Docs
Packageszitadel.DefaultLoginPolicy
Explore with Pulumi AI
Resource representing the default login policy.
Example Usage
using System.Collections.Generic;
using Pulumi;
using Zitadel = Pulumiverse.Zitadel;
return await Deployment.RunAsync(() =>
{
var @default = new Zitadel.DefaultLoginPolicy("default", new()
{
UserLogin = true,
AllowRegister = true,
AllowExternalIdp = true,
ForceMfa = false,
ForceMfaLocalOnly = false,
PasswordlessType = "PASSWORDLESS_TYPE_ALLOWED",
HidePasswordReset = false,
PasswordCheckLifetime = "240h0m0s",
ExternalLoginCheckLifetime = "240h0m0s",
MultiFactorCheckLifetime = "24h0m0s",
MfaInitSkipLifetime = "720h0m0s",
SecondFactorCheckLifetime = "24h0m0s",
IgnoreUnknownUsernames = true,
DefaultRedirectUri = "localhost:8080",
SecondFactors = new[]
{
"SECOND_FACTOR_TYPE_OTP",
"SECOND_FACTOR_TYPE_U2F",
},
MultiFactors = new[]
{
"MULTI_FACTOR_TYPE_U2F_WITH_VERIFICATION",
},
Idps = new[]
{
data.Zitadel_idp_google.Default.Id,
data.Zitadel_idp_azure_ad.Default.Id,
},
AllowDomainDiscovery = true,
DisableLoginWithEmail = true,
DisableLoginWithPhone = true,
});
});
package main
import (
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/pulumiverse/pulumi-zitadel/sdk/go/zitadel"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := zitadel.NewDefaultLoginPolicy(ctx, "default", &zitadel.DefaultLoginPolicyArgs{
UserLogin: pulumi.Bool(true),
AllowRegister: pulumi.Bool(true),
AllowExternalIdp: pulumi.Bool(true),
ForceMfa: pulumi.Bool(false),
ForceMfaLocalOnly: pulumi.Bool(false),
PasswordlessType: pulumi.String("PASSWORDLESS_TYPE_ALLOWED"),
HidePasswordReset: pulumi.Bool(false),
PasswordCheckLifetime: pulumi.String("240h0m0s"),
ExternalLoginCheckLifetime: pulumi.String("240h0m0s"),
MultiFactorCheckLifetime: pulumi.String("24h0m0s"),
MfaInitSkipLifetime: pulumi.String("720h0m0s"),
SecondFactorCheckLifetime: pulumi.String("24h0m0s"),
IgnoreUnknownUsernames: pulumi.Bool(true),
DefaultRedirectUri: pulumi.String("localhost:8080"),
SecondFactors: pulumi.StringArray{
pulumi.String("SECOND_FACTOR_TYPE_OTP"),
pulumi.String("SECOND_FACTOR_TYPE_U2F"),
},
MultiFactors: pulumi.StringArray{
pulumi.String("MULTI_FACTOR_TYPE_U2F_WITH_VERIFICATION"),
},
Idps: pulumi.StringArray{
pulumi.Any(data.Zitadel_idp_google.Default.Id),
pulumi.Any(data.Zitadel_idp_azure_ad.Default.Id),
},
AllowDomainDiscovery: pulumi.Bool(true),
DisableLoginWithEmail: pulumi.Bool(true),
DisableLoginWithPhone: pulumi.Bool(true),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.zitadel.DefaultLoginPolicy;
import com.pulumi.zitadel.DefaultLoginPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var default_ = new DefaultLoginPolicy("default", DefaultLoginPolicyArgs.builder()
.userLogin(true)
.allowRegister(true)
.allowExternalIdp(true)
.forceMfa(false)
.forceMfaLocalOnly(false)
.passwordlessType("PASSWORDLESS_TYPE_ALLOWED")
.hidePasswordReset("false")
.passwordCheckLifetime("240h0m0s")
.externalLoginCheckLifetime("240h0m0s")
.multiFactorCheckLifetime("24h0m0s")
.mfaInitSkipLifetime("720h0m0s")
.secondFactorCheckLifetime("24h0m0s")
.ignoreUnknownUsernames(true)
.defaultRedirectUri("localhost:8080")
.secondFactors(
"SECOND_FACTOR_TYPE_OTP",
"SECOND_FACTOR_TYPE_U2F")
.multiFactors("MULTI_FACTOR_TYPE_U2F_WITH_VERIFICATION")
.idps(
data.zitadel_idp_google().default().id(),
data.zitadel_idp_azure_ad().default().id())
.allowDomainDiscovery(true)
.disableLoginWithEmail(true)
.disableLoginWithPhone(true)
.build());
}
}
import pulumi
import pulumiverse_zitadel as zitadel
default = zitadel.DefaultLoginPolicy("default",
user_login=True,
allow_register=True,
allow_external_idp=True,
force_mfa=False,
force_mfa_local_only=False,
passwordless_type="PASSWORDLESS_TYPE_ALLOWED",
