Azure Active Directory (Azure AD) v6.4.0, Apr 7 25

Azure Active Directory (Azure AD) v6.4.0 published on Monday, Apr 7, 2025 by Pulumi

azuread.Provider

Explore with Pulumi AI

Azure Active Directory (Azure AD) v6.4.0 published on Monday, Apr 7, 2025 by Pulumi

The provider type for the azuread package. By default, resources use package-wide configuration settings, however an explicit Provider instance may be created and passed during resource construction to achieve fine-grained programmatic control over provider settings. See the documentation for more information.

Create Provider Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new Provider(name: string, args?: ProviderArgs, opts?: CustomResourceOptions);

@overload
def Provider(resource_name: str,
             args: Optional[ProviderArgs] = None,
             opts: Optional[ResourceOptions] = None)

@overload
def Provider(resource_name: str,
             opts: Optional[ResourceOptions] = None,
             ado_pipeline_service_connection_id: Optional[str] = None,
             client_certificate: Optional[str] = None,
             client_certificate_password: Optional[str] = None,
             client_certificate_path: Optional[str] = None,
             client_id: Optional[str] = None,
             client_id_file_path: Optional[str] = None,
             client_secret: Optional[str] = None,
             client_secret_file_path: Optional[str] = None,
             disable_terraform_partner_id: Optional[bool] = None,
             environment: Optional[str] = None,
             metadata_host: Optional[str] = None,
             msi_endpoint: Optional[str] = None,
             oidc_request_token: Optional[str] = None,
             oidc_request_url: Optional[str] = None,
             oidc_token: Optional[str] = None,
             oidc_token_file_path: Optional[str] = None,
             partner_id: Optional[str] = None,
             tenant_id: Optional[str] = None,
             use_aks_workload_identity: Optional[bool] = None,
             use_cli: Optional[bool] = None,
             use_msi: Optional[bool] = None,
             use_oidc: Optional[bool] = None)

func NewProvider(ctx *Context, name string, args *ProviderArgs, opts ...ResourceOption) (*Provider, error)

public Provider(string name, ProviderArgs? args = null, CustomResourceOptions? opts = null)

public Provider(String name, ProviderArgs args)
public Provider(String name, ProviderArgs args, CustomResourceOptions options)

type: pulumi:providers:azuread
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args ProviderArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args ProviderArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args ProviderArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args ProviderArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args ProviderArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Provider Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The Provider resource accepts the following input properties:

AdoPipelineServiceConnectionId string: The Azure DevOps Pipeline Service Connection ID.
ClientCertificate string: Base64 encoded PKCS#12 certificate bundle to use when authenticating as a Service Principal using a Client Certificate
ClientCertificatePassword string: The password to decrypt the Client Certificate. For use when authenticating as a Service Principal using a Client Certificate
ClientCertificatePath string: The path to the Client Certificate associated with the Service Principal for use when authenticating as a Service Principal using a Client Certificate
ClientId string: The Client ID which should be used for service principal authentication
ClientIdFilePath string: The path to a file containing the Client ID which should be used for service principal authentication
ClientSecret string: The application password to use when authenticating as a Service Principal using a Client Secret
ClientSecretFilePath string: The path to a file containing the application password to use when authenticating as a Service Principal using a Client Secret
DisableTerraformPartnerId bool
Environment string: The cloud environment which should be used. Possible values are: global (also public), usgovernmentl4 (also usgovernment), usgovernmentl5 (also dod), and china. Defaults to global. Not used and should not be specified when metadata_host is specified. It can also be sourced from the following environment variable: ARM_ENVIRONMENT
MetadataHost string: The Hostname which should be used for the Azure Metadata Service.
MsiEndpoint string: The path to a custom endpoint for Managed Identity - in most circumstances this should be detected automatically It can also be sourced from the following environment variable: ARM_MSI_ENDPOINT
OidcRequestToken string: The bearer token for the request to the OIDC provider. For use when authenticating as a Service Principal using OpenID Connect.
OidcRequestUrl string: The URL for the OIDC provider from which to request an ID token. For use when authenticating as a Service Principal using OpenID Connect.
OidcToken string: The ID token for use when authenticating as a Service Principal using OpenID Connect.
OidcTokenFilePath string: The path to a file containing an ID token for use when authenticating as a Service Principal using OpenID Connect.
PartnerId string: A GUID/UUID that is registered with Microsoft to facilitate partner resource usage attribution
TenantId string: The Tenant ID which should be used. Works with all authentication methods except Managed Identity
UseAksWorkloadIdentity bool: Allow Azure AKS Workload Identity to be used for Authentication.
UseCli bool: Allow Azure CLI to be used for Authentication
UseMsi bool: Allow Managed Identity to be used for Authentication It can also be sourced from the following environment variable: ARM_USE_MSI
UseOidc bool: Allow OpenID Connect to be used for authentication

