string")
.redirectUris("string")
.build())
.optionalClaims(ApplicationOptionalClaimsArgs.builder()
.accessTokens(ApplicationOptionalClaimsAccessTokenArgs.builder()
.name("string")
.additionalProperties("string")
.essential(false)
.source("string")
.build())
.idTokens(ApplicationOptionalClaimsIdTokenArgs.builder()
.name("string")
.additionalProperties("string")
.essential(false)
.source("string")
.build())
.saml2Tokens(ApplicationOptionalClaimsSaml2TokenArgs.builder()
.name("string")
.additionalProperties("string")
.essential(false)
.source("string")
.build())
.build())
.appRoles(ApplicationAppRoleArgs.builder()
.allowedMemberTypes("string")
.description("string")
.displayName("string")
.id("string")
.enabled(false)
.value("string")
.build())
.fallbackPublicClientEnabled(false)
.featureTags(ApplicationFeatureTagArgs.builder()
.customSingleSignOn(false)
.enterprise(false)
.gallery(false)
.hide(false)
.build())
.groupMembershipClaims("string")
.identifierUris("string")
.logoImage("string")
.marketingUrl("string")
.notes("string")
.oauth2PostResponseRequired(false)
.deviceOnlyAuthEnabled(false)
.description("string")
.singlePageApplication(ApplicationSinglePageApplicationArgs.builder()
.redirectUris("string")
.build())
.preventDuplicateNames(false)
.privacyStatementUrl("string")
.publicClient(ApplicationPublicClientArgs.builder()
.redirectUris("string")
.build())
.requiredResourceAccesses(ApplicationRequiredResourceAccessArgs.builder()
.resourceAccesses(ApplicationRequiredResourceAccessResourceAccessArgs.builder()
.id("string")
.type("string")
.build())
.resourceAppId("string")
.build())
.serviceManagementReference("string")
.signInAudience("string")
.password(ApplicationPasswordArgs.builder()
.displayName("string")
.endDate("string")
.keyId("string")
.startDate("string")
.value("string")
.build())
.supportUrl("string")
.tags("string")
.templateId("string")
.termsOfServiceUrl("string")
.api(ApplicationApiArgs.builder()
.knownClientApplications("string")
.mappedClaimsEnabled(false)
.oauth2PermissionScopes(ApplicationApiOauth2PermissionScopeArgs.builder()
.id("string")
.adminConsentDescription("string")
.adminConsentDisplayName("string")
.enabled(false)
.type("string")
.userConsentDescription("string")
.userConsentDisplayName("string")
.value("string")
.build())
.requestedAccessTokenVersion(0)
.build())
.build());
application_resource = azuread.Application("applicationResource",
display_name="string",
owners=["string"],
web={
"homepageUrl": "string",
"implicitGrant": {
"accessTokenIssuanceEnabled": False,
"idTokenIssuanceEnabled": False,
},
"logoutUrl": "string",
"redirectUris": ["string"],
},
optional_claims={
"accessTokens": [{
"name": "string",
"additionalProperties": ["string"],
"essential": False,
"source": "string",
}],
"idTokens": [{
"name": "string",
"additionalProperties": ["string"],
"essential": False,
"source": "string",
}],
"saml2Tokens": [{
"name": "string",
"additionalProperties": ["string"],
"essential": False,
"source": "string",
}],
},
app_roles=[{
"allowedMemberTypes": ["string"],
"description": "string",
"displayName": "string",
"id": "string",
"enabled": False,
"value": "string",
}],
fallback_public_client_enabled=False,
feature_tags=[{
"customSingleSignOn": False,
"enterprise": False,
"gallery": False,
"hide": False,
}],
group_membership_claims=["string"],
identifier_uris=["string"],
logo_image="string",
marketing_url="string",
notes="string",
oauth2_post_response_required=False,
device_only_auth_enabled=False,
description="string",
single_page_application={
"redirectUris": ["string"],
},
prevent_duplicate_names=False,
privacy_statement_url="string",
public_client={
"redirectUris": ["string"],
},
required_resource_accesses=[{
"resourceAccesses": [{
"id": "string",
"type": "string",
}],
"resourceAppId": "string",
}],
service_management_reference="string",
sign_in_audience="string",
password={
"displayName": "string",
"endDate": "string",
"keyId": "string",
"startDate": "string",
"value": "string",
},
support_url="string",
tags=["string"],
template_id="string",
terms_of_service_url="string",
api={
"knownClientApplications": ["string"],
"mappedClaimsEnabled": False,
"oauth2PermissionScopes": [{
"id": "string",
"adminConsentDescription": "string",
"adminConsentDisplayName": "string",
"enabled": False,
"type": "string",
"userConsentDescription": "string",
"userConsentDisplayName": "string",
"value": "string",
}],
"requestedAccessTokenVersion": 0,
})
const applicationResource = new azuread.Application("applicationResource", {
displayName: "string",
owners: ["string"],
web: {
homepageUrl: "string",
implicitGrant: {
accessTokenIssuanceEnabled: false,
idTokenIssuanceEnabled: false,
},
logoutUrl: "string",
redirectUris: ["string"],
},
optionalClaims: {
accessTokens: [{
name: "string",
additionalProperties: ["string"],
essential: false,
source: "string",
}],
idTokens: [{
name: "string",
additionalProperties: ["string"],
essential: false,
source: "string",
}],
saml2Tokens: [{
name: "string",
additionalProperties: ["string"],
essential: false,
source: "string",
}],
},
appRoles: [{
allowedMemberTypes: ["string"],
description: "string",
displayName: "string",
id: "string",
enabled: false,
value: "string",
}],
fallbackPublicClientEnabled: false,
featureTags: [{
customSingleSignOn: false,
enterprise: false,
gallery: false,
hide: false,
}],
groupMembershipClaims: ["string"],
identifierUris: ["string"],
logoImage: "string",
marketingUrl: "string",
notes: "string",
oauth2PostResponseRequired: false,
deviceOnlyAuthEnabled: false,
description: "string",
singlePageApplication: {
redirectUris: ["string"],
},
preventDuplicateNames: false,
privacyStatementUrl: "string",
publicClient: {
redirectUris: ["string"],
},
requiredResourceAccesses: [{
resourceAccesses: [{
id: "string",
type: "string",
}],
resourceAppId: "string",
}],
serviceManagementReference: "string",
signInAudience: "string",
password: {
displayName: "string",
endDate: "string",
keyId: "string",
startDate: "string",
value: "string",
},
supportUrl: "string",
tags: ["string"],
templateId: "string",
termsOfServiceUrl: "string",
api: {
knownClientApplications: ["string"],
mappedClaimsEnabled: false,
oauth2PermissionScopes: [{
id: "string",
adminConsentDescription: "string",
adminConsentDisplayName: "string",
enabled: false,
type: "string",
userConsentDescription: "string",
userConsentDisplayName: "string",
value: "string",
}],
requestedAccessTokenVersion: 0,
},
});
type: azuread:Application
properties:
api:
knownClientApplications:
- string
mappedClaimsEnabled: false
oauth2PermissionScopes:
- adminConsentDescription: string
adminConsentDisplayName: string
enabled: false
id: string
type: string
userConsentDescription: string
userConsentDisplayName: string
value: string
requestedAccessTokenVersion: 0
appRoles:
- allowedMemberTypes:
- string
description: string
displayName: string
enabled: false
id: string
value: string
description: string
deviceOnlyAuthEnabled: false
displayName: string
fallbackPublicClientEnabled: false
featureTags:
- customSingleSignOn: false
enterprise: false
gallery: false
hide: false
groupMembershipClaims:
- string
identifierUris:
- string
logoImage: string
marketingUrl: string
notes: string
oauth2PostResponseRequired: false
optionalClaims:
accessTokens:
- additionalProperties:
- string
essential: false
name: string
source: string
idTokens:
- additionalProperties:
- string
essential: false
name: string
source: string
saml2Tokens:
- additionalProperties:
- string
essential: false
name: string
source: string
owners:
- string
password:
displayName: string
endDate: string
keyId: string
startDate: string
value: string
preventDuplicateNames: false
privacyStatementUrl: string
publicClient:
redirectUris:
- string
requiredResourceAccesses:
- resourceAccesses:
- id: string
type: string
resourceAppId: string
serviceManagementReference: string
signInAudience: string
singlePageApplication:
redirectUris:
- string
supportUrl: string
tags:
- string
templateId: string
termsOfServiceUrl: string
web:
homepageUrl: string
implicitGrant:
accessTokenIssuanceEnabled: false
idTokenIssuanceEnabled: false
logoutUrl: string
redirectUris:
- string
Application Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The Application resource accepts the following input properties:
- Display
Name string - The display name for the application.
- Api
Pulumi.
Azure AD. Inputs. Application Api - An
api
block as documented below, which configures API related settings for this application. - App
Roles List<Pulumi.Azure AD. Inputs. Application App Role> - A collection of
app_role
blocks as documented below. For more information see official documentation on Application Roles. - Description string
- A description of the application, as shown to end users.
- Device
Only boolAuth Enabled - Specifies whether this application supports device authentication without a user. Defaults to
false
. - Fallback
Public boolClient Enabled - Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI. Defaults to
false
. - List<Pulumi.
Azure AD. Inputs. Application Feature Tag> A
feature_tags
block as described below. Cannot be used together with thetags
property.Features and Tags Features are configured for an application using tags, and are provided as a shortcut to set the corresponding magic tag value for each feature. You cannot configure
feature_tags
andtags
for an application at the same time, so if you need to assign additional custom tags it's recommended to use thetags
property instead. Tag values also propagate to any linked service principals.- Group
Membership List<string>Claims - A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are
None
,SecurityGroup
,DirectoryRole
,ApplicationGroup
orAll
. - Identifier
Uris List<string> - A set of user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant.
- Logo
Image string - A logo image to upload for the application, as a raw base64-encoded string. The image should be in gif, jpeg or png format. Note that once an image has been uploaded, it is not possible to remove it without replacing it with another image.
- Marketing
Url string - URL of the application's marketing page.
- Notes string
- User-specified notes relevant for the management of the application.
- Oauth2Post
Response boolRequired - Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests. Defaults to
false
, which specifies that only GET requests are allowed. - Optional
Claims Pulumi.Azure AD. Inputs. Application Optional Claims - An
optional_claims
block as documented below. - Owners List<string>
- A list of object IDs of principals that will be granted ownership of the application
- Password
Pulumi.
Azure AD. Inputs. Application Password A single
password
block as documented below. The password is generated during creation. By default, no password is generated.Creating a Password The
password
block supports a single password for the application, and is provided so that a password can be generated when a new application is created. This helps to make new applications available for authentication more quickly. To add additional passwords to an application, see the azuread.ApplicationPassword resource.- Prevent
Duplicate boolNames - If
true
, will return an error if an existing application is found with the same name. Defaults tofalse
. - Privacy
Statement stringUrl - URL of the application's privacy statement.
- Public
Client Pulumi.Azure AD. Inputs. Application Public Client - A
public_client
block as documented below, which configures non-web app or non-web API application settings, for example mobile or other public clients such as an installed application running on a desktop device. - Required
Resource List<Pulumi.Accesses Azure AD. Inputs. Application Required Resource Access> - A collection of
required_resource_access
blocks as documented below. - Service
Management stringReference - References application context information from a Service or Asset Management database.
- Sign
In stringAudience The Microsoft account types that are supported for the current application. Must be one of
AzureADMyOrg
,AzureADMultipleOrgs
,AzureADandPersonalMicrosoftAccount
orPersonalMicrosoftAccount
. Defaults toAzureADMyOrg
.Changing
sign_in_audience
for existing applications When updating an existing application to use asign_in_audience
value ofAzureADandPersonalMicrosoftAccount
orPersonalMicrosoftAccount
, your configuration may no longer be valid. Refer to official documentation to understand the differences in supported configurations. Where possible, the provider will attempt to validate your configuration and try to avoid applying unsupported settings to your application.- Single
Page Pulumi.Application Azure AD. Inputs. Application Single Page Application - A
single_page_application
block as documented below, which configures single-page application (SPA) related settings for this application. - Support
Url string - URL of the application's support page.
- List<string>
A set of tags to apply to the application for configuring specific behaviours of the application and linked service principals. Note that these are not provided for use by practitioners. Cannot be used together with the
feature_tags
block.Tags and Features Azure Active Directory uses special tag values to configure the behavior of applications. These can be specified using either the
tags
property or with thefeature_tags
block. If you need to set any custom tag values not supported by thefeature_tags
block, it's recommended to use thetags
property. Tag values also propagate to any linked service principals.- Template
Id string Unique ID for a templated application in the Azure AD App Gallery, from which to create the application. Changing this forces a new resource to be created.
Tip for Gallery Applications This resource can be used to instantiate a gallery application, however it will also attempt to manage the properties of the resulting application. If this is not desired, consider using the azuread.ApplicationRegistration resource instead.
- Terms
Of stringService Url - URL of the application's terms of service statement.
- Web
Pulumi.
Azure AD. Inputs. Application Web A
web
block as documented below, which configures web related settings for this application.Application Name Uniqueness Application names are not unique within Azure Active Directory. Use the
prevent_duplicate_names
argument to check for existing applications if you want to avoid name collisions.
- Display
Name string - The display name for the application.
- Api
Application
Api Args - An
api
block as documented below, which configures API related settings for this application. - App
Roles []ApplicationApp Role Type Args - A collection of
app_role
blocks as documented below. For more information see official documentation on Application Roles. - Description string
- A description of the application, as shown to end users.
- Device
Only boolAuth Enabled - Specifies whether this application supports device authentication without a user. Defaults to
false
. - Fallback
Public boolClient Enabled - Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI. Defaults to
false
. - []Application
Feature Tag Args A
feature_tags
block as described below. Cannot be used together with thetags
property.Features and Tags Features are configured for an application using tags, and are provided as a shortcut to set the corresponding magic tag value for each feature. You cannot configure
feature_tags
andtags
for an application at the same time, so if you need to assign additional custom tags it's recommended to use thetags
property instead. Tag values also propagate to any linked service principals.- Group
Membership []stringClaims - A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are
None
,SecurityGroup
,DirectoryRole
,ApplicationGroup
orAll
. - Identifier
Uris []string - A set of user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant.
- Logo
Image string - A logo image to upload for the application, as a raw base64-encoded string. The image should be in gif, jpeg or png format. Note that once an image has been uploaded, it is not possible to remove it without replacing it with another image.