hide_password_reset=False,
password_check_lifetime="240h0m0s",
external_login_check_lifetime="240h0m0s",
multi_factor_check_lifetime="24h0m0s",
mfa_init_skip_lifetime="720h0m0s",
second_factor_check_lifetime="24h0m0s",
ignore_unknown_usernames=True,
default_redirect_uri="localhost:8080",
second_factors=[
"SECOND_FACTOR_TYPE_OTP",
"SECOND_FACTOR_TYPE_U2F",
],
multi_factors=["MULTI_FACTOR_TYPE_U2F_WITH_VERIFICATION"],
idps=[
data["zitadel_idp_google"]["default"]["id"],
data["zitadel_idp_azure_ad"]["default"]["id"],
],
allow_domain_discovery=True,
disable_login_with_email=True,
disable_login_with_phone=True)
import * as pulumi from "@pulumi/pulumi";
import * as zitadel from "@pulumiverse/zitadel";
const _default = new zitadel.DefaultLoginPolicy("default", {
userLogin: true,
allowRegister: true,
allowExternalIdp: true,
forceMfa: false,
forceMfaLocalOnly: false,
passwordlessType: "PASSWORDLESS_TYPE_ALLOWED",
hidePasswordReset: false,
passwordCheckLifetime: "240h0m0s",
externalLoginCheckLifetime: "240h0m0s",
multiFactorCheckLifetime: "24h0m0s",
mfaInitSkipLifetime: "720h0m0s",
secondFactorCheckLifetime: "24h0m0s",
ignoreUnknownUsernames: true,
defaultRedirectUri: "localhost:8080",
secondFactors: [
"SECOND_FACTOR_TYPE_OTP",
"SECOND_FACTOR_TYPE_U2F",
],
multiFactors: ["MULTI_FACTOR_TYPE_U2F_WITH_VERIFICATION"],
idps: [
data.zitadel_idp_google["default"].id,
data.zitadel_idp_azure_ad["default"].id,
],
allowDomainDiscovery: true,
disableLoginWithEmail: true,
disableLoginWithPhone: true,
});
resources:
default:
type: zitadel:DefaultLoginPolicy
properties:
userLogin: true
allowRegister: true
allowExternalIdp: true
forceMfa: false
forceMfaLocalOnly: false
passwordlessType: PASSWORDLESS_TYPE_ALLOWED
hidePasswordReset: false
passwordCheckLifetime: 240h0m0s
externalLoginCheckLifetime: 240h0m0s
multiFactorCheckLifetime: 24h0m0s
mfaInitSkipLifetime: 720h0m0s
secondFactorCheckLifetime: 24h0m0s
ignoreUnknownUsernames: true
defaultRedirectUri: localhost:8080
secondFactors:
- SECOND_FACTOR_TYPE_OTP
- SECOND_FACTOR_TYPE_U2F
multiFactors:
- MULTI_FACTOR_TYPE_U2F_WITH_VERIFICATION
idps:
- ${data.zitadel_idp_google.default.id}
- ${data.zitadel_idp_azure_ad.default.id}
allowDomainDiscovery: true
disableLoginWithEmail: true
disableLoginWithPhone: true
Create DefaultLoginPolicy Resource
new DefaultLoginPolicy(name: string, args: DefaultLoginPolicyArgs, opts?: CustomResourceOptions);@overload
def DefaultLoginPolicy(resource_name: str,
opts: Optional[ResourceOptions] = None,
allow_domain_discovery: Optional[bool] = None,
allow_external_idp: Optional[bool] = None,
allow_register: Optional[bool] = None,
default_redirect_uri: Optional[str] = None,
disable_login_with_email: Optional[bool] = None,
disable_login_with_phone: Optional[bool] = None,
external_login_check_lifetime: Optional[str] = None,
force_mfa: Optional[bool] = None,
force_mfa_local_only: Optional[bool] = None,
hide_password_reset: Optional[bool] = None,
idps: Optional[Sequence[str]] = None,
ignore_unknown_usernames: Optional[bool] = None,
mfa_init_skip_lifetime: Optional[str] = None,
multi_factor_check_lifetime: Optional[str] = None,
multi_factors: Optional[Sequence[str]] = None,
password_check_lifetime: Optional[str] = None,
passwordless_type: Optional[str] = None,
second_factor_check_lifetime: Optional[str] = None,
second_factors: Optional[Sequence[str]] = None,
user_login: Optional[bool] = None)
@overload
def DefaultLoginPolicy(resource_name: str,
args: DefaultLoginPolicyArgs,
opts: Optional[ResourceOptions] = None)func NewDefaultLoginPolicy(ctx *Context, name string, args DefaultLoginPolicyArgs, opts ...ResourceOption) (*DefaultLoginPolicy, error)public DefaultLoginPolicy(string name, DefaultLoginPolicyArgs args, CustomResourceOptions? opts = null)