AdoPipelineServiceConnectionId string: The Azure DevOps Pipeline Service Connection ID.
ClientCertificate string: Base64 encoded PKCS#12 certificate bundle to use when authenticating as a Service Principal using a Client Certificate
ClientCertificatePassword string: The password to decrypt the Client Certificate. For use when authenticating as a Service Principal using a Client Certificate
ClientCertificatePath string: The path to the Client Certificate associated with the Service Principal for use when authenticating as a Service Principal using a Client Certificate
ClientId string: The Client ID which should be used for service principal authentication
ClientIdFilePath string: The path to a file containing the Client ID which should be used for service principal authentication
ClientSecret string: The application password to use when authenticating as a Service Principal using a Client Secret
ClientSecretFilePath string: The path to a file containing the application password to use when authenticating as a Service Principal using a Client Secret
DisableTerraformPartnerId bool
Environment string: The cloud environment which should be used. Possible values are: global (also public), usgovernmentl4 (also usgovernment), usgovernmentl5 (also dod), and china. Defaults to global. Not used and should not be specified when metadata_host is specified. It can also be sourced from the following environment variable: ARM_ENVIRONMENT
MetadataHost string: The Hostname which should be used for the Azure Metadata Service.
MsiEndpoint string: The path to a custom endpoint for Managed Identity - in most circumstances this should be detected automatically It can also be sourced from the following environment variable: ARM_MSI_ENDPOINT
OidcRequestToken string: The bearer token for the request to the OIDC provider. For use when authenticating as a Service Principal using OpenID Connect.
OidcRequestUrl string: The URL for the OIDC provider from which to request an ID token. For use when authenticating as a Service Principal using OpenID Connect.
OidcToken string: The ID token for use when authenticating as a Service Principal using OpenID Connect.
OidcTokenFilePath string: The path to a file containing an ID token for use when authenticating as a Service Principal using OpenID Connect.
PartnerId string: A GUID/UUID that is registered with Microsoft to facilitate partner resource usage attribution
TenantId string: The Tenant ID which should be used. Works with all authentication methods except Managed Identity
UseAksWorkloadIdentity bool: Allow Azure AKS Workload Identity to be used for Authentication.
UseCli bool: Allow Azure CLI to be used for Authentication
UseMsi bool: Allow Managed Identity to be used for Authentication It can also be sourced from the following environment variable: ARM_USE_MSI
UseOidc bool: Allow OpenID Connect to be used for authentication

adoPipelineServiceConnectionId String: The Azure DevOps Pipeline Service Connection ID.
clientCertificate String: Base64 encoded PKCS#12 certificate bundle to use when authenticating as a Service Principal using a Client Certificate
clientCertificatePassword String: The password to decrypt the Client Certificate. For use when authenticating as a Service Principal using a Client Certificate
clientCertificatePath String: The path to the Client Certificate associated with the Service Principal for use when authenticating as a Service Principal using a Client Certificate
clientId String: The Client ID which should be used for service principal authentication
clientIdFilePath String: The path to a file containing the Client ID which should be used for service principal authentication
clientSecret String: The application password to use when authenticating as a Service Principal using a Client Secret
clientSecretFilePath String: The path to a file containing the application password to use when authenticating as a Service Principal using a Client Secret
disableTerraformPartnerId Boolean
environment String: The cloud environment which should be used. Possible values are: global (also public), usgovernmentl4 (also usgovernment), usgovernmentl5 (also dod), and china. Defaults to global. Not used and should not be specified when metadata_host is specified. It can also be sourced from the following environment variable: ARM_ENVIRONMENT
metadataHost String: The Hostname which should be used for the Azure Metadata Service.
msiEndpoint String: The path to a custom endpoint for Managed Identity - in most circumstances this should be detected automatically It can also be sourced from the following environment variable: ARM_MSI_ENDPOINT
oidcRequestToken String: The bearer token for the request to the OIDC provider. For use when authenticating as a Service Principal using OpenID Connect.
oidcRequestUrl String: The URL for the OIDC provider from which to request an ID token. For use when authenticating as a Service Principal using OpenID Connect.
oidcToken String: The ID token for use when authenticating as a Service Principal using OpenID Connect.
oidcTokenFilePath String: The path to a file containing an ID token for use when authenticating as a Service Principal using OpenID Connect.
partnerId String: A GUID/UUID that is registered with Microsoft to facilitate partner resource usage attribution
tenantId String: The Tenant ID which should be used. Works with all authentication methods except Managed Identity
useAksWorkloadIdentity Boolean: Allow Azure AKS Workload Identity to be used for Authentication.
useCli Boolean: Allow Azure CLI to be used for Authentication
useMsi Boolean: Allow Managed Identity to be used for Authentication It can also be sourced from the following environment variable: ARM_USE_MSI
useOidc Boolean: Allow OpenID Connect to be used for authentication