- Marketing
Url string - URL of the application's marketing page.
- Notes string
- User-specified notes relevant for the management of the application.
- Oauth2Post
Response boolRequired - Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests. Defaults to
false
, which specifies that only GET requests are allowed. - Optional
Claims ApplicationOptional Claims Type Args - An
optional_claims
block as documented below. - Owners []string
- A list of object IDs of principals that will be granted ownership of the application
- Password
Application
Password Type Args A single
password
block as documented below. The password is generated during creation. By default, no password is generated.Creating a Password The
password
block supports a single password for the application, and is provided so that a password can be generated when a new application is created. This helps to make new applications available for authentication more quickly. To add additional passwords to an application, see the azuread.ApplicationPassword resource.- Prevent
Duplicate boolNames - If
true
, will return an error if an existing application is found with the same name. Defaults tofalse
. - Privacy
Statement stringUrl - URL of the application's privacy statement.
- Public
Client ApplicationPublic Client Args - A
public_client
block as documented below, which configures non-web app or non-web API application settings, for example mobile or other public clients such as an installed application running on a desktop device. - Required
Resource []ApplicationAccesses Required Resource Access Args - A collection of
required_resource_access
blocks as documented below. - Service
Management stringReference - References application context information from a Service or Asset Management database.
- Sign
In stringAudience The Microsoft account types that are supported for the current application. Must be one of
AzureADMyOrg
,AzureADMultipleOrgs
,AzureADandPersonalMicrosoftAccount
orPersonalMicrosoftAccount
. Defaults toAzureADMyOrg
.Changing
sign_in_audience
for existing applications When updating an existing application to use asign_in_audience
value ofAzureADandPersonalMicrosoftAccount
orPersonalMicrosoftAccount
, your configuration may no longer be valid. Refer to official documentation to understand the differences in supported configurations. Where possible, the provider will attempt to validate your configuration and try to avoid applying unsupported settings to your application.- Single
Page ApplicationApplication Single Page Application Args - A
single_page_application
block as documented below, which configures single-page application (SPA) related settings for this application. - Support
Url string - URL of the application's support page.
- []string
A set of tags to apply to the application for configuring specific behaviours of the application and linked service principals. Note that these are not provided for use by practitioners. Cannot be used together with the
feature_tags
block.Tags and Features Azure Active Directory uses special tag values to configure the behavior of applications. These can be specified using either the
tags
property or with thefeature_tags
block. If you need to set any custom tag values not supported by thefeature_tags
block, it's recommended to use thetags
property. Tag values also propagate to any linked service principals.- Template
Id string Unique ID for a templated application in the Azure AD App Gallery, from which to create the application. Changing this forces a new resource to be created.
Tip for Gallery Applications This resource can be used to instantiate a gallery application, however it will also attempt to manage the properties of the resulting application. If this is not desired, consider using the azuread.ApplicationRegistration resource instead.
- Terms
Of stringService Url - URL of the application's terms of service statement.
- Web
Application
Web Args A
web
block as documented below, which configures web related settings for this application.Application Name Uniqueness Application names are not unique within Azure Active Directory. Use the
prevent_duplicate_names
argument to check for existing applications if you want to avoid name collisions.
- display
Name String - The display name for the application.
- api
Application
Api - An
api
block as documented below, which configures API related settings for this application. - app
Roles List<ApplicationApp Role> - A collection of
app_role
blocks as documented below. For more information see official documentation on Application Roles. - description String
- A description of the application, as shown to end users.
- device
Only BooleanAuth Enabled - Specifies whether this application supports device authentication without a user. Defaults to
false
. - fallback
Public BooleanClient Enabled - Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI. Defaults to
false
. - List<Application
Feature Tag> A
feature_tags
block as described below. Cannot be used together with thetags
property.Features and Tags Features are configured for an application using tags, and are provided as a shortcut to set the corresponding magic tag value for each feature. You cannot configure
feature_tags
andtags
for an application at the same time, so if you need to assign additional custom tags it's recommended to use thetags
property instead. Tag values also propagate to any linked service principals.- group
Membership List<String>Claims - A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are
None
,SecurityGroup
,DirectoryRole
,ApplicationGroup
orAll
. - identifier
Uris List<String> - A set of user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant.
- logo
Image String - A logo image to upload for the application, as a raw base64-encoded string. The image should be in gif, jpeg or png format. Note that once an image has been uploaded, it is not possible to remove it without replacing it with another image.
- marketing
Url String - URL of the application's marketing page.
- notes String
- User-specified notes relevant for the management of the application.
- oauth2Post
Response BooleanRequired - Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests. Defaults to
false
, which specifies that only GET requests are allowed. - optional
Claims ApplicationOptional Claims - An
optional_claims
block as documented below. - owners List<String>
- A list of object IDs of principals that will be granted ownership of the application
- password
Application
Password A single
password
block as documented below. The password is generated during creation. By default, no password is generated.Creating a Password The
password
block supports a single password for the application, and is provided so that a password can be generated when a new application is created. This helps to make new applications available for authentication more quickly. To add additional passwords to an application, see the azuread.ApplicationPassword resource.- prevent
Duplicate BooleanNames - If
true
, will return an error if an existing application is found with the same name. Defaults tofalse
. - privacy
Statement StringUrl - URL of the application's privacy statement.
- public
Client ApplicationPublic Client - A
public_client
block as documented below, which configures non-web app or non-web API application settings, for example mobile or other public clients such as an installed application running on a desktop device. - required
Resource List<ApplicationAccesses Required Resource Access> - A collection of
required_resource_access
blocks as documented below. - service
Management StringReference - References application context information from a Service or Asset Management database.
- sign
In StringAudience The Microsoft account types that are supported for the current application. Must be one of
AzureADMyOrg
,AzureADMultipleOrgs
,AzureADandPersonalMicrosoftAccount
orPersonalMicrosoftAccount
. Defaults toAzureADMyOrg
.Changing
sign_in_audience
for existing applications When updating an existing application to use asign_in_audience
value ofAzureADandPersonalMicrosoftAccount
orPersonalMicrosoftAccount
, your configuration may no longer be valid. Refer to official documentation to understand the differences in supported configurations. Where possible, the provider will attempt to validate your configuration and try to avoid applying unsupported settings to your application.- single
Page ApplicationApplication Single Page Application - A
single_page_application
block as documented below, which configures single-page application (SPA) related settings for this application. - support
Url String - URL of the application's support page.
- List<String>
A set of tags to apply to the application for configuring specific behaviours of the application and linked service principals. Note that these are not provided for use by practitioners. Cannot be used together with the
feature_tags
block.Tags and Features Azure Active Directory uses special tag values to configure the behavior of applications. These can be specified using either the
tags
property or with thefeature_tags
block. If you need to set any custom tag values not supported by thefeature_tags
block, it's recommended to use thetags
property. Tag values also propagate to any linked service principals.- template
Id String Unique ID for a templated application in the Azure AD App Gallery, from which to create the application. Changing this forces a new resource to be created.
Tip for Gallery Applications This resource can be used to instantiate a gallery application, however it will also attempt to manage the properties of the resulting application. If this is not desired, consider using the azuread.ApplicationRegistration resource instead.
- terms
Of StringService Url - URL of the application's terms of service statement.
- web
Application
Web A
web
block as documented below, which configures web related settings for this application.Application Name Uniqueness Application names are not unique within Azure Active Directory. Use the
prevent_duplicate_names
argument to check for existing applications if you want to avoid name collisions.
- display
Name string - The display name for the application.
- api
Application
Api - An
api
block as documented below, which configures API related settings for this application. - app
Roles ApplicationApp Role[] - A collection of
app_role
blocks as documented below. For more information see official documentation on Application Roles. - description string
- A description of the application, as shown to end users.
- device
Only booleanAuth Enabled - Specifies whether this application supports device authentication without a user. Defaults to
false
. - fallback
Public booleanClient Enabled - Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI. Defaults to
false
. - Application
Feature Tag[] A
feature_tags
block as described below. Cannot be used together with thetags
property.Features and Tags Features are configured for an application using tags, and are provided as a shortcut to set the corresponding magic tag value for each feature. You cannot configure
feature_tags
andtags
for an application at the same time, so if you need to assign additional custom tags it's recommended to use thetags
property instead. Tag values also propagate to any linked service principals.- group
Membership string[]Claims - A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are
None
,SecurityGroup
,DirectoryRole
,ApplicationGroup
orAll
. - identifier
Uris string[] - A set of user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant.
- logo
Image string - A logo image to upload for the application, as a raw base64-encoded string. The image should be in gif, jpeg or png format. Note that once an image has been uploaded, it is not possible to remove it without replacing it with another image.
- marketing
Url string - URL of the application's marketing page.
- notes string
- User-specified notes relevant for the management of the application.
- oauth2Post
Response booleanRequired - Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests. Defaults to
false
, which specifies that only GET requests are allowed. - optional
Claims ApplicationOptional Claims - An
optional_claims
block as documented below. - owners string[]
- A list of object IDs of principals that will be granted ownership of the application
- password
Application
Password A single
password
block as documented below. The password is generated during creation. By default, no password is generated.Creating a Password The
password
block supports a single password for the application, and is provided so that a password can be generated when a new application is created. This helps to make new applications available for authentication more quickly. To add additional passwords to an application, see the azuread.ApplicationPassword resource.- prevent
Duplicate booleanNames - If
true
, will return an error if an existing application is found with the same name. Defaults tofalse
. - privacy
Statement stringUrl - URL of the application's privacy statement.
- public
Client ApplicationPublic Client - A
public_client
block as documented below, which configures non-web app or non-web API application settings, for example mobile or other public clients such as an installed application running on a desktop device. - required
Resource ApplicationAccesses Required Resource Access[] - A collection of
required_resource_access
blocks as documented below. - service
Management stringReference - References application context information from a Service or Asset Management database.
- sign
In stringAudience The Microsoft account types that are supported for the current application. Must be one of
AzureADMyOrg
,AzureADMultipleOrgs
,AzureADandPersonalMicrosoftAccount
orPersonalMicrosoftAccount
. Defaults toAzureADMyOrg
.Changing
sign_in_audience
for existing applications When updating an existing application to use asign_in_audience
value ofAzureADandPersonalMicrosoftAccount
orPersonalMicrosoftAccount
, your configuration may no longer be valid. Refer to official documentation to understand the differences in supported configurations. Where possible, the provider will attempt to validate your configuration and try to avoid applying unsupported settings to your application.- single
Page ApplicationApplication Single Page Application - A
single_page_application
block as documented below, which configures single-page application (SPA) related settings for this application. - support
Url string - URL of the application's support page.
- string[]
A set of tags to apply to the application for configuring specific behaviours of the application and linked service principals. Note that these are not provided for use by practitioners. Cannot be used together with the
feature_tags
block.Tags and Features Azure Active Directory uses special tag values to configure the behavior of applications. These can be specified using either the
tags
property or with thefeature_tags
block. If you need to set any custom tag values not supported by thefeature_tags
block, it's recommended to use thetags
property. Tag values also propagate to any linked service principals.- template
Id string Unique ID for a templated application in the Azure AD App Gallery, from which to create the application. Changing this forces a new resource to be created.
Tip for Gallery Applications This resource can be used to instantiate a gallery application, however it will also attempt to manage the properties of the resulting application. If this is not desired, consider using the azuread.ApplicationRegistration resource instead.
- terms
Of stringService Url - URL of the application's terms of service statement.
- web
Application
Web A
web
block as documented below, which configures web related settings for this application.Application Name Uniqueness Application names are not unique within Azure Active Directory. Use the
prevent_duplicate_names
argument to check for existing applications if you want to avoid name collisions.
- display_
name str - The display name for the application.
- api
Application
Api Args - An
api
block as documented below, which configures API related settings for this application. - app_
roles Sequence[ApplicationApp Role Args] - A collection of
app_role
blocks as documented below. For more information see official documentation on Application Roles. - description str
- A description of the application, as shown to end users.
- device_
only_ boolauth_ enabled - Specifies whether this application supports device authentication without a user. Defaults to
false
. - fallback_
public_ boolclient_ enabled - Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI. Defaults to
false
. - Sequence[Application
Feature Tag Args] A
feature_tags
block as described below. Cannot be used together with thetags
property.Features and Tags Features are configured for an application using tags, and are provided as a shortcut to set the corresponding magic tag value for each feature. You cannot configure
feature_tags
andtags
for an application at the same time, so if you need to assign additional custom tags it's recommended to use thetags
property instead. Tag values also propagate to any linked service principals.- group_
membership_ Sequence[str]claims - A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are
None
,SecurityGroup
,DirectoryRole
,ApplicationGroup
orAll
. - identifier_
uris Sequence[str] - A set of user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant.
- logo_
image str - A logo image to upload for the application, as a raw base64-encoded string. The image should be in gif, jpeg or png format. Note that once an image has been uploaded, it is not possible to remove it without replacing it with another image.
- marketing_
url str - URL of the application's marketing page.
- notes str
- User-specified notes relevant for the management of the application.
- oauth2_
post_ boolresponse_ required - Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests. Defaults to
false
, which specifies that only GET requests are allowed. - optional_
claims ApplicationOptional Claims Args - An
optional_claims
block as documented below. - owners Sequence[str]
- A list of object IDs of principals that will be granted ownership of the application
- password
Application
Password Args A single
password
block as documented below. The password is generated during creation. By default, no password is generated.Creating a Password The
password
block supports a single password for the application, and is provided so that a password can be generated when a new application is created. This helps to make new applications available for authentication more quickly. To add additional passwords to an application, see the azuread.ApplicationPassword resource.- prevent_
duplicate_ boolnames - If
true
, will return an error if an existing application is found with the same name. Defaults tofalse
. - privacy_
statement_ strurl - URL of the application's privacy statement.
- public_
client ApplicationPublic Client Args - A
public_client
block as documented below, which configures non-web app or non-web API application settings, for example mobile or other public clients such as an installed application running on a desktop device. - required_
resource_ Sequence[Applicationaccesses Required Resource Access Args] - A collection of
required_resource_access
blocks as documented below. - service_
management_ strreference - References application context information from a Service or Asset Management database.
