Docs Home
Cloudflare v6.1.2 published on Monday, Apr 28, 2025 by Pulumi
cloudflare.ZeroTrustAccessPolicy
Explore with Pulumi AI
If ‘application_id’ is omitted, the policy created can be reused by multiple access applications. Any
cloudflare.ZeroTrustAccessApplicationresource can reference reusable policies through itspoliciesargument. To destroy a reusable policy and remove it from all applications’ policies lists on the same apply, preemptively set the lifecycle optioncreate_before_destroyto true on the ‘cloudflare_zero_trust_access_policy’ resource.
Example Usage
Coming soon!
Coming soon!
Coming soon!
Coming soon!
Coming soon!
resources:
exampleZeroTrustAccessPolicy:
type: cloudflare:ZeroTrustAccessPolicy
name: example_zero_trust_access_policy
properties:
accountId: 023e105f4ecef8ad9ca31a8372d0c353
decision: allow
includes:
- group:
id: aa0a4aab-672b-4bdb-bc33-a59f1130a11f
name: Allow devs
approvalGroups:
- approvals_needed: 1
email_addresses:
- test1@cloudflare.com
- test2@cloudflare.com
email_list_uuid: email_list_uuid
- approvals_needed: 3
email_addresses:
- test@cloudflare.com
- test2@cloudflare.com
email_list_uuid: 597147a1-976b-4ef2-9af0-81d5d007fc34
approvalRequired: true
excludes:
- group:
id: aa0a4aab-672b-4bdb-bc33-a59f1130a11f
isolationRequired: false
purposeJustificationPrompt: Please enter a justification for entering this protected domain.
purposeJustificationRequired: true
requires:
- group:
id: aa0a4aab-672b-4bdb-bc33-a59f1130a11f
sessionDuration: 24h
Create ZeroTrustAccessPolicy Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ZeroTrustAccessPolicy(name: string, args: ZeroTrustAccessPolicyArgs, opts?: CustomResourceOptions);@overload
def ZeroTrustAccessPolicy(resource_name: str,
args: ZeroTrustAccessPolicyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def ZeroTrustAccessPolicy(resource_name: str,
opts: Optional[ResourceOptions] = None,
account_id: Optional[str] = None,
decision: Optional[str] = None,
includes: Optional[Sequence[ZeroTrustAccessPolicyIncludeArgs]] = None,
name: Optional[str] = None,
approval_groups: Optional[Sequence[ZeroTrustAccessPolicyApprovalGroupArgs]] = None,
approval_required: Optional[bool] = None,
excludes: Optional[Sequence[ZeroTrustAccessPolicyExcludeArgs]] = None,
isolation_required: Optional[bool] = None,
purpose_justification_prompt: Optional[str] = None,
purpose_justification_required: Optional[bool] = None,
requires: Optional[Sequence[ZeroTrustAccessPolicyRequireArgs]] = None,
session_duration: Optional[str] = None)func NewZeroTrustAccessPolicy(ctx *Context, name string, args ZeroTrustAccessPolicyArgs, opts ...ResourceOption) (*ZeroTrustAccessPolicy, error)public ZeroTrustAccessPolicy(string name, ZeroTrustAccessPolicyArgs args, CustomResourceOptions? opts = null)
public ZeroTrustAccessPolicy(String name, ZeroTrustAccessPolicyArgs args)
public ZeroTrustAccessPolicy(String name, ZeroTrustAccessPolicyArgs args, CustomResourceOptions options)
type: cloudflare:ZeroTrustAccessPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ZeroTrustAccessPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ZeroTrustAccessPolicyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ZeroTrustAccessPolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ZeroTrustAccessPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ZeroTrustAccessPolicyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var zeroTrustAccessPolicyResource = new Cloudflare.ZeroTrustAccessPolicy("zeroTrustAccessPolicyResource", new()
{
AccountId = "string",
Decision = "string",
Includes = new[]
{
new Cloudflare.Inputs.ZeroTrustAccessPolicyIncludeArgs
{
AnyValidServiceToken = null,
AuthContext = new Cloudflare.Inputs.ZeroTrustAccessPolicyIncludeAuthContextArgs
{
AcId = "string",
Id = "string",
IdentityProviderId = "string",
},
AuthMethod = new Cloudflare.Inputs.ZeroTrustAccessPolicyIncludeAuthMethodArgs
{
AuthMethod = "string",
},
AzureAd = new Cloudflare.Inputs.ZeroTrustAccessPolicyIncludeAzureAdArgs
{
Id = "string",
IdentityProviderId = "string",
},
Certificate = null,
CommonName = new Cloudflare.Inputs.ZeroTrustAccessPolicyIncludeCommonNameArgs
{
CommonName = "string",
},
DevicePosture = new Cloudflare.Inputs.ZeroTrustAccessPolicyIncludeDevicePostureArgs
{
IntegrationUid = "string",
},
Email = new Cloudflare.Inputs.ZeroTrustAccessPolicyIncludeEmailArgs
{
Email = "string",
},
EmailDomain = new Cloudflare.Inputs.ZeroTrustAccessPolicyIncludeEmailDomainArgs
{
Domain = "string",
},
EmailList = new Cloudflare.Inputs.ZeroTrustAccessPolicyIncludeEmailListArgs
{
Id = "string",
},
Everyone = null,
ExternalEvaluation = new Cloudflare.Inputs.ZeroTrustAccessPolicyIncludeExternalEvaluationArgs
{
EvaluateUrl = "string",
KeysUrl = "string",
},
Geo = new Cloudflare.Inputs.ZeroTrustAccessPolicyIncludeGeoArgs
{
CountryCode = "string",
},
GithubOrganization = new Cloudflare.Inputs.ZeroTrustAccessPolicyIncludeGithubOrganizationArgs
{
IdentityProviderId = "string",
Name = "string",
Team = "string",
},
Group = new Cloudflare.Inputs.ZeroTrustAccessPolicyIncludeGroupArgs
{
Id = "string",
},
Gsuite = new Cloudflare.Inputs.ZeroTrustAccessPolicyIncludeGsuiteArgs
{
Email = "string",
IdentityProviderId = "string",
},
Ip = new Cloudflare.Inputs.ZeroTrustAccessPolicyIncludeIpArgs
{
Ip = "string",
},
IpList = new Cloudflare.Inputs.ZeroTrustAccessPolicyIncludeIpListArgs
{
Id = "string",
},
LoginMethod = new Cloudflare.Inputs.ZeroTrustAccessPolicyIncludeLoginMethodArgs
{
Id = "string",
},
Okta = new Cloudflare.Inputs.ZeroTrustAccessPolicyIncludeOktaArgs
{
IdentityProviderId = "string",
Name = "string",
},
Saml = new Cloudflare.Inputs.ZeroTrustAccessPolicyIncludeSamlArgs
{
AttributeName = "string",
AttributeValue = "string",
IdentityProviderId = "string",
},
ServiceToken = new Cloudflare.Inputs.ZeroTrustAccessPolicyIncludeServiceTokenArgs
{
TokenId = "string",
},
},
},
Name = "string",
ApprovalGroups = new[]
{
new Cloudflare.Inputs.ZeroTrustAccessPolicyApprovalGroupArgs
{
ApprovalsNeeded = 0,
EmailAddresses = new[]
{
"string",
},
EmailListUuid = "string",
},
},
ApprovalRequired = false,
Excludes = new[]
{
new Cloudflare.Inputs.ZeroTrustAccessPolicyExcludeArgs
{
AnyValidServiceToken = null,
AuthContext = new Cloudflare.Inputs.ZeroTrustAccessPolicyExcludeAuthContextArgs
{
AcId = "string",
Id = "string",
IdentityProviderId = "string",
},
AuthMethod = new Cloudflare.Inputs.ZeroTrustAccessPolicyExcludeAuthMethodArgs
{
AuthMethod = "string",
},
AzureAd = new Cloudflare.Inputs.ZeroTrustAccessPolicyExcludeAzureAdArgs
{
Id = "string",
IdentityProviderId = "string",
},
Certificate = null,
CommonName = new Cloudflare.Inputs.ZeroTrustAccessPolicyExcludeCommonNameArgs
{
CommonName = "string",
},
DevicePosture = new Cloudflare.Inputs.ZeroTrustAccessPolicyExcludeDevicePostureArgs
{
IntegrationUid = "string",
},
Email = new Cloudflare.Inputs.ZeroTrustAccessPolicyExcludeEmailArgs
{
Email = "string",
},
EmailDomain = new Cloudflare.Inputs.ZeroTrustAccessPolicyExcludeEmailDomainArgs
{
Domain = "string",
},
EmailList = new Cloudflare.Inputs.ZeroTrustAccessPolicyExcludeEmailListArgs
{
Id = "string",
},
Everyone = null,
ExternalEvaluation = new Cloudflare.Inputs.ZeroTrustAccessPolicyExcludeExternalEvaluationArgs
{
EvaluateUrl = "string",
KeysUrl = "string",
},
Geo = new Cloudflare.Inputs.ZeroTrustAccessPolicyExcludeGeoArgs
{
CountryCode = "string",
},
GithubOrganization = new Cloudflare.Inputs.ZeroTrustAccessPolicyExcludeGithubOrganizationArgs
{
IdentityProviderId = "string",
Name = "string",
Team = "string",
},
Group = new Cloudflare.Inputs.ZeroTrustAccessPolicyExcludeGroupArgs
{
Id = "string",
},
Gsuite = new Cloudflare.Inputs.ZeroTrustAccessPolicyExcludeGsuiteArgs
{
Email = "string",
IdentityProviderId = "string",
},
Ip = new Cloudflare.Inputs.ZeroTrustAccessPolicyExcludeIpArgs
{
Ip = "string",
},
IpList = new Cloudflare.Inputs.ZeroTrustAccessPolicyExcludeIpListArgs
{
Id = "string",
},
LoginMethod = new Cloudflare.Inputs.ZeroTrustAccessPolicyExcludeLoginMethodArgs
{
Id = "string",
},
Okta = new Cloudflare.Inputs.ZeroTrustAccessPolicyExcludeOktaArgs
{
IdentityProviderId = "string",
Name = "string",
},
Saml = new Cloudflare.Inputs.ZeroTrustAccessPolicyExcludeSamlArgs
{
AttributeName = "string",
AttributeValue = "string",
IdentityProviderId = "string",
},
ServiceToken = new Cloudflare.Inputs.ZeroTrustAccessPolicyExcludeServiceTokenArgs
{
TokenId = "string",
},
},
},
IsolationRequired = false,
PurposeJustificationPrompt = "string",
PurposeJustificationRequired = false,
Requires = new[]
{
new Cloudflare.Inputs.ZeroTrustAccessPolicyRequireArgs
{
AnyValidServiceToken = null,
AuthContext = new Cloudflare.Inputs.ZeroTrustAccessPolicyRequireAuthContextArgs
{
AcId = "string",
Id = "string",
IdentityProviderId = "string",
},
AuthMethod = new Cloudflare.Inputs.ZeroTrustAccessPolicyRequireAuthMethodArgs
{
AuthMethod = "string",
},
AzureAd = new Cloudflare.Inputs.ZeroTrustAccessPolicyRequireAzureAdArgs
{
Id = "string",
IdentityProviderId = "string",
},
Certificate = null,
CommonName = new Cloudflare.Inputs.ZeroTrustAccessPolicyRequireCommonNameArgs
{
CommonName = "string",
},
DevicePosture = new Cloudflare.Inputs.ZeroTrustAccessPolicyRequireDevicePostureArgs
{
IntegrationUid = "string",
},
Email = new Cloudflare.Inputs.ZeroTrustAccessPolicyRequireEmailArgs
{
Email = "string",
},
EmailDomain = new Cloudflare.Inputs.ZeroTrustAccessPolicyRequireEmailDomainArgs
{
Domain = "string",
},
EmailList = new Cloudflare.Inputs.ZeroTrustAccessPolicyRequireEmailListArgs
{
Id = "string",
},
Everyone = null,
ExternalEvaluation = new Cloudflare.Inputs.ZeroTrustAccessPolicyRequireExternalEvaluationArgs
{
EvaluateUrl = "string",
KeysUrl = "string",
},
Geo = new Cloudflare.Inputs.ZeroTrustAccessPolicyRequireGeoArgs
{
CountryCode = "string",
},
GithubOrganization = new Cloudflare.Inputs.ZeroTrustAccessPolicyRequireGithubOrganizationArgs
{
IdentityProviderId = "string",
Name = "string",
Team = "string",
},
Group = new Cloudflare.Inputs.ZeroTrustAccessPolicyRequireGroupArgs
{
Id = "string",
},
Gsuite = new Cloudflare.Inputs.ZeroTrustAccessPolicyRequireGsuiteArgs
{
Email = "string",
IdentityProviderId = "string",
},
Ip = new Cloudflare.Inputs.ZeroTrustAccessPolicyRequireIpArgs
{
Ip = "string",
},
IpList = new Cloudflare.Inputs.ZeroTrustAccessPolicyRequireIpListArgs
{
Id = "string",
},
LoginMethod = new Cloudflare.Inputs.ZeroTrustAccessPolicyRequireLoginMethodArgs
{
Id = "string",
},
Okta = new Cloudflare.Inputs.ZeroTrustAccessPolicyRequireOktaArgs
{
IdentityProviderId = "string",
Name = "string",
},
Saml = new Cloudflare.Inputs.ZeroTrustAccessPolicyRequireSamlArgs
{
AttributeName = "string",
AttributeValue = "string",
IdentityProviderId = "string",
},
ServiceToken = new Cloudflare.Inputs.ZeroTrustAccessPolicyRequireServiceTokenArgs
{
TokenId = "string",
},
},
},
SessionDuration = "string",
});
example, err := cloudflare.NewZeroTrustAccessPolicy(ctx, "zeroTrustAccessPolicyResource", &cloudflare.ZeroTrustAccessPolicyArgs{
AccountId: pulumi.String("string"),
Decision: pulumi.String("string"),
Includes: cloudflare.ZeroTrustAccessPolicyIncludeArray{
&cloudflare.ZeroTrustAccessPolicyIncludeArgs{
AnyValidServiceToken: &cloudflare.ZeroTrustAccessPolicyIncludeAnyValidServiceTokenArgs{},
AuthContext: &cloudflare.ZeroTrustAccessPolicyIncludeAuthContextArgs{
AcId: pulumi.String("string"),
Id: pulumi.String("string"),
IdentityProviderId: pulumi.String("string"),
},
AuthMethod: &cloudflare.ZeroTrustAccessPolicyIncludeAuthMethodArgs{
AuthMethod: pulumi.String("string"),
},
AzureAd: &cloudflare.ZeroTrustAccessPolicyIncludeAzureAdArgs{
Id: pulumi.String("string"),
IdentityProviderId: pulumi.String("string"),
},
Certificate: &cloudflare.ZeroTrustAccessPolicyIncludeCertificateArgs{},
CommonName: &cloudflare.ZeroTrustAccessPolicyIncludeCommonNameArgs{
CommonName: pulumi.String("string"),
},
DevicePosture: &cloudflare.ZeroTrustAccessPolicyIncludeDevicePostureArgs{
IntegrationUid: pulumi.String("string"),
},
Email: &cloudflare.ZeroTrustAccessPolicyIncludeEmailArgs{
Email: pulumi.String("string"),
},
EmailDomain: &cloudflare.ZeroTrustAccessPolicyIncludeEmailDomainArgs{
Domain: pulumi.String("string"),
},
EmailList: &cloudflare.ZeroTrustAccessPolicyIncludeEmailListArgs{
Id: pulumi.String("string"),
},
Everyone: &cloudflare.ZeroTrustAccessPolicyIncludeEveryoneArgs{},
