cloudflare.AccessApplication
Explore with Pulumi AI
Provides a Cloudflare Access Application resource. Access Applications are used to restrict access to a whole application using an authorisation gateway managed by Cloudflare.
It’s required that an
account_id
orzone_id
is provided and in most cases using either is fine. However, if you’re using a scoped access token, you must provide the argument that matches the token’s scope. For example, an access token that is scoped to the “example.com” zone needs to use thezone_id
argument.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";
// With CORS configuration
const stagingApp = new cloudflare.AccessApplication("stagingApp", {
corsHeaders: [{
allowCredentials: true,
allowedMethods: [
"GET",
"POST",
"OPTIONS",
],
allowedOrigins: ["https://example.com"],
maxAge: 10,
}],
domain: "staging.example.com",
name: "staging application",
sessionDuration: "24h",
type: "self_hosted",
zoneId: "0da42c8d2132a9ddaf714f9e7c920711",
});
import pulumi
import pulumi_cloudflare as cloudflare
# With CORS configuration
staging_app = cloudflare.AccessApplication("stagingApp",
cors_headers=[cloudflare.AccessApplicationCorsHeaderArgs(
allow_credentials=True,
allowed_methods=[
"GET",
"POST",
"OPTIONS",
],
allowed_origins=["https://example.com"],
max_age=10,
)],
domain="staging.example.com",
name="staging application",
session_duration="24h",
type="self_hosted",
zone_id="0da42c8d2132a9ddaf714f9e7c920711")
package main
import (
"github.com/pulumi/pulumi-cloudflare/sdk/v5/go/cloudflare"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// With CORS configuration
_, err := cloudflare.NewAccessApplication(ctx, "stagingApp", &cloudflare.AccessApplicationArgs{
CorsHeaders: cloudflare.AccessApplicationCorsHeaderArray{
&cloudflare.AccessApplicationCorsHeaderArgs{
AllowCredentials: pulumi.Bool(true),
AllowedMethods: pulumi.StringArray{
pulumi.String("GET"),
pulumi.String("POST"),
pulumi.String("OPTIONS"),
},
AllowedOrigins: pulumi.StringArray{
pulumi.String("https://example.com"),
},
MaxAge: pulumi.Int(10),
},
},
Domain: pulumi.String("staging.example.com"),
Name: pulumi.String("staging application"),
SessionDuration: pulumi.String("24h"),
Type: pulumi.String("self_hosted"),
ZoneId: pulumi.String("0da42c8d2132a9ddaf714f9e7c920711"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Cloudflare = Pulumi.Cloudflare;
return await Deployment.RunAsync(() =>
{
// With CORS configuration
var stagingApp = new Cloudflare.AccessApplication("stagingApp", new()
{
CorsHeaders = new[]
{
new Cloudflare.Inputs.AccessApplicationCorsHeaderArgs
{
AllowCredentials = true,
AllowedMethods = new[]
{
"GET",
"POST",
"OPTIONS",
},
AllowedOrigins = new[]
{
"https://example.com",
},
MaxAge = 10,
},
},
Domain = "staging.example.com",
Name = "staging application",
SessionDuration = "24h",
Type = "self_hosted",
ZoneId = "0da42c8d2132a9ddaf714f9e7c920711",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.cloudflare.AccessApplication;
import com.pulumi.cloudflare.AccessApplicationArgs;
import com.pulumi.cloudflare.inputs.AccessApplicationCorsHeaderArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var stagingApp = new AccessApplication("stagingApp", AccessApplicationArgs.builder()
.corsHeaders(AccessApplicationCorsHeaderArgs.builder()
.allowCredentials(true)
.allowedMethods(
"GET",
"POST",
"OPTIONS")
.allowedOrigins("https://example.com")
.maxAge(10)
.build())
.domain("staging.example.com")
.name("staging application")
.sessionDuration("24h")
.type("self_hosted")
.zoneId("0da42c8d2132a9ddaf714f9e7c920711")
.build());
}
}
resources:
# With CORS configuration
stagingApp:
type: cloudflare:AccessApplication
properties:
corsHeaders:
- allowCredentials: true
allowedMethods:
- GET
- POST
- OPTIONS
allowedOrigins:
- https://example.com
maxAge: 10
domain: staging.example.com
name: staging application
sessionDuration: 24h
type: self_hosted
zoneId: 0da42c8d2132a9ddaf714f9e7c920711
Create AccessApplication Resource
new AccessApplication(name: string, args?: AccessApplicationArgs, opts?: CustomResourceOptions);
@overload
def AccessApplication(resource_name: str,
opts: Optional[ResourceOptions] = None,
account_id: Optional[str] = None,
allow_authenticate_via_warp: Optional[bool] = None,
allowed_idps: Optional[Sequence[str]] = None,
app_launcher_logo_url: Optional[str] = None,
app_launcher_visible: Optional[bool] = None,
auto_redirect_to_identity: Optional[bool] = None,
bg_color: Optional[str] = None,
cors_headers: Optional[Sequence[AccessApplicationCorsHeaderArgs]] = None,
custom_deny_message: Optional[str] = None,
custom_deny_url: Optional[str] = None,
custom_non_identity_deny_url: Optional[str] = None,
custom_pages: Optional[Sequence[str]] = None,
domain: Optional[str] = None,
enable_binding_cookie: Optional[bool] = None,
footer_links: Optional[Sequence[AccessApplicationFooterLinkArgs]] = None,
header_bg_color: Optional[str] = None,
http_only_cookie_attribute: Optional[bool] = None,
landing_page_design: Optional[AccessApplicationLandingPageDesignArgs] = None,
logo_url: Optional[str] = None,
name: Optional[str] = None,
saas_app: Optional[AccessApplicationSaasAppArgs] = None,
same_site_cookie_attribute: Optional[str] = None,
self_hosted_domains: Optional[Sequence[str]] = None,
service_auth401_redirect: Optional[bool] = None,
session_duration: Optional[str] = None,
skip_interstitial: Optional[bool] = None,
tags: Optional[Sequence[str]] = None,
type: Optional[str] = None,
zone_id: Optional[str] = None)
@overload
def AccessApplication(resource_name: str,
args: Optional[AccessApplicationArgs] = None,
opts: Optional[ResourceOptions] = None)
func NewAccessApplication(ctx *Context, name string, args *AccessApplicationArgs, opts ...ResourceOption) (*AccessApplication, error)
public AccessApplication(string name, AccessApplicationArgs? args = null, CustomResourceOptions? opts = null)
public AccessApplication(String name, AccessApplicationArgs args)
public AccessApplication(String name, AccessApplicationArgs args, CustomResourceOptions options)
type: cloudflare:AccessApplication
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AccessApplicationArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AccessApplicationArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AccessApplicationArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AccessApplicationArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AccessApplicationArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
AccessApplication Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The AccessApplication resource accepts the following input properties:
- Account
Id string - The account identifier to target for the resource. Conflicts with
zone_id
. - Allow
Authenticate boolVia Warp - When set to true, users can authenticate to this application using their WARP session. When set to false this application will always require direct IdP authentication. This setting always overrides the organization setting for WARP authentication.
