1. Packages
  2. Packages
  3. Juniper Mist Provider
  4. API Docs
  5. org
  6. NacPortal
Viewing docs for Juniper Mist v0.8.2
published on Thursday, Apr 16, 2026 by Pulumi
Schema (JSON)
pulumi/pulumi-junipermist

junipermist.org.NacPortal

junipermist logo
Viewing docs for Juniper Mist v0.8.2
published on Thursday, Apr 16, 2026 by Pulumi
Schema (JSON)
pulumi/pulumi-junipermist

    This resource manages Org NAC Portals.

    NAC Portal configuration defines the authentication portal for network access control.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
import * as junipermist from "@pulumi/juniper-mist";

const guestPortal = new junipermist.org.NacPortal("guest_portal", {
    orgId: terraformTest.id,
    name: "Guest Portal",
    type: "marvis_client",
    accessType: "wireless+wired",
    ssid: "Guest-Network",
    certExpireTime: 365,
    eapType: "wpa3",
    enableTelemetry: true,
    expiryNotificationTime: 30,
    notifyExpiry: true,
    tos: "By using this network, you agree to our terms of service and privacy policy.",
    additionalCacerts: [`-----BEGIN CERTIFICATE-----
MIIC...certificate...content
-----END CERTIFICATE-----`],
    additionalNacServerNames: [
        "nac1.example.com",
        "nac2.example.com",
    ],
    portal: {
        auth: "multi",
        expire: 43200,
        externalPortalUrl: "https://portal.example.com/external",
        forceReconnect: false,
        forward: true,
        forwardUrl: "https://example.com/portal/welcome",
        maxNumDevices: 10,
        privacy: true,
    },
    sso: {
        idpCert: `-----BEGIN CERTIFICATE-----
MIIC...idp...cert
-----END CERTIFICATE-----`,
        idpSignAlgo: "sha384",
        idpSsoUrl: "https://idp.example.com/saml/sso",
        issuer: "https://idp.example.com",
        nameidFormat: "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent",
        useSsoRoleForCert: false,
        ssoRoleMatchings: [
            {
                match: "Administrator",
                assigned: "full-access",
            },
            {
                match: "Manager",
                assigned: "manager-access",
            },
            {
                match: "Employee",
                assigned: "employee-access",
            },
            {
                match: "Guest",
                assigned: "guest-access",
            },
        ],
    },
});

    import pulumi
import pulumi_juniper_mist as junipermist

guest_portal = junipermist.org.NacPortal("guest_portal",
    org_id=terraform_test["id"],
    name="Guest Portal",
    type="marvis_client",
    access_type="wireless+wired",
    ssid="Guest-Network",
    cert_expire_time=365,
    eap_type="wpa3",
    enable_telemetry=True,
    expiry_notification_time=30,
    notify_expiry=True,
    tos="By using this network, you agree to our terms of service and privacy policy.",
    additional_cacerts=["""-----BEGIN CERTIFICATE-----
MIIC...certificate...content
-----END CERTIFICATE-----"""],
    additional_nac_server_names=[
        "nac1.example.com",
        "nac2.example.com",
    ],
    portal={
        "auth": "multi",
        "expire": 43200,
        "external_portal_url": "https://portal.example.com/external",
        "force_reconnect": False,
        "forward": True,
        "forward_url": "https://example.com/portal/welcome",
        "max_num_devices": 10,
        "privacy": True,
    },
    sso={
        "idp_cert": """-----BEGIN CERTIFICATE-----
MIIC...idp...cert
-----END CERTIFICATE-----""",
        "idp_sign_algo": "sha384",
        "idp_sso_url": "https://idp.example.com/saml/sso",
        "issuer": "https://idp.example.com",
        "nameid_format": "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent",
        "use_sso_role_for_cert": False,
        "sso_role_matchings": [
            {
                "match": "Administrator",
                "assigned": "full-access",
            },
            {
                "match": "Manager",
                "assigned": "manager-access",
            },
            {
                "match": "Employee",
                "assigned": "employee-access",
            },
            {
                "match": "Guest",
                "assigned": "guest-access",
            },
        ],
    })

