Cisco Meraki v0.4.1, Mar 15 25

Cisco Meraki v0.4.1 published on Saturday, Mar 15, 2025 by Pulumi

meraki.organizations.LoginSecurity

Explore with Pulumi AI

Cisco Meraki v0.4.1 published on Saturday, Mar 15, 2025 by Pulumi

Example Usage

Coming soon!

Coming soon!

Coming soon!

Coming soon!

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.meraki.organizations.LoginSecurity;
import com.pulumi.meraki.organizations.LoginSecurityArgs;
import com.pulumi.meraki.organizations.inputs.LoginSecurityApiAuthenticationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new LoginSecurity("example", LoginSecurityArgs.builder()
            .accountLockoutAttempts(3)
            .apiAuthentication(LoginSecurityApiAuthenticationArgs.builder()
                .ip_restrictions_for_keys(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
                .build())
            .enforceAccountLockout(true)
            .enforceDifferentPasswords(true)
            .enforceIdleTimeout(true)
            .enforceLoginIpRanges(true)
            .enforcePasswordExpiration(true)
            .enforceStrongPasswords(true)
            .enforceTwoFactorAuth(true)
            .idleTimeoutMinutes(30)
            .loginIpRanges(            
                "192.195.83.1",
                "192.195.83.255")
            .numDifferentPasswords(3)
            .organizationId("string")
            .passwordExpirationDays(90)
            .build());

        ctx.export("merakiOrganizationsLoginSecurityExample", example);
    }
}

resources:
  example:
    type: meraki:organizations:LoginSecurity
    properties:
      accountLockoutAttempts: 3
      apiAuthentication:
        ip_restrictions_for_keys:
          enabled: true
          ranges:
            - 192.195.83.1
            - 192.168.33.33
      enforceAccountLockout: true
      enforceDifferentPasswords: true
      enforceIdleTimeout: true
      enforceLoginIpRanges: true
      enforcePasswordExpiration: true
      enforceStrongPasswords: true
      enforceTwoFactorAuth: true
      idleTimeoutMinutes: 30
      loginIpRanges:
        - 192.195.83.1
        - 192.195.83.255
      numDifferentPasswords: 3
      organizationId: string
      passwordExpirationDays: 90
outputs:
  merakiOrganizationsLoginSecurityExample: ${example}

Create LoginSecurity Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new LoginSecurity(name: string, args: LoginSecurityArgs, opts?: CustomResourceOptions);

@overload
def LoginSecurity(resource_name: str,
                  args: LoginSecurityArgs,
                  opts: Optional[ResourceOptions] = None)

@overload
def LoginSecurity(resource_name: str,
                  opts: Optional[ResourceOptions] = None,
                  organization_id: Optional[str] = None,
                  enforce_password_expiration: Optional[bool] = None,
                  enforce_account_lockout: Optional[bool] = None,
                  enforce_different_passwords: Optional[bool] = None,
                  enforce_idle_timeout: Optional[bool] = None,
                  enforce_login_ip_ranges: Optional[bool] = None,
                  account_lockout_attempts: Optional[int] = None,
                  enforce_strong_passwords: Optional[bool] = None,
                  enforce_two_factor_auth: Optional[bool] = None,
                  idle_timeout_minutes: Optional[int] = None,
                  login_ip_ranges: Optional[Sequence[str]] = None,
                  num_different_passwords: Optional[int] = None,
                  api_authentication: Optional[LoginSecurityApiAuthenticationArgs] = None,
                  password_expiration_days: Optional[int] = None)

func NewLoginSecurity(ctx *Context, name string, args LoginSecurityArgs, opts ...ResourceOption) (*LoginSecurity, error)

public LoginSecurity(string name, LoginSecurityArgs args, CustomResourceOptions? opts = null)

public LoginSecurity(String name, LoginSecurityArgs args)
public LoginSecurity(String name, LoginSecurityArgs args, CustomResourceOptions options)

