1. Packages
  2. Zitadel
  3. API Docs
  4. DefaultLoginPolicy
zitadel v0.0.13 published on Wednesday, Sep 27, 2023 by pulumiverse

zitadel.DefaultLoginPolicy

Explore with Pulumi AI

zitadel logo
zitadel v0.0.13 published on Wednesday, Sep 27, 2023 by pulumiverse

    Resource representing the default login policy.

    Example Usage

    using System.Collections.Generic;
    using Pulumi;
    using Zitadel = Pulumiverse.Zitadel;
    
    return await Deployment.RunAsync(() => 
    {
        var @default = new Zitadel.DefaultLoginPolicy("default", new()
        {
            UserLogin = true,
            AllowRegister = true,
            AllowExternalIdp = true,
            ForceMfa = false,
            ForceMfaLocalOnly = false,
            PasswordlessType = "PASSWORDLESS_TYPE_ALLOWED",
            HidePasswordReset = false,
            PasswordCheckLifetime = "240h0m0s",
            ExternalLoginCheckLifetime = "240h0m0s",
            MultiFactorCheckLifetime = "24h0m0s",
            MfaInitSkipLifetime = "720h0m0s",
            SecondFactorCheckLifetime = "24h0m0s",
            IgnoreUnknownUsernames = true,
            DefaultRedirectUri = "localhost:8080",
            SecondFactors = new[]
            {
                "SECOND_FACTOR_TYPE_OTP",
                "SECOND_FACTOR_TYPE_U2F",
            },
            MultiFactors = new[]
            {
                "MULTI_FACTOR_TYPE_U2F_WITH_VERIFICATION",
            },
            Idps = new[]
            {
                data.Zitadel_idp_google.Default.Id,
                data.Zitadel_idp_azure_ad.Default.Id,
            },
            AllowDomainDiscovery = true,
            DisableLoginWithEmail = true,
            DisableLoginWithPhone = true,
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    	"github.com/pulumiverse/pulumi-zitadel/sdk/go/zitadel"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := zitadel.NewDefaultLoginPolicy(ctx, "default", &zitadel.DefaultLoginPolicyArgs{
    			UserLogin:                  pulumi.Bool(true),
    			AllowRegister:              pulumi.Bool(true),
    			AllowExternalIdp:           pulumi.Bool(true),
    			ForceMfa:                   pulumi.Bool(false),
    			ForceMfaLocalOnly:          pulumi.Bool(false),
    			PasswordlessType:           pulumi.String("PASSWORDLESS_TYPE_ALLOWED"),
    			HidePasswordReset:          pulumi.Bool(false),
    			PasswordCheckLifetime:      pulumi.String("240h0m0s"),
    			ExternalLoginCheckLifetime: pulumi.String("240h0m0s"),
    			MultiFactorCheckLifetime:   pulumi.String("24h0m0s"),
    			MfaInitSkipLifetime:        pulumi.String("720h0m0s"),
    			SecondFactorCheckLifetime:  pulumi.String("24h0m0s"),
    			IgnoreUnknownUsernames:     pulumi.Bool(true),
    			DefaultRedirectUri:         pulumi.String("localhost:8080"),
    			SecondFactors: pulumi.StringArray{
    				pulumi.String("SECOND_FACTOR_TYPE_OTP"),
    				pulumi.String("SECOND_FACTOR_TYPE_U2F"),
    			},
    			MultiFactors: pulumi.StringArray{
    				pulumi.String("MULTI_FACTOR_TYPE_U2F_WITH_VERIFICATION"),
    			},
    			Idps: pulumi.StringArray{
    				pulumi.Any(data.Zitadel_idp_google.Default.Id),
    				pulumi.Any(data.Zitadel_idp_azure_ad.Default.Id),
    			},
    			AllowDomainDiscovery:  pulumi.Bool(true),
    			DisableLoginWithEmail: pulumi.Bool(true),
    			DisableLoginWithPhone: pulumi.Bool(true),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.zitadel.DefaultLoginPolicy;
    import com.pulumi.zitadel.DefaultLoginPolicyArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var default_ = new DefaultLoginPolicy("default", DefaultLoginPolicyArgs.builder()        
                .userLogin(true)
                .allowRegister(true)
                .allowExternalIdp(true)
                .forceMfa(false)
                .forceMfaLocalOnly(false)
                .passwordlessType("PASSWORDLESS_TYPE_ALLOWED")
                .hidePasswordReset("false")
                .passwordCheckLifetime("240h0m0s")
                .externalLoginCheckLifetime("240h0m0s")
                .multiFactorCheckLifetime("24h0m0s")
                .mfaInitSkipLifetime("720h0m0s")
                .secondFactorCheckLifetime("24h0m0s")
                .ignoreUnknownUsernames(true)
                .defaultRedirectUri("localhost:8080")
                .secondFactors(            
                    "SECOND_FACTOR_TYPE_OTP",
                    "SECOND_FACTOR_TYPE_U2F")
                .multiFactors("MULTI_FACTOR_TYPE_U2F_WITH_VERIFICATION")
                .idps(            
                    data.zitadel_idp_google().default().id(),
                    data.zitadel_idp_azure_ad().default().id())
                .allowDomainDiscovery(true)
                .disableLoginWithEmail(true)
                .disableLoginWithPhone(true)
                .build());
    
