tailscale.FederatedIdentity

Tailscale v0.26.0, Feb 12 26

Tailscale v0.26.0 published on Thursday, Feb 12, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-tailscale

Tailscale v0.26.0 published on Thursday, Feb 12, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-tailscale

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as tailscale from "@pulumi/tailscale";

const exampleFederatedIdentity = new tailscale.FederatedIdentity("example_federated_identity", {
    description: "Example federated identity",
    scopes: [
        "auth_keys",
        "devices:core",
    ],
    tags: ["tag:test"],
    issuer: "https://example.com",
    subject: "example-sub-*",
    customClaimRules: {
        repo_name: "example-repo-name",
    },
});

import pulumi
import pulumi_tailscale as tailscale

example_federated_identity = tailscale.FederatedIdentity("example_federated_identity",
    description="Example federated identity",
    scopes=[
        "auth_keys",
        "devices:core",
    ],
    tags=["tag:test"],
    issuer="https://example.com",
    subject="example-sub-*",
    custom_claim_rules={
        "repo_name": "example-repo-name",
    })

package main

import (
	"github.com/pulumi/pulumi-tailscale/sdk/go/tailscale"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := tailscale.NewFederatedIdentity(ctx, "example_federated_identity", &tailscale.FederatedIdentityArgs{
			Description: pulumi.String("Example federated identity"),
			Scopes: pulumi.StringArray{
				pulumi.String("auth_keys"),
				pulumi.String("devices:core"),
			},
			Tags: pulumi.StringArray{
				pulumi.String("tag:test"),
			},
			Issuer:  pulumi.String("https://example.com"),
			Subject: pulumi.String("example-sub-*"),
			CustomClaimRules: pulumi.StringMap{
				"repo_name": pulumi.String("example-repo-name"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Tailscale = Pulumi.Tailscale;

return await Deployment.RunAsync(() => 
{
    var exampleFederatedIdentity = new Tailscale.FederatedIdentity("example_federated_identity", new()
    {
        Description = "Example federated identity",
        Scopes = new[]
        {
            "auth_keys",
            "devices:core",
        },
        Tags = new[]
        {
            "tag:test",
        },
        Issuer = "https://example.com",
        Subject = "example-sub-*",
        CustomClaimRules = 
        {
            { "repo_name", "example-repo-name" },
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.tailscale.FederatedIdentity;
import com.pulumi.tailscale.FederatedIdentityArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var exampleFederatedIdentity = new FederatedIdentity("exampleFederatedIdentity", FederatedIdentityArgs.builder()
            .description("Example federated identity")
            .scopes(            
                "auth_keys",
                "devices:core")
            .tags("tag:test")
            .issuer("https://example.com")
            .subject("example-sub-*")
            .customClaimRules(Map.of("repo_name", "example-repo-name"))
            .build());

    }
}

resources:
  exampleFederatedIdentity:
    type: tailscale:FederatedIdentity
    name: example_federated_identity
    properties:
      description: Example federated identity
      scopes:
        - auth_keys
        - devices:core
      tags:
        - tag:test
      issuer: https://example.com
      subject: example-sub-*
      customClaimRules:
        repo_name: example-repo-name

Create FederatedIdentity Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new FederatedIdentity(name: string, args: FederatedIdentityArgs, opts?: CustomResourceOptions);

@overload
def FederatedIdentity(resource_name: str,
                      args: FederatedIdentityArgs,
                      opts: Optional[ResourceOptions] = None)