- sign_
in_ straudience The Microsoft account types that are supported for the current application. Must be one of
AzureADMyOrg
,AzureADMultipleOrgs
,AzureADandPersonalMicrosoftAccount
orPersonalMicrosoftAccount
. Defaults toAzureADMyOrg
.Changing
sign_in_audience
for existing applications When updating an existing application to use asign_in_audience
value ofAzureADandPersonalMicrosoftAccount
orPersonalMicrosoftAccount
, your configuration may no longer be valid. Refer to official documentation to understand the differences in supported configurations. Where possible, the provider will attempt to validate your configuration and try to avoid applying unsupported settings to your application.- single_
page_ Applicationapplication Single Page Application Args - A
single_page_application
block as documented below, which configures single-page application (SPA) related settings for this application. - support_
url str - URL of the application's support page.
- Sequence[str]
A set of tags to apply to the application for configuring specific behaviours of the application and linked service principals. Note that these are not provided for use by practitioners. Cannot be used together with the
feature_tags
block.Tags and Features Azure Active Directory uses special tag values to configure the behavior of applications. These can be specified using either the
tags
property or with thefeature_tags
block. If you need to set any custom tag values not supported by thefeature_tags
block, it's recommended to use thetags
property. Tag values also propagate to any linked service principals.- template_
id str Unique ID for a templated application in the Azure AD App Gallery, from which to create the application. Changing this forces a new resource to be created.
Tip for Gallery Applications This resource can be used to instantiate a gallery application, however it will also attempt to manage the properties of the resulting application. If this is not desired, consider using the azuread.ApplicationRegistration resource instead.
- terms_
of_ strservice_ url - URL of the application's terms of service statement.
- web
Application
Web Args A
web
block as documented below, which configures web related settings for this application.Application Name Uniqueness Application names are not unique within Azure Active Directory. Use the
prevent_duplicate_names
argument to check for existing applications if you want to avoid name collisions.
- display
Name String - The display name for the application.
- api Property Map
- An
api
block as documented below, which configures API related settings for this application. - app
Roles List<Property Map> - A collection of
app_role
blocks as documented below. For more information see official documentation on Application Roles. - description String
- A description of the application, as shown to end users.
- device
Only BooleanAuth Enabled - Specifies whether this application supports device authentication without a user. Defaults to
false
. - fallback
Public BooleanClient Enabled - Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI. Defaults to
false
. - List<Property Map>
A
feature_tags
block as described below. Cannot be used together with thetags
property.Features and Tags Features are configured for an application using tags, and are provided as a shortcut to set the corresponding magic tag value for each feature. You cannot configure
feature_tags
andtags
for an application at the same time, so if you need to assign additional custom tags it's recommended to use thetags
property instead. Tag values also propagate to any linked service principals.- group
Membership List<String>Claims - A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are
None
,SecurityGroup
,DirectoryRole
,ApplicationGroup
orAll
. - identifier
Uris List<String> - A set of user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant.
- logo
Image String - A logo image to upload for the application, as a raw base64-encoded string. The image should be in gif, jpeg or png format. Note that once an image has been uploaded, it is not possible to remove it without replacing it with another image.
- marketing
Url String - URL of the application's marketing page.
- notes String
- User-specified notes relevant for the management of the application.
- oauth2Post
Response BooleanRequired - Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests. Defaults to
false
, which specifies that only GET requests are allowed. - optional
Claims Property Map - An
optional_claims
block as documented below. - owners List<String>
- A list of object IDs of principals that will be granted ownership of the application
- password Property Map
A single
password
block as documented below. The password is generated during creation. By default, no password is generated.Creating a Password The
password
block supports a single password for the application, and is provided so that a password can be generated when a new application is created. This helps to make new applications available for authentication more quickly. To add additional passwords to an application, see the azuread.ApplicationPassword resource.- prevent
Duplicate BooleanNames - If
true
, will return an error if an existing application is found with the same name. Defaults tofalse
. - privacy
Statement StringUrl - URL of the application's privacy statement.
- public
Client Property Map - A
public_client
block as documented below, which configures non-web app or non-web API application settings, for example mobile or other public clients such as an installed application running on a desktop device. - required
Resource List<Property Map>Accesses - A collection of
required_resource_access
blocks as documented below. - service
Management StringReference - References application context information from a Service or Asset Management database.
- sign
In StringAudience The Microsoft account types that are supported for the current application. Must be one of
AzureADMyOrg
,AzureADMultipleOrgs
,AzureADandPersonalMicrosoftAccount
orPersonalMicrosoftAccount
. Defaults toAzureADMyOrg
.Changing
sign_in_audience
for existing applications When updating an existing application to use asign_in_audience
value ofAzureADandPersonalMicrosoftAccount
orPersonalMicrosoftAccount
, your configuration may no longer be valid. Refer to official documentation to understand the differences in supported configurations. Where possible, the provider will attempt to validate your configuration and try to avoid applying unsupported settings to your application.- single
Page Property MapApplication - A
single_page_application
block as documented below, which configures single-page application (SPA) related settings for this application. - support
Url String - URL of the application's support page.
- List<String>
A set of tags to apply to the application for configuring specific behaviours of the application and linked service principals. Note that these are not provided for use by practitioners. Cannot be used together with the
feature_tags
block.Tags and Features Azure Active Directory uses special tag values to configure the behavior of applications. These can be specified using either the
tags
property or with thefeature_tags
block. If you need to set any custom tag values not supported by thefeature_tags
block, it's recommended to use thetags
property. Tag values also propagate to any linked service principals.- template
Id String Unique ID for a templated application in the Azure AD App Gallery, from which to create the application. Changing this forces a new resource to be created.
Tip for Gallery Applications This resource can be used to instantiate a gallery application, however it will also attempt to manage the properties of the resulting application. If this is not desired, consider using the azuread.ApplicationRegistration resource instead.
- terms
Of StringService Url - URL of the application's terms of service statement.
- web Property Map
A
web
block as documented below, which configures web related settings for this application.Application Name Uniqueness Application names are not unique within Azure Active Directory. Use the
prevent_duplicate_names
argument to check for existing applications if you want to avoid name collisions.
Outputs
All input properties are implicitly available as output properties. Additionally, the Application resource produces the following output properties:
- App
Role Dictionary<string, string>Ids - A mapping of app role values to app role IDs, intended to be useful when referencing app roles in other resources in your configuration.
- Application
Id string - The Application ID (also called Client ID)
- Client
Id string - The Client ID for the application.
- Disabled
By stringMicrosoft - Whether Microsoft has disabled the registered application. If the application is disabled, this will be a string indicating the status/reason, e.g.
DisabledDueToViolationOfServicesAgreement
- Id string
- The provider-assigned unique ID for this managed resource.
- Logo
Url string - CDN URL to the application's logo, as uploaded with the
logo_image
property. - Oauth2Permission
Scope Dictionary<string, string>Ids - A mapping of OAuth2.0 permission scope values to scope IDs, intended to be useful when referencing permission scopes in other resources in your configuration.
- Object
Id string - The application's object ID.
- Publisher
Domain string - The verified publisher domain for the application.
- App
Role map[string]stringIds - A mapping of app role values to app role IDs, intended to be useful when referencing app roles in other resources in your configuration.
- Application
Id string - The Application ID (also called Client ID)
- Client
Id string - The Client ID for the application.
- Disabled
By stringMicrosoft - Whether Microsoft has disabled the registered application. If the application is disabled, this will be a string indicating the status/reason, e.g.
DisabledDueToViolationOfServicesAgreement
- Id string
- The provider-assigned unique ID for this managed resource.
- Logo
Url string - CDN URL to the application's logo, as uploaded with the
logo_image
property. - Oauth2Permission
Scope map[string]stringIds - A mapping of OAuth2.0 permission scope values to scope IDs, intended to be useful when referencing permission scopes in other resources in your configuration.
- Object
Id string - The application's object ID.
- Publisher
Domain string - The verified publisher domain for the application.
- app
Role Map<String,String>Ids - A mapping of app role values to app role IDs, intended to be useful when referencing app roles in other resources in your configuration.
- application
Id String - The Application ID (also called Client ID)
- client
Id String - The Client ID for the application.
- disabled
By StringMicrosoft - Whether Microsoft has disabled the registered application. If the application is disabled, this will be a string indicating the status/reason, e.g.
DisabledDueToViolationOfServicesAgreement
- id String
- The provider-assigned unique ID for this managed resource.
- logo
Url String - CDN URL to the application's logo, as uploaded with the
logo_image
property. - oauth2Permission
Scope Map<String,String>Ids - A mapping of OAuth2.0 permission scope values to scope IDs, intended to be useful when referencing permission scopes in other resources in your configuration.
- object
Id String - The application's object ID.
- publisher
Domain String - The verified publisher domain for the application.
- app
Role {[key: string]: string}Ids - A mapping of app role values to app role IDs, intended to be useful when referencing app roles in other resources in your configuration.
- application
Id string - The Application ID (also called Client ID)
- client
Id string - The Client ID for the application.
- disabled
By stringMicrosoft - Whether Microsoft has disabled the registered application. If the application is disabled, this will be a string indicating the status/reason, e.g.
DisabledDueToViolationOfServicesAgreement
- id string
- The provider-assigned unique ID for this managed resource.
- logo
Url string - CDN URL to the application's logo, as uploaded with the
logo_image
property. - oauth2Permission
Scope {[key: string]: string}Ids - A mapping of OAuth2.0 permission scope values to scope IDs, intended to be useful when referencing permission scopes in other resources in your configuration.
- object
Id string - The application's object ID.
- publisher
Domain string - The verified publisher domain for the application.
- app_
role_ Mapping[str, str]ids - A mapping of app role values to app role IDs, intended to be useful when referencing app roles in other resources in your configuration.
- application_
id str - The Application ID (also called Client ID)
- client_
id str - The Client ID for the application.
- disabled_
by_ strmicrosoft - Whether Microsoft has disabled the registered application. If the application is disabled, this will be a string indicating the status/reason, e.g.
DisabledDueToViolationOfServicesAgreement
- id str
- The provider-assigned unique ID for this managed resource.
- logo_
url str - CDN URL to the application's logo, as uploaded with the
logo_image
property. - oauth2_
permission_ Mapping[str, str]scope_ ids - A mapping of OAuth2.0 permission scope values to scope IDs, intended to be useful when referencing permission scopes in other resources in your configuration.
- object_
id str - The application's object ID.
- publisher_
domain str - The verified publisher domain for the application.
- app
Role Map<String>Ids - A mapping of app role values to app role IDs, intended to be useful when referencing app roles in other resources in your configuration.
- application
Id String - The Application ID (also called Client ID)
- client
Id String - The Client ID for the application.
- disabled
By StringMicrosoft - Whether Microsoft has disabled the registered application. If the application is disabled, this will be a string indicating the status/reason, e.g.
DisabledDueToViolationOfServicesAgreement
- id String
- The provider-assigned unique ID for this managed resource.
- logo
Url String - CDN URL to the application's logo, as uploaded with the
logo_image
property. - oauth2Permission
Scope Map<String>Ids - A mapping of OAuth2.0 permission scope values to scope IDs, intended to be useful when referencing permission scopes in other resources in your configuration.
- object
Id String - The application's object ID.
- publisher
Domain String - The verified publisher domain for the application.
Look up Existing Application Resource
Get an existing Application resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ApplicationState, opts?: CustomResourceOptions): Application
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
api: Optional[ApplicationApiArgs] = None,
app_role_ids: Optional[Mapping[str, str]] = None,
app_roles: Optional[Sequence[ApplicationAppRoleArgs]] = None,
application_id: Optional[str] = None,
client_id: Optional[str] = None,
description: Optional[str] = None,
device_only_auth_enabled: Optional[bool] = None,
disabled_by_microsoft: Optional[str] = None,
display_name: Optional[str] = None,
fallback_public_client_enabled: Optional[bool] = None,
feature_tags: Optional[Sequence[ApplicationFeatureTagArgs]] = None,
group_membership_claims: Optional[Sequence[str]] = None,
identifier_uris: Optional[Sequence[str]] = None,
logo_image: Optional[str] = None,
logo_url: Optional[str] = None,
marketing_url: Optional[str] = None,
notes: Optional[str] = None,
oauth2_permission_scope_ids: Optional[Mapping[str, str]] = None,
oauth2_post_response_required: Optional[bool] = None,
object_id: Optional[str] = None,
optional_claims: Optional[ApplicationOptionalClaimsArgs] = None,
owners: Optional[Sequence[str]] = None,
password: Optional[ApplicationPasswordArgs] = None,
prevent_duplicate_names: Optional[bool] = None,
privacy_statement_url: Optional[str] = None,
public_client: Optional[ApplicationPublicClientArgs] = None,
publisher_domain: Optional[str] = None,
required_resource_accesses: Optional[Sequence[ApplicationRequiredResourceAccessArgs]] = None,
service_management_reference: Optional[str] = None,
sign_in_audience: Optional[str] = None,
single_page_application: Optional[ApplicationSinglePageApplicationArgs] = None,
support_url: Optional[str] = None,
tags: Optional[Sequence[str]] = None,
template_id: Optional[str] = None,
terms_of_service_url: Optional[str] = None,
web: Optional[ApplicationWebArgs] = None) -> Application
func GetApplication(ctx *Context, name string, id IDInput, state *ApplicationState, opts ...ResourceOption) (*Application, error)
public static Application Get(string name, Input<string> id, ApplicationState? state, CustomResourceOptions? opts = null)
public static Application get(String name, Output<String> id, ApplicationState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Api
Pulumi.
Azure AD. Inputs. Application Api - An
api
block as documented below, which configures API related settings for this application. - App
Role Dictionary<string, string>Ids - A mapping of app role values to app role IDs, intended to be useful when referencing app roles in other resources in your configuration.
- App
Roles List<Pulumi.Azure AD. Inputs. Application App Role> - A collection of
app_role
blocks as documented below. For more information see official documentation on Application Roles. - Application
Id string - The Application ID (also called Client ID)
- Client
Id string - The Client ID for the application.
- Description string
- A description of the application, as shown to end users.
- Device
Only boolAuth Enabled - Specifies whether this application supports device authentication without a user. Defaults to
false
. - Disabled
By stringMicrosoft - Whether Microsoft has disabled the registered application. If the application is disabled, this will be a string indicating the status/reason, e.g.
DisabledDueToViolationOfServicesAgreement
- Display
Name string - The display name for the application.