- Allowed
Idps List<string> - The identity providers selected for the application.
- App
Launcher stringLogo Url - The logo URL of the app launcher.
- App
Launcher boolVisible - Option to show/hide applications in App Launcher. Defaults to
true
. - Auto
Redirect boolTo Identity - Option to skip identity provider selection if only one is configured in
allowed_idps
. Defaults tofalse
. - Bg
Color string - The background color of the app launcher.
- Cors
Headers List<AccessApplication Cors Header> - CORS configuration for the Access Application. See below for reference structure.
- Custom
Deny stringMessage - Option that returns a custom error message when a user is denied access to the application.
- Custom
Deny stringUrl - Option that redirects to a custom URL when a user is denied access to the application via identity based rules.
- Custom
Non stringIdentity Deny Url - Option that redirects to a custom URL when a user is denied access to the application via non identity rules.
- Custom
Pages List<string> - The custom pages selected for the application.
- Domain string
- The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed.
- bool
- Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to
false
. - List<Access
Application Footer Link> - The footer links of the app launcher.
- Header
Bg stringColor - The background color of the header bar in the app launcher.
- bool
- Option to add the
HttpOnly
cookie flag to access tokens. - Landing
Page AccessDesign Application Landing Page Design - The landing page design of the app launcher.
- Logo
Url string - Image URL for the logo shown in the app launcher dashboard.
- Name string
- The name of the footer link.
- Saas
App AccessApplication Saas App - SaaS configuration for the Access Application.
- string
- Defines the same-site cookie setting for access tokens. Available values:
none
,lax
,strict
. - Self
Hosted List<string>Domains - List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as
domain
. - Service
Auth401Redirect bool - Option to return a 401 status code in service authentication rules on failed requests. Defaults to
false
. - Session
Duration string - How often a user will be forced to re-authorise. Must be in the format
48h
or2h45m
. Defaults to24h
. - Skip
Interstitial bool - Option to skip the authorization interstitial when using the CLI. Defaults to
false
. - List<string>
- The itags associated with the application.
- Type string
- The application type. Available values:
app_launcher
,bookmark
,biso
,dash_sso
,saas
,self_hosted
,ssh
,vnc
,warp
. Defaults toself_hosted
. - Zone
Id string - The zone identifier to target for the resource. Conflicts with
account_id
.
- Account
Id string - The account identifier to target for the resource. Conflicts with
zone_id
. - Allow
Authenticate boolVia Warp - When set to true, users can authenticate to this application using their WARP session. When set to false this application will always require direct IdP authentication. This setting always overrides the organization setting for WARP authentication.
- Allowed
Idps []string - The identity providers selected for the application.
- App
Launcher stringLogo Url - The logo URL of the app launcher.
- App
Launcher boolVisible - Option to show/hide applications in App Launcher. Defaults to
true
. - Auto
Redirect boolTo Identity - Option to skip identity provider selection if only one is configured in
allowed_idps
. Defaults tofalse
. - Bg
Color string - The background color of the app launcher.
- Cors
Headers []AccessApplication Cors Header Args - CORS configuration for the Access Application. See below for reference structure.
- Custom
Deny stringMessage - Option that returns a custom error message when a user is denied access to the application.
- Custom
Deny stringUrl - Option that redirects to a custom URL when a user is denied access to the application via identity based rules.
- Custom
Non stringIdentity Deny Url - Option that redirects to a custom URL when a user is denied access to the application via non identity rules.
- Custom
Pages []string - The custom pages selected for the application.
- Domain string
- The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed.
- bool
- Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to
false
. - []Access
Application Footer Link Args - The footer links of the app launcher.
- Header
Bg stringColor - The background color of the header bar in the app launcher.
- bool
- Option to add the
HttpOnly
cookie flag to access tokens. - Landing
Page AccessDesign Application Landing Page Design Args - The landing page design of the app launcher.
- Logo
Url string - Image URL for the logo shown in the app launcher dashboard.
- Name string
- The name of the footer link.
- Saas
App AccessApplication Saas App Args - SaaS configuration for the Access Application.
- string
- Defines the same-site cookie setting for access tokens. Available values:
none
,lax
,strict
. - Self
Hosted []stringDomains - List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as
domain
. - Service
Auth401Redirect bool - Option to return a 401 status code in service authentication rules on failed requests. Defaults to
false
. - Session
Duration string - How often a user will be forced to re-authorise. Must be in the format
48h
or2h45m
. Defaults to24h
. - Skip
Interstitial bool - Option to skip the authorization interstitial when using the CLI. Defaults to
false
. - []string
- The itags associated with the application.
- Type string
- The application type. Available values:
app_launcher
,bookmark
,biso
,dash_sso
,saas
,self_hosted
,ssh
,vnc
,warp
. Defaults toself_hosted
. - Zone
Id string - The zone identifier to target for the resource. Conflicts with
account_id
.
- account
Id String - The account identifier to target for the resource. Conflicts with
zone_id
. - allow
Authenticate BooleanVia Warp - When set to true, users can authenticate to this application using their WARP session. When set to false this application will always require direct IdP authentication. This setting always overrides the organization setting for WARP authentication.
- allowed
Idps List<String> - The identity providers selected for the application.
- app
Launcher StringLogo Url - The logo URL of the app launcher.
- app
Launcher BooleanVisible - Option to show/hide applications in App Launcher. Defaults to
true
. - auto
Redirect BooleanTo Identity - Option to skip identity provider selection if only one is configured in
allowed_idps
. Defaults tofalse
. - bg
Color String - The background color of the app launcher.
- cors
Headers List<AccessApplication Cors Header> - CORS configuration for the Access Application. See below for reference structure.
- custom
Deny StringMessage - Option that returns a custom error message when a user is denied access to the application.
- custom
Deny StringUrl - Option that redirects to a custom URL when a user is denied access to the application via identity based rules.
- custom
Non StringIdentity Deny Url - Option that redirects to a custom URL when a user is denied access to the application via non identity rules.
- custom
Pages List<String> - The custom pages selected for the application.
- domain String
- The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed.
- Boolean
- Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to
false
. - List<Access
Application Footer Link> - The footer links of the app launcher.
- header
Bg StringColor - The background color of the header bar in the app launcher.
- Boolean
- Option to add the
HttpOnly
cookie flag to access tokens. - landing
Page AccessDesign Application Landing Page Design - The landing page design of the app launcher.
- logo
Url String - Image URL for the logo shown in the app launcher dashboard.
- name String
- The name of the footer link.
