Cloudflare v6.1.2, Apr 28 25

Cloudflare v6.1.2 published on Monday, Apr 28, 2025 by Pulumi

cloudflare.getZeroTrustAccessApplication

Explore with Pulumi AI

Cloudflare v6.1.2 published on Monday, Apr 28, 2025 by Pulumi

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";

const exampleZeroTrustAccessApplication = cloudflare.getZeroTrustAccessApplication({
    appId: "023e105f4ecef8ad9ca31a8372d0c353",
    accountId: "account_id",
    zoneId: "zone_id",
});

import pulumi
import pulumi_cloudflare as cloudflare

example_zero_trust_access_application = cloudflare.get_zero_trust_access_application(app_id="023e105f4ecef8ad9ca31a8372d0c353",
    account_id="account_id",
    zone_id="zone_id")

package main

import (
	"github.com/pulumi/pulumi-cloudflare/sdk/v6/go/cloudflare"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := cloudflare.LookupZeroTrustAccessApplication(ctx, &cloudflare.LookupZeroTrustAccessApplicationArgs{
			AppId:     pulumi.StringRef("023e105f4ecef8ad9ca31a8372d0c353"),
			AccountId: pulumi.StringRef("account_id"),
			ZoneId:    pulumi.StringRef("zone_id"),
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Cloudflare = Pulumi.Cloudflare;

return await Deployment.RunAsync(() => 
{
    var exampleZeroTrustAccessApplication = Cloudflare.GetZeroTrustAccessApplication.Invoke(new()
    {
        AppId = "023e105f4ecef8ad9ca31a8372d0c353",
        AccountId = "account_id",
        ZoneId = "zone_id",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.cloudflare.CloudflareFunctions;
import com.pulumi.cloudflare.inputs.GetZeroTrustAccessApplicationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var exampleZeroTrustAccessApplication = CloudflareFunctions.getZeroTrustAccessApplication(GetZeroTrustAccessApplicationArgs.builder()
            .appId("023e105f4ecef8ad9ca31a8372d0c353")
            .accountId("account_id")
            .zoneId("zone_id")
            .build());

    }
}

variables:
  exampleZeroTrustAccessApplication:
    fn::invoke:
      function: cloudflare:getZeroTrustAccessApplication
      arguments:
        appId: 023e105f4ecef8ad9ca31a8372d0c353
        accountId: account_id
        zoneId: zone_id

Using getZeroTrustAccessApplication

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getZeroTrustAccessApplication(args: GetZeroTrustAccessApplicationArgs, opts?: InvokeOptions): Promise<GetZeroTrustAccessApplicationResult>
function getZeroTrustAccessApplicationOutput(args: GetZeroTrustAccessApplicationOutputArgs, opts?: InvokeOptions): Output<GetZeroTrustAccessApplicationResult>

def get_zero_trust_access_application(account_id: Optional[str] = None,
                                      app_id: Optional[str] = None,
                                      filter: Optional[GetZeroTrustAccessApplicationFilter] = None,
                                      zone_id: Optional[str] = None,
                                      opts: Optional[InvokeOptions] = None) -> GetZeroTrustAccessApplicationResult
def get_zero_trust_access_application_output(account_id: Optional[pulumi.Input[str]] = None,
                                      app_id: Optional[pulumi.Input[str]] = None,
                                      filter: Optional[pulumi.Input[GetZeroTrustAccessApplicationFilterArgs]] = None,
                                      zone_id: Optional[pulumi.Input[str]] = None,
                                      opts: Optional[InvokeOptions] = None) -> Output[GetZeroTrustAccessApplicationResult]

func LookupZeroTrustAccessApplication(ctx *Context, args *LookupZeroTrustAccessApplicationArgs, opts ...InvokeOption) (*LookupZeroTrustAccessApplicationResult, error)
func LookupZeroTrustAccessApplicationOutput(ctx *Context, args *LookupZeroTrustAccessApplicationOutputArgs, opts ...InvokeOption) LookupZeroTrustAccessApplicationResultOutput

> Note: This function is named LookupZeroTrustAccessApplication in the Go SDK.

public static class GetZeroTrustAccessApplication 
{
    public static Task<GetZeroTrustAccessApplicationResult> InvokeAsync(GetZeroTrustAccessApplicationArgs args, InvokeOptions? opts = null)
    public static Output<GetZeroTrustAccessApplicationResult> Invoke(GetZeroTrustAccessApplicationInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetZeroTrustAccessApplicationResult> getZeroTrustAccessApplication(GetZeroTrustAccessApplicationArgs args, InvokeOptions options)
public static Output<GetZeroTrustAccessApplicationResult> getZeroTrustAccessApplication(GetZeroTrustAccessApplicationArgs args, InvokeOptions options)

fn::invoke:
  function: cloudflare:index/getZeroTrustAccessApplication:getZeroTrustAccessApplication
  arguments:
    # arguments dictionary

The following arguments are supported:

AccountId string: The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.
AppId string: Identifier.
Filter GetZeroTrustAccessApplicationFilter
ZoneId string: The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.

AccountId string: The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.
AppId string: Identifier.
Filter GetZeroTrustAccessApplicationFilter
ZoneId string: The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.

accountId String: The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.
appId String: Identifier.
filter GetZeroTrustAccessApplicationFilter
zoneId String: The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.

accountId string: The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.
appId string: Identifier.
filter GetZeroTrustAccessApplicationFilter
zoneId string: The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.

account_id str: The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.
app_id str: Identifier.
filter GetZeroTrustAccessApplicationFilter
zone_id str: The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.

accountId String: The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.
appId String: Identifier.
filter Property Map
zoneId String: The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.

getZeroTrustAccessApplication Result

The following output properties are available:

AllowAuthenticateViaWarp bool: When set to true, users can authenticate to this application using their WARP session. When set to false this application will always require direct IdP authentication. This setting always overrides the organization setting for WARP authentication.
AllowedIdps List<string>: The identity providers your users can select when connecting to this application. Defaults to all IdPs configured in your account.
AppLauncherLogoUrl string: The image URL of the logo shown in the App Launcher header.
AppLauncherVisible bool: Displays the application in the App Launcher.
Aud string: Audience tag.
AutoRedirectToIdentity bool: When set to true, users skip the identity provider selection step during login. You must specify only one identity provider in allowed_idps.
BgColor string: The background color of the App Launcher page.
CorsHeaders GetZeroTrustAccessApplicationCorsHeaders
CreatedAt string
CustomDenyMessage string: The custom error message shown to a user when they are denied access to the application.
CustomDenyUrl string: The custom URL a user is redirected to when they are denied access to the application when failing identity-based rules.
CustomNonIdentityDenyUrl string: The custom URL a user is redirected to when they are denied access to the application when failing non-identity rules.
CustomPages List<string>: The custom pages that will be displayed when applicable for this application
Destinations List<GetZeroTrustAccessApplicationDestination>: List of destinations secured by Access. This supersedes self_hosted_domains to allow for more flexibility in defining different types of domains. If destinations are provided, then self_hosted_domains will be ignored.
Domain string: The primary hostname and path secured by Access. This domain will be displayed if the app is visible in the App Launcher.
EnableBindingCookie bool: Enables the binding cookie, which increases security against compromised authorization tokens and CSRF attacks.
FooterLinks List<GetZeroTrustAccessApplicationFooterLink>: The links in the App Launcher footer.
HeaderBgColor string: The background color of the App Launcher header.
HttpOnlyCookieAttribute bool: Enables the HttpOnly cookie attribute, which increases security against XSS attacks.
Id string: Identifier.
LandingPageDesign GetZeroTrustAccessApplicationLandingPageDesign: The design of the App Launcher landing page shown to users when they log in.
LogoUrl string: The image URL for the logo shown in the App Launcher dashboard.
Name string: The name of the application.
OptionsPreflightBypass bool: Allows options preflight requests to bypass Access authentication and go directly to the origin. Cannot turn on if cors_headers is set.
PathCookieAttribute bool: Enables cookie paths to scope an application's JWT to the application path. If disabled, the JWT will scope to the hostname by default
Policies List<GetZeroTrustAccessApplicationPolicy>
ReadServiceTokensFromHeader string: Allows matching Access Service Tokens passed HTTP in a single header with this name. This works as an alternative to the (CF-Access-Client-Id, CF-Access-Client-Secret) pair of headers. The header value will be interpreted as a json object similar to: { "cf-access-client-id": "88bf3b6d86161464f6509f7219099e57.access.example.com", "cf-access-client-secret": "bdd31cbc4dec990953e39163fbbb194c93313ca9f0a6e420346af9d326b1d2a5" }
SaasApp GetZeroTrustAccessApplicationSaasApp
SameSiteCookieAttribute string: Sets the SameSite cookie setting, which provides increased security against CSRF attacks.
ScimConfig GetZeroTrustAccessApplicationScimConfig: Configuration for provisioning to this application via SCIM. This is currently in closed beta.
SelfHostedDomains List<string>: List of public domains that Access will secure. This field is deprecated in favor of destinations and will be supported until November 21, 2025. If destinations are provided, then self_hosted_domains will be ignored.
Deprecated: This attribute is deprecated.
ServiceAuth401Redirect bool: Returns a 401 status code when the request is blocked by a Service Auth policy.
SessionDuration string: The amount of time that tokens issued for this application will be valid. Must be in the format 300ms or 2h45m. Valid time units are: ns, us (or µs), ms, s, m, h.
SkipAppLauncherLoginPage bool: Determines when to skip the App Launcher landing page.
SkipInterstitial bool: Enables automatic authentication through cloudflared.
Tags List<string>: The tags you want assigned to an application. Tags are used to filter applications in the App Launcher dashboard.
TargetCriterias List<GetZeroTrustAccessApplicationTargetCriteria>
Type string: The application type.
UpdatedAt string
AccountId string: The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.
AppId string: Identifier.
Filter GetZeroTrustAccessApplicationFilter
ZoneId string: The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.

AllowAuthenticateViaWarp bool: When set to true, users can authenticate to this application using their WARP session. When set to false this application will always require direct IdP authentication. This setting always overrides the organization setting for WARP authentication.
AllowedIdps []string: The identity providers your users can select when connecting to this application. Defaults to all IdPs configured in your account.
AppLauncherLogoUrl string: The image URL of the logo shown in the App Launcher header.
AppLauncherVisible bool: Displays the application in the App Launcher.
Aud string: Audience tag.
AutoRedirectToIdentity bool: When set to true, users skip the identity provider selection step during login. You must specify only one identity provider in allowed_idps.
BgColor string: The background color of the App Launcher page.
CorsHeaders GetZeroTrustAccessApplicationCorsHeaders
CreatedAt string
CustomDenyMessage string: The custom error message shown to a user when they are denied access to the application.
CustomDenyUrl string: The custom URL a user is redirected to when they are denied access to the application when failing identity-based rules.
CustomNonIdentityDenyUrl string: The custom URL a user is redirected to when they are denied access to the application when failing non-identity rules.
CustomPages []string: The custom pages that will be displayed when applicable for this application
Destinations []GetZeroTrustAccessApplicationDestination: List of destinations secured by Access. This supersedes self_hosted_domains to allow for more flexibility in defining different types of domains. If destinations are provided, then self_hosted_domains will be ignored.
Domain string: The primary hostname and path secured by Access. This domain will be displayed if the app is visible in the App Launcher.
EnableBindingCookie bool: Enables the binding cookie, which increases security against compromised authorization tokens and CSRF attacks.
FooterLinks []GetZeroTrustAccessApplicationFooterLink: The links in the App Launcher footer.
HeaderBgColor string: The background color of the App Launcher header.
HttpOnlyCookieAttribute bool: Enables the HttpOnly cookie attribute, which increases security against XSS attacks.
Id string: Identifier.
LandingPageDesign GetZeroTrustAccessApplicationLandingPageDesign: The design of the App Launcher landing page shown to users when they log in.
LogoUrl string: The image URL for the logo shown in the App Launcher dashboard.
Name string: The name of the application.
OptionsPreflightBypass bool: Allows options preflight requests to bypass Access authentication and go directly to the origin. Cannot turn on if cors_headers is set.
PathCookieAttribute bool: Enables cookie paths to scope an application's JWT to the application path. If disabled, the JWT will scope to the hostname by default
Policies []GetZeroTrustAccessApplicationPolicy
ReadServiceTokensFromHeader string: Allows matching Access Service Tokens passed HTTP in a single header with this name. This works as an alternative to the (CF-Access-Client-Id, CF-Access-Client-Secret) pair of headers. The header value will be interpreted as a json object similar to: { "cf-access-client-id": "88bf3b6d86161464f6509f7219099e57.access.example.com", "cf-access-client-secret": "bdd31cbc4dec990953e39163fbbb194c93313ca9f0a6e420346af9d326b1d2a5" }
SaasApp GetZeroTrustAccessApplicationSaasApp
SameSiteCookieAttribute string: Sets the SameSite cookie setting, which provides increased security against CSRF attacks.
ScimConfig GetZeroTrustAccessApplicationScimConfig: Configuration for provisioning to this application via SCIM. This is currently in closed beta.
SelfHostedDomains []string: List of public domains that Access will secure. This field is deprecated in favor of destinations and will be supported until November 21, 2025. If destinations are provided, then self_hosted_domains will be ignored.
Deprecated: This attribute is deprecated.
ServiceAuth401Redirect bool: Returns a 401 status code when the request is blocked by a Service Auth policy.
SessionDuration string: The amount of time that tokens issued for this application will be valid. Must be in the format 300ms or 2h45m. Valid time units are: ns, us (or µs), ms, s, m, h.
SkipAppLauncherLoginPage bool: Determines when to skip the App Launcher landing page.
SkipInterstitial bool: Enables automatic authentication through cloudflared.
Tags []string: The tags you want assigned to an application. Tags are used to filter applications in the App Launcher dashboard.
TargetCriterias []GetZeroTrustAccessApplicationTargetCriteria
Type string: The application type.
UpdatedAt string
AccountId string: The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.
AppId string: Identifier.
Filter GetZeroTrustAccessApplicationFilter
ZoneId string: The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.

allowAuthenticateViaWarp Boolean: When set to true, users can authenticate to this application using their WARP session. When set to false this application will always require direct IdP authentication. This setting always overrides the organization setting for WARP authentication.
allowedIdps List<String>: The identity providers your users can select when connecting to this application. Defaults to all IdPs configured in your account.
appLauncherLogoUrl String: The image URL of the logo shown in the App Launcher header.
appLauncherVisible Boolean: Displays the application in the App Launcher.
aud String: Audience tag.
autoRedirectToIdentity Boolean: When set to true, users skip the identity provider selection step during login. You must specify only one identity provider in allowed_idps.
bgColor String: The background color of the App Launcher page.
corsHeaders GetZeroTrustAccessApplicationCorsHeaders
createdAt String
customDenyMessage String: The custom error message shown to a user when they are denied access to the application.
customDenyUrl String: The custom URL a user is redirected to when they are denied access to the application when failing identity-based rules.
customNonIdentityDenyUrl String: The custom URL a user is redirected to when they are denied access to the application when failing non-identity rules.
customPages List<String>: The custom pages that will be displayed when applicable for this application
destinations List<GetZeroTrustAccessApplicationDestination>: List of destinations secured by Access. This supersedes self_hosted_domains to allow for more flexibility in defining different types of domains. If destinations are provided, then self_hosted_domains will be ignored.
domain String: The primary hostname and path secured by Access. This domain will be displayed if the app is visible in the App Launcher.
enableBindingCookie Boolean: Enables the binding cookie, which increases security against compromised authorization tokens and CSRF attacks.
footerLinks List<GetZeroTrustAccessApplicationFooterLink>: The links in the App Launcher footer.
headerBgColor String: The background color of the App Launcher header.
httpOnlyCookieAttribute Boolean: Enables the HttpOnly cookie attribute, which increases security against XSS attacks.
id String: Identifier.
landingPageDesign GetZeroTrustAccessApplicationLandingPageDesign: The design of the App Launcher landing page shown to users when they log in.
logoUrl String: The image URL for the logo shown in the App Launcher dashboard.
name String: The name of the application.
optionsPreflightBypass Boolean: Allows options preflight requests to bypass Access authentication and go directly to the origin. Cannot turn on if cors_headers is set.
pathCookieAttribute Boolean: Enables cookie paths to scope an application's JWT to the application path. If disabled, the JWT will scope to the hostname by default
policies List<GetZeroTrustAccessApplicationPolicy>
readServiceTokensFromHeader String: Allows matching Access Service Tokens passed HTTP in a single header with this name. This works as an alternative to the (CF-Access-Client-Id, CF-Access-Client-Secret) pair of headers. The header value will be interpreted as a json object similar to: { "cf-access-client-id": "88bf3b6d86161464f6509f7219099e57.access.example.com", "cf-access-client-secret": "bdd31cbc4dec990953e39163fbbb194c93313ca9f0a6e420346af9d326b1d2a5" }
saasApp GetZeroTrustAccessApplicationSaasApp
sameSiteCookieAttribute String: Sets the SameSite cookie setting, which provides increased security against CSRF attacks.
scimConfig GetZeroTrustAccessApplicationScimConfig: Configuration for provisioning to this application via SCIM. This is currently in closed beta.
selfHostedDomains List<String>: List of public domains that Access will secure. This field is deprecated in favor of destinations and will be supported until November 21, 2025. If destinations are provided, then self_hosted_domains will be ignored.
Deprecated: This attribute is deprecated.
serviceAuth401Redirect Boolean: Returns a 401 status code when the request is blocked by a Service Auth policy.
sessionDuration String: The amount of time that tokens issued for this application will be valid. Must be in the format 300ms or 2h45m. Valid time units are: ns, us (or µs), ms, s, m, h.
skipAppLauncherLoginPage Boolean: Determines when to skip the App Launcher landing page.
skipInterstitial Boolean: Enables automatic authentication through cloudflared.
tags List<String>: The tags you want assigned to an application. Tags are used to filter applications in the App Launcher dashboard.
targetCriterias List<GetZeroTrustAccessApplicationTargetCriteria>
type String: The application type.
updatedAt String
accountId String: The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.
appId String: Identifier.
filter GetZeroTrustAccessApplicationFilter
zoneId String: The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.