    package main

import (
	"github.com/pulumi/pulumi-junipermist/sdk/go/junipermist/org"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := org.NewNacPortal(ctx, "guest_portal", &org.NacPortalArgs{
			OrgId:                  pulumi.Any(terraformTest.Id),
			Name:                   pulumi.String("Guest Portal"),
			Type:                   pulumi.String("marvis_client"),
			AccessType:             pulumi.String("wireless+wired"),
			Ssid:                   pulumi.String("Guest-Network"),
			CertExpireTime:         pulumi.Int(365),
			EapType:                pulumi.String("wpa3"),
			EnableTelemetry:        pulumi.Bool(true),
			ExpiryNotificationTime: pulumi.Int(30),
			NotifyExpiry:           pulumi.Bool(true),
			Tos:                    pulumi.String("By using this network, you agree to our terms of service and privacy policy."),
			AdditionalCacerts: pulumi.StringArray{
				pulumi.String("-----BEGIN CERTIFICATE-----\nMIIC...certificate...content\n-----END CERTIFICATE-----"),
			},
			AdditionalNacServerNames: pulumi.StringArray{
				pulumi.String("nac1.example.com"),
				pulumi.String("nac2.example.com"),
			},
			Portal: &org.NacPortalPortalArgs{
				Auth:              pulumi.String("multi"),
				Expire:            pulumi.Int(43200),
				ExternalPortalUrl: pulumi.String("https://portal.example.com/external"),
				ForceReconnect:    pulumi.Bool(false),
				Forward:           pulumi.Bool(true),
				ForwardUrl:        pulumi.String("https://example.com/portal/welcome"),
				MaxNumDevices:     pulumi.Int(10),
				Privacy:           pulumi.Bool(true),
			},
			Sso: &org.NacPortalSsoArgs{
				IdpCert:           pulumi.String("-----BEGIN CERTIFICATE-----\nMIIC...idp...cert\n-----END CERTIFICATE-----"),
				IdpSignAlgo:       pulumi.String("sha384"),
				IdpSsoUrl:         pulumi.String("https://idp.example.com/saml/sso"),
				Issuer:            pulumi.String("https://idp.example.com"),
				NameidFormat:      pulumi.String("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"),
				UseSsoRoleForCert: pulumi.Bool(false),
				SsoRoleMatchings: org.NacPortalSsoSsoRoleMatchingArray{
					&org.NacPortalSsoSsoRoleMatchingArgs{
						Match:    pulumi.String("Administrator"),
						Assigned: pulumi.String("full-access"),
					},
					&org.NacPortalSsoSsoRoleMatchingArgs{
						Match:    pulumi.String("Manager"),
						Assigned: pulumi.String("manager-access"),
					},
					&org.NacPortalSsoSsoRoleMatchingArgs{
						Match:    pulumi.String("Employee"),
						Assigned: pulumi.String("employee-access"),
					},
					&org.NacPortalSsoSsoRoleMatchingArgs{
						Match:    pulumi.String("Guest"),
						Assigned: pulumi.String("guest-access"),
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

    using System.Collections.Generic;
using System.Linq;
using Pulumi;
using JuniperMist = Pulumi.JuniperMist;

return await Deployment.RunAsync(() => 
{
    var guestPortal = new JuniperMist.Org.NacPortal("guest_portal", new()
    {
        OrgId = terraformTest.Id,
        Name = "Guest Portal",
        Type = "marvis_client",
        AccessType = "wireless+wired",
        Ssid = "Guest-Network",
        CertExpireTime = 365,
        EapType = "wpa3",
        EnableTelemetry = true,
        ExpiryNotificationTime = 30,
        NotifyExpiry = true,
        Tos = "By using this network, you agree to our terms of service and privacy policy.",
        AdditionalCacerts = new[]
        {
            @"-----BEGIN CERTIFICATE-----
MIIC...certificate...content
-----END CERTIFICATE-----",
        },
        AdditionalNacServerNames = new[]
        {
            "nac1.example.com",
            "nac2.example.com",
        },
        Portal = new JuniperMist.Org.Inputs.NacPortalPortalArgs
        {
            Auth = "multi",
            Expire = 43200,
            ExternalPortalUrl = "https://portal.example.com/external",
            ForceReconnect = false,
            Forward = true,
            ForwardUrl = "https://example.com/portal/welcome",
            MaxNumDevices = 10,
            Privacy = true,
        },
        Sso = new JuniperMist.Org.Inputs.NacPortalSsoArgs
        {
            IdpCert = @"-----BEGIN CERTIFICATE-----
MIIC...idp...cert
-----END CERTIFICATE-----",
            IdpSignAlgo = "sha384",
            IdpSsoUrl = "https://idp.example.com/saml/sso",
            Issuer = "https://idp.example.com",
            NameidFormat = "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent",
            UseSsoRoleForCert = false,
            SsoRoleMatchings = new[]
            {
                new JuniperMist.Org.Inputs.NacPortalSsoSsoRoleMatchingArgs
                {
                    Match = "Administrator",
                    Assigned = "full-access",
                },
                new JuniperMist.Org.Inputs.NacPortalSsoSsoRoleMatchingArgs
                {
                    Match = "Manager",
                    Assigned = "manager-access",
                },
                new JuniperMist.Org.Inputs.NacPortalSsoSsoRoleMatchingArgs
                {
                    Match = "Employee",
                    Assigned = "employee-access",
                },
                new JuniperMist.Org.Inputs.NacPortalSsoSsoRoleMatchingArgs
                {
                    Match = "Guest",
                    Assigned = "guest-access",
                },
            },
        },
    });