type: meraki:organizations:LoginSecurity
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args LoginSecurityArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args LoginSecurityArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args LoginSecurityArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args LoginSecurityArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args LoginSecurityArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var loginSecurityResource = new Meraki.Organizations.LoginSecurity("loginSecurityResource", new()
{
    OrganizationId = "string",
    EnforcePasswordExpiration = false,
    EnforceAccountLockout = false,
    EnforceDifferentPasswords = false,
    EnforceIdleTimeout = false,
    EnforceLoginIpRanges = false,
    AccountLockoutAttempts = 0,
    EnforceStrongPasswords = false,
    EnforceTwoFactorAuth = false,
    IdleTimeoutMinutes = 0,
    LoginIpRanges = new[]
    {
        "string",
    },
    NumDifferentPasswords = 0,
    ApiAuthentication = new Meraki.Organizations.Inputs.LoginSecurityApiAuthenticationArgs
    {
        IpRestrictionsForKeys = new Meraki.Organizations.Inputs.LoginSecurityApiAuthenticationIpRestrictionsForKeysArgs
        {
            Enabled = false,
            Ranges = new[]
            {
                "string",
            },
        },
    },
    PasswordExpirationDays = 0,
});

example, err := organizations.NewLoginSecurity(ctx, "loginSecurityResource", &organizations.LoginSecurityArgs{
	OrganizationId:            pulumi.String("string"),
	EnforcePasswordExpiration: pulumi.Bool(false),
	EnforceAccountLockout:     pulumi.Bool(false),
	EnforceDifferentPasswords: pulumi.Bool(false),
	EnforceIdleTimeout:        pulumi.Bool(false),
	EnforceLoginIpRanges:      pulumi.Bool(false),
	AccountLockoutAttempts:    pulumi.Int(0),
	EnforceStrongPasswords:    pulumi.Bool(false),
	EnforceTwoFactorAuth:      pulumi.Bool(false),
	IdleTimeoutMinutes:        pulumi.Int(0),
	LoginIpRanges: pulumi.StringArray{
		pulumi.String("string"),
	},
	NumDifferentPasswords: pulumi.Int(0),
	ApiAuthentication: &organizations.LoginSecurityApiAuthenticationArgs{
		IpRestrictionsForKeys: &organizations.LoginSecurityApiAuthenticationIpRestrictionsForKeysArgs{
			Enabled: pulumi.Bool(false),
			Ranges: pulumi.StringArray{
				pulumi.String("string"),
			},
		},
	},
	PasswordExpirationDays: pulumi.Int(0),
})

var loginSecurityResource = new LoginSecurity("loginSecurityResource", LoginSecurityArgs.builder()
    .organizationId("string")
    .enforcePasswordExpiration(false)
    .enforceAccountLockout(false)
    .enforceDifferentPasswords(false)
    .enforceIdleTimeout(false)
    .enforceLoginIpRanges(false)
    .accountLockoutAttempts(0)
    .enforceStrongPasswords(false)
    .enforceTwoFactorAuth(false)
    .idleTimeoutMinutes(0)
    .loginIpRanges("string")
    .numDifferentPasswords(0)
    .apiAuthentication(LoginSecurityApiAuthenticationArgs.builder()
        .ipRestrictionsForKeys(LoginSecurityApiAuthenticationIpRestrictionsForKeysArgs.builder()
            .enabled(false)
            .ranges("string")
            .build())
        .build())
    .passwordExpirationDays(0)
    .build());

login_security_resource = meraki.organizations.LoginSecurity("loginSecurityResource",
    organization_id="string",
    enforce_password_expiration=False,
    enforce_account_lockout=False,
    enforce_different_passwords=False,
    enforce_idle_timeout=False,
    enforce_login_ip_ranges=False,
    account_lockout_attempts=0,
    enforce_strong_passwords=False,
    enforce_two_factor_auth=False,
    idle_timeout_minutes=0,
    login_ip_ranges=["string"],
    num_different_passwords=0,
    api_authentication={
        "ip_restrictions_for_keys": {
            "enabled": False,
            "ranges": ["string"],
        },
    },
    password_expiration_days=0)

const loginSecurityResource = new meraki.organizations.LoginSecurity("loginSecurityResource", {
    organizationId: "string",
    enforcePasswordExpiration: false,
    enforceAccountLockout: false,
    enforceDifferentPasswords: false,
    enforceIdleTimeout: false,
    enforceLoginIpRanges: false,
    accountLockoutAttempts: 0,
    enforceStrongPasswords: false,
    enforceTwoFactorAuth: false,
    idleTimeoutMinutes: 0,
    loginIpRanges: ["string"],
    numDifferentPasswords: 0,
    apiAuthentication: {
        ipRestrictionsForKeys: {
            enabled: false,
            ranges: ["string"],
        },
    },
    passwordExpirationDays: 0,
});

type: meraki:organizations:LoginSecurity
properties:
    accountLockoutAttempts: 0
    apiAuthentication:
        ipRestrictionsForKeys:
            enabled: false
            ranges:
                - string
    enforceAccountLockout: false
    enforceDifferentPasswords: false
    enforceIdleTimeout: false
    enforceLoginIpRanges: false
    enforcePasswordExpiration: false
    enforceStrongPasswords: false
    enforceTwoFactorAuth: false
    idleTimeoutMinutes: 0
    loginIpRanges:
        - string
    numDifferentPasswords: 0
    organizationId: string
    passwordExpirationDays: 0