allowAuthenticateViaWarp boolean: When set to true, users can authenticate to this application using their WARP session. When set to false this application will always require direct IdP authentication. This setting always overrides the organization setting for WARP authentication.
allowedIdps string[]: The identity providers your users can select when connecting to this application. Defaults to all IdPs configured in your account.
appLauncherLogoUrl string: The image URL of the logo shown in the App Launcher header.
appLauncherVisible boolean: Displays the application in the App Launcher.
aud string: Audience tag.
autoRedirectToIdentity boolean: When set to true, users skip the identity provider selection step during login. You must specify only one identity provider in allowed_idps.
bgColor string: The background color of the App Launcher page.
corsHeaders GetZeroTrustAccessApplicationCorsHeaders
createdAt string
customDenyMessage string: The custom error message shown to a user when they are denied access to the application.
customDenyUrl string: The custom URL a user is redirected to when they are denied access to the application when failing identity-based rules.
customNonIdentityDenyUrl string: The custom URL a user is redirected to when they are denied access to the application when failing non-identity rules.
customPages string[]: The custom pages that will be displayed when applicable for this application
destinations GetZeroTrustAccessApplicationDestination[]: List of destinations secured by Access. This supersedes self_hosted_domains to allow for more flexibility in defining different types of domains. If destinations are provided, then self_hosted_domains will be ignored.
domain string: The primary hostname and path secured by Access. This domain will be displayed if the app is visible in the App Launcher.
enableBindingCookie boolean: Enables the binding cookie, which increases security against compromised authorization tokens and CSRF attacks.
footerLinks GetZeroTrustAccessApplicationFooterLink[]: The links in the App Launcher footer.
headerBgColor string: The background color of the App Launcher header.
httpOnlyCookieAttribute boolean: Enables the HttpOnly cookie attribute, which increases security against XSS attacks.
id string: Identifier.
landingPageDesign GetZeroTrustAccessApplicationLandingPageDesign: The design of the App Launcher landing page shown to users when they log in.
logoUrl string: The image URL for the logo shown in the App Launcher dashboard.
name string: The name of the application.
optionsPreflightBypass boolean: Allows options preflight requests to bypass Access authentication and go directly to the origin. Cannot turn on if cors_headers is set.
pathCookieAttribute boolean: Enables cookie paths to scope an application's JWT to the application path. If disabled, the JWT will scope to the hostname by default
policies GetZeroTrustAccessApplicationPolicy[]
readServiceTokensFromHeader string: Allows matching Access Service Tokens passed HTTP in a single header with this name. This works as an alternative to the (CF-Access-Client-Id, CF-Access-Client-Secret) pair of headers. The header value will be interpreted as a json object similar to: { "cf-access-client-id": "88bf3b6d86161464f6509f7219099e57.access.example.com", "cf-access-client-secret": "bdd31cbc4dec990953e39163fbbb194c93313ca9f0a6e420346af9d326b1d2a5" }
saasApp GetZeroTrustAccessApplicationSaasApp
sameSiteCookieAttribute string: Sets the SameSite cookie setting, which provides increased security against CSRF attacks.
scimConfig GetZeroTrustAccessApplicationScimConfig: Configuration for provisioning to this application via SCIM. This is currently in closed beta.
selfHostedDomains string[]: List of public domains that Access will secure. This field is deprecated in favor of destinations and will be supported until November 21, 2025. If destinations are provided, then self_hosted_domains will be ignored.
Deprecated: This attribute is deprecated.
serviceAuth401Redirect boolean: Returns a 401 status code when the request is blocked by a Service Auth policy.
sessionDuration string: The amount of time that tokens issued for this application will be valid. Must be in the format 300ms or 2h45m. Valid time units are: ns, us (or µs), ms, s, m, h.
skipAppLauncherLoginPage boolean: Determines when to skip the App Launcher landing page.
skipInterstitial boolean: Enables automatic authentication through cloudflared.
tags string[]: The tags you want assigned to an application. Tags are used to filter applications in the App Launcher dashboard.
targetCriterias GetZeroTrustAccessApplicationTargetCriteria[]
type string: The application type.
updatedAt string
accountId string: The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.
appId string: Identifier.
filter GetZeroTrustAccessApplicationFilter
zoneId string: The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.

allow_authenticate_via_warp bool: When set to true, users can authenticate to this application using their WARP session. When set to false this application will always require direct IdP authentication. This setting always overrides the organization setting for WARP authentication.
allowed_idps Sequence[str]: The identity providers your users can select when connecting to this application. Defaults to all IdPs configured in your account.
app_launcher_logo_url str: The image URL of the logo shown in the App Launcher header.
app_launcher_visible bool: Displays the application in the App Launcher.
aud str: Audience tag.
auto_redirect_to_identity bool: When set to true, users skip the identity provider selection step during login. You must specify only one identity provider in allowed_idps.
bg_color str: The background color of the App Launcher page.
cors_headers GetZeroTrustAccessApplicationCorsHeaders
created_at str
custom_deny_message str: The custom error message shown to a user when they are denied access to the application.
custom_deny_url str: The custom URL a user is redirected to when they are denied access to the application when failing identity-based rules.
custom_non_identity_deny_url str: The custom URL a user is redirected to when they are denied access to the application when failing non-identity rules.
custom_pages Sequence[str]: The custom pages that will be displayed when applicable for this application
destinations Sequence[GetZeroTrustAccessApplicationDestination]: List of destinations secured by Access. This supersedes self_hosted_domains to allow for more flexibility in defining different types of domains. If destinations are provided, then self_hosted_domains will be ignored.
domain str: The primary hostname and path secured by Access. This domain will be displayed if the app is visible in the App Launcher.
enable_binding_cookie bool: Enables the binding cookie, which increases security against compromised authorization tokens and CSRF attacks.
footer_links Sequence[GetZeroTrustAccessApplicationFooterLink]: The links in the App Launcher footer.
header_bg_color str: The background color of the App Launcher header.
http_only_cookie_attribute bool: Enables the HttpOnly cookie attribute, which increases security against XSS attacks.
id str: Identifier.
landing_page_design GetZeroTrustAccessApplicationLandingPageDesign: The design of the App Launcher landing page shown to users when they log in.
logo_url str: The image URL for the logo shown in the App Launcher dashboard.
name str: The name of the application.
options_preflight_bypass bool: Allows options preflight requests to bypass Access authentication and go directly to the origin. Cannot turn on if cors_headers is set.
path_cookie_attribute bool: Enables cookie paths to scope an application's JWT to the application path. If disabled, the JWT will scope to the hostname by default
policies Sequence[GetZeroTrustAccessApplicationPolicy]
read_service_tokens_from_header str: Allows matching Access Service Tokens passed HTTP in a single header with this name. This works as an alternative to the (CF-Access-Client-Id, CF-Access-Client-Secret) pair of headers. The header value will be interpreted as a json object similar to: { "cf-access-client-id": "88bf3b6d86161464f6509f7219099e57.access.example.com", "cf-access-client-secret": "bdd31cbc4dec990953e39163fbbb194c93313ca9f0a6e420346af9d326b1d2a5" }
saas_app GetZeroTrustAccessApplicationSaasApp
same_site_cookie_attribute str: Sets the SameSite cookie setting, which provides increased security against CSRF attacks.
scim_config GetZeroTrustAccessApplicationScimConfig: Configuration for provisioning to this application via SCIM. This is currently in closed beta.
self_hosted_domains Sequence[str]: List of public domains that Access will secure. This field is deprecated in favor of destinations and will be supported until November 21, 2025. If destinations are provided, then self_hosted_domains will be ignored.
Deprecated: This attribute is deprecated.
service_auth401_redirect bool: Returns a 401 status code when the request is blocked by a Service Auth policy.
session_duration str: The amount of time that tokens issued for this application will be valid. Must be in the format 300ms or 2h45m. Valid time units are: ns, us (or µs), ms, s, m, h.
skip_app_launcher_login_page bool: Determines when to skip the App Launcher landing page.
skip_interstitial bool: Enables automatic authentication through cloudflared.
tags Sequence[str]: The tags you want assigned to an application. Tags are used to filter applications in the App Launcher dashboard.
target_criterias Sequence[GetZeroTrustAccessApplicationTargetCriteria]
type str: The application type.
updated_at str
account_id str: The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.
app_id str: Identifier.
filter GetZeroTrustAccessApplicationFilter
zone_id str: The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.

allowAuthenticateViaWarp Boolean: When set to true, users can authenticate to this application using their WARP session. When set to false this application will always require direct IdP authentication. This setting always overrides the organization setting for WARP authentication.
allowedIdps List<String>: The identity providers your users can select when connecting to this application. Defaults to all IdPs configured in your account.
appLauncherLogoUrl String: The image URL of the logo shown in the App Launcher header.
appLauncherVisible Boolean: Displays the application in the App Launcher.
aud String: Audience tag.
autoRedirectToIdentity Boolean: When set to true, users skip the identity provider selection step during login. You must specify only one identity provider in allowed_idps.
bgColor String: The background color of the App Launcher page.
corsHeaders Property Map
createdAt String
customDenyMessage String: The custom error message shown to a user when they are denied access to the application.
customDenyUrl String: The custom URL a user is redirected to when they are denied access to the application when failing identity-based rules.
customNonIdentityDenyUrl String: The custom URL a user is redirected to when they are denied access to the application when failing non-identity rules.
customPages List<String>: The custom pages that will be displayed when applicable for this application
destinations List<Property Map>: List of destinations secured by Access. This supersedes self_hosted_domains to allow for more flexibility in defining different types of domains. If destinations are provided, then self_hosted_domains will be ignored.
domain String: The primary hostname and path secured by Access. This domain will be displayed if the app is visible in the App Launcher.
enableBindingCookie Boolean: Enables the binding cookie, which increases security against compromised authorization tokens and CSRF attacks.
footerLinks List<Property Map>: The links in the App Launcher footer.
headerBgColor String: The background color of the App Launcher header.
httpOnlyCookieAttribute Boolean: Enables the HttpOnly cookie attribute, which increases security against XSS attacks.
id String: Identifier.
landingPageDesign Property Map: The design of the App Launcher landing page shown to users when they log in.
logoUrl String: The image URL for the logo shown in the App Launcher dashboard.
name String: The name of the application.
optionsPreflightBypass Boolean: Allows options preflight requests to bypass Access authentication and go directly to the origin. Cannot turn on if cors_headers is set.
pathCookieAttribute Boolean: Enables cookie paths to scope an application's JWT to the application path. If disabled, the JWT will scope to the hostname by default
policies List<Property Map>
readServiceTokensFromHeader String: Allows matching Access Service Tokens passed HTTP in a single header with this name. This works as an alternative to the (CF-Access-Client-Id, CF-Access-Client-Secret) pair of headers. The header value will be interpreted as a json object similar to: { "cf-access-client-id": "88bf3b6d86161464f6509f7219099e57.access.example.com", "cf-access-client-secret": "bdd31cbc4dec990953e39163fbbb194c93313ca9f0a6e420346af9d326b1d2a5" }
saasApp Property Map
sameSiteCookieAttribute String: Sets the SameSite cookie setting, which provides increased security against CSRF attacks.
scimConfig Property Map: Configuration for provisioning to this application via SCIM. This is currently in closed beta.
selfHostedDomains List<String>: List of public domains that Access will secure. This field is deprecated in favor of destinations and will be supported until November 21, 2025. If destinations are provided, then self_hosted_domains will be ignored.
Deprecated: This attribute is deprecated.
serviceAuth401Redirect Boolean: Returns a 401 status code when the request is blocked by a Service Auth policy.
sessionDuration String: The amount of time that tokens issued for this application will be valid. Must be in the format 300ms or 2h45m. Valid time units are: ns, us (or µs), ms, s, m, h.
skipAppLauncherLoginPage Boolean: Determines when to skip the App Launcher landing page.
skipInterstitial Boolean: Enables automatic authentication through cloudflared.
tags List<String>: The tags you want assigned to an application. Tags are used to filter applications in the App Launcher dashboard.
targetCriterias List<Property Map>
type String: The application type.
updatedAt String
accountId String: The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.
appId String: Identifier.
filter Property Map
zoneId String: The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.

Supporting Types

GetZeroTrustAccessApplicationCorsHeaders

AllowAllHeaders bool: Allows all HTTP request headers.
AllowAllMethods bool: Allows all HTTP request methods.
AllowAllOrigins bool: Allows all origins.
AllowCredentials bool: When set to true, includes credentials (cookies, authorization headers, or TLS client certificates) with requests.
AllowedHeaders List<string>: Allowed HTTP request headers.
AllowedMethods List<string>: Allowed HTTP request methods.
AllowedOrigins List<string>: Allowed origins.
MaxAge double: The maximum number of seconds the results of a preflight request can be cached.

AllowAllHeaders bool: Allows all HTTP request headers.
AllowAllMethods bool: Allows all HTTP request methods.
AllowAllOrigins bool: Allows all origins.
AllowCredentials bool: When set to true, includes credentials (cookies, authorization headers, or TLS client certificates) with requests.
AllowedHeaders []string: Allowed HTTP request headers.
AllowedMethods []string: Allowed HTTP request methods.
AllowedOrigins []string: Allowed origins.
MaxAge float64: The maximum number of seconds the results of a preflight request can be cached.

allowAllHeaders Boolean: Allows all HTTP request headers.
allowAllMethods Boolean: Allows all HTTP request methods.
allowAllOrigins Boolean: Allows all origins.
allowCredentials Boolean: When set to true, includes credentials (cookies, authorization headers, or TLS client certificates) with requests.
allowedHeaders List<String>: Allowed HTTP request headers.
allowedMethods List<String>: Allowed HTTP request methods.
allowedOrigins List<String>: Allowed origins.
maxAge Double: The maximum number of seconds the results of a preflight request can be cached.

allowAllHeaders boolean: Allows all HTTP request headers.
allowAllMethods boolean: Allows all HTTP request methods.
allowAllOrigins boolean: Allows all origins.
allowCredentials boolean: When set to true, includes credentials (cookies, authorization headers, or TLS client certificates) with requests.
allowedHeaders string[]: Allowed HTTP request headers.
allowedMethods string[]: Allowed HTTP request methods.
allowedOrigins string[]: Allowed origins.
maxAge number: The maximum number of seconds the results of a preflight request can be cached.

allow_all_headers bool: Allows all HTTP request headers.
allow_all_methods bool: Allows all HTTP request methods.
allow_all_origins bool: Allows all origins.
allow_credentials bool: When set to true, includes credentials (cookies, authorization headers, or TLS client certificates) with requests.
allowed_headers Sequence[str]: Allowed HTTP request headers.
allowed_methods Sequence[str]: Allowed HTTP request methods.
allowed_origins Sequence[str]: Allowed origins.
max_age float: The maximum number of seconds the results of a preflight request can be cached.

allowAllHeaders Boolean: Allows all HTTP request headers.
allowAllMethods Boolean: Allows all HTTP request methods.
allowAllOrigins Boolean: Allows all origins.
allowCredentials Boolean: When set to true, includes credentials (cookies, authorization headers, or TLS client certificates) with requests.
allowedHeaders List<String>: Allowed HTTP request headers.
allowedMethods List<String>: Allowed HTTP request methods.
allowedOrigins List<String>: Allowed origins.
maxAge Number: The maximum number of seconds the results of a preflight request can be cached.

GetZeroTrustAccessApplicationDestination

Cidr string: The CIDR range of the destination. Single IPs will be computed as /32.
Hostname string: The hostname of the destination. Matches a valid SNI served by an HTTPS origin.
L4Protocol string: The L4 protocol of the destination. When omitted, both UDP and TCP traffic will match. Available values: "tcp", "udp".
PortRange string: The port range of the destination. Can be a single port or a range of ports. When omitted, all ports will match.
Type string: Available values: "public".
Uri string: The URI of the destination. Public destinations' URIs can include a domain and path with wildcards.
VnetId string: The VNET ID to match the destination. When omitted, all VNETs will match.

Cidr string: The CIDR range of the destination. Single IPs will be computed as /32.
Hostname string: The hostname of the destination. Matches a valid SNI served by an HTTPS origin.
L4Protocol string: The L4 protocol of the destination. When omitted, both UDP and TCP traffic will match. Available values: "tcp", "udp".
PortRange string: The port range of the destination. Can be a single port or a range of ports. When omitted, all ports will match.
Type string: Available values: "public".
Uri string: The URI of the destination. Public destinations' URIs can include a domain and path with wildcards.
VnetId string: The VNET ID to match the destination. When omitted, all VNETs will match.

cidr String: The CIDR range of the destination. Single IPs will be computed as /32.
hostname String: The hostname of the destination. Matches a valid SNI served by an HTTPS origin.
l4Protocol String: The L4 protocol of the destination. When omitted, both UDP and TCP traffic will match. Available values: "tcp", "udp".
portRange String: The port range of the destination. Can be a single port or a range of ports. When omitted, all ports will match.
type String: Available values: "public".
uri String: The URI of the destination. Public destinations' URIs can include a domain and path with wildcards.
vnetId String: The VNET ID to match the destination. When omitted, all VNETs will match.

cidr string: The CIDR range of the destination. Single IPs will be computed as /32.
hostname string: The hostname of the destination. Matches a valid SNI served by an HTTPS origin.
l4Protocol string: The L4 protocol of the destination. When omitted, both UDP and TCP traffic will match. Available values: "tcp", "udp".
portRange string: The port range of the destination. Can be a single port or a range of ports. When omitted, all ports will match.
type string: Available values: "public".
uri string: The URI of the destination. Public destinations' URIs can include a domain and path with wildcards.
vnetId string: The VNET ID to match the destination. When omitted, all VNETs will match.

cidr str: The CIDR range of the destination. Single IPs will be computed as /32.
hostname str: The hostname of the destination. Matches a valid SNI served by an HTTPS origin.
l4_protocol str: The L4 protocol of the destination. When omitted, both UDP and TCP traffic will match. Available values: "tcp", "udp".
port_range str: The port range of the destination. Can be a single port or a range of ports. When omitted, all ports will match.
type str: Available values: "public".
uri str: The URI of the destination. Public destinations' URIs can include a domain and path with wildcards.
vnet_id str: The VNET ID to match the destination. When omitted, all VNETs will match.

cidr String: The CIDR range of the destination. Single IPs will be computed as /32.
hostname String: The hostname of the destination. Matches a valid SNI served by an HTTPS origin.
l4Protocol String: The L4 protocol of the destination. When omitted, both UDP and TCP traffic will match. Available values: "tcp", "udp".
portRange String: The port range of the destination. Can be a single port or a range of ports. When omitted, all ports will match.
type String: Available values: "public".
uri String: The URI of the destination. Public destinations' URIs can include a domain and path with wildcards.
vnetId String: The VNET ID to match the destination. When omitted, all VNETs will match.

GetZeroTrustAccessApplicationFilter

Aud string: The aud of the app.
Domain string: The domain of the app.
Name string: The name of the app.
Search string: Search for apps by other listed query parameters.

Aud string: The aud of the app.
Domain string: The domain of the app.
Name string: The name of the app.
Search string: Search for apps by other listed query parameters.

aud String: The aud of the app.
domain String: The domain of the app.
name String: The name of the app.
search String: Search for apps by other listed query parameters.

aud string: The aud of the app.
domain string: The domain of the app.
name string: The name of the app.
search string: Search for apps by other listed query parameters.

aud str: The aud of the app.
domain str: The domain of the app.
name str: The name of the app.
search str: Search for apps by other listed query parameters.

aud String: The aud of the app.
domain String: The domain of the app.
name String: The name of the app.
search String: Search for apps by other listed query parameters.

