1. Packages
  2. Azure Active Directory (Azure AD)
  3. API Docs
  4. ApplicationFederatedIdentityCredential
Azure Active Directory (Azure AD) v5.47.2 published on Tuesday, Feb 27, 2024 by Pulumi

azuread.ApplicationFederatedIdentityCredential

Explore with Pulumi AI

azuread logo
Azure Active Directory (Azure AD) v5.47.2 published on Tuesday, Feb 27, 2024 by Pulumi

    Import

    Federated Identity Credentials can be imported using the object ID of the associated application and the ID of the federated identity credential, e.g.

    $ pulumi import azuread:index/applicationFederatedIdentityCredential:ApplicationFederatedIdentityCredential example 00000000-0000-0000-0000-000000000000/federatedIdentityCredential/11111111-1111-1111-1111-111111111111
    

    -> This ID format is unique to Terraform and is composed of the application’s object ID, the string “federatedIdentityCredential” and the credential ID in the format {ObjectId}/federatedIdentityCredential/{CredentialId}.

    Example Usage

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AzureAD = Pulumi.AzureAD;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new AzureAD.ApplicationRegistration("example", new()
        {
            DisplayName = "example",
        });
    
        var exampleApplicationFederatedIdentityCredential = new AzureAD.ApplicationFederatedIdentityCredential("example", new()
        {
            ApplicationId = example.Id,
            DisplayName = "my-repo-deploy",
            Description = "Deployments for my-repo",
            Audiences = new[]
            {
                "api://AzureADTokenExchange",
            },
            Issuer = "https://token.actions.githubusercontent.com",
            Subject = "repo:my-organization/my-repo:environment:prod",
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		example, err := azuread.NewApplicationRegistration(ctx, "example", &azuread.ApplicationRegistrationArgs{
    			DisplayName: pulumi.String("example"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = azuread.NewApplicationFederatedIdentityCredential(ctx, "example", &azuread.ApplicationFederatedIdentityCredentialArgs{
    			ApplicationId: example.ID(),
    			DisplayName:   pulumi.String("my-repo-deploy"),
    			Description:   pulumi.String("Deployments for my-repo"),
    			Audiences: pulumi.StringArray{
    				pulumi.String("api://AzureADTokenExchange"),
    			},
    			Issuer:  pulumi.String("https://token.actions.githubusercontent.com"),
    			Subject: pulumi.String("repo:my-organization/my-repo:environment:prod"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azuread.ApplicationRegistration;
    import com.pulumi.azuread.ApplicationRegistrationArgs;
    import com.pulumi.azuread.ApplicationFederatedIdentityCredential;
    import com.pulumi.azuread.ApplicationFederatedIdentityCredentialArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new ApplicationRegistration("example", ApplicationRegistrationArgs.builder()        
                .displayName("example")
                .build());
    
            var exampleApplicationFederatedIdentityCredential = new ApplicationFederatedIdentityCredential("exampleApplicationFederatedIdentityCredential", ApplicationFederatedIdentityCredentialArgs.builder()        
                .applicationId(example.id())
                .displayName("my-repo-deploy")
                .description("Deployments for my-repo")
                .audiences("api://AzureADTokenExchange")
                .issuer("https://token.actions.githubusercontent.com")
                .subject("repo:my-organization/my-repo:environment:prod")
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_azuread as azuread
    
    example = azuread.ApplicationRegistration("example", display_name="example")
    example_application_federated_identity_credential = azuread.ApplicationFederatedIdentityCredential("example",
        application_id=example.id,
        display_name="my-repo-deploy",
        description="Deployments for my-repo",
        audiences=["api://AzureADTokenExchange"],
        issuer="https://token.actions.githubusercontent.com",
        subject="repo:my-organization/my-repo:environment:prod")
    
    import * as pulumi from "@pulumi/pulumi";
    import * as azuread from "@pulumi/azuread";
    
    const example = new azuread.ApplicationRegistration("example", {displayName: "example"});
    const exampleApplicationFederatedIdentityCredential = new azuread.ApplicationFederatedIdentityCredential("example", {
        applicationId: example.id,
        displayName: "my-repo-deploy",
        description: "Deployments for my-repo",
        audiences: ["api://AzureADTokenExchange"],
        issuer: "https://token.actions.githubusercontent.com",
        subject: "repo:my-organization/my-repo:environment:prod",
    });
    
    resources:
      example:
        type: azuread:ApplicationRegistration
        properties:
          displayName: example
      exampleApplicationFederatedIdentityCredential:
        type: azuread:ApplicationFederatedIdentityCredential
        name: example
        properties:
          applicationId: ${example.id}
          displayName: my-repo-deploy
          description: Deployments for my-repo
          audiences:
            - api://AzureADTokenExchange
          issuer: https://token.actions.githubusercontent.com
          subject: repo:my-organization/my-repo:environment:prod
    