LoginSecurity Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The LoginSecurity resource accepts the following input properties:

OrganizationId string: organizationId path parameter. Organization ID
AccountLockoutAttempts int: Number of consecutive failed login attempts after which users' accounts will be locked.
ApiAuthentication LoginSecurityApiAuthentication: Details for indicating whether organization will restrict access to API (but not Dashboard) to certain IP addresses.
EnforceAccountLockout bool: Boolean indicating whether users' Dashboard accounts will be locked out after a specified number of consecutive failed login attempts.
EnforceDifferentPasswords bool: Boolean indicating whether users, when setting a new password, are forced to choose a new password that is different from any past passwords.
EnforceIdleTimeout bool: Boolean indicating whether users will be logged out after being idle for the specified number of minutes.
EnforceLoginIpRanges bool: Boolean indicating whether organization will restrict access to Dashboard (including the API) from certain IP addresses.
EnforcePasswordExpiration bool: Boolean indicating whether users are forced to change their password every X number of days.
EnforceStrongPasswords bool: Boolean indicating whether users will be forced to choose strong passwords for their accounts. Strong passwords are at least 8 characters that contain 3 of the following: number, uppercase letter, lowercase letter, and symbol
EnforceTwoFactorAuth bool: Boolean indicating whether users in this organization will be required to use an extra verification code when logging in to Dashboard. This code will be sent to their mobile phone via SMS, or can be generated by the authenticator application.
IdleTimeoutMinutes int: Number of minutes users can remain idle before being logged out of their accounts.
LoginIpRanges List<string>: List of acceptable IP ranges. Entries can be single IP addresses, IP address ranges, and CIDR subnets.
NumDifferentPasswords int: Number of recent passwords that new password must be distinct from.
PasswordExpirationDays int: Number of days after which users will be forced to change their password.

OrganizationId string: organizationId path parameter. Organization ID
AccountLockoutAttempts int: Number of consecutive failed login attempts after which users' accounts will be locked.
ApiAuthentication LoginSecurityApiAuthenticationArgs: Details for indicating whether organization will restrict access to API (but not Dashboard) to certain IP addresses.
EnforceAccountLockout bool: Boolean indicating whether users' Dashboard accounts will be locked out after a specified number of consecutive failed login attempts.
EnforceDifferentPasswords bool: Boolean indicating whether users, when setting a new password, are forced to choose a new password that is different from any past passwords.
EnforceIdleTimeout bool: Boolean indicating whether users will be logged out after being idle for the specified number of minutes.
EnforceLoginIpRanges bool: Boolean indicating whether organization will restrict access to Dashboard (including the API) from certain IP addresses.
EnforcePasswordExpiration bool: Boolean indicating whether users are forced to change their password every X number of days.
EnforceStrongPasswords bool: Boolean indicating whether users will be forced to choose strong passwords for their accounts. Strong passwords are at least 8 characters that contain 3 of the following: number, uppercase letter, lowercase letter, and symbol
EnforceTwoFactorAuth bool: Boolean indicating whether users in this organization will be required to use an extra verification code when logging in to Dashboard. This code will be sent to their mobile phone via SMS, or can be generated by the authenticator application.
IdleTimeoutMinutes int: Number of minutes users can remain idle before being logged out of their accounts.
LoginIpRanges []string: List of acceptable IP ranges. Entries can be single IP addresses, IP address ranges, and CIDR subnets.
NumDifferentPasswords int: Number of recent passwords that new password must be distinct from.
PasswordExpirationDays int: Number of days after which users will be forced to change their password.

