Viewing docs for Proxmox Virtual Environment (Proxmox VE) v8.0.0
published on Sunday, Apr 5, 2026 by Daniel Muehlbachler-Pietrzykowski
published on Sunday, Apr 5, 2026 by Daniel Muehlbachler-Pietrzykowski
Viewing docs for Proxmox Virtual Environment (Proxmox VE) v8.0.0
published on Sunday, Apr 5, 2026 by Daniel Muehlbachler-Pietrzykowski
published on Sunday, Apr 5, 2026 by Daniel Muehlbachler-Pietrzykowski
Manages an OpenID Connect authentication realm in Proxmox VE.
OpenID Connect realms allow Proxmox to authenticate users against an external OpenID Connect provider.
Privileges Required
| Path | Attribute |
|---|---|
| /access/domains | Realm.Allocate |
Notes
Client Key Security
The clientKey is sent to Proxmox and stored securely, but it’s never returned by the API. This means:
- Terraform cannot detect if the client key was changed outside of Terraform
- You must maintain the client key in your Terraform configuration or use a variable
- The client key will be marked as sensitive in Terraform state
Username Claim
The usernameClaim attribute is fixed after creation — it cannot be changed once the realm is created. Changing it requires destroying and recreating the realm. Common values:
subject(default) — Uses the OpenIDsubclaimusername— Uses thepreferredUsernameclaimemail— Uses theemailclaimupn— Uses the User Principal Name claim (common with ADFS/Azure AD)
Any valid OpenID claim name can be used. Ensure the chosen claim provides unique, stable identifiers for your users.
Common Configuration Scenarios
Minimal Configuration
import * as pulumi from "@pulumi/pulumi";
import * as proxmoxve from "@muhlba91/pulumi-proxmoxve";
const minimal = new proxmoxve.realm.Openid("minimal", {
realm: "my-oidc",
issuerUrl: "https://auth.example.com",
clientId: oidcClientId,
clientKey: oidcClientSecret,
});
import pulumi
import pulumi_proxmoxve as proxmoxve
minimal = proxmoxve.realm.Openid("minimal",
realm="my-oidc",
issuer_url="https://auth.example.com",
client_id=oidc_client_id,
client_key=oidc_client_secret)
package main
import (
"github.com/muhlba91/pulumi-proxmoxve/sdk/v8/go/proxmoxve/realm"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := realm.NewOpenid(ctx, "minimal", &realm.OpenidArgs{
Realm: pulumi.String("my-oidc"),
IssuerUrl: pulumi.String("https://auth.example.com"),
ClientId: pulumi.Any(oidcClientId),
ClientKey: pulumi.Any(oidcClientSecret),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using ProxmoxVE = Pulumi.ProxmoxVE;
return await Deployment.RunAsync(() =>
{
var minimal = new ProxmoxVE.Realm.Openid("minimal", new()
{
Realm = "my-oidc",
IssuerUrl = "https://auth.example.com",
ClientId = oidcClientId,
ClientKey = oidcClientSecret,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import io.muehlbachler.pulumi.proxmoxve.realm.Openid;
import io.muehlbachler.pulumi.proxmoxve.realm.OpenidArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var minimal = new Openid("minimal", OpenidArgs.builder()
.realm("my-oidc")
.issuerUrl("https://auth.example.com")
.clientId(oidcClientId)
.clientKey(oidcClientSecret)
.build());
}
}
resources:
minimal:
type: proxmoxve:realm:Openid
properties:
realm: my-oidc
issuerUrl: https://auth.example.com
clientId: ${oidcClientId}
clientKey: ${oidcClientSecret}
With User and Group Provisioning
import * as pulumi from "@pulumi/pulumi";
import * as proxmoxve from "@muhlba91/pulumi-proxmoxve";
const full = new proxmoxve.realm.Openid("full", {
realm: "corporate-oidc",
issuerUrl: "https://auth.example.com/realms/my-realm",
clientId: oidcClientId,
clientKey: oidcClientSecret,
usernameClaim: "email",
autocreate: true,
groupsClaim: "groups",
groupsAutocreate: true,
scopes: "openid email profile",
queryUserinfo: true,
});
import pulumi