});

    package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.junipermist.org.NacPortal;
import com.pulumi.junipermist.org.NacPortalArgs;
import com.pulumi.junipermist.org.inputs.NacPortalPortalArgs;
import com.pulumi.junipermist.org.inputs.NacPortalSsoArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var guestPortal = new NacPortal("guestPortal", NacPortalArgs.builder()
            .orgId(terraformTest.id())
            .name("Guest Portal")
            .type("marvis_client")
            .accessType("wireless+wired")
            .ssid("Guest-Network")
            .certExpireTime(365)
            .eapType("wpa3")
            .enableTelemetry(true)
            .expiryNotificationTime(30)
            .notifyExpiry(true)
            .tos("By using this network, you agree to our terms of service and privacy policy.")
            .additionalCacerts("""
-----BEGIN CERTIFICATE-----
MIIC...certificate...content
-----END CERTIFICATE-----            """)
            .additionalNacServerNames(            
                "nac1.example.com",
                "nac2.example.com")
            .portal(NacPortalPortalArgs.builder()
                .auth("multi")
                .expire(43200)
                .externalPortalUrl("https://portal.example.com/external")
                .forceReconnect(false)
                .forward(true)
                .forwardUrl("https://example.com/portal/welcome")
                .maxNumDevices(10)
                .privacy(true)
                .build())
            .sso(NacPortalSsoArgs.builder()
                .idpCert("""
-----BEGIN CERTIFICATE-----
MIIC...idp...cert
-----END CERTIFICATE-----                """)
                .idpSignAlgo("sha384")
                .idpSsoUrl("https://idp.example.com/saml/sso")
                .issuer("https://idp.example.com")
                .nameidFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent")
                .useSsoRoleForCert(false)
                .ssoRoleMatchings(                
                    NacPortalSsoSsoRoleMatchingArgs.builder()
                        .match("Administrator")
                        .assigned("full-access")
                        .build(),
                    NacPortalSsoSsoRoleMatchingArgs.builder()
                        .match("Manager")
                        .assigned("manager-access")
                        .build(),
                    NacPortalSsoSsoRoleMatchingArgs.builder()
                        .match("Employee")
                        .assigned("employee-access")
                        .build(),
                    NacPortalSsoSsoRoleMatchingArgs.builder()
                        .match("Guest")
                        .assigned("guest-access")
                        .build())
                .build())
            .build());

    }
}

    resources:
  guestPortal:
    type: junipermist:org:NacPortal
    name: guest_portal
    properties:
      orgId: ${terraformTest.id}
      name: Guest Portal
      type: marvis_client
      accessType: wireless+wired
      ssid: Guest-Network
      certExpireTime: 365
      eapType: wpa3
      enableTelemetry: true
      expiryNotificationTime: 30
      notifyExpiry: true
      tos: By using this network, you agree to our terms of service and privacy policy.
      additionalCacerts:
        - |-
          -----BEGIN CERTIFICATE-----
          MIIC...certificate...content
          -----END CERTIFICATE-----
      additionalNacServerNames:
        - nac1.example.com
        - nac2.example.com
      portal:
        auth: multi
        expire: 43200
        externalPortalUrl: https://portal.example.com/external
        forceReconnect: false
        forward: true
        forwardUrl: https://example.com/portal/welcome
        maxNumDevices: 10
        privacy: true
      sso:
        idpCert: |-
          -----BEGIN CERTIFICATE-----
          MIIC...idp...cert
          -----END CERTIFICATE-----
        idpSignAlgo: sha384
        idpSsoUrl: https://idp.example.com/saml/sso
        issuer: https://idp.example.com
        nameidFormat: urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
        useSsoRoleForCert: false
        ssoRoleMatchings:
          - match: Administrator
            assigned: full-access
          - match: Manager
            assigned: manager-access
          - match: Employee
            assigned: employee-access
          - match: Guest
            assigned: guest-access

    Create NacPortal Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new NacPortal(name: string, args: NacPortalArgs, opts?: CustomResourceOptions);
    @overload
def NacPortal(resource_name: str,
              args: NacPortalArgs,
              opts: Optional[ResourceOptions] = None)

@overload
def NacPortal(resource_name: str,
              opts: Optional[ResourceOptions] = None,
              org_id: Optional[str] = None,
              cert_expire_time: Optional[int] = None,
              notify_expiry: Optional[bool] = None,
              access_type: Optional[str] = None,
              eap_type: Optional[str] = None,
              enable_telemetry: Optional[bool] = None,
              expiry_notification_time: Optional[int] = None,
              name: Optional[str] = None,
              additional_nac_server_names: Optional[Sequence[str]] = None,
              additional_cacerts: Optional[Sequence[str]] = None,
              portal: Optional[NacPortalPortalArgs] = None,
              ssid: Optional[str] = None,
              sso: Optional[NacPortalSsoArgs] = None,
              tos: Optional[str] = None,
              type: Optional[str] = None)
    func NewNacPortal(ctx *Context, name string, args NacPortalArgs, opts ...ResourceOption) (*NacPortal, error)
    public NacPortal(string name, NacPortalArgs args, CustomResourceOptions? opts = null)
    public NacPortal(String name, NacPortalArgs args)
public NacPortal(String name, NacPortalArgs args, CustomResourceOptions options)

    type: junipermist:org:NacPortal
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