ExternalEvaluation: &cloudflare.ZeroTrustAccessPolicyIncludeExternalEvaluationArgs{
EvaluateUrl: pulumi.String("string"),
KeysUrl: pulumi.String("string"),
},
Geo: &cloudflare.ZeroTrustAccessPolicyIncludeGeoArgs{
CountryCode: pulumi.String("string"),
},
GithubOrganization: &cloudflare.ZeroTrustAccessPolicyIncludeGithubOrganizationArgs{
IdentityProviderId: pulumi.String("string"),
Name: pulumi.String("string"),
Team: pulumi.String("string"),
},
Group: &cloudflare.ZeroTrustAccessPolicyIncludeGroupArgs{
Id: pulumi.String("string"),
},
Gsuite: &cloudflare.ZeroTrustAccessPolicyIncludeGsuiteArgs{
Email: pulumi.String("string"),
IdentityProviderId: pulumi.String("string"),
},
Ip: &cloudflare.ZeroTrustAccessPolicyIncludeIpArgs{
Ip: pulumi.String("string"),
},
IpList: &cloudflare.ZeroTrustAccessPolicyIncludeIpListArgs{
Id: pulumi.String("string"),
},
LoginMethod: &cloudflare.ZeroTrustAccessPolicyIncludeLoginMethodArgs{
Id: pulumi.String("string"),
},
Okta: &cloudflare.ZeroTrustAccessPolicyIncludeOktaArgs{
IdentityProviderId: pulumi.String("string"),
Name: pulumi.String("string"),
},
Saml: &cloudflare.ZeroTrustAccessPolicyIncludeSamlArgs{
AttributeName: pulumi.String("string"),
AttributeValue: pulumi.String("string"),
IdentityProviderId: pulumi.String("string"),
},
ServiceToken: &cloudflare.ZeroTrustAccessPolicyIncludeServiceTokenArgs{
TokenId: pulumi.String("string"),
},
},
},
Name: pulumi.String("string"),
ApprovalGroups: cloudflare.ZeroTrustAccessPolicyApprovalGroupArray{
&cloudflare.ZeroTrustAccessPolicyApprovalGroupArgs{
ApprovalsNeeded: pulumi.Float64(0),
EmailAddresses: pulumi.StringArray{
pulumi.String("string"),
},
EmailListUuid: pulumi.String("string"),
},
},
ApprovalRequired: pulumi.Bool(false),
Excludes: cloudflare.ZeroTrustAccessPolicyExcludeArray{
&cloudflare.ZeroTrustAccessPolicyExcludeArgs{
AnyValidServiceToken: &cloudflare.ZeroTrustAccessPolicyExcludeAnyValidServiceTokenArgs{},
AuthContext: &cloudflare.ZeroTrustAccessPolicyExcludeAuthContextArgs{
AcId: pulumi.String("string"),
Id: pulumi.String("string"),
IdentityProviderId: pulumi.String("string"),
},
AuthMethod: &cloudflare.ZeroTrustAccessPolicyExcludeAuthMethodArgs{
AuthMethod: pulumi.String("string"),
},
AzureAd: &cloudflare.ZeroTrustAccessPolicyExcludeAzureAdArgs{
Id: pulumi.String("string"),
IdentityProviderId: pulumi.String("string"),
},
Certificate: &cloudflare.ZeroTrustAccessPolicyExcludeCertificateArgs{},
CommonName: &cloudflare.ZeroTrustAccessPolicyExcludeCommonNameArgs{
CommonName: pulumi.String("string"),
},
DevicePosture: &cloudflare.ZeroTrustAccessPolicyExcludeDevicePostureArgs{
IntegrationUid: pulumi.String("string"),
},
Email: &cloudflare.ZeroTrustAccessPolicyExcludeEmailArgs{
Email: pulumi.String("string"),
},
EmailDomain: &cloudflare.ZeroTrustAccessPolicyExcludeEmailDomainArgs{
Domain: pulumi.String("string"),
},
EmailList: &cloudflare.ZeroTrustAccessPolicyExcludeEmailListArgs{
Id: pulumi.String("string"),
},
Everyone: &cloudflare.ZeroTrustAccessPolicyExcludeEveryoneArgs{},
ExternalEvaluation: &cloudflare.ZeroTrustAccessPolicyExcludeExternalEvaluationArgs{
EvaluateUrl: pulumi.String("string"),
KeysUrl: pulumi.String("string"),
},
Geo: &cloudflare.ZeroTrustAccessPolicyExcludeGeoArgs{
CountryCode: pulumi.String("string"),
},
GithubOrganization: &cloudflare.ZeroTrustAccessPolicyExcludeGithubOrganizationArgs{
IdentityProviderId: pulumi.String("string"),
Name: pulumi.String("string"),
Team: pulumi.String("string"),
},
Group: &cloudflare.ZeroTrustAccessPolicyExcludeGroupArgs{
Id: pulumi.String("string"),
},
Gsuite: &cloudflare.ZeroTrustAccessPolicyExcludeGsuiteArgs{
Email: pulumi.String("string"),
IdentityProviderId: pulumi.String("string"),
},
Ip: &cloudflare.ZeroTrustAccessPolicyExcludeIpArgs{
Ip: pulumi.String("string"),
},
IpList: &cloudflare.ZeroTrustAccessPolicyExcludeIpListArgs{
Id: pulumi.String("string"),
},
LoginMethod: &cloudflare.ZeroTrustAccessPolicyExcludeLoginMethodArgs{
Id: pulumi.String("string"),
},
Okta: &cloudflare.ZeroTrustAccessPolicyExcludeOktaArgs{
IdentityProviderId: pulumi.String("string"),
Name: pulumi.String("string"),
},
Saml: &cloudflare.ZeroTrustAccessPolicyExcludeSamlArgs{
AttributeName: pulumi.String("string"),
AttributeValue: pulumi.String("string"),
IdentityProviderId: pulumi.String("string"),
},
ServiceToken: &cloudflare.ZeroTrustAccessPolicyExcludeServiceTokenArgs{
TokenId: pulumi.String("string"),
},
},
},
IsolationRequired: pulumi.Bool(false),
PurposeJustificationPrompt: pulumi.String("string"),
PurposeJustificationRequired: pulumi.Bool(false),
Requires: cloudflare.ZeroTrustAccessPolicyRequireArray{
&cloudflare.ZeroTrustAccessPolicyRequireArgs{
AnyValidServiceToken: &cloudflare.ZeroTrustAccessPolicyRequireAnyValidServiceTokenArgs{},
AuthContext: &cloudflare.ZeroTrustAccessPolicyRequireAuthContextArgs{
AcId: pulumi.String("string"),
Id: pulumi.String("string"),
IdentityProviderId: pulumi.String("string"),
},
AuthMethod: &cloudflare.ZeroTrustAccessPolicyRequireAuthMethodArgs{
AuthMethod: pulumi.String("string"),
},
AzureAd: &cloudflare.ZeroTrustAccessPolicyRequireAzureAdArgs{
Id: pulumi.String("string"),
IdentityProviderId: pulumi.String("string"),
},
Certificate: &cloudflare.ZeroTrustAccessPolicyRequireCertificateArgs{},
CommonName: &cloudflare.ZeroTrustAccessPolicyRequireCommonNameArgs{
CommonName: pulumi.String("string"),
},
DevicePosture: &cloudflare.ZeroTrustAccessPolicyRequireDevicePostureArgs{
IntegrationUid: pulumi.String("string"),
},
Email: &cloudflare.ZeroTrustAccessPolicyRequireEmailArgs{
Email: pulumi.String("string"),
},
EmailDomain: &cloudflare.ZeroTrustAccessPolicyRequireEmailDomainArgs{
Domain: pulumi.String("string"),
},
EmailList: &cloudflare.ZeroTrustAccessPolicyRequireEmailListArgs{
Id: pulumi.String("string"),
},
Everyone: &cloudflare.ZeroTrustAccessPolicyRequireEveryoneArgs{},
ExternalEvaluation: &cloudflare.ZeroTrustAccessPolicyRequireExternalEvaluationArgs{
EvaluateUrl: pulumi.String("string"),
KeysUrl: pulumi.String("string"),
},
Geo: &cloudflare.ZeroTrustAccessPolicyRequireGeoArgs{
CountryCode: pulumi.String("string"),
},
GithubOrganization: &cloudflare.ZeroTrustAccessPolicyRequireGithubOrganizationArgs{
IdentityProviderId: pulumi.String("string"),
Name: pulumi.String("string"),
Team: pulumi.String("string"),
},
Group: &cloudflare.ZeroTrustAccessPolicyRequireGroupArgs{
Id: pulumi.String("string"),
},
Gsuite: &cloudflare.ZeroTrustAccessPolicyRequireGsuiteArgs{
Email: pulumi.String("string"),
IdentityProviderId: pulumi.String("string"),
},
Ip: &cloudflare.ZeroTrustAccessPolicyRequireIpArgs{
Ip: pulumi.String("string"),
},
IpList: &cloudflare.ZeroTrustAccessPolicyRequireIpListArgs{
Id: pulumi.String("string"),
},
LoginMethod: &cloudflare.ZeroTrustAccessPolicyRequireLoginMethodArgs{
Id: pulumi.String("string"),
},
Okta: &cloudflare.ZeroTrustAccessPolicyRequireOktaArgs{
IdentityProviderId: pulumi.String("string"),
Name: pulumi.String("string"),
},
Saml: &cloudflare.ZeroTrustAccessPolicyRequireSamlArgs{
AttributeName: pulumi.String("string"),
AttributeValue: pulumi.String("string"),
IdentityProviderId: pulumi.String("string"),
},
ServiceToken: &cloudflare.ZeroTrustAccessPolicyRequireServiceTokenArgs{
TokenId: pulumi.String("string"),
},
},
},
SessionDuration: pulumi.String("string"),
})
var zeroTrustAccessPolicyResource = new ZeroTrustAccessPolicy("zeroTrustAccessPolicyResource", ZeroTrustAccessPolicyArgs.builder()
.accountId("string")
.decision("string")
.includes(ZeroTrustAccessPolicyIncludeArgs.builder()
.anyValidServiceToken()
.authContext(ZeroTrustAccessPolicyIncludeAuthContextArgs.builder()
.acId("string")
.id("string")
.identityProviderId("string")
.build())
.authMethod(ZeroTrustAccessPolicyIncludeAuthMethodArgs.builder()
.authMethod("string")
.build())
.azureAd(ZeroTrustAccessPolicyIncludeAzureAdArgs.builder()
.id("string")
.identityProviderId("string")
.build())
.certificate()
.commonName(ZeroTrustAccessPolicyIncludeCommonNameArgs.builder()
.commonName("string")
.build())
.devicePosture(ZeroTrustAccessPolicyIncludeDevicePostureArgs.builder()
.integrationUid("string")
.build())
.email(ZeroTrustAccessPolicyIncludeEmailArgs.builder()
.email("string")
.build())
.emailDomain(ZeroTrustAccessPolicyIncludeEmailDomainArgs.builder()
.domain("string")
.build())
.emailList(ZeroTrustAccessPolicyIncludeEmailListArgs.builder()
.id("string")
.build())
.everyone()
.externalEvaluation(ZeroTrustAccessPolicyIncludeExternalEvaluationArgs.builder()
.evaluateUrl("string")
.keysUrl("string")
.build())
.geo(ZeroTrustAccessPolicyIncludeGeoArgs.builder()
.countryCode("string")
.build())
.githubOrganization(ZeroTrustAccessPolicyIncludeGithubOrganizationArgs.builder()
.identityProviderId("string")
.name("string")
.team("string")
.build())
.group(ZeroTrustAccessPolicyIncludeGroupArgs.builder()
.id("string")
.build())
.gsuite(ZeroTrustAccessPolicyIncludeGsuiteArgs.builder()
.email("string")
.identityProviderId("string")
.build())
.ip(ZeroTrustAccessPolicyIncludeIpArgs.builder()
.ip("string")
.build())
.ipList(ZeroTrustAccessPolicyIncludeIpListArgs.builder()
.id("string")
.build())
.loginMethod(ZeroTrustAccessPolicyIncludeLoginMethodArgs.builder()
.id("string")
.build())
.okta(ZeroTrustAccessPolicyIncludeOktaArgs.builder()
.identityProviderId("string")
.name("string")
.build())
.saml(ZeroTrustAccessPolicyIncludeSamlArgs.builder()
.attributeName("string")
.attributeValue("string")
.identityProviderId("string")
.build())
.serviceToken(ZeroTrustAccessPolicyIncludeServiceTokenArgs.builder()
.tokenId("string")
.build())
.build())
.name("string")
.approvalGroups(ZeroTrustAccessPolicyApprovalGroupArgs.builder()
.approvalsNeeded(0)
.emailAddresses("string")
.emailListUuid("string")
.build())
.approvalRequired(false)
.excludes(ZeroTrustAccessPolicyExcludeArgs.builder()
.anyValidServiceToken()
.authContext(ZeroTrustAccessPolicyExcludeAuthContextArgs.builder()
.acId("string")
.id("string")
.identityProviderId("string")
.build())
.authMethod(ZeroTrustAccessPolicyExcludeAuthMethodArgs.builder()
.authMethod("string")
.build())
.azureAd(ZeroTrustAccessPolicyExcludeAzureAdArgs.builder()
.id("string")
.identityProviderId("string")
.build())
.certificate()
.commonName(ZeroTrustAccessPolicyExcludeCommonNameArgs.builder()
.commonName("string")
.build())
.devicePosture(ZeroTrustAccessPolicyExcludeDevicePostureArgs.builder()
.integrationUid("string")
.build())
.email(ZeroTrustAccessPolicyExcludeEmailArgs.builder()
.email("string")
.build())
.emailDomain(ZeroTrustAccessPolicyExcludeEmailDomainArgs.builder()
.domain("string")
.build())
.emailList(ZeroTrustAccessPolicyExcludeEmailListArgs.builder()
.id("string")
.build())
.everyone()
.externalEvaluation(ZeroTrustAccessPolicyExcludeExternalEvaluationArgs.builder()
.evaluateUrl("string")
.keysUrl("string")
.build())
.geo(ZeroTrustAccessPolicyExcludeGeoArgs.builder()
.countryCode("string")
.build())
.githubOrganization(ZeroTrustAccessPolicyExcludeGithubOrganizationArgs.builder()
.identityProviderId("string")
.name("string")
.team("string")
.build())
.group(ZeroTrustAccessPolicyExcludeGroupArgs.builder()
.id("string")
.build())
.gsuite(ZeroTrustAccessPolicyExcludeGsuiteArgs.builder()
.email("string")
.identityProviderId("string")
.build())
.ip(ZeroTrustAccessPolicyExcludeIpArgs.builder()
.ip("string")
.build())
.ipList(ZeroTrustAccessPolicyExcludeIpListArgs.builder()
.id("string")
.build())
.loginMethod(ZeroTrustAccessPolicyExcludeLoginMethodArgs.builder()
.id("string")
.build())
.okta(ZeroTrustAccessPolicyExcludeOktaArgs.builder()
.identityProviderId("string")
.name("string")
.build())
.saml(ZeroTrustAccessPolicyExcludeSamlArgs.builder()
.attributeName("string")
.attributeValue("string")
.identityProviderId("string")
.build())
.serviceToken(ZeroTrustAccessPolicyExcludeServiceTokenArgs.builder()
.tokenId("string")
.build())
.build())
.isolationRequired(false)
.purposeJustificationPrompt("string")
.purposeJustificationRequired(false)
.requires(ZeroTrustAccessPolicyRequireArgs.builder()
.anyValidServiceToken()
.authContext(ZeroTrustAccessPolicyRequireAuthContextArgs.builder()
.acId("string")
.id("string")
.identityProviderId("string")
.build())
.authMethod(ZeroTrustAccessPolicyRequireAuthMethodArgs.builder()
.authMethod("string")
.build())
.azureAd(ZeroTrustAccessPolicyRequireAzureAdArgs.builder()
.id("string")
.identityProviderId("string")