GetZeroTrustAccessApplicationFooterLink

Name string: The hypertext in the footer link.
Url string: the hyperlink in the footer link.

Name string: The hypertext in the footer link.
Url string: the hyperlink in the footer link.

name String: The hypertext in the footer link.
url String: the hyperlink in the footer link.

name string: The hypertext in the footer link.
url string: the hyperlink in the footer link.

name str: The hypertext in the footer link.
url str: the hyperlink in the footer link.

name String: The hypertext in the footer link.
url String: the hyperlink in the footer link.

GetZeroTrustAccessApplicationLandingPageDesign

ButtonColor string: The background color of the log in button on the landing page.
ButtonTextColor string: The color of the text in the log in button on the landing page.
ImageUrl string: The URL of the image shown on the landing page.
Message string: The message shown on the landing page.
Title string: The title shown on the landing page.

ButtonColor string: The background color of the log in button on the landing page.
ButtonTextColor string: The color of the text in the log in button on the landing page.
ImageUrl string: The URL of the image shown on the landing page.
Message string: The message shown on the landing page.
Title string: The title shown on the landing page.

buttonColor String: The background color of the log in button on the landing page.
buttonTextColor String: The color of the text in the log in button on the landing page.
imageUrl String: The URL of the image shown on the landing page.
message String: The message shown on the landing page.
title String: The title shown on the landing page.

buttonColor string: The background color of the log in button on the landing page.
buttonTextColor string: The color of the text in the log in button on the landing page.
imageUrl string: The URL of the image shown on the landing page.
message string: The message shown on the landing page.
title string: The title shown on the landing page.

button_color str: The background color of the log in button on the landing page.
button_text_color str: The color of the text in the log in button on the landing page.
image_url str: The URL of the image shown on the landing page.
message str: The message shown on the landing page.
title str: The title shown on the landing page.

buttonColor String: The background color of the log in button on the landing page.
buttonTextColor String: The color of the text in the log in button on the landing page.
imageUrl String: The URL of the image shown on the landing page.
message String: The message shown on the landing page.
title String: The title shown on the landing page.

GetZeroTrustAccessApplicationPolicy

ApprovalGroups List<GetZeroTrustAccessApplicationPolicyApprovalGroup>: Administrators who can approve a temporary authentication request.
ApprovalRequired bool: Requires the user to request access from an administrator at the start of each session.
ConnectionRules GetZeroTrustAccessApplicationPolicyConnectionRules: The rules that define how users may connect to the targets secured by your application.
CreatedAt string
Decision string: The action Access will take if a user matches this policy. Infrastructure application policies can only use the Allow action. Available values: "allow", "deny", "non_identity", "bypass".
Excludes List<GetZeroTrustAccessApplicationPolicyExclude>: Rules evaluated with a NOT logical operator. To match the policy, a user cannot meet any of the Exclude rules.
Id string: The UUID of the policy
Includes List<GetZeroTrustAccessApplicationPolicyInclude>: Rules evaluated with an OR logical operator. A user needs to meet only one of the Include rules.
IsolationRequired bool: Require this application to be served in an isolated browser for users matching this policy. 'Client Web Isolation' must be on for the account in order to use this feature.
Name string: The name of the Access policy.
Precedence int: The order of execution for this policy. Must be unique for each policy within an app.
PurposeJustificationPrompt string: A custom message that will appear on the purpose justification screen.
PurposeJustificationRequired bool: Require users to enter a justification when they log in to the application.
Requires List<GetZeroTrustAccessApplicationPolicyRequire>: Rules evaluated with an AND logical operator. To match the policy, a user must meet all of the Require rules.
SessionDuration string: The amount of time that tokens issued for the application will be valid. Must be in the format 300ms or 2h45m. Valid time units are: ns, us (or µs), ms, s, m, h.
UpdatedAt string

ApprovalGroups []GetZeroTrustAccessApplicationPolicyApprovalGroup: Administrators who can approve a temporary authentication request.
ApprovalRequired bool: Requires the user to request access from an administrator at the start of each session.
ConnectionRules GetZeroTrustAccessApplicationPolicyConnectionRules: The rules that define how users may connect to the targets secured by your application.
CreatedAt string
Decision string: The action Access will take if a user matches this policy. Infrastructure application policies can only use the Allow action. Available values: "allow", "deny", "non_identity", "bypass".
Excludes []GetZeroTrustAccessApplicationPolicyExclude: Rules evaluated with a NOT logical operator. To match the policy, a user cannot meet any of the Exclude rules.
Id string: The UUID of the policy
Includes []GetZeroTrustAccessApplicationPolicyInclude: Rules evaluated with an OR logical operator. A user needs to meet only one of the Include rules.
IsolationRequired bool: Require this application to be served in an isolated browser for users matching this policy. 'Client Web Isolation' must be on for the account in order to use this feature.
Name string: The name of the Access policy.
Precedence int: The order of execution for this policy. Must be unique for each policy within an app.
PurposeJustificationPrompt string: A custom message that will appear on the purpose justification screen.
PurposeJustificationRequired bool: Require users to enter a justification when they log in to the application.
Requires []GetZeroTrustAccessApplicationPolicyRequire: Rules evaluated with an AND logical operator. To match the policy, a user must meet all of the Require rules.
SessionDuration string: The amount of time that tokens issued for the application will be valid. Must be in the format 300ms or 2h45m. Valid time units are: ns, us (or µs), ms, s, m, h.
UpdatedAt string

approvalGroups List<GetZeroTrustAccessApplicationPolicyApprovalGroup>: Administrators who can approve a temporary authentication request.
approvalRequired Boolean: Requires the user to request access from an administrator at the start of each session.
connectionRules GetZeroTrustAccessApplicationPolicyConnectionRules: The rules that define how users may connect to the targets secured by your application.
createdAt String
decision String: The action Access will take if a user matches this policy. Infrastructure application policies can only use the Allow action. Available values: "allow", "deny", "non_identity", "bypass".
excludes List<GetZeroTrustAccessApplicationPolicyExclude>: Rules evaluated with a NOT logical operator. To match the policy, a user cannot meet any of the Exclude rules.
id String: The UUID of the policy
includes List<GetZeroTrustAccessApplicationPolicyInclude>: Rules evaluated with an OR logical operator. A user needs to meet only one of the Include rules.
isolationRequired Boolean: Require this application to be served in an isolated browser for users matching this policy. 'Client Web Isolation' must be on for the account in order to use this feature.
name String: The name of the Access policy.
precedence Integer: The order of execution for this policy. Must be unique for each policy within an app.
purposeJustificationPrompt String: A custom message that will appear on the purpose justification screen.
purposeJustificationRequired Boolean: Require users to enter a justification when they log in to the application.
requires List<GetZeroTrustAccessApplicationPolicyRequire>: Rules evaluated with an AND logical operator. To match the policy, a user must meet all of the Require rules.
sessionDuration String: The amount of time that tokens issued for the application will be valid. Must be in the format 300ms or 2h45m. Valid time units are: ns, us (or µs), ms, s, m, h.
updatedAt String

approvalGroups GetZeroTrustAccessApplicationPolicyApprovalGroup[]: Administrators who can approve a temporary authentication request.
approvalRequired boolean: Requires the user to request access from an administrator at the start of each session.
connectionRules GetZeroTrustAccessApplicationPolicyConnectionRules: The rules that define how users may connect to the targets secured by your application.
createdAt string
decision string: The action Access will take if a user matches this policy. Infrastructure application policies can only use the Allow action. Available values: "allow", "deny", "non_identity", "bypass".
excludes GetZeroTrustAccessApplicationPolicyExclude[]: Rules evaluated with a NOT logical operator. To match the policy, a user cannot meet any of the Exclude rules.
id string: The UUID of the policy
includes GetZeroTrustAccessApplicationPolicyInclude[]: Rules evaluated with an OR logical operator. A user needs to meet only one of the Include rules.
isolationRequired boolean: Require this application to be served in an isolated browser for users matching this policy. 'Client Web Isolation' must be on for the account in order to use this feature.
name string: The name of the Access policy.
precedence number: The order of execution for this policy. Must be unique for each policy within an app.
purposeJustificationPrompt string: A custom message that will appear on the purpose justification screen.
purposeJustificationRequired boolean: Require users to enter a justification when they log in to the application.
requires GetZeroTrustAccessApplicationPolicyRequire[]: Rules evaluated with an AND logical operator. To match the policy, a user must meet all of the Require rules.
sessionDuration string: The amount of time that tokens issued for the application will be valid. Must be in the format 300ms or 2h45m. Valid time units are: ns, us (or µs), ms, s, m, h.
updatedAt string

approval_groups Sequence[GetZeroTrustAccessApplicationPolicyApprovalGroup]: Administrators who can approve a temporary authentication request.
approval_required bool: Requires the user to request access from an administrator at the start of each session.
connection_rules GetZeroTrustAccessApplicationPolicyConnectionRules: The rules that define how users may connect to the targets secured by your application.
created_at str
decision str: The action Access will take if a user matches this policy. Infrastructure application policies can only use the Allow action. Available values: "allow", "deny", "non_identity", "bypass".
excludes Sequence[GetZeroTrustAccessApplicationPolicyExclude]: Rules evaluated with a NOT logical operator. To match the policy, a user cannot meet any of the Exclude rules.
id str: The UUID of the policy
includes Sequence[GetZeroTrustAccessApplicationPolicyInclude]: Rules evaluated with an OR logical operator. A user needs to meet only one of the Include rules.
isolation_required bool: Require this application to be served in an isolated browser for users matching this policy. 'Client Web Isolation' must be on for the account in order to use this feature.
name str: The name of the Access policy.
precedence int: The order of execution for this policy. Must be unique for each policy within an app.
purpose_justification_prompt str: A custom message that will appear on the purpose justification screen.
purpose_justification_required bool: Require users to enter a justification when they log in to the application.
requires Sequence[GetZeroTrustAccessApplicationPolicyRequire]: Rules evaluated with an AND logical operator. To match the policy, a user must meet all of the Require rules.
session_duration str: The amount of time that tokens issued for the application will be valid. Must be in the format 300ms or 2h45m. Valid time units are: ns, us (or µs), ms, s, m, h.
updated_at str

approvalGroups List<Property Map>: Administrators who can approve a temporary authentication request.
approvalRequired Boolean: Requires the user to request access from an administrator at the start of each session.
connectionRules Property Map: The rules that define how users may connect to the targets secured by your application.
createdAt String
decision String: The action Access will take if a user matches this policy. Infrastructure application policies can only use the Allow action. Available values: "allow", "deny", "non_identity", "bypass".
excludes List<Property Map>: Rules evaluated with a NOT logical operator. To match the policy, a user cannot meet any of the Exclude rules.
id String: The UUID of the policy
includes List<Property Map>: Rules evaluated with an OR logical operator. A user needs to meet only one of the Include rules.
isolationRequired Boolean: Require this application to be served in an isolated browser for users matching this policy. 'Client Web Isolation' must be on for the account in order to use this feature.
name String: The name of the Access policy.
precedence Number: The order of execution for this policy. Must be unique for each policy within an app.
purposeJustificationPrompt String: A custom message that will appear on the purpose justification screen.
purposeJustificationRequired Boolean: Require users to enter a justification when they log in to the application.
requires List<Property Map>: Rules evaluated with an AND logical operator. To match the policy, a user must meet all of the Require rules.
sessionDuration String: The amount of time that tokens issued for the application will be valid. Must be in the format 300ms or 2h45m. Valid time units are: ns, us (or µs), ms, s, m, h.
updatedAt String

GetZeroTrustAccessApplicationPolicyApprovalGroup

ApprovalsNeeded double: The number of approvals needed to obtain access.
EmailAddresses List<string>: A list of emails that can approve the access request.
EmailListUuid string: The UUID of an re-usable email list.

ApprovalsNeeded float64: The number of approvals needed to obtain access.
EmailAddresses []string: A list of emails that can approve the access request.
EmailListUuid string: The UUID of an re-usable email list.

approvalsNeeded Double: The number of approvals needed to obtain access.
emailAddresses List<String>: A list of emails that can approve the access request.
emailListUuid String: The UUID of an re-usable email list.

approvalsNeeded number: The number of approvals needed to obtain access.
emailAddresses string[]: A list of emails that can approve the access request.
emailListUuid string: The UUID of an re-usable email list.

approvals_needed float: The number of approvals needed to obtain access.
email_addresses Sequence[str]: A list of emails that can approve the access request.
email_list_uuid str: The UUID of an re-usable email list.

approvalsNeeded Number: The number of approvals needed to obtain access.
emailAddresses List<String>: A list of emails that can approve the access request.
emailListUuid String: The UUID of an re-usable email list.

GetZeroTrustAccessApplicationPolicyConnectionRules

Ssh GetZeroTrustAccessApplicationPolicyConnectionRulesSsh: The SSH-specific rules that define how users may connect to the targets secured by your application.

Ssh GetZeroTrustAccessApplicationPolicyConnectionRulesSsh: The SSH-specific rules that define how users may connect to the targets secured by your application.

ssh GetZeroTrustAccessApplicationPolicyConnectionRulesSsh: The SSH-specific rules that define how users may connect to the targets secured by your application.

ssh GetZeroTrustAccessApplicationPolicyConnectionRulesSsh: The SSH-specific rules that define how users may connect to the targets secured by your application.

ssh GetZeroTrustAccessApplicationPolicyConnectionRulesSsh: The SSH-specific rules that define how users may connect to the targets secured by your application.

ssh Property Map: The SSH-specific rules that define how users may connect to the targets secured by your application.

GetZeroTrustAccessApplicationPolicyConnectionRulesSsh

AllowEmailAlias bool: Enables using Identity Provider email alias as SSH username.
Usernames List<string>: Contains the Unix usernames that may be used when connecting over SSH.

AllowEmailAlias bool: Enables using Identity Provider email alias as SSH username.
Usernames []string: Contains the Unix usernames that may be used when connecting over SSH.

allowEmailAlias Boolean: Enables using Identity Provider email alias as SSH username.
usernames List<String>: Contains the Unix usernames that may be used when connecting over SSH.

allowEmailAlias boolean: Enables using Identity Provider email alias as SSH username.
usernames string[]: Contains the Unix usernames that may be used when connecting over SSH.

allow_email_alias bool: Enables using Identity Provider email alias as SSH username.
usernames Sequence[str]: Contains the Unix usernames that may be used when connecting over SSH.

allowEmailAlias Boolean: Enables using Identity Provider email alias as SSH username.
usernames List<String>: Contains the Unix usernames that may be used when connecting over SSH.

GetZeroTrustAccessApplicationPolicyExclude

AnyValidServiceToken GetZeroTrustAccessApplicationPolicyExcludeAnyValidServiceToken: An empty object which matches on all service tokens.
AuthContext GetZeroTrustAccessApplicationPolicyExcludeAuthContext
AuthMethod GetZeroTrustAccessApplicationPolicyExcludeAuthMethod
AzureAd GetZeroTrustAccessApplicationPolicyExcludeAzureAd
Certificate GetZeroTrustAccessApplicationPolicyExcludeCertificate
CommonName GetZeroTrustAccessApplicationPolicyExcludeCommonName
DevicePosture GetZeroTrustAccessApplicationPolicyExcludeDevicePosture
Email GetZeroTrustAccessApplicationPolicyExcludeEmail
EmailDomain GetZeroTrustAccessApplicationPolicyExcludeEmailDomain
EmailList GetZeroTrustAccessApplicationPolicyExcludeEmailList
Everyone GetZeroTrustAccessApplicationPolicyExcludeEveryone: An empty object which matches on all users.
ExternalEvaluation GetZeroTrustAccessApplicationPolicyExcludeExternalEvaluation
Geo GetZeroTrustAccessApplicationPolicyExcludeGeo
GithubOrganization GetZeroTrustAccessApplicationPolicyExcludeGithubOrganization
Group GetZeroTrustAccessApplicationPolicyExcludeGroup
Gsuite GetZeroTrustAccessApplicationPolicyExcludeGsuite
Ip GetZeroTrustAccessApplicationPolicyExcludeIp
IpList GetZeroTrustAccessApplicationPolicyExcludeIpList
LoginMethod GetZeroTrustAccessApplicationPolicyExcludeLoginMethod
Okta GetZeroTrustAccessApplicationPolicyExcludeOkta
Saml GetZeroTrustAccessApplicationPolicyExcludeSaml
ServiceToken GetZeroTrustAccessApplicationPolicyExcludeServiceToken

