Docs Home
Zscaler Internet Access v1.0.1 published on Friday, Jun 6, 2025 by Zscaler
zia.AdminUsers
Explore with Pulumi AI
The zia_admin_users resource allows the creation and management of ZIA admin user account created in the Zscaler Internet Access cloud or via the API.
Example Usage
Organization Scope
######### PASSWORDS IN THIS FILE ARE FAKE AND NOT USED IN PRODUCTION SYSTEMS #########
resource "zia_admin_users" "john_smith" {
login_name = "john.smith@acme.com"
user_name = "John Smith"
email = "john.smith@acme.com"
is_password_login_allowed = true
password = "*********************"
is_security_report_comm_enabled = true
is_service_update_comm_enabled = true
is_product_update_comm_enabled = true
comments = "Administrator User"
role {
id = data.zia_admin_roles.super_admin.id
}
admin_scope_type = "ORGANIZATION"
}
data "zia_admin_roles" "super_admin" {
name = "Super Admin"
}
Department Scope
######### PASSWORDS IN THIS FILE ARE FAKE AND NOT USED IN PRODUCTION SYSTEMS #########
resource "zia_admin_users" "john_smith" {
login_name = "john.smith@acme.com"
user_name = "John Smith"
email = "john.smith@acme.com"
is_password_login_allowed = true
password = "*********************"
is_security_report_comm_enabled = true
is_service_update_comm_enabled = true
is_product_update_comm_enabled = true
comments = "Administrator User"
role {
id = data.zia_admin_roles.super_admin.id
}
admin_scope_type = "DEPARTMENT"
admin_scope_entities {
id = [ data.zia_department_management.engineering.id, data.zia_department_management.sales.id ]
}
}
data "zia_admin_roles" "super_admin" {
name = "Super Admin"
}
data "zia_department_management" "engineering" {
name = "Engineering"
}
Location Scope
######### PASSWORDS IN THIS FILE ARE FAKE AND NOT USED IN PRODUCTION SYSTEMS #########
resource "zia_admin_users" "john_smith" {
login_name = "john.smith@acme.com"
user_name = "John Smith"
email = "john.smith@acme.com"
is_password_login_allowed = true
password = "*********************"
is_security_report_comm_enabled = true
is_service_update_comm_enabled = true
is_product_update_comm_enabled = true
comments = "Administrator User"
role {
id = data.zia_admin_roles.super_admin.id
}
admin_scope_type = "LOCATION"
admin_scope_entities {
id = [ data.zia_location_management.au_sydney_branch01.id ]
}
}
data "zia_admin_roles" "super_admin" {
name = "Super Admin"
}
data "zia_location_management" "au_sydney_branch01" {
name = "AU - Sydney - Branch01"
}
Location Group Scope
######### PASSWORDS IN THIS FILE ARE FAKE AND NOT USED IN PRODUCTION SYSTEMS #########
resource "zia_admin_users" "john_smith" {
login_name = "john.smith@acme.com"
user_name = "John Smith"
email = "john.smith@acme.com"
is_password_login_allowed = true
password = "*********************"
is_security_report_comm_enabled = true
is_service_update_comm_enabled = true
is_product_update_comm_enabled = true
comments = "Administrator User"
role {
id = data.zia_admin_roles.super_admin.id
}
admin_scope_type = "LOCATION_GROUP"
admin_scope_entities {
id = [ data.zia_location_groups.corporate_user_traffic_group.id ]
}
}
data "zia_admin_roles" "super_admin" {
name = "Super Admin"
}
data "zia_location_groups" "corporate_user_traffic_group" {
name = "Corporate User Traffic Group"
}
Create AdminUsers Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new AdminUsers(name: string, args: AdminUsersArgs, opts?: CustomResourceOptions);@overload
def AdminUsers(resource_name: str,
args: AdminUsersArgs,
opts: Optional[ResourceOptions] = None)
@overload
def AdminUsers(resource_name: str,
opts: Optional[ResourceOptions] = None,
email: Optional[str] = None,
username: Optional[str] = None,
login_name: Optional[str] = None,
is_password_expired: Optional[bool] = None,
is_product_update_comm_enabled: Optional[bool] = None,
is_auditor: Optional[bool] = None,
is_exec_mobile_app_enabled: Optional[bool] = None,
is_non_editable: Optional[bool] = None,
admin_scope_entities: Optional[AdminUsersAdminScopeEntitiesArgs] = None,
is_password_login_allowed: Optional[bool] = None,
disabled: Optional[bool] = None,
is_security_report_comm_enabled: Optional[bool] = None,
is_service_update_comm_enabled: Optional[bool] = None,
comments: Optional[str] = None,
password: Optional[str] = None,
roles: Optional[Sequence[AdminUsersRoleArgs]] = None,