    Parameters

    name string
    The unique name of the resource.
    args NacPortalArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args NacPortalArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args NacPortalArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args NacPortalArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args NacPortalArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    NacPortal Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The NacPortal resource accepts the following input properties:

    OrgId string
    AccessType string
    if type==marvisClient. enum: wireless, wireless+wired
    AdditionalCacerts List<string>
    Optional list of additional CA certificates to be used
    AdditionalNacServerNames List<string>
    Optional list of additional NAC server names
    CertExpireTime int
    In days
    EapType string
    enum: wpa2, wpa3
    EnableTelemetry bool
    Model, version, fingering, events (connecting, disconnect, roaming), which ap
    ExpiryNotificationTime int
    In days
    Name string
    NotifyExpiry bool
    phase 2
    Portal Pulumi.JuniperMist.Org.Inputs.NacPortalPortal
    Guest portal configuration when type==guestPortal. If

    • auth==none, the user is presented with a terms of service and can click and continue.
    • auth==external, the user is redirected to an external URL for authentication.
    • auth==multi, the user is presented with a choice of authentication methods:
      • social logins: facebook / google / amazon / microsoft / azure
      • sponsor
      • sms: supported provider: twillio
      • email
      • sso
      • userpass: pre created guest list
    Ssid string
    Sso Pulumi.JuniperMist.Org.Inputs.NacPortalSso
    Tos string
    Type string
    enum:

    • guestAdmin: NAC-Based Portal Admin for Pre Created Guest Authentication
    • guestPortal: NAC-Based Guest Portal
    • marvisClient
    OrgId string
    AccessType string
    if type==marvisClient. enum: wireless, wireless+wired
    AdditionalCacerts []string
    Optional list of additional CA certificates to be used
    AdditionalNacServerNames []string
    Optional list of additional NAC server names
    CertExpireTime int
    In days
    EapType string
    enum: wpa2, wpa3
    EnableTelemetry bool
    Model, version, fingering, events (connecting, disconnect, roaming), which ap
    ExpiryNotificationTime int
    In days
    Name string
    NotifyExpiry bool
    phase 2
    Portal NacPortalPortalArgs
    Guest portal configuration when type==guestPortal. If

    • auth==none, the user is presented with a terms of service and can click and continue.
    • auth==external, the user is redirected to an external URL for authentication.
    • auth==multi, the user is presented with a choice of authentication methods:
      • social logins: facebook / google / amazon / microsoft / azure
      • sponsor
      • sms: supported provider: twillio
      • email
      • sso
      • userpass: pre created guest list
    Ssid string
    Sso NacPortalSsoArgs
    Tos string
    Type string
    enum:

    • guestAdmin: NAC-Based Portal Admin for Pre Created Guest Authentication
    • guestPortal: NAC-Based Guest Portal
    • marvisClient
    orgId String
    accessType String
    if type==marvisClient. enum: wireless, wireless+wired
    additionalCacerts List<String>
    Optional list of additional CA certificates to be used
    additionalNacServerNames List<String>
    Optional list of additional NAC server names
    certExpireTime Integer
    In days
    eapType String
    enum: wpa2, wpa3
    enableTelemetry Boolean
    Model, version, fingering, events (connecting, disconnect, roaming), which ap
    expiryNotificationTime Integer
    In days
    name String
    notifyExpiry Boolean
    phase 2
    portal NacPortalPortal
    Guest portal configuration when type==guestPortal. If

    • auth==none, the user is presented with a terms of service and can click and continue.
    • auth==external, the user is redirected to an external URL for authentication.
    • auth==multi, the user is presented with a choice of authentication methods:
      • social logins: facebook / google / amazon / microsoft / azure
      • sponsor
      • sms: supported provider: twillio
      • email
      • sso
      • userpass: pre created guest list
    ssid String
    sso NacPortalSso
    tos String
    type String
    enum:

    • guestAdmin: NAC-Based Portal Admin for Pre Created Guest Authentication
    • guestPortal: NAC-Based Guest Portal
    • marvisClient
    orgId string
    accessType string
    if type==marvisClient. enum: wireless, wireless+wired
    additionalCacerts string[]
    Optional list of additional CA certificates to be used
    additionalNacServerNames string[]
    Optional list of additional NAC server names
    certExpireTime number
    In days
    eapType string
    enum: wpa2, wpa3
    enableTelemetry boolean
    Model, version, fingering, events (connecting, disconnect, roaming), which ap
    expiryNotificationTime number
    In days
    name string
    notifyExpiry boolean
    phase 2
    portal NacPortalPortal
    Guest portal configuration when type==guestPortal. If

