1. Packages
  2. Azure Active Directory (Azure AD)
  3. API Docs
  4. AuthenticationStrengthPolicy
Azure Active Directory (Azure AD) v5.47.2 published on Tuesday, Feb 27, 2024 by Pulumi

azuread.AuthenticationStrengthPolicy

Explore with Pulumi AI

azuread logo
Azure Active Directory (Azure AD) v5.47.2 published on Tuesday, Feb 27, 2024 by Pulumi

    Manages a Authentication Strength Policy within Azure Active Directory.

    API Permissions

    The following API permissions are required in order to use this resource.

    When authenticated with a service principal, this resource requires the following application roles: Policy.ReadWrite.ConditionalAccess and Policy.Read.All

    When authenticated with a user principal, this resource requires one of the following directory roles: Conditional Access Administrator or Global Administrator

    Example Usage

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AzureAD = Pulumi.AzureAD;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new AzureAD.AuthenticationStrengthPolicy("example", new()
        {
            DisplayName = "Example Authentication Strength Policy",
            Description = "Policy for demo purposes",
            AllowedCombinations = new[]
            {
                "fido2",
                "password",
            },
        });
    
        var example2 = new AzureAD.AuthenticationStrengthPolicy("example2", new()
        {
            DisplayName = "Example Authentication Strength Policy",
            Description = "Policy for demo purposes with all possible combinations",
            AllowedCombinations = new[]
            {
                "fido2",
                "password",
                "deviceBasedPush",
                "temporaryAccessPassOneTime",
                "federatedMultiFactor",
                "federatedSingleFactor",
                "hardwareOath,federatedSingleFactor",
                "microsoftAuthenticatorPush,federatedSingleFactor",
                "password,hardwareOath",
                "password,microsoftAuthenticatorPush",
                "password,sms",
                "password,softwareOath",
                "password,voice",
                "sms",
                "sms,federatedSingleFactor",
                "softwareOath,federatedSingleFactor",
                "temporaryAccessPassMultiUse",
                "voice,federatedSingleFactor",
                "windowsHelloForBusiness",
                "x509CertificateMultiFactor",
                "x509CertificateSingleFactor",
            },
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := azuread.NewAuthenticationStrengthPolicy(ctx, "example", &azuread.AuthenticationStrengthPolicyArgs{
    			DisplayName: pulumi.String("Example Authentication Strength Policy"),
    			Description: pulumi.String("Policy for demo purposes"),
    			AllowedCombinations: pulumi.StringArray{
    				pulumi.String("fido2"),
    				pulumi.String("password"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		_, err = azuread.NewAuthenticationStrengthPolicy(ctx, "example2", &azuread.AuthenticationStrengthPolicyArgs{
    			DisplayName: pulumi.String("Example Authentication Strength Policy"),
    			Description: pulumi.String("Policy for demo purposes with all possible combinations"),
    			AllowedCombinations: pulumi.StringArray{
    				pulumi.String("fido2"),
    				pulumi.String("password"),
    				pulumi.String("deviceBasedPush"),
    				pulumi.String("temporaryAccessPassOneTime"),
    				pulumi.String("federatedMultiFactor"),
    				pulumi.String("federatedSingleFactor"),
    				pulumi.String("hardwareOath,federatedSingleFactor"),
    				pulumi.String("microsoftAuthenticatorPush,federatedSingleFactor"),
    				pulumi.String("password,hardwareOath"),
    				pulumi.String("password,microsoftAuthenticatorPush"),
    				pulumi.String("password,sms"),
    				pulumi.String("password,softwareOath"),
    				pulumi.String("password,voice"),
    				pulumi.String("sms"),
    				pulumi.String("sms,federatedSingleFactor"),
    				pulumi.String("softwareOath,federatedSingleFactor"),
    				pulumi.String("temporaryAccessPassMultiUse"),
    				pulumi.String("voice,federatedSingleFactor"),
    				pulumi.String("windowsHelloForBusiness"),
    				pulumi.String("x509CertificateMultiFactor"),
    				pulumi.String("x509CertificateSingleFactor"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azuread.AuthenticationStrengthPolicy;
    import com.pulumi.azuread.AuthenticationStrengthPolicyArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new AuthenticationStrengthPolicy("example", AuthenticationStrengthPolicyArgs.builder()        
                .displayName("Example Authentication Strength Policy")
                .description("Policy for demo purposes")
                .allowedCombinations(            
                    "fido2",
                    "password")
                .build());
    