    Create ApplicationFederatedIdentityCredential Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new ApplicationFederatedIdentityCredential(name: string, args: ApplicationFederatedIdentityCredentialArgs, opts?: CustomResourceOptions);
    @overload
    def ApplicationFederatedIdentityCredential(resource_name: str,
                                               args: ApplicationFederatedIdentityCredentialArgs,
                                               opts: Optional[ResourceOptions] = None)
    
    @overload
    def ApplicationFederatedIdentityCredential(resource_name: str,
                                               opts: Optional[ResourceOptions] = None,
                                               audiences: Optional[Sequence[str]] = None,
                                               display_name: Optional[str] = None,
                                               issuer: Optional[str] = None,
                                               subject: Optional[str] = None,
                                               application_id: Optional[str] = None,
                                               application_object_id: Optional[str] = None,
                                               description: Optional[str] = None)
    func NewApplicationFederatedIdentityCredential(ctx *Context, name string, args ApplicationFederatedIdentityCredentialArgs, opts ...ResourceOption) (*ApplicationFederatedIdentityCredential, error)
    public ApplicationFederatedIdentityCredential(string name, ApplicationFederatedIdentityCredentialArgs args, CustomResourceOptions? opts = null)
    public ApplicationFederatedIdentityCredential(String name, ApplicationFederatedIdentityCredentialArgs args)
    public ApplicationFederatedIdentityCredential(String name, ApplicationFederatedIdentityCredentialArgs args, CustomResourceOptions options)
    
    type: azuread:ApplicationFederatedIdentityCredential
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args ApplicationFederatedIdentityCredentialArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args ApplicationFederatedIdentityCredentialArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args ApplicationFederatedIdentityCredentialArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args ApplicationFederatedIdentityCredentialArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args ApplicationFederatedIdentityCredentialArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Example

    The following reference example uses placeholder values for all input properties.

    var applicationFederatedIdentityCredentialResource = new AzureAD.ApplicationFederatedIdentityCredential("applicationFederatedIdentityCredentialResource", new()
    {
        Audiences = new[]
        {
            "string",
        },
        DisplayName = "string",
        Issuer = "string",
        Subject = "string",
        ApplicationId = "string",
        Description = "string",
    });
    
    example, err := azuread.NewApplicationFederatedIdentityCredential(ctx, "applicationFederatedIdentityCredentialResource", &azuread.ApplicationFederatedIdentityCredentialArgs{
    	Audiences: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	DisplayName:   pulumi.String("string"),
    	Issuer:        pulumi.String("string"),
    	Subject:       pulumi.String("string"),
    	ApplicationId: pulumi.String("string"),
    	Description:   pulumi.String("string"),
    })
    
    var applicationFederatedIdentityCredentialResource = new ApplicationFederatedIdentityCredential("applicationFederatedIdentityCredentialResource", ApplicationFederatedIdentityCredentialArgs.builder()        
        .audiences("string")
        .displayName("string")
        .issuer("string")
        .subject("string")
        .applicationId("string")
        .description("string")
        .build());
    
    application_federated_identity_credential_resource = azuread.ApplicationFederatedIdentityCredential("applicationFederatedIdentityCredentialResource",
        audiences=["string"],
        display_name="string",
        issuer="string",
        subject="string",
        application_id="string",
        description="string")
    
    const applicationFederatedIdentityCredentialResource = new azuread.ApplicationFederatedIdentityCredential("applicationFederatedIdentityCredentialResource", {
        audiences: ["string"],
        displayName: "string",
        issuer: "string",
        subject: "string",
        applicationId: "string",
        description: "string",
    });
    
    type: azuread:ApplicationFederatedIdentityCredential
    properties:
        applicationId: string
        audiences:
            - string
        description: string
        displayName: string
        issuer: string
        subject: string
    