- saas
App AccessApplication Saas App - SaaS configuration for the Access Application.
- String
- Defines the same-site cookie setting for access tokens. Available values:
none
,lax
,strict
. - self
Hosted List<String>Domains - List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as
domain
. - service
Auth401Redirect Boolean - Option to return a 401 status code in service authentication rules on failed requests. Defaults to
false
. - session
Duration String - How often a user will be forced to re-authorise. Must be in the format
48h
or2h45m
. Defaults to24h
. - skip
Interstitial Boolean - Option to skip the authorization interstitial when using the CLI. Defaults to
false
. - List<String>
- The itags associated with the application.
- type String
- The application type. Available values:
app_launcher
,bookmark
,biso
,dash_sso
,saas
,self_hosted
,ssh
,vnc
,warp
. Defaults toself_hosted
. - zone
Id String - The zone identifier to target for the resource. Conflicts with
account_id
.
- account
Id string - The account identifier to target for the resource. Conflicts with
zone_id
. - allow
Authenticate booleanVia Warp - When set to true, users can authenticate to this application using their WARP session. When set to false this application will always require direct IdP authentication. This setting always overrides the organization setting for WARP authentication.
- allowed
Idps string[] - The identity providers selected for the application.
- app
Launcher stringLogo Url - The logo URL of the app launcher.
- app
Launcher booleanVisible - Option to show/hide applications in App Launcher. Defaults to
true
. - auto
Redirect booleanTo Identity - Option to skip identity provider selection if only one is configured in
allowed_idps
. Defaults tofalse
. - bg
Color string - The background color of the app launcher.
- cors
Headers AccessApplication Cors Header[] - CORS configuration for the Access Application. See below for reference structure.
- custom
Deny stringMessage - Option that returns a custom error message when a user is denied access to the application.
- custom
Deny stringUrl - Option that redirects to a custom URL when a user is denied access to the application via identity based rules.
- custom
Non stringIdentity Deny Url - Option that redirects to a custom URL when a user is denied access to the application via non identity rules.
- custom
Pages string[] - The custom pages selected for the application.
- domain string
- The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed.
- boolean
- Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to
false
. - Access
Application Footer Link[] - The footer links of the app launcher.
- header
Bg stringColor - The background color of the header bar in the app launcher.
- boolean
- Option to add the
HttpOnly
cookie flag to access tokens. - landing
Page AccessDesign Application Landing Page Design - The landing page design of the app launcher.
- logo
Url string - Image URL for the logo shown in the app launcher dashboard.
- name string
- The name of the footer link.
- saas
App AccessApplication Saas App - SaaS configuration for the Access Application.
- string
- Defines the same-site cookie setting for access tokens. Available values:
none
,lax
,strict
. - self
Hosted string[]Domains - List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as
domain
. - service
Auth401Redirect boolean - Option to return a 401 status code in service authentication rules on failed requests. Defaults to
false
. - session
Duration string - How often a user will be forced to re-authorise. Must be in the format
48h
or2h45m
. Defaults to24h
. - skip
Interstitial boolean - Option to skip the authorization interstitial when using the CLI. Defaults to
false
. - string[]
- The itags associated with the application.
- type string
- The application type. Available values:
app_launcher
,bookmark
,biso
,dash_sso
,saas
,self_hosted
,ssh
,vnc
,warp
. Defaults toself_hosted
. - zone
Id string - The zone identifier to target for the resource. Conflicts with
account_id
.
- account_
id str - The account identifier to target for the resource. Conflicts with
zone_id
. - allow_
authenticate_ boolvia_ warp - When set to true, users can authenticate to this application using their WARP session. When set to false this application will always require direct IdP authentication. This setting always overrides the organization setting for WARP authentication.
- allowed_
idps Sequence[str] - The identity providers selected for the application.
- app_
launcher_ strlogo_ url - The logo URL of the app launcher.
- app_
launcher_ boolvisible - Option to show/hide applications in App Launcher. Defaults to
true
. - auto_
redirect_ boolto_ identity - Option to skip identity provider selection if only one is configured in
allowed_idps
. Defaults tofalse
. - bg_
color str - The background color of the app launcher.
- cors_
headers Sequence[AccessApplication Cors Header Args] - CORS configuration for the Access Application. See below for reference structure.
- custom_
deny_ strmessage - Option that returns a custom error message when a user is denied access to the application.
- custom_
deny_ strurl - Option that redirects to a custom URL when a user is denied access to the application via identity based rules.
- custom_
non_ stridentity_ deny_ url - Option that redirects to a custom URL when a user is denied access to the application via non identity rules.
- custom_
pages Sequence[str] - The custom pages selected for the application.
- domain str
- The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed.
- bool
- Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to
false
. - Sequence[Access
Application Footer Link Args] - The footer links of the app launcher.
- header_
bg_ strcolor - The background color of the header bar in the app launcher.
- bool
- Option to add the
HttpOnly
cookie flag to access tokens. - landing_
page_ Accessdesign Application Landing Page Design Args - The landing page design of the app launcher.
- logo_
url str - Image URL for the logo shown in the app launcher dashboard.
- name str
- The name of the footer link.
- saas_
app AccessApplication Saas App Args - SaaS configuration for the Access Application.
- str
- Defines the same-site cookie setting for access tokens. Available values:
none
,lax
,strict
. - self_
hosted_ Sequence[str]domains - List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as
domain
. - service_
auth401_ boolredirect - Option to return a 401 status code in service authentication rules on failed requests. Defaults to
false
. - session_
duration str - How often a user will be forced to re-authorise. Must be in the format
48h
or2h45m
. Defaults to24h
. - skip_
interstitial bool - Option to skip the authorization interstitial when using the CLI. Defaults to
false
. - Sequence[str]
- The itags associated with the application.
- type str
- The application type. Available values:
app_launcher
,bookmark
,biso
,dash_sso
,saas
,self_hosted
,ssh
,vnc
,warp
. Defaults toself_hosted
. - zone_
id str - The zone identifier to target for the resource. Conflicts with
account_id
.
- account
Id String - The account identifier to target for the resource. Conflicts with
zone_id
. - allow
Authenticate BooleanVia Warp - When set to true, users can authenticate to this application using their WARP session. When set to false this application will always require direct IdP authentication. This setting always overrides the organization setting for WARP authentication.
- allowed
Idps List<String> - The identity providers selected for the application.
- app
Launcher StringLogo Url - The logo URL of the app launcher.
- app
Launcher BooleanVisible - Option to show/hide applications in App Launcher. Defaults to
true
. - auto
Redirect BooleanTo Identity - Option to skip identity provider selection if only one is configured in
allowed_idps
. Defaults tofalse
. - bg
Color String - The background color of the app launcher.
- cors
Headers List<Property Map> - CORS configuration for the Access Application. See below for reference structure.