.build())
.certificate()
.commonName(ZeroTrustAccessPolicyRequireCommonNameArgs.builder()
.commonName("string")
.build())
.devicePosture(ZeroTrustAccessPolicyRequireDevicePostureArgs.builder()
.integrationUid("string")
.build())
.email(ZeroTrustAccessPolicyRequireEmailArgs.builder()
.email("string")
.build())
.emailDomain(ZeroTrustAccessPolicyRequireEmailDomainArgs.builder()
.domain("string")
.build())
.emailList(ZeroTrustAccessPolicyRequireEmailListArgs.builder()
.id("string")
.build())
.everyone()
.externalEvaluation(ZeroTrustAccessPolicyRequireExternalEvaluationArgs.builder()
.evaluateUrl("string")
.keysUrl("string")
.build())
.geo(ZeroTrustAccessPolicyRequireGeoArgs.builder()
.countryCode("string")
.build())
.githubOrganization(ZeroTrustAccessPolicyRequireGithubOrganizationArgs.builder()
.identityProviderId("string")
.name("string")
.team("string")
.build())
.group(ZeroTrustAccessPolicyRequireGroupArgs.builder()
.id("string")
.build())
.gsuite(ZeroTrustAccessPolicyRequireGsuiteArgs.builder()
.email("string")
.identityProviderId("string")
.build())
.ip(ZeroTrustAccessPolicyRequireIpArgs.builder()
.ip("string")
.build())
.ipList(ZeroTrustAccessPolicyRequireIpListArgs.builder()
.id("string")
.build())
.loginMethod(ZeroTrustAccessPolicyRequireLoginMethodArgs.builder()
.id("string")
.build())
.okta(ZeroTrustAccessPolicyRequireOktaArgs.builder()
.identityProviderId("string")
.name("string")
.build())
.saml(ZeroTrustAccessPolicyRequireSamlArgs.builder()
.attributeName("string")
.attributeValue("string")
.identityProviderId("string")
.build())
.serviceToken(ZeroTrustAccessPolicyRequireServiceTokenArgs.builder()
.tokenId("string")
.build())
.build())
.sessionDuration("string")
.build());
zero_trust_access_policy_resource = cloudflare.ZeroTrustAccessPolicy("zeroTrustAccessPolicyResource",
account_id="string",
decision="string",
includes=[{
"any_valid_service_token": {},
"auth_context": {
"ac_id": "string",
"id": "string",
"identity_provider_id": "string",
},
"auth_method": {
"auth_method": "string",
},
"azure_ad": {
"id": "string",
"identity_provider_id": "string",
},
"certificate": {},
"common_name": {
"common_name": "string",
},
"device_posture": {
"integration_uid": "string",
},
"email": {
"email": "string",
},
"email_domain": {
"domain": "string",
},
"email_list": {
"id": "string",
},
"everyone": {},
"external_evaluation": {
"evaluate_url": "string",
"keys_url": "string",
},
"geo": {
"country_code": "string",
},
"github_organization": {
"identity_provider_id": "string",
"name": "string",
"team": "string",
},
"group": {
"id": "string",
},
"gsuite": {
"email": "string",
"identity_provider_id": "string",
},
"ip": {
"ip": "string",
},
"ip_list": {
"id": "string",
},
"login_method": {
"id": "string",
},
"okta": {
"identity_provider_id": "string",
"name": "string",
},
"saml": {
"attribute_name": "string",
"attribute_value": "string",
"identity_provider_id": "string",
},
"service_token": {
"token_id": "string",
},
}],
name="string",
approval_groups=[{
"approvals_needed": 0,
"email_addresses": ["string"],
"email_list_uuid": "string",
}],
approval_required=False,
excludes=[{
"any_valid_service_token": {},
"auth_context": {
"ac_id": "string",
"id": "string",
"identity_provider_id": "string",
},
"auth_method": {
"auth_method": "string",
},
"azure_ad": {
"id": "string",
"identity_provider_id": "string",
},
"certificate": {},
"common_name": {
"common_name": "string",
},
"device_posture": {
"integration_uid": "string",
},
"email": {
"email": "string",
},
"email_domain": {
"domain": "string",
},
"email_list": {
"id": "string",
},
"everyone": {},
"external_evaluation": {
"evaluate_url": "string",
"keys_url": "string",
},
"geo": {
"country_code": "string",
},
"github_organization": {
"identity_provider_id": "string",
"name": "string",
"team": "string",
},
"group": {
"id": "string",
},
"gsuite": {
"email": "string",
"identity_provider_id": "string",
},
"ip": {
"ip": "string",
},
"ip_list": {
"id": "string",
},
"login_method": {
"id": "string",
},
"okta": {
"identity_provider_id": "string",
"name": "string",
},
"saml": {
"attribute_name": "string",
"attribute_value": "string",
"identity_provider_id": "string",
},
"service_token": {
"token_id": "string",
},
}],
isolation_required=False,
purpose_justification_prompt="string",
purpose_justification_required=False,
requires=[{
"any_valid_service_token": {},
"auth_context": {
"ac_id": "string",
"id": "string",
"identity_provider_id": "string",
},
"auth_method": {
"auth_method": "string",
},
"azure_ad": {
"id": "string",
"identity_provider_id": "string",
},
"certificate": {},
"common_name": {
"common_name": "string",
},
"device_posture": {
"integration_uid": "string",
},
"email": {
"email": "string",
},
"email_domain": {
"domain": "string",
},
"email_list": {
"id": "string",
},
"everyone": {},
"external_evaluation": {
"evaluate_url": "string",
"keys_url": "string",
},
"geo": {
"country_code": "string",
},
"github_organization": {
"identity_provider_id": "string",
"name": "string",
"team": "string",
},
"group": {
"id": "string",
},
"gsuite": {
"email": "string",
"identity_provider_id": "string",
},
"ip": {
"ip": "string",
},
"ip_list": {
"id": "string",
},
"login_method": {
"id": "string",
},
"okta": {
"identity_provider_id": "string",
"name": "string",
},
"saml": {
"attribute_name": "string",
"attribute_value": "string",
"identity_provider_id": "string",
},
"service_token": {
"token_id": "string",
},
}],
session_duration="string")
const zeroTrustAccessPolicyResource = new cloudflare.ZeroTrustAccessPolicy("zeroTrustAccessPolicyResource", {
accountId: "string",
decision: "string",
includes: [{
anyValidServiceToken: {},
authContext: {
acId: "string",
id: "string",
identityProviderId: "string",
},
authMethod: {
authMethod: "string",
},
azureAd: {
id: "string",
identityProviderId: "string",
},
certificate: {},
commonName: {
commonName: "string",
},
devicePosture: {
integrationUid: "string",
},
email: {
email: "string",
},
emailDomain: {
domain: "string",
},
emailList: {
id: "string",
},
everyone: {},
externalEvaluation: {
evaluateUrl: "string",
keysUrl: "string",
},
geo: {
countryCode: "string",
},
githubOrganization: {
identityProviderId: "string",
name: "string",
team: "string",
},
group: {
id: "string",
},
gsuite: {
email: "string",
identityProviderId: "string",
},
ip: {
ip: "string",
},
ipList: {
id: "string",
},
loginMethod: {
id: "string",
},
okta: {
identityProviderId: "string",
name: "string",
},
saml: {
attributeName: "string",
attributeValue: "string",
identityProviderId: "string",
},
serviceToken: {
tokenId: "string",
},
}],
name: "string",
approvalGroups: [{
approvalsNeeded: 0,
emailAddresses: ["string"],
emailListUuid: "string",
}],
approvalRequired: false,
excludes: [{
anyValidServiceToken: {},
authContext: {
acId: "string",
id: "string",
identityProviderId: "string",
},
authMethod: {
authMethod: "string",
},
azureAd: {
id: "string",
identityProviderId: "string",
},
certificate: {},
commonName: {
commonName: "string",
},
devicePosture: {
integrationUid: "string",
},
email: {
email: "string",
},
emailDomain: {
domain: "string",
},
emailList: {
id: "string",
},
everyone: {},
externalEvaluation: {
evaluateUrl: "string",
keysUrl: "string",
},
geo: {
countryCode: "string",
},
githubOrganization: {
identityProviderId: "string",
name: "string",
team: "string",
},
group: {
id: "string",
},
gsuite: {
email: "string",
identityProviderId: "string",
},
ip: {
ip: "string",
},
ipList: {
id: "string",
},
loginMethod: {
id: "string",
},
okta: {
identityProviderId: "string",
name: "string",
},
saml: {
attributeName: "string",
attributeValue: "string",
identityProviderId: "string",
},
serviceToken: {
tokenId: "string",
},
}],
isolationRequired: false,
purposeJustificationPrompt: "string",
purposeJustificationRequired: false,
requires: [{
anyValidServiceToken: {},
authContext: {
acId: "string",
id: "string",
identityProviderId: "string",
},
authMethod: {
authMethod: "string",
},
azureAd: {
id: "string",
identityProviderId: "string",
},
certificate: {},
commonName: {
commonName: "string",
},
devicePosture: {
integrationUid: "string",
},
email: {
email: "string",
},
emailDomain: {
domain: "string",
},
emailList: {
id: "string",
},
everyone: {},
externalEvaluation: {
evaluateUrl: "string",
keysUrl: "string",
},
geo: {
countryCode: "string",
},
githubOrganization: {
identityProviderId: "string",
name: "string",
team: "string",
},
group: {
id: "string",
},
gsuite: {
email: "string",
identityProviderId: "string",
},
ip: {
ip: "string",
},
ipList: {
id: "string",
},
loginMethod: {
id: "string",
},
okta: {
identityProviderId: "string",
name: "string",
},
saml: {
attributeName: "string",
attributeValue: "string",
identityProviderId: "string",
},
serviceToken: {
tokenId: "string",
},
}],
sessionDuration: "string",
});
type: cloudflare:ZeroTrustAccessPolicy
properties:
accountId: string
approvalGroups:
- approvalsNeeded: 0
emailAddresses:
- string
emailListUuid: string
approvalRequired: false
decision: string
excludes:
- anyValidServiceToken: {}
authContext:
acId: string
id: string
identityProviderId: string
authMethod:
authMethod: string
azureAd:
id: string
identityProviderId: string
certificate: {}
commonName:
commonName: string
devicePosture:
integrationUid: string
email:
email: string
emailDomain:
domain: string
emailList:
id: string
everyone: {}
externalEvaluation:
evaluateUrl: string
keysUrl: string
geo:
countryCode: string
githubOrganization:
identityProviderId: string
name: string
team: string
group:
id: string
gsuite:
email: string
identityProviderId: string
ip:
ip: string
ipList:
id: string
loginMethod:
id: string
okta:
identityProviderId: string
name: string
saml:
attributeName: string
attributeValue: string
identityProviderId: string
serviceToken:
tokenId: string
includes:
- anyValidServiceToken: {}
authContext:
acId: string
id: string
identityProviderId: string
authMethod:
authMethod: string
azureAd:
id: string
identityProviderId: string
certificate: {}
commonName:
commonName: string
devicePosture:
integrationUid: string
email:
email: string
emailDomain:
domain: string
emailList:
id: string
everyone: {}
externalEvaluation:
evaluateUrl: string
keysUrl: string
geo:
countryCode: string
githubOrganization:
identityProviderId: string
name: string
team: string
group:
id: string
gsuite:
email: string
identityProviderId: string
ip:
ip: string
ipList:
id: string
loginMethod:
id: string
okta:
identityProviderId: string
name: string
saml:
attributeName: string
attributeValue: string
identityProviderId: string
serviceToken:
tokenId: string
isolationRequired: false
name: string
purposeJustificationPrompt: string
purposeJustificationRequired: false
requires:
- anyValidServiceToken: {}
authContext:
acId: string
id: string
identityProviderId: string
authMethod:
authMethod: string
azureAd:
id: string
identityProviderId: string
certificate: {}
commonName:
commonName: string
devicePosture:
integrationUid: string
email:
email: string
emailDomain:
domain: string
emailList:
id: string
everyone: {}
externalEvaluation:
evaluateUrl: string
keysUrl: string
geo:
countryCode: string
githubOrganization:
identityProviderId: string
name: string
team: string
group:
id: string
gsuite:
email: string
identityProviderId: string
ip:
ip: string
ipList:
id: string
loginMethod:
id: string
okta:
identityProviderId: string
name: string
saml:
attributeName: string
attributeValue: string
identityProviderId: string
serviceToken:
tokenId: string
sessionDuration: string
ZeroTrustAccessPolicy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The ZeroTrustAccessPolicy resource accepts the following input properties:
- Account
Id string - Identifier.
- Decision string
- The action Access will take if a user matches this policy. Infrastructure application policies can only use the Allow action. Available values: "allow", "deny", "non_identity", "bypass".
- Includes
List<Zero
Trust Access Policy Include> - Rules evaluated with an OR logical operator. A user needs to meet only one of the Include rules.
- Name string
- The name of the Access policy.
- Approval
Groups List<ZeroTrust Access Policy Approval Group> - Administrators who can approve a temporary authentication request.
- Approval
Required bool - Requires the user to request access from an administrator at the start of each session.