adoPipelineServiceConnectionId string: The Azure DevOps Pipeline Service Connection ID.
clientCertificate string: Base64 encoded PKCS#12 certificate bundle to use when authenticating as a Service Principal using a Client Certificate
clientCertificatePassword string: The password to decrypt the Client Certificate. For use when authenticating as a Service Principal using a Client Certificate
clientCertificatePath string: The path to the Client Certificate associated with the Service Principal for use when authenticating as a Service Principal using a Client Certificate
clientId string: The Client ID which should be used for service principal authentication
clientIdFilePath string: The path to a file containing the Client ID which should be used for service principal authentication
clientSecret string: The application password to use when authenticating as a Service Principal using a Client Secret
clientSecretFilePath string: The path to a file containing the application password to use when authenticating as a Service Principal using a Client Secret
disableTerraformPartnerId boolean
environment string: The cloud environment which should be used. Possible values are: global (also public), usgovernmentl4 (also usgovernment), usgovernmentl5 (also dod), and china. Defaults to global. Not used and should not be specified when metadata_host is specified. It can also be sourced from the following environment variable: ARM_ENVIRONMENT
metadataHost string: The Hostname which should be used for the Azure Metadata Service.
msiEndpoint string: The path to a custom endpoint for Managed Identity - in most circumstances this should be detected automatically It can also be sourced from the following environment variable: ARM_MSI_ENDPOINT
oidcRequestToken string: The bearer token for the request to the OIDC provider. For use when authenticating as a Service Principal using OpenID Connect.
oidcRequestUrl string: The URL for the OIDC provider from which to request an ID token. For use when authenticating as a Service Principal using OpenID Connect.
oidcToken string: The ID token for use when authenticating as a Service Principal using OpenID Connect.
oidcTokenFilePath string: The path to a file containing an ID token for use when authenticating as a Service Principal using OpenID Connect.
partnerId string: A GUID/UUID that is registered with Microsoft to facilitate partner resource usage attribution
tenantId string: The Tenant ID which should be used. Works with all authentication methods except Managed Identity
useAksWorkloadIdentity boolean: Allow Azure AKS Workload Identity to be used for Authentication.
useCli boolean: Allow Azure CLI to be used for Authentication
useMsi boolean: Allow Managed Identity to be used for Authentication It can also be sourced from the following environment variable: ARM_USE_MSI
useOidc boolean: Allow OpenID Connect to be used for authentication