import pulumi_proxmoxve as proxmoxve
full = proxmoxve.realm.Openid("full",
realm="corporate-oidc",
issuer_url="https://auth.example.com/realms/my-realm",
client_id=oidc_client_id,
client_key=oidc_client_secret,
username_claim="email",
autocreate=True,
groups_claim="groups",
groups_autocreate=True,
scopes="openid email profile",
query_userinfo=True)
package main
import (
"github.com/muhlba91/pulumi-proxmoxve/sdk/v8/go/proxmoxve/realm"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := realm.NewOpenid(ctx, "full", &realm.OpenidArgs{
Realm: pulumi.String("corporate-oidc"),
IssuerUrl: pulumi.String("https://auth.example.com/realms/my-realm"),
ClientId: pulumi.Any(oidcClientId),
ClientKey: pulumi.Any(oidcClientSecret),
UsernameClaim: pulumi.String("email"),
Autocreate: pulumi.Bool(true),
GroupsClaim: pulumi.String("groups"),
GroupsAutocreate: pulumi.Bool(true),
Scopes: pulumi.String("openid email profile"),
QueryUserinfo: pulumi.Bool(true),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using ProxmoxVE = Pulumi.ProxmoxVE;
return await Deployment.RunAsync(() =>
{
var full = new ProxmoxVE.Realm.Openid("full", new()
{
Realm = "corporate-oidc",
IssuerUrl = "https://auth.example.com/realms/my-realm",
ClientId = oidcClientId,
ClientKey = oidcClientSecret,
UsernameClaim = "email",
Autocreate = true,
GroupsClaim = "groups",
GroupsAutocreate = true,
Scopes = "openid email profile",
QueryUserinfo = true,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import io.muehlbachler.pulumi.proxmoxve.realm.Openid;
import io.muehlbachler.pulumi.proxmoxve.realm.OpenidArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var full = new Openid("full", OpenidArgs.builder()
.realm("corporate-oidc")
.issuerUrl("https://auth.example.com/realms/my-realm")
.clientId(oidcClientId)
.clientKey(oidcClientSecret)
.usernameClaim("email")
.autocreate(true)
.groupsClaim("groups")
.groupsAutocreate(true)
.scopes("openid email profile")
.queryUserinfo(true)
.build());
}
}
resources:
full:
type: proxmoxve:realm:Openid
properties:
realm: corporate-oidc
issuerUrl: https://auth.example.com/realms/my-realm
clientId: ${oidcClientId}
clientKey: ${oidcClientSecret}
usernameClaim: email
autocreate: true # Group synchronization
groupsClaim: groups
groupsAutocreate: true
scopes: openid email profile
queryUserinfo: true
See Also
Create Openid Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Openid(name: string, args: OpenidArgs, opts?: CustomResourceOptions);@overload
def Openid(resource_name: str,
args: OpenidArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Openid(resource_name: str,
opts: Optional[ResourceOptions] = None,
issuer_url: Optional[str] = None,
realm: Optional[str] = None,
client_id: Optional[str] = None,
client_key: Optional[str] = None,
comment: Optional[str] = None,
default: Optional[bool] = None,
groups_autocreate: Optional[bool] = None,
groups_claim: Optional[str] = None,
groups_overwrite: Optional[bool] = None,
acr_values: Optional[str] = None,
prompt: Optional[str] = None,
query_userinfo: Optional[bool] = None,
autocreate: Optional[bool] = None,
scopes: Optional[str] = None,
username_claim: Optional[str] = None)func NewOpenid(ctx *Context, name string, args OpenidArgs, opts ...ResourceOption) (*Openid, error)public Openid(string name, OpenidArgs args, CustomResourceOptions? opts = null)
public Openid(String name, OpenidArgs args)
public Openid(String name, OpenidArgs args, CustomResourceOptions options)
type: proxmoxve:realm:Openid
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args OpenidArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args OpenidArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args OpenidArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args OpenidArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args OpenidArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var openidResource = new ProxmoxVE.Realm.Openid("openidResource", new()