- custom
Deny StringMessage - Option that returns a custom error message when a user is denied access to the application.
- custom
Deny StringUrl - Option that redirects to a custom URL when a user is denied access to the application via identity based rules.
- custom
Non StringIdentity Deny Url - Option that redirects to a custom URL when a user is denied access to the application via non identity rules.
- custom
Pages List<String> - The custom pages selected for the application.
- domain String
- The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed.
- Boolean
- Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to
false
. - List<Property Map>
- The footer links of the app launcher.
- header
Bg StringColor - The background color of the header bar in the app launcher.
- Boolean
- Option to add the
HttpOnly
cookie flag to access tokens. - landing
Page Property MapDesign - The landing page design of the app launcher.
- logo
Url String - Image URL for the logo shown in the app launcher dashboard.
- name String
- The name of the footer link.
- saas
App Property Map - SaaS configuration for the Access Application.
- String
- Defines the same-site cookie setting for access tokens. Available values:
none
,lax
,strict
. - self
Hosted List<String>Domains - List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as
domain
. - service
Auth401Redirect Boolean - Option to return a 401 status code in service authentication rules on failed requests. Defaults to
false
. - session
Duration String - How often a user will be forced to re-authorise. Must be in the format
48h
or2h45m
. Defaults to24h
. - skip
Interstitial Boolean - Option to skip the authorization interstitial when using the CLI. Defaults to
false
. - List<String>
- The itags associated with the application.
- type String
- The application type. Available values:
app_launcher
,bookmark
,biso
,dash_sso
,saas
,self_hosted
,ssh
,vnc
,warp
. Defaults toself_hosted
. - zone
Id String - The zone identifier to target for the resource. Conflicts with
account_id
.
Outputs
All input properties are implicitly available as output properties. Additionally, the AccessApplication resource produces the following output properties:
Look up Existing AccessApplication Resource
Get an existing AccessApplication resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: AccessApplicationState, opts?: CustomResourceOptions): AccessApplication
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
account_id: Optional[str] = None,
allow_authenticate_via_warp: Optional[bool] = None,
allowed_idps: Optional[Sequence[str]] = None,
app_launcher_logo_url: Optional[str] = None,
app_launcher_visible: Optional[bool] = None,
aud: Optional[str] = None,
auto_redirect_to_identity: Optional[bool] = None,
bg_color: Optional[str] = None,
cors_headers: Optional[Sequence[AccessApplicationCorsHeaderArgs]] = None,
custom_deny_message: Optional[str] = None,
custom_deny_url: Optional[str] = None,
custom_non_identity_deny_url: Optional[str] = None,
custom_pages: Optional[Sequence[str]] = None,
domain: Optional[str] = None,
enable_binding_cookie: Optional[bool] = None,
footer_links: Optional[Sequence[AccessApplicationFooterLinkArgs]] = None,
header_bg_color: Optional[str] = None,
http_only_cookie_attribute: Optional[bool] = None,
landing_page_design: Optional[AccessApplicationLandingPageDesignArgs] = None,
logo_url: Optional[str] = None,
name: Optional[str] = None,
saas_app: Optional[AccessApplicationSaasAppArgs] = None,
same_site_cookie_attribute: Optional[str] = None,
self_hosted_domains: Optional[Sequence[str]] = None,
service_auth401_redirect: Optional[bool] = None,
session_duration: Optional[str] = None,
skip_interstitial: Optional[bool] = None,
tags: Optional[Sequence[str]] = None,
type: Optional[str] = None,
zone_id: Optional[str] = None) -> AccessApplication
func GetAccessApplication(ctx *Context, name string, id IDInput, state *AccessApplicationState, opts ...ResourceOption) (*AccessApplication, error)
public static AccessApplication Get(string name, Input<string> id, AccessApplicationState? state, CustomResourceOptions? opts = null)
public static AccessApplication get(String name, Output<String> id, AccessApplicationState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Account
Id string - The account identifier to target for the resource. Conflicts with
zone_id
. - Allow
Authenticate boolVia Warp - When set to true, users can authenticate to this application using their WARP session. When set to false this application will always require direct IdP authentication. This setting always overrides the organization setting for WARP authentication.
- Allowed
Idps List<string> - The identity providers selected for the application.
- App
Launcher stringLogo Url - The logo URL of the app launcher.
- App
Launcher boolVisible - Option to show/hide applications in App Launcher. Defaults to
true
. - Aud string
- Application Audience (AUD) Tag of the application.
- Auto
Redirect boolTo Identity - Option to skip identity provider selection if only one is configured in
allowed_idps
. Defaults tofalse
. - Bg
Color string - The background color of the app launcher.
- Cors
Headers List<AccessApplication Cors Header> - CORS configuration for the Access Application. See below for reference structure.
- Custom
Deny stringMessage - Option that returns a custom error message when a user is denied access to the application.
- Custom
Deny stringUrl - Option that redirects to a custom URL when a user is denied access to the application via identity based rules.
- Custom
Non stringIdentity Deny Url - Option that redirects to a custom URL when a user is denied access to the application via non identity rules.
- Custom
Pages List<string> - The custom pages selected for the application.
- Domain string
- The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed.
- bool
- Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to
false
. - List<Access
Application Footer Link> - The footer links of the app launcher.
- Header
Bg stringColor - The background color of the header bar in the app launcher.
- bool
- Option to add the
HttpOnly
cookie flag to access tokens. - Landing
Page AccessDesign Application Landing Page Design - The landing page design of the app launcher.
- Logo
Url string - Image URL for the logo shown in the app launcher dashboard.
- Name string
- The name of the footer link.
- Saas
App AccessApplication Saas App - SaaS configuration for the Access Application.
- string
- Defines the same-site cookie setting for access tokens. Available values:
none
,lax
,strict
. - Self
Hosted List<string>Domains - List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as
domain
. - Service
Auth401Redirect bool - Option to return a 401 status code in service authentication rules on failed requests. Defaults to
false
. - Session
Duration string - How often a user will be forced to re-authorise. Must be in the format
48h
or2h45m
. Defaults to24h
. - Skip
Interstitial bool - Option to skip the authorization interstitial when using the CLI. Defaults to
false
. - List<string>
- The itags associated with the application.
- Type string
- The application type. Available values:
app_launcher
,bookmark
,biso
,dash_sso
,saas
,self_hosted
,ssh
,vnc
,warp
. Defaults toself_hosted
. - Zone
Id string - The zone identifier to target for the resource. Conflicts with
account_id
.
- Account
Id string - The account identifier to target for the resource. Conflicts with
zone_id
. - Allow
Authenticate boolVia Warp - When set to true, users can authenticate to this application using their WARP session. When set to false this application will always require direct IdP authentication. This setting always overrides the organization setting for WARP authentication.
- Allowed
Idps []string - The identity providers selected for the application.
