Viewing docs for Juniper Mist v0.8.1
published on Thursday, Apr 2, 2026 by Pulumi
published on Thursday, Apr 2, 2026 by Pulumi
Viewing docs for Juniper Mist v0.8.1
published on Thursday, Apr 2, 2026 by Pulumi
published on Thursday, Apr 2, 2026 by Pulumi
This resource manages Org NAC Portals.
NAC Portal configuration defines the authentication portal for network access control.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as junipermist from "@pulumi/juniper-mist";
const guestPortal = new junipermist.org.NacPortal("guest_portal", {
orgId: terraformTest.id,
name: "Guest Portal",
type: "marvis_client",
accessType: "wireless+wired",
ssid: "Guest-Network",
certExpireTime: 365,
eapType: "wpa3",
enableTelemetry: true,
expiryNotificationTime: 30,
notifyExpiry: true,
tos: "By using this network, you agree to our terms of service and privacy policy.",
additionalCacerts: [`-----BEGIN CERTIFICATE-----
MIIC...certificate...content
-----END CERTIFICATE-----`],
additionalNacServerNames: [
"nac1.example.com",
"nac2.example.com",
],
portal: {
auth: "multi",
expire: 43200,
externalPortalUrl: "https://portal.example.com/external",
forceReconnect: false,
forward: true,
forwardUrl: "https://example.com/portal/welcome",
maxNumDevices: 10,
privacy: true,
},
sso: {
idpCert: `-----BEGIN CERTIFICATE-----
MIIC...idp...cert
-----END CERTIFICATE-----`,
idpSignAlgo: "sha384",
idpSsoUrl: "https://idp.example.com/saml/sso",
issuer: "https://idp.example.com",
nameidFormat: "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent",
useSsoRoleForCert: false,
ssoRoleMatchings: [
{
match: "Administrator",
assigned: "full-access",
},
{
match: "Manager",
assigned: "manager-access",
},
{
match: "Employee",
assigned: "employee-access",
},
{
match: "Guest",
assigned: "guest-access",
},
],
},
});
import pulumi
import pulumi_juniper_mist as junipermist
guest_portal = junipermist.org.NacPortal("guest_portal",
org_id=terraform_test["id"],
name="Guest Portal",
type="marvis_client",
access_type="wireless+wired",
ssid="Guest-Network",
cert_expire_time=365,
eap_type="wpa3",
enable_telemetry=True,
expiry_notification_time=30,
notify_expiry=True,
tos="By using this network, you agree to our terms of service and privacy policy.",
additional_cacerts=["""-----BEGIN CERTIFICATE-----
MIIC...certificate...content
-----END CERTIFICATE-----"""],
additional_nac_server_names=[
"nac1.example.com",
"nac2.example.com",
],
portal={
"auth": "multi",
"expire": 43200,
"external_portal_url": "https://portal.example.com/external",
"force_reconnect": False,
"forward": True,
"forward_url": "https://example.com/portal/welcome",
"max_num_devices": 10,
"privacy": True,
},
sso={
"idp_cert": """-----BEGIN CERTIFICATE-----
MIIC...idp...cert
-----END CERTIFICATE-----""",
"idp_sign_algo": "sha384",
"idp_sso_url": "https://idp.example.com/saml/sso",
"issuer": "https://idp.example.com",
"nameid_format": "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent",
"use_sso_role_for_cert": False,
"sso_role_matchings": [
{
"match": "Administrator",
"assigned": "full-access",
},
{
"match": "Manager",
"assigned": "manager-access",
},
{
"match": "Employee",
"assigned": "employee-access",
},
{
"match": "Guest",
"assigned": "guest-access",
},
],
})
package main
import (
"github.com/pulumi/pulumi-junipermist/sdk/go/junipermist/org"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := org.NewNacPortal(ctx, "guest_portal", &org.NacPortalArgs{
OrgId: pulumi.Any(terraformTest.Id),
Name: pulumi.String("Guest Portal"),
Type: pulumi.String("marvis_client"),
AccessType: pulumi.String("wireless+wired"),
Ssid: pulumi.String("Guest-Network"),
CertExpireTime: pulumi.Int(365),
EapType: pulumi.String("wpa3"),
EnableTelemetry: pulumi.Bool(true),
ExpiryNotificationTime: pulumi.Int(30),
NotifyExpiry: pulumi.Bool(true),
Tos: pulumi.String("By using this network, you agree to our terms of service and privacy policy."),
AdditionalCacerts: pulumi.StringArray{
pulumi.String("-----BEGIN CERTIFICATE-----\nMIIC...certificate...content\n-----END CERTIFICATE-----"),
},
AdditionalNacServerNames: pulumi.StringArray{
pulumi.String("nac1.example.com"),
pulumi.String("nac2.example.com"),
},
Portal: &org.NacPortalPortalArgs{
Auth: pulumi.String("multi"),
Expire: pulumi.Int(43200),
ExternalPortalUrl: pulumi.String("https://portal.example.com/external"),
ForceReconnect: pulumi.Bool(false),
Forward: pulumi.Bool(true),
ForwardUrl: pulumi.String("https://example.com/portal/welcome"),
MaxNumDevices: pulumi.Int(10),
Privacy: pulumi.Bool(true),
},
Sso: &org.NacPortalSsoArgs{
IdpCert: pulumi.String("-----BEGIN CERTIFICATE-----\nMIIC...idp...cert\n-----END CERTIFICATE-----"),
IdpSignAlgo: pulumi.String("sha384"),
IdpSsoUrl: pulumi.String("https://idp.example.com/saml/sso"),
Issuer: pulumi.String("https://idp.example.com"),