        }
    }
    
    import pulumi
    import pulumiverse_zitadel as zitadel
    
    default = zitadel.DefaultLoginPolicy("default",
        user_login=True,
        allow_register=True,
        allow_external_idp=True,
        force_mfa=False,
        force_mfa_local_only=False,
        passwordless_type="PASSWORDLESS_TYPE_ALLOWED",
        hide_password_reset=False,
        password_check_lifetime="240h0m0s",
        external_login_check_lifetime="240h0m0s",
        multi_factor_check_lifetime="24h0m0s",
        mfa_init_skip_lifetime="720h0m0s",
        second_factor_check_lifetime="24h0m0s",
        ignore_unknown_usernames=True,
        default_redirect_uri="localhost:8080",
        second_factors=[
            "SECOND_FACTOR_TYPE_OTP",
            "SECOND_FACTOR_TYPE_U2F",
        ],
        multi_factors=["MULTI_FACTOR_TYPE_U2F_WITH_VERIFICATION"],
        idps=[
            data["zitadel_idp_google"]["default"]["id"],
            data["zitadel_idp_azure_ad"]["default"]["id"],
        ],
        allow_domain_discovery=True,
        disable_login_with_email=True,
        disable_login_with_phone=True)
    
    import * as pulumi from "@pulumi/pulumi";
    import * as zitadel from "@pulumiverse/zitadel";
    
    const _default = new zitadel.DefaultLoginPolicy("default", {
        userLogin: true,
        allowRegister: true,
        allowExternalIdp: true,
        forceMfa: false,
        forceMfaLocalOnly: false,
        passwordlessType: "PASSWORDLESS_TYPE_ALLOWED",
        hidePasswordReset: false,
        passwordCheckLifetime: "240h0m0s",
        externalLoginCheckLifetime: "240h0m0s",
        multiFactorCheckLifetime: "24h0m0s",
        mfaInitSkipLifetime: "720h0m0s",
        secondFactorCheckLifetime: "24h0m0s",
        ignoreUnknownUsernames: true,
        defaultRedirectUri: "localhost:8080",
        secondFactors: [
            "SECOND_FACTOR_TYPE_OTP",
            "SECOND_FACTOR_TYPE_U2F",
        ],
        multiFactors: ["MULTI_FACTOR_TYPE_U2F_WITH_VERIFICATION"],
        idps: [
            data.zitadel_idp_google["default"].id,
            data.zitadel_idp_azure_ad["default"].id,
        ],
        allowDomainDiscovery: true,
        disableLoginWithEmail: true,
        disableLoginWithPhone: true,
    });
    