- App
Launcher stringLogo Url - The logo URL of the app launcher.
- App
Launcher boolVisible - Option to show/hide applications in App Launcher. Defaults to
true
. - Aud string
- Application Audience (AUD) Tag of the application.
- Auto
Redirect boolTo Identity - Option to skip identity provider selection if only one is configured in
allowed_idps
. Defaults tofalse
. - Bg
Color string - The background color of the app launcher.
- Cors
Headers []AccessApplication Cors Header Args - CORS configuration for the Access Application. See below for reference structure.
- Custom
Deny stringMessage - Option that returns a custom error message when a user is denied access to the application.
- Custom
Deny stringUrl - Option that redirects to a custom URL when a user is denied access to the application via identity based rules.
- Custom
Non stringIdentity Deny Url - Option that redirects to a custom URL when a user is denied access to the application via non identity rules.
- Custom
Pages []string - The custom pages selected for the application.
- Domain string
- The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed.
- bool
- Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to
false
. - []Access
Application Footer Link Args - The footer links of the app launcher.
- Header
Bg stringColor - The background color of the header bar in the app launcher.
- bool
- Option to add the
HttpOnly
cookie flag to access tokens. - Landing
Page AccessDesign Application Landing Page Design Args - The landing page design of the app launcher.
- Logo
Url string - Image URL for the logo shown in the app launcher dashboard.
- Name string
- The name of the footer link.
- Saas
App AccessApplication Saas App Args - SaaS configuration for the Access Application.
- string
- Defines the same-site cookie setting for access tokens. Available values:
none
,lax
,strict
. - Self
Hosted []stringDomains - List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as
domain
. - Service
Auth401Redirect bool - Option to return a 401 status code in service authentication rules on failed requests. Defaults to
false
. - Session
Duration string - How often a user will be forced to re-authorise. Must be in the format
48h
or2h45m
. Defaults to24h
. - Skip
Interstitial bool - Option to skip the authorization interstitial when using the CLI. Defaults to
false
. - []string
- The itags associated with the application.
- Type string
- The application type. Available values:
app_launcher
,bookmark
,biso
,dash_sso
,saas
,self_hosted
,ssh
,vnc
,warp
. Defaults toself_hosted
. - Zone
Id string - The zone identifier to target for the resource. Conflicts with
account_id
.
- account
Id String - The account identifier to target for the resource. Conflicts with
zone_id
. - allow
Authenticate BooleanVia Warp - When set to true, users can authenticate to this application using their WARP session. When set to false this application will always require direct IdP authentication. This setting always overrides the organization setting for WARP authentication.
- allowed
Idps List<String> - The identity providers selected for the application.
- app
Launcher StringLogo Url - The logo URL of the app launcher.
- app
Launcher BooleanVisible - Option to show/hide applications in App Launcher. Defaults to
true
. - aud String
- Application Audience (AUD) Tag of the application.
- auto
Redirect BooleanTo Identity - Option to skip identity provider selection if only one is configured in
allowed_idps
. Defaults tofalse
. - bg
Color String - The background color of the app launcher.
- cors
Headers List<AccessApplication Cors Header> - CORS configuration for the Access Application. See below for reference structure.
- custom
Deny StringMessage - Option that returns a custom error message when a user is denied access to the application.
- custom
Deny StringUrl - Option that redirects to a custom URL when a user is denied access to the application via identity based rules.
- custom
Non StringIdentity Deny Url - Option that redirects to a custom URL when a user is denied access to the application via non identity rules.
- custom
Pages List<String> - The custom pages selected for the application.
- domain String
- The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed.
- Boolean
- Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to
false
. - List<Access
Application Footer Link> - The footer links of the app launcher.
- header
Bg StringColor - The background color of the header bar in the app launcher.
- Boolean
- Option to add the
HttpOnly
cookie flag to access tokens. - landing
Page AccessDesign Application Landing Page Design - The landing page design of the app launcher.
- logo
Url String - Image URL for the logo shown in the app launcher dashboard.
- name String
- The name of the footer link.
- saas
App AccessApplication Saas App - SaaS configuration for the Access Application.
- String
- Defines the same-site cookie setting for access tokens. Available values:
none
,lax
,strict
. - self
Hosted List<String>Domains - List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as
domain
. - service
Auth401Redirect Boolean - Option to return a 401 status code in service authentication rules on failed requests. Defaults to
false
. - session
Duration String - How often a user will be forced to re-authorise. Must be in the format
48h
or2h45m
. Defaults to24h
. - skip
Interstitial Boolean - Option to skip the authorization interstitial when using the CLI. Defaults to
false
. - List<String>
- The itags associated with the application.
- type String
- The application type. Available values:
app_launcher
,bookmark
,biso
,dash_sso
,saas
,self_hosted
,ssh
,vnc
,warp
. Defaults toself_hosted
. - zone
Id String - The zone identifier to target for the resource. Conflicts with
account_id
.
- account
Id string - The account identifier to target for the resource. Conflicts with
zone_id
. - allow
Authenticate booleanVia Warp - When set to true, users can authenticate to this application using their WARP session. When set to false this application will always require direct IdP authentication. This setting always overrides the organization setting for WARP authentication.
- allowed
Idps string[] - The identity providers selected for the application.
- app
Launcher stringLogo Url - The logo URL of the app launcher.
- app
Launcher booleanVisible - Option to show/hide applications in App Launcher. Defaults to
true
. - aud string
- Application Audience (AUD) Tag of the application.
- auto
Redirect booleanTo Identity - Option to skip identity provider selection if only one is configured in
allowed_idps
. Defaults tofalse
. - bg
Color string - The background color of the app launcher.
- cors
Headers AccessApplication Cors Header[] - CORS configuration for the Access Application. See below for reference structure.
- custom
Deny stringMessage - Option that returns a custom error message when a user is denied access to the application.
- custom
Deny stringUrl - Option that redirects to a custom URL when a user is denied access to the application via identity based rules.
- custom
Non stringIdentity Deny Url - Option that redirects to a custom URL when a user is denied access to the application via non identity rules.
- custom
Pages string[] - The custom pages selected for the application.
- domain string
- The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed.
- boolean
- Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to
false
. - Access
Application Footer Link[] - The footer links of the app launcher.
- header
Bg stringColor - The background color of the header bar in the app launcher.
- boolean
- Option to add the
HttpOnly
cookie flag to access tokens. - landing
Page AccessDesign Application Landing Page Design - The landing page design of the app launcher.
- logo
Url string - Image URL for the logo shown in the app launcher dashboard.
- name string
- The name of the footer link.
- saas
App AccessApplication Saas App - SaaS configuration for the Access Application.