AnyValidServiceToken GetZeroTrustAccessApplicationPolicyExcludeAnyValidServiceToken: An empty object which matches on all service tokens.
AuthContext GetZeroTrustAccessApplicationPolicyExcludeAuthContext
AuthMethod GetZeroTrustAccessApplicationPolicyExcludeAuthMethod
AzureAd GetZeroTrustAccessApplicationPolicyExcludeAzureAd
Certificate GetZeroTrustAccessApplicationPolicyExcludeCertificate
CommonName GetZeroTrustAccessApplicationPolicyExcludeCommonName
DevicePosture GetZeroTrustAccessApplicationPolicyExcludeDevicePosture
Email GetZeroTrustAccessApplicationPolicyExcludeEmail
EmailDomain GetZeroTrustAccessApplicationPolicyExcludeEmailDomain
EmailList GetZeroTrustAccessApplicationPolicyExcludeEmailList
Everyone GetZeroTrustAccessApplicationPolicyExcludeEveryone: An empty object which matches on all users.
ExternalEvaluation GetZeroTrustAccessApplicationPolicyExcludeExternalEvaluation
Geo GetZeroTrustAccessApplicationPolicyExcludeGeo
GithubOrganization GetZeroTrustAccessApplicationPolicyExcludeGithubOrganization
Group GetZeroTrustAccessApplicationPolicyExcludeGroup
Gsuite GetZeroTrustAccessApplicationPolicyExcludeGsuite
Ip GetZeroTrustAccessApplicationPolicyExcludeIp
IpList GetZeroTrustAccessApplicationPolicyExcludeIpList
LoginMethod GetZeroTrustAccessApplicationPolicyExcludeLoginMethod
Okta GetZeroTrustAccessApplicationPolicyExcludeOkta
Saml GetZeroTrustAccessApplicationPolicyExcludeSaml
ServiceToken GetZeroTrustAccessApplicationPolicyExcludeServiceToken

anyValidServiceToken GetZeroTrustAccessApplicationPolicyExcludeAnyValidServiceToken: An empty object which matches on all service tokens.
authContext GetZeroTrustAccessApplicationPolicyExcludeAuthContext
authMethod GetZeroTrustAccessApplicationPolicyExcludeAuthMethod
azureAd GetZeroTrustAccessApplicationPolicyExcludeAzureAd
certificate GetZeroTrustAccessApplicationPolicyExcludeCertificate
commonName GetZeroTrustAccessApplicationPolicyExcludeCommonName
devicePosture GetZeroTrustAccessApplicationPolicyExcludeDevicePosture
email GetZeroTrustAccessApplicationPolicyExcludeEmail
emailDomain GetZeroTrustAccessApplicationPolicyExcludeEmailDomain
emailList GetZeroTrustAccessApplicationPolicyExcludeEmailList
everyone GetZeroTrustAccessApplicationPolicyExcludeEveryone: An empty object which matches on all users.
externalEvaluation GetZeroTrustAccessApplicationPolicyExcludeExternalEvaluation
geo GetZeroTrustAccessApplicationPolicyExcludeGeo
githubOrganization GetZeroTrustAccessApplicationPolicyExcludeGithubOrganization
group GetZeroTrustAccessApplicationPolicyExcludeGroup
gsuite GetZeroTrustAccessApplicationPolicyExcludeGsuite
ip GetZeroTrustAccessApplicationPolicyExcludeIp
ipList GetZeroTrustAccessApplicationPolicyExcludeIpList
loginMethod GetZeroTrustAccessApplicationPolicyExcludeLoginMethod
okta GetZeroTrustAccessApplicationPolicyExcludeOkta
saml GetZeroTrustAccessApplicationPolicyExcludeSaml
serviceToken GetZeroTrustAccessApplicationPolicyExcludeServiceToken

anyValidServiceToken GetZeroTrustAccessApplicationPolicyExcludeAnyValidServiceToken: An empty object which matches on all service tokens.
authContext GetZeroTrustAccessApplicationPolicyExcludeAuthContext
authMethod GetZeroTrustAccessApplicationPolicyExcludeAuthMethod
azureAd GetZeroTrustAccessApplicationPolicyExcludeAzureAd
certificate GetZeroTrustAccessApplicationPolicyExcludeCertificate
commonName GetZeroTrustAccessApplicationPolicyExcludeCommonName
devicePosture GetZeroTrustAccessApplicationPolicyExcludeDevicePosture
email GetZeroTrustAccessApplicationPolicyExcludeEmail
emailDomain GetZeroTrustAccessApplicationPolicyExcludeEmailDomain
emailList GetZeroTrustAccessApplicationPolicyExcludeEmailList
everyone GetZeroTrustAccessApplicationPolicyExcludeEveryone: An empty object which matches on all users.
externalEvaluation GetZeroTrustAccessApplicationPolicyExcludeExternalEvaluation
geo GetZeroTrustAccessApplicationPolicyExcludeGeo
githubOrganization GetZeroTrustAccessApplicationPolicyExcludeGithubOrganization
group GetZeroTrustAccessApplicationPolicyExcludeGroup
gsuite GetZeroTrustAccessApplicationPolicyExcludeGsuite
ip GetZeroTrustAccessApplicationPolicyExcludeIp
ipList GetZeroTrustAccessApplicationPolicyExcludeIpList
loginMethod GetZeroTrustAccessApplicationPolicyExcludeLoginMethod
okta GetZeroTrustAccessApplicationPolicyExcludeOkta
saml GetZeroTrustAccessApplicationPolicyExcludeSaml
serviceToken GetZeroTrustAccessApplicationPolicyExcludeServiceToken

any_valid_service_token GetZeroTrustAccessApplicationPolicyExcludeAnyValidServiceToken: An empty object which matches on all service tokens.
auth_context GetZeroTrustAccessApplicationPolicyExcludeAuthContext
auth_method GetZeroTrustAccessApplicationPolicyExcludeAuthMethod
azure_ad GetZeroTrustAccessApplicationPolicyExcludeAzureAd
certificate GetZeroTrustAccessApplicationPolicyExcludeCertificate
common_name GetZeroTrustAccessApplicationPolicyExcludeCommonName
device_posture GetZeroTrustAccessApplicationPolicyExcludeDevicePosture
email GetZeroTrustAccessApplicationPolicyExcludeEmail
email_domain GetZeroTrustAccessApplicationPolicyExcludeEmailDomain
email_list GetZeroTrustAccessApplicationPolicyExcludeEmailList
everyone GetZeroTrustAccessApplicationPolicyExcludeEveryone: An empty object which matches on all users.
external_evaluation GetZeroTrustAccessApplicationPolicyExcludeExternalEvaluation
geo GetZeroTrustAccessApplicationPolicyExcludeGeo
github_organization GetZeroTrustAccessApplicationPolicyExcludeGithubOrganization
group GetZeroTrustAccessApplicationPolicyExcludeGroup
gsuite GetZeroTrustAccessApplicationPolicyExcludeGsuite
ip GetZeroTrustAccessApplicationPolicyExcludeIp
ip_list GetZeroTrustAccessApplicationPolicyExcludeIpList
login_method GetZeroTrustAccessApplicationPolicyExcludeLoginMethod
okta GetZeroTrustAccessApplicationPolicyExcludeOkta
saml GetZeroTrustAccessApplicationPolicyExcludeSaml
service_token GetZeroTrustAccessApplicationPolicyExcludeServiceToken

anyValidServiceToken Property Map: An empty object which matches on all service tokens.
authContext Property Map
authMethod Property Map
azureAd Property Map
certificate Property Map
commonName Property Map
devicePosture Property Map
email Property Map
emailDomain Property Map
emailList Property Map
everyone Property Map: An empty object which matches on all users.
externalEvaluation Property Map
geo Property Map
githubOrganization Property Map
group Property Map
gsuite Property Map
ip Property Map
ipList Property Map
loginMethod Property Map
okta Property Map
saml Property Map
serviceToken Property Map

GetZeroTrustAccessApplicationPolicyExcludeAuthContext

AcId string: The ACID of an Authentication context.
Id string: The ID of an Authentication context.
IdentityProviderId string: The ID of your Azure identity provider.

AcId string: The ACID of an Authentication context.
Id string: The ID of an Authentication context.
IdentityProviderId string: The ID of your Azure identity provider.

acId String: The ACID of an Authentication context.
id String: The ID of an Authentication context.
identityProviderId String: The ID of your Azure identity provider.

acId string: The ACID of an Authentication context.
id string: The ID of an Authentication context.
identityProviderId string: The ID of your Azure identity provider.

ac_id str: The ACID of an Authentication context.
id str: The ID of an Authentication context.
identity_provider_id str: The ID of your Azure identity provider.

acId String: The ACID of an Authentication context.
id String: The ID of an Authentication context.
identityProviderId String: The ID of your Azure identity provider.

GetZeroTrustAccessApplicationPolicyExcludeAuthMethod

AuthMethod string: The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.

AuthMethod string: The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.

authMethod String: The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.

authMethod string: The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.

auth_method str: The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.

authMethod String: The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.

GetZeroTrustAccessApplicationPolicyExcludeAzureAd

Id string: The ID of an Azure group.
IdentityProviderId string: The ID of your Azure identity provider.

Id string: The ID of an Azure group.
IdentityProviderId string: The ID of your Azure identity provider.

id String: The ID of an Azure group.
identityProviderId String: The ID of your Azure identity provider.

id string: The ID of an Azure group.
identityProviderId string: The ID of your Azure identity provider.

id str: The ID of an Azure group.
identity_provider_id str: The ID of your Azure identity provider.

id String: The ID of an Azure group.
identityProviderId String: The ID of your Azure identity provider.

GetZeroTrustAccessApplicationPolicyExcludeCommonName

CommonName string: The common name to match.

CommonName string: The common name to match.

commonName String: The common name to match.

commonName string: The common name to match.

common_name str: The common name to match.

commonName String: The common name to match.

GetZeroTrustAccessApplicationPolicyExcludeDevicePosture

IntegrationUid string: The ID of a device posture integration.

IntegrationUid string: The ID of a device posture integration.

integrationUid String: The ID of a device posture integration.

integrationUid string: The ID of a device posture integration.

integration_uid str: The ID of a device posture integration.

integrationUid String: The ID of a device posture integration.

GetZeroTrustAccessApplicationPolicyExcludeEmail

Email string: The email of the user.

Email string: The email of the user.

email String: The email of the user.

email string: The email of the user.

email str: The email of the user.

email String: The email of the user.

GetZeroTrustAccessApplicationPolicyExcludeEmailDomain

Domain string: The email domain to match.

Domain string: The email domain to match.

domain String: The email domain to match.

domain string: The email domain to match.

domain str: The email domain to match.

domain String: The email domain to match.

GetZeroTrustAccessApplicationPolicyExcludeEmailList

Id string: The ID of a previously created email list.

Id string: The ID of a previously created email list.

id String: The ID of a previously created email list.

id string: The ID of a previously created email list.

id str: The ID of a previously created email list.

id String: The ID of a previously created email list.

GetZeroTrustAccessApplicationPolicyExcludeExternalEvaluation

EvaluateUrl string: The API endpoint containing your business logic.
KeysUrl string: The API endpoint containing the key that Access uses to verify that the response came from your API.

EvaluateUrl string: The API endpoint containing your business logic.
KeysUrl string: The API endpoint containing the key that Access uses to verify that the response came from your API.

evaluateUrl String: The API endpoint containing your business logic.
keysUrl String: The API endpoint containing the key that Access uses to verify that the response came from your API.

evaluateUrl string: The API endpoint containing your business logic.
keysUrl string: The API endpoint containing the key that Access uses to verify that the response came from your API.

evaluate_url str: The API endpoint containing your business logic.
keys_url str: The API endpoint containing the key that Access uses to verify that the response came from your API.

evaluateUrl String: The API endpoint containing your business logic.
keysUrl String: The API endpoint containing the key that Access uses to verify that the response came from your API.

GetZeroTrustAccessApplicationPolicyExcludeGeo

CountryCode string: The country code that should be matched.

CountryCode string: The country code that should be matched.

countryCode String: The country code that should be matched.

countryCode string: The country code that should be matched.

country_code str: The country code that should be matched.

countryCode String: The country code that should be matched.

GetZeroTrustAccessApplicationPolicyExcludeGithubOrganization

IdentityProviderId string: The ID of your Github identity provider.
Name string: The name of the organization.
Team string: The name of the team

IdentityProviderId string: The ID of your Github identity provider.
Name string: The name of the organization.
Team string: The name of the team

identityProviderId String: The ID of your Github identity provider.
name String: The name of the organization.
team String: The name of the team

identityProviderId string: The ID of your Github identity provider.
name string: The name of the organization.
team string: The name of the team

identity_provider_id str: The ID of your Github identity provider.
name str: The name of the organization.
team str: The name of the team

identityProviderId String: The ID of your Github identity provider.
name String: The name of the organization.
team String: The name of the team

GetZeroTrustAccessApplicationPolicyExcludeGroup

Id string: The ID of a previously created Access group.

Id string: The ID of a previously created Access group.

id String: The ID of a previously created Access group.

id string: The ID of a previously created Access group.

id str: The ID of a previously created Access group.

id String: The ID of a previously created Access group.

GetZeroTrustAccessApplicationPolicyExcludeGsuite

Email string: The email of the Google Workspace group.
IdentityProviderId string: The ID of your Google Workspace identity provider.

Email string: The email of the Google Workspace group.
IdentityProviderId string: The ID of your Google Workspace identity provider.

email String: The email of the Google Workspace group.
identityProviderId String: The ID of your Google Workspace identity provider.

email string: The email of the Google Workspace group.
identityProviderId string: The ID of your Google Workspace identity provider.

email str: The email of the Google Workspace group.
identity_provider_id str: The ID of your Google Workspace identity provider.

email String: The email of the Google Workspace group.
identityProviderId String: The ID of your Google Workspace identity provider.

GetZeroTrustAccessApplicationPolicyExcludeIp

Ip string: An IPv4 or IPv6 CIDR block.

Ip string: An IPv4 or IPv6 CIDR block.

ip String: An IPv4 or IPv6 CIDR block.

ip string: An IPv4 or IPv6 CIDR block.

ip str: An IPv4 or IPv6 CIDR block.

ip String: An IPv4 or IPv6 CIDR block.

GetZeroTrustAccessApplicationPolicyExcludeIpList

Id string: The ID of a previously created IP list.

Id string: The ID of a previously created IP list.

id String: The ID of a previously created IP list.

id string: The ID of a previously created IP list.

id str: The ID of a previously created IP list.

id String: The ID of a previously created IP list.

GetZeroTrustAccessApplicationPolicyExcludeLoginMethod

Id string: The ID of an identity provider.

Id string: The ID of an identity provider.

id String: The ID of an identity provider.

id string: The ID of an identity provider.

id str: The ID of an identity provider.

id String: The ID of an identity provider.

GetZeroTrustAccessApplicationPolicyExcludeOkta

IdentityProviderId string: The ID of your Okta identity provider.
Name string: The name of the Okta group.

IdentityProviderId string: The ID of your Okta identity provider.
Name string: The name of the Okta group.

identityProviderId String: The ID of your Okta identity provider.
name String: The name of the Okta group.

identityProviderId string: The ID of your Okta identity provider.
name string: The name of the Okta group.

identity_provider_id str: The ID of your Okta identity provider.
name str: The name of the Okta group.

identityProviderId String: The ID of your Okta identity provider.
name String: The name of the Okta group.

GetZeroTrustAccessApplicationPolicyExcludeSaml

AttributeName string: The name of the SAML attribute.
AttributeValue string: The SAML attribute value to look for.
IdentityProviderId string: The ID of your SAML identity provider.

AttributeName string: The name of the SAML attribute.
AttributeValue string: The SAML attribute value to look for.
IdentityProviderId string: The ID of your SAML identity provider.

attributeName String: The name of the SAML attribute.
attributeValue String: The SAML attribute value to look for.
identityProviderId String: The ID of your SAML identity provider.

attributeName string: The name of the SAML attribute.
attributeValue string: The SAML attribute value to look for.
identityProviderId string: The ID of your SAML identity provider.

attribute_name str: The name of the SAML attribute.
attribute_value str: The SAML attribute value to look for.
identity_provider_id str: The ID of your SAML identity provider.

attributeName String: The name of the SAML attribute.
attributeValue String: The SAML attribute value to look for.
identityProviderId String: The ID of your SAML identity provider.

GetZeroTrustAccessApplicationPolicyExcludeServiceToken

TokenId string: The ID of a Service Token.

TokenId string: The ID of a Service Token.

tokenId String: The ID of a Service Token.

tokenId string: The ID of a Service Token.

token_id str: The ID of a Service Token.

tokenId String: The ID of a Service Token.

GetZeroTrustAccessApplicationPolicyInclude

AnyValidServiceToken GetZeroTrustAccessApplicationPolicyIncludeAnyValidServiceToken: An empty object which matches on all service tokens.
AuthContext GetZeroTrustAccessApplicationPolicyIncludeAuthContext
AuthMethod GetZeroTrustAccessApplicationPolicyIncludeAuthMethod
AzureAd GetZeroTrustAccessApplicationPolicyIncludeAzureAd
Certificate GetZeroTrustAccessApplicationPolicyIncludeCertificate
CommonName GetZeroTrustAccessApplicationPolicyIncludeCommonName
DevicePosture GetZeroTrustAccessApplicationPolicyIncludeDevicePosture
Email GetZeroTrustAccessApplicationPolicyIncludeEmail
EmailDomain GetZeroTrustAccessApplicationPolicyIncludeEmailDomain
EmailList GetZeroTrustAccessApplicationPolicyIncludeEmailList
Everyone GetZeroTrustAccessApplicationPolicyIncludeEveryone: An empty object which matches on all users.
ExternalEvaluation GetZeroTrustAccessApplicationPolicyIncludeExternalEvaluation
Geo GetZeroTrustAccessApplicationPolicyIncludeGeo
GithubOrganization GetZeroTrustAccessApplicationPolicyIncludeGithubOrganization
Group GetZeroTrustAccessApplicationPolicyIncludeGroup
Gsuite GetZeroTrustAccessApplicationPolicyIncludeGsuite
Ip GetZeroTrustAccessApplicationPolicyIncludeIp
IpList GetZeroTrustAccessApplicationPolicyIncludeIpList
LoginMethod GetZeroTrustAccessApplicationPolicyIncludeLoginMethod
Okta GetZeroTrustAccessApplicationPolicyIncludeOkta
Saml GetZeroTrustAccessApplicationPolicyIncludeSaml
ServiceToken GetZeroTrustAccessApplicationPolicyIncludeServiceToken