{
IssuerUrl = "string",
Realm = "string",
ClientId = "string",
ClientKey = "string",
Comment = "string",
Default = false,
GroupsAutocreate = false,
GroupsClaim = "string",
GroupsOverwrite = false,
AcrValues = "string",
Prompt = "string",
QueryUserinfo = false,
Autocreate = false,
Scopes = "string",
UsernameClaim = "string",
});
example, err := realm.NewOpenid(ctx, "openidResource", &realm.OpenidArgs{
IssuerUrl: pulumi.String("string"),
Realm: pulumi.String("string"),
ClientId: pulumi.String("string"),
ClientKey: pulumi.String("string"),
Comment: pulumi.String("string"),
Default: pulumi.Bool(false),
GroupsAutocreate: pulumi.Bool(false),
GroupsClaim: pulumi.String("string"),
GroupsOverwrite: pulumi.Bool(false),
AcrValues: pulumi.String("string"),
Prompt: pulumi.String("string"),
QueryUserinfo: pulumi.Bool(false),
Autocreate: pulumi.Bool(false),
Scopes: pulumi.String("string"),
UsernameClaim: pulumi.String("string"),
})
var openidResource = new Openid("openidResource", OpenidArgs.builder()
.issuerUrl("string")
.realm("string")
.clientId("string")
.clientKey("string")
.comment("string")
.default_(false)
.groupsAutocreate(false)
.groupsClaim("string")
.groupsOverwrite(false)
.acrValues("string")
.prompt("string")
.queryUserinfo(false)
.autocreate(false)
.scopes("string")
.usernameClaim("string")
.build());
openid_resource = proxmoxve.realm.Openid("openidResource",
issuer_url="string",
realm="string",
client_id="string",
client_key="string",
comment="string",
default=False,
groups_autocreate=False,
groups_claim="string",
groups_overwrite=False,
acr_values="string",
prompt="string",
query_userinfo=False,
autocreate=False,
scopes="string",
username_claim="string")
const openidResource = new proxmoxve.realm.Openid("openidResource", {
issuerUrl: "string",
realm: "string",
clientId: "string",
clientKey: "string",
comment: "string",
"default": false,
groupsAutocreate: false,
groupsClaim: "string",
groupsOverwrite: false,
acrValues: "string",
prompt: "string",
queryUserinfo: false,
autocreate: false,
scopes: "string",
usernameClaim: "string",
});
type: proxmoxve:realm:Openid
properties:
acrValues: string
autocreate: false
clientId: string
clientKey: string
comment: string
default: false
groupsAutocreate: false
groupsClaim: string
groupsOverwrite: false
issuerUrl: string
prompt: string
queryUserinfo: false
realm: string
scopes: string
usernameClaim: string
Openid Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Openid resource accepts the following input properties:
- Client
Id string - OpenID Connect Client ID.
- Issuer
Url string - OpenID Connect issuer URL. Proxmox uses OpenID Connect Discovery to configure the provider.
- Realm string
- Realm identifier (e.g., 'my-oidc').
- Acr
Values string - Authentication Context Class Reference values for the OpenID provider.
- Autocreate bool
- Automatically create users on the Proxmox cluster if they do not exist.
- Client
Key string - OpenID Connect Client Key (secret). Note: stored in Proxmox but not returned by API.
- Comment string
- Description of the realm.
- Default bool
- Use this realm as the default for login.
- Groups
Autocreate bool - Automatically create groups from claims rather than using existing Proxmox VE groups.
- Groups
Claim string - OpenID claim used to retrieve user group memberships.
- Groups
Overwrite bool - Replace assigned groups on login instead of appending to existing ones.
- Prompt string
- Specifies whether the authorization server prompts for reauthentication and/or consent (e.g., 'none', 'login', 'consent', 'select_account').