admin_scope_type: Optional[str] = None)func NewAdminUsers(ctx *Context, name string, args AdminUsersArgs, opts ...ResourceOption) (*AdminUsers, error)public AdminUsers(string name, AdminUsersArgs args, CustomResourceOptions? opts = null)
public AdminUsers(String name, AdminUsersArgs args)
public AdminUsers(String name, AdminUsersArgs args, CustomResourceOptions options)
type: zia:AdminUsers
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args AdminUsersArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AdminUsersArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AdminUsersArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AdminUsersArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AdminUsersArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var adminUsersResource = new Zia.AdminUsers("adminUsersResource", new()
{
Email = "string",
Username = "string",
LoginName = "string",
IsPasswordExpired = false,
IsProductUpdateCommEnabled = false,
IsAuditor = false,
IsExecMobileAppEnabled = false,
IsNonEditable = false,
AdminScopeEntities = new Zia.Inputs.AdminUsersAdminScopeEntitiesArgs
{
Ids = new[]
{
0,
},
},
IsPasswordLoginAllowed = false,
Disabled = false,
IsSecurityReportCommEnabled = false,
IsServiceUpdateCommEnabled = false,
Comments = "string",
Password = "string",
Roles = new[]
{
new Zia.Inputs.AdminUsersRoleArgs
{
Id = 0,
},
},
AdminScopeType = "string",
});
example, err := zia.NewAdminUsers(ctx, "adminUsersResource", &zia.AdminUsersArgs{
Email: pulumi.String("string"),
Username: pulumi.String("string"),
LoginName: pulumi.String("string"),
IsPasswordExpired: pulumi.Bool(false),
IsProductUpdateCommEnabled: pulumi.Bool(false),
IsAuditor: pulumi.Bool(false),
IsExecMobileAppEnabled: pulumi.Bool(false),
IsNonEditable: pulumi.Bool(false),
AdminScopeEntities: &zia.AdminUsersAdminScopeEntitiesArgs{
Ids: pulumi.IntArray{
pulumi.Int(0),
},
},
IsPasswordLoginAllowed: pulumi.Bool(false),
Disabled: pulumi.Bool(false),
IsSecurityReportCommEnabled: pulumi.Bool(false),
IsServiceUpdateCommEnabled: pulumi.Bool(false),
Comments: pulumi.String("string"),
Password: pulumi.String("string"),
Roles: zia.AdminUsersRoleArray{
&zia.AdminUsersRoleArgs{
Id: pulumi.Int(0),
},
},
AdminScopeType: pulumi.String("string"),
})
var adminUsersResource = new AdminUsers("adminUsersResource", AdminUsersArgs.builder()
.email("string")
.username("string")
.loginName("string")
.isPasswordExpired(false)
.isProductUpdateCommEnabled(false)
.isAuditor(false)
.isExecMobileAppEnabled(false)
.isNonEditable(false)
.adminScopeEntities(AdminUsersAdminScopeEntitiesArgs.builder()
.ids(0)
.build())
.isPasswordLoginAllowed(false)
.disabled(false)
.isSecurityReportCommEnabled(false)
.isServiceUpdateCommEnabled(false)
.comments("string")
.password("string")
.roles(AdminUsersRoleArgs.builder()
.id(0)
.build())
.adminScopeType("string")
.build());
admin_users_resource = zia.AdminUsers("adminUsersResource",
email="string",
username="string",
login_name="string",
is_password_expired=False,
is_product_update_comm_enabled=False,
is_auditor=False,
is_exec_mobile_app_enabled=False,
is_non_editable=False,
admin_scope_entities={
"ids": [0],
},
is_password_login_allowed=False,
disabled=False,
is_security_report_comm_enabled=False,
is_service_update_comm_enabled=False,
comments="string",
password="string",
roles=[{
"id": 0,
}],
admin_scope_type="string")
const adminUsersResource = new zia.AdminUsers("adminUsersResource", {
email: "string",
username: "string",
loginName: "string",
isPasswordExpired: false,
isProductUpdateCommEnabled: false,
isAuditor: false,
isExecMobileAppEnabled: false,
isNonEditable: false,
adminScopeEntities: {
ids: [0],
},
isPasswordLoginAllowed: false,
disabled: false,
isSecurityReportCommEnabled: false,
isServiceUpdateCommEnabled: false,
comments: "string",
password: "string",
roles: [{
id: 0,
}],
adminScopeType: "string",
});
type: zia:AdminUsers
properties:
adminScopeEntities:
ids:
- 0
adminScopeType: string
comments: string
disabled: false
email: string
isAuditor: false
isExecMobileAppEnabled: false
isNonEditable: false
isPasswordExpired: false
isPasswordLoginAllowed: false
isProductUpdateCommEnabled: false
isSecurityReportCommEnabled: false
isServiceUpdateCommEnabled: false
loginName: string
password: string
roles:
- id: 0
username: string
AdminUsers Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The AdminUsers resource accepts the following input properties:
- Email string
- Admin or auditor's email address.