    resources:
      default:
        type: zitadel:DefaultLoginPolicy
        properties:
          userLogin: true
          allowRegister: true
          allowExternalIdp: true
          forceMfa: false
          forceMfaLocalOnly: false
          passwordlessType: PASSWORDLESS_TYPE_ALLOWED
          hidePasswordReset: false
          passwordCheckLifetime: 240h0m0s
          externalLoginCheckLifetime: 240h0m0s
          multiFactorCheckLifetime: 24h0m0s
          mfaInitSkipLifetime: 720h0m0s
          secondFactorCheckLifetime: 24h0m0s
          ignoreUnknownUsernames: true
          defaultRedirectUri: localhost:8080
          secondFactors:
            - SECOND_FACTOR_TYPE_OTP
            - SECOND_FACTOR_TYPE_U2F
          multiFactors:
            - MULTI_FACTOR_TYPE_U2F_WITH_VERIFICATION
          idps:
            - ${data.zitadel_idp_google.default.id}
            - ${data.zitadel_idp_azure_ad.default.id}
          allowDomainDiscovery: true
          disableLoginWithEmail: true
          disableLoginWithPhone: true
    

    Create DefaultLoginPolicy Resource

    new DefaultLoginPolicy(name: string, args: DefaultLoginPolicyArgs, opts?: CustomResourceOptions);
    @overload
    def DefaultLoginPolicy(resource_name: str,
                           opts: Optional[ResourceOptions] = None,
                           allow_domain_discovery: Optional[bool] = None,
                           allow_external_idp: Optional[bool] = None,
                           allow_register: Optional[bool] = None,
                           default_redirect_uri: Optional[str] = None,
                           disable_login_with_email: Optional[bool] = None,
                           disable_login_with_phone: Optional[bool] = None,
                           external_login_check_lifetime: Optional[str] = None,
                           force_mfa: Optional[bool] = None,
                           force_mfa_local_only: Optional[bool] = None,
                           hide_password_reset: Optional[bool] = None,
                           idps: Optional[Sequence[str]] = None,
                           ignore_unknown_usernames: Optional[bool] = None,
                           mfa_init_skip_lifetime: Optional[str] = None,
                           multi_factor_check_lifetime: Optional[str] = None,
                           multi_factors: Optional[Sequence[str]] = None,
                           password_check_lifetime: Optional[str] = None,
                           passwordless_type: Optional[str] = None,
                           second_factor_check_lifetime: Optional[str] = None,
                           second_factors: Optional[Sequence[str]] = None,
                           user_login: Optional[bool] = None)
    @overload
    def DefaultLoginPolicy(resource_name: str,
                           args: DefaultLoginPolicyArgs,
                           opts: Optional[ResourceOptions] = None)
    func NewDefaultLoginPolicy(ctx *Context, name string, args DefaultLoginPolicyArgs, opts ...ResourceOption) (*DefaultLoginPolicy, error)
    public DefaultLoginPolicy(string name, DefaultLoginPolicyArgs args, CustomResourceOptions? opts = null)
    public DefaultLoginPolicy(String name, DefaultLoginPolicyArgs args)
    public DefaultLoginPolicy(String name, DefaultLoginPolicyArgs args, CustomResourceOptions options)
    
    type: zitadel:DefaultLoginPolicy
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args DefaultLoginPolicyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args DefaultLoginPolicyArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args DefaultLoginPolicyArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args DefaultLoginPolicyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args DefaultLoginPolicyArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    DefaultLoginPolicy Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The DefaultLoginPolicy resource accepts the following input properties:

    AllowExternalIdp bool

    defines if a user is allowed to add a defined identity provider. E.g. Google auth

    AllowRegister bool

    defines if a person is allowed to register a user on this organisation

    DefaultRedirectUri string

    defines where the user will be redirected to if the login is started without app context (e.g. from mail)

    ExternalLoginCheckLifetime string
    ForceMfa bool

    defines if a user MUST use a multi factor to log in

    ForceMfaLocalOnly bool

    if activated, ZITADEL only enforces MFA on local authentications. On authentications through MFA, ZITADEL won't prompt for MFA.