    ApplicationFederatedIdentityCredential Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The ApplicationFederatedIdentityCredential resource accepts the following input properties:

    Audiences List<string>
    List of audiences that can appear in the external token. This specifies what should be accepted in the aud claim of incoming tokens.
    DisplayName string
    A unique display name for the federated identity credential. Changing this forces a new resource to be created.
    Issuer string
    The URL of the external identity provider, which must match the issuer claim of the external token being exchanged. The combination of the values of issuer and subject must be unique on the app.
    Subject string
    The identifier of the external software workload within the external identity provider. The combination of issuer and subject must be unique on the app.
    ApplicationId string
    The resource ID of the application for which this federated identity credential should be created. Changing this field forces a new resource to be created.
    ApplicationObjectId string
    The object ID of the application for which this federated identity credential should be created

    Deprecated: The application_object_id property has been replaced with the application_id property and will be removed in version 3.0 of the AzureAD provider

    Description string
    A description for the federated identity credential.
    Audiences []string
    List of audiences that can appear in the external token. This specifies what should be accepted in the aud claim of incoming tokens.
    DisplayName string
    A unique display name for the federated identity credential. Changing this forces a new resource to be created.
    Issuer string
    The URL of the external identity provider, which must match the issuer claim of the external token being exchanged. The combination of the values of issuer and subject must be unique on the app.
    Subject string
    The identifier of the external software workload within the external identity provider. The combination of issuer and subject must be unique on the app.
    ApplicationId string
    The resource ID of the application for which this federated identity credential should be created. Changing this field forces a new resource to be created.
    ApplicationObjectId string
    The object ID of the application for which this federated identity credential should be created

    Deprecated: The application_object_id property has been replaced with the application_id property and will be removed in version 3.0 of the AzureAD provider

    Description string
    A description for the federated identity credential.
    audiences List<String>
    List of audiences that can appear in the external token. This specifies what should be accepted in the aud claim of incoming tokens.
    displayName String
    A unique display name for the federated identity credential. Changing this forces a new resource to be created.
    issuer String
    The URL of the external identity provider, which must match the issuer claim of the external token being exchanged. The combination of the values of issuer and subject must be unique on the app.
    subject String
    The identifier of the external software workload within the external identity provider. The combination of issuer and subject must be unique on the app.
    applicationId String
    The resource ID of the application for which this federated identity credential should be created. Changing this field forces a new resource to be created.
    applicationObjectId String
    The object ID of the application for which this federated identity credential should be created

    Deprecated: The application_object_id property has been replaced with the application_id property and will be removed in version 3.0 of the AzureAD provider

    description String
    A description for the federated identity credential.
    audiences string[]
    List of audiences that can appear in the external token. This specifies what should be accepted in the aud claim of incoming tokens.
    displayName string
    A unique display name for the federated identity credential. Changing this forces a new resource to be created.
    issuer string
    The URL of the external identity provider, which must match the issuer claim of the external token being exchanged. The combination of the values of issuer and subject must be unique on the app.
    subject string
    The identifier of the external software workload within the external identity provider. The combination of issuer and subject must be unique on the app.
    applicationId string
    The resource ID of the application for which this federated identity credential should be created. Changing this field forces a new resource to be created.
    applicationObjectId string
    The object ID of the application for which this federated identity credential should be created

    Deprecated: The application_object_id property has been replaced with the application_id property and will be removed in version 3.0 of the AzureAD provider

    description string
    A description for the federated identity credential.
    audiences Sequence[str]
    List of audiences that can appear in the external token. This specifies what should be accepted in the aud claim of incoming tokens.
    display_name str
    A unique display name for the federated identity credential. Changing this forces a new resource to be created.
    issuer str
    The URL of the external identity provider, which must match the issuer claim of the external token being exchanged. The combination of the values of issuer and subject must be unique on the app.
    subject str
    The identifier of the external software workload within the external identity provider. The combination of issuer and subject must be unique on the app.
    application_id str
    The resource ID of the application for which this federated identity credential should be created. Changing this field forces a new resource to be created.
    application_object_id str
    The object ID of the application for which this federated identity credential should be created