NameidFormat: pulumi.String("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"),
UseSsoRoleForCert: pulumi.Bool(false),
SsoRoleMatchings: org.NacPortalSsoSsoRoleMatchingArray{
&org.NacPortalSsoSsoRoleMatchingArgs{
Match: pulumi.String("Administrator"),
Assigned: pulumi.String("full-access"),
},
&org.NacPortalSsoSsoRoleMatchingArgs{
Match: pulumi.String("Manager"),
Assigned: pulumi.String("manager-access"),
},
&org.NacPortalSsoSsoRoleMatchingArgs{
Match: pulumi.String("Employee"),
Assigned: pulumi.String("employee-access"),
},
&org.NacPortalSsoSsoRoleMatchingArgs{
Match: pulumi.String("Guest"),
Assigned: pulumi.String("guest-access"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using JuniperMist = Pulumi.JuniperMist;
return await Deployment.RunAsync(() =>
{
var guestPortal = new JuniperMist.Org.NacPortal("guest_portal", new()
{
OrgId = terraformTest.Id,
Name = "Guest Portal",
Type = "marvis_client",
AccessType = "wireless+wired",
Ssid = "Guest-Network",
CertExpireTime = 365,
EapType = "wpa3",
EnableTelemetry = true,
ExpiryNotificationTime = 30,
NotifyExpiry = true,
Tos = "By using this network, you agree to our terms of service and privacy policy.",
AdditionalCacerts = new[]
{
@"-----BEGIN CERTIFICATE-----
MIIC...certificate...content
-----END CERTIFICATE-----",
},
AdditionalNacServerNames = new[]
{
"nac1.example.com",
"nac2.example.com",
},
Portal = new JuniperMist.Org.Inputs.NacPortalPortalArgs
{
Auth = "multi",
Expire = 43200,
ExternalPortalUrl = "https://portal.example.com/external",
ForceReconnect = false,
Forward = true,
ForwardUrl = "https://example.com/portal/welcome",
MaxNumDevices = 10,
Privacy = true,
},
Sso = new JuniperMist.Org.Inputs.NacPortalSsoArgs
{
IdpCert = @"-----BEGIN CERTIFICATE-----
MIIC...idp...cert
-----END CERTIFICATE-----",
IdpSignAlgo = "sha384",
IdpSsoUrl = "https://idp.example.com/saml/sso",
Issuer = "https://idp.example.com",
NameidFormat = "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent",
UseSsoRoleForCert = false,
SsoRoleMatchings = new[]
{
new JuniperMist.Org.Inputs.NacPortalSsoSsoRoleMatchingArgs
{
Match = "Administrator",
Assigned = "full-access",
},
new JuniperMist.Org.Inputs.NacPortalSsoSsoRoleMatchingArgs
{
Match = "Manager",
Assigned = "manager-access",
},
new JuniperMist.Org.Inputs.NacPortalSsoSsoRoleMatchingArgs
{
Match = "Employee",
Assigned = "employee-access",
},
new JuniperMist.Org.Inputs.NacPortalSsoSsoRoleMatchingArgs
{
Match = "Guest",
Assigned = "guest-access",
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.junipermist.org.NacPortal;
import com.pulumi.junipermist.org.NacPortalArgs;
import com.pulumi.junipermist.org.inputs.NacPortalPortalArgs;
import com.pulumi.junipermist.org.inputs.NacPortalSsoArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var guestPortal = new NacPortal("guestPortal", NacPortalArgs.builder()
.orgId(terraformTest.id())
.name("Guest Portal")
.type("marvis_client")
.accessType("wireless+wired")
.ssid("Guest-Network")
.certExpireTime(365)
.eapType("wpa3")
.enableTelemetry(true)
.expiryNotificationTime(30)
.notifyExpiry(true)
.tos("By using this network, you agree to our terms of service and privacy policy.")
.additionalCacerts("""
-----BEGIN CERTIFICATE-----
MIIC...certificate...content
-----END CERTIFICATE----- """)
.additionalNacServerNames(
"nac1.example.com",
"nac2.example.com")
.portal(NacPortalPortalArgs.builder()
.auth("multi")
.expire(43200)
.externalPortalUrl("https://portal.example.com/external")
.forceReconnect(false)
.forward(true)
.forwardUrl("https://example.com/portal/welcome")
.maxNumDevices(10)
.privacy(true)
.build())
.sso(NacPortalSsoArgs.builder()
.idpCert("""
-----BEGIN CERTIFICATE-----
MIIC...idp...cert
-----END CERTIFICATE----- """)
.idpSignAlgo("sha384")
.idpSsoUrl("https://idp.example.com/saml/sso")
.issuer("https://idp.example.com")
.nameidFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent")
.useSsoRoleForCert(false)
.ssoRoleMatchings(
NacPortalSsoSsoRoleMatchingArgs.builder()
.match("Administrator")
.assigned("full-access")
.build(),
NacPortalSsoSsoRoleMatchingArgs.builder()
.match("Manager")
.assigned("manager-access")
.build(),
NacPortalSsoSsoRoleMatchingArgs.builder()
.match("Employee")
.assigned("employee-access")
.build(),
NacPortalSsoSsoRoleMatchingArgs.builder()
.match("Guest")
.assigned("guest-access")
.build())
.build())
.build());
}
}
resources:
guestPortal:
type: junipermist:org:NacPortal
name: guest_portal
properties:
orgId: ${terraformTest.id}
name: Guest Portal
type: marvis_client
accessType: wireless+wired
ssid: Guest-Network
certExpireTime: 365
eapType: wpa3
enableTelemetry: true
expiryNotificationTime: 30
notifyExpiry: true
tos: By using this network, you agree to our terms of service and privacy policy.