- Login
Name string - Username string
- Admin or auditor's username.
- Admin
Scope zscaler.Entities Pulumi Package. Zia. Inputs. Admin Users Admin Scope Entities - list of destination ip groups
- Admin
Scope stringType - Comments string
- Additional information about the admin or auditor.
- Disabled bool
- Is
Auditor bool - Is
Exec boolMobile App Enabled - Is
Non boolEditable - Is
Password boolExpired - Is
Password boolLogin Allowed - Is
Product boolUpdate Comm Enabled - Is
Security boolReport Comm Enabled - Is
Service boolUpdate Comm Enabled - Password string
- The admin's password. If admin single sign-on (SSO) is disabled, then this field is mandatory for POST requests. This information is not provided in a GET response.
- Roles
List<zscaler.
Pulumi Package. Zia. Inputs. Admin Users Role> - Role of the admin. This is not required for an auditor.
- Email string
- Admin or auditor's email address.
- Login
Name string - Username string
- Admin or auditor's username.
- Admin
Scope AdminEntities Users Admin Scope Entities Args - list of destination ip groups
- Admin
Scope stringType - Comments string
- Additional information about the admin or auditor.
- Disabled bool
- Is
Auditor bool - Is
Exec boolMobile App Enabled - Is
Non boolEditable - Is
Password boolExpired - Is
Password boolLogin Allowed - Is
Product boolUpdate Comm Enabled - Is
Security boolReport Comm Enabled - Is
Service boolUpdate Comm Enabled - Password string
- The admin's password. If admin single sign-on (SSO) is disabled, then this field is mandatory for POST requests. This information is not provided in a GET response.
- Roles
[]Admin
Users Role Args - Role of the admin. This is not required for an auditor.
- email String
- Admin or auditor's email address.
- login
Name String - username String
- Admin or auditor's username.
- admin
Scope AdminEntities Users Admin Scope Entities - list of destination ip groups
- admin
Scope StringType - comments String
- Additional information about the admin or auditor.
- disabled Boolean
- is
Auditor Boolean - is
Exec BooleanMobile App Enabled - is
Non BooleanEditable - is
Password BooleanExpired - is
Password BooleanLogin Allowed - is
Product BooleanUpdate Comm Enabled - is
Security BooleanReport Comm Enabled - is
Service BooleanUpdate Comm Enabled - password String
- The admin's password. If admin single sign-on (SSO) is disabled, then this field is mandatory for POST requests. This information is not provided in a GET response.
- roles
List<Admin
Users Role> - Role of the admin. This is not required for an auditor.
- email string
- Admin or auditor's email address.
- login
Name string - username string
- Admin or auditor's username.
- admin
Scope AdminEntities Users Admin Scope Entities - list of destination ip groups
- admin
Scope stringType - comments string
- Additional information about the admin or auditor.
- disabled boolean
- is
Auditor boolean - is
Exec booleanMobile App Enabled - is
Non booleanEditable - is
Password booleanExpired - is
Password booleanLogin Allowed - is
Product booleanUpdate Comm Enabled - is
Security booleanReport Comm Enabled - is
Service booleanUpdate Comm Enabled - password string
- The admin's password. If admin single sign-on (SSO) is disabled, then this field is mandatory for POST requests. This information is not provided in a GET response.
- roles
Admin
Users Role[] - Role of the admin. This is not required for an auditor.
- email str
- Admin or auditor's email address.
- login_
name str - username str
- Admin or auditor's username.
- admin_
scope_ Adminentities Users Admin Scope Entities Args - list of destination ip groups
- admin_
scope_ strtype - comments str
- Additional information about the admin or auditor.