            var example2 = new AuthenticationStrengthPolicy("example2", AuthenticationStrengthPolicyArgs.builder()        
                .displayName("Example Authentication Strength Policy")
                .description("Policy for demo purposes with all possible combinations")
                .allowedCombinations(            
                    "fido2",
                    "password",
                    "deviceBasedPush",
                    "temporaryAccessPassOneTime",
                    "federatedMultiFactor",
                    "federatedSingleFactor",
                    "hardwareOath,federatedSingleFactor",
                    "microsoftAuthenticatorPush,federatedSingleFactor",
                    "password,hardwareOath",
                    "password,microsoftAuthenticatorPush",
                    "password,sms",
                    "password,softwareOath",
                    "password,voice",
                    "sms",
                    "sms,federatedSingleFactor",
                    "softwareOath,federatedSingleFactor",
                    "temporaryAccessPassMultiUse",
                    "voice,federatedSingleFactor",
                    "windowsHelloForBusiness",
                    "x509CertificateMultiFactor",
                    "x509CertificateSingleFactor")
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_azuread as azuread
    
    example = azuread.AuthenticationStrengthPolicy("example",
        display_name="Example Authentication Strength Policy",
        description="Policy for demo purposes",
        allowed_combinations=[
            "fido2",
            "password",
        ])
    example2 = azuread.AuthenticationStrengthPolicy("example2",
        display_name="Example Authentication Strength Policy",
        description="Policy for demo purposes with all possible combinations",
        allowed_combinations=[
            "fido2",
            "password",
            "deviceBasedPush",
            "temporaryAccessPassOneTime",
            "federatedMultiFactor",
            "federatedSingleFactor",
            "hardwareOath,federatedSingleFactor",
            "microsoftAuthenticatorPush,federatedSingleFactor",
            "password,hardwareOath",
            "password,microsoftAuthenticatorPush",
            "password,sms",
            "password,softwareOath",
            "password,voice",
            "sms",
            "sms,federatedSingleFactor",
            "softwareOath,federatedSingleFactor",
            "temporaryAccessPassMultiUse",
            "voice,federatedSingleFactor",
            "windowsHelloForBusiness",
            "x509CertificateMultiFactor",
            "x509CertificateSingleFactor",
        ])
    
    import * as pulumi from "@pulumi/pulumi";
    import * as azuread from "@pulumi/azuread";
    
    const example = new azuread.AuthenticationStrengthPolicy("example", {
        displayName: "Example Authentication Strength Policy",
        description: "Policy for demo purposes",
        allowedCombinations: [
            "fido2",
            "password",
        ],
    });
    const example2 = new azuread.AuthenticationStrengthPolicy("example2", {
        displayName: "Example Authentication Strength Policy",
        description: "Policy for demo purposes with all possible combinations",
        allowedCombinations: [
            "fido2",
            "password",
            "deviceBasedPush",
            "temporaryAccessPassOneTime",
            "federatedMultiFactor",
            "federatedSingleFactor",
            "hardwareOath,federatedSingleFactor",
            "microsoftAuthenticatorPush,federatedSingleFactor",
            "password,hardwareOath",
            "password,microsoftAuthenticatorPush",
            "password,sms",
            "password,softwareOath",
            "password,voice",
            "sms",
            "sms,federatedSingleFactor",
            "softwareOath,federatedSingleFactor",
            "temporaryAccessPassMultiUse",
            "voice,federatedSingleFactor",
            "windowsHelloForBusiness",
            "x509CertificateMultiFactor",
            "x509CertificateSingleFactor",
        ],
    });
    
    resources:
      example:
        type: azuread:AuthenticationStrengthPolicy
        properties:
          displayName: Example Authentication Strength Policy
          description: Policy for demo purposes
          allowedCombinations:
            - fido2
            - password
      example2:
        type: azuread:AuthenticationStrengthPolicy
        properties:
          displayName: Example Authentication Strength Policy
          description: Policy for demo purposes with all possible combinations
          allowedCombinations:
            - fido2
            - password
            - deviceBasedPush
            - temporaryAccessPassOneTime
            - federatedMultiFactor
            - federatedSingleFactor
            - hardwareOath,federatedSingleFactor
            - microsoftAuthenticatorPush,federatedSingleFactor
            - password,hardwareOath
            - password,microsoftAuthenticatorPush
            - password,sms
            - password,softwareOath
            - password,voice
            - sms
            - sms,federatedSingleFactor
            - softwareOath,federatedSingleFactor
            - temporaryAccessPassMultiUse
            - voice,federatedSingleFactor
            - windowsHelloForBusiness
            - x509CertificateMultiFactor
            - x509CertificateSingleFactor
    