@overload
def FederatedIdentity(resource_name: str,
                      opts: Optional[ResourceOptions] = None,
                      issuer: Optional[str] = None,
                      scopes: Optional[Sequence[str]] = None,
                      subject: Optional[str] = None,
                      audience: Optional[str] = None,
                      custom_claim_rules: Optional[Mapping[str, str]] = None,
                      description: Optional[str] = None,
                      tags: Optional[Sequence[str]] = None)

func NewFederatedIdentity(ctx *Context, name string, args FederatedIdentityArgs, opts ...ResourceOption) (*FederatedIdentity, error)

public FederatedIdentity(string name, FederatedIdentityArgs args, CustomResourceOptions? opts = null)

public FederatedIdentity(String name, FederatedIdentityArgs args)
public FederatedIdentity(String name, FederatedIdentityArgs args, CustomResourceOptions options)

type: tailscale:FederatedIdentity
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args FederatedIdentityArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args FederatedIdentityArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args FederatedIdentityArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args FederatedIdentityArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args FederatedIdentityArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var federatedIdentityResource = new Tailscale.FederatedIdentity("federatedIdentityResource", new()
{
    Issuer = "string",
    Scopes = new[]
    {
        "string",
    },
    Subject = "string",
    Audience = "string",
    CustomClaimRules = 
    {
        { "string", "string" },
    },
    Description = "string",
    Tags = new[]
    {
        "string",
    },
});

example, err := tailscale.NewFederatedIdentity(ctx, "federatedIdentityResource", &tailscale.FederatedIdentityArgs{
	Issuer: pulumi.String("string"),
	Scopes: pulumi.StringArray{
		pulumi.String("string"),
	},
	Subject:  pulumi.String("string"),
	Audience: pulumi.String("string"),
	CustomClaimRules: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
	Description: pulumi.String("string"),
	Tags: pulumi.StringArray{
		pulumi.String("string"),
	},
})

var federatedIdentityResource = new FederatedIdentity("federatedIdentityResource", FederatedIdentityArgs.builder()
    .issuer("string")
    .scopes("string")
    .subject("string")
    .audience("string")
    .customClaimRules(Map.of("string", "string"))
    .description("string")
    .tags("string")
    .build());

federated_identity_resource = tailscale.FederatedIdentity("federatedIdentityResource",
    issuer="string",
    scopes=["string"],
    subject="string",
    audience="string",
    custom_claim_rules={
        "string": "string",
    },
    description="string",
    tags=["string"])

const federatedIdentityResource = new tailscale.FederatedIdentity("federatedIdentityResource", {
    issuer: "string",
    scopes: ["string"],
    subject: "string",
    audience: "string",
    customClaimRules: {
        string: "string",
    },
    description: "string",
    tags: ["string"],
});

type: tailscale:FederatedIdentity
properties:
    audience: string
    customClaimRules:
        string: string
    description: string
    issuer: string
    scopes:
        - string
    subject: string
    tags:
        - string

FederatedIdentity Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The FederatedIdentity resource accepts the following input properties:

Issuer string: The issuer of the OIDC identity token used in the token exchange. Must be a valid and publicly reachable https:// URL.
Scopes List<string>: Scopes to grant to the federated identity. See https://tailscale.com/kb/1623/ for a list of available scopes.
Subject string: The pattern used when matching against the sub claim from an OIDC identity token. Patterns can include * characters to match against any character.
Audience string: The value used when matching against the aud claim from an OIDC identity token. Specifying the audience is optional as Tailscale will generate a secure audience at creation time by default. It is recommended to let Tailscale generate the audience unless the identity provider you are integrating with requires a specific audience format.
CustomClaimRules Dictionary<string, string>: A map of claim names to pattern strings used to match against arbitrary claims in the OIDC identity token. Patterns can include * characters to match against any character.
Description string: A description of the federated identity consisting of alphanumeric characters. Defaults to "".
Tags List<string>: A list of tags that access tokens generated for the federated identity will be able to assign to devices. Mandatory if the scopes include "devices:core" or "auth_keys".