    HidePasswordReset bool

    defines if password reset link should be shown in the login screen

    IgnoreUnknownUsernames bool

    defines if unknown username on login screen directly return an error or always display the password screen

    MfaInitSkipLifetime string
    MultiFactorCheckLifetime string
    PasswordCheckLifetime string
    PasswordlessType string

    defines if passwordless is allowed for users

    SecondFactorCheckLifetime string
    UserLogin bool

    defines if a user is allowed to login with his username and password

    AllowDomainDiscovery bool

    if set to true, the suffix (@domain.com) of an unknown username input on the login screen will be matched against the org domains and will redirect to the registration of that organisation on success.

    DisableLoginWithEmail bool

    defines if user can additionally (to the loginname) be identified by their verified email address

    DisableLoginWithPhone bool

    defines if user can additionally (to the loginname) be identified by their verified phone number

    Idps List<string>

    allowed idps to login or register

    MultiFactors List<string>

    allowed multi factors

    SecondFactors List<string>

    allowed second factors

    AllowExternalIdp bool

    defines if a user is allowed to add a defined identity provider. E.g. Google auth

    AllowRegister bool

    defines if a person is allowed to register a user on this organisation

    DefaultRedirectUri string

    defines where the user will be redirected to if the login is started without app context (e.g. from mail)

    ExternalLoginCheckLifetime string
    ForceMfa bool

    defines if a user MUST use a multi factor to log in

    ForceMfaLocalOnly bool

    if activated, ZITADEL only enforces MFA on local authentications. On authentications through MFA, ZITADEL won't prompt for MFA.

    HidePasswordReset bool

    defines if password reset link should be shown in the login screen

    IgnoreUnknownUsernames bool

    defines if unknown username on login screen directly return an error or always display the password screen

    MfaInitSkipLifetime string
    MultiFactorCheckLifetime string
    PasswordCheckLifetime string
    PasswordlessType string

    defines if passwordless is allowed for users

    SecondFactorCheckLifetime string
    UserLogin bool

    defines if a user is allowed to login with his username and password

    AllowDomainDiscovery bool

    if set to true, the suffix (@domain.com) of an unknown username input on the login screen will be matched against the org domains and will redirect to the registration of that organisation on success.

    DisableLoginWithEmail bool

    defines if user can additionally (to the loginname) be identified by their verified email address

    DisableLoginWithPhone bool

    defines if user can additionally (to the loginname) be identified by their verified phone number

    Idps []string

    allowed idps to login or register

    MultiFactors []string

    allowed multi factors

    SecondFactors []string

    allowed second factors

    allowExternalIdp Boolean

    defines if a user is allowed to add a defined identity provider. E.g. Google auth

    allowRegister Boolean

    defines if a person is allowed to register a user on this organisation

    defaultRedirectUri String

    defines where the user will be redirected to if the login is started without app context (e.g. from mail)

    externalLoginCheckLifetime String
    forceMfa Boolean

    defines if a user MUST use a multi factor to log in

    forceMfaLocalOnly Boolean

    if activated, ZITADEL only enforces MFA on local authentications. On authentications through MFA, ZITADEL won't prompt for MFA.

    hidePasswordReset Boolean

    defines if password reset link should be shown in the login screen

    ignoreUnknownUsernames Boolean

    defines if unknown username on login screen directly return an error or always display the password screen

    mfaInitSkipLifetime String
    multiFactorCheckLifetime String
    passwordCheckLifetime String
    passwordlessType String

    defines if passwordless is allowed for users

    secondFactorCheckLifetime String
    userLogin Boolean

    defines if a user is allowed to login with his username and password

    allowDomainDiscovery Boolean

    if set to true, the suffix (@domain.com) of an unknown username input on the login screen will be matched against the org domains and will redirect to the registration of that organisation on success.

    disableLoginWithEmail Boolean

    defines if user can additionally (to the loginname) be identified by their verified email address

    disableLoginWithPhone Boolean

    defines if user can additionally (to the loginname) be identified by their verified phone number

    idps List<String>

    allowed idps to login or register

    multiFactors List<String>

    allowed multi factors

    secondFactors List<String>

    allowed second factors

    allowExternalIdp boolean

    defines if a user is allowed to add a defined identity provider. E.g. Google auth

    allowRegister boolean

    defines if a person is allowed to register a user on this organisation

    defaultRedirectUri string

    defines where the user will be redirected to if the login is started without app context (e.g. from mail)

    externalLoginCheckLifetime string
    forceMfa boolean

    defines if a user MUST use a multi factor to log in

    forceMfaLocalOnly boolean

    if activated, ZITADEL only enforces MFA on local authentications. On authentications through MFA, ZITADEL won't prompt for MFA.