- Excludes
List<Zero
Trust Access Policy Exclude> - Rules evaluated with a NOT logical operator. To match the policy, a user cannot meet any of the Exclude rules.
- Isolation
Required bool - Require this application to be served in an isolated browser for users matching this policy. 'Client Web Isolation' must be on for the account in order to use this feature.
- Purpose
Justification stringPrompt - A custom message that will appear on the purpose justification screen.
- Purpose
Justification boolRequired - Require users to enter a justification when they log in to the application.
- Requires
List<Zero
Trust Access Policy Require> - Rules evaluated with an AND logical operator. To match the policy, a user must meet all of the Require rules.
- Session
Duration string - The amount of time that tokens issued for the application will be valid. Must be in the format
300msor2h45m. Valid time units are: ns, us (or µs), ms, s, m, h.
- Account
Id string - Identifier.
- Decision string
- The action Access will take if a user matches this policy. Infrastructure application policies can only use the Allow action. Available values: "allow", "deny", "non_identity", "bypass".
- Includes
[]Zero
Trust Access Policy Include Args - Rules evaluated with an OR logical operator. A user needs to meet only one of the Include rules.
- Name string
- The name of the Access policy.
- Approval
Groups []ZeroTrust Access Policy Approval Group Args - Administrators who can approve a temporary authentication request.
- Approval
Required bool - Requires the user to request access from an administrator at the start of each session.
- Excludes
[]Zero
Trust Access Policy Exclude Args - Rules evaluated with a NOT logical operator. To match the policy, a user cannot meet any of the Exclude rules.
- Isolation
Required bool - Require this application to be served in an isolated browser for users matching this policy. 'Client Web Isolation' must be on for the account in order to use this feature.
- Purpose
Justification stringPrompt - A custom message that will appear on the purpose justification screen.
- Purpose
Justification boolRequired - Require users to enter a justification when they log in to the application.
- Requires
[]Zero
Trust Access Policy Require Args - Rules evaluated with an AND logical operator. To match the policy, a user must meet all of the Require rules.
- Session
Duration string - The amount of time that tokens issued for the application will be valid. Must be in the format
300msor2h45m. Valid time units are: ns, us (or µs), ms, s, m, h.
- account
Id String - Identifier.
- decision String
- The action Access will take if a user matches this policy. Infrastructure application policies can only use the Allow action. Available values: "allow", "deny", "non_identity", "bypass".
- includes
List<Zero
Trust Access Policy Include> - Rules evaluated with an OR logical operator. A user needs to meet only one of the Include rules.
- name String
- The name of the Access policy.
- approval
Groups List<ZeroTrust Access Policy Approval Group> - Administrators who can approve a temporary authentication request.
- approval
Required Boolean - Requires the user to request access from an administrator at the start of each session.
- excludes
List<Zero
Trust Access Policy Exclude> - Rules evaluated with a NOT logical operator. To match the policy, a user cannot meet any of the Exclude rules.
- isolation
Required Boolean - Require this application to be served in an isolated browser for users matching this policy. 'Client Web Isolation' must be on for the account in order to use this feature.
- purpose
Justification StringPrompt - A custom message that will appear on the purpose justification screen.
- purpose
Justification BooleanRequired - Require users to enter a justification when they log in to the application.
- requires
List<Zero
Trust Access Policy Require> - Rules evaluated with an AND logical operator. To match the policy, a user must meet all of the Require rules.
- session
Duration String - The amount of time that tokens issued for the application will be valid. Must be in the format
300msor2h45m. Valid time units are: ns, us (or µs), ms, s, m, h.
- account
Id string - Identifier.
- decision string
- The action Access will take if a user matches this policy. Infrastructure application policies can only use the Allow action. Available values: "allow", "deny", "non_identity", "bypass".
- includes
Zero
Trust Access Policy Include[] - Rules evaluated with an OR logical operator. A user needs to meet only one of the Include rules.
- name string
- The name of the Access policy.
- approval
Groups ZeroTrust Access Policy Approval Group[] - Administrators who can approve a temporary authentication request.
- approval
Required boolean - Requires the user to request access from an administrator at the start of each session.
- excludes
Zero
Trust Access Policy Exclude[] - Rules evaluated with a NOT logical operator. To match the policy, a user cannot meet any of the Exclude rules.
- isolation
Required boolean - Require this application to be served in an isolated browser for users matching this policy. 'Client Web Isolation' must be on for the account in order to use this feature.
- purpose
Justification stringPrompt - A custom message that will appear on the purpose justification screen.
- purpose
Justification booleanRequired - Require users to enter a justification when they log in to the application.
- requires
Zero
Trust Access Policy Require[] - Rules evaluated with an AND logical operator. To match the policy, a user must meet all of the Require rules.
- session
Duration string - The amount of time that tokens issued for the application will be valid. Must be in the format
300msor2h45m. Valid time units are: ns, us (or µs), ms, s, m, h.
- account_
id str - Identifier.
- decision str
- The action Access will take if a user matches this policy. Infrastructure application policies can only use the Allow action. Available values: "allow", "deny", "non_identity", "bypass".
- includes
Sequence[Zero
Trust Access Policy Include Args] - Rules evaluated with an OR logical operator. A user needs to meet only one of the Include rules.
- name str
- The name of the Access policy.
- approval_
groups Sequence[ZeroTrust Access Policy Approval Group Args] - Administrators who can approve a temporary authentication request.
- approval_
required bool - Requires the user to request access from an administrator at the start of each session.
- excludes
Sequence[Zero
Trust Access Policy Exclude Args] - Rules evaluated with a NOT logical operator. To match the policy, a user cannot meet any of the Exclude rules.
- isolation_
required bool - Require this application to be served in an isolated browser for users matching this policy. 'Client Web Isolation' must be on for the account in order to use this feature.
- purpose_
justification_ strprompt - A custom message that will appear on the purpose justification screen.
- purpose_
justification_ boolrequired - Require users to enter a justification when they log in to the application.
- requires
Sequence[Zero
Trust Access Policy Require Args] - Rules evaluated with an AND logical operator. To match the policy, a user must meet all of the Require rules.
- session_
duration str - The amount of time that tokens issued for the application will be valid. Must be in the format
300msor2h45m. Valid time units are: ns, us (or µs), ms, s, m, h.
- account
Id String - Identifier.
- decision String
- The action Access will take if a user matches this policy. Infrastructure application policies can only use the Allow action. Available values: "allow", "deny", "non_identity", "bypass".
- includes List<Property Map>
- Rules evaluated with an OR logical operator. A user needs to meet only one of the Include rules.
- name String
- The name of the Access policy.
- approval
Groups List<Property Map> - Administrators who can approve a temporary authentication request.
- approval
Required Boolean - Requires the user to request access from an administrator at the start of each session.
- excludes List<Property Map>
- Rules evaluated with a NOT logical operator. To match the policy, a user cannot meet any of the Exclude rules.
- isolation
Required Boolean - Require this application to be served in an isolated browser for users matching this policy. 'Client Web Isolation' must be on for the account in order to use this feature.
- purpose
Justification StringPrompt - A custom message that will appear on the purpose justification screen.
- purpose
Justification BooleanRequired - Require users to enter a justification when they log in to the application.
- requires List<Property Map>
- Rules evaluated with an AND logical operator. To match the policy, a user must meet all of the Require rules.
- session
Duration String - The amount of time that tokens issued for the application will be valid. Must be in the format
300msor2h45m. Valid time units are: ns, us (or µs), ms, s, m, h.
Outputs
All input properties are implicitly available as output properties. Additionally, the ZeroTrustAccessPolicy resource produces the following output properties:
- app_
count int - Number of access applications currently using this policy.
- created_
at str - id str
- The provider-assigned unique ID for this managed resource.
- reusable bool
- updated_
at str
Look up Existing ZeroTrustAccessPolicy Resource
Get an existing ZeroTrustAccessPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ZeroTrustAccessPolicyState, opts?: CustomResourceOptions): ZeroTrustAccessPolicy@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
account_id: Optional[str] = None,
app_count: Optional[int] = None,
approval_groups: Optional[Sequence[ZeroTrustAccessPolicyApprovalGroupArgs]] = None,
approval_required: Optional[bool] = None,
created_at: Optional[str] = None,
decision: Optional[str] = None,
excludes: Optional[Sequence[ZeroTrustAccessPolicyExcludeArgs]] = None,
includes: Optional[Sequence[ZeroTrustAccessPolicyIncludeArgs]] = None,
isolation_required: Optional[bool] = None,
name: Optional[str] = None,
purpose_justification_prompt: Optional[str] = None,
purpose_justification_required: Optional[bool] = None,
requires: Optional[Sequence[ZeroTrustAccessPolicyRequireArgs]] = None,
reusable: Optional[bool] = None,
session_duration: Optional[str] = None,
updated_at: Optional[str] = None) -> ZeroTrustAccessPolicyfunc GetZeroTrustAccessPolicy(ctx *Context, name string, id IDInput, state *ZeroTrustAccessPolicyState, opts ...ResourceOption) (*ZeroTrustAccessPolicy, error)public static ZeroTrustAccessPolicy Get(string name, Input<string> id, ZeroTrustAccessPolicyState? state, CustomResourceOptions? opts = null)public static ZeroTrustAccessPolicy get(String name, Output<String> id, ZeroTrustAccessPolicyState state, CustomResourceOptions options)resources: _: type: cloudflare:ZeroTrustAccessPolicy get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Account
Id string - Identifier.
- App
Count int - Number of access applications currently using this policy.
- Approval
Groups List<ZeroTrust Access Policy Approval Group> - Administrators who can approve a temporary authentication request.
- Approval
Required bool - Requires the user to request access from an administrator at the start of each session.
- Created
At string - Decision string
- The action Access will take if a user matches this policy. Infrastructure application policies can only use the Allow action. Available values: "allow", "deny", "non_identity", "bypass".
- Excludes
List<Zero
Trust Access Policy Exclude> - Rules evaluated with a NOT logical operator. To match the policy, a user cannot meet any of the Exclude rules.
- Includes
List<Zero
Trust Access Policy Include> - Rules evaluated with an OR logical operator. A user needs to meet only one of the Include rules.
- Isolation
Required bool - Require this application to be served in an isolated browser for users matching this policy. 'Client Web Isolation' must be on for the account in order to use this feature.
- Name string
- The name of the Access policy.
- Purpose
Justification stringPrompt - A custom message that will appear on the purpose justification screen.
- Purpose
Justification boolRequired - Require users to enter a justification when they log in to the application.
- Requires
List<Zero
Trust Access Policy Require> - Rules evaluated with an AND logical operator. To match the policy, a user must meet all of the Require rules.
- Reusable bool
- Session
Duration string - The amount of time that tokens issued for the application will be valid. Must be in the format
300msor2h45m. Valid time units are: ns, us (or µs), ms, s, m, h. - Updated
At string
- Account
Id string - Identifier.
- App
Count int - Number of access applications currently using this policy.
- Approval
Groups []ZeroTrust Access Policy Approval Group Args - Administrators who can approve a temporary authentication request.
- Approval
Required bool - Requires the user to request access from an administrator at the start of each session.
- Created
At string - Decision string
- The action Access will take if a user matches this policy. Infrastructure application policies can only use the Allow action. Available values: "allow", "deny", "non_identity", "bypass".
- Excludes
[]Zero
Trust Access Policy Exclude Args - Rules evaluated with a NOT logical operator. To match the policy, a user cannot meet any of the Exclude rules.
- Includes
[]Zero
Trust Access Policy Include Args - Rules evaluated with an OR logical operator. A user needs to meet only one of the Include rules.
- Isolation
Required bool - Require this application to be served in an isolated browser for users matching this policy. 'Client Web Isolation' must be on for the account in order to use this feature.
- Name string
- The name of the Access policy.
- Purpose
Justification stringPrompt - A custom message that will appear on the purpose justification screen.
- Purpose
Justification boolRequired - Require users to enter a justification when they log in to the application.
- Requires
[]Zero
Trust Access Policy Require Args - Rules evaluated with an AND logical operator. To match the policy, a user must meet all of the Require rules.
- Reusable bool
- Session
Duration string - The amount of time that tokens issued for the application will be valid. Must be in the format
300msor2h45m. Valid time units are: ns, us (or µs), ms, s, m, h. - Updated
At string
- account
Id String - Identifier.
- app
Count Integer - Number of access applications currently using this policy.
- approval
Groups List<ZeroTrust Access Policy Approval Group> - Administrators who can approve a temporary authentication request.
- approval
Required Boolean - Requires the user to request access from an administrator at the start of each session.
- created
At String - decision String
- The action Access will take if a user matches this policy. Infrastructure application policies can only use the Allow action. Available values: "allow", "deny", "non_identity", "bypass".
- excludes
List<Zero
Trust Access Policy Exclude> - Rules evaluated with a NOT logical operator. To match the policy, a user cannot meet any of the Exclude rules.
- includes
List<Zero
Trust Access Policy Include> - Rules evaluated with an OR logical operator. A user needs to meet only one of the Include rules.
- isolation
Required Boolean - Require this application to be served in an isolated browser for users matching this policy. 'Client Web Isolation' must be on for the account in order to use this feature.
- name String
- The name of the Access policy.
- purpose
Justification StringPrompt - A custom message that will appear on the purpose justification screen.
- purpose
Justification BooleanRequired - Require users to enter a justification when they log in to the application.
- requires
List<Zero
Trust Access Policy Require> - Rules evaluated with an AND logical operator. To match the policy, a user must meet all of the Require rules.
- reusable Boolean
- session
Duration String - The amount of time that tokens issued for the application will be valid. Must be in the format
300msor2h45m. Valid time units are: ns, us (or µs), ms, s, m, h. - updated
At String
- account
Id string - Identifier.
- app
Count number - Number of access applications currently using this policy.
- approval
Groups ZeroTrust Access Policy Approval Group[] - Administrators who can approve a temporary authentication request.
- approval
Required boolean - Requires the user to request access from an administrator at the start of each session.
- created
At string - decision string
- The action Access will take if a user matches this policy. Infrastructure application policies can only use the Allow action. Available values: "allow", "deny", "non_identity", "bypass".
- excludes
Zero
Trust Access Policy Exclude[] - Rules evaluated with a NOT logical operator. To match the policy, a user cannot meet any of the Exclude rules.
- includes
Zero
Trust Access Policy Include[] - Rules evaluated with an OR logical operator. A user needs to meet only one of the Include rules.
- isolation
Required boolean - Require this application to be served in an isolated browser for users matching this policy. 'Client Web Isolation' must be on for the account in order to use this feature.
- name string
- The name of the Access policy.
- purpose
Justification stringPrompt - A custom message that will appear on the purpose justification screen.
- purpose
Justification booleanRequired - Require users to enter a justification when they log in to the application.
- requires
Zero
Trust Access Policy Require[] - Rules evaluated with an AND logical operator. To match the policy, a user must meet all of the Require rules.
- reusable boolean
- session
Duration string - The amount of time that tokens issued for the application will be valid. Must be in the format
300msor2h45m. Valid time units are: ns, us (or µs), ms, s, m, h. - updated
At string
- account_
id str - Identifier.