organizationId String: organizationId path parameter. Organization ID
accountLockoutAttempts Integer: Number of consecutive failed login attempts after which users' accounts will be locked.
apiAuthentication LoginSecurityApiAuthentication: Details for indicating whether organization will restrict access to API (but not Dashboard) to certain IP addresses.
enforceAccountLockout Boolean: Boolean indicating whether users' Dashboard accounts will be locked out after a specified number of consecutive failed login attempts.
enforceDifferentPasswords Boolean: Boolean indicating whether users, when setting a new password, are forced to choose a new password that is different from any past passwords.
enforceIdleTimeout Boolean: Boolean indicating whether users will be logged out after being idle for the specified number of minutes.
enforceLoginIpRanges Boolean: Boolean indicating whether organization will restrict access to Dashboard (including the API) from certain IP addresses.
enforcePasswordExpiration Boolean: Boolean indicating whether users are forced to change their password every X number of days.
enforceStrongPasswords Boolean: Boolean indicating whether users will be forced to choose strong passwords for their accounts. Strong passwords are at least 8 characters that contain 3 of the following: number, uppercase letter, lowercase letter, and symbol
enforceTwoFactorAuth Boolean: Boolean indicating whether users in this organization will be required to use an extra verification code when logging in to Dashboard. This code will be sent to their mobile phone via SMS, or can be generated by the authenticator application.
idleTimeoutMinutes Integer: Number of minutes users can remain idle before being logged out of their accounts.
loginIpRanges List<String>: List of acceptable IP ranges. Entries can be single IP addresses, IP address ranges, and CIDR subnets.
numDifferentPasswords Integer: Number of recent passwords that new password must be distinct from.
passwordExpirationDays Integer: Number of days after which users will be forced to change their password.

organizationId string: organizationId path parameter. Organization ID
accountLockoutAttempts number: Number of consecutive failed login attempts after which users' accounts will be locked.
apiAuthentication LoginSecurityApiAuthentication: Details for indicating whether organization will restrict access to API (but not Dashboard) to certain IP addresses.
enforceAccountLockout boolean: Boolean indicating whether users' Dashboard accounts will be locked out after a specified number of consecutive failed login attempts.
enforceDifferentPasswords boolean: Boolean indicating whether users, when setting a new password, are forced to choose a new password that is different from any past passwords.
enforceIdleTimeout boolean: Boolean indicating whether users will be logged out after being idle for the specified number of minutes.
enforceLoginIpRanges boolean: Boolean indicating whether organization will restrict access to Dashboard (including the API) from certain IP addresses.
enforcePasswordExpiration boolean: Boolean indicating whether users are forced to change their password every X number of days.
enforceStrongPasswords boolean: Boolean indicating whether users will be forced to choose strong passwords for their accounts. Strong passwords are at least 8 characters that contain 3 of the following: number, uppercase letter, lowercase letter, and symbol
enforceTwoFactorAuth boolean: Boolean indicating whether users in this organization will be required to use an extra verification code when logging in to Dashboard. This code will be sent to their mobile phone via SMS, or can be generated by the authenticator application.
idleTimeoutMinutes number: Number of minutes users can remain idle before being logged out of their accounts.
loginIpRanges string[]: List of acceptable IP ranges. Entries can be single IP addresses, IP address ranges, and CIDR subnets.
numDifferentPasswords number: Number of recent passwords that new password must be distinct from.
passwordExpirationDays number: Number of days after which users will be forced to change their password.

organization_id str: organizationId path parameter. Organization ID
account_lockout_attempts int: Number of consecutive failed login attempts after which users' accounts will be locked.
api_authentication LoginSecurityApiAuthenticationArgs: Details for indicating whether organization will restrict access to API (but not Dashboard) to certain IP addresses.
enforce_account_lockout bool: Boolean indicating whether users' Dashboard accounts will be locked out after a specified number of consecutive failed login attempts.
enforce_different_passwords bool: Boolean indicating whether users, when setting a new password, are forced to choose a new password that is different from any past passwords.
enforce_idle_timeout bool: Boolean indicating whether users will be logged out after being idle for the specified number of minutes.
enforce_login_ip_ranges bool: Boolean indicating whether organization will restrict access to Dashboard (including the API) from certain IP addresses.
enforce_password_expiration bool: Boolean indicating whether users are forced to change their password every X number of days.
enforce_strong_passwords bool: Boolean indicating whether users will be forced to choose strong passwords for their accounts. Strong passwords are at least 8 characters that contain 3 of the following: number, uppercase letter, lowercase letter, and symbol
enforce_two_factor_auth bool: Boolean indicating whether users in this organization will be required to use an extra verification code when logging in to Dashboard. This code will be sent to their mobile phone via SMS, or can be generated by the authenticator application.
idle_timeout_minutes int: Number of minutes users can remain idle before being logged out of their accounts.
login_ip_ranges Sequence[str]: List of acceptable IP ranges. Entries can be single IP addresses, IP address ranges, and CIDR subnets.
num_different_passwords int: Number of recent passwords that new password must be distinct from.
password_expiration_days int: Number of days after which users will be forced to change their password.