    Deprecated: The application_object_id property has been replaced with the application_id property and will be removed in version 3.0 of the AzureAD provider

    description str
    A description for the federated identity credential.
    audiences List<String>
    List of audiences that can appear in the external token. This specifies what should be accepted in the aud claim of incoming tokens.
    displayName String
    A unique display name for the federated identity credential. Changing this forces a new resource to be created.
    issuer String
    The URL of the external identity provider, which must match the issuer claim of the external token being exchanged. The combination of the values of issuer and subject must be unique on the app.
    subject String
    The identifier of the external software workload within the external identity provider. The combination of issuer and subject must be unique on the app.
    applicationId String
    The resource ID of the application for which this federated identity credential should be created. Changing this field forces a new resource to be created.
    applicationObjectId String
    The object ID of the application for which this federated identity credential should be created

    Deprecated: The application_object_id property has been replaced with the application_id property and will be removed in version 3.0 of the AzureAD provider

    description String
    A description for the federated identity credential.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the ApplicationFederatedIdentityCredential resource produces the following output properties:

    CredentialId string
    A UUID used to uniquely identify this federated identity credential.
    Id string
    The provider-assigned unique ID for this managed resource.
    CredentialId string
    A UUID used to uniquely identify this federated identity credential.
    Id string
    The provider-assigned unique ID for this managed resource.
    credentialId String
    A UUID used to uniquely identify this federated identity credential.
    id String
    The provider-assigned unique ID for this managed resource.
    credentialId string
    A UUID used to uniquely identify this federated identity credential.
    id string
    The provider-assigned unique ID for this managed resource.
    credential_id str
    A UUID used to uniquely identify this federated identity credential.
    id str
    The provider-assigned unique ID for this managed resource.
    credentialId String
    A UUID used to uniquely identify this federated identity credential.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing ApplicationFederatedIdentityCredential Resource

    Get an existing ApplicationFederatedIdentityCredential resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: ApplicationFederatedIdentityCredentialState, opts?: CustomResourceOptions): ApplicationFederatedIdentityCredential
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            application_id: Optional[str] = None,
            application_object_id: Optional[str] = None,
            audiences: Optional[Sequence[str]] = None,
            credential_id: Optional[str] = None,
            description: Optional[str] = None,
            display_name: Optional[str] = None,
            issuer: Optional[str] = None,
            subject: Optional[str] = None) -> ApplicationFederatedIdentityCredential
    func GetApplicationFederatedIdentityCredential(ctx *Context, name string, id IDInput, state *ApplicationFederatedIdentityCredentialState, opts ...ResourceOption) (*ApplicationFederatedIdentityCredential, error)
    public static ApplicationFederatedIdentityCredential Get(string name, Input<string> id, ApplicationFederatedIdentityCredentialState? state, CustomResourceOptions? opts = null)
    public static ApplicationFederatedIdentityCredential get(String name, Output<String> id, ApplicationFederatedIdentityCredentialState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    ApplicationId string
    The resource ID of the application for which this federated identity credential should be created. Changing this field forces a new resource to be created.
    ApplicationObjectId string
    The object ID of the application for which this federated identity credential should be created

    Deprecated: The application_object_id property has been replaced with the application_id property and will be removed in version 3.0 of the AzureAD provider

    Audiences List<string>
    List of audiences that can appear in the external token. This specifies what should be accepted in the aud claim of incoming tokens.
    CredentialId string
    A UUID used to uniquely identify this federated identity credential.
    Description string
    A description for the federated identity credential.
    DisplayName string
    A unique display name for the federated identity credential. Changing this forces a new resource to be created.
    Issuer string
    The URL of the external identity provider, which must match the issuer claim of the external token being exchanged. The combination of the values of issuer and subject must be unique on the app.
    Subject string
    The identifier of the external software workload within the external identity provider. The combination of issuer and subject must be unique on the app.
    ApplicationId string
    The resource ID of the application for which this federated identity credential should be created. Changing this field forces a new resource to be created.
    ApplicationObjectId string
    The object ID of the application for which this federated identity credential should be created

    Deprecated: The application_object_id property has been replaced with the application_id property and will be removed in version 3.0 of the AzureAD provider