additionalCacerts:
- |-
-----BEGIN CERTIFICATE-----
MIIC...certificate...content
-----END CERTIFICATE-----
additionalNacServerNames:
- nac1.example.com
- nac2.example.com
portal:
auth: multi
expire: 43200
externalPortalUrl: https://portal.example.com/external
forceReconnect: false
forward: true
forwardUrl: https://example.com/portal/welcome
maxNumDevices: 10
privacy: true
sso:
idpCert: |-
-----BEGIN CERTIFICATE-----
MIIC...idp...cert
-----END CERTIFICATE-----
idpSignAlgo: sha384
idpSsoUrl: https://idp.example.com/saml/sso
issuer: https://idp.example.com
nameidFormat: urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
useSsoRoleForCert: false
ssoRoleMatchings:
- match: Administrator
assigned: full-access
- match: Manager
assigned: manager-access
- match: Employee
assigned: employee-access
- match: Guest
assigned: guest-access
Create NacPortal Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new NacPortal(name: string, args: NacPortalArgs, opts?: CustomResourceOptions);@overload
def NacPortal(resource_name: str,
args: NacPortalArgs,
opts: Optional[ResourceOptions] = None)
@overload
def NacPortal(resource_name: str,
opts: Optional[ResourceOptions] = None,
org_id: Optional[str] = None,
cert_expire_time: Optional[int] = None,
notify_expiry: Optional[bool] = None,
access_type: Optional[str] = None,
eap_type: Optional[str] = None,
enable_telemetry: Optional[bool] = None,
expiry_notification_time: Optional[int] = None,
name: Optional[str] = None,
additional_nac_server_names: Optional[Sequence[str]] = None,
additional_cacerts: Optional[Sequence[str]] = None,
portal: Optional[NacPortalPortalArgs] = None,
ssid: Optional[str] = None,
sso: Optional[NacPortalSsoArgs] = None,
tos: Optional[str] = None,
type: Optional[str] = None)func NewNacPortal(ctx *Context, name string, args NacPortalArgs, opts ...ResourceOption) (*NacPortal, error)public NacPortal(string name, NacPortalArgs args, CustomResourceOptions? opts = null)
public NacPortal(String name, NacPortalArgs args)
public NacPortal(String name, NacPortalArgs args, CustomResourceOptions options)
type: junipermist:org:NacPortal
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args NacPortalArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args NacPortalArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args NacPortalArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args NacPortalArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args NacPortalArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var nacPortalResource = new JuniperMist.Org.NacPortal("nacPortalResource", new()
{
OrgId = "string",
CertExpireTime = 0,
NotifyExpiry = false,
AccessType = "string",
EapType = "string",
EnableTelemetry = false,
ExpiryNotificationTime = 0,
Name = "string",
AdditionalNacServerNames = new[]
{
"string",
},
AdditionalCacerts = new[]
{
"string",
},
Portal = new JuniperMist.Org.Inputs.NacPortalPortalArgs
{
Auth = "string",
Expire = 0,
ExternalPortalUrl = "string",
ForceReconnect = false,
Forward = false,
ForwardUrl = "string",
MaxNumDevices = 0,
Privacy = false,
},
Ssid = "string",
Sso = new JuniperMist.Org.Inputs.NacPortalSsoArgs
{
IdpCert = "string",
IdpSignAlgo = "string",
IdpSsoUrl = "string",
Issuer = "string",
NameidFormat = "string",
SsoRoleMatchings = new[]
{
new JuniperMist.Org.Inputs.NacPortalSsoSsoRoleMatchingArgs
{
Assigned = "string",
Match = "string",
},
},
UseSsoRoleForCert = false,
},
Tos = "string",
Type = "string",
});
example, err := org.NewNacPortal(ctx, "nacPortalResource", &org.NacPortalArgs{
OrgId: pulumi.String("string"),
CertExpireTime: pulumi.Int(0),
NotifyExpiry: pulumi.Bool(false),
AccessType: pulumi.String("string"),
EapType: pulumi.String("string"),
EnableTelemetry: pulumi.Bool(false),
ExpiryNotificationTime: pulumi.Int(0),
Name: pulumi.String("string"),
AdditionalNacServerNames: pulumi.StringArray{
pulumi.String("string"),
},
AdditionalCacerts: pulumi.StringArray{
pulumi.String("string"),
},
Portal: &org.NacPortalPortalArgs{
Auth: pulumi.String("string"),
Expire: pulumi.Int(0),
ExternalPortalUrl: pulumi.String("string"),
ForceReconnect: pulumi.Bool(false),
Forward: pulumi.Bool(false),
ForwardUrl: pulumi.String("string"),
MaxNumDevices: pulumi.Int(0),
Privacy: pulumi.Bool(false),
},
Ssid: pulumi.String("string"),
Sso: &org.NacPortalSsoArgs{
IdpCert: pulumi.String("string"),
IdpSignAlgo: pulumi.String("string"),
IdpSsoUrl: pulumi.String("string"),
Issuer: pulumi.String("string"),