- Query
Userinfo bool - Query the OpenID userinfo endpoint for claims. Required when the identity provider does not include claims in the ID token.
- Scopes string
- Space-separated list of OpenID scopes to request.
- Username
Claim string - OpenID claim used to generate the unique username. Common values are
subject,username,email, andupn.
- Client
Id string - OpenID Connect Client ID.
- Issuer
Url string - OpenID Connect issuer URL. Proxmox uses OpenID Connect Discovery to configure the provider.
- Realm string
- Realm identifier (e.g., 'my-oidc').
- Acr
Values string - Authentication Context Class Reference values for the OpenID provider.
- Autocreate bool
- Automatically create users on the Proxmox cluster if they do not exist.
- Client
Key string - OpenID Connect Client Key (secret). Note: stored in Proxmox but not returned by API.
- Comment string
- Description of the realm.
- Default bool
- Use this realm as the default for login.
- Groups
Autocreate bool - Automatically create groups from claims rather than using existing Proxmox VE groups.
- Groups
Claim string - OpenID claim used to retrieve user group memberships.
- Groups
Overwrite bool - Replace assigned groups on login instead of appending to existing ones.
- Prompt string
- Specifies whether the authorization server prompts for reauthentication and/or consent (e.g., 'none', 'login', 'consent', 'select_account').
- Query
Userinfo bool - Query the OpenID userinfo endpoint for claims. Required when the identity provider does not include claims in the ID token.
- Scopes string
- Space-separated list of OpenID scopes to request.
- Username
Claim string - OpenID claim used to generate the unique username. Common values are
subject,username,email, andupn.
- client
Id String - OpenID Connect Client ID.
- issuer
Url String - OpenID Connect issuer URL. Proxmox uses OpenID Connect Discovery to configure the provider.
- realm String
- Realm identifier (e.g., 'my-oidc').
- acr
Values String - Authentication Context Class Reference values for the OpenID provider.
- autocreate Boolean
- Automatically create users on the Proxmox cluster if they do not exist.
- client
Key String - OpenID Connect Client Key (secret). Note: stored in Proxmox but not returned by API.
- comment String
- Description of the realm.
- default_ Boolean
- Use this realm as the default for login.
- groups
Autocreate Boolean - Automatically create groups from claims rather than using existing Proxmox VE groups.
- groups
Claim String - OpenID claim used to retrieve user group memberships.
- groups
Overwrite Boolean - Replace assigned groups on login instead of appending to existing ones.
- prompt String
- Specifies whether the authorization server prompts for reauthentication and/or consent (e.g., 'none', 'login', 'consent', 'select_account').
- query
Userinfo Boolean - Query the OpenID userinfo endpoint for claims. Required when the identity provider does not include claims in the ID token.
- scopes String
- Space-separated list of OpenID scopes to request.
- username
Claim String - OpenID claim used to generate the unique username. Common values are
subject,username,email, andupn.
- client
Id string - OpenID Connect Client ID.
- issuer
Url string - OpenID Connect issuer URL. Proxmox uses OpenID Connect Discovery to configure the provider.
- realm string
- Realm identifier (e.g., 'my-oidc').
- acr
Values string - Authentication Context Class Reference values for the OpenID provider.
- autocreate boolean
- Automatically create users on the Proxmox cluster if they do not exist.
- client
Key string - OpenID Connect Client Key (secret). Note: stored in Proxmox but not returned by API.
- comment string
- Description of the realm.
- default boolean
- Use this realm as the default for login.
- groups
Autocreate boolean - Automatically create groups from claims rather than using existing Proxmox VE groups.
- groups
Claim string - OpenID claim used to retrieve user group memberships.
- groups
Overwrite boolean - Replace assigned groups on login instead of appending to existing ones.
- prompt string
- Specifies whether the authorization server prompts for reauthentication and/or consent (e.g., 'none', 'login', 'consent', 'select_account').
- query
Userinfo boolean - Query the OpenID userinfo endpoint for claims. Required when the identity provider does not include claims in the ID token.