    Audiences []string
    List of audiences that can appear in the external token. This specifies what should be accepted in the aud claim of incoming tokens.
    CredentialId string
    A UUID used to uniquely identify this federated identity credential.
    Description string
    A description for the federated identity credential.
    DisplayName string
    A unique display name for the federated identity credential. Changing this forces a new resource to be created.
    Issuer string
    The URL of the external identity provider, which must match the issuer claim of the external token being exchanged. The combination of the values of issuer and subject must be unique on the app.
    Subject string
    The identifier of the external software workload within the external identity provider. The combination of issuer and subject must be unique on the app.
    applicationId String
    The resource ID of the application for which this federated identity credential should be created. Changing this field forces a new resource to be created.
    applicationObjectId String
    The object ID of the application for which this federated identity credential should be created

    Deprecated: The application_object_id property has been replaced with the application_id property and will be removed in version 3.0 of the AzureAD provider

    audiences List<String>
    List of audiences that can appear in the external token. This specifies what should be accepted in the aud claim of incoming tokens.
    credentialId String
    A UUID used to uniquely identify this federated identity credential.
    description String
    A description for the federated identity credential.
    displayName String
    A unique display name for the federated identity credential. Changing this forces a new resource to be created.
    issuer String
    The URL of the external identity provider, which must match the issuer claim of the external token being exchanged. The combination of the values of issuer and subject must be unique on the app.
    subject String
    The identifier of the external software workload within the external identity provider. The combination of issuer and subject must be unique on the app.
    applicationId string
    The resource ID of the application for which this federated identity credential should be created. Changing this field forces a new resource to be created.
    applicationObjectId string
    The object ID of the application for which this federated identity credential should be created

    Deprecated: The application_object_id property has been replaced with the application_id property and will be removed in version 3.0 of the AzureAD provider

    audiences string[]
    List of audiences that can appear in the external token. This specifies what should be accepted in the aud claim of incoming tokens.
    credentialId string
    A UUID used to uniquely identify this federated identity credential.
    description string
    A description for the federated identity credential.
    displayName string
    A unique display name for the federated identity credential. Changing this forces a new resource to be created.
    issuer string
    The URL of the external identity provider, which must match the issuer claim of the external token being exchanged. The combination of the values of issuer and subject must be unique on the app.
    subject string
    The identifier of the external software workload within the external identity provider. The combination of issuer and subject must be unique on the app.
    application_id str
    The resource ID of the application for which this federated identity credential should be created. Changing this field forces a new resource to be created.
    application_object_id str
    The object ID of the application for which this federated identity credential should be created

    Deprecated: The application_object_id property has been replaced with the application_id property and will be removed in version 3.0 of the AzureAD provider

    audiences Sequence[str]
    List of audiences that can appear in the external token. This specifies what should be accepted in the aud claim of incoming tokens.
    credential_id str
    A UUID used to uniquely identify this federated identity credential.
    description str
    A description for the federated identity credential.
    display_name str
    A unique display name for the federated identity credential. Changing this forces a new resource to be created.
    issuer str
    The URL of the external identity provider, which must match the issuer claim of the external token being exchanged. The combination of the values of issuer and subject must be unique on the app.
    subject str
    The identifier of the external software workload within the external identity provider. The combination of issuer and subject must be unique on the app.
    applicationId String
    The resource ID of the application for which this federated identity credential should be created. Changing this field forces a new resource to be created.
    applicationObjectId String
    The object ID of the application for which this federated identity credential should be created

    Deprecated: The application_object_id property has been replaced with the application_id property and will be removed in version 3.0 of the AzureAD provider

    audiences List<String>
    List of audiences that can appear in the external token. This specifies what should be accepted in the aud claim of incoming tokens.
    credentialId String
    A UUID used to uniquely identify this federated identity credential.
    description String
    A description for the federated identity credential.
    displayName String
    A unique display name for the federated identity credential. Changing this forces a new resource to be created.
    issuer String
    The URL of the external identity provider, which must match the issuer claim of the external token being exchanged. The combination of the values of issuer and subject must be unique on the app.
    subject String
    The identifier of the external software workload within the external identity provider. The combination of issuer and subject must be unique on the app.

    Package Details

    Repository
    Azure Active Directory (Azure AD) pulumi/pulumi-azuread
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the azuread Terraform Provider.
    azuread logo
    Azure Active Directory (Azure AD) v5.47.2 published on Tuesday, Feb 27, 2024 by Pulumi