Issuer string: The issuer of the OIDC identity token used in the token exchange. Must be a valid and publicly reachable https:// URL.
Scopes []string: Scopes to grant to the federated identity. See https://tailscale.com/kb/1623/ for a list of available scopes.
Subject string: The pattern used when matching against the sub claim from an OIDC identity token. Patterns can include * characters to match against any character.
Audience string: The value used when matching against the aud claim from an OIDC identity token. Specifying the audience is optional as Tailscale will generate a secure audience at creation time by default. It is recommended to let Tailscale generate the audience unless the identity provider you are integrating with requires a specific audience format.
CustomClaimRules map[string]string: A map of claim names to pattern strings used to match against arbitrary claims in the OIDC identity token. Patterns can include * characters to match against any character.
Description string: A description of the federated identity consisting of alphanumeric characters. Defaults to "".
Tags []string: A list of tags that access tokens generated for the federated identity will be able to assign to devices. Mandatory if the scopes include "devices:core" or "auth_keys".

issuer String: The issuer of the OIDC identity token used in the token exchange. Must be a valid and publicly reachable https:// URL.
scopes List<String>: Scopes to grant to the federated identity. See https://tailscale.com/kb/1623/ for a list of available scopes.
subject String: The pattern used when matching against the sub claim from an OIDC identity token. Patterns can include * characters to match against any character.
audience String: The value used when matching against the aud claim from an OIDC identity token. Specifying the audience is optional as Tailscale will generate a secure audience at creation time by default. It is recommended to let Tailscale generate the audience unless the identity provider you are integrating with requires a specific audience format.
customClaimRules Map<String,String>: A map of claim names to pattern strings used to match against arbitrary claims in the OIDC identity token. Patterns can include * characters to match against any character.
description String: A description of the federated identity consisting of alphanumeric characters. Defaults to "".
tags List<String>: A list of tags that access tokens generated for the federated identity will be able to assign to devices. Mandatory if the scopes include "devices:core" or "auth_keys".

issuer string: The issuer of the OIDC identity token used in the token exchange. Must be a valid and publicly reachable https:// URL.
scopes string[]: Scopes to grant to the federated identity. See https://tailscale.com/kb/1623/ for a list of available scopes.
subject string: The pattern used when matching against the sub claim from an OIDC identity token. Patterns can include * characters to match against any character.
audience string: The value used when matching against the aud claim from an OIDC identity token. Specifying the audience is optional as Tailscale will generate a secure audience at creation time by default. It is recommended to let Tailscale generate the audience unless the identity provider you are integrating with requires a specific audience format.
customClaimRules {[key: string]: string}: A map of claim names to pattern strings used to match against arbitrary claims in the OIDC identity token. Patterns can include * characters to match against any character.
description string: A description of the federated identity consisting of alphanumeric characters. Defaults to "".
tags string[]: A list of tags that access tokens generated for the federated identity will be able to assign to devices. Mandatory if the scopes include "devices:core" or "auth_keys".

issuer str: The issuer of the OIDC identity token used in the token exchange. Must be a valid and publicly reachable https:// URL.
scopes Sequence[str]: Scopes to grant to the federated identity. See https://tailscale.com/kb/1623/ for a list of available scopes.
subject str: The pattern used when matching against the sub claim from an OIDC identity token. Patterns can include * characters to match against any character.
audience str: The value used when matching against the aud claim from an OIDC identity token. Specifying the audience is optional as Tailscale will generate a secure audience at creation time by default. It is recommended to let Tailscale generate the audience unless the identity provider you are integrating with requires a specific audience format.
custom_claim_rules Mapping[str, str]: A map of claim names to pattern strings used to match against arbitrary claims in the OIDC identity token. Patterns can include * characters to match against any character.
description str: A description of the federated identity consisting of alphanumeric characters. Defaults to "".
tags Sequence[str]: A list of tags that access tokens generated for the federated identity will be able to assign to devices. Mandatory if the scopes include "devices:core" or "auth_keys".