    • auth==none, the user is presented with a terms of service and can click and continue.
    • auth==external, the user is redirected to an external URL for authentication.
    • auth==multi, the user is presented with a choice of authentication methods:
      • social logins: facebook / google / amazon / microsoft / azure
      • sponsor
      • sms: supported provider: twillio
      • email
      • sso
      • userpass: pre created guest list
    ssid string
    sso NacPortalSso
    tos string
    type string
    enum:

    • guestAdmin: NAC-Based Portal Admin for Pre Created Guest Authentication
    • guestPortal: NAC-Based Guest Portal
    • marvisClient
    org_id str
    access_type str
    if type==marvisClient. enum: wireless, wireless+wired
    additional_cacerts Sequence[str]
    Optional list of additional CA certificates to be used
    additional_nac_server_names Sequence[str]
    Optional list of additional NAC server names
    cert_expire_time int
    In days
    eap_type str
    enum: wpa2, wpa3
    enable_telemetry bool
    Model, version, fingering, events (connecting, disconnect, roaming), which ap
    expiry_notification_time int
    In days
    name str
    notify_expiry bool
    phase 2
    portal NacPortalPortalArgs
    Guest portal configuration when type==guestPortal. If

    • auth==none, the user is presented with a terms of service and can click and continue.
    • auth==external, the user is redirected to an external URL for authentication.
    • auth==multi, the user is presented with a choice of authentication methods:
      • social logins: facebook / google / amazon / microsoft / azure
      • sponsor
      • sms: supported provider: twillio
      • email
      • sso
      • userpass: pre created guest list
    ssid str
    sso NacPortalSsoArgs
    tos str
    type str
    enum:

    • guestAdmin: NAC-Based Portal Admin for Pre Created Guest Authentication
    • guestPortal: NAC-Based Guest Portal
    • marvisClient
    orgId String
    accessType String
    if type==marvisClient. enum: wireless, wireless+wired
    additionalCacerts List<String>
    Optional list of additional CA certificates to be used
    additionalNacServerNames List<String>
    Optional list of additional NAC server names
    certExpireTime Number
    In days
    eapType String
    enum: wpa2, wpa3
    enableTelemetry Boolean
    Model, version, fingering, events (connecting, disconnect, roaming), which ap
    expiryNotificationTime Number
    In days
    name String
    notifyExpiry Boolean
    phase 2
    portal Property Map
    Guest portal configuration when type==guestPortal. If

    • auth==none, the user is presented with a terms of service and can click and continue.
    • auth==external, the user is redirected to an external URL for authentication.
    • auth==multi, the user is presented with a choice of authentication methods:
      • social logins: facebook / google / amazon / microsoft / azure
      • sponsor
      • sms: supported provider: twillio
      • email
      • sso
      • userpass: pre created guest list
    ssid String
    sso Property Map
    tos String
    type String
    enum:

    • guestAdmin: NAC-Based Portal Admin for Pre Created Guest Authentication
    • guestPortal: NAC-Based Guest Portal
    • marvisClient

    Outputs

    All input properties are implicitly available as output properties. Additionally, the NacPortal resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing NacPortal Resource

    Get an existing NacPortal resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: NacPortalState, opts?: CustomResourceOptions): NacPortal
    @staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        access_type: Optional[str] = None,
        additional_cacerts: Optional[Sequence[str]] = None,
        additional_nac_server_names: Optional[Sequence[str]] = None,
        cert_expire_time: Optional[int] = None,
        eap_type: Optional[str] = None,
        enable_telemetry: Optional[bool] = None,
        expiry_notification_time: Optional[int] = None,
        name: Optional[str] = None,
        notify_expiry: Optional[bool] = None,
        org_id: Optional[str] = None,
        portal: Optional[NacPortalPortalArgs] = None,
        ssid: Optional[str] = None,
        sso: Optional[NacPortalSsoArgs] = None,
        tos: Optional[str] = None,
        type: Optional[str] = None) -> NacPortal
    func GetNacPortal(ctx *Context, name string, id IDInput, state *NacPortalState, opts ...ResourceOption) (*NacPortal, error)
    public static NacPortal Get(string name, Input<string> id, NacPortalState? state, CustomResourceOptions? opts = null)
    public static NacPortal get(String name, Output<String> id, NacPortalState state, CustomResourceOptions options)
    resources:  _:    type: junipermist:org:NacPortal    get:      id: ${id}
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AccessType string
    if type==marvisClient. enum: wireless, wireless+wired
    AdditionalCacerts List<string>
    Optional list of additional CA certificates to be used
    AdditionalNacServerNames List<string>
    Optional list of additional NAC server names
    CertExpireTime int
    In days
    EapType string
    enum: wpa2, wpa3
    EnableTelemetry bool
    Model, version, fingering, events (connecting, disconnect, roaming), which ap
    ExpiryNotificationTime int
    In days
    Name string
    NotifyExpiry bool
    phase 2
    OrgId string
    Portal Pulumi.JuniperMist.Org.Inputs.NacPortalPortal
    Guest portal configuration when type==guestPortal. If