- app_
count int - Number of access applications currently using this policy.
- approval_
groups Sequence[ZeroTrust Access Policy Approval Group Args] - Administrators who can approve a temporary authentication request.
- approval_
required bool - Requires the user to request access from an administrator at the start of each session.
- created_
at str - decision str
- The action Access will take if a user matches this policy. Infrastructure application policies can only use the Allow action. Available values: "allow", "deny", "non_identity", "bypass".
- excludes
Sequence[Zero
Trust Access Policy Exclude Args] - Rules evaluated with a NOT logical operator. To match the policy, a user cannot meet any of the Exclude rules.
- includes
Sequence[Zero
Trust Access Policy Include Args] - Rules evaluated with an OR logical operator. A user needs to meet only one of the Include rules.
- isolation_
required bool - Require this application to be served in an isolated browser for users matching this policy. 'Client Web Isolation' must be on for the account in order to use this feature.
- name str
- The name of the Access policy.
- purpose_
justification_ strprompt - A custom message that will appear on the purpose justification screen.
- purpose_
justification_ boolrequired - Require users to enter a justification when they log in to the application.
- requires
Sequence[Zero
Trust Access Policy Require Args] - Rules evaluated with an AND logical operator. To match the policy, a user must meet all of the Require rules.
- reusable bool
- session_
duration str - The amount of time that tokens issued for the application will be valid. Must be in the format
300msor2h45m. Valid time units are: ns, us (or µs), ms, s, m, h. - updated_
at str
- account
Id String - Identifier.
- app
Count Number - Number of access applications currently using this policy.
- approval
Groups List<Property Map> - Administrators who can approve a temporary authentication request.
- approval
Required Boolean - Requires the user to request access from an administrator at the start of each session.
- created
At String - decision String
- The action Access will take if a user matches this policy. Infrastructure application policies can only use the Allow action. Available values: "allow", "deny", "non_identity", "bypass".
- excludes List<Property Map>
- Rules evaluated with a NOT logical operator. To match the policy, a user cannot meet any of the Exclude rules.
- includes List<Property Map>
- Rules evaluated with an OR logical operator. A user needs to meet only one of the Include rules.
- isolation
Required Boolean - Require this application to be served in an isolated browser for users matching this policy. 'Client Web Isolation' must be on for the account in order to use this feature.
- name String
- The name of the Access policy.
- purpose
Justification StringPrompt - A custom message that will appear on the purpose justification screen.
- purpose
Justification BooleanRequired - Require users to enter a justification when they log in to the application.
- requires List<Property Map>
- Rules evaluated with an AND logical operator. To match the policy, a user must meet all of the Require rules.
- reusable Boolean
- session
Duration String - The amount of time that tokens issued for the application will be valid. Must be in the format
300msor2h45m. Valid time units are: ns, us (or µs), ms, s, m, h. - updated
At String
Supporting Types
ZeroTrustAccessPolicyApprovalGroup, ZeroTrustAccessPolicyApprovalGroupArgs
- Approvals
Needed double - The number of approvals needed to obtain access.
- Email
Addresses List<string> - A list of emails that can approve the access request.
- Email
List stringUuid - The UUID of an re-usable email list.
- Approvals
Needed float64 - The number of approvals needed to obtain access.
- Email
Addresses []string - A list of emails that can approve the access request.
- Email
List stringUuid - The UUID of an re-usable email list.
- approvals
Needed Double - The number of approvals needed to obtain access.
- email
Addresses List<String> - A list of emails that can approve the access request.
- email
List StringUuid - The UUID of an re-usable email list.
- approvals
Needed number - The number of approvals needed to obtain access.
- email
Addresses string[] - A list of emails that can approve the access request.
- email
List stringUuid - The UUID of an re-usable email list.
- approvals_
needed float - The number of approvals needed to obtain access.
- email_
addresses Sequence[str] - A list of emails that can approve the access request.
- email_
list_ struuid - The UUID of an re-usable email list.
- approvals
Needed Number - The number of approvals needed to obtain access.
- email
Addresses List<String> - A list of emails that can approve the access request.
- email
List StringUuid - The UUID of an re-usable email list.
ZeroTrustAccessPolicyExclude, ZeroTrustAccessPolicyExcludeArgs
- Any
Valid ZeroService Token Trust Access Policy Exclude Any Valid Service Token - An empty object which matches on all service tokens.
- Auth
Context ZeroTrust Access Policy Exclude Auth Context - Auth
Method ZeroTrust Access Policy Exclude Auth Method - Azure
Ad ZeroTrust Access Policy Exclude Azure Ad - Certificate
Zero
Trust Access Policy Exclude Certificate - Common
Name ZeroTrust Access Policy Exclude Common Name - Device
Posture ZeroTrust Access Policy Exclude Device Posture - Email
Zero
Trust Access Policy Exclude Email - Email
Domain ZeroTrust Access Policy Exclude Email Domain - Email
List ZeroTrust Access Policy Exclude Email List - Everyone
Zero
Trust Access Policy Exclude Everyone - An empty object which matches on all users.
- External
Evaluation ZeroTrust Access Policy Exclude External Evaluation - Geo
Zero
Trust Access Policy Exclude Geo - Github
Organization ZeroTrust Access Policy Exclude Github Organization - Group
Zero
Trust Access Policy Exclude Group - Gsuite
Zero
Trust Access Policy Exclude Gsuite - Ip
Zero
Trust Access Policy Exclude Ip - Ip
List ZeroTrust Access Policy Exclude Ip List - Login
Method ZeroTrust Access Policy Exclude Login Method - Okta
Zero
Trust Access Policy Exclude Okta - Saml
Zero
Trust Access Policy Exclude Saml - Service
Token ZeroTrust Access Policy Exclude Service Token
- Any
Valid ZeroService Token Trust Access Policy Exclude Any Valid Service Token - An empty object which matches on all service tokens.
- Auth
Context ZeroTrust Access Policy Exclude Auth Context - Auth
Method ZeroTrust Access Policy Exclude Auth Method - Azure
Ad ZeroTrust Access Policy Exclude Azure Ad - Certificate
Zero
Trust Access Policy Exclude Certificate - Common
Name ZeroTrust Access Policy Exclude Common Name - Device
Posture ZeroTrust Access Policy Exclude Device Posture - Email
Zero
Trust Access Policy Exclude Email - Email
Domain ZeroTrust Access Policy Exclude Email Domain - Email
List ZeroTrust Access Policy Exclude Email List - Everyone
Zero
Trust Access Policy Exclude Everyone - An empty object which matches on all users.
- External
Evaluation ZeroTrust Access Policy Exclude External Evaluation - Geo
Zero
Trust Access Policy Exclude Geo - Github
Organization ZeroTrust Access Policy Exclude Github Organization - Group
Zero
Trust Access Policy Exclude Group - Gsuite
Zero
Trust Access Policy Exclude Gsuite - Ip
Zero
Trust Access Policy Exclude Ip - Ip
List ZeroTrust Access Policy Exclude Ip List - Login
Method ZeroTrust Access Policy Exclude Login Method - Okta
Zero
Trust Access Policy Exclude Okta - Saml
Zero
Trust Access Policy Exclude Saml - Service
Token ZeroTrust Access Policy Exclude Service Token
- any
Valid ZeroService Token Trust Access Policy Exclude Any Valid Service Token - An empty object which matches on all service tokens.
- auth
Context ZeroTrust Access Policy Exclude Auth Context - auth
Method ZeroTrust Access Policy Exclude Auth Method - azure
Ad ZeroTrust Access Policy Exclude Azure Ad - certificate
Zero
Trust Access Policy Exclude Certificate - common
Name ZeroTrust Access Policy Exclude Common Name - device
Posture ZeroTrust Access Policy Exclude Device Posture - email
Zero
Trust Access Policy Exclude Email - email
Domain ZeroTrust Access Policy Exclude Email Domain - email
List ZeroTrust Access Policy Exclude Email List - everyone
Zero
Trust Access Policy Exclude Everyone - An empty object which matches on all users.
- external
Evaluation ZeroTrust Access Policy Exclude External Evaluation - geo
Zero
Trust Access Policy Exclude Geo - github
Organization ZeroTrust Access Policy Exclude Github Organization - group
Zero
Trust Access Policy Exclude Group - gsuite
Zero
Trust Access Policy Exclude Gsuite - ip
Zero
Trust Access Policy Exclude Ip - ip
List ZeroTrust Access Policy Exclude Ip List - login
Method ZeroTrust Access Policy Exclude Login Method - okta
Zero
Trust Access Policy Exclude Okta - saml
Zero
Trust Access Policy Exclude Saml - service
Token ZeroTrust Access Policy Exclude Service Token
- any
Valid ZeroService Token Trust Access Policy Exclude Any Valid Service Token - An empty object which matches on all service tokens.
- auth
Context ZeroTrust Access Policy Exclude Auth Context - auth
Method ZeroTrust Access Policy Exclude Auth Method - azure
Ad ZeroTrust Access Policy Exclude Azure Ad - certificate
Zero
Trust Access Policy Exclude Certificate - common
Name ZeroTrust Access Policy Exclude Common Name - device
Posture ZeroTrust Access Policy Exclude Device Posture - email
Zero
Trust Access Policy Exclude Email - email
Domain ZeroTrust Access Policy Exclude Email Domain - email
List ZeroTrust Access Policy Exclude Email List - everyone
Zero
Trust Access Policy Exclude Everyone - An empty object which matches on all users.
- external
Evaluation ZeroTrust Access Policy Exclude External Evaluation - geo
Zero
Trust Access Policy Exclude Geo - github
Organization ZeroTrust Access Policy Exclude Github Organization - group
Zero
Trust Access Policy Exclude Group - gsuite
Zero
Trust Access Policy Exclude Gsuite - ip
Zero
Trust Access Policy Exclude Ip - ip
List ZeroTrust Access Policy Exclude Ip List - login
Method ZeroTrust Access Policy Exclude Login Method - okta
Zero
Trust Access Policy Exclude Okta - saml
Zero
Trust Access Policy Exclude Saml - service
Token ZeroTrust Access Policy Exclude Service Token
- any_
valid_ Zeroservice_ token Trust Access Policy Exclude Any Valid Service Token - An empty object which matches on all service tokens.
- auth_
context ZeroTrust Access Policy Exclude Auth Context - auth_
method ZeroTrust Access Policy Exclude Auth Method - azure_
ad ZeroTrust Access Policy Exclude Azure Ad - certificate
Zero
Trust Access Policy Exclude Certificate - common_
name ZeroTrust Access Policy Exclude Common Name - device_
posture ZeroTrust Access Policy Exclude Device Posture - email
Zero
Trust Access Policy Exclude Email - email_
domain ZeroTrust Access Policy Exclude Email Domain - email_
list ZeroTrust Access Policy Exclude Email List - everyone
Zero
Trust Access Policy Exclude Everyone - An empty object which matches on all users.
- external_
evaluation ZeroTrust Access Policy Exclude External Evaluation - geo
Zero
Trust Access Policy Exclude Geo - github_
organization ZeroTrust Access Policy Exclude Github Organization - group
Zero
Trust Access Policy Exclude Group - gsuite
Zero
Trust Access Policy Exclude Gsuite - ip
Zero
Trust Access Policy Exclude Ip - ip_
list ZeroTrust Access Policy Exclude Ip List - login_
method ZeroTrust Access Policy Exclude Login Method - okta
Zero
Trust Access Policy Exclude Okta - saml
Zero
Trust Access Policy Exclude Saml - service_
token ZeroTrust Access Policy Exclude Service Token
- any
Valid Property MapService Token - An empty object which matches on all service tokens.
- auth
Context Property Map - auth
Method Property Map - azure
Ad Property Map - certificate Property Map
- common
Name Property Map - device
Posture Property Map - email Property Map
- email
Domain Property Map - email
List Property Map - everyone Property Map
- An empty object which matches on all users.
- external
Evaluation Property Map - geo Property Map
- github
Organization Property Map - group Property Map
- gsuite Property Map
- ip Property Map
- ip
List Property Map - login
Method Property Map - okta Property Map
- saml Property Map
- service
Token Property Map
ZeroTrustAccessPolicyExcludeAuthContext, ZeroTrustAccessPolicyExcludeAuthContextArgs
- Ac
Id string - The ACID of an Authentication context.
- Id string
- The ID of an Authentication context.
- Identity
Provider stringId - The ID of your Azure identity provider.
- Ac
Id string - The ACID of an Authentication context.
- Id string
- The ID of an Authentication context.
- Identity
Provider stringId - The ID of your Azure identity provider.
- ac
Id String - The ACID of an Authentication context.
- id String
- The ID of an Authentication context.
- identity
Provider StringId - The ID of your Azure identity provider.
- ac
Id string - The ACID of an Authentication context.
- id string
- The ID of an Authentication context.
- identity
Provider stringId - The ID of your Azure identity provider.
- ac_
id str - The ACID of an Authentication context.
- id str
- The ID of an Authentication context.
- identity_
provider_ strid - The ID of your Azure identity provider.
- ac
Id String - The ACID of an Authentication context.
- id String
- The ID of an Authentication context.
- identity
Provider StringId - The ID of your Azure identity provider.
ZeroTrustAccessPolicyExcludeAuthMethod, ZeroTrustAccessPolicyExcludeAuthMethodArgs
- Auth
Method string - The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.
- Auth
Method string - The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.
- auth
Method String - The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.
- auth
Method string - The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.
- auth_
method str - The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.
- auth
Method String - The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.
ZeroTrustAccessPolicyExcludeAzureAd, ZeroTrustAccessPolicyExcludeAzureAdArgs
- Id string
- The ID of an Azure group.
- Identity
Provider stringId - The ID of your Azure identity provider.
- Id string
- The ID of an Azure group.
- Identity
Provider stringId - The ID of your Azure identity provider.
- id String
- The ID of an Azure group.
- identity
Provider StringId - The ID of your Azure identity provider.
- id string
- The ID of an Azure group.
- identity
Provider stringId - The ID of your Azure identity provider.
- id str
- The ID of an Azure group.
- identity_
provider_ strid - The ID of your Azure identity provider.
- id String
- The ID of an Azure group.
- identity
Provider StringId - The ID of your Azure identity provider.
ZeroTrustAccessPolicyExcludeCommonName, ZeroTrustAccessPolicyExcludeCommonNameArgs
- Common
Name string - The common name to match.
- Common
Name string - The common name to match.
- common
Name String - The common name to match.
- common
Name string - The common name to match.
- common_
name str - The common name to match.
- common
Name String - The common name to match.
ZeroTrustAccessPolicyExcludeDevicePosture, ZeroTrustAccessPolicyExcludeDevicePostureArgs
- Integration
Uid string - The ID of a device posture integration.
- Integration
Uid string - The ID of a device posture integration.
- integration
Uid String - The ID of a device posture integration.
- integration
Uid string - The ID of a device posture integration.