    hidePasswordReset boolean

    defines if password reset link should be shown in the login screen

    ignoreUnknownUsernames boolean

    defines if unknown username on login screen directly return an error or always display the password screen

    mfaInitSkipLifetime string
    multiFactorCheckLifetime string
    passwordCheckLifetime string
    passwordlessType string

    defines if passwordless is allowed for users

    secondFactorCheckLifetime string
    userLogin boolean

    defines if a user is allowed to login with his username and password

    allowDomainDiscovery boolean

    if set to true, the suffix (@domain.com) of an unknown username input on the login screen will be matched against the org domains and will redirect to the registration of that organisation on success.

    disableLoginWithEmail boolean

    defines if user can additionally (to the loginname) be identified by their verified email address

    disableLoginWithPhone boolean

    defines if user can additionally (to the loginname) be identified by their verified phone number

    idps string[]

    allowed idps to login or register

    multiFactors string[]

    allowed multi factors

    secondFactors string[]

    allowed second factors

    allow_external_idp bool

    defines if a user is allowed to add a defined identity provider. E.g. Google auth

    allow_register bool

    defines if a person is allowed to register a user on this organisation

    default_redirect_uri str

    defines where the user will be redirected to if the login is started without app context (e.g. from mail)

    external_login_check_lifetime str
    force_mfa bool

    defines if a user MUST use a multi factor to log in

    force_mfa_local_only bool

    if activated, ZITADEL only enforces MFA on local authentications. On authentications through MFA, ZITADEL won't prompt for MFA.

    hide_password_reset bool

    defines if password reset link should be shown in the login screen

    ignore_unknown_usernames bool

    defines if unknown username on login screen directly return an error or always display the password screen

    mfa_init_skip_lifetime str
    multi_factor_check_lifetime str
    password_check_lifetime str
    passwordless_type str

    defines if passwordless is allowed for users

    second_factor_check_lifetime str
    user_login bool

    defines if a user is allowed to login with his username and password

    allow_domain_discovery bool

    if set to true, the suffix (@domain.com) of an unknown username input on the login screen will be matched against the org domains and will redirect to the registration of that organisation on success.

    disable_login_with_email bool

    defines if user can additionally (to the loginname) be identified by their verified email address

    disable_login_with_phone bool

    defines if user can additionally (to the loginname) be identified by their verified phone number

    idps Sequence[str]

    allowed idps to login or register

    multi_factors Sequence[str]

    allowed multi factors

    second_factors Sequence[str]

    allowed second factors

    allowExternalIdp Boolean

    defines if a user is allowed to add a defined identity provider. E.g. Google auth

    allowRegister Boolean

    defines if a person is allowed to register a user on this organisation

    defaultRedirectUri String

    defines where the user will be redirected to if the login is started without app context (e.g. from mail)

    externalLoginCheckLifetime String
    forceMfa Boolean

    defines if a user MUST use a multi factor to log in

    forceMfaLocalOnly Boolean

    if activated, ZITADEL only enforces MFA on local authentications. On authentications through MFA, ZITADEL won't prompt for MFA.

    hidePasswordReset Boolean

    defines if password reset link should be shown in the login screen

    ignoreUnknownUsernames Boolean

    defines if unknown username on login screen directly return an error or always display the password screen

    mfaInitSkipLifetime String
    multiFactorCheckLifetime String
    passwordCheckLifetime String
    passwordlessType String

    defines if passwordless is allowed for users

    secondFactorCheckLifetime String
    userLogin Boolean

    defines if a user is allowed to login with his username and password

    allowDomainDiscovery Boolean

    if set to true, the suffix (@domain.com) of an unknown username input on the login screen will be matched against the org domains and will redirect to the registration of that organisation on success.

    disableLoginWithEmail Boolean

    defines if user can additionally (to the loginname) be identified by their verified email address

    disableLoginWithPhone Boolean

    defines if user can additionally (to the loginname) be identified by their verified phone number

    idps List<String>

    allowed idps to login or register

    multiFactors List<String>

    allowed multi factors

    secondFactors List<String>

    allowed second factors

    Outputs

    All input properties are implicitly available as output properties. Additionally, the DefaultLoginPolicy resource produces the following output properties:

    Id string

    The provider-assigned unique ID for this managed resource.