- scopes string
- Space-separated list of OpenID scopes to request.
- username
Claim string - OpenID claim used to generate the unique username. Common values are
subject,username,email, andupn.
- client_
id str - OpenID Connect Client ID.
- issuer_
url str - OpenID Connect issuer URL. Proxmox uses OpenID Connect Discovery to configure the provider.
- realm str
- Realm identifier (e.g., 'my-oidc').
- acr_
values str - Authentication Context Class Reference values for the OpenID provider.
- autocreate bool
- Automatically create users on the Proxmox cluster if they do not exist.
- client_
key str - OpenID Connect Client Key (secret). Note: stored in Proxmox but not returned by API.
- comment str
- Description of the realm.
- default bool
- Use this realm as the default for login.
- groups_
autocreate bool - Automatically create groups from claims rather than using existing Proxmox VE groups.
- groups_
claim str - OpenID claim used to retrieve user group memberships.
- groups_
overwrite bool - Replace assigned groups on login instead of appending to existing ones.
- prompt str
- Specifies whether the authorization server prompts for reauthentication and/or consent (e.g., 'none', 'login', 'consent', 'select_account').
- query_
userinfo bool - Query the OpenID userinfo endpoint for claims. Required when the identity provider does not include claims in the ID token.
- scopes str
- Space-separated list of OpenID scopes to request.
- username_
claim str - OpenID claim used to generate the unique username. Common values are
subject,username,email, andupn.
- client
Id String - OpenID Connect Client ID.
- issuer
Url String - OpenID Connect issuer URL. Proxmox uses OpenID Connect Discovery to configure the provider.
- realm String
- Realm identifier (e.g., 'my-oidc').
- acr
Values String - Authentication Context Class Reference values for the OpenID provider.
- autocreate Boolean
- Automatically create users on the Proxmox cluster if they do not exist.
- client
Key String - OpenID Connect Client Key (secret). Note: stored in Proxmox but not returned by API.
- comment String
- Description of the realm.
- default Boolean
- Use this realm as the default for login.
- groups
Autocreate Boolean - Automatically create groups from claims rather than using existing Proxmox VE groups.
- groups
Claim String - OpenID claim used to retrieve user group memberships.
- groups
Overwrite Boolean - Replace assigned groups on login instead of appending to existing ones.
- prompt String
- Specifies whether the authorization server prompts for reauthentication and/or consent (e.g., 'none', 'login', 'consent', 'select_account').
- query
Userinfo Boolean - Query the OpenID userinfo endpoint for claims. Required when the identity provider does not include claims in the ID token.
- scopes String
- Space-separated list of OpenID scopes to request.
- username
Claim String - OpenID claim used to generate the unique username. Common values are
subject,username,email, andupn.
Outputs
All input properties are implicitly available as output properties. Additionally, the Openid resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing Openid Resource
Get an existing Openid resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: OpenidState, opts?: CustomResourceOptions): Openid@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
acr_values: Optional[str] = None,
autocreate: Optional[bool] = None,
client_id: Optional[str] = None,
client_key: Optional[str] = None,
comment: Optional[str] = None,
default: Optional[bool] = None,
groups_autocreate: Optional[bool] = None,
groups_claim: Optional[str] = None,
groups_overwrite: Optional[bool] = None,
issuer_url: Optional[str] = None,
prompt: Optional[str] = None,
query_userinfo: Optional[bool] = None,
realm: Optional[str] = None,
scopes: Optional[str] = None,
username_claim: Optional[str] = None) -> Openidfunc GetOpenid(ctx *Context, name string, id IDInput, state *OpenidState, opts ...ResourceOption) (*Openid, error)public static Openid Get(string name, Input<string> id, OpenidState? state, CustomResourceOptions? opts = null)public static Openid get(String name, Output<String> id, OpenidState state, CustomResourceOptions options)resources: _: type: proxmoxve:realm:Openid get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Acr
Values string - Authentication Context Class Reference values for the OpenID provider.
- Autocreate bool
- Automatically create users on the Proxmox cluster if they do not exist.