organizationId String: organizationId path parameter. Organization ID
accountLockoutAttempts Number: Number of consecutive failed login attempts after which users' accounts will be locked.
apiAuthentication Property Map: Details for indicating whether organization will restrict access to API (but not Dashboard) to certain IP addresses.
enforceAccountLockout Boolean: Boolean indicating whether users' Dashboard accounts will be locked out after a specified number of consecutive failed login attempts.
enforceDifferentPasswords Boolean: Boolean indicating whether users, when setting a new password, are forced to choose a new password that is different from any past passwords.
enforceIdleTimeout Boolean: Boolean indicating whether users will be logged out after being idle for the specified number of minutes.
enforceLoginIpRanges Boolean: Boolean indicating whether organization will restrict access to Dashboard (including the API) from certain IP addresses.
enforcePasswordExpiration Boolean: Boolean indicating whether users are forced to change their password every X number of days.
enforceStrongPasswords Boolean: Boolean indicating whether users will be forced to choose strong passwords for their accounts. Strong passwords are at least 8 characters that contain 3 of the following: number, uppercase letter, lowercase letter, and symbol
enforceTwoFactorAuth Boolean: Boolean indicating whether users in this organization will be required to use an extra verification code when logging in to Dashboard. This code will be sent to their mobile phone via SMS, or can be generated by the authenticator application.
idleTimeoutMinutes Number: Number of minutes users can remain idle before being logged out of their accounts.
loginIpRanges List<String>: List of acceptable IP ranges. Entries can be single IP addresses, IP address ranges, and CIDR subnets.
numDifferentPasswords Number: Number of recent passwords that new password must be distinct from.
passwordExpirationDays Number: Number of days after which users will be forced to change their password.

Outputs

All input properties are implicitly available as output properties. Additionally, the LoginSecurity resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

Look up Existing LoginSecurity Resource

Get an existing LoginSecurity resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: LoginSecurityState, opts?: CustomResourceOptions): LoginSecurity

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        account_lockout_attempts: Optional[int] = None,
        api_authentication: Optional[LoginSecurityApiAuthenticationArgs] = None,
        enforce_account_lockout: Optional[bool] = None,
        enforce_different_passwords: Optional[bool] = None,
        enforce_idle_timeout: Optional[bool] = None,
        enforce_login_ip_ranges: Optional[bool] = None,
        enforce_password_expiration: Optional[bool] = None,
        enforce_strong_passwords: Optional[bool] = None,
        enforce_two_factor_auth: Optional[bool] = None,
        idle_timeout_minutes: Optional[int] = None,
        login_ip_ranges: Optional[Sequence[str]] = None,
        num_different_passwords: Optional[int] = None,
        organization_id: Optional[str] = None,
        password_expiration_days: Optional[int] = None) -> LoginSecurity

func GetLoginSecurity(ctx *Context, name string, id IDInput, state *LoginSecurityState, opts ...ResourceOption) (*LoginSecurity, error)

public static LoginSecurity Get(string name, Input<string> id, LoginSecurityState? state, CustomResourceOptions? opts = null)

public static LoginSecurity get(String name, Output<String> id, LoginSecurityState state, CustomResourceOptions options)