- Fallback
Public boolClient Enabled - Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI. Defaults to
false
. - List<Pulumi.
Azure AD. Inputs. Application Feature Tag> A
feature_tags
block as described below. Cannot be used together with thetags
property.Features and Tags Features are configured for an application using tags, and are provided as a shortcut to set the corresponding magic tag value for each feature. You cannot configure
feature_tags
andtags
for an application at the same time, so if you need to assign additional custom tags it's recommended to use thetags
property instead. Tag values also propagate to any linked service principals.- Group
Membership List<string>Claims - A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are
None
,SecurityGroup
,DirectoryRole
,ApplicationGroup
orAll
. - Identifier
Uris List<string> - A set of user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant.
- Logo
Image string - A logo image to upload for the application, as a raw base64-encoded string. The image should be in gif, jpeg or png format. Note that once an image has been uploaded, it is not possible to remove it without replacing it with another image.
- Logo
Url string - CDN URL to the application's logo, as uploaded with the
logo_image
property. - Marketing
Url string - URL of the application's marketing page.
- Notes string
- User-specified notes relevant for the management of the application.
- Oauth2Permission
Scope Dictionary<string, string>Ids - A mapping of OAuth2.0 permission scope values to scope IDs, intended to be useful when referencing permission scopes in other resources in your configuration.
- Oauth2Post
Response boolRequired - Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests. Defaults to
false
, which specifies that only GET requests are allowed. - Object
Id string - The application's object ID.
- Optional
Claims Pulumi.Azure AD. Inputs. Application Optional Claims - An
optional_claims
block as documented below. - Owners List<string>
- A list of object IDs of principals that will be granted ownership of the application
- Password
Pulumi.
Azure AD. Inputs. Application Password A single
password
block as documented below. The password is generated during creation. By default, no password is generated.Creating a Password The
password
block supports a single password for the application, and is provided so that a password can be generated when a new application is created. This helps to make new applications available for authentication more quickly. To add additional passwords to an application, see the azuread.ApplicationPassword resource.- Prevent
Duplicate boolNames - If
true
, will return an error if an existing application is found with the same name. Defaults tofalse
. - Privacy
Statement stringUrl - URL of the application's privacy statement.
- Public
Client Pulumi.Azure AD. Inputs. Application Public Client - A
public_client
block as documented below, which configures non-web app or non-web API application settings, for example mobile or other public clients such as an installed application running on a desktop device. - Publisher
Domain string - The verified publisher domain for the application.
- Required
Resource List<Pulumi.Accesses Azure AD. Inputs. Application Required Resource Access> - A collection of
required_resource_access
blocks as documented below. - Service
Management stringReference - References application context information from a Service or Asset Management database.
- Sign
In stringAudience The Microsoft account types that are supported for the current application. Must be one of
AzureADMyOrg
,AzureADMultipleOrgs
,AzureADandPersonalMicrosoftAccount
orPersonalMicrosoftAccount
. Defaults toAzureADMyOrg
.Changing
sign_in_audience
for existing applications When updating an existing application to use asign_in_audience
value ofAzureADandPersonalMicrosoftAccount
orPersonalMicrosoftAccount
, your configuration may no longer be valid. Refer to official documentation to understand the differences in supported configurations. Where possible, the provider will attempt to validate your configuration and try to avoid applying unsupported settings to your application.- Single
Page Pulumi.Application Azure AD. Inputs. Application Single Page Application - A
single_page_application
block as documented below, which configures single-page application (SPA) related settings for this application. - Support
Url string - URL of the application's support page.
- List<string>
A set of tags to apply to the application for configuring specific behaviours of the application and linked service principals. Note that these are not provided for use by practitioners. Cannot be used together with the
feature_tags
block.Tags and Features Azure Active Directory uses special tag values to configure the behavior of applications. These can be specified using either the
tags
property or with thefeature_tags
block. If you need to set any custom tag values not supported by thefeature_tags
block, it's recommended to use thetags
property. Tag values also propagate to any linked service principals.- Template
Id string Unique ID for a templated application in the Azure AD App Gallery, from which to create the application. Changing this forces a new resource to be created.
Tip for Gallery Applications This resource can be used to instantiate a gallery application, however it will also attempt to manage the properties of the resulting application. If this is not desired, consider using the azuread.ApplicationRegistration resource instead.
- Terms
Of stringService Url - URL of the application's terms of service statement.
- Web
Pulumi.
Azure AD. Inputs. Application Web A
web
block as documented below, which configures web related settings for this application.Application Name Uniqueness Application names are not unique within Azure Active Directory. Use the
prevent_duplicate_names
argument to check for existing applications if you want to avoid name collisions.
- Api
Application
Api Args - An
api
block as documented below, which configures API related settings for this application. - App
Role map[string]stringIds - A mapping of app role values to app role IDs, intended to be useful when referencing app roles in other resources in your configuration.
- App
Roles []ApplicationApp Role Type Args - A collection of
app_role
blocks as documented below. For more information see official documentation on Application Roles. - Application
Id string - The Application ID (also called Client ID)
- Client
Id string - The Client ID for the application.
- Description string
- A description of the application, as shown to end users.
- Device
Only boolAuth Enabled - Specifies whether this application supports device authentication without a user. Defaults to
false
. - Disabled
By stringMicrosoft - Whether Microsoft has disabled the registered application. If the application is disabled, this will be a string indicating the status/reason, e.g.
DisabledDueToViolationOfServicesAgreement
- Display
Name string - The display name for the application.
- Fallback
Public boolClient Enabled - Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI. Defaults to
false
. - []Application
Feature Tag Args A
feature_tags
block as described below. Cannot be used together with thetags
property.Features and Tags Features are configured for an application using tags, and are provided as a shortcut to set the corresponding magic tag value for each feature. You cannot configure
feature_tags
andtags
for an application at the same time, so if you need to assign additional custom tags it's recommended to use thetags
property instead. Tag values also propagate to any linked service principals.- Group
Membership []stringClaims - A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are
None
,SecurityGroup
,DirectoryRole
,ApplicationGroup
orAll
. - Identifier
Uris []string - A set of user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant.
- Logo
Image string - A logo image to upload for the application, as a raw base64-encoded string. The image should be in gif, jpeg or png format. Note that once an image has been uploaded, it is not possible to remove it without replacing it with another image.
- Logo
Url string - CDN URL to the application's logo, as uploaded with the
logo_image
property. - Marketing
Url string - URL of the application's marketing page.
- Notes string
- User-specified notes relevant for the management of the application.
- Oauth2Permission
Scope map[string]stringIds - A mapping of OAuth2.0 permission scope values to scope IDs, intended to be useful when referencing permission scopes in other resources in your configuration.
- Oauth2Post
Response boolRequired - Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests. Defaults to
false
, which specifies that only GET requests are allowed. - Object
Id string - The application's object ID.
- Optional
Claims ApplicationOptional Claims Type Args - An
optional_claims
block as documented below. - Owners []string
- A list of object IDs of principals that will be granted ownership of the application
- Password
Application
Password Type Args A single
password
block as documented below. The password is generated during creation. By default, no password is generated.Creating a Password The
password
block supports a single password for the application, and is provided so that a password can be generated when a new application is created. This helps to make new applications available for authentication more quickly. To add additional passwords to an application, see the azuread.ApplicationPassword resource.- Prevent
Duplicate boolNames - If
true
, will return an error if an existing application is found with the same name. Defaults tofalse
. - Privacy
Statement stringUrl - URL of the application's privacy statement.
- Public
Client ApplicationPublic Client Args - A
public_client
block as documented below, which configures non-web app or non-web API application settings, for example mobile or other public clients such as an installed application running on a desktop device. - Publisher
Domain string - The verified publisher domain for the application.
- Required
Resource []ApplicationAccesses Required Resource Access Args - A collection of
required_resource_access
blocks as documented below. - Service
Management stringReference - References application context information from a Service or Asset Management database.
- Sign
In stringAudience The Microsoft account types that are supported for the current application. Must be one of
AzureADMyOrg
,AzureADMultipleOrgs
,AzureADandPersonalMicrosoftAccount
orPersonalMicrosoftAccount
. Defaults toAzureADMyOrg
.Changing
sign_in_audience
for existing applications When updating an existing application to use asign_in_audience
value ofAzureADandPersonalMicrosoftAccount
orPersonalMicrosoftAccount
, your configuration may no longer be valid. Refer to official documentation to understand the differences in supported configurations. Where possible, the provider will attempt to validate your configuration and try to avoid applying unsupported settings to your application.- Single
Page ApplicationApplication Single Page Application Args - A
single_page_application
block as documented below, which configures single-page application (SPA) related settings for this application. - Support
Url string - URL of the application's support page.
- []string
A set of tags to apply to the application for configuring specific behaviours of the application and linked service principals. Note that these are not provided for use by practitioners. Cannot be used together with the
feature_tags
block.Tags and Features Azure Active Directory uses special tag values to configure the behavior of applications. These can be specified using either the
tags
property or with thefeature_tags
block. If you need to set any custom tag values not supported by thefeature_tags
block, it's recommended to use thetags
property. Tag values also propagate to any linked service principals.- Template
Id string Unique ID for a templated application in the Azure AD App Gallery, from which to create the application. Changing this forces a new resource to be created.
Tip for Gallery Applications This resource can be used to instantiate a gallery application, however it will also attempt to manage the properties of the resulting application. If this is not desired, consider using the azuread.ApplicationRegistration resource instead.
- Terms
Of stringService Url - URL of the application's terms of service statement.
- Web
Application
Web Args A
web
block as documented below, which configures web related settings for this application.Application Name Uniqueness Application names are not unique within Azure Active Directory. Use the
prevent_duplicate_names
argument to check for existing applications if you want to avoid name collisions.
- api
Application
Api - An
api
block as documented below, which configures API related settings for this application. - app
Role Map<String,String>Ids - A mapping of app role values to app role IDs, intended to be useful when referencing app roles in other resources in your configuration.
- app
Roles List<ApplicationApp Role> - A collection of
app_role
blocks as documented below. For more information see official documentation on Application Roles. - application
Id String - The Application ID (also called Client ID)
- client
Id String - The Client ID for the application.
- description String
- A description of the application, as shown to end users.
- device
Only BooleanAuth Enabled - Specifies whether this application supports device authentication without a user. Defaults to
false
. - disabled
By StringMicrosoft - Whether Microsoft has disabled the registered application. If the application is disabled, this will be a string indicating the status/reason, e.g.
DisabledDueToViolationOfServicesAgreement
- display
Name String - The display name for the application.
- fallback
Public BooleanClient Enabled - Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI. Defaults to
false
. - List<Application
Feature Tag> A
feature_tags
block as described below. Cannot be used together with thetags
property.Features and Tags Features are configured for an application using tags, and are provided as a shortcut to set the corresponding magic tag value for each feature. You cannot configure
feature_tags
andtags
for an application at the same time, so if you need to assign additional custom tags it's recommended to use thetags
property instead. Tag values also propagate to any linked service principals.- group
Membership List<String>Claims - A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are
None
,SecurityGroup
,DirectoryRole
,ApplicationGroup
orAll
. - identifier
Uris List<String> - A set of user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant.
- logo
Image String - A logo image to upload for the application, as a raw base64-encoded string. The image should be in gif, jpeg or png format. Note that once an image has been uploaded, it is not possible to remove it without replacing it with another image.
- logo
Url String - CDN URL to the application's logo, as uploaded with the
logo_image
property. - marketing
Url String - URL of the application's marketing page.
- notes String
- User-specified notes relevant for the management of the application.
- oauth2Permission
Scope Map<String,String>Ids - A mapping of OAuth2.0 permission scope values to scope IDs, intended to be useful when referencing permission scopes in other resources in your configuration.
- oauth2Post
Response BooleanRequired - Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests. Defaults to
false
, which specifies that only GET requests are allowed. - object
Id String - The application's object ID.
- optional
Claims ApplicationOptional Claims - An
optional_claims
block as documented below. - owners List<String>
- A list of object IDs of principals that will be granted ownership of the application
- password
Application
Password A single
password
block as documented below. The password is generated during creation. By default, no password is generated.Creating a Password The
password
block supports a single password for the application, and is provided so that a password can be generated when a new application is created. This helps to make new applications available for authentication more quickly. To add additional passwords to an application, see the azuread.ApplicationPassword resource.- prevent
Duplicate BooleanNames - If
true
, will return an error if an existing application is found with the same name. Defaults tofalse
. - privacy
Statement StringUrl - URL of the application's privacy statement.
- public
Client ApplicationPublic Client - A
public_client
block as documented below, which configures non-web app or non-web API application settings, for example mobile or other public clients such as an installed application running on a desktop device. - publisher
Domain String - The verified publisher domain for the application.
- required
Resource List<ApplicationAccesses Required Resource Access> - A collection of
required_resource_access
blocks as documented below. - service
Management StringReference - References application context information from a Service or Asset Management database.
- sign
In StringAudience The Microsoft account types that are supported for the current application. Must be one of
AzureADMyOrg
,AzureADMultipleOrgs
,AzureADandPersonalMicrosoftAccount
orPersonalMicrosoftAccount
. Defaults toAzureADMyOrg
.Changing
sign_in_audience
for existing applications When updating an existing application to use asign_in_audience
value ofAzureADandPersonalMicrosoftAccount
orPersonalMicrosoftAccount
, your configuration may no longer be valid. Refer to official documentation to understand the differences in supported configurations. Where possible, the provider will attempt to validate your configuration and try to avoid applying unsupported settings to your application.- single
Page ApplicationApplication Single Page Application - A
single_page_application
block as documented below, which configures single-page application (SPA) related settings for this application. - support
Url String - URL of the application's support page.
- List<String>
A set of tags to apply to the application for configuring specific behaviours of the application and linked service principals. Note that these are not provided for use by practitioners. Cannot be used together with the
feature_tags
block.Tags and Features Azure Active Directory uses special tag values to configure the behavior of applications. These can be specified using either the
tags
property or with thefeature_tags
block. If you need to set any custom tag values not supported by thefeature_tags
block, it's recommended to use thetags
property. Tag values also propagate to any linked service principals.- template
Id String Unique ID for a templated application in the Azure AD App Gallery, from which to create the application. Changing this forces a new resource to be created.
Tip for Gallery Applications This resource can be used to instantiate a gallery application, however it will also attempt to manage the properties of the resulting application. If this is not desired, consider using the azuread.ApplicationRegistration resource instead.