NameidFormat: pulumi.String("string"),
SsoRoleMatchings: org.NacPortalSsoSsoRoleMatchingArray{
&org.NacPortalSsoSsoRoleMatchingArgs{
Assigned: pulumi.String("string"),
Match: pulumi.String("string"),
},
},
UseSsoRoleForCert: pulumi.Bool(false),
},
Tos: pulumi.String("string"),
Type: pulumi.String("string"),
})
var nacPortalResource = new NacPortal("nacPortalResource", NacPortalArgs.builder()
.orgId("string")
.certExpireTime(0)
.notifyExpiry(false)
.accessType("string")
.eapType("string")
.enableTelemetry(false)
.expiryNotificationTime(0)
.name("string")
.additionalNacServerNames("string")
.additionalCacerts("string")
.portal(NacPortalPortalArgs.builder()
.auth("string")
.expire(0)
.externalPortalUrl("string")
.forceReconnect(false)
.forward(false)
.forwardUrl("string")
.maxNumDevices(0)
.privacy(false)
.build())
.ssid("string")
.sso(NacPortalSsoArgs.builder()
.idpCert("string")
.idpSignAlgo("string")
.idpSsoUrl("string")
.issuer("string")
.nameidFormat("string")
.ssoRoleMatchings(NacPortalSsoSsoRoleMatchingArgs.builder()
.assigned("string")
.match("string")
.build())
.useSsoRoleForCert(false)
.build())
.tos("string")
.type("string")
.build());
nac_portal_resource = junipermist.org.NacPortal("nacPortalResource",
org_id="string",
cert_expire_time=0,
notify_expiry=False,
access_type="string",
eap_type="string",
enable_telemetry=False,
expiry_notification_time=0,
name="string",
additional_nac_server_names=["string"],
additional_cacerts=["string"],
portal={
"auth": "string",
"expire": 0,
"external_portal_url": "string",
"force_reconnect": False,
"forward": False,
"forward_url": "string",
"max_num_devices": 0,
"privacy": False,
},
ssid="string",
sso={
"idp_cert": "string",
"idp_sign_algo": "string",
"idp_sso_url": "string",
"issuer": "string",
"nameid_format": "string",
"sso_role_matchings": [{
"assigned": "string",
"match": "string",
}],
"use_sso_role_for_cert": False,
},
tos="string",
type="string")
const nacPortalResource = new junipermist.org.NacPortal("nacPortalResource", {
orgId: "string",
certExpireTime: 0,
notifyExpiry: false,
accessType: "string",
eapType: "string",
enableTelemetry: false,
expiryNotificationTime: 0,
name: "string",
additionalNacServerNames: ["string"],
additionalCacerts: ["string"],
portal: {
auth: "string",
expire: 0,
externalPortalUrl: "string",
forceReconnect: false,
forward: false,
forwardUrl: "string",
maxNumDevices: 0,
privacy: false,
},
ssid: "string",
sso: {
idpCert: "string",
idpSignAlgo: "string",
idpSsoUrl: "string",
issuer: "string",
nameidFormat: "string",
ssoRoleMatchings: [{
assigned: "string",
match: "string",
}],
useSsoRoleForCert: false,
},
tos: "string",
type: "string",
});
type: junipermist:org:NacPortal
properties:
accessType: string
additionalCacerts:
- string
additionalNacServerNames:
- string
certExpireTime: 0
eapType: string
enableTelemetry: false
expiryNotificationTime: 0
name: string
notifyExpiry: false
orgId: string
portal:
auth: string
expire: 0
externalPortalUrl: string
forceReconnect: false
forward: false
forwardUrl: string
maxNumDevices: 0
privacy: false
ssid: string
sso:
idpCert: string
idpSignAlgo: string
idpSsoUrl: string
issuer: string
nameidFormat: string
ssoRoleMatchings:
- assigned: string
match: string
useSsoRoleForCert: false
tos: string
type: string
NacPortal Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The NacPortal resource accepts the following input properties:
- Org
Id string - Access
Type string - if
type==marvisClient. enum:wireless,wireless+wired - Additional
Cacerts List<string> - Optional list of additional CA certificates to be used
- Additional
Nac List<string>Server Names - Optional list of additional NAC server names
- Cert
Expire intTime - In days
- Eap
Type string - enum:
wpa2,wpa3 - Enable
Telemetry bool - Model, version, fingering, events (connecting, disconnect, roaming), which ap
- Expiry
Notification intTime - In days
- Name string
- Notify
Expiry bool - phase 2
- Portal
Pulumi.
Juniper Mist. Org. Inputs. Nac Portal Portal - Guest portal configuration when
type==guestPortal. Ifauth==none, the user is presented with a terms of service and can click and continue.auth==external, the user is redirected to an external URL for authentication.auth==multi, the user is presented with a choice of authentication methods:- social logins: facebook / google / amazon / microsoft / azure
- sponsor
- sms: supported provider: twillio
- sso
- userpass: pre created guest list
- Ssid string
- Sso
Pulumi.