- Client
Id string - OpenID Connect Client ID.
- Client
Key string - OpenID Connect Client Key (secret). Note: stored in Proxmox but not returned by API.
- Comment string
- Description of the realm.
- Default bool
- Use this realm as the default for login.
- Groups
Autocreate bool - Automatically create groups from claims rather than using existing Proxmox VE groups.
- Groups
Claim string - OpenID claim used to retrieve user group memberships.
- Groups
Overwrite bool - Replace assigned groups on login instead of appending to existing ones.
- Issuer
Url string - OpenID Connect issuer URL. Proxmox uses OpenID Connect Discovery to configure the provider.
- Prompt string
- Specifies whether the authorization server prompts for reauthentication and/or consent (e.g., 'none', 'login', 'consent', 'select_account').
- Query
Userinfo bool - Query the OpenID userinfo endpoint for claims. Required when the identity provider does not include claims in the ID token.
- Realm string
- Realm identifier (e.g., 'my-oidc').
- Scopes string
- Space-separated list of OpenID scopes to request.
- Username
Claim string - OpenID claim used to generate the unique username. Common values are
subject,username,email, andupn.
- Acr
Values string - Authentication Context Class Reference values for the OpenID provider.
- Autocreate bool
- Automatically create users on the Proxmox cluster if they do not exist.
- Client
Id string - OpenID Connect Client ID.
- Client
Key string - OpenID Connect Client Key (secret). Note: stored in Proxmox but not returned by API.
- Comment string
- Description of the realm.
- Default bool
- Use this realm as the default for login.
- Groups
Autocreate bool - Automatically create groups from claims rather than using existing Proxmox VE groups.
- Groups
Claim string - OpenID claim used to retrieve user group memberships.
- Groups
Overwrite bool - Replace assigned groups on login instead of appending to existing ones.
- Issuer
Url string - OpenID Connect issuer URL. Proxmox uses OpenID Connect Discovery to configure the provider.
- Prompt string
- Specifies whether the authorization server prompts for reauthentication and/or consent (e.g., 'none', 'login', 'consent', 'select_account').
- Query
Userinfo bool - Query the OpenID userinfo endpoint for claims. Required when the identity provider does not include claims in the ID token.
- Realm string
- Realm identifier (e.g., 'my-oidc').
- Scopes string
- Space-separated list of OpenID scopes to request.
- Username
Claim string - OpenID claim used to generate the unique username. Common values are
subject,username,email, andupn.
- acr
Values String - Authentication Context Class Reference values for the OpenID provider.
- autocreate Boolean
- Automatically create users on the Proxmox cluster if they do not exist.
- client
Id String - OpenID Connect Client ID.
- client
Key String - OpenID Connect Client Key (secret). Note: stored in Proxmox but not returned by API.
- comment String
- Description of the realm.
- default_ Boolean
- Use this realm as the default for login.
- groups
Autocreate Boolean - Automatically create groups from claims rather than using existing Proxmox VE groups.
- groups
Claim String - OpenID claim used to retrieve user group memberships.
- groups
Overwrite Boolean - Replace assigned groups on login instead of appending to existing ones.
- issuer
Url String - OpenID Connect issuer URL. Proxmox uses OpenID Connect Discovery to configure the provider.
- prompt String
- Specifies whether the authorization server prompts for reauthentication and/or consent (e.g., 'none', 'login', 'consent', 'select_account').
- query
Userinfo Boolean - Query the OpenID userinfo endpoint for claims. Required when the identity provider does not include claims in the ID token.
- realm String
- Realm identifier (e.g., 'my-oidc').
- scopes String
- Space-separated list of OpenID scopes to request.
- username
Claim String - OpenID claim used to generate the unique username. Common values are
subject,username,email, andupn.
- acr
Values string - Authentication Context Class Reference values for the OpenID provider.
- autocreate boolean
- Automatically create users on the Proxmox cluster if they do not exist.
- client
Id string - OpenID Connect Client ID.