    • auth==none, the user is presented with a terms of service and can click and continue.
    • auth==external, the user is redirected to an external URL for authentication.
    • auth==multi, the user is presented with a choice of authentication methods:
      • social logins: facebook / google / amazon / microsoft / azure
      • sponsor
      • sms: supported provider: twillio
      • email
      • sso
      • userpass: pre created guest list
    Ssid string
    Sso Pulumi.JuniperMist.Org.Inputs.NacPortalSso
    Tos string
    Type string
    enum:

    • guestAdmin: NAC-Based Portal Admin for Pre Created Guest Authentication
    • guestPortal: NAC-Based Guest Portal
    • marvisClient
    AccessType string
    if type==marvisClient. enum: wireless, wireless+wired
    AdditionalCacerts []string
    Optional list of additional CA certificates to be used
    AdditionalNacServerNames []string
    Optional list of additional NAC server names
    CertExpireTime int
    In days
    EapType string
    enum: wpa2, wpa3
    EnableTelemetry bool
    Model, version, fingering, events (connecting, disconnect, roaming), which ap
    ExpiryNotificationTime int
    In days
    Name string
    NotifyExpiry bool
    phase 2
    OrgId string
    Portal NacPortalPortalArgs
    Guest portal configuration when type==guestPortal. If

    • auth==none, the user is presented with a terms of service and can click and continue.
    • auth==external, the user is redirected to an external URL for authentication.
    • auth==multi, the user is presented with a choice of authentication methods:
      • social logins: facebook / google / amazon / microsoft / azure
      • sponsor
      • sms: supported provider: twillio
      • email
      • sso
      • userpass: pre created guest list
    Ssid string
    Sso NacPortalSsoArgs
    Tos string
    Type string
    enum:

    • guestAdmin: NAC-Based Portal Admin for Pre Created Guest Authentication
    • guestPortal: NAC-Based Guest Portal
    • marvisClient
    accessType String
    if type==marvisClient. enum: wireless, wireless+wired
    additionalCacerts List<String>
    Optional list of additional CA certificates to be used
    additionalNacServerNames List<String>
    Optional list of additional NAC server names
    certExpireTime Integer
    In days
    eapType String
    enum: wpa2, wpa3
    enableTelemetry Boolean
    Model, version, fingering, events (connecting, disconnect, roaming), which ap
    expiryNotificationTime Integer
    In days
    name String
    notifyExpiry Boolean
    phase 2
    orgId String
    portal NacPortalPortal
    Guest portal configuration when type==guestPortal. If

    • auth==none, the user is presented with a terms of service and can click and continue.
    • auth==external, the user is redirected to an external URL for authentication.
    • auth==multi, the user is presented with a choice of authentication methods:
      • social logins: facebook / google / amazon / microsoft / azure
      • sponsor
      • sms: supported provider: twillio
      • email
      • sso
      • userpass: pre created guest list
    ssid String
    sso NacPortalSso
    tos String
    type String
    enum:

    • guestAdmin: NAC-Based Portal Admin for Pre Created Guest Authentication
    • guestPortal: NAC-Based Guest Portal
    • marvisClient
    accessType string
    if type==marvisClient. enum: wireless, wireless+wired
    additionalCacerts string[]
    Optional list of additional CA certificates to be used
    additionalNacServerNames string[]
    Optional list of additional NAC server names
    certExpireTime number
    In days
    eapType string
    enum: wpa2, wpa3
    enableTelemetry boolean
    Model, version, fingering, events (connecting, disconnect, roaming), which ap
    expiryNotificationTime number
    In days
    name string
    notifyExpiry boolean
    phase 2
    orgId string
    portal NacPortalPortal
    Guest portal configuration when type==guestPortal. If

    • auth==none, the user is presented with a terms of service and can click and continue.
    • auth==external, the user is redirected to an external URL for authentication.
    • auth==multi, the user is presented with a choice of authentication methods:
      • social logins: facebook / google / amazon / microsoft / azure
      • sponsor
      • sms: supported provider: twillio
      • email
      • sso
      • userpass: pre created guest list
    ssid string
    sso NacPortalSso
    tos string
    type string
    enum:

    • guestAdmin: NAC-Based Portal Admin for Pre Created Guest Authentication
    • guestPortal: NAC-Based Guest Portal
    • marvisClient
    access_type str
    if type==marvisClient. enum: wireless, wireless+wired
    additional_cacerts Sequence[str]
    Optional list of additional CA certificates to be used
    additional_nac_server_names Sequence[str]
    Optional list of additional NAC server names
    cert_expire_time int
    In days
    eap_type str
    enum: wpa2, wpa3
    enable_telemetry bool
    Model, version, fingering, events (connecting, disconnect, roaming), which ap
    expiry_notification_time int
    In days
    name str
    notify_expiry bool
    phase 2
    org_id str
    portal NacPortalPortalArgs
    Guest portal configuration when type==guestPortal. If

    • auth==none, the user is presented with a terms of service and can click and continue.
    • auth==external, the user is redirected to an external URL for authentication.
    • auth==multi, the user is presented with a choice of authentication methods:
      • social logins: facebook / google / amazon / microsoft / azure
      • sponsor
      • sms: supported provider: twillio
      • email
      • sso
      • userpass: pre created guest list
    ssid str
    sso NacPortalSsoArgs
    tos str
    type str
    enum:

    • guestAdmin: NAC-Based Portal Admin for Pre Created Guest Authentication
    • guestPortal: NAC-Based Guest Portal
    • marvisClient
    accessType String
    if type==marvisClient. enum: wireless, wireless+wired
    additionalCacerts List<String>
    Optional list of additional CA certificates to be used
    additionalNacServerNames List<String>
    Optional list of additional NAC server names
    certExpireTime Number
    In days
    eapType String
    enum: wpa2, wpa3
    enableTelemetry Boolean
    Model, version, fingering, events (connecting, disconnect, roaming), which ap
    expiryNotificationTime Number
    In days
    name String
    notifyExpiry Boolean
    phase 2
    orgId String
    portal Property Map
    Guest portal configuration when type==guestPortal. If

    • auth==none, the user is presented with a terms of service and can click and continue.
    • auth==external, the user is redirected to an external URL for authentication.
    • auth==multi, the user is presented with a choice of authentication methods:
      • social logins: facebook / google / amazon / microsoft / azure
      • sponsor
      • sms: supported provider: twillio
      • email
      • sso
      • userpass: pre created guest list
    ssid String
    sso Property Map
    tos String
    type String
    enum:

    • guestAdmin: NAC-Based Portal Admin for Pre Created Guest Authentication
    • guestPortal: NAC-Based Guest Portal
    • marvisClient

    Supporting Types

    NacPortalPortal, NacPortalPortalArgs

    Auth string
    Guest portal authentication type. enum: external, multi, none
    Expire int
    If auth==none or auth==multi, whether to expire the guest after a certain time
    ExternalPortalUrl string
    If auth==external, the URL to redirect the user to for authentication
    ForceReconnect bool
    Disconnect client (workaround for reauth issues)
    Forward bool
    If auth==none or auth==multi, whether to forward the user to the guest portal after authentication
    ForwardUrl string
    If auth==none or auth==multi, URL to forward the user to after authentication
    MaxNumDevices int
    Maximum number of clients allowed per guest. 0 (default, unlimited), 1-100 range
    Privacy bool
    If auth==none or auth==multi, whether to show the privacy policy
    Auth string
    Guest portal authentication type. enum: external, multi, none
    Expire int
    If auth==none or auth==multi, whether to expire the guest after a certain time
    ExternalPortalUrl string
    If auth==external, the URL to redirect the user to for authentication
    ForceReconnect bool
    Disconnect client (workaround for reauth issues)
    Forward bool
    If auth==none or auth==multi, whether to forward the user to the guest portal after authentication
    ForwardUrl string
    If auth==none or auth==multi, URL to forward the user to after authentication
    MaxNumDevices int
    Maximum number of clients allowed per guest. 0 (default, unlimited), 1-100 range
    Privacy bool
    If auth==none or auth==multi, whether to show the privacy policy
    auth String
    Guest portal authentication type. enum: external, multi, none
    expire Integer
    If auth==none or auth==multi, whether to expire the guest after a certain time
    externalPortalUrl String
    If auth==external, the URL to redirect the user to for authentication
    forceReconnect Boolean
    Disconnect client (workaround for reauth issues)
    forward Boolean
    If auth==none or auth==multi, whether to forward the user to the guest portal after authentication
    forwardUrl String
    If auth==none or auth==multi, URL to forward the user to after authentication
    maxNumDevices Integer
    Maximum number of clients allowed per guest. 0 (default, unlimited), 1-100 range
    privacy Boolean
    If auth==none or auth==multi, whether to show the privacy policy
    auth string
    Guest portal authentication type. enum: external, multi, none
    expire number
    If auth==none or auth==multi, whether to expire the guest after a certain time
    externalPortalUrl string
    If auth==external, the URL to redirect the user to for authentication
    forceReconnect boolean
    Disconnect client (workaround for reauth issues)
    forward boolean
    If auth==none or auth==multi, whether to forward the user to the guest portal after authentication
    forwardUrl string
    If auth==none or auth==multi, URL to forward the user to after authentication
    maxNumDevices number
    Maximum number of clients allowed per guest. 0 (default, unlimited), 1-100 range
    privacy boolean
    If auth==none or auth==multi, whether to show the privacy policy
    auth str
    Guest portal authentication type. enum: external, multi, none
    expire int
    If auth==none or auth==multi, whether to expire the guest after a certain time
    external_portal_url str
    If auth==external, the URL to redirect the user to for authentication
    force_reconnect bool
    Disconnect client (workaround for reauth issues)
    forward bool
    If auth==none or auth==multi, whether to forward the user to the guest portal after authentication
    forward_url str
    If auth==none or auth==multi, URL to forward the user to after authentication
    max_num_devices int
    Maximum number of clients allowed per guest. 0 (default, unlimited), 1-100 range
    privacy bool
    If auth==none or auth==multi, whether to show the privacy policy
    auth String
    Guest portal authentication type. enum: external, multi, none
    expire Number
    If auth==none or auth==multi, whether to expire the guest after a certain time
    externalPortalUrl String
    If auth==external, the URL to redirect the user to for authentication
    forceReconnect Boolean
    Disconnect client (workaround for reauth issues)
    forward Boolean
    If auth==none or auth==multi, whether to forward the user to the guest portal after authentication
    forwardUrl String
    If auth==none or auth==multi, URL to forward the user to after authentication
    maxNumDevices Number
    Maximum number of clients allowed per guest. 0 (default, unlimited), 1-100 range
    privacy Boolean
    If auth==none or auth==multi, whether to show the privacy policy