- integration_
uid str - The ID of a device posture integration.
- integration
Uid String - The ID of a device posture integration.
ZeroTrustAccessPolicyExcludeEmail, ZeroTrustAccessPolicyExcludeEmailArgs
- Email string
- The email of the user.
- Email string
- The email of the user.
- email String
- The email of the user.
- email string
- The email of the user.
- email str
- The email of the user.
- email String
- The email of the user.
ZeroTrustAccessPolicyExcludeEmailDomain, ZeroTrustAccessPolicyExcludeEmailDomainArgs
- Domain string
- The email domain to match.
- Domain string
- The email domain to match.
- domain String
- The email domain to match.
- domain string
- The email domain to match.
- domain str
- The email domain to match.
- domain String
- The email domain to match.
ZeroTrustAccessPolicyExcludeEmailList, ZeroTrustAccessPolicyExcludeEmailListArgs
- Id string
- The ID of a previously created email list.
- Id string
- The ID of a previously created email list.
- id String
- The ID of a previously created email list.
- id string
- The ID of a previously created email list.
- id str
- The ID of a previously created email list.
- id String
- The ID of a previously created email list.
ZeroTrustAccessPolicyExcludeExternalEvaluation, ZeroTrustAccessPolicyExcludeExternalEvaluationArgs
- Evaluate
Url string - The API endpoint containing your business logic.
- Keys
Url string - The API endpoint containing the key that Access uses to verify that the response came from your API.
- Evaluate
Url string - The API endpoint containing your business logic.
- Keys
Url string - The API endpoint containing the key that Access uses to verify that the response came from your API.
- evaluate
Url String - The API endpoint containing your business logic.
- keys
Url String - The API endpoint containing the key that Access uses to verify that the response came from your API.
- evaluate
Url string - The API endpoint containing your business logic.
- keys
Url string - The API endpoint containing the key that Access uses to verify that the response came from your API.
- evaluate_
url str - The API endpoint containing your business logic.
- keys_
url str - The API endpoint containing the key that Access uses to verify that the response came from your API.
- evaluate
Url String - The API endpoint containing your business logic.
- keys
Url String - The API endpoint containing the key that Access uses to verify that the response came from your API.
ZeroTrustAccessPolicyExcludeGeo, ZeroTrustAccessPolicyExcludeGeoArgs
- Country
Code string - The country code that should be matched.
- Country
Code string - The country code that should be matched.
- country
Code String - The country code that should be matched.
- country
Code string - The country code that should be matched.
- country_
code str - The country code that should be matched.
- country
Code String - The country code that should be matched.
ZeroTrustAccessPolicyExcludeGithubOrganization, ZeroTrustAccessPolicyExcludeGithubOrganizationArgs
- Identity
Provider stringId - The ID of your Github identity provider.
- Name string
- The name of the organization.
- Team string
- The name of the team
- Identity
Provider stringId - The ID of your Github identity provider.
- Name string
- The name of the organization.
- Team string
- The name of the team
- identity
Provider StringId - The ID of your Github identity provider.
- name String
- The name of the organization.
- team String
- The name of the team
- identity
Provider stringId - The ID of your Github identity provider.
- name string
- The name of the organization.
- team string
- The name of the team
- identity_
provider_ strid - The ID of your Github identity provider.
- name str
- The name of the organization.
- team str
- The name of the team
- identity
Provider StringId - The ID of your Github identity provider.
- name String
- The name of the organization.
- team String
- The name of the team
ZeroTrustAccessPolicyExcludeGroup, ZeroTrustAccessPolicyExcludeGroupArgs
- Id string
- The ID of a previously created Access group.
- Id string
- The ID of a previously created Access group.
- id String
- The ID of a previously created Access group.
- id string
- The ID of a previously created Access group.
- id str
- The ID of a previously created Access group.
- id String
- The ID of a previously created Access group.
ZeroTrustAccessPolicyExcludeGsuite, ZeroTrustAccessPolicyExcludeGsuiteArgs
- Email string
- The email of the Google Workspace group.
- Identity
Provider stringId - The ID of your Google Workspace identity provider.
- Email string
- The email of the Google Workspace group.
- Identity
Provider stringId - The ID of your Google Workspace identity provider.
- email String
- The email of the Google Workspace group.
- identity
Provider StringId - The ID of your Google Workspace identity provider.
- email string
- The email of the Google Workspace group.
- identity
Provider stringId - The ID of your Google Workspace identity provider.
- email str
- The email of the Google Workspace group.
- identity_
provider_ strid - The ID of your Google Workspace identity provider.
- email String
- The email of the Google Workspace group.
- identity
Provider StringId - The ID of your Google Workspace identity provider.
ZeroTrustAccessPolicyExcludeIp, ZeroTrustAccessPolicyExcludeIpArgs
- Ip string
- An IPv4 or IPv6 CIDR block.
- Ip string
- An IPv4 or IPv6 CIDR block.
- ip String
- An IPv4 or IPv6 CIDR block.
- ip string
- An IPv4 or IPv6 CIDR block.
- ip str
- An IPv4 or IPv6 CIDR block.
- ip String
- An IPv4 or IPv6 CIDR block.
ZeroTrustAccessPolicyExcludeIpList, ZeroTrustAccessPolicyExcludeIpListArgs
- Id string
- The ID of a previously created IP list.
- Id string
- The ID of a previously created IP list.
- id String
- The ID of a previously created IP list.
- id string
- The ID of a previously created IP list.
- id str
- The ID of a previously created IP list.
- id String
- The ID of a previously created IP list.
ZeroTrustAccessPolicyExcludeLoginMethod, ZeroTrustAccessPolicyExcludeLoginMethodArgs
- Id string
- The ID of an identity provider.
- Id string
- The ID of an identity provider.
- id String
- The ID of an identity provider.
- id string
- The ID of an identity provider.
- id str
- The ID of an identity provider.
- id String
- The ID of an identity provider.
ZeroTrustAccessPolicyExcludeOkta, ZeroTrustAccessPolicyExcludeOktaArgs
- Identity
Provider stringId - The ID of your Okta identity provider.
- Name string
- The name of the Okta group.
- Identity
Provider stringId - The ID of your Okta identity provider.
- Name string
- The name of the Okta group.
- identity
Provider StringId - The ID of your Okta identity provider.
- name String
- The name of the Okta group.
- identity
Provider stringId - The ID of your Okta identity provider.
- name string
- The name of the Okta group.
- identity_
provider_ strid - The ID of your Okta identity provider.
- name str
- The name of the Okta group.
- identity
Provider StringId - The ID of your Okta identity provider.
- name String
- The name of the Okta group.
ZeroTrustAccessPolicyExcludeSaml, ZeroTrustAccessPolicyExcludeSamlArgs
- Attribute
Name string - The name of the SAML attribute.
- Attribute
Value string - The SAML attribute value to look for.
- Identity
Provider stringId - The ID of your SAML identity provider.
- Attribute
Name string - The name of the SAML attribute.
- Attribute
Value string - The SAML attribute value to look for.
- Identity
Provider stringId - The ID of your SAML identity provider.
- attribute
Name String - The name of the SAML attribute.
- attribute
Value String - The SAML attribute value to look for.
- identity
Provider StringId - The ID of your SAML identity provider.
- attribute
Name string - The name of the SAML attribute.
- attribute
Value string - The SAML attribute value to look for.
- identity
Provider stringId - The ID of your SAML identity provider.
- attribute_
name str - The name of the SAML attribute.
- attribute_
value str - The SAML attribute value to look for.
- identity_
provider_ strid - The ID of your SAML identity provider.
- attribute
Name String - The name of the SAML attribute.
- attribute
Value String - The SAML attribute value to look for.
- identity
Provider StringId - The ID of your SAML identity provider.
ZeroTrustAccessPolicyExcludeServiceToken, ZeroTrustAccessPolicyExcludeServiceTokenArgs
- Token
Id string - The ID of a Service Token.
- Token
Id string - The ID of a Service Token.
- token
Id String - The ID of a Service Token.
- token
Id string - The ID of a Service Token.
- token_
id str - The ID of a Service Token.
- token
Id String - The ID of a Service Token.
ZeroTrustAccessPolicyInclude, ZeroTrustAccessPolicyIncludeArgs
- Any
Valid ZeroService Token Trust Access Policy Include Any Valid Service Token - An empty object which matches on all service tokens.
- Auth
Context ZeroTrust Access Policy Include Auth Context - Auth
Method ZeroTrust Access Policy Include Auth Method - Azure
Ad ZeroTrust Access Policy Include Azure Ad - Certificate
Zero
Trust Access Policy Include Certificate - Common
Name ZeroTrust Access Policy Include Common Name - Device
Posture ZeroTrust Access Policy Include Device Posture - Email
Zero
Trust Access Policy Include Email - Email
Domain ZeroTrust Access Policy Include Email Domain - Email
List ZeroTrust Access Policy Include Email List - Everyone
Zero
Trust Access Policy Include Everyone - An empty object which matches on all users.
- External
Evaluation ZeroTrust Access Policy Include External Evaluation - Geo
Zero
Trust Access Policy Include Geo - Github
Organization ZeroTrust Access Policy Include Github Organization - Group
Zero
Trust Access Policy Include Group - Gsuite
Zero
Trust Access Policy Include Gsuite - Ip
Zero
Trust Access Policy Include Ip - Ip
List ZeroTrust Access Policy Include Ip List - Login
Method ZeroTrust Access Policy Include Login Method - Okta
Zero
Trust Access Policy Include Okta - Saml
Zero
Trust Access Policy Include Saml - Service
Token ZeroTrust Access Policy Include Service Token
- Any
Valid ZeroService Token Trust Access Policy Include Any Valid Service Token - An empty object which matches on all service tokens.
- Auth
Context ZeroTrust Access Policy Include Auth Context - Auth
Method ZeroTrust Access Policy Include Auth Method - Azure
Ad ZeroTrust Access Policy Include Azure Ad - Certificate
Zero
Trust Access Policy Include Certificate - Common
Name ZeroTrust Access Policy Include Common Name - Device
Posture ZeroTrust Access Policy Include Device Posture - Email
Zero
Trust Access Policy Include Email - Email
Domain ZeroTrust Access Policy Include Email Domain - Email
List ZeroTrust Access Policy Include Email List - Everyone
Zero
Trust Access Policy Include Everyone - An empty object which matches on all users.
- External
Evaluation ZeroTrust Access Policy Include External Evaluation - Geo
Zero
Trust Access Policy Include Geo - Github
Organization ZeroTrust Access Policy Include Github Organization - Group
Zero
Trust Access Policy Include Group - Gsuite
Zero
Trust Access Policy Include Gsuite - Ip
Zero
Trust Access Policy Include Ip - Ip
List ZeroTrust Access Policy Include Ip List - Login
Method ZeroTrust Access Policy Include Login Method - Okta
Zero
Trust Access Policy Include Okta - Saml
Zero
Trust Access Policy Include Saml - Service
Token ZeroTrust Access Policy Include Service Token
- any
Valid ZeroService Token Trust Access Policy Include Any Valid Service Token - An empty object which matches on all service tokens.
- auth
Context ZeroTrust Access Policy Include Auth Context - auth
Method ZeroTrust Access Policy Include Auth Method - azure
Ad ZeroTrust Access Policy Include Azure Ad - certificate
Zero
Trust Access Policy Include Certificate - common
Name ZeroTrust Access Policy Include Common Name - device
Posture ZeroTrust Access Policy Include Device Posture - email
Zero
Trust Access Policy Include Email - email
Domain ZeroTrust Access Policy Include Email Domain - email
List ZeroTrust Access Policy Include Email List - everyone
Zero
Trust Access Policy Include Everyone - An empty object which matches on all users.
- external
Evaluation ZeroTrust Access Policy Include External Evaluation - geo
Zero
Trust Access Policy Include Geo - github
Organization ZeroTrust Access Policy Include Github Organization - group
Zero
Trust Access Policy Include Group - gsuite
Zero
Trust Access Policy Include Gsuite - ip
Zero
Trust Access Policy Include Ip - ip
List ZeroTrust Access Policy Include Ip List - login
Method ZeroTrust Access Policy Include Login Method - okta
Zero
Trust Access Policy Include Okta - saml
Zero
Trust Access Policy Include Saml - service
Token ZeroTrust Access Policy Include Service Token
- any
Valid ZeroService Token Trust Access Policy Include Any Valid Service Token - An empty object which matches on all service tokens.
- auth
Context ZeroTrust Access Policy Include Auth Context - auth
Method ZeroTrust Access Policy Include Auth Method - azure
Ad ZeroTrust Access Policy Include Azure Ad - certificate
Zero
Trust Access Policy Include Certificate - common
Name ZeroTrust Access Policy Include Common Name - device
Posture ZeroTrust Access Policy Include Device Posture - email
Zero
Trust Access Policy Include Email - email
Domain ZeroTrust Access Policy Include Email Domain - email
List ZeroTrust Access Policy Include Email List - everyone
Zero
Trust Access Policy Include Everyone - An empty object which matches on all users.
- external
Evaluation ZeroTrust Access Policy Include External Evaluation - geo
Zero
Trust Access Policy Include Geo - github
Organization ZeroTrust Access Policy Include Github Organization - group
Zero
Trust Access Policy Include Group - gsuite
Zero
Trust Access Policy Include Gsuite - ip
Zero
Trust Access Policy Include Ip - ip
List ZeroTrust Access Policy Include Ip List - login
Method ZeroTrust Access Policy Include Login Method - okta
Zero
Trust Access Policy Include Okta - saml
Zero
Trust Access Policy Include Saml - service
Token ZeroTrust Access Policy Include Service Token
- any_
valid_ Zeroservice_ token Trust Access Policy Include Any Valid Service Token - An empty object which matches on all service tokens.
- auth_
context ZeroTrust Access Policy Include Auth Context - auth_
method ZeroTrust Access Policy Include Auth Method - azure_
ad ZeroTrust Access Policy Include Azure Ad - certificate
Zero
Trust Access Policy Include Certificate - common_
name ZeroTrust Access Policy Include Common Name - device_
posture ZeroTrust Access Policy Include Device Posture - email
Zero
Trust Access Policy Include Email - email_
domain ZeroTrust Access Policy Include Email Domain - email_
list ZeroTrust Access Policy Include Email List - everyone
Zero
Trust Access Policy Include Everyone - An empty object which matches on all users.
- external_
evaluation ZeroTrust Access Policy Include External Evaluation - geo
Zero
Trust Access Policy Include Geo - github_
organization ZeroTrust Access Policy Include Github Organization - group
Zero
Trust Access Policy Include Group - gsuite
Zero
Trust Access Policy Include Gsuite - ip
Zero
Trust Access Policy Include Ip - ip_
list ZeroTrust Access Policy Include Ip List - login_
method ZeroTrust Access Policy Include Login Method - okta
Zero
Trust Access Policy Include Okta - saml
Zero
Trust Access Policy Include Saml - service_
token ZeroTrust Access Policy Include Service Token
- any
Valid Property MapService Token - An empty object which matches on all service tokens.