Juniper Mist. Org. Inputs. Nac Portal Sso - Tos string
- Type string
- enum:
guestAdmin: NAC-Based Portal Admin for Pre Created Guest AuthenticationguestPortal: NAC-Based Guest PortalmarvisClient
- Org
Id string - Access
Type string - if
type==marvisClient. enum:wireless,wireless+wired - Additional
Cacerts []string - Optional list of additional CA certificates to be used
- Additional
Nac []stringServer Names - Optional list of additional NAC server names
- Cert
Expire intTime - In days
- Eap
Type string - enum:
wpa2,wpa3 - Enable
Telemetry bool - Model, version, fingering, events (connecting, disconnect, roaming), which ap
- Expiry
Notification intTime - In days
- Name string
- Notify
Expiry bool - phase 2
- Portal
Nac
Portal Portal Args - Guest portal configuration when
type==guestPortal. Ifauth==none, the user is presented with a terms of service and can click and continue.auth==external, the user is redirected to an external URL for authentication.auth==multi, the user is presented with a choice of authentication methods:- social logins: facebook / google / amazon / microsoft / azure
- sponsor
- sms: supported provider: twillio
- sso
- userpass: pre created guest list
- Ssid string
- Sso
Nac
Portal Sso Args - Tos string
- Type string
- enum:
guestAdmin: NAC-Based Portal Admin for Pre Created Guest AuthenticationguestPortal: NAC-Based Guest PortalmarvisClient
- org
Id String - access
Type String - if
type==marvisClient. enum:wireless,wireless+wired - additional
Cacerts List<String> - Optional list of additional CA certificates to be used
- additional
Nac List<String>Server Names - Optional list of additional NAC server names
- cert
Expire IntegerTime - In days
- eap
Type String - enum:
wpa2,wpa3 - enable
Telemetry Boolean - Model, version, fingering, events (connecting, disconnect, roaming), which ap
- expiry
Notification IntegerTime - In days
- name String
- notify
Expiry Boolean - phase 2
- portal
Nac
Portal Portal - Guest portal configuration when
type==guestPortal. Ifauth==none, the user is presented with a terms of service and can click and continue.auth==external, the user is redirected to an external URL for authentication.auth==multi, the user is presented with a choice of authentication methods:- social logins: facebook / google / amazon / microsoft / azure
- sponsor
- sms: supported provider: twillio
- sso
- userpass: pre created guest list
- ssid String
- sso
Nac
Portal Sso - tos String
- type String
- enum:
guestAdmin: NAC-Based Portal Admin for Pre Created Guest AuthenticationguestPortal: NAC-Based Guest PortalmarvisClient
- org
Id string - access
Type string - if
type==marvisClient. enum:wireless,wireless+wired - additional
Cacerts string[] - Optional list of additional CA certificates to be used
- additional
Nac string[]Server Names - Optional list of additional NAC server names
- cert
Expire numberTime - In days
- eap
Type string - enum:
wpa2,wpa3 - enable
Telemetry boolean - Model, version, fingering, events (connecting, disconnect, roaming), which ap
- expiry
Notification numberTime - In days
- name string
- notify
Expiry boolean - phase 2
- portal
Nac
Portal Portal - Guest portal configuration when
type==guestPortal. Ifauth==none, the user is presented with a terms of service and can click and continue.auth==external, the user is redirected to an external URL for authentication.auth==multi, the user is presented with a choice of authentication methods:- social logins: facebook / google / amazon / microsoft / azure
- sponsor
- sms: supported provider: twillio
- sso
- userpass: pre created guest list
- ssid string
- sso
Nac
Portal Sso - tos string
- type string
- enum:
guestAdmin: NAC-Based Portal Admin for Pre Created Guest AuthenticationguestPortal: NAC-Based Guest PortalmarvisClient
- org_
id str - access_
type str - if
type==marvisClient. enum:wireless,wireless+wired - additional_
cacerts Sequence[str] - Optional list of additional CA certificates to be used
- additional_
nac_ Sequence[str]server_ names - Optional list of additional NAC server names
- cert_
expire_ inttime - In days
- eap_
type str - enum:
wpa2,wpa3 - enable_
telemetry bool - Model, version, fingering, events (connecting, disconnect, roaming), which ap
- expiry_
notification_ inttime - In days
- name str
- notify_
expiry bool - phase 2
- portal
Nac
Portal Portal Args - Guest portal configuration when
type==guestPortal. Ifauth==none, the user is presented with a terms of service and can click and continue.auth==external, the user is redirected to an external URL for authentication.auth==multi, the user is presented with a choice of authentication methods:- social logins: facebook / google / amazon / microsoft / azure
- sponsor
- sms: supported provider: twillio
- sso
- userpass: pre created guest list
- ssid str
- sso
Nac
Portal Sso Args - tos str
- type str
- enum:
guestAdmin: NAC-Based Portal Admin for Pre Created Guest AuthenticationguestPortal: NAC-Based Guest PortalmarvisClient
- org
Id String - access
Type String - if
type==marvisClient. enum:wireless,wireless+wired - additional
Cacerts List<String> - Optional list of additional CA certificates to be used
- additional
Nac List<String>Server Names - Optional list of additional NAC server names
- cert
Expire NumberTime - In days
- eap
Type String - enum:
wpa2,wpa3 - enable
Telemetry Boolean - Model, version, fingering, events (connecting, disconnect, roaming), which ap
- expiry
Notification NumberTime - In days