- string
- Defines the same-site cookie setting for access tokens. Available values:
none
,lax
,strict
. - self
Hosted string[]Domains - List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as
domain
. - service
Auth401Redirect boolean - Option to return a 401 status code in service authentication rules on failed requests. Defaults to
false
. - session
Duration string - How often a user will be forced to re-authorise. Must be in the format
48h
or2h45m
. Defaults to24h
. - skip
Interstitial boolean - Option to skip the authorization interstitial when using the CLI. Defaults to
false
. - string[]
- The itags associated with the application.
- type string
- The application type. Available values:
app_launcher
,bookmark
,biso
,dash_sso
,saas
,self_hosted
,ssh
,vnc
,warp
. Defaults toself_hosted
. - zone
Id string - The zone identifier to target for the resource. Conflicts with
account_id
.
- account_
id str - The account identifier to target for the resource. Conflicts with
zone_id
. - allow_
authenticate_ boolvia_ warp - When set to true, users can authenticate to this application using their WARP session. When set to false this application will always require direct IdP authentication. This setting always overrides the organization setting for WARP authentication.
- allowed_
idps Sequence[str] - The identity providers selected for the application.
- app_
launcher_ strlogo_ url - The logo URL of the app launcher.
- app_
launcher_ boolvisible - Option to show/hide applications in App Launcher. Defaults to
true
. - aud str
- Application Audience (AUD) Tag of the application.
- auto_
redirect_ boolto_ identity - Option to skip identity provider selection if only one is configured in
allowed_idps
. Defaults tofalse
. - bg_
color str - The background color of the app launcher.
- cors_
headers Sequence[AccessApplication Cors Header Args] - CORS configuration for the Access Application. See below for reference structure.
- custom_
deny_ strmessage - Option that returns a custom error message when a user is denied access to the application.
- custom_
deny_ strurl - Option that redirects to a custom URL when a user is denied access to the application via identity based rules.
- custom_
non_ stridentity_ deny_ url - Option that redirects to a custom URL when a user is denied access to the application via non identity rules.
- custom_
pages Sequence[str] - The custom pages selected for the application.
- domain str
- The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed.
- bool
- Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to
false
. - Sequence[Access
Application Footer Link Args] - The footer links of the app launcher.
- header_
bg_ strcolor - The background color of the header bar in the app launcher.
- bool
- Option to add the
HttpOnly
cookie flag to access tokens. - landing_
page_ Accessdesign Application Landing Page Design Args - The landing page design of the app launcher.
- logo_
url str - Image URL for the logo shown in the app launcher dashboard.
- name str
- The name of the footer link.
- saas_
app AccessApplication Saas App Args - SaaS configuration for the Access Application.
- str
- Defines the same-site cookie setting for access tokens. Available values:
none
,lax
,strict
. - self_
hosted_ Sequence[str]domains - List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as
domain
. - service_
auth401_ boolredirect - Option to return a 401 status code in service authentication rules on failed requests. Defaults to
false
. - session_
duration str - How often a user will be forced to re-authorise. Must be in the format
48h
or2h45m
. Defaults to24h
. - skip_
interstitial bool - Option to skip the authorization interstitial when using the CLI. Defaults to
false
. - Sequence[str]
- The itags associated with the application.
- type str
- The application type. Available values:
app_launcher
,bookmark
,biso
,dash_sso
,saas
,self_hosted
,ssh
,vnc
,warp
. Defaults toself_hosted
. - zone_
id str - The zone identifier to target for the resource. Conflicts with
account_id
.
- account
Id String - The account identifier to target for the resource. Conflicts with
zone_id
. - allow
Authenticate BooleanVia Warp - When set to true, users can authenticate to this application using their WARP session. When set to false this application will always require direct IdP authentication. This setting always overrides the organization setting for WARP authentication.
- allowed
Idps List<String> - The identity providers selected for the application.
- app
Launcher StringLogo Url - The logo URL of the app launcher.
- app
Launcher BooleanVisible - Option to show/hide applications in App Launcher. Defaults to
true
. - aud String
- Application Audience (AUD) Tag of the application.
- auto
Redirect BooleanTo Identity - Option to skip identity provider selection if only one is configured in
allowed_idps
. Defaults tofalse
. - bg
Color String - The background color of the app launcher.
- cors
Headers List<Property Map> - CORS configuration for the Access Application. See below for reference structure.
- custom
Deny StringMessage - Option that returns a custom error message when a user is denied access to the application.
- custom
Deny StringUrl - Option that redirects to a custom URL when a user is denied access to the application via identity based rules.
- custom
Non StringIdentity Deny Url - Option that redirects to a custom URL when a user is denied access to the application via non identity rules.
- custom
Pages List<String> - The custom pages selected for the application.
- domain String
- The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed.
- Boolean
- Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to
false
. - List<Property Map>
- The footer links of the app launcher.
- header
Bg StringColor - The background color of the header bar in the app launcher.
- Boolean
- Option to add the
HttpOnly
cookie flag to access tokens. - landing
Page Property MapDesign - The landing page design of the app launcher.
- logo
Url String - Image URL for the logo shown in the app launcher dashboard.
- name String
- The name of the footer link.
- saas
App Property Map - SaaS configuration for the Access Application.
- String
- Defines the same-site cookie setting for access tokens. Available values:
none
,lax
,strict
. - self
Hosted List<String>Domains - List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as
domain
. - service
Auth401Redirect Boolean - Option to return a 401 status code in service authentication rules on failed requests. Defaults to
false
. - session
Duration String - How often a user will be forced to re-authorise. Must be in the format
48h
or2h45m
. Defaults to24h
. - skip
Interstitial Boolean - Option to skip the authorization interstitial when using the CLI. Defaults to
false
. - List<String>
- The itags associated with the application.
- type String
- The application type. Available values:
app_launcher
,bookmark
,biso
,dash_sso
,saas
,self_hosted
,ssh
,vnc
,warp
. Defaults toself_hosted
. - zone
Id String - The zone identifier to target for the resource. Conflicts with
account_id
.
Supporting Types
AccessApplicationCorsHeader, AccessApplicationCorsHeaderArgs
- Allow
All boolHeaders - Value to determine whether all HTTP headers are exposed.
- Allow
All boolMethods - Value to determine whether all methods are exposed.
- Allow
All boolOrigins - Value to determine whether all origins are permitted to make CORS requests.
- Allow
Credentials bool - Value to determine if credentials (cookies, authorization headers, or TLS client certificates) are included with requests.
- Allowed
Headers List<string> - List of HTTP headers to expose via CORS.
- Allowed
Methods List<string> - List of methods to expose via CORS.
- Allowed
Origins List<string> - List of origins permitted to make CORS requests.
- Max
Age int - The maximum time a preflight request will be cached.
- Allow
All boolHeaders - Value to determine whether all HTTP headers are exposed.
- Allow
All boolMethods - Value to determine whether all methods are exposed.
- Allow
All boolOrigins - Value to determine whether all origins are permitted to make CORS requests.