- auth
Context Property Map - auth
Method Property Map - azure
Ad Property Map - certificate Property Map
- common
Name Property Map - device
Posture Property Map - email Property Map
- email
Domain Property Map - email
List Property Map - everyone Property Map
- An empty object which matches on all users.
- external
Evaluation Property Map - geo Property Map
- github
Organization Property Map - group Property Map
- gsuite Property Map
- ip Property Map
- ip
List Property Map - login
Method Property Map - okta Property Map
- saml Property Map
- service
Token Property Map
ZeroTrustAccessPolicyIncludeAuthContext, ZeroTrustAccessPolicyIncludeAuthContextArgs
- Ac
Id string - The ACID of an Authentication context.
- Id string
- The ID of an Authentication context.
- Identity
Provider stringId - The ID of your Azure identity provider.
- Ac
Id string - The ACID of an Authentication context.
- Id string
- The ID of an Authentication context.
- Identity
Provider stringId - The ID of your Azure identity provider.
- ac
Id String - The ACID of an Authentication context.
- id String
- The ID of an Authentication context.
- identity
Provider StringId - The ID of your Azure identity provider.
- ac
Id string - The ACID of an Authentication context.
- id string
- The ID of an Authentication context.
- identity
Provider stringId - The ID of your Azure identity provider.
- ac_
id str - The ACID of an Authentication context.
- id str
- The ID of an Authentication context.
- identity_
provider_ strid - The ID of your Azure identity provider.
- ac
Id String - The ACID of an Authentication context.
- id String
- The ID of an Authentication context.
- identity
Provider StringId - The ID of your Azure identity provider.
ZeroTrustAccessPolicyIncludeAuthMethod, ZeroTrustAccessPolicyIncludeAuthMethodArgs
- Auth
Method string - The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.
- Auth
Method string - The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.
- auth
Method String - The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.
- auth
Method string - The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.
- auth_
method str - The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.
- auth
Method String - The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.
ZeroTrustAccessPolicyIncludeAzureAd, ZeroTrustAccessPolicyIncludeAzureAdArgs
- Id string
- The ID of an Azure group.
- Identity
Provider stringId - The ID of your Azure identity provider.
- Id string
- The ID of an Azure group.
- Identity
Provider stringId - The ID of your Azure identity provider.
- id String
- The ID of an Azure group.
- identity
Provider StringId - The ID of your Azure identity provider.
- id string
- The ID of an Azure group.
- identity
Provider stringId - The ID of your Azure identity provider.
- id str
- The ID of an Azure group.
- identity_
provider_ strid - The ID of your Azure identity provider.
- id String
- The ID of an Azure group.
- identity
Provider StringId - The ID of your Azure identity provider.
ZeroTrustAccessPolicyIncludeCommonName, ZeroTrustAccessPolicyIncludeCommonNameArgs
- Common
Name string - The common name to match.
- Common
Name string - The common name to match.
- common
Name String - The common name to match.
- common
Name string - The common name to match.
- common_
name str - The common name to match.
- common
Name String - The common name to match.
ZeroTrustAccessPolicyIncludeDevicePosture, ZeroTrustAccessPolicyIncludeDevicePostureArgs
- Integration
Uid string - The ID of a device posture integration.
- Integration
Uid string - The ID of a device posture integration.
- integration
Uid String - The ID of a device posture integration.
- integration
Uid string - The ID of a device posture integration.
- integration_
uid str - The ID of a device posture integration.
- integration
Uid String - The ID of a device posture integration.
ZeroTrustAccessPolicyIncludeEmail, ZeroTrustAccessPolicyIncludeEmailArgs
- Email string
- The email of the user.
- Email string
- The email of the user.
- email String
- The email of the user.
- email string
- The email of the user.
- email str
- The email of the user.
- email String
- The email of the user.
ZeroTrustAccessPolicyIncludeEmailDomain, ZeroTrustAccessPolicyIncludeEmailDomainArgs
- Domain string
- The email domain to match.
- Domain string
- The email domain to match.
- domain String
- The email domain to match.
- domain string
- The email domain to match.
- domain str
- The email domain to match.
- domain String
- The email domain to match.
ZeroTrustAccessPolicyIncludeEmailList, ZeroTrustAccessPolicyIncludeEmailListArgs
- Id string
- The ID of a previously created email list.
- Id string
- The ID of a previously created email list.
- id String
- The ID of a previously created email list.
- id string
- The ID of a previously created email list.
- id str
- The ID of a previously created email list.
- id String
- The ID of a previously created email list.
ZeroTrustAccessPolicyIncludeExternalEvaluation, ZeroTrustAccessPolicyIncludeExternalEvaluationArgs
- Evaluate
Url string - The API endpoint containing your business logic.
- Keys
Url string - The API endpoint containing the key that Access uses to verify that the response came from your API.
- Evaluate
Url string - The API endpoint containing your business logic.
- Keys
Url string - The API endpoint containing the key that Access uses to verify that the response came from your API.
- evaluate
Url String - The API endpoint containing your business logic.
- keys
Url String - The API endpoint containing the key that Access uses to verify that the response came from your API.
- evaluate
Url string - The API endpoint containing your business logic.
- keys
Url string - The API endpoint containing the key that Access uses to verify that the response came from your API.
- evaluate_
url str - The API endpoint containing your business logic.
- keys_
url str - The API endpoint containing the key that Access uses to verify that the response came from your API.
- evaluate
Url String - The API endpoint containing your business logic.
- keys
Url String - The API endpoint containing the key that Access uses to verify that the response came from your API.
ZeroTrustAccessPolicyIncludeGeo, ZeroTrustAccessPolicyIncludeGeoArgs
- Country
Code string - The country code that should be matched.
- Country
Code string - The country code that should be matched.
- country
Code String - The country code that should be matched.
- country
Code string - The country code that should be matched.
- country_
code str - The country code that should be matched.
- country
Code String - The country code that should be matched.
ZeroTrustAccessPolicyIncludeGithubOrganization, ZeroTrustAccessPolicyIncludeGithubOrganizationArgs
- Identity
Provider stringId - The ID of your Github identity provider.
- Name string
- The name of the organization.
- Team string
- The name of the team
- Identity
Provider stringId - The ID of your Github identity provider.
- Name string
- The name of the organization.
- Team string
- The name of the team
- identity
Provider StringId - The ID of your Github identity provider.
- name String
- The name of the organization.
- team String
- The name of the team
- identity
Provider stringId - The ID of your Github identity provider.
- name string
- The name of the organization.
- team string
- The name of the team
- identity_
provider_ strid - The ID of your Github identity provider.
- name str
- The name of the organization.
- team str
- The name of the team
- identity
Provider StringId - The ID of your Github identity provider.
- name String
- The name of the organization.
- team String
- The name of the team
ZeroTrustAccessPolicyIncludeGroup, ZeroTrustAccessPolicyIncludeGroupArgs
- Id string
- The ID of a previously created Access group.
- Id string
- The ID of a previously created Access group.
- id String
- The ID of a previously created Access group.
- id string
- The ID of a previously created Access group.
- id str
- The ID of a previously created Access group.
- id String
- The ID of a previously created Access group.
ZeroTrustAccessPolicyIncludeGsuite, ZeroTrustAccessPolicyIncludeGsuiteArgs
- Email string
- The email of the Google Workspace group.
- Identity
Provider stringId - The ID of your Google Workspace identity provider.
- Email string
- The email of the Google Workspace group.
- Identity
Provider stringId - The ID of your Google Workspace identity provider.
- email String
- The email of the Google Workspace group.
- identity
Provider StringId - The ID of your Google Workspace identity provider.
- email string
- The email of the Google Workspace group.
- identity
Provider stringId - The ID of your Google Workspace identity provider.
- email str
- The email of the Google Workspace group.
- identity_
provider_ strid - The ID of your Google Workspace identity provider.
- email String
- The email of the Google Workspace group.
- identity
Provider StringId - The ID of your Google Workspace identity provider.
ZeroTrustAccessPolicyIncludeIp, ZeroTrustAccessPolicyIncludeIpArgs
- Ip string
- An IPv4 or IPv6 CIDR block.
- Ip string
- An IPv4 or IPv6 CIDR block.
- ip String
- An IPv4 or IPv6 CIDR block.
- ip string
- An IPv4 or IPv6 CIDR block.
- ip str
- An IPv4 or IPv6 CIDR block.
- ip String
- An IPv4 or IPv6 CIDR block.
ZeroTrustAccessPolicyIncludeIpList, ZeroTrustAccessPolicyIncludeIpListArgs
- Id string
- The ID of a previously created IP list.
- Id string
- The ID of a previously created IP list.
- id String
- The ID of a previously created IP list.
- id string
- The ID of a previously created IP list.
- id str
- The ID of a previously created IP list.
- id String
- The ID of a previously created IP list.
ZeroTrustAccessPolicyIncludeLoginMethod, ZeroTrustAccessPolicyIncludeLoginMethodArgs
- Id string
- The ID of an identity provider.
- Id string
- The ID of an identity provider.
- id String
- The ID of an identity provider.
- id string
- The ID of an identity provider.
- id str
- The ID of an identity provider.
- id String
- The ID of an identity provider.
ZeroTrustAccessPolicyIncludeOkta, ZeroTrustAccessPolicyIncludeOktaArgs
- Identity
Provider stringId - The ID of your Okta identity provider.
- Name string
- The name of the Okta group.
- Identity
Provider stringId - The ID of your Okta identity provider.
- Name string
- The name of the Okta group.
- identity
Provider StringId - The ID of your Okta identity provider.
- name String
- The name of the Okta group.
- identity
Provider stringId - The ID of your Okta identity provider.
- name string
- The name of the Okta group.
- identity_
provider_ strid - The ID of your Okta identity provider.
- name str
- The name of the Okta group.
- identity
Provider StringId - The ID of your Okta identity provider.
- name String
- The name of the Okta group.
ZeroTrustAccessPolicyIncludeSaml, ZeroTrustAccessPolicyIncludeSamlArgs
- Attribute
Name string - The name of the SAML attribute.
- Attribute
Value string - The SAML attribute value to look for.
- Identity
Provider stringId - The ID of your SAML identity provider.
- Attribute
Name string - The name of the SAML attribute.
- Attribute
Value string - The SAML attribute value to look for.
- Identity
Provider stringId - The ID of your SAML identity provider.
- attribute
Name String - The name of the SAML attribute.
- attribute
Value String - The SAML attribute value to look for.
- identity
Provider StringId - The ID of your SAML identity provider.
- attribute
Name string - The name of the SAML attribute.
- attribute
Value string - The SAML attribute value to look for.
- identity
Provider stringId - The ID of your SAML identity provider.
- attribute_
name str - The name of the SAML attribute.
- attribute_
value str - The SAML attribute value to look for.
- identity_
provider_ strid - The ID of your SAML identity provider.
- attribute
Name String - The name of the SAML attribute.
- attribute
Value String - The SAML attribute value to look for.
- identity
Provider StringId - The ID of your SAML identity provider.
ZeroTrustAccessPolicyIncludeServiceToken, ZeroTrustAccessPolicyIncludeServiceTokenArgs
- Token
Id string - The ID of a Service Token.
- Token
Id string - The ID of a Service Token.
- token
Id String - The ID of a Service Token.
- token
Id string - The ID of a Service Token.
- token_
id str - The ID of a Service Token.
- token
Id String - The ID of a Service Token.
ZeroTrustAccessPolicyRequire, ZeroTrustAccessPolicyRequireArgs
- Any
Valid ZeroService Token Trust Access Policy Require Any Valid Service Token - An empty object which matches on all service tokens.
- Auth
Context ZeroTrust Access Policy Require Auth Context - Auth
Method ZeroTrust Access Policy Require Auth Method - Azure
Ad ZeroTrust Access Policy Require Azure Ad - Certificate
Zero
Trust Access Policy Require Certificate - Common
Name ZeroTrust Access Policy Require Common Name - Device
Posture ZeroTrust Access Policy Require Device Posture - Email
Zero
Trust Access Policy Require Email - Email
Domain ZeroTrust Access Policy Require Email Domain - Email
List ZeroTrust Access Policy Require Email List - Everyone
Zero
Trust Access Policy Require Everyone - An empty object which matches on all users.
- External
Evaluation ZeroTrust Access Policy Require External Evaluation - Geo
Zero
Trust Access Policy Require Geo - Github
Organization ZeroTrust Access Policy Require Github Organization - Group
Zero
Trust Access Policy Require Group - Gsuite
Zero
Trust Access Policy Require Gsuite - Ip
Zero
Trust Access Policy Require Ip - Ip
List ZeroTrust Access Policy Require Ip List - Login
Method ZeroTrust Access Policy Require Login Method - Okta
Zero
Trust Access Policy Require Okta - Saml
Zero
Trust Access Policy Require Saml - Service
Token ZeroTrust Access Policy Require Service Token
- Any
Valid ZeroService Token Trust Access Policy Require Any Valid Service Token - An empty object which matches on all service tokens.
- Auth
Context ZeroTrust Access Policy Require Auth Context - Auth
Method ZeroTrust Access Policy Require Auth Method - Azure
Ad ZeroTrust Access Policy Require Azure Ad - Certificate
Zero
Trust Access Policy Require Certificate - Common
Name ZeroTrust Access Policy Require Common Name - Device
Posture ZeroTrust Access Policy Require Device Posture - Email
Zero
Trust Access Policy Require Email - Email
Domain ZeroTrust Access Policy Require Email Domain - Email
List ZeroTrust Access Policy Require Email List - Everyone
Zero
Trust Access Policy Require Everyone - An empty object which matches on all users.
- External
Evaluation ZeroTrust Access Policy Require External Evaluation - Geo
Zero
Trust Access Policy Require Geo - Github
Organization ZeroTrust Access Policy Require Github Organization - Group
Zero
Trust Access Policy Require Group - Gsuite
Zero
Trust Access Policy Require Gsuite - Ip
Zero
Trust Access Policy Require Ip - Ip
List ZeroTrust Access Policy Require Ip List - Login
Method ZeroTrust Access Policy Require Login Method - Okta
Zero
Trust Access Policy Require Okta - Saml
Zero
Trust Access Policy Require Saml - Service
Token ZeroTrust Access Policy Require Service Token
- any
Valid ZeroService Token Trust Access Policy Require Any Valid Service Token - An empty object which matches on all service tokens.
- auth
Context ZeroTrust Access Policy Require Auth Context - auth
Method ZeroTrust Access Policy Require Auth Method - azure
Ad ZeroTrust Access Policy Require Azure Ad - certificate
Zero
Trust Access Policy Require Certificate - common
Name ZeroTrust Access Policy Require Common Name - device
Posture ZeroTrust Access Policy Require Device Posture - email
Zero
Trust Access Policy Require Email - email
Domain ZeroTrust Access Policy Require Email Domain - email
List ZeroTrust Access Policy Require Email List - everyone
Zero
Trust Access Policy Require Everyone - An empty object which matches on all users.