- terms
Of StringService Url - URL of the application's terms of service statement.
- web
Application
Web A
web
block as documented below, which configures web related settings for this application.Application Name Uniqueness Application names are not unique within Azure Active Directory. Use the
prevent_duplicate_names
argument to check for existing applications if you want to avoid name collisions.
- api
Application
Api - An
api
block as documented below, which configures API related settings for this application. - app
Role {[key: string]: string}Ids - A mapping of app role values to app role IDs, intended to be useful when referencing app roles in other resources in your configuration.
- app
Roles ApplicationApp Role[] - A collection of
app_role
blocks as documented below. For more information see official documentation on Application Roles. - application
Id string - The Application ID (also called Client ID)
- client
Id string - The Client ID for the application.
- description string
- A description of the application, as shown to end users.
- device
Only booleanAuth Enabled - Specifies whether this application supports device authentication without a user. Defaults to
false
. - disabled
By stringMicrosoft - Whether Microsoft has disabled the registered application. If the application is disabled, this will be a string indicating the status/reason, e.g.
DisabledDueToViolationOfServicesAgreement
- display
Name string - The display name for the application.
- fallback
Public booleanClient Enabled - Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI. Defaults to
false
. - Application
Feature Tag[] A
feature_tags
block as described below. Cannot be used together with thetags
property.Features and Tags Features are configured for an application using tags, and are provided as a shortcut to set the corresponding magic tag value for each feature. You cannot configure
feature_tags
andtags
for an application at the same time, so if you need to assign additional custom tags it's recommended to use thetags
property instead. Tag values also propagate to any linked service principals.- group
Membership string[]Claims - A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are
None
,SecurityGroup
,DirectoryRole
,ApplicationGroup
orAll
. - identifier
Uris string[] - A set of user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant.
- logo
Image string - A logo image to upload for the application, as a raw base64-encoded string. The image should be in gif, jpeg or png format. Note that once an image has been uploaded, it is not possible to remove it without replacing it with another image.
- logo
Url string - CDN URL to the application's logo, as uploaded with the
logo_image
property. - marketing
Url string - URL of the application's marketing page.
- notes string
- User-specified notes relevant for the management of the application.
- oauth2Permission
Scope {[key: string]: string}Ids - A mapping of OAuth2.0 permission scope values to scope IDs, intended to be useful when referencing permission scopes in other resources in your configuration.
- oauth2Post
Response booleanRequired - Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests. Defaults to
false
, which specifies that only GET requests are allowed. - object
Id string - The application's object ID.
- optional
Claims ApplicationOptional Claims - An
optional_claims
block as documented below. - owners string[]
- A list of object IDs of principals that will be granted ownership of the application
- password
Application
Password A single
password
block as documented below. The password is generated during creation. By default, no password is generated.Creating a Password The
password
block supports a single password for the application, and is provided so that a password can be generated when a new application is created. This helps to make new applications available for authentication more quickly. To add additional passwords to an application, see the azuread.ApplicationPassword resource.- prevent
Duplicate booleanNames - If
true
, will return an error if an existing application is found with the same name. Defaults tofalse
. - privacy
Statement stringUrl - URL of the application's privacy statement.
- public
Client ApplicationPublic Client - A
public_client
block as documented below, which configures non-web app or non-web API application settings, for example mobile or other public clients such as an installed application running on a desktop device. - publisher
Domain string - The verified publisher domain for the application.
- required
Resource ApplicationAccesses Required Resource Access[] - A collection of
required_resource_access
blocks as documented below. - service
Management stringReference - References application context information from a Service or Asset Management database.
- sign
In stringAudience The Microsoft account types that are supported for the current application. Must be one of
AzureADMyOrg
,AzureADMultipleOrgs
,AzureADandPersonalMicrosoftAccount
orPersonalMicrosoftAccount
. Defaults toAzureADMyOrg
.Changing
sign_in_audience
for existing applications When updating an existing application to use asign_in_audience
value ofAzureADandPersonalMicrosoftAccount
orPersonalMicrosoftAccount
, your configuration may no longer be valid. Refer to official documentation to understand the differences in supported configurations. Where possible, the provider will attempt to validate your configuration and try to avoid applying unsupported settings to your application.- single
Page ApplicationApplication Single Page Application - A
single_page_application
block as documented below, which configures single-page application (SPA) related settings for this application. - support
Url string - URL of the application's support page.
- string[]
A set of tags to apply to the application for configuring specific behaviours of the application and linked service principals. Note that these are not provided for use by practitioners. Cannot be used together with the
feature_tags
block.Tags and Features Azure Active Directory uses special tag values to configure the behavior of applications. These can be specified using either the
tags
property or with thefeature_tags
block. If you need to set any custom tag values not supported by thefeature_tags
block, it's recommended to use thetags
property. Tag values also propagate to any linked service principals.- template
Id string Unique ID for a templated application in the Azure AD App Gallery, from which to create the application. Changing this forces a new resource to be created.
Tip for Gallery Applications This resource can be used to instantiate a gallery application, however it will also attempt to manage the properties of the resulting application. If this is not desired, consider using the azuread.ApplicationRegistration resource instead.
- terms
Of stringService Url - URL of the application's terms of service statement.
- web
Application
Web A
web
block as documented below, which configures web related settings for this application.Application Name Uniqueness Application names are not unique within Azure Active Directory. Use the
prevent_duplicate_names
argument to check for existing applications if you want to avoid name collisions.
- api
Application
Api Args - An
api
block as documented below, which configures API related settings for this application. - app_
role_ Mapping[str, str]ids - A mapping of app role values to app role IDs, intended to be useful when referencing app roles in other resources in your configuration.
- app_
roles Sequence[ApplicationApp Role Args] - A collection of
app_role
blocks as documented below. For more information see official documentation on Application Roles. - application_
id str - The Application ID (also called Client ID)
- client_
id str - The Client ID for the application.
- description str
- A description of the application, as shown to end users.
- device_
only_ boolauth_ enabled - Specifies whether this application supports device authentication without a user. Defaults to
false
. - disabled_
by_ strmicrosoft - Whether Microsoft has disabled the registered application. If the application is disabled, this will be a string indicating the status/reason, e.g.
DisabledDueToViolationOfServicesAgreement
- display_
name str - The display name for the application.
- fallback_
public_ boolclient_ enabled - Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI. Defaults to
false
. - Sequence[Application
Feature Tag Args] A
feature_tags
block as described below. Cannot be used together with thetags
property.Features and Tags Features are configured for an application using tags, and are provided as a shortcut to set the corresponding magic tag value for each feature. You cannot configure
feature_tags
andtags
for an application at the same time, so if you need to assign additional custom tags it's recommended to use thetags
property instead. Tag values also propagate to any linked service principals.- group_
membership_ Sequence[str]claims - A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are
None
,SecurityGroup
,DirectoryRole
,ApplicationGroup
orAll
. - identifier_
uris Sequence[str] - A set of user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant.
- logo_
image str - A logo image to upload for the application, as a raw base64-encoded string. The image should be in gif, jpeg or png format. Note that once an image has been uploaded, it is not possible to remove it without replacing it with another image.
- logo_
url str - CDN URL to the application's logo, as uploaded with the
logo_image
property. - marketing_
url str - URL of the application's marketing page.
- notes str
- User-specified notes relevant for the management of the application.
- oauth2_
permission_ Mapping[str, str]scope_ ids - A mapping of OAuth2.0 permission scope values to scope IDs, intended to be useful when referencing permission scopes in other resources in your configuration.
- oauth2_
post_ boolresponse_ required - Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests. Defaults to
false
, which specifies that only GET requests are allowed. - object_
id str - The application's object ID.
- optional_
claims ApplicationOptional Claims Args - An
optional_claims
block as documented below. - owners Sequence[str]
- A list of object IDs of principals that will be granted ownership of the application
- password
Application
Password Args A single
password
block as documented below. The password is generated during creation. By default, no password is generated.Creating a Password The
password
block supports a single password for the application, and is provided so that a password can be generated when a new application is created. This helps to make new applications available for authentication more quickly. To add additional passwords to an application, see the azuread.ApplicationPassword resource.- prevent_
duplicate_ boolnames - If
true
, will return an error if an existing application is found with the same name. Defaults tofalse
. - privacy_
statement_ strurl - URL of the application's privacy statement.
- public_
client ApplicationPublic Client Args - A
public_client
block as documented below, which configures non-web app or non-web API application settings, for example mobile or other public clients such as an installed application running on a desktop device. - publisher_
domain str - The verified publisher domain for the application.
- required_
resource_ Sequence[Applicationaccesses Required Resource Access Args] - A collection of
required_resource_access
blocks as documented below. - service_
management_ strreference - References application context information from a Service or Asset Management database.
- sign_
in_ straudience The Microsoft account types that are supported for the current application. Must be one of
AzureADMyOrg
,AzureADMultipleOrgs
,AzureADandPersonalMicrosoftAccount
orPersonalMicrosoftAccount
. Defaults toAzureADMyOrg
.Changing
sign_in_audience
for existing applications When updating an existing application to use asign_in_audience
value ofAzureADandPersonalMicrosoftAccount
orPersonalMicrosoftAccount
, your configuration may no longer be valid. Refer to official documentation to understand the differences in supported configurations. Where possible, the provider will attempt to validate your configuration and try to avoid applying unsupported settings to your application.- single_
page_ Applicationapplication Single Page Application Args - A
single_page_application
block as documented below, which configures single-page application (SPA) related settings for this application. - support_
url str - URL of the application's support page.
- Sequence[str]
A set of tags to apply to the application for configuring specific behaviours of the application and linked service principals. Note that these are not provided for use by practitioners. Cannot be used together with the
feature_tags
block.Tags and Features Azure Active Directory uses special tag values to configure the behavior of applications. These can be specified using either the
tags
property or with thefeature_tags
block. If you need to set any custom tag values not supported by thefeature_tags
block, it's recommended to use thetags
property. Tag values also propagate to any linked service principals.- template_
id str Unique ID for a templated application in the Azure AD App Gallery, from which to create the application. Changing this forces a new resource to be created.
Tip for Gallery Applications This resource can be used to instantiate a gallery application, however it will also attempt to manage the properties of the resulting application. If this is not desired, consider using the azuread.ApplicationRegistration resource instead.
- terms_
of_ strservice_ url - URL of the application's terms of service statement.
- web
Application
Web Args A
web
block as documented below, which configures web related settings for this application.Application Name Uniqueness Application names are not unique within Azure Active Directory. Use the
prevent_duplicate_names
argument to check for existing applications if you want to avoid name collisions.
- api Property Map
- An
api
block as documented below, which configures API related settings for this application. - app
Role Map<String>Ids - A mapping of app role values to app role IDs, intended to be useful when referencing app roles in other resources in your configuration.
- app
Roles List<Property Map> - A collection of
app_role
blocks as documented below. For more information see official documentation on Application Roles. - application
Id String - The Application ID (also called Client ID)
- client
Id String - The Client ID for the application.
- description String
- A description of the application, as shown to end users.
- device
Only BooleanAuth Enabled - Specifies whether this application supports device authentication without a user. Defaults to
false
. - disabled
By StringMicrosoft - Whether Microsoft has disabled the registered application. If the application is disabled, this will be a string indicating the status/reason, e.g.
DisabledDueToViolationOfServicesAgreement
- display
Name String - The display name for the application.
- fallback
Public BooleanClient Enabled - Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI. Defaults to
false
. - List<Property Map>
A
feature_tags
block as described below. Cannot be used together with thetags
property.Features and Tags Features are configured for an application using tags, and are provided as a shortcut to set the corresponding magic tag value for each feature. You cannot configure
feature_tags
andtags
for an application at the same time, so if you need to assign additional custom tags it's recommended to use thetags
property instead. Tag values also propagate to any linked service principals.- group
Membership List<String>Claims - A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are
None
,SecurityGroup
,DirectoryRole
,ApplicationGroup
orAll
. - identifier
Uris List<String> - A set of user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant.
- logo
Image String - A logo image to upload for the application, as a raw base64-encoded string. The image should be in gif, jpeg or png format. Note that once an image has been uploaded, it is not possible to remove it without replacing it with another image.
- logo
Url String - CDN URL to the application's logo, as uploaded with the
logo_image
property. - marketing
Url String - URL of the application's marketing page.
- notes String
- User-specified notes relevant for the management of the application.
- oauth2Permission
Scope Map<String>Ids - A mapping of OAuth2.0 permission scope values to scope IDs, intended to be useful when referencing permission scopes in other resources in your configuration.
- oauth2Post
Response BooleanRequired - Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests. Defaults to
false
, which specifies that only GET requests are allowed. - object
Id String - The application's object ID.
- optional
Claims Property Map - An
optional_claims
block as documented below. - owners List<String>
- A list of object IDs of principals that will be granted ownership of the application
- password Property Map
A single
password
block as documented below. The password is generated during creation. By default, no password is generated.Creating a Password The
password
block supports a single password for the application, and is provided so that a password can be generated when a new application is created. This helps to make new applications available for authentication more quickly. To add additional passwords to an application, see the azuread.ApplicationPassword resource.- prevent
Duplicate BooleanNames - If
true
, will return an error if an existing application is found with the same name. Defaults tofalse
. - privacy
Statement StringUrl - URL of the application's privacy statement.
- public
Client Property Map - A
public_client
block as documented below, which configures non-web app or non-web API application settings, for example mobile or other public clients such as an installed application running on a desktop device. - publisher
Domain String - The verified publisher domain for the application.
- required
Resource List<Property Map>Accesses - A collection of
required_resource_access
blocks as documented below. - service
Management StringReference - References application context information from a Service or Asset Management database.
- sign
In StringAudience The Microsoft account types that are supported for the current application. Must be one of
AzureADMyOrg
,AzureADMultipleOrgs
,AzureADandPersonalMicrosoftAccount
orPersonalMicrosoftAccount
. Defaults toAzureADMyOrg
.Changing
sign_in_audience
for existing applications When updating an existing application to use asign_in_audience
value ofAzureADandPersonalMicrosoftAccount
orPersonalMicrosoftAccount
, your configuration may no longer be valid. Refer to official documentation to understand the differences in supported configurations. Where possible, the provider will attempt to validate your configuration and try to avoid applying unsupported settings to your application.- single
Page Property MapApplication - A
single_page_application
block as documented below, which configures single-page application (SPA) related settings for this application. - support
Url String - URL of the application's support page.