- disabled bool
- is_
auditor bool - is_
exec_ boolmobile_ app_ enabled - is_
non_ booleditable - is_
password_ boolexpired - is_
password_ boollogin_ allowed - is_
product_ boolupdate_ comm_ enabled - is_
security_ boolreport_ comm_ enabled - is_
service_ boolupdate_ comm_ enabled - password str
- The admin's password. If admin single sign-on (SSO) is disabled, then this field is mandatory for POST requests. This information is not provided in a GET response.
- roles
Sequence[Admin
Users Role Args] - Role of the admin. This is not required for an auditor.
- email String
- Admin or auditor's email address.
- login
Name String - username String
- Admin or auditor's username.
- admin
Scope Property MapEntities - list of destination ip groups
- admin
Scope StringType - comments String
- Additional information about the admin or auditor.
- disabled Boolean
- is
Auditor Boolean - is
Exec BooleanMobile App Enabled - is
Non BooleanEditable - is
Password BooleanExpired - is
Password BooleanLogin Allowed - is
Product BooleanUpdate Comm Enabled - is
Security BooleanReport Comm Enabled - is
Service BooleanUpdate Comm Enabled - password String
- The admin's password. If admin single sign-on (SSO) is disabled, then this field is mandatory for POST requests. This information is not provided in a GET response.
- roles List<Property Map>
- Role of the admin. This is not required for an auditor.
Outputs
All input properties are implicitly available as output properties. Additionally, the AdminUsers resource produces the following output properties:
Look up Existing AdminUsers Resource
Get an existing AdminUsers resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: AdminUsersState, opts?: CustomResourceOptions): AdminUsers@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
admin_id: Optional[int] = None,
admin_scope_entities: Optional[AdminUsersAdminScopeEntitiesArgs] = None,
admin_scope_type: Optional[str] = None,
comments: Optional[str] = None,
disabled: Optional[bool] = None,
email: Optional[str] = None,
is_auditor: Optional[bool] = None,
is_exec_mobile_app_enabled: Optional[bool] = None,
is_non_editable: Optional[bool] = None,
is_password_expired: Optional[bool] = None,
is_password_login_allowed: Optional[bool] = None,
is_product_update_comm_enabled: Optional[bool] = None,
is_security_report_comm_enabled: Optional[bool] = None,
is_service_update_comm_enabled: Optional[bool] = None,
login_name: Optional[str] = None,
password: Optional[str] = None,
roles: Optional[Sequence[AdminUsersRoleArgs]] = None,
username: Optional[str] = None) -> AdminUsersfunc GetAdminUsers(ctx *Context, name string, id IDInput, state *AdminUsersState, opts ...ResourceOption) (*AdminUsers, error)public static AdminUsers Get(string name, Input<string> id, AdminUsersState? state, CustomResourceOptions? opts = null)public static AdminUsers get(String name, Output<String> id, AdminUsersState state, CustomResourceOptions options)resources: _: type: zia:AdminUsers get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Admin
Id int - Admin
Scope zscaler.Entities Pulumi Package. Zia. Inputs. Admin Users Admin Scope Entities - list of destination ip groups
- Admin
Scope stringType - Comments string
- Additional information about the admin or auditor.
- Disabled bool
- Email string
- Admin or auditor's email address.
- Is
Auditor bool - Is
Exec boolMobile App Enabled - Is
Non boolEditable - Is
Password boolExpired - Is
Password boolLogin Allowed - Is
Product boolUpdate Comm Enabled - Is
Security boolReport Comm Enabled - Is
Service boolUpdate Comm Enabled - Login
Name string - Password string
- The admin's password. If admin single sign-on (SSO) is disabled, then this field is mandatory for POST requests. This information is not provided in a GET response.
- Roles
List<zscaler.
Pulumi Package. Zia. Inputs. Admin Users Role> - Role of the admin. This is not required for an auditor.
- Username string
- Admin or auditor's username.
- Admin
Id int - Admin
Scope AdminEntities Users Admin Scope Entities Args - list of destination ip groups
- Admin
Scope stringType - Comments string
- Additional information about the admin or auditor.
- Disabled bool
- Email string
- Admin or auditor's email address.
- Is
Auditor bool - Is
Exec boolMobile App Enabled - Is
Non boolEditable - Is
Password boolExpired - Is
Password boolLogin Allowed - Is
Product boolUpdate Comm Enabled - Is
Security boolReport Comm Enabled - Is
Service boolUpdate Comm Enabled - Login
Name string - Password string
- The admin's password. If admin single sign-on (SSO) is disabled, then this field is mandatory for POST requests. This information is not provided in a GET response.