resources:  _:    type: meraki:organizations:LoginSecurity    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AccountLockoutAttempts int: Number of consecutive failed login attempts after which users' accounts will be locked.
ApiAuthentication LoginSecurityApiAuthentication: Details for indicating whether organization will restrict access to API (but not Dashboard) to certain IP addresses.
EnforceAccountLockout bool: Boolean indicating whether users' Dashboard accounts will be locked out after a specified number of consecutive failed login attempts.
EnforceDifferentPasswords bool: Boolean indicating whether users, when setting a new password, are forced to choose a new password that is different from any past passwords.
EnforceIdleTimeout bool: Boolean indicating whether users will be logged out after being idle for the specified number of minutes.
EnforceLoginIpRanges bool: Boolean indicating whether organization will restrict access to Dashboard (including the API) from certain IP addresses.
EnforcePasswordExpiration bool: Boolean indicating whether users are forced to change their password every X number of days.
EnforceStrongPasswords bool: Boolean indicating whether users will be forced to choose strong passwords for their accounts. Strong passwords are at least 8 characters that contain 3 of the following: number, uppercase letter, lowercase letter, and symbol
EnforceTwoFactorAuth bool: Boolean indicating whether users in this organization will be required to use an extra verification code when logging in to Dashboard. This code will be sent to their mobile phone via SMS, or can be generated by the authenticator application.
IdleTimeoutMinutes int: Number of minutes users can remain idle before being logged out of their accounts.
LoginIpRanges List<string>: List of acceptable IP ranges. Entries can be single IP addresses, IP address ranges, and CIDR subnets.
NumDifferentPasswords int: Number of recent passwords that new password must be distinct from.
OrganizationId string: organizationId path parameter. Organization ID
PasswordExpirationDays int: Number of days after which users will be forced to change their password.

AccountLockoutAttempts int: Number of consecutive failed login attempts after which users' accounts will be locked.
ApiAuthentication LoginSecurityApiAuthenticationArgs: Details for indicating whether organization will restrict access to API (but not Dashboard) to certain IP addresses.
EnforceAccountLockout bool: Boolean indicating whether users' Dashboard accounts will be locked out after a specified number of consecutive failed login attempts.
EnforceDifferentPasswords bool: Boolean indicating whether users, when setting a new password, are forced to choose a new password that is different from any past passwords.
EnforceIdleTimeout bool: Boolean indicating whether users will be logged out after being idle for the specified number of minutes.
EnforceLoginIpRanges bool: Boolean indicating whether organization will restrict access to Dashboard (including the API) from certain IP addresses.
EnforcePasswordExpiration bool: Boolean indicating whether users are forced to change their password every X number of days.
EnforceStrongPasswords bool: Boolean indicating whether users will be forced to choose strong passwords for their accounts. Strong passwords are at least 8 characters that contain 3 of the following: number, uppercase letter, lowercase letter, and symbol
EnforceTwoFactorAuth bool: Boolean indicating whether users in this organization will be required to use an extra verification code when logging in to Dashboard. This code will be sent to their mobile phone via SMS, or can be generated by the authenticator application.
IdleTimeoutMinutes int: Number of minutes users can remain idle before being logged out of their accounts.
LoginIpRanges []string: List of acceptable IP ranges. Entries can be single IP addresses, IP address ranges, and CIDR subnets.
NumDifferentPasswords int: Number of recent passwords that new password must be distinct from.
OrganizationId string: organizationId path parameter. Organization ID
PasswordExpirationDays int: Number of days after which users will be forced to change their password.

accountLockoutAttempts Integer: Number of consecutive failed login attempts after which users' accounts will be locked.
apiAuthentication LoginSecurityApiAuthentication: Details for indicating whether organization will restrict access to API (but not Dashboard) to certain IP addresses.
enforceAccountLockout Boolean: Boolean indicating whether users' Dashboard accounts will be locked out after a specified number of consecutive failed login attempts.
enforceDifferentPasswords Boolean: Boolean indicating whether users, when setting a new password, are forced to choose a new password that is different from any past passwords.
enforceIdleTimeout Boolean: Boolean indicating whether users will be logged out after being idle for the specified number of minutes.
enforceLoginIpRanges Boolean: Boolean indicating whether organization will restrict access to Dashboard (including the API) from certain IP addresses.
enforcePasswordExpiration Boolean: Boolean indicating whether users are forced to change their password every X number of days.
enforceStrongPasswords Boolean: Boolean indicating whether users will be forced to choose strong passwords for their accounts. Strong passwords are at least 8 characters that contain 3 of the following: number, uppercase letter, lowercase letter, and symbol
enforceTwoFactorAuth Boolean: Boolean indicating whether users in this organization will be required to use an extra verification code when logging in to Dashboard. This code will be sent to their mobile phone via SMS, or can be generated by the authenticator application.
idleTimeoutMinutes Integer: Number of minutes users can remain idle before being logged out of their accounts.
loginIpRanges List<String>: List of acceptable IP ranges. Entries can be single IP addresses, IP address ranges, and CIDR subnets.
numDifferentPasswords Integer: Number of recent passwords that new password must be distinct from.
organizationId String: organizationId path parameter. Organization ID
passwordExpirationDays Integer: Number of days after which users will be forced to change their password.