issuer String: The issuer of the OIDC identity token used in the token exchange. Must be a valid and publicly reachable https:// URL.
scopes List<String>: Scopes to grant to the federated identity. See https://tailscale.com/kb/1623/ for a list of available scopes.
subject String: The pattern used when matching against the sub claim from an OIDC identity token. Patterns can include * characters to match against any character.
audience String: The value used when matching against the aud claim from an OIDC identity token. Specifying the audience is optional as Tailscale will generate a secure audience at creation time by default. It is recommended to let Tailscale generate the audience unless the identity provider you are integrating with requires a specific audience format.
customClaimRules Map<String>: A map of claim names to pattern strings used to match against arbitrary claims in the OIDC identity token. Patterns can include * characters to match against any character.
description String: A description of the federated identity consisting of alphanumeric characters. Defaults to "".
tags List<String>: A list of tags that access tokens generated for the federated identity will be able to assign to devices. Mandatory if the scopes include "devices:core" or "auth_keys".

Outputs

All input properties are implicitly available as output properties. Additionally, the FederatedIdentity resource produces the following output properties:

CreatedAt string: The creation timestamp of the key in RFC3339 format
Id string: The provider-assigned unique ID for this managed resource.
UpdatedAt string: The updated timestamp of the key in RFC3339 format
UserId string: ID of the user who created this federated identity, empty for federated identities created by other trust credentials.

CreatedAt string: The creation timestamp of the key in RFC3339 format
Id string: The provider-assigned unique ID for this managed resource.
UpdatedAt string: The updated timestamp of the key in RFC3339 format
UserId string: ID of the user who created this federated identity, empty for federated identities created by other trust credentials.

createdAt String: The creation timestamp of the key in RFC3339 format
id String: The provider-assigned unique ID for this managed resource.
updatedAt String: The updated timestamp of the key in RFC3339 format
userId String: ID of the user who created this federated identity, empty for federated identities created by other trust credentials.

createdAt string: The creation timestamp of the key in RFC3339 format
id string: The provider-assigned unique ID for this managed resource.
updatedAt string: The updated timestamp of the key in RFC3339 format
userId string: ID of the user who created this federated identity, empty for federated identities created by other trust credentials.

created_at str: The creation timestamp of the key in RFC3339 format
id str: The provider-assigned unique ID for this managed resource.
updated_at str: The updated timestamp of the key in RFC3339 format
user_id str: ID of the user who created this federated identity, empty for federated identities created by other trust credentials.

createdAt String: The creation timestamp of the key in RFC3339 format
id String: The provider-assigned unique ID for this managed resource.
updatedAt String: The updated timestamp of the key in RFC3339 format
userId String: ID of the user who created this federated identity, empty for federated identities created by other trust credentials.

Look up Existing FederatedIdentity Resource

Get an existing FederatedIdentity resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: FederatedIdentityState, opts?: CustomResourceOptions): FederatedIdentity

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        audience: Optional[str] = None,
        created_at: Optional[str] = None,
        custom_claim_rules: Optional[Mapping[str, str]] = None,
        description: Optional[str] = None,
        issuer: Optional[str] = None,
        scopes: Optional[Sequence[str]] = None,
        subject: Optional[str] = None,
        tags: Optional[Sequence[str]] = None,
        updated_at: Optional[str] = None,
        user_id: Optional[str] = None) -> FederatedIdentity

func GetFederatedIdentity(ctx *Context, name string, id IDInput, state *FederatedIdentityState, opts ...ResourceOption) (*FederatedIdentity, error)

public static FederatedIdentity Get(string name, Input<string> id, FederatedIdentityState? state, CustomResourceOptions? opts = null)

public static FederatedIdentity get(String name, Output<String> id, FederatedIdentityState state, CustomResourceOptions options)