- Roles
[]Admin
Users Role Args - Role of the admin. This is not required for an auditor.
- Username string
- Admin or auditor's username.
- admin
Id Integer - admin
Scope AdminEntities Users Admin Scope Entities - list of destination ip groups
- admin
Scope StringType - comments String
- Additional information about the admin or auditor.
- disabled Boolean
- email String
- Admin or auditor's email address.
- is
Auditor Boolean - is
Exec BooleanMobile App Enabled - is
Non BooleanEditable - is
Password BooleanExpired - is
Password BooleanLogin Allowed - is
Product BooleanUpdate Comm Enabled - is
Security BooleanReport Comm Enabled - is
Service BooleanUpdate Comm Enabled - login
Name String - password String
- The admin's password. If admin single sign-on (SSO) is disabled, then this field is mandatory for POST requests. This information is not provided in a GET response.
- roles
List<Admin
Users Role> - Role of the admin. This is not required for an auditor.
- username String
- Admin or auditor's username.
- admin
Id number - admin
Scope AdminEntities Users Admin Scope Entities - list of destination ip groups
- admin
Scope stringType - comments string
- Additional information about the admin or auditor.
- disabled boolean
- email string
- Admin or auditor's email address.
- is
Auditor boolean - is
Exec booleanMobile App Enabled - is
Non booleanEditable - is
Password booleanExpired - is
Password booleanLogin Allowed - is
Product booleanUpdate Comm Enabled - is
Security booleanReport Comm Enabled - is
Service booleanUpdate Comm Enabled - login
Name string - password string
- The admin's password. If admin single sign-on (SSO) is disabled, then this field is mandatory for POST requests. This information is not provided in a GET response.
- roles
Admin
Users Role[] - Role of the admin. This is not required for an auditor.
- username string
- Admin or auditor's username.
- admin_
id int - admin_
scope_ Adminentities Users Admin Scope Entities Args - list of destination ip groups
- admin_
scope_ strtype - comments str
- Additional information about the admin or auditor.
- disabled bool
- email str
- Admin or auditor's email address.
- is_
auditor bool - is_
exec_ boolmobile_ app_ enabled - is_
non_ booleditable - is_
password_ boolexpired - is_
password_ boollogin_ allowed - is_
product_ boolupdate_ comm_ enabled - is_
security_ boolreport_ comm_ enabled - is_
service_ boolupdate_ comm_ enabled - login_
name str - password str
- The admin's password. If admin single sign-on (SSO) is disabled, then this field is mandatory for POST requests. This information is not provided in a GET response.
- roles
Sequence[Admin
Users Role Args] - Role of the admin. This is not required for an auditor.
- username str
- Admin or auditor's username.
- admin
Id Number - admin
Scope Property MapEntities - list of destination ip groups
- admin
Scope StringType - comments String
- Additional information about the admin or auditor.
- disabled Boolean
- email String
- Admin or auditor's email address.
- is
Auditor Boolean - is
Exec BooleanMobile App Enabled - is
Non BooleanEditable - is
Password BooleanExpired - is
Password BooleanLogin Allowed - is
Product BooleanUpdate Comm Enabled - is
Security BooleanReport Comm Enabled - is
Service BooleanUpdate Comm Enabled - login
Name String - password String
- The admin's password. If admin single sign-on (SSO) is disabled, then this field is mandatory for POST requests. This information is not provided in a GET response.
- roles List<Property Map>
- Role of the admin. This is not required for an auditor.
- username String
- Admin or auditor's username.
Supporting Types
AdminUsersAdminScopeEntities, AdminUsersAdminScopeEntitiesArgs
- Ids List<int>
- Ids []int
- ids List<Integer>
- ids number[]
- ids Sequence[int]
- ids List<Number>
AdminUsersRole, AdminUsersRoleArgs
- Id int
- Id int
- id Integer
- id number
- id int
- id Number
Import
Zscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language.
Visit
zia_admin_users can be imported by using <ADMIN ID> or <LOGIN NAME> as the import ID.
For example:
$ pulumi import zia:index/adminUsers:AdminUsers example <admin_id>
or
$ pulumi import zia:index/adminUsers:AdminUsers example <login_name>
⚠️ NOTE :: This provider do not import the password attribute value during the importing process.
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- zia zscaler/pulumi-zia
- License
- MIT
- Notes
- This Pulumi package is based on the
ziaTerraform Provider.