- name String
- notify
Expiry Boolean - phase 2
- portal Property Map
- Guest portal configuration when
type==guestPortal. Ifauth==none, the user is presented with a terms of service and can click and continue.auth==external, the user is redirected to an external URL for authentication.auth==multi, the user is presented with a choice of authentication methods:- social logins: facebook / google / amazon / microsoft / azure
- sponsor
- sms: supported provider: twillio
- sso
- userpass: pre created guest list
- ssid String
- sso Property Map
- tos String
- type String
- enum:
guestAdmin: NAC-Based Portal Admin for Pre Created Guest AuthenticationguestPortal: NAC-Based Guest PortalmarvisClient
Outputs
All input properties are implicitly available as output properties. Additionally, the NacPortal resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing NacPortal Resource
Get an existing NacPortal resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: NacPortalState, opts?: CustomResourceOptions): NacPortal@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
access_type: Optional[str] = None,
additional_cacerts: Optional[Sequence[str]] = None,
additional_nac_server_names: Optional[Sequence[str]] = None,
cert_expire_time: Optional[int] = None,
eap_type: Optional[str] = None,
enable_telemetry: Optional[bool] = None,
expiry_notification_time: Optional[int] = None,
name: Optional[str] = None,
notify_expiry: Optional[bool] = None,
org_id: Optional[str] = None,
portal: Optional[NacPortalPortalArgs] = None,
ssid: Optional[str] = None,
sso: Optional[NacPortalSsoArgs] = None,
tos: Optional[str] = None,
type: Optional[str] = None) -> NacPortalfunc GetNacPortal(ctx *Context, name string, id IDInput, state *NacPortalState, opts ...ResourceOption) (*NacPortal, error)public static NacPortal Get(string name, Input<string> id, NacPortalState? state, CustomResourceOptions? opts = null)public static NacPortal get(String name, Output<String> id, NacPortalState state, CustomResourceOptions options)resources: _: type: junipermist:org:NacPortal get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Access
Type string - if
type==marvisClient. enum:wireless,wireless+wired - Additional
Cacerts List<string> - Optional list of additional CA certificates to be used
- Additional
Nac List<string>Server Names - Optional list of additional NAC server names
- Cert
Expire intTime - In days
- Eap
Type string - enum:
wpa2,wpa3 - Enable
Telemetry bool - Model, version, fingering, events (connecting, disconnect, roaming), which ap
- Expiry
Notification intTime - In days
- Name string
- Notify
Expiry bool - phase 2
- Org
Id string - Portal
Pulumi.
Juniper Mist. Org. Inputs. Nac Portal Portal - Guest portal configuration when
type==guestPortal. Ifauth==none, the user is presented with a terms of service and can click and continue.auth==external, the user is redirected to an external URL for authentication.auth==multi, the user is presented with a choice of authentication methods:- social logins: facebook / google / amazon / microsoft / azure
- sponsor
- sms: supported provider: twillio
- sso
- userpass: pre created guest list
- Ssid string
- Sso
Pulumi.
Juniper Mist. Org. Inputs. Nac Portal Sso - Tos string
- Type string
- enum:
guestAdmin: NAC-Based Portal Admin for Pre Created Guest AuthenticationguestPortal: NAC-Based Guest PortalmarvisClient
- Access
Type string - if
type==marvisClient. enum:wireless,wireless+wired - Additional
Cacerts []string - Optional list of additional CA certificates to be used
- Additional
Nac []stringServer Names - Optional list of additional NAC server names
- Cert
Expire intTime - In days
- Eap
Type string - enum:
wpa2,wpa3 - Enable
Telemetry bool - Model, version, fingering, events (connecting, disconnect, roaming), which ap
- Expiry
Notification intTime - In days
- Name string
- Notify
Expiry bool - phase 2
- Org
Id string - Portal
Nac
Portal Portal Args - Guest portal configuration when
type==guestPortal. Ifauth==none, the user is presented with a terms of service and can click and continue.auth==external, the user is redirected to an external URL for authentication.auth==multi, the user is presented with a choice of authentication methods:- social logins: facebook / google / amazon / microsoft / azure
- sponsor
- sms: supported provider: twillio
- sso
- userpass: pre created guest list
- Ssid string
- Sso
Nac
Portal Sso Args - Tos string
- Type string
- enum:
guestAdmin: NAC-Based Portal Admin for Pre Created Guest AuthenticationguestPortal: NAC-Based Guest PortalmarvisClient
- access
Type String - if
type==marvisClient. enum:wireless,wireless+wired - additional
Cacerts List<String> - Optional list of additional CA certificates to be used
- additional
Nac List<String>Server Names - Optional list of additional NAC server names
- cert
Expire IntegerTime - In days
- eap
Type String - enum:
wpa2,wpa3 - enable
Telemetry Boolean - Model, version, fingering, events (connecting, disconnect, roaming), which ap
- expiry
Notification IntegerTime - In days
- name String
- notify
Expiry Boolean - phase 2
- org
Id String - portal
Nac
Portal Portal - Guest portal configuration when
type==guestPortal. Ifauth==none, the user is presented with a terms of service and can click and continue.auth==external, the user is redirected to an external URL for authentication.auth==multi, the user is presented with a choice of authentication methods:- social logins: facebook / google / amazon / microsoft / azure