    Id string

    The provider-assigned unique ID for this managed resource.

    id String

    The provider-assigned unique ID for this managed resource.

    id string

    The provider-assigned unique ID for this managed resource.

    id str

    The provider-assigned unique ID for this managed resource.

    id String

    The provider-assigned unique ID for this managed resource.

    Look up Existing DefaultLoginPolicy Resource

    Get an existing DefaultLoginPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: DefaultLoginPolicyState, opts?: CustomResourceOptions): DefaultLoginPolicy
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            allow_domain_discovery: Optional[bool] = None,
            allow_external_idp: Optional[bool] = None,
            allow_register: Optional[bool] = None,
            default_redirect_uri: Optional[str] = None,
            disable_login_with_email: Optional[bool] = None,
            disable_login_with_phone: Optional[bool] = None,
            external_login_check_lifetime: Optional[str] = None,
            force_mfa: Optional[bool] = None,
            force_mfa_local_only: Optional[bool] = None,
            hide_password_reset: Optional[bool] = None,
            idps: Optional[Sequence[str]] = None,
            ignore_unknown_usernames: Optional[bool] = None,
            mfa_init_skip_lifetime: Optional[str] = None,
            multi_factor_check_lifetime: Optional[str] = None,
            multi_factors: Optional[Sequence[str]] = None,
            password_check_lifetime: Optional[str] = None,
            passwordless_type: Optional[str] = None,
            second_factor_check_lifetime: Optional[str] = None,
            second_factors: Optional[Sequence[str]] = None,
            user_login: Optional[bool] = None) -> DefaultLoginPolicy
    func GetDefaultLoginPolicy(ctx *Context, name string, id IDInput, state *DefaultLoginPolicyState, opts ...ResourceOption) (*DefaultLoginPolicy, error)
    public static DefaultLoginPolicy Get(string name, Input<string> id, DefaultLoginPolicyState? state, CustomResourceOptions? opts = null)
    public static DefaultLoginPolicy get(String name, Output<String> id, DefaultLoginPolicyState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AllowDomainDiscovery bool

    if set to true, the suffix (@domain.com) of an unknown username input on the login screen will be matched against the org domains and will redirect to the registration of that organisation on success.

    AllowExternalIdp bool

    defines if a user is allowed to add a defined identity provider. E.g. Google auth

    AllowRegister bool

    defines if a person is allowed to register a user on this organisation

    DefaultRedirectUri string

    defines where the user will be redirected to if the login is started without app context (e.g. from mail)

    DisableLoginWithEmail bool

    defines if user can additionally (to the loginname) be identified by their verified email address

    DisableLoginWithPhone bool

    defines if user can additionally (to the loginname) be identified by their verified phone number

    ExternalLoginCheckLifetime string
    ForceMfa bool

    defines if a user MUST use a multi factor to log in

    ForceMfaLocalOnly bool

    if activated, ZITADEL only enforces MFA on local authentications. On authentications through MFA, ZITADEL won't prompt for MFA.

    HidePasswordReset bool

    defines if password reset link should be shown in the login screen

    Idps List<string>

    allowed idps to login or register

    IgnoreUnknownUsernames bool

    defines if unknown username on login screen directly return an error or always display the password screen

    MfaInitSkipLifetime string
    MultiFactorCheckLifetime string
    MultiFactors List<string>

    allowed multi factors

    PasswordCheckLifetime string
    PasswordlessType string

    defines if passwordless is allowed for users

    SecondFactorCheckLifetime string
    SecondFactors List<string>

    allowed second factors

    UserLogin bool

    defines if a user is allowed to login with his username and password

    AllowDomainDiscovery bool

    if set to true, the suffix (@domain.com) of an unknown username input on the login screen will be matched against the org domains and will redirect to the registration of that organisation on success.