- List<String>
A set of tags to apply to the application for configuring specific behaviours of the application and linked service principals. Note that these are not provided for use by practitioners. Cannot be used together with the
feature_tags
block.Tags and Features Azure Active Directory uses special tag values to configure the behavior of applications. These can be specified using either the
tags
property or with thefeature_tags
block. If you need to set any custom tag values not supported by thefeature_tags
block, it's recommended to use thetags
property. Tag values also propagate to any linked service principals.- template
Id String Unique ID for a templated application in the Azure AD App Gallery, from which to create the application. Changing this forces a new resource to be created.
Tip for Gallery Applications This resource can be used to instantiate a gallery application, however it will also attempt to manage the properties of the resulting application. If this is not desired, consider using the azuread.ApplicationRegistration resource instead.
- terms
Of StringService Url - URL of the application's terms of service statement.
- web Property Map
A
web
block as documented below, which configures web related settings for this application.Application Name Uniqueness Application names are not unique within Azure Active Directory. Use the
prevent_duplicate_names
argument to check for existing applications if you want to avoid name collisions.
Supporting Types
ApplicationApi, ApplicationApiArgs
- Known
Client List<string>Applications - A set of application IDs (client IDs), used for bundling consent if you have a solution that contains two parts: a client app and a custom web API app.
- Mapped
Claims boolEnabled - Allows an application to use claims mapping without specifying a custom signing key. Defaults to
false
. - Oauth2Permission
Scopes List<Pulumi.Azure AD. Inputs. Application Api Oauth2Permission Scope> - One or more
oauth2_permission_scope
blocks as documented below, to describe delegated permissions exposed by the web API represented by this application. - Requested
Access intToken Version - The access token version expected by this resource. Must be one of
1
or2
, and must be2
whensign_in_audience
is eitherAzureADandPersonalMicrosoftAccount
orPersonalMicrosoftAccount
Defaults to1
.
- Known
Client []stringApplications - A set of application IDs (client IDs), used for bundling consent if you have a solution that contains two parts: a client app and a custom web API app.
- Mapped
Claims boolEnabled - Allows an application to use claims mapping without specifying a custom signing key. Defaults to
false
. - Oauth2Permission
Scopes []ApplicationApi Oauth2Permission Scope - One or more
oauth2_permission_scope
blocks as documented below, to describe delegated permissions exposed by the web API represented by this application. - Requested
Access intToken Version - The access token version expected by this resource. Must be one of
1
or2
, and must be2
whensign_in_audience
is eitherAzureADandPersonalMicrosoftAccount
orPersonalMicrosoftAccount
Defaults to1
.
- known
Client List<String>Applications - A set of application IDs (client IDs), used for bundling consent if you have a solution that contains two parts: a client app and a custom web API app.
- mapped
Claims BooleanEnabled - Allows an application to use claims mapping without specifying a custom signing key. Defaults to
false
. - oauth2Permission
Scopes List<ApplicationApi Oauth2Permission Scope> - One or more
oauth2_permission_scope
blocks as documented below, to describe delegated permissions exposed by the web API represented by this application. - requested
Access IntegerToken Version - The access token version expected by this resource. Must be one of
1
or2
, and must be2
whensign_in_audience
is eitherAzureADandPersonalMicrosoftAccount
orPersonalMicrosoftAccount
Defaults to1
.
- known
Client string[]Applications - A set of application IDs (client IDs), used for bundling consent if you have a solution that contains two parts: a client app and a custom web API app.
- mapped
Claims booleanEnabled - Allows an application to use claims mapping without specifying a custom signing key. Defaults to
false
. - oauth2Permission
Scopes ApplicationApi Oauth2Permission Scope[] - One or more
oauth2_permission_scope
blocks as documented below, to describe delegated permissions exposed by the web API represented by this application. - requested
Access numberToken Version - The access token version expected by this resource. Must be one of
1
or2
, and must be2
whensign_in_audience
is eitherAzureADandPersonalMicrosoftAccount
orPersonalMicrosoftAccount
Defaults to1
.
- known_
client_ Sequence[str]applications - A set of application IDs (client IDs), used for bundling consent if you have a solution that contains two parts: a client app and a custom web API app.
- mapped_
claims_ boolenabled - Allows an application to use claims mapping without specifying a custom signing key. Defaults to
false
. - oauth2_
permission_ Sequence[Applicationscopes Api Oauth2Permission Scope] - One or more
oauth2_permission_scope
blocks as documented below, to describe delegated permissions exposed by the web API represented by this application. - requested_
access_ inttoken_ version - The access token version expected by this resource. Must be one of
1
or2
, and must be2
whensign_in_audience
is eitherAzureADandPersonalMicrosoftAccount
orPersonalMicrosoftAccount
Defaults to1
.
- known
Client List<String>Applications - A set of application IDs (client IDs), used for bundling consent if you have a solution that contains two parts: a client app and a custom web API app.
- mapped
Claims BooleanEnabled - Allows an application to use claims mapping without specifying a custom signing key. Defaults to
false
. - oauth2Permission
Scopes List<Property Map> - One or more
oauth2_permission_scope
blocks as documented below, to describe delegated permissions exposed by the web API represented by this application. - requested
Access NumberToken Version - The access token version expected by this resource. Must be one of
1
or2
, and must be2
whensign_in_audience
is eitherAzureADandPersonalMicrosoftAccount
orPersonalMicrosoftAccount
Defaults to1
.
ApplicationApiOauth2PermissionScope, ApplicationApiOauth2PermissionScopeArgs
- Id string
The unique identifier of the delegated permission. Must be a valid UUID.
Tip: Generating a UUID for the
id
field To generate a value for theid
field in cases where the actual UUID is not important, you can use therandom_uuid
resource. See the application example in the provider repository.- Admin
Consent stringDescription - Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users.
- Admin
Consent stringDisplay Name - Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users.
- Enabled bool
- Determines if the permission scope is enabled. Defaults to
true
. - Type string
- Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions. Defaults to
User
. Possible values areUser
orAdmin
. - User
Consent stringDescription - Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf.
- User
Consent stringDisplay Name - Display name for the delegated permission that appears in the end user consent experience.
- Value string
- The value that is used for the
scp
claim in OAuth 2.0 access tokens
- Id string
The unique identifier of the delegated permission. Must be a valid UUID.
Tip: Generating a UUID for the
id
field To generate a value for theid
field in cases where the actual UUID is not important, you can use therandom_uuid
resource. See the application example in the provider repository.- Admin
Consent stringDescription - Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users.
- Admin
Consent stringDisplay Name - Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users.
- Enabled bool
- Determines if the permission scope is enabled. Defaults to
true
. - Type string
- Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions. Defaults to
User
. Possible values areUser
orAdmin
. - User
Consent stringDescription - Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf.
- User
Consent stringDisplay Name - Display name for the delegated permission that appears in the end user consent experience.
- Value string
- The value that is used for the
scp
claim in OAuth 2.0 access tokens
- id String
The unique identifier of the delegated permission. Must be a valid UUID.
Tip: Generating a UUID for the
id
field To generate a value for theid
field in cases where the actual UUID is not important, you can use therandom_uuid
resource. See the application example in the provider repository.- admin
Consent StringDescription - Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users.
- admin
Consent StringDisplay Name - Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users.
- enabled Boolean
- Determines if the permission scope is enabled. Defaults to
true
. - type String
- Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions. Defaults to
User
. Possible values areUser
orAdmin
. - user
Consent StringDescription - Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf.
- user
Consent StringDisplay Name - Display name for the delegated permission that appears in the end user consent experience.
- value String
- The value that is used for the
scp
claim in OAuth 2.0 access tokens
- id string
The unique identifier of the delegated permission. Must be a valid UUID.
Tip: Generating a UUID for the
id
field To generate a value for theid
field in cases where the actual UUID is not important, you can use therandom_uuid
resource. See the application example in the provider repository.- admin
Consent stringDescription - Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users.
- admin
Consent stringDisplay Name - Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users.
- enabled boolean
- Determines if the permission scope is enabled. Defaults to
true
. - type string
- Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions. Defaults to
User
. Possible values areUser
orAdmin
. - user
Consent stringDescription - Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf.
- user
Consent stringDisplay Name - Display name for the delegated permission that appears in the end user consent experience.
- value string
- The value that is used for the
scp
claim in OAuth 2.0 access tokens
- id str
The unique identifier of the delegated permission. Must be a valid UUID.
Tip: Generating a UUID for the
id
field To generate a value for theid
field in cases where the actual UUID is not important, you can use therandom_uuid
resource. See the application example in the provider repository.- admin_
consent_ strdescription - Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users.
- admin_
consent_ strdisplay_ name - Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users.
- enabled bool
- Determines if the permission scope is enabled. Defaults to
true
. - type str
- Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions. Defaults to
User
. Possible values areUser
orAdmin
. - user_
consent_ strdescription - Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf.
- user_
consent_ strdisplay_ name - Display name for the delegated permission that appears in the end user consent experience.
- value str
- The value that is used for the
scp
claim in OAuth 2.0 access tokens
- id String
The unique identifier of the delegated permission. Must be a valid UUID.
Tip: Generating a UUID for the
id
field To generate a value for theid
field in cases where the actual UUID is not important, you can use therandom_uuid
resource. See the application example in the provider repository.- admin
Consent StringDescription - Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users.
- admin
Consent StringDisplay Name - Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users.
- enabled Boolean
- Determines if the permission scope is enabled. Defaults to
true
. - type String
- Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions. Defaults to
User
. Possible values areUser
orAdmin
. - user
Consent StringDescription - Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf.
- user
Consent StringDisplay Name - Display name for the delegated permission that appears in the end user consent experience.
- value String
- The value that is used for the
scp
claim in OAuth 2.0 access tokens
ApplicationAppRole, ApplicationAppRoleArgs
- Allowed
Member List<string>Types - Specifies whether this app role definition can be assigned to users and groups by setting to
User
, or to other applications (that are accessing this application in a standalone scenario) by setting toApplication
, or to both. - Description string
- Description of the app role that appears when the role is being assigned and, if the role functions as an application permissions, during the consent experiences.
- Display
Name string - Display name for the app role that appears during app role assignment and in consent experiences.
- Id string
The unique identifier of the app role. Must be a valid UUID.
Tip: Generating a UUID for the
id
field To generate a value for theid
field in cases where the actual UUID is not important, you can use therandom_uuid
resource. See the application example in the provider repository.- Enabled bool
- Determines if the app role is enabled. Defaults to
true
. - Value string
- The value that is used for the
roles
claim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal
- Allowed
Member []stringTypes - Specifies whether this app role definition can be assigned to users and groups by setting to
User
, or to other applications (that are accessing this application in a standalone scenario) by setting toApplication
, or to both. - Description string
- Description of the app role that appears when the role is being assigned and, if the role functions as an application permissions, during the consent experiences.
- Display
Name string - Display name for the app role that appears during app role assignment and in consent experiences.
- Id string
The unique identifier of the app role. Must be a valid UUID.
Tip: Generating a UUID for the
id
field To generate a value for theid
field in cases where the actual UUID is not important, you can use therandom_uuid
resource. See the application example in the provider repository.- Enabled bool
- Determines if the app role is enabled. Defaults to
true
. - Value string
- The value that is used for the
roles
claim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal
- allowed
Member List<String>Types - Specifies whether this app role definition can be assigned to users and groups by setting to
User
, or to other applications (that are accessing this application in a standalone scenario) by setting toApplication
, or to both. - description String
- Description of the app role that appears when the role is being assigned and, if the role functions as an application permissions, during the consent experiences.
- display
Name String - Display name for the app role that appears during app role assignment and in consent experiences.
- id String
The unique identifier of the app role. Must be a valid UUID.
Tip: Generating a UUID for the
id
field To generate a value for theid
field in cases where the actual UUID is not important, you can use therandom_uuid
resource. See the application example in the provider repository.- enabled Boolean
- Determines if the app role is enabled. Defaults to
true
. - value String
- The value that is used for the
roles
claim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal
- allowed
Member string[]Types - Specifies whether this app role definition can be assigned to users and groups by setting to
User
, or to other applications (that are accessing this application in a standalone scenario) by setting toApplication
, or to both. - description string
- Description of the app role that appears when the role is being assigned and, if the role functions as an application permissions, during the consent experiences.
- display
Name string - Display name for the app role that appears during app role assignment and in consent experiences.
- id string
The unique identifier of the app role. Must be a valid UUID.
Tip: Generating a UUID for the
id
field To generate a value for theid
field in cases where the actual UUID is not important, you can use therandom_uuid
resource. See the application example in the provider repository.- enabled boolean
- Determines if the app role is enabled. Defaults to
true
. - value string
- The value that is used for the
roles
claim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal
- allowed_
member_ Sequence[str]types - Specifies whether this app role definition can be assigned to users and groups by setting to
User
, or to other applications (that are accessing this application in a standalone scenario) by setting toApplication
, or to both. - description str
- Description of the app role that appears when the role is being assigned and, if the role functions as an application permissions, during the consent experiences.
- display_
name str - Display name for the app role that appears during app role assignment and in consent experiences.
- id str
The unique identifier of the app role. Must be a valid UUID.
Tip: Generating a UUID for the
id
field To generate a value for theid
field in cases where the actual UUID is not important, you can use therandom_uuid
resource. See the application example in the provider repository.- enabled bool
- Determines if the app role is enabled. Defaults to
true
. - value str
- The value that is used for the
roles
claim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal
- allowed
Member List<String>Types - Specifies whether this app role definition can be assigned to users and groups by setting to
User
, or to other applications (that are accessing this application in a standalone scenario) by setting toApplication
, or to both. - description String
- Description of the app role that appears when the role is being assigned and, if the role functions as an application permissions, during the consent experiences.
- display
Name String - Display name for the app role that appears during app role assignment and in consent experiences.
- id String
The unique identifier of the app role. Must be a valid UUID.