accountLockoutAttempts number: Number of consecutive failed login attempts after which users' accounts will be locked.
apiAuthentication LoginSecurityApiAuthentication: Details for indicating whether organization will restrict access to API (but not Dashboard) to certain IP addresses.
enforceAccountLockout boolean: Boolean indicating whether users' Dashboard accounts will be locked out after a specified number of consecutive failed login attempts.
enforceDifferentPasswords boolean: Boolean indicating whether users, when setting a new password, are forced to choose a new password that is different from any past passwords.
enforceIdleTimeout boolean: Boolean indicating whether users will be logged out after being idle for the specified number of minutes.
enforceLoginIpRanges boolean: Boolean indicating whether organization will restrict access to Dashboard (including the API) from certain IP addresses.
enforcePasswordExpiration boolean: Boolean indicating whether users are forced to change their password every X number of days.
enforceStrongPasswords boolean: Boolean indicating whether users will be forced to choose strong passwords for their accounts. Strong passwords are at least 8 characters that contain 3 of the following: number, uppercase letter, lowercase letter, and symbol
enforceTwoFactorAuth boolean: Boolean indicating whether users in this organization will be required to use an extra verification code when logging in to Dashboard. This code will be sent to their mobile phone via SMS, or can be generated by the authenticator application.
idleTimeoutMinutes number: Number of minutes users can remain idle before being logged out of their accounts.
loginIpRanges string[]: List of acceptable IP ranges. Entries can be single IP addresses, IP address ranges, and CIDR subnets.
numDifferentPasswords number: Number of recent passwords that new password must be distinct from.
organizationId string: organizationId path parameter. Organization ID
passwordExpirationDays number: Number of days after which users will be forced to change their password.

account_lockout_attempts int: Number of consecutive failed login attempts after which users' accounts will be locked.
api_authentication LoginSecurityApiAuthenticationArgs: Details for indicating whether organization will restrict access to API (but not Dashboard) to certain IP addresses.
enforce_account_lockout bool: Boolean indicating whether users' Dashboard accounts will be locked out after a specified number of consecutive failed login attempts.
enforce_different_passwords bool: Boolean indicating whether users, when setting a new password, are forced to choose a new password that is different from any past passwords.
enforce_idle_timeout bool: Boolean indicating whether users will be logged out after being idle for the specified number of minutes.
enforce_login_ip_ranges bool: Boolean indicating whether organization will restrict access to Dashboard (including the API) from certain IP addresses.
enforce_password_expiration bool: Boolean indicating whether users are forced to change their password every X number of days.
enforce_strong_passwords bool: Boolean indicating whether users will be forced to choose strong passwords for their accounts. Strong passwords are at least 8 characters that contain 3 of the following: number, uppercase letter, lowercase letter, and symbol
enforce_two_factor_auth bool: Boolean indicating whether users in this organization will be required to use an extra verification code when logging in to Dashboard. This code will be sent to their mobile phone via SMS, or can be generated by the authenticator application.
idle_timeout_minutes int: Number of minutes users can remain idle before being logged out of their accounts.
login_ip_ranges Sequence[str]: List of acceptable IP ranges. Entries can be single IP addresses, IP address ranges, and CIDR subnets.
num_different_passwords int: Number of recent passwords that new password must be distinct from.
organization_id str: organizationId path parameter. Organization ID
password_expiration_days int: Number of days after which users will be forced to change their password.

accountLockoutAttempts Number: Number of consecutive failed login attempts after which users' accounts will be locked.
apiAuthentication Property Map: Details for indicating whether organization will restrict access to API (but not Dashboard) to certain IP addresses.
enforceAccountLockout Boolean: Boolean indicating whether users' Dashboard accounts will be locked out after a specified number of consecutive failed login attempts.
enforceDifferentPasswords Boolean: Boolean indicating whether users, when setting a new password, are forced to choose a new password that is different from any past passwords.
enforceIdleTimeout Boolean: Boolean indicating whether users will be logged out after being idle for the specified number of minutes.
enforceLoginIpRanges Boolean: Boolean indicating whether organization will restrict access to Dashboard (including the API) from certain IP addresses.
enforcePasswordExpiration Boolean: Boolean indicating whether users are forced to change their password every X number of days.
enforceStrongPasswords Boolean: Boolean indicating whether users will be forced to choose strong passwords for their accounts. Strong passwords are at least 8 characters that contain 3 of the following: number, uppercase letter, lowercase letter, and symbol
enforceTwoFactorAuth Boolean: Boolean indicating whether users in this organization will be required to use an extra verification code when logging in to Dashboard. This code will be sent to their mobile phone via SMS, or can be generated by the authenticator application.
idleTimeoutMinutes Number: Number of minutes users can remain idle before being logged out of their accounts.
loginIpRanges List<String>: List of acceptable IP ranges. Entries can be single IP addresses, IP address ranges, and CIDR subnets.
numDifferentPasswords Number: Number of recent passwords that new password must be distinct from.
organizationId String: organizationId path parameter. Organization ID
passwordExpirationDays Number: Number of days after which users will be forced to change their password.