AnyValidServiceToken GetZeroTrustAccessApplicationPolicyIncludeAnyValidServiceToken: An empty object which matches on all service tokens.
AuthContext GetZeroTrustAccessApplicationPolicyIncludeAuthContext
AuthMethod GetZeroTrustAccessApplicationPolicyIncludeAuthMethod
AzureAd GetZeroTrustAccessApplicationPolicyIncludeAzureAd
Certificate GetZeroTrustAccessApplicationPolicyIncludeCertificate
CommonName GetZeroTrustAccessApplicationPolicyIncludeCommonName
DevicePosture GetZeroTrustAccessApplicationPolicyIncludeDevicePosture
Email GetZeroTrustAccessApplicationPolicyIncludeEmail
EmailDomain GetZeroTrustAccessApplicationPolicyIncludeEmailDomain
EmailList GetZeroTrustAccessApplicationPolicyIncludeEmailList
Everyone GetZeroTrustAccessApplicationPolicyIncludeEveryone: An empty object which matches on all users.
ExternalEvaluation GetZeroTrustAccessApplicationPolicyIncludeExternalEvaluation
Geo GetZeroTrustAccessApplicationPolicyIncludeGeo
GithubOrganization GetZeroTrustAccessApplicationPolicyIncludeGithubOrganization
Group GetZeroTrustAccessApplicationPolicyIncludeGroup
Gsuite GetZeroTrustAccessApplicationPolicyIncludeGsuite
Ip GetZeroTrustAccessApplicationPolicyIncludeIp
IpList GetZeroTrustAccessApplicationPolicyIncludeIpList
LoginMethod GetZeroTrustAccessApplicationPolicyIncludeLoginMethod
Okta GetZeroTrustAccessApplicationPolicyIncludeOkta
Saml GetZeroTrustAccessApplicationPolicyIncludeSaml
ServiceToken GetZeroTrustAccessApplicationPolicyIncludeServiceToken

anyValidServiceToken GetZeroTrustAccessApplicationPolicyIncludeAnyValidServiceToken: An empty object which matches on all service tokens.
authContext GetZeroTrustAccessApplicationPolicyIncludeAuthContext
authMethod GetZeroTrustAccessApplicationPolicyIncludeAuthMethod
azureAd GetZeroTrustAccessApplicationPolicyIncludeAzureAd
certificate GetZeroTrustAccessApplicationPolicyIncludeCertificate
commonName GetZeroTrustAccessApplicationPolicyIncludeCommonName
devicePosture GetZeroTrustAccessApplicationPolicyIncludeDevicePosture
email GetZeroTrustAccessApplicationPolicyIncludeEmail
emailDomain GetZeroTrustAccessApplicationPolicyIncludeEmailDomain
emailList GetZeroTrustAccessApplicationPolicyIncludeEmailList
everyone GetZeroTrustAccessApplicationPolicyIncludeEveryone: An empty object which matches on all users.
externalEvaluation GetZeroTrustAccessApplicationPolicyIncludeExternalEvaluation
geo GetZeroTrustAccessApplicationPolicyIncludeGeo
githubOrganization GetZeroTrustAccessApplicationPolicyIncludeGithubOrganization
group GetZeroTrustAccessApplicationPolicyIncludeGroup
gsuite GetZeroTrustAccessApplicationPolicyIncludeGsuite
ip GetZeroTrustAccessApplicationPolicyIncludeIp
ipList GetZeroTrustAccessApplicationPolicyIncludeIpList
loginMethod GetZeroTrustAccessApplicationPolicyIncludeLoginMethod
okta GetZeroTrustAccessApplicationPolicyIncludeOkta
saml GetZeroTrustAccessApplicationPolicyIncludeSaml
serviceToken GetZeroTrustAccessApplicationPolicyIncludeServiceToken

anyValidServiceToken GetZeroTrustAccessApplicationPolicyIncludeAnyValidServiceToken: An empty object which matches on all service tokens.
authContext GetZeroTrustAccessApplicationPolicyIncludeAuthContext
authMethod GetZeroTrustAccessApplicationPolicyIncludeAuthMethod
azureAd GetZeroTrustAccessApplicationPolicyIncludeAzureAd
certificate GetZeroTrustAccessApplicationPolicyIncludeCertificate
commonName GetZeroTrustAccessApplicationPolicyIncludeCommonName
devicePosture GetZeroTrustAccessApplicationPolicyIncludeDevicePosture
email GetZeroTrustAccessApplicationPolicyIncludeEmail
emailDomain GetZeroTrustAccessApplicationPolicyIncludeEmailDomain
emailList GetZeroTrustAccessApplicationPolicyIncludeEmailList
everyone GetZeroTrustAccessApplicationPolicyIncludeEveryone: An empty object which matches on all users.
externalEvaluation GetZeroTrustAccessApplicationPolicyIncludeExternalEvaluation
geo GetZeroTrustAccessApplicationPolicyIncludeGeo
githubOrganization GetZeroTrustAccessApplicationPolicyIncludeGithubOrganization
group GetZeroTrustAccessApplicationPolicyIncludeGroup
gsuite GetZeroTrustAccessApplicationPolicyIncludeGsuite
ip GetZeroTrustAccessApplicationPolicyIncludeIp
ipList GetZeroTrustAccessApplicationPolicyIncludeIpList
loginMethod GetZeroTrustAccessApplicationPolicyIncludeLoginMethod
okta GetZeroTrustAccessApplicationPolicyIncludeOkta
saml GetZeroTrustAccessApplicationPolicyIncludeSaml
serviceToken GetZeroTrustAccessApplicationPolicyIncludeServiceToken

any_valid_service_token GetZeroTrustAccessApplicationPolicyIncludeAnyValidServiceToken: An empty object which matches on all service tokens.
auth_context GetZeroTrustAccessApplicationPolicyIncludeAuthContext
auth_method GetZeroTrustAccessApplicationPolicyIncludeAuthMethod
azure_ad GetZeroTrustAccessApplicationPolicyIncludeAzureAd
certificate GetZeroTrustAccessApplicationPolicyIncludeCertificate
common_name GetZeroTrustAccessApplicationPolicyIncludeCommonName
device_posture GetZeroTrustAccessApplicationPolicyIncludeDevicePosture
email GetZeroTrustAccessApplicationPolicyIncludeEmail
email_domain GetZeroTrustAccessApplicationPolicyIncludeEmailDomain
email_list GetZeroTrustAccessApplicationPolicyIncludeEmailList
everyone GetZeroTrustAccessApplicationPolicyIncludeEveryone: An empty object which matches on all users.
external_evaluation GetZeroTrustAccessApplicationPolicyIncludeExternalEvaluation
geo GetZeroTrustAccessApplicationPolicyIncludeGeo
github_organization GetZeroTrustAccessApplicationPolicyIncludeGithubOrganization
group GetZeroTrustAccessApplicationPolicyIncludeGroup
gsuite GetZeroTrustAccessApplicationPolicyIncludeGsuite
ip GetZeroTrustAccessApplicationPolicyIncludeIp
ip_list GetZeroTrustAccessApplicationPolicyIncludeIpList
login_method GetZeroTrustAccessApplicationPolicyIncludeLoginMethod
okta GetZeroTrustAccessApplicationPolicyIncludeOkta
saml GetZeroTrustAccessApplicationPolicyIncludeSaml
service_token GetZeroTrustAccessApplicationPolicyIncludeServiceToken

anyValidServiceToken Property Map: An empty object which matches on all service tokens.
authContext Property Map
authMethod Property Map
azureAd Property Map
certificate Property Map
commonName Property Map
devicePosture Property Map
email Property Map
emailDomain Property Map
emailList Property Map
everyone Property Map: An empty object which matches on all users.
externalEvaluation Property Map
geo Property Map
githubOrganization Property Map
group Property Map
gsuite Property Map
ip Property Map
ipList Property Map
loginMethod Property Map
okta Property Map
saml Property Map
serviceToken Property Map

GetZeroTrustAccessApplicationPolicyIncludeAuthContext

AcId string: The ACID of an Authentication context.
Id string: The ID of an Authentication context.
IdentityProviderId string: The ID of your Azure identity provider.

AcId string: The ACID of an Authentication context.
Id string: The ID of an Authentication context.
IdentityProviderId string: The ID of your Azure identity provider.

acId String: The ACID of an Authentication context.
id String: The ID of an Authentication context.
identityProviderId String: The ID of your Azure identity provider.

acId string: The ACID of an Authentication context.
id string: The ID of an Authentication context.
identityProviderId string: The ID of your Azure identity provider.

ac_id str: The ACID of an Authentication context.
id str: The ID of an Authentication context.
identity_provider_id str: The ID of your Azure identity provider.

acId String: The ACID of an Authentication context.
id String: The ID of an Authentication context.
identityProviderId String: The ID of your Azure identity provider.

GetZeroTrustAccessApplicationPolicyIncludeAuthMethod

AuthMethod string: The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.

AuthMethod string: The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.

authMethod String: The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.

authMethod string: The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.

auth_method str: The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.

authMethod String: The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.

GetZeroTrustAccessApplicationPolicyIncludeAzureAd

Id string: The ID of an Azure group.
IdentityProviderId string: The ID of your Azure identity provider.

Id string: The ID of an Azure group.
IdentityProviderId string: The ID of your Azure identity provider.

id String: The ID of an Azure group.
identityProviderId String: The ID of your Azure identity provider.

id string: The ID of an Azure group.
identityProviderId string: The ID of your Azure identity provider.

id str: The ID of an Azure group.
identity_provider_id str: The ID of your Azure identity provider.

id String: The ID of an Azure group.
identityProviderId String: The ID of your Azure identity provider.

GetZeroTrustAccessApplicationPolicyIncludeCommonName

CommonName string: The common name to match.

CommonName string: The common name to match.

commonName String: The common name to match.

commonName string: The common name to match.

common_name str: The common name to match.

commonName String: The common name to match.

GetZeroTrustAccessApplicationPolicyIncludeDevicePosture

IntegrationUid string: The ID of a device posture integration.

IntegrationUid string: The ID of a device posture integration.

integrationUid String: The ID of a device posture integration.

integrationUid string: The ID of a device posture integration.

integration_uid str: The ID of a device posture integration.

integrationUid String: The ID of a device posture integration.

GetZeroTrustAccessApplicationPolicyIncludeEmail

Email string: The email of the user.

Email string: The email of the user.

email String: The email of the user.

email string: The email of the user.

email str: The email of the user.

email String: The email of the user.

GetZeroTrustAccessApplicationPolicyIncludeEmailDomain

Domain string: The email domain to match.

Domain string: The email domain to match.

domain String: The email domain to match.

domain string: The email domain to match.

domain str: The email domain to match.

domain String: The email domain to match.

GetZeroTrustAccessApplicationPolicyIncludeEmailList

Id string: The ID of a previously created email list.

Id string: The ID of a previously created email list.

id String: The ID of a previously created email list.

id string: The ID of a previously created email list.

id str: The ID of a previously created email list.

id String: The ID of a previously created email list.

GetZeroTrustAccessApplicationPolicyIncludeExternalEvaluation

EvaluateUrl string: The API endpoint containing your business logic.
KeysUrl string: The API endpoint containing the key that Access uses to verify that the response came from your API.

EvaluateUrl string: The API endpoint containing your business logic.
KeysUrl string: The API endpoint containing the key that Access uses to verify that the response came from your API.

evaluateUrl String: The API endpoint containing your business logic.
keysUrl String: The API endpoint containing the key that Access uses to verify that the response came from your API.

evaluateUrl string: The API endpoint containing your business logic.
keysUrl string: The API endpoint containing the key that Access uses to verify that the response came from your API.

evaluate_url str: The API endpoint containing your business logic.
keys_url str: The API endpoint containing the key that Access uses to verify that the response came from your API.

evaluateUrl String: The API endpoint containing your business logic.
keysUrl String: The API endpoint containing the key that Access uses to verify that the response came from your API.

GetZeroTrustAccessApplicationPolicyIncludeGeo

CountryCode string: The country code that should be matched.

CountryCode string: The country code that should be matched.

countryCode String: The country code that should be matched.

countryCode string: The country code that should be matched.

country_code str: The country code that should be matched.

countryCode String: The country code that should be matched.

GetZeroTrustAccessApplicationPolicyIncludeGithubOrganization

IdentityProviderId string: The ID of your Github identity provider.
Name string: The name of the organization.
Team string: The name of the team

IdentityProviderId string: The ID of your Github identity provider.
Name string: The name of the organization.
Team string: The name of the team

identityProviderId String: The ID of your Github identity provider.
name String: The name of the organization.
team String: The name of the team

identityProviderId string: The ID of your Github identity provider.
name string: The name of the organization.
team string: The name of the team

identity_provider_id str: The ID of your Github identity provider.
name str: The name of the organization.
team str: The name of the team

identityProviderId String: The ID of your Github identity provider.
name String: The name of the organization.
team String: The name of the team

GetZeroTrustAccessApplicationPolicyIncludeGroup

Id string: The ID of a previously created Access group.

Id string: The ID of a previously created Access group.

id String: The ID of a previously created Access group.

id string: The ID of a previously created Access group.

id str: The ID of a previously created Access group.

id String: The ID of a previously created Access group.

GetZeroTrustAccessApplicationPolicyIncludeGsuite

Email string: The email of the Google Workspace group.
IdentityProviderId string: The ID of your Google Workspace identity provider.

Email string: The email of the Google Workspace group.
IdentityProviderId string: The ID of your Google Workspace identity provider.

email String: The email of the Google Workspace group.
identityProviderId String: The ID of your Google Workspace identity provider.

email string: The email of the Google Workspace group.
identityProviderId string: The ID of your Google Workspace identity provider.

email str: The email of the Google Workspace group.
identity_provider_id str: The ID of your Google Workspace identity provider.

email String: The email of the Google Workspace group.
identityProviderId String: The ID of your Google Workspace identity provider.

GetZeroTrustAccessApplicationPolicyIncludeIp

Ip string: An IPv4 or IPv6 CIDR block.

Ip string: An IPv4 or IPv6 CIDR block.

ip String: An IPv4 or IPv6 CIDR block.

ip string: An IPv4 or IPv6 CIDR block.

ip str: An IPv4 or IPv6 CIDR block.

ip String: An IPv4 or IPv6 CIDR block.

GetZeroTrustAccessApplicationPolicyIncludeIpList

Id string: The ID of a previously created IP list.

Id string: The ID of a previously created IP list.

id String: The ID of a previously created IP list.

id string: The ID of a previously created IP list.

id str: The ID of a previously created IP list.

id String: The ID of a previously created IP list.

GetZeroTrustAccessApplicationPolicyIncludeLoginMethod

Id string: The ID of an identity provider.

Id string: The ID of an identity provider.

id String: The ID of an identity provider.

id string: The ID of an identity provider.

id str: The ID of an identity provider.

id String: The ID of an identity provider.

GetZeroTrustAccessApplicationPolicyIncludeOkta

IdentityProviderId string: The ID of your Okta identity provider.
Name string: The name of the Okta group.

IdentityProviderId string: The ID of your Okta identity provider.
Name string: The name of the Okta group.

identityProviderId String: The ID of your Okta identity provider.
name String: The name of the Okta group.

identityProviderId string: The ID of your Okta identity provider.
name string: The name of the Okta group.

identity_provider_id str: The ID of your Okta identity provider.
name str: The name of the Okta group.

identityProviderId String: The ID of your Okta identity provider.
name String: The name of the Okta group.

GetZeroTrustAccessApplicationPolicyIncludeSaml

AttributeName string: The name of the SAML attribute.
AttributeValue string: The SAML attribute value to look for.
IdentityProviderId string: The ID of your SAML identity provider.

AttributeName string: The name of the SAML attribute.
AttributeValue string: The SAML attribute value to look for.
IdentityProviderId string: The ID of your SAML identity provider.

attributeName String: The name of the SAML attribute.
attributeValue String: The SAML attribute value to look for.
identityProviderId String: The ID of your SAML identity provider.

attributeName string: The name of the SAML attribute.
attributeValue string: The SAML attribute value to look for.
identityProviderId string: The ID of your SAML identity provider.

attribute_name str: The name of the SAML attribute.
attribute_value str: The SAML attribute value to look for.
identity_provider_id str: The ID of your SAML identity provider.

attributeName String: The name of the SAML attribute.
attributeValue String: The SAML attribute value to look for.
identityProviderId String: The ID of your SAML identity provider.

GetZeroTrustAccessApplicationPolicyIncludeServiceToken

TokenId string: The ID of a Service Token.

TokenId string: The ID of a Service Token.

tokenId String: The ID of a Service Token.

tokenId string: The ID of a Service Token.

token_id str: The ID of a Service Token.

tokenId String: The ID of a Service Token.

GetZeroTrustAccessApplicationPolicyRequire

AnyValidServiceToken GetZeroTrustAccessApplicationPolicyRequireAnyValidServiceToken: An empty object which matches on all service tokens.
AuthContext GetZeroTrustAccessApplicationPolicyRequireAuthContext
AuthMethod GetZeroTrustAccessApplicationPolicyRequireAuthMethod
AzureAd GetZeroTrustAccessApplicationPolicyRequireAzureAd
Certificate GetZeroTrustAccessApplicationPolicyRequireCertificate
CommonName GetZeroTrustAccessApplicationPolicyRequireCommonName
DevicePosture GetZeroTrustAccessApplicationPolicyRequireDevicePosture
Email GetZeroTrustAccessApplicationPolicyRequireEmail
EmailDomain GetZeroTrustAccessApplicationPolicyRequireEmailDomain
EmailList GetZeroTrustAccessApplicationPolicyRequireEmailList
Everyone GetZeroTrustAccessApplicationPolicyRequireEveryone: An empty object which matches on all users.
ExternalEvaluation GetZeroTrustAccessApplicationPolicyRequireExternalEvaluation
Geo GetZeroTrustAccessApplicationPolicyRequireGeo
GithubOrganization GetZeroTrustAccessApplicationPolicyRequireGithubOrganization
Group GetZeroTrustAccessApplicationPolicyRequireGroup
Gsuite GetZeroTrustAccessApplicationPolicyRequireGsuite
Ip GetZeroTrustAccessApplicationPolicyRequireIp
IpList GetZeroTrustAccessApplicationPolicyRequireIpList
LoginMethod GetZeroTrustAccessApplicationPolicyRequireLoginMethod
Okta GetZeroTrustAccessApplicationPolicyRequireOkta
Saml GetZeroTrustAccessApplicationPolicyRequireSaml
ServiceToken GetZeroTrustAccessApplicationPolicyRequireServiceToken

AnyValidServiceToken GetZeroTrustAccessApplicationPolicyRequireAnyValidServiceToken: An empty object which matches on all service tokens.
AuthContext GetZeroTrustAccessApplicationPolicyRequireAuthContext
AuthMethod GetZeroTrustAccessApplicationPolicyRequireAuthMethod
AzureAd GetZeroTrustAccessApplicationPolicyRequireAzureAd
Certificate GetZeroTrustAccessApplicationPolicyRequireCertificate
CommonName GetZeroTrustAccessApplicationPolicyRequireCommonName
DevicePosture GetZeroTrustAccessApplicationPolicyRequireDevicePosture
Email GetZeroTrustAccessApplicationPolicyRequireEmail
EmailDomain GetZeroTrustAccessApplicationPolicyRequireEmailDomain
EmailList GetZeroTrustAccessApplicationPolicyRequireEmailList
Everyone GetZeroTrustAccessApplicationPolicyRequireEveryone: An empty object which matches on all users.
ExternalEvaluation GetZeroTrustAccessApplicationPolicyRequireExternalEvaluation
Geo GetZeroTrustAccessApplicationPolicyRequireGeo
GithubOrganization GetZeroTrustAccessApplicationPolicyRequireGithubOrganization
Group GetZeroTrustAccessApplicationPolicyRequireGroup
Gsuite GetZeroTrustAccessApplicationPolicyRequireGsuite
Ip GetZeroTrustAccessApplicationPolicyRequireIp
IpList GetZeroTrustAccessApplicationPolicyRequireIpList
LoginMethod GetZeroTrustAccessApplicationPolicyRequireLoginMethod
Okta GetZeroTrustAccessApplicationPolicyRequireOkta
Saml GetZeroTrustAccessApplicationPolicyRequireSaml
ServiceToken GetZeroTrustAccessApplicationPolicyRequireServiceToken

anyValidServiceToken GetZeroTrustAccessApplicationPolicyRequireAnyValidServiceToken: An empty object which matches on all service tokens.
authContext GetZeroTrustAccessApplicationPolicyRequireAuthContext
authMethod GetZeroTrustAccessApplicationPolicyRequireAuthMethod
azureAd GetZeroTrustAccessApplicationPolicyRequireAzureAd
certificate GetZeroTrustAccessApplicationPolicyRequireCertificate
commonName GetZeroTrustAccessApplicationPolicyRequireCommonName
devicePosture GetZeroTrustAccessApplicationPolicyRequireDevicePosture
email GetZeroTrustAccessApplicationPolicyRequireEmail
emailDomain GetZeroTrustAccessApplicationPolicyRequireEmailDomain
emailList GetZeroTrustAccessApplicationPolicyRequireEmailList
everyone GetZeroTrustAccessApplicationPolicyRequireEveryone: An empty object which matches on all users.
externalEvaluation GetZeroTrustAccessApplicationPolicyRequireExternalEvaluation
geo GetZeroTrustAccessApplicationPolicyRequireGeo
githubOrganization GetZeroTrustAccessApplicationPolicyRequireGithubOrganization
group GetZeroTrustAccessApplicationPolicyRequireGroup
gsuite GetZeroTrustAccessApplicationPolicyRequireGsuite
ip GetZeroTrustAccessApplicationPolicyRequireIp
ipList GetZeroTrustAccessApplicationPolicyRequireIpList
loginMethod GetZeroTrustAccessApplicationPolicyRequireLoginMethod
okta GetZeroTrustAccessApplicationPolicyRequireOkta
saml GetZeroTrustAccessApplicationPolicyRequireSaml
serviceToken GetZeroTrustAccessApplicationPolicyRequireServiceToken