- Allow
Credentials bool - Value to determine if credentials (cookies, authorization headers, or TLS client certificates) are included with requests.
- Allowed
Headers []string - List of HTTP headers to expose via CORS.
- Allowed
Methods []string - List of methods to expose via CORS.
- Allowed
Origins []string - List of origins permitted to make CORS requests.
- Max
Age int - The maximum time a preflight request will be cached.
- allow
All BooleanHeaders - Value to determine whether all HTTP headers are exposed.
- allow
All BooleanMethods - Value to determine whether all methods are exposed.
- allow
All BooleanOrigins - Value to determine whether all origins are permitted to make CORS requests.
- allow
Credentials Boolean - Value to determine if credentials (cookies, authorization headers, or TLS client certificates) are included with requests.
- allowed
Headers List<String> - List of HTTP headers to expose via CORS.
- allowed
Methods List<String> - List of methods to expose via CORS.
- allowed
Origins List<String> - List of origins permitted to make CORS requests.
- max
Age Integer - The maximum time a preflight request will be cached.
- allow
All booleanHeaders - Value to determine whether all HTTP headers are exposed.
- allow
All booleanMethods - Value to determine whether all methods are exposed.
- allow
All booleanOrigins - Value to determine whether all origins are permitted to make CORS requests.
- allow
Credentials boolean - Value to determine if credentials (cookies, authorization headers, or TLS client certificates) are included with requests.
- allowed
Headers string[] - List of HTTP headers to expose via CORS.
- allowed
Methods string[] - List of methods to expose via CORS.
- allowed
Origins string[] - List of origins permitted to make CORS requests.
- max
Age number - The maximum time a preflight request will be cached.
- allow_
all_ boolheaders - Value to determine whether all HTTP headers are exposed.
- allow_
all_ boolmethods - Value to determine whether all methods are exposed.
- allow_
all_ boolorigins - Value to determine whether all origins are permitted to make CORS requests.
- allow_
credentials bool - Value to determine if credentials (cookies, authorization headers, or TLS client certificates) are included with requests.
- allowed_
headers Sequence[str] - List of HTTP headers to expose via CORS.
- allowed_
methods Sequence[str] - List of methods to expose via CORS.
- allowed_
origins Sequence[str] - List of origins permitted to make CORS requests.
- max_
age int - The maximum time a preflight request will be cached.
- allow
All BooleanHeaders - Value to determine whether all HTTP headers are exposed.
- allow
All BooleanMethods - Value to determine whether all methods are exposed.
- allow
All BooleanOrigins - Value to determine whether all origins are permitted to make CORS requests.
- allow
Credentials Boolean - Value to determine if credentials (cookies, authorization headers, or TLS client certificates) are included with requests.
- allowed
Headers List<String> - List of HTTP headers to expose via CORS.
- allowed
Methods List<String> - List of methods to expose via CORS.
- allowed
Origins List<String> - List of origins permitted to make CORS requests.
- max
Age Number - The maximum time a preflight request will be cached.
AccessApplicationFooterLink, AccessApplicationFooterLinkArgs
AccessApplicationLandingPageDesign, AccessApplicationLandingPageDesignArgs
AccessApplicationSaasApp, AccessApplicationSaasAppArgs
- App
Launcher stringUrl - The URL where this applications tile redirects users.
- Auth
Type string - Client
Id string - The application client id.
- Client
Secret string - The application client secret, only returned on initial apply.
- Consumer
Service stringUrl - The service provider's endpoint that is responsible for receiving and parsing a SAML assertion.
- Custom
Attributes List<AccessApplication Saas App Custom Attribute> - Custom attribute mapped from IDPs.
- Default
Relay stringState - The relay state used if not provided by the identity provider.
- Grant
Types List<string> - The OIDC flows supported by this application.
- Group
Filter stringRegex - A regex to filter Cloudflare groups returned in ID token and userinfo endpoint.
- Idp
Entity stringId - The unique identifier for the SaaS application.
- Name
Id stringFormat - The format of the name identifier sent to the SaaS application.
- Name
Id stringTransform Jsonata - A JSONata expression that transforms an application's user identities into a NameID value for its SAML assertion. This expression should evaluate to a singular string. The output of this expression can override the
name_id_format
setting. - Public
Key string - The public certificate that will be used to verify identities.
- Redirect
Uris List<string> - The permitted URL's for Cloudflare to return Authorization codes and Access/ID tokens.
- Scopes List<string>
- Define the user information shared with access.
- Sp
Entity stringId - A globally unique name for an identity or service provider.
- Sso
Endpoint string - The endpoint where the SaaS application will send login requests.
- App
Launcher stringUrl - The URL where this applications tile redirects users.
- Auth
Type string - Client
Id string - The application client id.
- Client
Secret string - The application client secret, only returned on initial apply.
- Consumer
Service stringUrl - The service provider's endpoint that is responsible for receiving and parsing a SAML assertion.
- Custom
Attributes []AccessApplication Saas App Custom Attribute - Custom attribute mapped from IDPs.
- Default
Relay stringState - The relay state used if not provided by the identity provider.
- Grant
Types []string - The OIDC flows supported by this application.
- Group
Filter stringRegex - A regex to filter Cloudflare groups returned in ID token and userinfo endpoint.
- Idp
Entity stringId - The unique identifier for the SaaS application.
- Name
Id stringFormat - The format of the name identifier sent to the SaaS application.
- Name
Id stringTransform Jsonata - A JSONata expression that transforms an application's user identities into a NameID value for its SAML assertion. This expression should evaluate to a singular string. The output of this expression can override the
name_id_format
setting. - Public
Key string - The public certificate that will be used to verify identities.
- Redirect
Uris []string - The permitted URL's for Cloudflare to return Authorization codes and Access/ID tokens.
- Scopes []string
- Define the user information shared with access.
- Sp
Entity stringId - A globally unique name for an identity or service provider.
- Sso
Endpoint string - The endpoint where the SaaS application will send login requests.
- app
Launcher StringUrl - The URL where this applications tile redirects users.
- auth
Type String - client
Id String - The application client id.
- client
Secret String - The application client secret, only returned on initial apply.
- consumer
Service StringUrl - The service provider's endpoint that is responsible for receiving and parsing a SAML assertion.
- custom
Attributes List<AccessApplication Saas App Custom Attribute> - Custom attribute mapped from IDPs.
- default
Relay StringState - The relay state used if not provided by the identity provider.
- grant
Types List<String> - The OIDC flows supported by this application.
- group
Filter StringRegex - A regex to filter Cloudflare groups returned in ID token and userinfo endpoint.
- idp
Entity StringId - The unique identifier for the SaaS application.
- name
Id StringFormat - The format of the name identifier sent to the SaaS application.