resources:  _:    type: tailscale:FederatedIdentity    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Audience string: The value used when matching against the aud claim from an OIDC identity token. Specifying the audience is optional as Tailscale will generate a secure audience at creation time by default. It is recommended to let Tailscale generate the audience unless the identity provider you are integrating with requires a specific audience format.
CreatedAt string: The creation timestamp of the key in RFC3339 format
CustomClaimRules Dictionary<string, string>: A map of claim names to pattern strings used to match against arbitrary claims in the OIDC identity token. Patterns can include * characters to match against any character.
Description string: A description of the federated identity consisting of alphanumeric characters. Defaults to "".
Issuer string: The issuer of the OIDC identity token used in the token exchange. Must be a valid and publicly reachable https:// URL.
Scopes List<string>: Scopes to grant to the federated identity. See https://tailscale.com/kb/1623/ for a list of available scopes.
Subject string: The pattern used when matching against the sub claim from an OIDC identity token. Patterns can include * characters to match against any character.
Tags List<string>: A list of tags that access tokens generated for the federated identity will be able to assign to devices. Mandatory if the scopes include "devices:core" or "auth_keys".
UpdatedAt string: The updated timestamp of the key in RFC3339 format
UserId string: ID of the user who created this federated identity, empty for federated identities created by other trust credentials.

Audience string: The value used when matching against the aud claim from an OIDC identity token. Specifying the audience is optional as Tailscale will generate a secure audience at creation time by default. It is recommended to let Tailscale generate the audience unless the identity provider you are integrating with requires a specific audience format.
CreatedAt string: The creation timestamp of the key in RFC3339 format
CustomClaimRules map[string]string: A map of claim names to pattern strings used to match against arbitrary claims in the OIDC identity token. Patterns can include * characters to match against any character.
Description string: A description of the federated identity consisting of alphanumeric characters. Defaults to "".
Issuer string: The issuer of the OIDC identity token used in the token exchange. Must be a valid and publicly reachable https:// URL.
Scopes []string: Scopes to grant to the federated identity. See https://tailscale.com/kb/1623/ for a list of available scopes.
Subject string: The pattern used when matching against the sub claim from an OIDC identity token. Patterns can include * characters to match against any character.
Tags []string: A list of tags that access tokens generated for the federated identity will be able to assign to devices. Mandatory if the scopes include "devices:core" or "auth_keys".
UpdatedAt string: The updated timestamp of the key in RFC3339 format
UserId string: ID of the user who created this federated identity, empty for federated identities created by other trust credentials.

audience String: The value used when matching against the aud claim from an OIDC identity token. Specifying the audience is optional as Tailscale will generate a secure audience at creation time by default. It is recommended to let Tailscale generate the audience unless the identity provider you are integrating with requires a specific audience format.
createdAt String: The creation timestamp of the key in RFC3339 format
customClaimRules Map<String,String>: A map of claim names to pattern strings used to match against arbitrary claims in the OIDC identity token. Patterns can include * characters to match against any character.
description String: A description of the federated identity consisting of alphanumeric characters. Defaults to "".
issuer String: The issuer of the OIDC identity token used in the token exchange. Must be a valid and publicly reachable https:// URL.
scopes List<String>: Scopes to grant to the federated identity. See https://tailscale.com/kb/1623/ for a list of available scopes.
subject String: The pattern used when matching against the sub claim from an OIDC identity token. Patterns can include * characters to match against any character.
tags List<String>: A list of tags that access tokens generated for the federated identity will be able to assign to devices. Mandatory if the scopes include "devices:core" or "auth_keys".
updatedAt String: The updated timestamp of the key in RFC3339 format
userId String: ID of the user who created this federated identity, empty for federated identities created by other trust credentials.