anyValidServiceToken GetZeroTrustAccessApplicationPolicyRequireAnyValidServiceToken: An empty object which matches on all service tokens.
authContext GetZeroTrustAccessApplicationPolicyRequireAuthContext
authMethod GetZeroTrustAccessApplicationPolicyRequireAuthMethod
azureAd GetZeroTrustAccessApplicationPolicyRequireAzureAd
certificate GetZeroTrustAccessApplicationPolicyRequireCertificate
commonName GetZeroTrustAccessApplicationPolicyRequireCommonName
devicePosture GetZeroTrustAccessApplicationPolicyRequireDevicePosture
email GetZeroTrustAccessApplicationPolicyRequireEmail
emailDomain GetZeroTrustAccessApplicationPolicyRequireEmailDomain
emailList GetZeroTrustAccessApplicationPolicyRequireEmailList
everyone GetZeroTrustAccessApplicationPolicyRequireEveryone: An empty object which matches on all users.
externalEvaluation GetZeroTrustAccessApplicationPolicyRequireExternalEvaluation
geo GetZeroTrustAccessApplicationPolicyRequireGeo
githubOrganization GetZeroTrustAccessApplicationPolicyRequireGithubOrganization
group GetZeroTrustAccessApplicationPolicyRequireGroup
gsuite GetZeroTrustAccessApplicationPolicyRequireGsuite
ip GetZeroTrustAccessApplicationPolicyRequireIp
ipList GetZeroTrustAccessApplicationPolicyRequireIpList
loginMethod GetZeroTrustAccessApplicationPolicyRequireLoginMethod
okta GetZeroTrustAccessApplicationPolicyRequireOkta
saml GetZeroTrustAccessApplicationPolicyRequireSaml
serviceToken GetZeroTrustAccessApplicationPolicyRequireServiceToken

any_valid_service_token GetZeroTrustAccessApplicationPolicyRequireAnyValidServiceToken: An empty object which matches on all service tokens.
auth_context GetZeroTrustAccessApplicationPolicyRequireAuthContext
auth_method GetZeroTrustAccessApplicationPolicyRequireAuthMethod
azure_ad GetZeroTrustAccessApplicationPolicyRequireAzureAd
certificate GetZeroTrustAccessApplicationPolicyRequireCertificate
common_name GetZeroTrustAccessApplicationPolicyRequireCommonName
device_posture GetZeroTrustAccessApplicationPolicyRequireDevicePosture
email GetZeroTrustAccessApplicationPolicyRequireEmail
email_domain GetZeroTrustAccessApplicationPolicyRequireEmailDomain
email_list GetZeroTrustAccessApplicationPolicyRequireEmailList
everyone GetZeroTrustAccessApplicationPolicyRequireEveryone: An empty object which matches on all users.
external_evaluation GetZeroTrustAccessApplicationPolicyRequireExternalEvaluation
geo GetZeroTrustAccessApplicationPolicyRequireGeo
github_organization GetZeroTrustAccessApplicationPolicyRequireGithubOrganization
group GetZeroTrustAccessApplicationPolicyRequireGroup
gsuite GetZeroTrustAccessApplicationPolicyRequireGsuite
ip GetZeroTrustAccessApplicationPolicyRequireIp
ip_list GetZeroTrustAccessApplicationPolicyRequireIpList
login_method GetZeroTrustAccessApplicationPolicyRequireLoginMethod
okta GetZeroTrustAccessApplicationPolicyRequireOkta
saml GetZeroTrustAccessApplicationPolicyRequireSaml
service_token GetZeroTrustAccessApplicationPolicyRequireServiceToken

anyValidServiceToken Property Map: An empty object which matches on all service tokens.
authContext Property Map
authMethod Property Map
azureAd Property Map
certificate Property Map
commonName Property Map
devicePosture Property Map
email Property Map
emailDomain Property Map
emailList Property Map
everyone Property Map: An empty object which matches on all users.
externalEvaluation Property Map
geo Property Map
githubOrganization Property Map
group Property Map
gsuite Property Map
ip Property Map
ipList Property Map
loginMethod Property Map
okta Property Map
saml Property Map
serviceToken Property Map

GetZeroTrustAccessApplicationPolicyRequireAuthContext

AcId string: The ACID of an Authentication context.
Id string: The ID of an Authentication context.
IdentityProviderId string: The ID of your Azure identity provider.

AcId string: The ACID of an Authentication context.
Id string: The ID of an Authentication context.
IdentityProviderId string: The ID of your Azure identity provider.

acId String: The ACID of an Authentication context.
id String: The ID of an Authentication context.
identityProviderId String: The ID of your Azure identity provider.

acId string: The ACID of an Authentication context.
id string: The ID of an Authentication context.
identityProviderId string: The ID of your Azure identity provider.

ac_id str: The ACID of an Authentication context.
id str: The ID of an Authentication context.
identity_provider_id str: The ID of your Azure identity provider.

acId String: The ACID of an Authentication context.
id String: The ID of an Authentication context.
identityProviderId String: The ID of your Azure identity provider.

GetZeroTrustAccessApplicationPolicyRequireAuthMethod

AuthMethod string: The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.

AuthMethod string: The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.

authMethod String: The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.

authMethod string: The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.

auth_method str: The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.

authMethod String: The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.

GetZeroTrustAccessApplicationPolicyRequireAzureAd

Id string: The ID of an Azure group.
IdentityProviderId string: The ID of your Azure identity provider.

Id string: The ID of an Azure group.
IdentityProviderId string: The ID of your Azure identity provider.

id String: The ID of an Azure group.
identityProviderId String: The ID of your Azure identity provider.

id string: The ID of an Azure group.
identityProviderId string: The ID of your Azure identity provider.

id str: The ID of an Azure group.
identity_provider_id str: The ID of your Azure identity provider.

id String: The ID of an Azure group.
identityProviderId String: The ID of your Azure identity provider.

GetZeroTrustAccessApplicationPolicyRequireCommonName

CommonName string: The common name to match.

CommonName string: The common name to match.

commonName String: The common name to match.

commonName string: The common name to match.

common_name str: The common name to match.

commonName String: The common name to match.

GetZeroTrustAccessApplicationPolicyRequireDevicePosture

IntegrationUid string: The ID of a device posture integration.

IntegrationUid string: The ID of a device posture integration.

integrationUid String: The ID of a device posture integration.

integrationUid string: The ID of a device posture integration.

integration_uid str: The ID of a device posture integration.

integrationUid String: The ID of a device posture integration.

GetZeroTrustAccessApplicationPolicyRequireEmail

Email string: The email of the user.

Email string: The email of the user.

email String: The email of the user.

email string: The email of the user.

email str: The email of the user.

email String: The email of the user.

GetZeroTrustAccessApplicationPolicyRequireEmailDomain

Domain string: The email domain to match.

Domain string: The email domain to match.

domain String: The email domain to match.

domain string: The email domain to match.

domain str: The email domain to match.

domain String: The email domain to match.

GetZeroTrustAccessApplicationPolicyRequireEmailList

Id string: The ID of a previously created email list.

Id string: The ID of a previously created email list.

id String: The ID of a previously created email list.

id string: The ID of a previously created email list.

id str: The ID of a previously created email list.

id String: The ID of a previously created email list.

GetZeroTrustAccessApplicationPolicyRequireExternalEvaluation

EvaluateUrl string: The API endpoint containing your business logic.
KeysUrl string: The API endpoint containing the key that Access uses to verify that the response came from your API.

EvaluateUrl string: The API endpoint containing your business logic.
KeysUrl string: The API endpoint containing the key that Access uses to verify that the response came from your API.

evaluateUrl String: The API endpoint containing your business logic.
keysUrl String: The API endpoint containing the key that Access uses to verify that the response came from your API.

evaluateUrl string: The API endpoint containing your business logic.
keysUrl string: The API endpoint containing the key that Access uses to verify that the response came from your API.

evaluate_url str: The API endpoint containing your business logic.
keys_url str: The API endpoint containing the key that Access uses to verify that the response came from your API.

evaluateUrl String: The API endpoint containing your business logic.
keysUrl String: The API endpoint containing the key that Access uses to verify that the response came from your API.

GetZeroTrustAccessApplicationPolicyRequireGeo

CountryCode string: The country code that should be matched.

CountryCode string: The country code that should be matched.

countryCode String: The country code that should be matched.

countryCode string: The country code that should be matched.

country_code str: The country code that should be matched.

countryCode String: The country code that should be matched.

GetZeroTrustAccessApplicationPolicyRequireGithubOrganization

IdentityProviderId string: The ID of your Github identity provider.
Name string: The name of the organization.
Team string: The name of the team

IdentityProviderId string: The ID of your Github identity provider.
Name string: The name of the organization.
Team string: The name of the team

identityProviderId String: The ID of your Github identity provider.
name String: The name of the organization.
team String: The name of the team

identityProviderId string: The ID of your Github identity provider.
name string: The name of the organization.
team string: The name of the team

identity_provider_id str: The ID of your Github identity provider.
name str: The name of the organization.
team str: The name of the team

identityProviderId String: The ID of your Github identity provider.
name String: The name of the organization.
team String: The name of the team

GetZeroTrustAccessApplicationPolicyRequireGroup

Id string: The ID of a previously created Access group.

Id string: The ID of a previously created Access group.

id String: The ID of a previously created Access group.

id string: The ID of a previously created Access group.

id str: The ID of a previously created Access group.

id String: The ID of a previously created Access group.

GetZeroTrustAccessApplicationPolicyRequireGsuite

Email string: The email of the Google Workspace group.
IdentityProviderId string: The ID of your Google Workspace identity provider.

Email string: The email of the Google Workspace group.
IdentityProviderId string: The ID of your Google Workspace identity provider.

email String: The email of the Google Workspace group.
identityProviderId String: The ID of your Google Workspace identity provider.

email string: The email of the Google Workspace group.
identityProviderId string: The ID of your Google Workspace identity provider.

email str: The email of the Google Workspace group.
identity_provider_id str: The ID of your Google Workspace identity provider.

email String: The email of the Google Workspace group.
identityProviderId String: The ID of your Google Workspace identity provider.

GetZeroTrustAccessApplicationPolicyRequireIp

Ip string: An IPv4 or IPv6 CIDR block.

Ip string: An IPv4 or IPv6 CIDR block.

ip String: An IPv4 or IPv6 CIDR block.

ip string: An IPv4 or IPv6 CIDR block.

ip str: An IPv4 or IPv6 CIDR block.

ip String: An IPv4 or IPv6 CIDR block.

GetZeroTrustAccessApplicationPolicyRequireIpList

Id string: The ID of a previously created IP list.

Id string: The ID of a previously created IP list.

id String: The ID of a previously created IP list.

id string: The ID of a previously created IP list.

id str: The ID of a previously created IP list.

id String: The ID of a previously created IP list.

GetZeroTrustAccessApplicationPolicyRequireLoginMethod

Id string: The ID of an identity provider.

Id string: The ID of an identity provider.

id String: The ID of an identity provider.

id string: The ID of an identity provider.

id str: The ID of an identity provider.

id String: The ID of an identity provider.

GetZeroTrustAccessApplicationPolicyRequireOkta

IdentityProviderId string: The ID of your Okta identity provider.
Name string: The name of the Okta group.

IdentityProviderId string: The ID of your Okta identity provider.
Name string: The name of the Okta group.

identityProviderId String: The ID of your Okta identity provider.
name String: The name of the Okta group.

identityProviderId string: The ID of your Okta identity provider.
name string: The name of the Okta group.

identity_provider_id str: The ID of your Okta identity provider.
name str: The name of the Okta group.

identityProviderId String: The ID of your Okta identity provider.
name String: The name of the Okta group.

GetZeroTrustAccessApplicationPolicyRequireSaml

AttributeName string: The name of the SAML attribute.
AttributeValue string: The SAML attribute value to look for.
IdentityProviderId string: The ID of your SAML identity provider.

AttributeName string: The name of the SAML attribute.
AttributeValue string: The SAML attribute value to look for.
IdentityProviderId string: The ID of your SAML identity provider.

attributeName String: The name of the SAML attribute.
attributeValue String: The SAML attribute value to look for.
identityProviderId String: The ID of your SAML identity provider.

attributeName string: The name of the SAML attribute.
attributeValue string: The SAML attribute value to look for.
identityProviderId string: The ID of your SAML identity provider.

attribute_name str: The name of the SAML attribute.
attribute_value str: The SAML attribute value to look for.
identity_provider_id str: The ID of your SAML identity provider.

attributeName String: The name of the SAML attribute.
attributeValue String: The SAML attribute value to look for.
identityProviderId String: The ID of your SAML identity provider.

GetZeroTrustAccessApplicationPolicyRequireServiceToken

TokenId string: The ID of a Service Token.

TokenId string: The ID of a Service Token.

tokenId String: The ID of a Service Token.

tokenId string: The ID of a Service Token.

token_id str: The ID of a Service Token.

tokenId String: The ID of a Service Token.

GetZeroTrustAccessApplicationSaasApp

AccessTokenLifetime string: The lifetime of the OIDC Access Token after creation. Valid units are m,h. Must be greater than or equal to 1m and less than or equal to 24h.
AllowPkceWithoutClientSecret bool: If client secret should be required on the token endpoint when authorizationcodewith_pkce grant is used.
AppLauncherUrl string: The URL where this applications tile redirects users
AuthType string: Optional identifier indicating the authentication protocol used for the saas app. Required for OIDC. Default if unset is "saml" Available values: "saml", "oidc".
ClientId string: The application client id
ClientSecret string: The application client secret, only returned on POST request.
ConsumerServiceUrl string: The service provider's endpoint that is responsible for receiving and parsing a SAML assertion.
CreatedAt string
CustomAttributes List<GetZeroTrustAccessApplicationSaasAppCustomAttribute>
CustomClaims List<GetZeroTrustAccessApplicationSaasAppCustomClaim>
DefaultRelayState string: The URL that the user will be redirected to after a successful login for IDP initiated logins.
GrantTypes List<string>: The OIDC flows supported by this application
GroupFilterRegex string: A regex to filter Cloudflare groups returned in ID token and userinfo endpoint
HybridAndImplicitOptions GetZeroTrustAccessApplicationSaasAppHybridAndImplicitOptions
IdpEntityId string: The unique identifier for your SaaS application.
NameIdFormat string: The format of the name identifier sent to the SaaS application. Available values: "id", "email".
NameIdTransformJsonata string: A JSONata expression that transforms an application's user identities into a NameID value for its SAML assertion. This expression should evaluate to a singular string. The output of this expression can override the name_id_format setting.
PublicKey string: The Access public certificate that will be used to verify your identity.
RedirectUris List<string>: The permitted URL's for Cloudflare to return Authorization codes and Access/ID tokens
RefreshTokenOptions GetZeroTrustAccessApplicationSaasAppRefreshTokenOptions
SamlAttributeTransformJsonata string: A JSONata expression that transforms an application's user identities into attribute assertions in the SAML response. The expression can transform id, email, name, and groups values. It can also transform fields listed in the samlattributes or oidcfields of the identity provider used to authenticate. The output of this expression must be a JSON object.
Scopes List<string>: Define the user information shared with access, "offline_access" scope will be automatically enabled if refresh tokens are enabled
SpEntityId string: A globally unique name for an identity or service provider.
SsoEndpoint string: The endpoint where your SaaS application will send login requests.
UpdatedAt string

AccessTokenLifetime string: The lifetime of the OIDC Access Token after creation. Valid units are m,h. Must be greater than or equal to 1m and less than or equal to 24h.
AllowPkceWithoutClientSecret bool: If client secret should be required on the token endpoint when authorizationcodewith_pkce grant is used.
AppLauncherUrl string: The URL where this applications tile redirects users
AuthType string: Optional identifier indicating the authentication protocol used for the saas app. Required for OIDC. Default if unset is "saml" Available values: "saml", "oidc".
ClientId string: The application client id
ClientSecret string: The application client secret, only returned on POST request.
ConsumerServiceUrl string: The service provider's endpoint that is responsible for receiving and parsing a SAML assertion.
CreatedAt string
CustomAttributes []GetZeroTrustAccessApplicationSaasAppCustomAttribute
CustomClaims []GetZeroTrustAccessApplicationSaasAppCustomClaim
DefaultRelayState string: The URL that the user will be redirected to after a successful login for IDP initiated logins.
GrantTypes []string: The OIDC flows supported by this application
GroupFilterRegex string: A regex to filter Cloudflare groups returned in ID token and userinfo endpoint
HybridAndImplicitOptions GetZeroTrustAccessApplicationSaasAppHybridAndImplicitOptions
IdpEntityId string: The unique identifier for your SaaS application.
NameIdFormat string: The format of the name identifier sent to the SaaS application. Available values: "id", "email".
NameIdTransformJsonata string: A JSONata expression that transforms an application's user identities into a NameID value for its SAML assertion. This expression should evaluate to a singular string. The output of this expression can override the name_id_format setting.
PublicKey string: The Access public certificate that will be used to verify your identity.
RedirectUris []string: The permitted URL's for Cloudflare to return Authorization codes and Access/ID tokens
RefreshTokenOptions GetZeroTrustAccessApplicationSaasAppRefreshTokenOptions
SamlAttributeTransformJsonata string: A JSONata expression that transforms an application's user identities into attribute assertions in the SAML response. The expression can transform id, email, name, and groups values. It can also transform fields listed in the samlattributes or oidcfields of the identity provider used to authenticate. The output of this expression must be a JSON object.
Scopes []string: Define the user information shared with access, "offline_access" scope will be automatically enabled if refresh tokens are enabled
SpEntityId string: A globally unique name for an identity or service provider.
SsoEndpoint string: The endpoint where your SaaS application will send login requests.
UpdatedAt string