- client
Key string - OpenID Connect Client Key (secret). Note: stored in Proxmox but not returned by API.
- comment string
- Description of the realm.
- default boolean
- Use this realm as the default for login.
- groups
Autocreate boolean - Automatically create groups from claims rather than using existing Proxmox VE groups.
- groups
Claim string - OpenID claim used to retrieve user group memberships.
- groups
Overwrite boolean - Replace assigned groups on login instead of appending to existing ones.
- issuer
Url string - OpenID Connect issuer URL. Proxmox uses OpenID Connect Discovery to configure the provider.
- prompt string
- Specifies whether the authorization server prompts for reauthentication and/or consent (e.g., 'none', 'login', 'consent', 'select_account').
- query
Userinfo boolean - Query the OpenID userinfo endpoint for claims. Required when the identity provider does not include claims in the ID token.
- realm string
- Realm identifier (e.g., 'my-oidc').
- scopes string
- Space-separated list of OpenID scopes to request.
- username
Claim string - OpenID claim used to generate the unique username. Common values are
subject,username,email, andupn.
- acr_
values str - Authentication Context Class Reference values for the OpenID provider.
- autocreate bool
- Automatically create users on the Proxmox cluster if they do not exist.
- client_
id str - OpenID Connect Client ID.
- client_
key str - OpenID Connect Client Key (secret). Note: stored in Proxmox but not returned by API.
- comment str
- Description of the realm.
- default bool
- Use this realm as the default for login.
- groups_
autocreate bool - Automatically create groups from claims rather than using existing Proxmox VE groups.
- groups_
claim str - OpenID claim used to retrieve user group memberships.
- groups_
overwrite bool - Replace assigned groups on login instead of appending to existing ones.
- issuer_
url str - OpenID Connect issuer URL. Proxmox uses OpenID Connect Discovery to configure the provider.
- prompt str
- Specifies whether the authorization server prompts for reauthentication and/or consent (e.g., 'none', 'login', 'consent', 'select_account').
- query_
userinfo bool - Query the OpenID userinfo endpoint for claims. Required when the identity provider does not include claims in the ID token.
- realm str
- Realm identifier (e.g., 'my-oidc').
- scopes str
- Space-separated list of OpenID scopes to request.
- username_
claim str - OpenID claim used to generate the unique username. Common values are
subject,username,email, andupn.
- acr
Values String - Authentication Context Class Reference values for the OpenID provider.
- autocreate Boolean
- Automatically create users on the Proxmox cluster if they do not exist.
- client
Id String - OpenID Connect Client ID.
- client
Key String - OpenID Connect Client Key (secret). Note: stored in Proxmox but not returned by API.
- comment String
- Description of the realm.
- default Boolean
- Use this realm as the default for login.
- groups
Autocreate Boolean - Automatically create groups from claims rather than using existing Proxmox VE groups.
- groups
Claim String - OpenID claim used to retrieve user group memberships.
- groups
Overwrite Boolean - Replace assigned groups on login instead of appending to existing ones.
- issuer
Url String - OpenID Connect issuer URL. Proxmox uses OpenID Connect Discovery to configure the provider.
- prompt String
- Specifies whether the authorization server prompts for reauthentication and/or consent (e.g., 'none', 'login', 'consent', 'select_account').
- query
Userinfo Boolean - Query the OpenID userinfo endpoint for claims. Required when the identity provider does not include claims in the ID token.
- realm String
- Realm identifier (e.g., 'my-oidc').
- scopes String
- Space-separated list of OpenID scopes to request.
- username
Claim String - OpenID claim used to generate the unique username. Common values are
subject,username,email, andupn.
Package Details
- Repository
- proxmoxve muhlba91/pulumi-proxmoxve
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
proxmoxTerraform Provider.
Viewing docs for Proxmox Virtual Environment (Proxmox VE) v8.0.0
published on Sunday, Apr 5, 2026 by Daniel Muehlbachler-Pietrzykowski
published on Sunday, Apr 5, 2026 by Daniel Muehlbachler-Pietrzykowski