    AllowExternalIdp bool

    defines if a user is allowed to add a defined identity provider. E.g. Google auth

    AllowRegister bool

    defines if a person is allowed to register a user on this organisation

    DefaultRedirectUri string

    defines where the user will be redirected to if the login is started without app context (e.g. from mail)

    DisableLoginWithEmail bool

    defines if user can additionally (to the loginname) be identified by their verified email address

    DisableLoginWithPhone bool

    defines if user can additionally (to the loginname) be identified by their verified phone number

    ExternalLoginCheckLifetime string
    ForceMfa bool

    defines if a user MUST use a multi factor to log in

    ForceMfaLocalOnly bool

    if activated, ZITADEL only enforces MFA on local authentications. On authentications through MFA, ZITADEL won't prompt for MFA.

    HidePasswordReset bool

    defines if password reset link should be shown in the login screen

    Idps []string

    allowed idps to login or register

    IgnoreUnknownUsernames bool

    defines if unknown username on login screen directly return an error or always display the password screen

    MfaInitSkipLifetime string
    MultiFactorCheckLifetime string
    MultiFactors []string

    allowed multi factors

    PasswordCheckLifetime string
    PasswordlessType string

    defines if passwordless is allowed for users

    SecondFactorCheckLifetime string
    SecondFactors []string

    allowed second factors

    UserLogin bool

    defines if a user is allowed to login with his username and password

    allowDomainDiscovery Boolean

    if set to true, the suffix (@domain.com) of an unknown username input on the login screen will be matched against the org domains and will redirect to the registration of that organisation on success.

    allowExternalIdp Boolean

    defines if a user is allowed to add a defined identity provider. E.g. Google auth

    allowRegister Boolean

    defines if a person is allowed to register a user on this organisation

    defaultRedirectUri String

    defines where the user will be redirected to if the login is started without app context (e.g. from mail)

    disableLoginWithEmail Boolean

    defines if user can additionally (to the loginname) be identified by their verified email address

    disableLoginWithPhone Boolean

    defines if user can additionally (to the loginname) be identified by their verified phone number

    externalLoginCheckLifetime String
    forceMfa Boolean

    defines if a user MUST use a multi factor to log in

    forceMfaLocalOnly Boolean

    if activated, ZITADEL only enforces MFA on local authentications. On authentications through MFA, ZITADEL won't prompt for MFA.

    hidePasswordReset Boolean

    defines if password reset link should be shown in the login screen

    idps List<String>

    allowed idps to login or register

    ignoreUnknownUsernames Boolean

    defines if unknown username on login screen directly return an error or always display the password screen

    mfaInitSkipLifetime String
    multiFactorCheckLifetime String
    multiFactors List<String>

    allowed multi factors

    passwordCheckLifetime String
    passwordlessType String

    defines if passwordless is allowed for users

    secondFactorCheckLifetime String
    secondFactors List<String>

    allowed second factors

    userLogin Boolean

    defines if a user is allowed to login with his username and password

    allowDomainDiscovery boolean

    if set to true, the suffix (@domain.com) of an unknown username input on the login screen will be matched against the org domains and will redirect to the registration of that organisation on success.

    allowExternalIdp boolean

    defines if a user is allowed to add a defined identity provider. E.g. Google auth

    allowRegister boolean

    defines if a person is allowed to register a user on this organisation

    defaultRedirectUri string

    defines where the user will be redirected to if the login is started without app context (e.g. from mail)

    disableLoginWithEmail boolean

    defines if user can additionally (to the loginname) be identified by their verified email address

    disableLoginWithPhone boolean

    defines if user can additionally (to the loginname) be identified by their verified phone number

    externalLoginCheckLifetime string
    forceMfa boolean

    defines if a user MUST use a multi factor to log in

    forceMfaLocalOnly boolean

    if activated, ZITADEL only enforces MFA on local authentications. On authentications through MFA, ZITADEL won't prompt for MFA.