- sponsor
- sms: supported provider: twillio
- sso
- userpass: pre created guest list
- ssid String
- sso
Nac
Portal Sso - tos String
- type String
- enum:
guestAdmin: NAC-Based Portal Admin for Pre Created Guest AuthenticationguestPortal: NAC-Based Guest PortalmarvisClient
- access
Type string - if
type==marvisClient. enum:wireless,wireless+wired - additional
Cacerts string[] - Optional list of additional CA certificates to be used
- additional
Nac string[]Server Names - Optional list of additional NAC server names
- cert
Expire numberTime - In days
- eap
Type string - enum:
wpa2,wpa3 - enable
Telemetry boolean - Model, version, fingering, events (connecting, disconnect, roaming), which ap
- expiry
Notification numberTime - In days
- name string
- notify
Expiry boolean - phase 2
- org
Id string - portal
Nac
Portal Portal - Guest portal configuration when
type==guestPortal. Ifauth==none, the user is presented with a terms of service and can click and continue.auth==external, the user is redirected to an external URL for authentication.auth==multi, the user is presented with a choice of authentication methods:- social logins: facebook / google / amazon / microsoft / azure
- sponsor
- sms: supported provider: twillio
- sso
- userpass: pre created guest list
- ssid string
- sso
Nac
Portal Sso - tos string
- type string
- enum:
guestAdmin: NAC-Based Portal Admin for Pre Created Guest AuthenticationguestPortal: NAC-Based Guest PortalmarvisClient
- access_
type str - if
type==marvisClient. enum:wireless,wireless+wired - additional_
cacerts Sequence[str] - Optional list of additional CA certificates to be used
- additional_
nac_ Sequence[str]server_ names - Optional list of additional NAC server names
- cert_
expire_ inttime - In days
- eap_
type str - enum:
wpa2,wpa3 - enable_
telemetry bool - Model, version, fingering, events (connecting, disconnect, roaming), which ap
- expiry_
notification_ inttime - In days
- name str
- notify_
expiry bool - phase 2
- org_
id str - portal
Nac
Portal Portal Args - Guest portal configuration when
type==guestPortal. Ifauth==none, the user is presented with a terms of service and can click and continue.auth==external, the user is redirected to an external URL for authentication.auth==multi, the user is presented with a choice of authentication methods:- social logins: facebook / google / amazon / microsoft / azure
- sponsor
- sms: supported provider: twillio
- sso
- userpass: pre created guest list
- ssid str
- sso
Nac
Portal Sso Args - tos str
- type str
- enum:
guestAdmin: NAC-Based Portal Admin for Pre Created Guest AuthenticationguestPortal: NAC-Based Guest PortalmarvisClient
- access
Type String - if
type==marvisClient. enum:wireless,wireless+wired - additional
Cacerts List<String> - Optional list of additional CA certificates to be used
- additional
Nac List<String>Server Names - Optional list of additional NAC server names
- cert
Expire NumberTime - In days
- eap
Type String - enum:
wpa2,wpa3 - enable
Telemetry Boolean - Model, version, fingering, events (connecting, disconnect, roaming), which ap
- expiry
Notification NumberTime - In days
- name String
- notify
Expiry Boolean - phase 2
- org
Id String - portal Property Map
- Guest portal configuration when
type==guestPortal. Ifauth==none, the user is presented with a terms of service and can click and continue.auth==external, the user is redirected to an external URL for authentication.auth==multi, the user is presented with a choice of authentication methods:- social logins: facebook / google / amazon / microsoft / azure
- sponsor
- sms: supported provider: twillio
- sso
- userpass: pre created guest list
- ssid String
- sso Property Map
- tos String
- type String
- enum:
guestAdmin: NAC-Based Portal Admin for Pre Created Guest AuthenticationguestPortal: NAC-Based Guest PortalmarvisClient
Supporting Types
NacPortalPortal, NacPortalPortalArgs
- Auth string
- Guest portal authentication type. enum:
external,multi,none - Expire int
- If
auth==noneorauth==multi, whether to expire the guest after a certain time - External
Portal stringUrl - If
auth==external, the URL to redirect the user to for authentication - Force
Reconnect bool - Disconnect client (workaround for reauth issues)
- Forward bool
- If
auth==noneorauth==multi, whether to forward the user to the guest portal after authentication - Forward
Url string - If
auth==noneorauth==multi, URL to forward the user to after authentication - Max
Num intDevices - Maximum number of clients allowed per guest. 0 (default, unlimited), 1-100 range
- Privacy bool
- If
auth==noneorauth==multi, whether to show the privacy policy
- Auth string
- Guest portal authentication type. enum:
external,multi,none - Expire int
- If
auth==noneorauth==multi, whether to expire the guest after a certain time - External
Portal stringUrl - If
auth==external, the URL to redirect the user to for authentication - Force
Reconnect bool - Disconnect client (workaround for reauth issues)
- Forward bool
- If
auth==noneorauth==multi, whether to forward the user to the guest portal after authentication - Forward
Url string - If
auth==noneorauth==multi, URL to forward the user to after authentication - Max
Num intDevices - Maximum number of clients allowed per guest. 0 (default, unlimited), 1-100 range
- Privacy bool
- If
auth==noneorauth==multi, whether to show the privacy policy
- auth String
- Guest portal authentication type. enum:
external,multi,none - expire Integer
- If
auth==noneorauth==multi, whether to expire the guest after a certain time - external
Portal StringUrl - If
auth==external, the URL to redirect the user to for authentication - force
Reconnect Boolean - Disconnect client (workaround for reauth issues)
- forward Boolean
- If
auth==noneorauth==multi, whether to forward the user to the guest portal after authentication - forward
Url String - If
auth==noneorauth==multi, URL to forward the user to after authentication - max
Num IntegerDevices - Maximum number of clients allowed per guest. 0 (default, unlimited), 1-100 range
- privacy Boolean
- If
auth==noneorauth==multi, whether to show the privacy policy
- auth string
- Guest portal authentication type. enum:
external,multi,none - expire number
- If
auth==noneorauth==multi, whether to expire the guest after a certain time - external
Portal stringUrl - If
auth==external, the URL to redirect the user to for authentication - force
Reconnect boolean - Disconnect client (workaround for reauth issues)
- forward boolean
- If
auth==noneorauth==multi, whether to forward the user to the guest portal after authentication - forward
Url string - If
auth==noneorauth==multi, URL to forward the user to after authentication - max
Num numberDevices - Maximum number of clients allowed per guest. 0 (default, unlimited), 1-100 range
- privacy boolean
- If
auth==noneorauth==multi, whether to show the privacy policy
- auth str
- Guest portal authentication type. enum:
external,multi,none - expire int
- If
auth==noneorauth==multi, whether to expire the guest after a certain time - external_
portal_ strurl - If
auth==external, the URL to redirect the user to for authentication - force_
reconnect bool - Disconnect client (workaround for reauth issues)
- forward bool
- If
auth==noneorauth==multi, whether to forward the user to the guest portal after authentication - forward_
url str - If
auth==noneorauth==multi, URL to forward the user to after authentication - max_
num_ intdevices - Maximum number of clients allowed per guest. 0 (default, unlimited), 1-100 range
- privacy bool
- If
auth==noneorauth==multi, whether to show the privacy policy
- auth String
- Guest portal authentication type. enum:
external,multi,none - expire Number
- If
auth==noneorauth==multi, whether to expire the guest after a certain time - external
Portal StringUrl - If
auth==external, the URL to redirect the user to for authentication - force
Reconnect Boolean - Disconnect client (workaround for reauth issues)
- forward Boolean
- If
auth==noneorauth==multi, whether to forward the user to the guest portal after authentication - forward
Url String - If
auth==noneorauth==multi, URL to forward the user to after authentication - max
Num NumberDevices - Maximum number of clients allowed per guest. 0 (default, unlimited), 1-100 range
- privacy Boolean
- If
auth==noneorauth==multi, whether to show the privacy policy
NacPortalSso, NacPortalSsoArgs
- Idp
Cert string - Idp
Sign stringAlgo - Signing algorithm for SAML Assertion. enum:
sha1,sha256,sha384,sha512. - Idp
Sso stringUrl - Issuer string
- Nameid
Format string - Sso
Role List<Pulumi.Matchings Juniper Mist. Org. Inputs. Nac Portal Sso Sso Role Matching> - Use
Sso boolRole For Cert - If it's desired to inject a role into Cert's Subject (so it can be used later on in policy)
- Idp
Cert string - Idp
Sign stringAlgo - Signing algorithm for SAML Assertion. enum:
sha1,sha256,sha384,sha512. - Idp
Sso stringUrl - Issuer string
- Nameid
Format string - Sso
Role []NacMatchings Portal Sso Sso Role Matching - Use
Sso boolRole For Cert - If it's desired to inject a role into Cert's Subject (so it can be used later on in policy)
- idp
Cert String - idp
Sign StringAlgo - Signing algorithm for SAML Assertion. enum:
sha1,sha256,sha384,sha512. - idp
Sso StringUrl - issuer String
- nameid
Format String - sso
Role List<NacMatchings Portal Sso Sso Role Matching> - use
Sso BooleanRole For Cert - If it's desired to inject a role into Cert's Subject (so it can be used later on in policy)
- idp
Cert string - idp
Sign stringAlgo - Signing algorithm for SAML Assertion. enum:
sha1,sha256,sha384,sha512. - idp
Sso stringUrl - issuer string
- nameid
Format string - sso
Role NacMatchings Portal Sso Sso Role Matching[] - use
Sso booleanRole For Cert - If it's desired to inject a role into Cert's Subject (so it can be used later on in policy)
- idp_
cert str - idp_
sign_ stralgo - Signing algorithm for SAML Assertion. enum:
sha1,sha256,sha384,sha512. - idp_
sso_ strurl - issuer str
- nameid_
format str - sso_
role_ Sequence[Nacmatchings Portal Sso Sso Role Matching] - use_
sso_ boolrole_ for_ cert - If it's desired to inject a role into Cert's Subject (so it can be used later on in policy)
- idp
Cert String - idp
Sign StringAlgo - Signing algorithm for SAML Assertion. enum:
sha1,sha256,sha384,sha512. - idp
Sso StringUrl - issuer String
- nameid
Format String - sso
Role List<Property Map>Matchings - use
Sso BooleanRole For Cert - If it's desired to inject a role into Cert's Subject (so it can be used later on in policy)
NacPortalSsoSsoRoleMatching, NacPortalSsoSsoRoleMatchingArgs
Package Details
- Repository
- junipermist pulumi/pulumi-junipermist
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
mistTerraform Provider.
Viewing docs for Juniper Mist v0.8.1
published on Thursday, Apr 2, 2026 by Pulumi
published on Thursday, Apr 2, 2026 by Pulumi