- name
Id StringTransform Jsonata - A JSONata expression that transforms an application's user identities into a NameID value for its SAML assertion. This expression should evaluate to a singular string. The output of this expression can override the
name_id_format
setting. - public
Key String - The public certificate that will be used to verify identities.
- redirect
Uris List<String> - The permitted URL's for Cloudflare to return Authorization codes and Access/ID tokens.
- scopes List<String>
- Define the user information shared with access.
- sp
Entity StringId - A globally unique name for an identity or service provider.
- sso
Endpoint String - The endpoint where the SaaS application will send login requests.
- app
Launcher stringUrl - The URL where this applications tile redirects users.
- auth
Type string - client
Id string - The application client id.
- client
Secret string - The application client secret, only returned on initial apply.
- consumer
Service stringUrl - The service provider's endpoint that is responsible for receiving and parsing a SAML assertion.
- custom
Attributes AccessApplication Saas App Custom Attribute[] - Custom attribute mapped from IDPs.
- default
Relay stringState - The relay state used if not provided by the identity provider.
- grant
Types string[] - The OIDC flows supported by this application.
- group
Filter stringRegex - A regex to filter Cloudflare groups returned in ID token and userinfo endpoint.
- idp
Entity stringId - The unique identifier for the SaaS application.
- name
Id stringFormat - The format of the name identifier sent to the SaaS application.
- name
Id stringTransform Jsonata - A JSONata expression that transforms an application's user identities into a NameID value for its SAML assertion. This expression should evaluate to a singular string. The output of this expression can override the
name_id_format
setting. - public
Key string - The public certificate that will be used to verify identities.
- redirect
Uris string[] - The permitted URL's for Cloudflare to return Authorization codes and Access/ID tokens.
- scopes string[]
- Define the user information shared with access.
- sp
Entity stringId - A globally unique name for an identity or service provider.
- sso
Endpoint string - The endpoint where the SaaS application will send login requests.
- app_
launcher_ strurl - The URL where this applications tile redirects users.
- auth_
type str - client_
id str - The application client id.
- client_
secret str - The application client secret, only returned on initial apply.
- consumer_
service_ strurl - The service provider's endpoint that is responsible for receiving and parsing a SAML assertion.
- custom_
attributes Sequence[AccessApplication Saas App Custom Attribute] - Custom attribute mapped from IDPs.
- default_
relay_ strstate - The relay state used if not provided by the identity provider.
- grant_
types Sequence[str] - The OIDC flows supported by this application.
- group_
filter_ strregex - A regex to filter Cloudflare groups returned in ID token and userinfo endpoint.
- idp_
entity_ strid - The unique identifier for the SaaS application.
- name_
id_ strformat - The format of the name identifier sent to the SaaS application.
- name_
id_ strtransform_ jsonata - A JSONata expression that transforms an application's user identities into a NameID value for its SAML assertion. This expression should evaluate to a singular string. The output of this expression can override the
name_id_format
setting. - public_
key str - The public certificate that will be used to verify identities.
- redirect_
uris Sequence[str] - The permitted URL's for Cloudflare to return Authorization codes and Access/ID tokens.
- scopes Sequence[str]
- Define the user information shared with access.
- sp_
entity_ strid - A globally unique name for an identity or service provider.
- sso_
endpoint str - The endpoint where the SaaS application will send login requests.
- app
Launcher StringUrl - The URL where this applications tile redirects users.
- auth
Type String - client
Id String - The application client id.
- client
Secret String - The application client secret, only returned on initial apply.
- consumer
Service StringUrl - The service provider's endpoint that is responsible for receiving and parsing a SAML assertion.
- custom
Attributes List<Property Map> - Custom attribute mapped from IDPs.
- default
Relay StringState - The relay state used if not provided by the identity provider.
- grant
Types List<String> - The OIDC flows supported by this application.
- group
Filter StringRegex - A regex to filter Cloudflare groups returned in ID token and userinfo endpoint.
- idp
Entity StringId - The unique identifier for the SaaS application.
- name
Id StringFormat - The format of the name identifier sent to the SaaS application.
- name
Id StringTransform Jsonata - A JSONata expression that transforms an application's user identities into a NameID value for its SAML assertion. This expression should evaluate to a singular string. The output of this expression can override the
name_id_format
setting. - public
Key String - The public certificate that will be used to verify identities.
- redirect
Uris List<String> - The permitted URL's for Cloudflare to return Authorization codes and Access/ID tokens.
- scopes List<String>
- Define the user information shared with access.
- sp
Entity StringId - A globally unique name for an identity or service provider.
- sso
Endpoint String - The endpoint where the SaaS application will send login requests.
AccessApplicationSaasAppCustomAttribute, AccessApplicationSaasAppCustomAttributeArgs
- Source
Access
Application Saas App Custom Attribute Source - Friendly
Name string - A friendly name for the attribute as provided to the SaaS app.
- Name string
- The name of the footer link.
- Name
Format string - A globally unique name for an identity or service provider.
- Required bool
- True if the attribute must be always present.
- Source
Access
Application Saas App Custom Attribute Source - Friendly
Name string - A friendly name for the attribute as provided to the SaaS app.
- Name string
- The name of the footer link.
- Name
Format string - A globally unique name for an identity or service provider.
- Required bool
- True if the attribute must be always present.
- source
Access
Application Saas App Custom Attribute Source - friendly
Name String - A friendly name for the attribute as provided to the SaaS app.
- name String
- The name of the footer link.
- name
Format String - A globally unique name for an identity or service provider.
- required Boolean
- True if the attribute must be always present.
- source
Access
Application Saas App Custom Attribute Source - friendly
Name string - A friendly name for the attribute as provided to the SaaS app.
- name string
- The name of the footer link.
- name
Format string - A globally unique name for an identity or service provider.
- required boolean
- True if the attribute must be always present.
- source
Access
Application Saas App Custom Attribute Source - friendly_
name str - A friendly name for the attribute as provided to the SaaS app.
- name str
- The name of the footer link.
- name_
format str - A globally unique name for an identity or service provider.
- required bool
- True if the attribute must be always present.
- source Property Map
- friendly
Name String - A friendly name for the attribute as provided to the SaaS app.
- name String
- The name of the footer link.
- name
Format String - A globally unique name for an identity or service provider.
- required Boolean
- True if the attribute must be always present.
AccessApplicationSaasAppCustomAttributeSource, AccessApplicationSaasAppCustomAttributeSourceArgs
- Name string
- The name of the footer link.
- Name string
- The name of the footer link.
- name String
- The name of the footer link.
- name string
- The name of the footer link.
- name str
- The name of the footer link.
- name String
- The name of the footer link.
Import
$ pulumi import cloudflare:index/accessApplication:AccessApplication example <account_id>/<application_id>
Package Details
- Repository
- Cloudflare pulumi/pulumi-cloudflare
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
cloudflare
Terraform Provider.