    NacPortalSso, NacPortalSsoArgs

    IdpCert string
    IdpSignAlgo string
    Signing algorithm for SAML Assertion. enum: sha1, sha256, sha384, sha512.
    IdpSsoUrl string
    Issuer string
    NameidFormat string
    SsoRoleMatchings List<Pulumi.JuniperMist.Org.Inputs.NacPortalSsoSsoRoleMatching>
    UseSsoRoleForCert bool
    If it's desired to inject a role into Cert's Subject (so it can be used later on in policy)
    IdpCert string
    IdpSignAlgo string
    Signing algorithm for SAML Assertion. enum: sha1, sha256, sha384, sha512.
    IdpSsoUrl string
    Issuer string
    NameidFormat string
    SsoRoleMatchings []NacPortalSsoSsoRoleMatching
    UseSsoRoleForCert bool
    If it's desired to inject a role into Cert's Subject (so it can be used later on in policy)
    idpCert String
    idpSignAlgo String
    Signing algorithm for SAML Assertion. enum: sha1, sha256, sha384, sha512.
    idpSsoUrl String
    issuer String
    nameidFormat String
    ssoRoleMatchings List<NacPortalSsoSsoRoleMatching>
    useSsoRoleForCert Boolean
    If it's desired to inject a role into Cert's Subject (so it can be used later on in policy)
    idpCert string
    idpSignAlgo string
    Signing algorithm for SAML Assertion. enum: sha1, sha256, sha384, sha512.
    idpSsoUrl string
    issuer string
    nameidFormat string
    ssoRoleMatchings NacPortalSsoSsoRoleMatching[]
    useSsoRoleForCert boolean
    If it's desired to inject a role into Cert's Subject (so it can be used later on in policy)
    idp_cert str
    idp_sign_algo str
    Signing algorithm for SAML Assertion. enum: sha1, sha256, sha384, sha512.
    idp_sso_url str
    issuer str
    nameid_format str
    sso_role_matchings Sequence[NacPortalSsoSsoRoleMatching]
    use_sso_role_for_cert bool
    If it's desired to inject a role into Cert's Subject (so it can be used later on in policy)
    idpCert String
    idpSignAlgo String
    Signing algorithm for SAML Assertion. enum: sha1, sha256, sha384, sha512.
    idpSsoUrl String
    issuer String
    nameidFormat String
    ssoRoleMatchings List<Property Map>
    useSsoRoleForCert Boolean
    If it's desired to inject a role into Cert's Subject (so it can be used later on in policy)

    NacPortalSsoSsoRoleMatching, NacPortalSsoSsoRoleMatchingArgs

    Assigned string
    Match string
    Assigned string
    Match string
    assigned String
    match String
    assigned string
    match string
    assigned String
    match String

    Package Details

    Repository
    junipermist pulumi/pulumi-junipermist
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the mist Terraform Provider.
    junipermist logo
    Viewing docs for Juniper Mist v0.8.2
    published on Thursday, Apr 16, 2026 by Pulumi
    Schema (JSON)
    pulumi/pulumi-junipermist
      Try Pulumi Cloud free. Your team will thank you.