Tip: Generating a UUID for the
id
field To generate a value for theid
field in cases where the actual UUID is not important, you can use therandom_uuid
resource. See the application example in the provider repository.- enabled Boolean
- Determines if the app role is enabled. Defaults to
true
. - value String
- The value that is used for the
roles
claim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal
ApplicationFeatureTag, ApplicationFeatureTagArgs
- Custom
Single boolSign On - Whether this application represents a custom SAML application for linked service principals. Enabling this will assign the
WindowsAzureActiveDirectoryCustomSingleSignOnApplication
tag. Defaults tofalse
. - Enterprise bool
- Whether this application represents an Enterprise Application for linked service principals. Enabling this will assign the
WindowsAzureActiveDirectoryIntegratedApp
tag. Defaults tofalse
. - Gallery bool
- Whether this application represents a gallery application for linked service principals. Enabling this will assign the
WindowsAzureActiveDirectoryGalleryApplicationNonPrimaryV1
tag. Defaults tofalse
. - Hide bool
- Whether this app is invisible to users in My Apps and Office 365 Launcher. Enabling this will assign the
HideApp
tag. Defaults tofalse
.
- Custom
Single boolSign On - Whether this application represents a custom SAML application for linked service principals. Enabling this will assign the
WindowsAzureActiveDirectoryCustomSingleSignOnApplication
tag. Defaults tofalse
. - Enterprise bool
- Whether this application represents an Enterprise Application for linked service principals. Enabling this will assign the
WindowsAzureActiveDirectoryIntegratedApp
tag. Defaults tofalse
. - Gallery bool
- Whether this application represents a gallery application for linked service principals. Enabling this will assign the
WindowsAzureActiveDirectoryGalleryApplicationNonPrimaryV1
tag. Defaults tofalse
. - Hide bool
- Whether this app is invisible to users in My Apps and Office 365 Launcher. Enabling this will assign the
HideApp
tag. Defaults tofalse
.
- custom
Single BooleanSign On - Whether this application represents a custom SAML application for linked service principals. Enabling this will assign the
WindowsAzureActiveDirectoryCustomSingleSignOnApplication
tag. Defaults tofalse
. - enterprise Boolean
- Whether this application represents an Enterprise Application for linked service principals. Enabling this will assign the
WindowsAzureActiveDirectoryIntegratedApp
tag. Defaults tofalse
. - gallery Boolean
- Whether this application represents a gallery application for linked service principals. Enabling this will assign the
WindowsAzureActiveDirectoryGalleryApplicationNonPrimaryV1
tag. Defaults tofalse
. - hide Boolean
- Whether this app is invisible to users in My Apps and Office 365 Launcher. Enabling this will assign the
HideApp
tag. Defaults tofalse
.
- custom
Single booleanSign On - Whether this application represents a custom SAML application for linked service principals. Enabling this will assign the
WindowsAzureActiveDirectoryCustomSingleSignOnApplication
tag. Defaults tofalse
. - enterprise boolean
- Whether this application represents an Enterprise Application for linked service principals. Enabling this will assign the
WindowsAzureActiveDirectoryIntegratedApp
tag. Defaults tofalse
. - gallery boolean
- Whether this application represents a gallery application for linked service principals. Enabling this will assign the
WindowsAzureActiveDirectoryGalleryApplicationNonPrimaryV1
tag. Defaults tofalse
. - hide boolean
- Whether this app is invisible to users in My Apps and Office 365 Launcher. Enabling this will assign the
HideApp
tag. Defaults tofalse
.
- custom_
single_ boolsign_ on - Whether this application represents a custom SAML application for linked service principals. Enabling this will assign the
WindowsAzureActiveDirectoryCustomSingleSignOnApplication
tag. Defaults tofalse
. - enterprise bool
- Whether this application represents an Enterprise Application for linked service principals. Enabling this will assign the
WindowsAzureActiveDirectoryIntegratedApp
tag. Defaults tofalse
. - gallery bool
- Whether this application represents a gallery application for linked service principals. Enabling this will assign the
WindowsAzureActiveDirectoryGalleryApplicationNonPrimaryV1
tag. Defaults tofalse
. - hide bool
- Whether this app is invisible to users in My Apps and Office 365 Launcher. Enabling this will assign the
HideApp
tag. Defaults tofalse
.
- custom
Single BooleanSign On - Whether this application represents a custom SAML application for linked service principals. Enabling this will assign the
WindowsAzureActiveDirectoryCustomSingleSignOnApplication
tag. Defaults tofalse
. - enterprise Boolean
- Whether this application represents an Enterprise Application for linked service principals. Enabling this will assign the
WindowsAzureActiveDirectoryIntegratedApp
tag. Defaults tofalse
. - gallery Boolean
- Whether this application represents a gallery application for linked service principals. Enabling this will assign the
WindowsAzureActiveDirectoryGalleryApplicationNonPrimaryV1
tag. Defaults tofalse
. - hide Boolean
- Whether this app is invisible to users in My Apps and Office 365 Launcher. Enabling this will assign the
HideApp
tag. Defaults tofalse
.
ApplicationOptionalClaims, ApplicationOptionalClaimsArgs
- Access
Tokens List<Pulumi.Azure AD. Inputs. Application Optional Claims Access Token> - One or more
access_token
blocks as documented below. - Id
Tokens List<Pulumi.Azure AD. Inputs. Application Optional Claims Id Token> - One or more
id_token
blocks as documented below. - Saml2Tokens
List<Pulumi.
Azure AD. Inputs. Application Optional Claims Saml2Token> - One or more
saml2_token
blocks as documented below.
- Access
Tokens []ApplicationOptional Claims Access Token - One or more
access_token
blocks as documented below. - Id
Tokens []ApplicationOptional Claims Id Token - One or more
id_token
blocks as documented below. - Saml2Tokens
[]Application
Optional Claims Saml2Token - One or more
saml2_token
blocks as documented below.
- access
Tokens List<ApplicationOptional Claims Access Token> - One or more
access_token
blocks as documented below. - id
Tokens List<ApplicationOptional Claims Id Token> - One or more
id_token
blocks as documented below. - saml2Tokens
List<Application
Optional Claims Saml2Token> - One or more
saml2_token
blocks as documented below.
- access
Tokens ApplicationOptional Claims Access Token[] - One or more
access_token
blocks as documented below. - id
Tokens ApplicationOptional Claims Id Token[] - One or more
id_token
blocks as documented below. - saml2Tokens
Application
Optional Claims Saml2Token[] - One or more
saml2_token
blocks as documented below.
- access_
tokens Sequence[ApplicationOptional Claims Access Token] - One or more
access_token
blocks as documented below. - id_
tokens Sequence[ApplicationOptional Claims Id Token] - One or more
id_token
blocks as documented below. - saml2_
tokens Sequence[ApplicationOptional Claims Saml2Token] - One or more
saml2_token
blocks as documented below.
- access
Tokens List<Property Map> - One or more
access_token
blocks as documented below. - id
Tokens List<Property Map> - One or more
id_token
blocks as documented below. - saml2Tokens List<Property Map>
- One or more
saml2_token
blocks as documented below.
ApplicationOptionalClaimsAccessToken, ApplicationOptionalClaimsAccessTokenArgs
- Name string
- The name of the optional claim.
- Additional
Properties List<string> - List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are:
cloud_displayname
,dns_domain_and_sam_account_name
,emit_as_roles
,include_externally_authenticated_upn_without_hash
,include_externally_authenticated_upn
,max_size_limit
,netbios_domain_and_sam_account_name
,on_premise_security_identifier
,sam_account_name
, anduse_guid
. - Essential bool
- Whether the claim specified by the client is necessary to ensure a smooth authorization experience.
- Source string
- The source of the claim. If
source
is absent, the claim is a predefined optional claim. Ifsource
isuser
, the value ofname
is the extension property from the user object.
- Name string
- The name of the optional claim.
- Additional
Properties []string - List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are:
cloud_displayname
,dns_domain_and_sam_account_name
,emit_as_roles
,include_externally_authenticated_upn_without_hash
,include_externally_authenticated_upn
,max_size_limit
,netbios_domain_and_sam_account_name
,on_premise_security_identifier
,sam_account_name
, anduse_guid
. - Essential bool
- Whether the claim specified by the client is necessary to ensure a smooth authorization experience.
- Source string
- The source of the claim. If
source
is absent, the claim is a predefined optional claim. Ifsource
isuser
, the value ofname
is the extension property from the user object.
- name String
- The name of the optional claim.
- additional
Properties List<String> - List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are:
cloud_displayname
,dns_domain_and_sam_account_name
,emit_as_roles
,include_externally_authenticated_upn_without_hash
,include_externally_authenticated_upn
,max_size_limit
,netbios_domain_and_sam_account_name
,on_premise_security_identifier
,sam_account_name
, anduse_guid
. - essential Boolean
- Whether the claim specified by the client is necessary to ensure a smooth authorization experience.
- source String
- The source of the claim. If
source
is absent, the claim is a predefined optional claim. Ifsource
isuser
, the value ofname
is the extension property from the user object.
- name string
- The name of the optional claim.
- additional
Properties string[] - List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are:
cloud_displayname
,dns_domain_and_sam_account_name
,emit_as_roles
,include_externally_authenticated_upn_without_hash
,include_externally_authenticated_upn
,max_size_limit
,netbios_domain_and_sam_account_name
,on_premise_security_identifier
,sam_account_name
, anduse_guid
. - essential boolean
- Whether the claim specified by the client is necessary to ensure a smooth authorization experience.
- source string
- The source of the claim. If
source
is absent, the claim is a predefined optional claim. Ifsource
isuser
, the value ofname
is the extension property from the user object.
- name str
- The name of the optional claim.
- additional_
properties Sequence[str] - List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are:
cloud_displayname
,dns_domain_and_sam_account_name
,emit_as_roles
,include_externally_authenticated_upn_without_hash
,include_externally_authenticated_upn
,max_size_limit
,netbios_domain_and_sam_account_name
,on_premise_security_identifier
,sam_account_name
, anduse_guid
. - essential bool
- Whether the claim specified by the client is necessary to ensure a smooth authorization experience.
- source str
- The source of the claim. If
source
is absent, the claim is a predefined optional claim. Ifsource
isuser
, the value ofname
is the extension property from the user object.
- name String
- The name of the optional claim.
- additional
Properties List<String> - List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are:
cloud_displayname
,dns_domain_and_sam_account_name
,emit_as_roles
,include_externally_authenticated_upn_without_hash
,include_externally_authenticated_upn
,max_size_limit
,netbios_domain_and_sam_account_name
,on_premise_security_identifier
,sam_account_name
, anduse_guid
. - essential Boolean
- Whether the claim specified by the client is necessary to ensure a smooth authorization experience.
- source String
- The source of the claim. If
source
is absent, the claim is a predefined optional claim. Ifsource
isuser
, the value ofname
is the extension property from the user object.
ApplicationOptionalClaimsIdToken, ApplicationOptionalClaimsIdTokenArgs
- Name string
- The name of the optional claim.
- Additional
Properties List<string> - List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are:
cloud_displayname
,dns_domain_and_sam_account_name
,emit_as_roles
,include_externally_authenticated_upn_without_hash
,include_externally_authenticated_upn
,max_size_limit
,netbios_domain_and_sam_account_name
,on_premise_security_identifier
,sam_account_name
, anduse_guid
. - Essential bool
- Whether the claim specified by the client is necessary to ensure a smooth authorization experience.
- Source string
- The source of the claim. If
source
is absent, the claim is a predefined optional claim. Ifsource
isuser
, the value ofname
is the extension property from the user object.
- Name string
- The name of the optional claim.
- Additional
Properties []string - List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are:
cloud_displayname
,dns_domain_and_sam_account_name
,emit_as_roles
,include_externally_authenticated_upn_without_hash
,include_externally_authenticated_upn
,max_size_limit
,netbios_domain_and_sam_account_name
,on_premise_security_identifier
,sam_account_name
, anduse_guid
. - Essential bool
- Whether the claim specified by the client is necessary to ensure a smooth authorization experience.
- Source string
- The source of the claim. If
source
is absent, the claim is a predefined optional claim. Ifsource
isuser
, the value ofname
is the extension property from the user object.
- name String
- The name of the optional claim.
- additional
Properties List<String> - List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are:
cloud_displayname
,dns_domain_and_sam_account_name
,emit_as_roles
,include_externally_authenticated_upn_without_hash
,include_externally_authenticated_upn
,max_size_limit
,netbios_domain_and_sam_account_name
,on_premise_security_identifier
,sam_account_name
, anduse_guid
. - essential Boolean
- Whether the claim specified by the client is necessary to ensure a smooth authorization experience.
- source String
- The source of the claim. If
source
is absent, the claim is a predefined optional claim. Ifsource
isuser
, the value ofname
is the extension property from the user object.
- name string
- The name of the optional claim.
- additional
Properties string[] - List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are:
cloud_displayname
,dns_domain_and_sam_account_name
,emit_as_roles
,include_externally_authenticated_upn_without_hash
,include_externally_authenticated_upn
,max_size_limit
,netbios_domain_and_sam_account_name
,on_premise_security_identifier
,sam_account_name
, anduse_guid
. - essential boolean
- Whether the claim specified by the client is necessary to ensure a smooth authorization experience.
- source string
- The source of the claim. If
source
is absent, the claim is a predefined optional claim. Ifsource
isuser
, the value ofname
is the extension property from the user object.
- name str
- The name of the optional claim.
- additional_
properties Sequence[str] - List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are:
cloud_displayname
,dns_domain_and_sam_account_name
,emit_as_roles
,include_externally_authenticated_upn_without_hash
,include_externally_authenticated_upn
,max_size_limit
,netbios_domain_and_sam_account_name
,on_premise_security_identifier
,sam_account_name
, anduse_guid
. - essential bool
- Whether the claim specified by the client is necessary to ensure a smooth authorization experience.
- source str
- The source of the claim. If
source
is absent, the claim is a predefined optional claim. Ifsource
isuser
, the value ofname
is the extension property from the user object.
- name String
- The name of the optional claim.
- additional
Properties List<String> - List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are:
cloud_displayname
,dns_domain_and_sam_account_name
,emit_as_roles
,include_externally_authenticated_upn_without_hash
,include_externally_authenticated_upn
,max_size_limit
,netbios_domain_and_sam_account_name
,on_premise_security_identifier
,sam_account_name
, anduse_guid
. - essential Boolean
- Whether the claim specified by the client is necessary to ensure a smooth authorization experience.
- source String
- The source of the claim. If
source
is absent, the claim is a predefined optional claim. Ifsource
isuser
, the value ofname
is the extension property from the user object.
ApplicationOptionalClaimsSaml2Token, ApplicationOptionalClaimsSaml2TokenArgs
- Name string
- The name of the optional claim.