Supporting Types

LoginSecurityApiAuthentication, LoginSecurityApiAuthenticationArgs

IpRestrictionsForKeys LoginSecurityApiAuthenticationIpRestrictionsForKeys: Details for API-only IP restrictions.

IpRestrictionsForKeys LoginSecurityApiAuthenticationIpRestrictionsForKeys: Details for API-only IP restrictions.

ipRestrictionsForKeys LoginSecurityApiAuthenticationIpRestrictionsForKeys: Details for API-only IP restrictions.

ipRestrictionsForKeys LoginSecurityApiAuthenticationIpRestrictionsForKeys: Details for API-only IP restrictions.

ip_restrictions_for_keys LoginSecurityApiAuthenticationIpRestrictionsForKeys: Details for API-only IP restrictions.

ipRestrictionsForKeys Property Map: Details for API-only IP restrictions.

LoginSecurityApiAuthenticationIpRestrictionsForKeys, LoginSecurityApiAuthenticationIpRestrictionsForKeysArgs

Enabled bool: Boolean indicating whether the organization will restrict API key (not Dashboard GUI) usage to a specific list of IP addresses or CIDR ranges.
Ranges List<string>: List of acceptable IP ranges. Entries can be single IP addresses, IP address ranges, and CIDR subnets.

Enabled bool: Boolean indicating whether the organization will restrict API key (not Dashboard GUI) usage to a specific list of IP addresses or CIDR ranges.
Ranges []string: List of acceptable IP ranges. Entries can be single IP addresses, IP address ranges, and CIDR subnets.

enabled Boolean: Boolean indicating whether the organization will restrict API key (not Dashboard GUI) usage to a specific list of IP addresses or CIDR ranges.
ranges List<String>: List of acceptable IP ranges. Entries can be single IP addresses, IP address ranges, and CIDR subnets.

enabled boolean: Boolean indicating whether the organization will restrict API key (not Dashboard GUI) usage to a specific list of IP addresses or CIDR ranges.
ranges string[]: List of acceptable IP ranges. Entries can be single IP addresses, IP address ranges, and CIDR subnets.

enabled bool: Boolean indicating whether the organization will restrict API key (not Dashboard GUI) usage to a specific list of IP addresses or CIDR ranges.
ranges Sequence[str]: List of acceptable IP ranges. Entries can be single IP addresses, IP address ranges, and CIDR subnets.

enabled Boolean: Boolean indicating whether the organization will restrict API key (not Dashboard GUI) usage to a specific list of IP addresses or CIDR ranges.
ranges List<String>: List of acceptable IP ranges. Entries can be single IP addresses, IP address ranges, and CIDR subnets.

Import

$ pulumi import meraki:organizations/loginSecurity:LoginSecurity example "organization_id"

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: meraki pulumi/pulumi-meraki
License: Apache-2.0
Notes: This Pulumi package is based on the meraki Terraform Provider.

Cisco Meraki v0.4.1 published on Saturday, Mar 15, 2025 by Pulumi

pulumi/pulumi-meraki

meraki.organizations.LoginSecurity

On this page

On this page

Example Usage

Create LoginSecurity Resource

Constructor syntax

Parameters

Constructor example

LoginSecurity Resource Properties

Inputs

Outputs

Look up Existing LoginSecurity Resource

Supporting Types

LoginSecurityApiAuthentication, LoginSecurityApiAuthenticationArgs

LoginSecurityApiAuthenticationIpRestrictionsForKeys, LoginSecurityApiAuthenticationIpRestrictionsForKeysArgs

Import

Package Details

On this page

On this page