audience string: The value used when matching against the aud claim from an OIDC identity token. Specifying the audience is optional as Tailscale will generate a secure audience at creation time by default. It is recommended to let Tailscale generate the audience unless the identity provider you are integrating with requires a specific audience format.
createdAt string: The creation timestamp of the key in RFC3339 format
customClaimRules {[key: string]: string}: A map of claim names to pattern strings used to match against arbitrary claims in the OIDC identity token. Patterns can include * characters to match against any character.
description string: A description of the federated identity consisting of alphanumeric characters. Defaults to "".
issuer string: The issuer of the OIDC identity token used in the token exchange. Must be a valid and publicly reachable https:// URL.
scopes string[]: Scopes to grant to the federated identity. See https://tailscale.com/kb/1623/ for a list of available scopes.
subject string: The pattern used when matching against the sub claim from an OIDC identity token. Patterns can include * characters to match against any character.
tags string[]: A list of tags that access tokens generated for the federated identity will be able to assign to devices. Mandatory if the scopes include "devices:core" or "auth_keys".
updatedAt string: The updated timestamp of the key in RFC3339 format
userId string: ID of the user who created this federated identity, empty for federated identities created by other trust credentials.

audience str: The value used when matching against the aud claim from an OIDC identity token. Specifying the audience is optional as Tailscale will generate a secure audience at creation time by default. It is recommended to let Tailscale generate the audience unless the identity provider you are integrating with requires a specific audience format.
created_at str: The creation timestamp of the key in RFC3339 format
custom_claim_rules Mapping[str, str]: A map of claim names to pattern strings used to match against arbitrary claims in the OIDC identity token. Patterns can include * characters to match against any character.
description str: A description of the federated identity consisting of alphanumeric characters. Defaults to "".
issuer str: The issuer of the OIDC identity token used in the token exchange. Must be a valid and publicly reachable https:// URL.
scopes Sequence[str]: Scopes to grant to the federated identity. See https://tailscale.com/kb/1623/ for a list of available scopes.
subject str: The pattern used when matching against the sub claim from an OIDC identity token. Patterns can include * characters to match against any character.
tags Sequence[str]: A list of tags that access tokens generated for the federated identity will be able to assign to devices. Mandatory if the scopes include "devices:core" or "auth_keys".
updated_at str: The updated timestamp of the key in RFC3339 format
user_id str: ID of the user who created this federated identity, empty for federated identities created by other trust credentials.

audience String: The value used when matching against the aud claim from an OIDC identity token. Specifying the audience is optional as Tailscale will generate a secure audience at creation time by default. It is recommended to let Tailscale generate the audience unless the identity provider you are integrating with requires a specific audience format.
createdAt String: The creation timestamp of the key in RFC3339 format
customClaimRules Map<String>: A map of claim names to pattern strings used to match against arbitrary claims in the OIDC identity token. Patterns can include * characters to match against any character.
description String: A description of the federated identity consisting of alphanumeric characters. Defaults to "".
issuer String: The issuer of the OIDC identity token used in the token exchange. Must be a valid and publicly reachable https:// URL.
scopes List<String>: Scopes to grant to the federated identity. See https://tailscale.com/kb/1623/ for a list of available scopes.
subject String: The pattern used when matching against the sub claim from an OIDC identity token. Patterns can include * characters to match against any character.
tags List<String>: A list of tags that access tokens generated for the federated identity will be able to assign to devices. Mandatory if the scopes include "devices:core" or "auth_keys".
updatedAt String: The updated timestamp of the key in RFC3339 format
userId String: ID of the user who created this federated identity, empty for federated identities created by other trust credentials.

Import

The pulumi import command can be used, for example:

$ pulumi import tailscale:index/federatedIdentity:FederatedIdentity example k1234511CNTRL-kZDRvszg8621CNTRL

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: tailscale pulumi/pulumi-tailscale
License: Apache-2.0
Notes: This Pulumi package is based on the tailscale Terraform Provider.

Tailscale v0.26.0 published on Thursday, Feb 12, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-tailscale

tailscale.FederatedIdentity

On this page

On this page

Example Usage

Create FederatedIdentity Resource

Constructor syntax

Parameters

Constructor example

FederatedIdentity Resource Properties

Inputs

Outputs

Look up Existing FederatedIdentity Resource

Import

Package Details

On this page

On this page