- Additional
Properties List<string> - List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are:
cloud_displayname
,dns_domain_and_sam_account_name
,emit_as_roles
,include_externally_authenticated_upn_without_hash
,include_externally_authenticated_upn
,max_size_limit
,netbios_domain_and_sam_account_name
,on_premise_security_identifier
,sam_account_name
, anduse_guid
. - Essential bool
- Whether the claim specified by the client is necessary to ensure a smooth authorization experience.
- Source string
- The source of the claim. If
source
is absent, the claim is a predefined optional claim. Ifsource
isuser
, the value ofname
is the extension property from the user object.
- Name string
- The name of the optional claim.
- Additional
Properties []string - List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are:
cloud_displayname
,dns_domain_and_sam_account_name
,emit_as_roles
,include_externally_authenticated_upn_without_hash
,include_externally_authenticated_upn
,max_size_limit
,netbios_domain_and_sam_account_name
,on_premise_security_identifier
,sam_account_name
, anduse_guid
. - Essential bool
- Whether the claim specified by the client is necessary to ensure a smooth authorization experience.
- Source string
- The source of the claim. If
source
is absent, the claim is a predefined optional claim. Ifsource
isuser
, the value ofname
is the extension property from the user object.
- name String
- The name of the optional claim.
- additional
Properties List<String> - List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are:
cloud_displayname
,dns_domain_and_sam_account_name
,emit_as_roles
,include_externally_authenticated_upn_without_hash
,include_externally_authenticated_upn
,max_size_limit
,netbios_domain_and_sam_account_name
,on_premise_security_identifier
,sam_account_name
, anduse_guid
. - essential Boolean
- Whether the claim specified by the client is necessary to ensure a smooth authorization experience.
- source String
- The source of the claim. If
source
is absent, the claim is a predefined optional claim. Ifsource
isuser
, the value ofname
is the extension property from the user object.
- name string
- The name of the optional claim.
- additional
Properties string[] - List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are:
cloud_displayname
,dns_domain_and_sam_account_name
,emit_as_roles
,include_externally_authenticated_upn_without_hash
,include_externally_authenticated_upn
,max_size_limit
,netbios_domain_and_sam_account_name
,on_premise_security_identifier
,sam_account_name
, anduse_guid
. - essential boolean
- Whether the claim specified by the client is necessary to ensure a smooth authorization experience.
- source string
- The source of the claim. If
source
is absent, the claim is a predefined optional claim. Ifsource
isuser
, the value ofname
is the extension property from the user object.
- name str
- The name of the optional claim.
- additional_
properties Sequence[str] - List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are:
cloud_displayname
,dns_domain_and_sam_account_name
,emit_as_roles
,include_externally_authenticated_upn_without_hash
,include_externally_authenticated_upn
,max_size_limit
,netbios_domain_and_sam_account_name
,on_premise_security_identifier
,sam_account_name
, anduse_guid
. - essential bool
- Whether the claim specified by the client is necessary to ensure a smooth authorization experience.
- source str
- The source of the claim. If
source
is absent, the claim is a predefined optional claim. Ifsource
isuser
, the value ofname
is the extension property from the user object.
- name String
- The name of the optional claim.
- additional
Properties List<String> - List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are:
cloud_displayname
,dns_domain_and_sam_account_name
,emit_as_roles
,include_externally_authenticated_upn_without_hash
,include_externally_authenticated_upn
,max_size_limit
,netbios_domain_and_sam_account_name
,on_premise_security_identifier
,sam_account_name
, anduse_guid
. - essential Boolean
- Whether the claim specified by the client is necessary to ensure a smooth authorization experience.
- source String
- The source of the claim. If
source
is absent, the claim is a predefined optional claim. Ifsource
isuser
, the value ofname
is the extension property from the user object.
ApplicationPassword, ApplicationPasswordArgs
- Display
Name string - A display name for the password. Changing this field forces a new resource to be created.
- End
Date string - The end date until which the password is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z
). Changing this field forces a new resource to be created. - Key
Id string - (Required) The unique key ID for the generated password.
- Start
Date string - The start date from which the password is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z
). If this isn't specified, the current date is used. Changing this field forces a new resource to be created. - Value string
- (Required) The generated password for the application.
- Display
Name string - A display name for the password. Changing this field forces a new resource to be created.
- End
Date string - The end date until which the password is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z
). Changing this field forces a new resource to be created. - Key
Id string - (Required) The unique key ID for the generated password.
- Start
Date string - The start date from which the password is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z
). If this isn't specified, the current date is used. Changing this field forces a new resource to be created. - Value string
- (Required) The generated password for the application.
- display
Name String - A display name for the password. Changing this field forces a new resource to be created.
- end
Date String - The end date until which the password is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z
). Changing this field forces a new resource to be created. - key
Id String - (Required) The unique key ID for the generated password.
- start
Date String - The start date from which the password is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z
). If this isn't specified, the current date is used. Changing this field forces a new resource to be created. - value String
- (Required) The generated password for the application.
- display
Name string - A display name for the password. Changing this field forces a new resource to be created.
- end
Date string - The end date until which the password is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z
). Changing this field forces a new resource to be created. - key
Id string - (Required) The unique key ID for the generated password.
- start
Date string - The start date from which the password is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z
). If this isn't specified, the current date is used. Changing this field forces a new resource to be created. - value string
- (Required) The generated password for the application.
- display_
name str - A display name for the password. Changing this field forces a new resource to be created.
- end_
date str - The end date until which the password is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z
). Changing this field forces a new resource to be created. - key_
id str - (Required) The unique key ID for the generated password.
- start_
date str - The start date from which the password is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z
). If this isn't specified, the current date is used. Changing this field forces a new resource to be created. - value str
- (Required) The generated password for the application.
- display
Name String - A display name for the password. Changing this field forces a new resource to be created.
- end
Date String - The end date until which the password is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z
). Changing this field forces a new resource to be created. - key
Id String - (Required) The unique key ID for the generated password.
- start
Date String - The start date from which the password is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z
). If this isn't specified, the current date is used. Changing this field forces a new resource to be created. - value String
- (Required) The generated password for the application.
ApplicationPublicClient, ApplicationPublicClientArgs
- Redirect
Uris List<string> - A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid
https
orms-appx-web
URL.
- Redirect
Uris []string - A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid
https
orms-appx-web
URL.
- redirect
Uris List<String> - A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid
https
orms-appx-web
URL.
- redirect
Uris string[] - A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid
https
orms-appx-web
URL.
- redirect_
uris Sequence[str] - A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid
https
orms-appx-web
URL.
- redirect
Uris List<String> - A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid
https
orms-appx-web
URL.
ApplicationRequiredResourceAccess, ApplicationRequiredResourceAccessArgs
- Resource
Accesses List<Pulumi.Azure AD. Inputs. Application Required Resource Access Resource Access> - A collection of
resource_access
blocks as documented below, describing OAuth2.0 permission scopes and app roles that the application requires from the specified resource. - Resource
App stringId The unique identifier for the resource that the application requires access to. This should be the Application ID of the target application.
Note: Documentation on
resource_app_id
values for Microsoft APIs can be difficult to find, but you can use the Azure CLI to find them. (e.g.az ad sp list --display-name "Microsoft Graph" --query '[].{appDisplayName:appDisplayName, appId:appId}'
)
- Resource
Accesses []ApplicationRequired Resource Access Resource Access - A collection of
resource_access
blocks as documented below, describing OAuth2.0 permission scopes and app roles that the application requires from the specified resource. - Resource
App stringId The unique identifier for the resource that the application requires access to. This should be the Application ID of the target application.
Note: Documentation on
resource_app_id
values for Microsoft APIs can be difficult to find, but you can use the Azure CLI to find them. (e.g.az ad sp list --display-name "Microsoft Graph" --query '[].{appDisplayName:appDisplayName, appId:appId}'
)
- resource
Accesses List<ApplicationRequired Resource Access Resource Access> - A collection of
resource_access
blocks as documented below, describing OAuth2.0 permission scopes and app roles that the application requires from the specified resource. - resource
App StringId The unique identifier for the resource that the application requires access to. This should be the Application ID of the target application.
Note: Documentation on
resource_app_id
values for Microsoft APIs can be difficult to find, but you can use the Azure CLI to find them. (e.g.az ad sp list --display-name "Microsoft Graph" --query '[].{appDisplayName:appDisplayName, appId:appId}'
)
- resource
Accesses ApplicationRequired Resource Access Resource Access[] - A collection of
resource_access
blocks as documented below, describing OAuth2.0 permission scopes and app roles that the application requires from the specified resource. - resource
App stringId The unique identifier for the resource that the application requires access to. This should be the Application ID of the target application.
Note: Documentation on
resource_app_id
values for Microsoft APIs can be difficult to find, but you can use the Azure CLI to find them. (e.g.az ad sp list --display-name "Microsoft Graph" --query '[].{appDisplayName:appDisplayName, appId:appId}'
)
- resource_
accesses Sequence[ApplicationRequired Resource Access Resource Access] - A collection of
resource_access
blocks as documented below, describing OAuth2.0 permission scopes and app roles that the application requires from the specified resource. - resource_
app_ strid The unique identifier for the resource that the application requires access to. This should be the Application ID of the target application.
Note: Documentation on
resource_app_id
values for Microsoft APIs can be difficult to find, but you can use the Azure CLI to find them. (e.g.az ad sp list --display-name "Microsoft Graph" --query '[].{appDisplayName:appDisplayName, appId:appId}'
)
- resource
Accesses List<Property Map> - A collection of
resource_access
blocks as documented below, describing OAuth2.0 permission scopes and app roles that the application requires from the specified resource. - resource
App StringId The unique identifier for the resource that the application requires access to. This should be the Application ID of the target application.
Note: Documentation on
resource_app_id
values for Microsoft APIs can be difficult to find, but you can use the Azure CLI to find them. (e.g.az ad sp list --display-name "Microsoft Graph" --query '[].{appDisplayName:appDisplayName, appId:appId}'
)
ApplicationRequiredResourceAccessResourceAccess, ApplicationRequiredResourceAccessResourceAccessArgs
ApplicationSinglePageApplication, ApplicationSinglePageApplicationArgs
- Redirect
Uris List<string> - A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid
https
URL.
- Redirect
Uris []string - A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid
https
URL.
- redirect
Uris List<String> - A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid
https
URL.
- redirect
Uris string[] - A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid
https
URL.
- redirect_
uris Sequence[str] - A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid
https
URL.
- redirect
Uris List<String> - A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid
https
URL.
ApplicationWeb, ApplicationWebArgs
- Homepage
Url string - Home page or landing page of the application.
- Implicit
Grant Pulumi.Azure AD. Inputs. Application Web Implicit Grant - An
implicit_grant
block as documented above. - Logout
Url string - The URL that will be used by Microsoft's authorization service to sign out a user using front-channel, back-channel or SAML logout protocols.
- Redirect
Uris List<string> - A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid
http
URL or a URN.
- Homepage
Url string - Home page or landing page of the application.
- Implicit
Grant ApplicationWeb Implicit Grant - An
implicit_grant
block as documented above. - Logout
Url string - The URL that will be used by Microsoft's authorization service to sign out a user using front-channel, back-channel or SAML logout protocols.
- Redirect
Uris []string - A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid
http
URL or a URN.
- homepage
Url String - Home page or landing page of the application.
- implicit
Grant ApplicationWeb Implicit Grant - An
implicit_grant
block as documented above. - logout
Url String - The URL that will be used by Microsoft's authorization service to sign out a user using front-channel, back-channel or SAML logout protocols.
- redirect
Uris List<String> - A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid
http
URL or a URN.
- homepage
Url string - Home page or landing page of the application.
- implicit
Grant ApplicationWeb Implicit Grant - An
implicit_grant
block as documented above. - logout
Url string - The URL that will be used by Microsoft's authorization service to sign out a user using front-channel, back-channel or SAML logout protocols.
- redirect
Uris string[] - A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid
http
URL or a URN.
- homepage_
url str - Home page or landing page of the application.
- implicit_
grant ApplicationWeb Implicit Grant - An
implicit_grant
block as documented above. - logout_
url str - The URL that will be used by Microsoft's authorization service to sign out a user using front-channel, back-channel or SAML logout protocols.
- redirect_
uris Sequence[str] - A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid
http
URL or a URN.
- homepage
Url String - Home page or landing page of the application.
- implicit
Grant Property Map - An
implicit_grant
block as documented above. - logout
Url String - The URL that will be used by Microsoft's authorization service to sign out a user using front-channel, back-channel or SAML logout protocols.
- redirect
Uris List<String> - A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid
http
URL or a URN.
ApplicationWebImplicitGrant, ApplicationWebImplicitGrantArgs
- Access
Token boolIssuance Enabled - Whether this web application can request an access token using OAuth 2.0 implicit flow.
- Id
Token boolIssuance Enabled - Whether this web application can request an ID token using OAuth 2.0 implicit flow.
- Access
Token boolIssuance Enabled - Whether this web application can request an access token using OAuth 2.0 implicit flow.
- Id
Token boolIssuance Enabled - Whether this web application can request an ID token using OAuth 2.0 implicit flow.
- access
Token BooleanIssuance Enabled - Whether this web application can request an access token using OAuth 2.0 implicit flow.
- id
Token BooleanIssuance Enabled - Whether this web application can request an ID token using OAuth 2.0 implicit flow.
- access
Token booleanIssuance Enabled - Whether this web application can request an access token using OAuth 2.0 implicit flow.
- id
Token booleanIssuance Enabled - Whether this web application can request an ID token using OAuth 2.0 implicit flow.
- access_
token_ boolissuance_ enabled - Whether this web application can request an access token using OAuth 2.0 implicit flow.
- id_
token_ boolissuance_ enabled - Whether this web application can request an ID token using OAuth 2.0 implicit flow.
- access
Token BooleanIssuance Enabled - Whether this web application can request an access token using OAuth 2.0 implicit flow.
- id
Token BooleanIssuance Enabled - Whether this web application can request an ID token using OAuth 2.0 implicit flow.
Import
Applications can be imported using the object ID of the application, in the following format.
$ pulumi import azuread:index/application:Application example /applications/00000000-0000-0000-0000-000000000000
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Azure Active Directory (Azure AD) pulumi/pulumi-azuread
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
azuread
Terraform Provider.