accessTokenLifetime String: The lifetime of the OIDC Access Token after creation. Valid units are m,h. Must be greater than or equal to 1m and less than or equal to 24h.
allowPkceWithoutClientSecret Boolean: If client secret should be required on the token endpoint when authorizationcodewith_pkce grant is used.
appLauncherUrl String: The URL where this applications tile redirects users
authType String: Optional identifier indicating the authentication protocol used for the saas app. Required for OIDC. Default if unset is "saml" Available values: "saml", "oidc".
clientId String: The application client id
clientSecret String: The application client secret, only returned on POST request.
consumerServiceUrl String: The service provider's endpoint that is responsible for receiving and parsing a SAML assertion.
createdAt String
customAttributes List<GetZeroTrustAccessApplicationSaasAppCustomAttribute>
customClaims List<GetZeroTrustAccessApplicationSaasAppCustomClaim>
defaultRelayState String: The URL that the user will be redirected to after a successful login for IDP initiated logins.
grantTypes List<String>: The OIDC flows supported by this application
groupFilterRegex String: A regex to filter Cloudflare groups returned in ID token and userinfo endpoint
hybridAndImplicitOptions GetZeroTrustAccessApplicationSaasAppHybridAndImplicitOptions
idpEntityId String: The unique identifier for your SaaS application.
nameIdFormat String: The format of the name identifier sent to the SaaS application. Available values: "id", "email".
nameIdTransformJsonata String: A JSONata expression that transforms an application's user identities into a NameID value for its SAML assertion. This expression should evaluate to a singular string. The output of this expression can override the name_id_format setting.
publicKey String: The Access public certificate that will be used to verify your identity.
redirectUris List<String>: The permitted URL's for Cloudflare to return Authorization codes and Access/ID tokens
refreshTokenOptions GetZeroTrustAccessApplicationSaasAppRefreshTokenOptions
samlAttributeTransformJsonata String: A JSONata expression that transforms an application's user identities into attribute assertions in the SAML response. The expression can transform id, email, name, and groups values. It can also transform fields listed in the samlattributes or oidcfields of the identity provider used to authenticate. The output of this expression must be a JSON object.
scopes List<String>: Define the user information shared with access, "offline_access" scope will be automatically enabled if refresh tokens are enabled
spEntityId String: A globally unique name for an identity or service provider.
ssoEndpoint String: The endpoint where your SaaS application will send login requests.
updatedAt String

accessTokenLifetime string: The lifetime of the OIDC Access Token after creation. Valid units are m,h. Must be greater than or equal to 1m and less than or equal to 24h.
allowPkceWithoutClientSecret boolean: If client secret should be required on the token endpoint when authorizationcodewith_pkce grant is used.
appLauncherUrl string: The URL where this applications tile redirects users
authType string: Optional identifier indicating the authentication protocol used for the saas app. Required for OIDC. Default if unset is "saml" Available values: "saml", "oidc".
clientId string: The application client id
clientSecret string: The application client secret, only returned on POST request.
consumerServiceUrl string: The service provider's endpoint that is responsible for receiving and parsing a SAML assertion.
createdAt string
customAttributes GetZeroTrustAccessApplicationSaasAppCustomAttribute[]
customClaims GetZeroTrustAccessApplicationSaasAppCustomClaim[]
defaultRelayState string: The URL that the user will be redirected to after a successful login for IDP initiated logins.
grantTypes string[]: The OIDC flows supported by this application
groupFilterRegex string: A regex to filter Cloudflare groups returned in ID token and userinfo endpoint
hybridAndImplicitOptions GetZeroTrustAccessApplicationSaasAppHybridAndImplicitOptions
idpEntityId string: The unique identifier for your SaaS application.
nameIdFormat string: The format of the name identifier sent to the SaaS application. Available values: "id", "email".
nameIdTransformJsonata string: A JSONata expression that transforms an application's user identities into a NameID value for its SAML assertion. This expression should evaluate to a singular string. The output of this expression can override the name_id_format setting.
publicKey string: The Access public certificate that will be used to verify your identity.
redirectUris string[]: The permitted URL's for Cloudflare to return Authorization codes and Access/ID tokens
refreshTokenOptions GetZeroTrustAccessApplicationSaasAppRefreshTokenOptions
samlAttributeTransformJsonata string: A JSONata expression that transforms an application's user identities into attribute assertions in the SAML response. The expression can transform id, email, name, and groups values. It can also transform fields listed in the samlattributes or oidcfields of the identity provider used to authenticate. The output of this expression must be a JSON object.
scopes string[]: Define the user information shared with access, "offline_access" scope will be automatically enabled if refresh tokens are enabled
spEntityId string: A globally unique name for an identity or service provider.
ssoEndpoint string: The endpoint where your SaaS application will send login requests.
updatedAt string

access_token_lifetime str: The lifetime of the OIDC Access Token after creation. Valid units are m,h. Must be greater than or equal to 1m and less than or equal to 24h.
allow_pkce_without_client_secret bool: If client secret should be required on the token endpoint when authorizationcodewith_pkce grant is used.
app_launcher_url str: The URL where this applications tile redirects users
auth_type str: Optional identifier indicating the authentication protocol used for the saas app. Required for OIDC. Default if unset is "saml" Available values: "saml", "oidc".
client_id str: The application client id
client_secret str: The application client secret, only returned on POST request.
consumer_service_url str: The service provider's endpoint that is responsible for receiving and parsing a SAML assertion.
created_at str
custom_attributes Sequence[GetZeroTrustAccessApplicationSaasAppCustomAttribute]
custom_claims Sequence[GetZeroTrustAccessApplicationSaasAppCustomClaim]
default_relay_state str: The URL that the user will be redirected to after a successful login for IDP initiated logins.
grant_types Sequence[str]: The OIDC flows supported by this application
group_filter_regex str: A regex to filter Cloudflare groups returned in ID token and userinfo endpoint
hybrid_and_implicit_options GetZeroTrustAccessApplicationSaasAppHybridAndImplicitOptions
idp_entity_id str: The unique identifier for your SaaS application.
name_id_format str: The format of the name identifier sent to the SaaS application. Available values: "id", "email".
name_id_transform_jsonata str: A JSONata expression that transforms an application's user identities into a NameID value for its SAML assertion. This expression should evaluate to a singular string. The output of this expression can override the name_id_format setting.
public_key str: The Access public certificate that will be used to verify your identity.
redirect_uris Sequence[str]: The permitted URL's for Cloudflare to return Authorization codes and Access/ID tokens
refresh_token_options GetZeroTrustAccessApplicationSaasAppRefreshTokenOptions
saml_attribute_transform_jsonata str: A JSONata expression that transforms an application's user identities into attribute assertions in the SAML response. The expression can transform id, email, name, and groups values. It can also transform fields listed in the samlattributes or oidcfields of the identity provider used to authenticate. The output of this expression must be a JSON object.
scopes Sequence[str]: Define the user information shared with access, "offline_access" scope will be automatically enabled if refresh tokens are enabled
sp_entity_id str: A globally unique name for an identity or service provider.
sso_endpoint str: The endpoint where your SaaS application will send login requests.
updated_at str

accessTokenLifetime String: The lifetime of the OIDC Access Token after creation. Valid units are m,h. Must be greater than or equal to 1m and less than or equal to 24h.
allowPkceWithoutClientSecret Boolean: If client secret should be required on the token endpoint when authorizationcodewith_pkce grant is used.
appLauncherUrl String: The URL where this applications tile redirects users
authType String: Optional identifier indicating the authentication protocol used for the saas app. Required for OIDC. Default if unset is "saml" Available values: "saml", "oidc".
clientId String: The application client id
clientSecret String: The application client secret, only returned on POST request.
consumerServiceUrl String: The service provider's endpoint that is responsible for receiving and parsing a SAML assertion.
createdAt String
customAttributes List<Property Map>
customClaims List<Property Map>
defaultRelayState String: The URL that the user will be redirected to after a successful login for IDP initiated logins.
grantTypes List<String>: The OIDC flows supported by this application
groupFilterRegex String: A regex to filter Cloudflare groups returned in ID token and userinfo endpoint
hybridAndImplicitOptions Property Map
idpEntityId String: The unique identifier for your SaaS application.
nameIdFormat String: The format of the name identifier sent to the SaaS application. Available values: "id", "email".
nameIdTransformJsonata String: A JSONata expression that transforms an application's user identities into a NameID value for its SAML assertion. This expression should evaluate to a singular string. The output of this expression can override the name_id_format setting.
publicKey String: The Access public certificate that will be used to verify your identity.
redirectUris List<String>: The permitted URL's for Cloudflare to return Authorization codes and Access/ID tokens
refreshTokenOptions Property Map
samlAttributeTransformJsonata String: A JSONata expression that transforms an application's user identities into attribute assertions in the SAML response. The expression can transform id, email, name, and groups values. It can also transform fields listed in the samlattributes or oidcfields of the identity provider used to authenticate. The output of this expression must be a JSON object.
scopes List<String>: Define the user information shared with access, "offline_access" scope will be automatically enabled if refresh tokens are enabled
spEntityId String: A globally unique name for an identity or service provider.
ssoEndpoint String: The endpoint where your SaaS application will send login requests.
updatedAt String

GetZeroTrustAccessApplicationSaasAppCustomAttribute

FriendlyName string: The SAML FriendlyName of the attribute.
Name string: The name of the attribute.
NameFormat string: A globally unique name for an identity or service provider. Available values: "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified", "urn:oasis:names:tc:SAML:2.0:attrname-format:basic", "urn:oasis:names:tc:SAML:2.0:attrname-format:uri".
Required bool: If the attribute is required when building a SAML assertion.
Source GetZeroTrustAccessApplicationSaasAppCustomAttributeSource

FriendlyName string: The SAML FriendlyName of the attribute.
Name string: The name of the attribute.
NameFormat string: A globally unique name for an identity or service provider. Available values: "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified", "urn:oasis:names:tc:SAML:2.0:attrname-format:basic", "urn:oasis:names:tc:SAML:2.0:attrname-format:uri".
Required bool: If the attribute is required when building a SAML assertion.
Source GetZeroTrustAccessApplicationSaasAppCustomAttributeSource

friendlyName String: The SAML FriendlyName of the attribute.
name String: The name of the attribute.
nameFormat String: A globally unique name for an identity or service provider. Available values: "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified", "urn:oasis:names:tc:SAML:2.0:attrname-format:basic", "urn:oasis:names:tc:SAML:2.0:attrname-format:uri".
required Boolean: If the attribute is required when building a SAML assertion.
source GetZeroTrustAccessApplicationSaasAppCustomAttributeSource

friendlyName string: The SAML FriendlyName of the attribute.
name string: The name of the attribute.
nameFormat string: A globally unique name for an identity or service provider. Available values: "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified", "urn:oasis:names:tc:SAML:2.0:attrname-format:basic", "urn:oasis:names:tc:SAML:2.0:attrname-format:uri".
required boolean: If the attribute is required when building a SAML assertion.
source GetZeroTrustAccessApplicationSaasAppCustomAttributeSource

friendly_name str: The SAML FriendlyName of the attribute.
name str: The name of the attribute.
name_format str: A globally unique name for an identity or service provider. Available values: "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified", "urn:oasis:names:tc:SAML:2.0:attrname-format:basic", "urn:oasis:names:tc:SAML:2.0:attrname-format:uri".
required bool: If the attribute is required when building a SAML assertion.
source GetZeroTrustAccessApplicationSaasAppCustomAttributeSource

friendlyName String: The SAML FriendlyName of the attribute.
name String: The name of the attribute.
nameFormat String: A globally unique name for an identity or service provider. Available values: "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified", "urn:oasis:names:tc:SAML:2.0:attrname-format:basic", "urn:oasis:names:tc:SAML:2.0:attrname-format:uri".
required Boolean: If the attribute is required when building a SAML assertion.
source Property Map

GetZeroTrustAccessApplicationSaasAppCustomAttributeSource

Name string: The name of the IdP attribute.
NameByIdps List<GetZeroTrustAccessApplicationSaasAppCustomAttributeSourceNameByIdp>: A mapping from IdP ID to attribute name.

Name string: The name of the IdP attribute.
NameByIdps []GetZeroTrustAccessApplicationSaasAppCustomAttributeSourceNameByIdp: A mapping from IdP ID to attribute name.

name String: The name of the IdP attribute.
nameByIdps List<GetZeroTrustAccessApplicationSaasAppCustomAttributeSourceNameByIdp>: A mapping from IdP ID to attribute name.

name string: The name of the IdP attribute.
nameByIdps GetZeroTrustAccessApplicationSaasAppCustomAttributeSourceNameByIdp[]: A mapping from IdP ID to attribute name.

name str: The name of the IdP attribute.
name_by_idps Sequence[GetZeroTrustAccessApplicationSaasAppCustomAttributeSourceNameByIdp]: A mapping from IdP ID to attribute name.

name String: The name of the IdP attribute.
nameByIdps List<Property Map>: A mapping from IdP ID to attribute name.

GetZeroTrustAccessApplicationSaasAppCustomAttributeSourceNameByIdp

IdpId string: The UID of the IdP.
SourceName string: The name of the IdP provided attribute.

IdpId string: The UID of the IdP.
SourceName string: The name of the IdP provided attribute.

idpId String: The UID of the IdP.
sourceName String: The name of the IdP provided attribute.

idpId string: The UID of the IdP.
sourceName string: The name of the IdP provided attribute.

idp_id str: The UID of the IdP.
source_name str: The name of the IdP provided attribute.

idpId String: The UID of the IdP.
sourceName String: The name of the IdP provided attribute.

GetZeroTrustAccessApplicationSaasAppCustomClaim

Name string: The name of the claim.
Required bool: If the claim is required when building an OIDC token.
Scope string: The scope of the claim. Available values: "groups", "profile", "email", "openid".
Source GetZeroTrustAccessApplicationSaasAppCustomClaimSource

Name string: The name of the claim.
Required bool: If the claim is required when building an OIDC token.
Scope string: The scope of the claim. Available values: "groups", "profile", "email", "openid".
Source GetZeroTrustAccessApplicationSaasAppCustomClaimSource

name String: The name of the claim.
required Boolean: If the claim is required when building an OIDC token.
scope String: The scope of the claim. Available values: "groups", "profile", "email", "openid".
source GetZeroTrustAccessApplicationSaasAppCustomClaimSource

name string: The name of the claim.
required boolean: If the claim is required when building an OIDC token.
scope string: The scope of the claim. Available values: "groups", "profile", "email", "openid".
source GetZeroTrustAccessApplicationSaasAppCustomClaimSource

name str: The name of the claim.
required bool: If the claim is required when building an OIDC token.
scope str: The scope of the claim. Available values: "groups", "profile", "email", "openid".
source GetZeroTrustAccessApplicationSaasAppCustomClaimSource

name String: The name of the claim.
required Boolean: If the claim is required when building an OIDC token.
scope String: The scope of the claim. Available values: "groups", "profile", "email", "openid".
source Property Map

GetZeroTrustAccessApplicationSaasAppCustomClaimSource

Name string: The name of the IdP claim.
NameByIdp Dictionary<string, string>: A mapping from IdP ID to claim name.

Name string: The name of the IdP claim.
NameByIdp map[string]string: A mapping from IdP ID to claim name.

name String: The name of the IdP claim.
nameByIdp Map<String,String>: A mapping from IdP ID to claim name.

name string: The name of the IdP claim.
nameByIdp {[key: string]: string}: A mapping from IdP ID to claim name.

name str: The name of the IdP claim.
name_by_idp Mapping[str, str]: A mapping from IdP ID to claim name.

name String: The name of the IdP claim.
nameByIdp Map<String>: A mapping from IdP ID to claim name.

GetZeroTrustAccessApplicationSaasAppHybridAndImplicitOptions

ReturnAccessTokenFromAuthorizationEndpoint bool: If an Access Token should be returned from the OIDC Authorization endpoint
ReturnIdTokenFromAuthorizationEndpoint bool: If an ID Token should be returned from the OIDC Authorization endpoint

ReturnAccessTokenFromAuthorizationEndpoint bool: If an Access Token should be returned from the OIDC Authorization endpoint
ReturnIdTokenFromAuthorizationEndpoint bool: If an ID Token should be returned from the OIDC Authorization endpoint

returnAccessTokenFromAuthorizationEndpoint Boolean: If an Access Token should be returned from the OIDC Authorization endpoint
returnIdTokenFromAuthorizationEndpoint Boolean: If an ID Token should be returned from the OIDC Authorization endpoint

returnAccessTokenFromAuthorizationEndpoint boolean: If an Access Token should be returned from the OIDC Authorization endpoint
returnIdTokenFromAuthorizationEndpoint boolean: If an ID Token should be returned from the OIDC Authorization endpoint

return_access_token_from_authorization_endpoint bool: If an Access Token should be returned from the OIDC Authorization endpoint
return_id_token_from_authorization_endpoint bool: If an ID Token should be returned from the OIDC Authorization endpoint

returnAccessTokenFromAuthorizationEndpoint Boolean: If an Access Token should be returned from the OIDC Authorization endpoint
returnIdTokenFromAuthorizationEndpoint Boolean: If an ID Token should be returned from the OIDC Authorization endpoint

GetZeroTrustAccessApplicationSaasAppRefreshTokenOptions

Lifetime string: How long a refresh token will be valid for after creation. Valid units are m,h,d. Must be longer than 1m.

Lifetime string: How long a refresh token will be valid for after creation. Valid units are m,h,d. Must be longer than 1m.

lifetime String: How long a refresh token will be valid for after creation. Valid units are m,h,d. Must be longer than 1m.

lifetime string: How long a refresh token will be valid for after creation. Valid units are m,h,d. Must be longer than 1m.

lifetime str: How long a refresh token will be valid for after creation. Valid units are m,h,d. Must be longer than 1m.

lifetime String: How long a refresh token will be valid for after creation. Valid units are m,h,d. Must be longer than 1m.

GetZeroTrustAccessApplicationScimConfig

Authentication GetZeroTrustAccessApplicationScimConfigAuthentication: Attributes for configuring HTTP Basic authentication scheme for SCIM provisioning to an application.
DeactivateOnDelete bool: If false, propagates DELETE requests to the target application for SCIM resources. If true, sets 'active' to false on the SCIM resource. Note: Some targets do not support DELETE operations.
Enabled bool: Whether SCIM provisioning is turned on for this application.
IdpUid string: The UID of the IdP to use as the source for SCIM resources to provision to this application.
Mappings List<GetZeroTrustAccessApplicationScimConfigMapping>: A list of mappings to apply to SCIM resources before provisioning them in this application. These can transform or filter the resources to be provisioned.
RemoteUri string: The base URI for the application's SCIM-compatible API.