- external
Evaluation ZeroTrust Access Policy Require External Evaluation - geo
Zero
Trust Access Policy Require Geo - github
Organization ZeroTrust Access Policy Require Github Organization - group
Zero
Trust Access Policy Require Group - gsuite
Zero
Trust Access Policy Require Gsuite - ip
Zero
Trust Access Policy Require Ip - ip
List ZeroTrust Access Policy Require Ip List - login
Method ZeroTrust Access Policy Require Login Method - okta
Zero
Trust Access Policy Require Okta - saml
Zero
Trust Access Policy Require Saml - service
Token ZeroTrust Access Policy Require Service Token
- any
Valid ZeroService Token Trust Access Policy Require Any Valid Service Token - An empty object which matches on all service tokens.
- auth
Context ZeroTrust Access Policy Require Auth Context - auth
Method ZeroTrust Access Policy Require Auth Method - azure
Ad ZeroTrust Access Policy Require Azure Ad - certificate
Zero
Trust Access Policy Require Certificate - common
Name ZeroTrust Access Policy Require Common Name - device
Posture ZeroTrust Access Policy Require Device Posture - email
Zero
Trust Access Policy Require Email - email
Domain ZeroTrust Access Policy Require Email Domain - email
List ZeroTrust Access Policy Require Email List - everyone
Zero
Trust Access Policy Require Everyone - An empty object which matches on all users.
- external
Evaluation ZeroTrust Access Policy Require External Evaluation - geo
Zero
Trust Access Policy Require Geo - github
Organization ZeroTrust Access Policy Require Github Organization - group
Zero
Trust Access Policy Require Group - gsuite
Zero
Trust Access Policy Require Gsuite - ip
Zero
Trust Access Policy Require Ip - ip
List ZeroTrust Access Policy Require Ip List - login
Method ZeroTrust Access Policy Require Login Method - okta
Zero
Trust Access Policy Require Okta - saml
Zero
Trust Access Policy Require Saml - service
Token ZeroTrust Access Policy Require Service Token
- any_
valid_ Zeroservice_ token Trust Access Policy Require Any Valid Service Token - An empty object which matches on all service tokens.
- auth_
context ZeroTrust Access Policy Require Auth Context - auth_
method ZeroTrust Access Policy Require Auth Method - azure_
ad ZeroTrust Access Policy Require Azure Ad - certificate
Zero
Trust Access Policy Require Certificate - common_
name ZeroTrust Access Policy Require Common Name - device_
posture ZeroTrust Access Policy Require Device Posture - email
Zero
Trust Access Policy Require Email - email_
domain ZeroTrust Access Policy Require Email Domain - email_
list ZeroTrust Access Policy Require Email List - everyone
Zero
Trust Access Policy Require Everyone - An empty object which matches on all users.
- external_
evaluation ZeroTrust Access Policy Require External Evaluation - geo
Zero
Trust Access Policy Require Geo - github_
organization ZeroTrust Access Policy Require Github Organization - group
Zero
Trust Access Policy Require Group - gsuite
Zero
Trust Access Policy Require Gsuite - ip
Zero
Trust Access Policy Require Ip - ip_
list ZeroTrust Access Policy Require Ip List - login_
method ZeroTrust Access Policy Require Login Method - okta
Zero
Trust Access Policy Require Okta - saml
Zero
Trust Access Policy Require Saml - service_
token ZeroTrust Access Policy Require Service Token
- any
Valid Property MapService Token - An empty object which matches on all service tokens.
- auth
Context Property Map - auth
Method Property Map - azure
Ad Property Map - certificate Property Map
- common
Name Property Map - device
Posture Property Map - email Property Map
- email
Domain Property Map - email
List Property Map - everyone Property Map
- An empty object which matches on all users.
- external
Evaluation Property Map - geo Property Map
- github
Organization Property Map - group Property Map
- gsuite Property Map
- ip Property Map
- ip
List Property Map - login
Method Property Map - okta Property Map
- saml Property Map
- service
Token Property Map
ZeroTrustAccessPolicyRequireAuthContext, ZeroTrustAccessPolicyRequireAuthContextArgs
- Ac
Id string - The ACID of an Authentication context.
- Id string
- The ID of an Authentication context.
- Identity
Provider stringId - The ID of your Azure identity provider.
- Ac
Id string - The ACID of an Authentication context.
- Id string
- The ID of an Authentication context.
- Identity
Provider stringId - The ID of your Azure identity provider.
- ac
Id String - The ACID of an Authentication context.
- id String
- The ID of an Authentication context.
- identity
Provider StringId - The ID of your Azure identity provider.
- ac
Id string - The ACID of an Authentication context.
- id string
- The ID of an Authentication context.
- identity
Provider stringId - The ID of your Azure identity provider.
- ac_
id str - The ACID of an Authentication context.
- id str
- The ID of an Authentication context.
- identity_
provider_ strid - The ID of your Azure identity provider.
- ac
Id String - The ACID of an Authentication context.
- id String
- The ID of an Authentication context.
- identity
Provider StringId - The ID of your Azure identity provider.
ZeroTrustAccessPolicyRequireAuthMethod, ZeroTrustAccessPolicyRequireAuthMethodArgs
- Auth
Method string - The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.
- Auth
Method string - The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.
- auth
Method String - The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.
- auth
Method string - The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.
- auth_
method str - The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.
- auth
Method String - The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.
ZeroTrustAccessPolicyRequireAzureAd, ZeroTrustAccessPolicyRequireAzureAdArgs
- Id string
- The ID of an Azure group.
- Identity
Provider stringId - The ID of your Azure identity provider.
- Id string
- The ID of an Azure group.
- Identity
Provider stringId - The ID of your Azure identity provider.
- id String
- The ID of an Azure group.
- identity
Provider StringId - The ID of your Azure identity provider.
- id string
- The ID of an Azure group.
- identity
Provider stringId - The ID of your Azure identity provider.
- id str
- The ID of an Azure group.
- identity_
provider_ strid - The ID of your Azure identity provider.
- id String
- The ID of an Azure group.
- identity
Provider StringId - The ID of your Azure identity provider.
ZeroTrustAccessPolicyRequireCommonName, ZeroTrustAccessPolicyRequireCommonNameArgs
- Common
Name string - The common name to match.
- Common
Name string - The common name to match.
- common
Name String - The common name to match.
- common
Name string - The common name to match.
- common_
name str - The common name to match.
- common
Name String - The common name to match.
ZeroTrustAccessPolicyRequireDevicePosture, ZeroTrustAccessPolicyRequireDevicePostureArgs
- Integration
Uid string - The ID of a device posture integration.
- Integration
Uid string - The ID of a device posture integration.
- integration
Uid String - The ID of a device posture integration.
- integration
Uid string - The ID of a device posture integration.
- integration_
uid str - The ID of a device posture integration.
- integration
Uid String - The ID of a device posture integration.
ZeroTrustAccessPolicyRequireEmail, ZeroTrustAccessPolicyRequireEmailArgs
- Email string
- The email of the user.
- Email string
- The email of the user.
- email String
- The email of the user.
- email string
- The email of the user.
- email str
- The email of the user.
- email String
- The email of the user.
ZeroTrustAccessPolicyRequireEmailDomain, ZeroTrustAccessPolicyRequireEmailDomainArgs
- Domain string
- The email domain to match.
- Domain string
- The email domain to match.
- domain String
- The email domain to match.
- domain string
- The email domain to match.
- domain str
- The email domain to match.
- domain String
- The email domain to match.
ZeroTrustAccessPolicyRequireEmailList, ZeroTrustAccessPolicyRequireEmailListArgs
- Id string
- The ID of a previously created email list.
- Id string
- The ID of a previously created email list.
- id String
- The ID of a previously created email list.
- id string
- The ID of a previously created email list.
- id str
- The ID of a previously created email list.
- id String
- The ID of a previously created email list.
ZeroTrustAccessPolicyRequireExternalEvaluation, ZeroTrustAccessPolicyRequireExternalEvaluationArgs
- Evaluate
Url string - The API endpoint containing your business logic.
- Keys
Url string - The API endpoint containing the key that Access uses to verify that the response came from your API.
- Evaluate
Url string - The API endpoint containing your business logic.
- Keys
Url string - The API endpoint containing the key that Access uses to verify that the response came from your API.
- evaluate
Url String - The API endpoint containing your business logic.
- keys
Url String - The API endpoint containing the key that Access uses to verify that the response came from your API.
- evaluate
Url string - The API endpoint containing your business logic.
- keys
Url string - The API endpoint containing the key that Access uses to verify that the response came from your API.
- evaluate_
url str - The API endpoint containing your business logic.
- keys_
url str - The API endpoint containing the key that Access uses to verify that the response came from your API.
- evaluate
Url String - The API endpoint containing your business logic.
- keys
Url String - The API endpoint containing the key that Access uses to verify that the response came from your API.
ZeroTrustAccessPolicyRequireGeo, ZeroTrustAccessPolicyRequireGeoArgs
- Country
Code string - The country code that should be matched.
- Country
Code string - The country code that should be matched.
- country
Code String - The country code that should be matched.
- country
Code string - The country code that should be matched.
- country_
code str - The country code that should be matched.
- country
Code String - The country code that should be matched.
ZeroTrustAccessPolicyRequireGithubOrganization, ZeroTrustAccessPolicyRequireGithubOrganizationArgs
- Identity
Provider stringId - The ID of your Github identity provider.
- Name string
- The name of the organization.
- Team string
- The name of the team
- Identity
Provider stringId - The ID of your Github identity provider.
- Name string
- The name of the organization.
- Team string
- The name of the team
- identity
Provider StringId - The ID of your Github identity provider.
- name String
- The name of the organization.
- team String
- The name of the team
- identity
Provider stringId - The ID of your Github identity provider.
- name string
- The name of the organization.
- team string
- The name of the team
- identity_
provider_ strid - The ID of your Github identity provider.
- name str
- The name of the organization.
- team str
- The name of the team
- identity
Provider StringId - The ID of your Github identity provider.
- name String
- The name of the organization.
- team String
- The name of the team
ZeroTrustAccessPolicyRequireGroup, ZeroTrustAccessPolicyRequireGroupArgs
- Id string
- The ID of a previously created Access group.
- Id string
- The ID of a previously created Access group.
- id String
- The ID of a previously created Access group.
- id string
- The ID of a previously created Access group.
- id str
- The ID of a previously created Access group.
- id String
- The ID of a previously created Access group.
ZeroTrustAccessPolicyRequireGsuite, ZeroTrustAccessPolicyRequireGsuiteArgs
- Email string
- The email of the Google Workspace group.
- Identity
Provider stringId - The ID of your Google Workspace identity provider.
- Email string
- The email of the Google Workspace group.
- Identity
Provider stringId - The ID of your Google Workspace identity provider.
- email String
- The email of the Google Workspace group.
- identity
Provider StringId - The ID of your Google Workspace identity provider.
- email string
- The email of the Google Workspace group.
- identity
Provider stringId - The ID of your Google Workspace identity provider.
- email str
- The email of the Google Workspace group.
- identity_
provider_ strid - The ID of your Google Workspace identity provider.
- email String
- The email of the Google Workspace group.
- identity
Provider StringId - The ID of your Google Workspace identity provider.
ZeroTrustAccessPolicyRequireIp, ZeroTrustAccessPolicyRequireIpArgs
- Ip string
- An IPv4 or IPv6 CIDR block.
- Ip string
- An IPv4 or IPv6 CIDR block.
- ip String
- An IPv4 or IPv6 CIDR block.
- ip string
- An IPv4 or IPv6 CIDR block.
- ip str
- An IPv4 or IPv6 CIDR block.
- ip String
- An IPv4 or IPv6 CIDR block.
ZeroTrustAccessPolicyRequireIpList, ZeroTrustAccessPolicyRequireIpListArgs
- Id string
- The ID of a previously created IP list.
- Id string
- The ID of a previously created IP list.
- id String
- The ID of a previously created IP list.
- id string
- The ID of a previously created IP list.
- id str
- The ID of a previously created IP list.
- id String
- The ID of a previously created IP list.
ZeroTrustAccessPolicyRequireLoginMethod, ZeroTrustAccessPolicyRequireLoginMethodArgs
- Id string
- The ID of an identity provider.
- Id string
- The ID of an identity provider.
- id String
- The ID of an identity provider.
- id string
- The ID of an identity provider.
- id str
- The ID of an identity provider.
- id String
- The ID of an identity provider.
ZeroTrustAccessPolicyRequireOkta, ZeroTrustAccessPolicyRequireOktaArgs
- Identity
Provider stringId - The ID of your Okta identity provider.
- Name string
- The name of the Okta group.
- Identity
Provider stringId - The ID of your Okta identity provider.
- Name string
- The name of the Okta group.
- identity
Provider StringId - The ID of your Okta identity provider.
- name String
- The name of the Okta group.
- identity
Provider stringId - The ID of your Okta identity provider.
- name string
- The name of the Okta group.
- identity_
provider_ strid - The ID of your Okta identity provider.
- name str
- The name of the Okta group.
- identity
Provider StringId - The ID of your Okta identity provider.
- name String
- The name of the Okta group.
ZeroTrustAccessPolicyRequireSaml, ZeroTrustAccessPolicyRequireSamlArgs
- Attribute
Name string - The name of the SAML attribute.
- Attribute
Value string - The SAML attribute value to look for.
- Identity
Provider stringId - The ID of your SAML identity provider.
- Attribute
Name string - The name of the SAML attribute.
- Attribute
Value string - The SAML attribute value to look for.
- Identity
Provider stringId - The ID of your SAML identity provider.
- attribute
Name String - The name of the SAML attribute.
- attribute
Value String - The SAML attribute value to look for.
- identity
Provider StringId - The ID of your SAML identity provider.
- attribute
Name string - The name of the SAML attribute.
- attribute
Value string - The SAML attribute value to look for.
- identity
Provider stringId - The ID of your SAML identity provider.
- attribute_
name str - The name of the SAML attribute.
- attribute_
value str - The SAML attribute value to look for.
- identity_
provider_ strid - The ID of your SAML identity provider.
- attribute
Name String - The name of the SAML attribute.
- attribute
Value String - The SAML attribute value to look for.
- identity
Provider StringId - The ID of your SAML identity provider.
ZeroTrustAccessPolicyRequireServiceToken, ZeroTrustAccessPolicyRequireServiceTokenArgs
- Token
Id string - The ID of a Service Token.
- Token
Id string - The ID of a Service Token.
- token
Id String - The ID of a Service Token.
- token
Id string - The ID of a Service Token.
- token_
id str - The ID of a Service Token.
- token
Id String - The ID of a Service Token.
Import
$ pulumi import cloudflare:index/zeroTrustAccessPolicy:ZeroTrustAccessPolicy example '<account_id>/<policy_id>'
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Cloudflare pulumi/pulumi-cloudflare
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
cloudflareTerraform Provider.