    Create AuthenticationStrengthPolicy Resource

    new AuthenticationStrengthPolicy(name: string, args: AuthenticationStrengthPolicyArgs, opts?: CustomResourceOptions);
    @overload
    def AuthenticationStrengthPolicy(resource_name: str,
                                     opts: Optional[ResourceOptions] = None,
                                     allowed_combinations: Optional[Sequence[str]] = None,
                                     description: Optional[str] = None,
                                     display_name: Optional[str] = None)
    @overload
    def AuthenticationStrengthPolicy(resource_name: str,
                                     args: AuthenticationStrengthPolicyArgs,
                                     opts: Optional[ResourceOptions] = None)
    func NewAuthenticationStrengthPolicy(ctx *Context, name string, args AuthenticationStrengthPolicyArgs, opts ...ResourceOption) (*AuthenticationStrengthPolicy, error)
    public AuthenticationStrengthPolicy(string name, AuthenticationStrengthPolicyArgs args, CustomResourceOptions? opts = null)
    public AuthenticationStrengthPolicy(String name, AuthenticationStrengthPolicyArgs args)
    public AuthenticationStrengthPolicy(String name, AuthenticationStrengthPolicyArgs args, CustomResourceOptions options)
    
    type: azuread:AuthenticationStrengthPolicy
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args AuthenticationStrengthPolicyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args AuthenticationStrengthPolicyArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args AuthenticationStrengthPolicyArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args AuthenticationStrengthPolicyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args AuthenticationStrengthPolicyArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    AuthenticationStrengthPolicy Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The AuthenticationStrengthPolicy resource accepts the following input properties:

    AllowedCombinations List<string>
    List of allowed authentication methods for this authentication strength policy.
    DisplayName string
    The friendly name for this authentication strength policy.
    Description string
    The description for this authentication strength policy.
    AllowedCombinations []string
    List of allowed authentication methods for this authentication strength policy.
    DisplayName string
    The friendly name for this authentication strength policy.
    Description string
    The description for this authentication strength policy.
    allowedCombinations List<String>
    List of allowed authentication methods for this authentication strength policy.
    displayName String
    The friendly name for this authentication strength policy.
    description String
    The description for this authentication strength policy.
    allowedCombinations string[]
    List of allowed authentication methods for this authentication strength policy.
    displayName string
    The friendly name for this authentication strength policy.
    description string
    The description for this authentication strength policy.
    allowed_combinations Sequence[str]
    List of allowed authentication methods for this authentication strength policy.
    display_name str
    The friendly name for this authentication strength policy.
    description str
    The description for this authentication strength policy.
    allowedCombinations List<String>
    List of allowed authentication methods for this authentication strength policy.
    displayName String
    The friendly name for this authentication strength policy.
    description String
    The description for this authentication strength policy.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the AuthenticationStrengthPolicy resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing AuthenticationStrengthPolicy Resource

    Get an existing AuthenticationStrengthPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: AuthenticationStrengthPolicyState, opts?: CustomResourceOptions): AuthenticationStrengthPolicy
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            allowed_combinations: Optional[Sequence[str]] = None,
            description: Optional[str] = None,
            display_name: Optional[str] = None) -> AuthenticationStrengthPolicy
    func GetAuthenticationStrengthPolicy(ctx *Context, name string, id IDInput, state *AuthenticationStrengthPolicyState, opts ...ResourceOption) (*AuthenticationStrengthPolicy, error)
    public static AuthenticationStrengthPolicy Get(string name, Input<string> id, AuthenticationStrengthPolicyState? state, CustomResourceOptions? opts = null)
    public static AuthenticationStrengthPolicy get(String name, Output<String> id, AuthenticationStrengthPolicyState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AllowedCombinations List<string>
    List of allowed authentication methods for this authentication strength policy.
    Description string
    The description for this authentication strength policy.
    DisplayName string
    The friendly name for this authentication strength policy.
    AllowedCombinations []string
    List of allowed authentication methods for this authentication strength policy.
    Description string
    The description for this authentication strength policy.
    DisplayName string
    The friendly name for this authentication strength policy.
    allowedCombinations List<String>
    List of allowed authentication methods for this authentication strength policy.
    description String
    The description for this authentication strength policy.
    displayName String
    The friendly name for this authentication strength policy.
    allowedCombinations string[]
    List of allowed authentication methods for this authentication strength policy.
    description string
    The description for this authentication strength policy.
    displayName string
    The friendly name for this authentication strength policy.
    allowed_combinations Sequence[str]
    List of allowed authentication methods for this authentication strength policy.
    description str
    The description for this authentication strength policy.
    display_name str
    The friendly name for this authentication strength policy.
    allowedCombinations List<String>
    List of allowed authentication methods for this authentication strength policy.
    description String
    The description for this authentication strength policy.
    displayName String
    The friendly name for this authentication strength policy.

    Import

    Authentication Strength Policies can be imported using the id, e.g.

    $ pulumi import azuread:index/authenticationStrengthPolicy:AuthenticationStrengthPolicy my_policy 00000000-0000-0000-0000-000000000000
    

    Package Details

    Repository
    Azure Active Directory (Azure AD) pulumi/pulumi-azuread
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the azuread Terraform Provider.
    azuread logo
    Azure Active Directory (Azure AD) v5.47.2 published on Tuesday, Feb 27, 2024 by Pulumi