Authentication GetZeroTrustAccessApplicationScimConfigAuthentication: Attributes for configuring HTTP Basic authentication scheme for SCIM provisioning to an application.
DeactivateOnDelete bool: If false, propagates DELETE requests to the target application for SCIM resources. If true, sets 'active' to false on the SCIM resource. Note: Some targets do not support DELETE operations.
Enabled bool: Whether SCIM provisioning is turned on for this application.
IdpUid string: The UID of the IdP to use as the source for SCIM resources to provision to this application.
Mappings []GetZeroTrustAccessApplicationScimConfigMapping: A list of mappings to apply to SCIM resources before provisioning them in this application. These can transform or filter the resources to be provisioned.
RemoteUri string: The base URI for the application's SCIM-compatible API.

authentication GetZeroTrustAccessApplicationScimConfigAuthentication: Attributes for configuring HTTP Basic authentication scheme for SCIM provisioning to an application.
deactivateOnDelete Boolean: If false, propagates DELETE requests to the target application for SCIM resources. If true, sets 'active' to false on the SCIM resource. Note: Some targets do not support DELETE operations.
enabled Boolean: Whether SCIM provisioning is turned on for this application.
idpUid String: The UID of the IdP to use as the source for SCIM resources to provision to this application.
mappings List<GetZeroTrustAccessApplicationScimConfigMapping>: A list of mappings to apply to SCIM resources before provisioning them in this application. These can transform or filter the resources to be provisioned.
remoteUri String: The base URI for the application's SCIM-compatible API.

authentication GetZeroTrustAccessApplicationScimConfigAuthentication: Attributes for configuring HTTP Basic authentication scheme for SCIM provisioning to an application.
deactivateOnDelete boolean: If false, propagates DELETE requests to the target application for SCIM resources. If true, sets 'active' to false on the SCIM resource. Note: Some targets do not support DELETE operations.
enabled boolean: Whether SCIM provisioning is turned on for this application.
idpUid string: The UID of the IdP to use as the source for SCIM resources to provision to this application.
mappings GetZeroTrustAccessApplicationScimConfigMapping[]: A list of mappings to apply to SCIM resources before provisioning them in this application. These can transform or filter the resources to be provisioned.
remoteUri string: The base URI for the application's SCIM-compatible API.

authentication GetZeroTrustAccessApplicationScimConfigAuthentication: Attributes for configuring HTTP Basic authentication scheme for SCIM provisioning to an application.
deactivate_on_delete bool: If false, propagates DELETE requests to the target application for SCIM resources. If true, sets 'active' to false on the SCIM resource. Note: Some targets do not support DELETE operations.
enabled bool: Whether SCIM provisioning is turned on for this application.
idp_uid str: The UID of the IdP to use as the source for SCIM resources to provision to this application.
mappings Sequence[GetZeroTrustAccessApplicationScimConfigMapping]: A list of mappings to apply to SCIM resources before provisioning them in this application. These can transform or filter the resources to be provisioned.
remote_uri str: The base URI for the application's SCIM-compatible API.

authentication Property Map: Attributes for configuring HTTP Basic authentication scheme for SCIM provisioning to an application.
deactivateOnDelete Boolean: If false, propagates DELETE requests to the target application for SCIM resources. If true, sets 'active' to false on the SCIM resource. Note: Some targets do not support DELETE operations.
enabled Boolean: Whether SCIM provisioning is turned on for this application.
idpUid String: The UID of the IdP to use as the source for SCIM resources to provision to this application.
mappings List<Property Map>: A list of mappings to apply to SCIM resources before provisioning them in this application. These can transform or filter the resources to be provisioned.
remoteUri String: The base URI for the application's SCIM-compatible API.

GetZeroTrustAccessApplicationScimConfigAuthentication

AuthorizationUrl string: URL used to generate the auth code used during token generation.
ClientId string: Client ID used to authenticate when generating a token for authenticating with the remote SCIM service.
ClientSecret string: Secret used to authenticate when generating a token for authenticating with the remove SCIM service.
Password string: Password used to authenticate with the remote SCIM service.
Scheme string: The authentication scheme to use when making SCIM requests to this application. Available values: "httpbasic".
Scopes List<string>: The authorization scopes to request when generating the token used to authenticate with the remove SCIM service.
Token string: Token used to authenticate with the remote SCIM service.
TokenUrl string: URL used to generate the token used to authenticate with the remote SCIM service.
User string: User name used to authenticate with the remote SCIM service.

AuthorizationUrl string: URL used to generate the auth code used during token generation.
ClientId string: Client ID used to authenticate when generating a token for authenticating with the remote SCIM service.
ClientSecret string: Secret used to authenticate when generating a token for authenticating with the remove SCIM service.
Password string: Password used to authenticate with the remote SCIM service.
Scheme string: The authentication scheme to use when making SCIM requests to this application. Available values: "httpbasic".
Scopes []string: The authorization scopes to request when generating the token used to authenticate with the remove SCIM service.
Token string: Token used to authenticate with the remote SCIM service.
TokenUrl string: URL used to generate the token used to authenticate with the remote SCIM service.
User string: User name used to authenticate with the remote SCIM service.

authorizationUrl String: URL used to generate the auth code used during token generation.
clientId String: Client ID used to authenticate when generating a token for authenticating with the remote SCIM service.
clientSecret String: Secret used to authenticate when generating a token for authenticating with the remove SCIM service.
password String: Password used to authenticate with the remote SCIM service.
scheme String: The authentication scheme to use when making SCIM requests to this application. Available values: "httpbasic".
scopes List<String>: The authorization scopes to request when generating the token used to authenticate with the remove SCIM service.
token String: Token used to authenticate with the remote SCIM service.
tokenUrl String: URL used to generate the token used to authenticate with the remote SCIM service.
user String: User name used to authenticate with the remote SCIM service.

authorizationUrl string: URL used to generate the auth code used during token generation.
clientId string: Client ID used to authenticate when generating a token for authenticating with the remote SCIM service.
clientSecret string: Secret used to authenticate when generating a token for authenticating with the remove SCIM service.
password string: Password used to authenticate with the remote SCIM service.
scheme string: The authentication scheme to use when making SCIM requests to this application. Available values: "httpbasic".
scopes string[]: The authorization scopes to request when generating the token used to authenticate with the remove SCIM service.
token string: Token used to authenticate with the remote SCIM service.
tokenUrl string: URL used to generate the token used to authenticate with the remote SCIM service.
user string: User name used to authenticate with the remote SCIM service.

authorization_url str: URL used to generate the auth code used during token generation.
client_id str: Client ID used to authenticate when generating a token for authenticating with the remote SCIM service.
client_secret str: Secret used to authenticate when generating a token for authenticating with the remove SCIM service.
password str: Password used to authenticate with the remote SCIM service.
scheme str: The authentication scheme to use when making SCIM requests to this application. Available values: "httpbasic".
scopes Sequence[str]: The authorization scopes to request when generating the token used to authenticate with the remove SCIM service.
token str: Token used to authenticate with the remote SCIM service.
token_url str: URL used to generate the token used to authenticate with the remote SCIM service.
user str: User name used to authenticate with the remote SCIM service.

authorizationUrl String: URL used to generate the auth code used during token generation.
clientId String: Client ID used to authenticate when generating a token for authenticating with the remote SCIM service.
clientSecret String: Secret used to authenticate when generating a token for authenticating with the remove SCIM service.
password String: Password used to authenticate with the remote SCIM service.
scheme String: The authentication scheme to use when making SCIM requests to this application. Available values: "httpbasic".
scopes List<String>: The authorization scopes to request when generating the token used to authenticate with the remove SCIM service.
token String: Token used to authenticate with the remote SCIM service.
tokenUrl String: URL used to generate the token used to authenticate with the remote SCIM service.
user String: User name used to authenticate with the remote SCIM service.

GetZeroTrustAccessApplicationScimConfigMapping

Enabled bool: Whether or not this mapping is enabled.
Filter string: A SCIM filter expression that matches resources that should be provisioned to this application.
Operations GetZeroTrustAccessApplicationScimConfigMappingOperations: Whether or not this mapping applies to creates, updates, or deletes.
Schema string: Which SCIM resource type this mapping applies to.
Strictness string: The level of adherence to outbound resource schemas when provisioning to this mapping. ‘Strict’ removes unknown values, while ‘passthrough’ passes unknown values to the target. Available values: "strict", "passthrough".
TransformJsonata string: A JSONata expression that transforms the resource before provisioning it in the application.

Enabled bool: Whether or not this mapping is enabled.
Filter string: A SCIM filter expression that matches resources that should be provisioned to this application.
Operations GetZeroTrustAccessApplicationScimConfigMappingOperations: Whether or not this mapping applies to creates, updates, or deletes.
Schema string: Which SCIM resource type this mapping applies to.
Strictness string: The level of adherence to outbound resource schemas when provisioning to this mapping. ‘Strict’ removes unknown values, while ‘passthrough’ passes unknown values to the target. Available values: "strict", "passthrough".
TransformJsonata string: A JSONata expression that transforms the resource before provisioning it in the application.

enabled Boolean: Whether or not this mapping is enabled.
filter String: A SCIM filter expression that matches resources that should be provisioned to this application.
operations GetZeroTrustAccessApplicationScimConfigMappingOperations: Whether or not this mapping applies to creates, updates, or deletes.
schema String: Which SCIM resource type this mapping applies to.
strictness String: The level of adherence to outbound resource schemas when provisioning to this mapping. ‘Strict’ removes unknown values, while ‘passthrough’ passes unknown values to the target. Available values: "strict", "passthrough".
transformJsonata String: A JSONata expression that transforms the resource before provisioning it in the application.

enabled boolean: Whether or not this mapping is enabled.
filter string: A SCIM filter expression that matches resources that should be provisioned to this application.
operations GetZeroTrustAccessApplicationScimConfigMappingOperations: Whether or not this mapping applies to creates, updates, or deletes.
schema string: Which SCIM resource type this mapping applies to.
strictness string: The level of adherence to outbound resource schemas when provisioning to this mapping. ‘Strict’ removes unknown values, while ‘passthrough’ passes unknown values to the target. Available values: "strict", "passthrough".
transformJsonata string: A JSONata expression that transforms the resource before provisioning it in the application.

enabled bool: Whether or not this mapping is enabled.
filter str: A SCIM filter expression that matches resources that should be provisioned to this application.
operations GetZeroTrustAccessApplicationScimConfigMappingOperations: Whether or not this mapping applies to creates, updates, or deletes.
schema str: Which SCIM resource type this mapping applies to.
strictness str: The level of adherence to outbound resource schemas when provisioning to this mapping. ‘Strict’ removes unknown values, while ‘passthrough’ passes unknown values to the target. Available values: "strict", "passthrough".
transform_jsonata str: A JSONata expression that transforms the resource before provisioning it in the application.

enabled Boolean: Whether or not this mapping is enabled.
filter String: A SCIM filter expression that matches resources that should be provisioned to this application.
operations Property Map: Whether or not this mapping applies to creates, updates, or deletes.
schema String: Which SCIM resource type this mapping applies to.
strictness String: The level of adherence to outbound resource schemas when provisioning to this mapping. ‘Strict’ removes unknown values, while ‘passthrough’ passes unknown values to the target. Available values: "strict", "passthrough".
transformJsonata String: A JSONata expression that transforms the resource before provisioning it in the application.

GetZeroTrustAccessApplicationScimConfigMappingOperations

Create bool: Whether or not this mapping applies to create (POST) operations.
Delete bool: Whether or not this mapping applies to DELETE operations.
Update bool: Whether or not this mapping applies to update (PATCH/PUT) operations.

Create bool: Whether or not this mapping applies to create (POST) operations.
Delete bool: Whether or not this mapping applies to DELETE operations.
Update bool: Whether or not this mapping applies to update (PATCH/PUT) operations.

create Boolean: Whether or not this mapping applies to create (POST) operations.
delete Boolean: Whether or not this mapping applies to DELETE operations.
update Boolean: Whether or not this mapping applies to update (PATCH/PUT) operations.

create boolean: Whether or not this mapping applies to create (POST) operations.
delete boolean: Whether or not this mapping applies to DELETE operations.
update boolean: Whether or not this mapping applies to update (PATCH/PUT) operations.

create bool: Whether or not this mapping applies to create (POST) operations.
delete bool: Whether or not this mapping applies to DELETE operations.
update bool: Whether or not this mapping applies to update (PATCH/PUT) operations.

create Boolean: Whether or not this mapping applies to create (POST) operations.
delete Boolean: Whether or not this mapping applies to DELETE operations.
update Boolean: Whether or not this mapping applies to update (PATCH/PUT) operations.

GetZeroTrustAccessApplicationTargetCriteria

Port int: The port that the targets use for the chosen communication protocol. A port cannot be assigned to multiple protocols.
Protocol string: The communication protocol your application secures. Available values: "ssh".
TargetAttributes Dictionary<string, ImmutableArray<string>>: Contains a map of target attribute keys to target attribute values.

Port int: The port that the targets use for the chosen communication protocol. A port cannot be assigned to multiple protocols.
Protocol string: The communication protocol your application secures. Available values: "ssh".
TargetAttributes map[string][]string: Contains a map of target attribute keys to target attribute values.

port Integer: The port that the targets use for the chosen communication protocol. A port cannot be assigned to multiple protocols.
protocol String: The communication protocol your application secures. Available values: "ssh".
targetAttributes Map<String,List<String>>: Contains a map of target attribute keys to target attribute values.

port number: The port that the targets use for the chosen communication protocol. A port cannot be assigned to multiple protocols.
protocol string: The communication protocol your application secures. Available values: "ssh".
targetAttributes {[key: string]: string[]}: Contains a map of target attribute keys to target attribute values.

port int: The port that the targets use for the chosen communication protocol. A port cannot be assigned to multiple protocols.
protocol str: The communication protocol your application secures. Available values: "ssh".
target_attributes Mapping[str, Sequence[str]]: Contains a map of target attribute keys to target attribute values.

port Number: The port that the targets use for the chosen communication protocol. A port cannot be assigned to multiple protocols.
protocol String: The communication protocol your application secures. Available values: "ssh".
targetAttributes Map<List<String>>: Contains a map of target attribute keys to target attribute values.

Package Details

Repository: Cloudflare pulumi/pulumi-cloudflare
License: Apache-2.0
Notes: This Pulumi package is based on the cloudflare Terraform Provider.

Cloudflare v6.1.2 published on Monday, Apr 28, 2025 by Pulumi

pulumi/pulumi-cloudflare

cloudflare.getZeroTrustAccessApplication

On this page

On this page

Example Usage

Using getZeroTrustAccessApplication

getZeroTrustAccessApplication Result

Supporting Types

GetZeroTrustAccessApplicationCorsHeaders

GetZeroTrustAccessApplicationDestination

GetZeroTrustAccessApplicationFilter

GetZeroTrustAccessApplicationFooterLink

GetZeroTrustAccessApplicationLandingPageDesign

GetZeroTrustAccessApplicationPolicy

GetZeroTrustAccessApplicationPolicyApprovalGroup

GetZeroTrustAccessApplicationPolicyConnectionRules

GetZeroTrustAccessApplicationPolicyConnectionRulesSsh

GetZeroTrustAccessApplicationPolicyExclude

GetZeroTrustAccessApplicationPolicyExcludeAuthContext

GetZeroTrustAccessApplicationPolicyExcludeAuthMethod

GetZeroTrustAccessApplicationPolicyExcludeAzureAd

GetZeroTrustAccessApplicationPolicyExcludeCommonName

GetZeroTrustAccessApplicationPolicyExcludeDevicePosture

GetZeroTrustAccessApplicationPolicyExcludeEmail

GetZeroTrustAccessApplicationPolicyExcludeEmailDomain

GetZeroTrustAccessApplicationPolicyExcludeEmailList

GetZeroTrustAccessApplicationPolicyExcludeExternalEvaluation

GetZeroTrustAccessApplicationPolicyExcludeGeo

GetZeroTrustAccessApplicationPolicyExcludeGithubOrganization

GetZeroTrustAccessApplicationPolicyExcludeGroup

GetZeroTrustAccessApplicationPolicyExcludeGsuite

GetZeroTrustAccessApplicationPolicyExcludeIp

GetZeroTrustAccessApplicationPolicyExcludeIpList

GetZeroTrustAccessApplicationPolicyExcludeLoginMethod

GetZeroTrustAccessApplicationPolicyExcludeOkta

GetZeroTrustAccessApplicationPolicyExcludeSaml

GetZeroTrustAccessApplicationPolicyExcludeServiceToken

GetZeroTrustAccessApplicationPolicyInclude

GetZeroTrustAccessApplicationPolicyIncludeAuthContext

GetZeroTrustAccessApplicationPolicyIncludeAuthMethod

GetZeroTrustAccessApplicationPolicyIncludeAzureAd

GetZeroTrustAccessApplicationPolicyIncludeCommonName

GetZeroTrustAccessApplicationPolicyIncludeDevicePosture

GetZeroTrustAccessApplicationPolicyIncludeEmail

GetZeroTrustAccessApplicationPolicyIncludeEmailDomain

GetZeroTrustAccessApplicationPolicyIncludeEmailList

GetZeroTrustAccessApplicationPolicyIncludeExternalEvaluation

GetZeroTrustAccessApplicationPolicyIncludeGeo

GetZeroTrustAccessApplicationPolicyIncludeGithubOrganization

GetZeroTrustAccessApplicationPolicyIncludeGroup

GetZeroTrustAccessApplicationPolicyIncludeGsuite

GetZeroTrustAccessApplicationPolicyIncludeIp

GetZeroTrustAccessApplicationPolicyIncludeIpList

GetZeroTrustAccessApplicationPolicyIncludeLoginMethod

GetZeroTrustAccessApplicationPolicyIncludeOkta

GetZeroTrustAccessApplicationPolicyIncludeSaml

GetZeroTrustAccessApplicationPolicyIncludeServiceToken

GetZeroTrustAccessApplicationPolicyRequire

GetZeroTrustAccessApplicationPolicyRequireAuthContext

GetZeroTrustAccessApplicationPolicyRequireAuthMethod

GetZeroTrustAccessApplicationPolicyRequireAzureAd

GetZeroTrustAccessApplicationPolicyRequireCommonName

GetZeroTrustAccessApplicationPolicyRequireDevicePosture

GetZeroTrustAccessApplicationPolicyRequireEmail

GetZeroTrustAccessApplicationPolicyRequireEmailDomain

GetZeroTrustAccessApplicationPolicyRequireEmailList

GetZeroTrustAccessApplicationPolicyRequireExternalEvaluation

GetZeroTrustAccessApplicationPolicyRequireGeo

GetZeroTrustAccessApplicationPolicyRequireGithubOrganization

GetZeroTrustAccessApplicationPolicyRequireGroup

GetZeroTrustAccessApplicationPolicyRequireGsuite

GetZeroTrustAccessApplicationPolicyRequireIp

GetZeroTrustAccessApplicationPolicyRequireIpList

GetZeroTrustAccessApplicationPolicyRequireLoginMethod

GetZeroTrustAccessApplicationPolicyRequireOkta

GetZeroTrustAccessApplicationPolicyRequireSaml

GetZeroTrustAccessApplicationPolicyRequireServiceToken

GetZeroTrustAccessApplicationSaasApp

GetZeroTrustAccessApplicationSaasAppCustomAttribute

GetZeroTrustAccessApplicationSaasAppCustomAttributeSource

GetZeroTrustAccessApplicationSaasAppCustomAttributeSourceNameByIdp