ado_pipeline_service_connection_id str: The Azure DevOps Pipeline Service Connection ID.
client_certificate str: Base64 encoded PKCS#12 certificate bundle to use when authenticating as a Service Principal using a Client Certificate
client_certificate_password str: The password to decrypt the Client Certificate. For use when authenticating as a Service Principal using a Client Certificate
client_certificate_path str: The path to the Client Certificate associated with the Service Principal for use when authenticating as a Service Principal using a Client Certificate
client_id str: The Client ID which should be used for service principal authentication
client_id_file_path str: The path to a file containing the Client ID which should be used for service principal authentication
client_secret str: The application password to use when authenticating as a Service Principal using a Client Secret
client_secret_file_path str: The path to a file containing the application password to use when authenticating as a Service Principal using a Client Secret
disable_terraform_partner_id bool
environment str: The cloud environment which should be used. Possible values are: global (also public), usgovernmentl4 (also usgovernment), usgovernmentl5 (also dod), and china. Defaults to global. Not used and should not be specified when metadata_host is specified. It can also be sourced from the following environment variable: ARM_ENVIRONMENT
metadata_host str: The Hostname which should be used for the Azure Metadata Service.
msi_endpoint str: The path to a custom endpoint for Managed Identity - in most circumstances this should be detected automatically It can also be sourced from the following environment variable: ARM_MSI_ENDPOINT
oidc_request_token str: The bearer token for the request to the OIDC provider. For use when authenticating as a Service Principal using OpenID Connect.
oidc_request_url str: The URL for the OIDC provider from which to request an ID token. For use when authenticating as a Service Principal using OpenID Connect.
oidc_token str: The ID token for use when authenticating as a Service Principal using OpenID Connect.
oidc_token_file_path str: The path to a file containing an ID token for use when authenticating as a Service Principal using OpenID Connect.
partner_id str: A GUID/UUID that is registered with Microsoft to facilitate partner resource usage attribution
tenant_id str: The Tenant ID which should be used. Works with all authentication methods except Managed Identity
use_aks_workload_identity bool: Allow Azure AKS Workload Identity to be used for Authentication.
use_cli bool: Allow Azure CLI to be used for Authentication
use_msi bool: Allow Managed Identity to be used for Authentication It can also be sourced from the following environment variable: ARM_USE_MSI
use_oidc bool: Allow OpenID Connect to be used for authentication

adoPipelineServiceConnectionId String: The Azure DevOps Pipeline Service Connection ID.
clientCertificate String: Base64 encoded PKCS#12 certificate bundle to use when authenticating as a Service Principal using a Client Certificate
clientCertificatePassword String: The password to decrypt the Client Certificate. For use when authenticating as a Service Principal using a Client Certificate
clientCertificatePath String: The path to the Client Certificate associated with the Service Principal for use when authenticating as a Service Principal using a Client Certificate
clientId String: The Client ID which should be used for service principal authentication
clientIdFilePath String: The path to a file containing the Client ID which should be used for service principal authentication
clientSecret String: The application password to use when authenticating as a Service Principal using a Client Secret
clientSecretFilePath String: The path to a file containing the application password to use when authenticating as a Service Principal using a Client Secret
disableTerraformPartnerId Boolean
environment String: The cloud environment which should be used. Possible values are: global (also public), usgovernmentl4 (also usgovernment), usgovernmentl5 (also dod), and china. Defaults to global. Not used and should not be specified when metadata_host is specified. It can also be sourced from the following environment variable: ARM_ENVIRONMENT
metadataHost String: The Hostname which should be used for the Azure Metadata Service.
msiEndpoint String: The path to a custom endpoint for Managed Identity - in most circumstances this should be detected automatically It can also be sourced from the following environment variable: ARM_MSI_ENDPOINT
oidcRequestToken String: The bearer token for the request to the OIDC provider. For use when authenticating as a Service Principal using OpenID Connect.
oidcRequestUrl String: The URL for the OIDC provider from which to request an ID token. For use when authenticating as a Service Principal using OpenID Connect.
oidcToken String: The ID token for use when authenticating as a Service Principal using OpenID Connect.
oidcTokenFilePath String: The path to a file containing an ID token for use when authenticating as a Service Principal using OpenID Connect.
partnerId String: A GUID/UUID that is registered with Microsoft to facilitate partner resource usage attribution
tenantId String: The Tenant ID which should be used. Works with all authentication methods except Managed Identity
useAksWorkloadIdentity Boolean: Allow Azure AKS Workload Identity to be used for Authentication.
useCli Boolean: Allow Azure CLI to be used for Authentication
useMsi Boolean: Allow Managed Identity to be used for Authentication It can also be sourced from the following environment variable: ARM_USE_MSI
useOidc Boolean: Allow OpenID Connect to be used for authentication

Outputs

All input properties are implicitly available as output properties. Additionally, the Provider resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

Package Details

Repository: Azure Active Directory (Azure AD) pulumi/pulumi-azuread
License: Apache-2.0
Notes: This Pulumi package is based on the azuread Terraform Provider.

Azure Active Directory (Azure AD) v6.4.0 published on Monday, Apr 7, 2025 by Pulumi

pulumi/pulumi-azuread

azuread.Provider

On this page

On this page

Create Provider Resource

Constructor syntax

Parameters

Provider Resource Properties

Inputs

Outputs

Package Details

On this page

On this page