    hidePasswordReset boolean

    defines if password reset link should be shown in the login screen

    idps string[]

    allowed idps to login or register

    ignoreUnknownUsernames boolean

    defines if unknown username on login screen directly return an error or always display the password screen

    mfaInitSkipLifetime string
    multiFactorCheckLifetime string
    multiFactors string[]

    allowed multi factors

    passwordCheckLifetime string
    passwordlessType string

    defines if passwordless is allowed for users

    secondFactorCheckLifetime string
    secondFactors string[]

    allowed second factors

    userLogin boolean

    defines if a user is allowed to login with his username and password

    allow_domain_discovery bool

    if set to true, the suffix (@domain.com) of an unknown username input on the login screen will be matched against the org domains and will redirect to the registration of that organisation on success.

    allow_external_idp bool

    defines if a user is allowed to add a defined identity provider. E.g. Google auth

    allow_register bool

    defines if a person is allowed to register a user on this organisation

    default_redirect_uri str

    defines where the user will be redirected to if the login is started without app context (e.g. from mail)

    disable_login_with_email bool

    defines if user can additionally (to the loginname) be identified by their verified email address

    disable_login_with_phone bool

    defines if user can additionally (to the loginname) be identified by their verified phone number

    external_login_check_lifetime str
    force_mfa bool

    defines if a user MUST use a multi factor to log in

    force_mfa_local_only bool

    if activated, ZITADEL only enforces MFA on local authentications. On authentications through MFA, ZITADEL won't prompt for MFA.

    hide_password_reset bool

    defines if password reset link should be shown in the login screen

    idps Sequence[str]

    allowed idps to login or register

    ignore_unknown_usernames bool

    defines if unknown username on login screen directly return an error or always display the password screen

    mfa_init_skip_lifetime str
    multi_factor_check_lifetime str
    multi_factors Sequence[str]

    allowed multi factors

    password_check_lifetime str
    passwordless_type str

    defines if passwordless is allowed for users

    second_factor_check_lifetime str
    second_factors Sequence[str]

    allowed second factors

    user_login bool

    defines if a user is allowed to login with his username and password

    allowDomainDiscovery Boolean

    if set to true, the suffix (@domain.com) of an unknown username input on the login screen will be matched against the org domains and will redirect to the registration of that organisation on success.

    allowExternalIdp Boolean

    defines if a user is allowed to add a defined identity provider. E.g. Google auth

    allowRegister Boolean

    defines if a person is allowed to register a user on this organisation

    defaultRedirectUri String

    defines where the user will be redirected to if the login is started without app context (e.g. from mail)

    disableLoginWithEmail Boolean

    defines if user can additionally (to the loginname) be identified by their verified email address

    disableLoginWithPhone Boolean

    defines if user can additionally (to the loginname) be identified by their verified phone number

    externalLoginCheckLifetime String
    forceMfa Boolean

    defines if a user MUST use a multi factor to log in

    forceMfaLocalOnly Boolean

    if activated, ZITADEL only enforces MFA on local authentications. On authentications through MFA, ZITADEL won't prompt for MFA.

    hidePasswordReset Boolean

    defines if password reset link should be shown in the login screen

    idps List<String>

    allowed idps to login or register

    ignoreUnknownUsernames Boolean

    defines if unknown username on login screen directly return an error or always display the password screen

    mfaInitSkipLifetime String
    multiFactorCheckLifetime String
    multiFactors List<String>

    allowed multi factors

    passwordCheckLifetime String
    passwordlessType String

    defines if passwordless is allowed for users

    secondFactorCheckLifetime String
    secondFactors List<String>

    allowed second factors

    userLogin Boolean

    defines if a user is allowed to login with his username and password

    Import

    terraform # The resource can be imported using the ID format <>, e.g.

     $ pulumi import zitadel:index/defaultLoginPolicy:DefaultLoginPolicy imported ''
    

    Package Details

    Repository
    zitadel pulumiverse/pulumi-zitadel
    License
    Apache-2.0
    Notes

    This Pulumi package is based on the zitadel Terraform Provider.

    zitadel logo
    zitadel v0.0.13 published on Wednesday, Sep 27, 2023 by pulumiverse