public DefaultLoginPolicy(String name, DefaultLoginPolicyArgs args)
public DefaultLoginPolicy(String name, DefaultLoginPolicyArgs args, CustomResourceOptions options)
type: zitadel:DefaultLoginPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args DefaultLoginPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args DefaultLoginPolicyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args DefaultLoginPolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args DefaultLoginPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args DefaultLoginPolicyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
DefaultLoginPolicy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The DefaultLoginPolicy resource accepts the following input properties:
- Allow
External boolIdp defines if a user is allowed to add a defined identity provider. E.g. Google auth
- Allow
Register bool defines if a person is allowed to register a user on this organisation
- Default
Redirect stringUri defines where the user will be redirected to if the login is started without app context (e.g. from mail)
- External
Login stringCheck Lifetime - Force
Mfa bool defines if a user MUST use a multi factor to log in
- Force
Mfa boolLocal Only if activated, ZITADEL only enforces MFA on local authentications. On authentications through MFA, ZITADEL won't prompt for MFA.
- Hide
Password boolReset defines if password reset link should be shown in the login screen
- Ignore
Unknown boolUsernames defines if unknown username on login screen directly return an error or always display the password screen
- Mfa
Init stringSkip Lifetime - Multi
Factor stringCheck Lifetime - Password
Check stringLifetime - Passwordless
Type string defines if passwordless is allowed for users
- Second
Factor stringCheck Lifetime - User
Login bool defines if a user is allowed to login with his username and password
- Allow
Domain boolDiscovery if set to true, the suffix (@domain.com) of an unknown username input on the login screen will be matched against the org domains and will redirect to the registration of that organisation on success.
- Disable
Login boolWith Email defines if user can additionally (to the loginname) be identified by their verified email address
- Disable
Login boolWith Phone defines if user can additionally (to the loginname) be identified by their verified phone number
- Idps List<string>
allowed idps to login or register
- Multi
Factors List<string> allowed multi factors
- Second
Factors List<string> allowed second factors
- Allow
External boolIdp defines if a user is allowed to add a defined identity provider. E.g. Google auth
- Allow
Register bool defines if a person is allowed to register a user on this organisation
- Default
Redirect stringUri defines where the user will be redirected to if the login is started without app context (e.g. from mail)
- External
Login stringCheck Lifetime - Force
Mfa bool defines if a user MUST use a multi factor to log in
- Force
Mfa boolLocal Only if activated, ZITADEL only enforces MFA on local authentications. On authentications through MFA, ZITADEL won't prompt for MFA.
- Hide
Password boolReset defines if password reset link should be shown in the login screen
- Ignore
Unknown boolUsernames defines if unknown username on login screen directly return an error or always display the password screen
- Mfa
Init stringSkip Lifetime - Multi
Factor stringCheck Lifetime - Password
Check stringLifetime - Passwordless
Type string defines if passwordless is allowed for users
- Second
Factor stringCheck Lifetime - User
Login bool defines if a user is allowed to login with his username and password
- Allow
Domain boolDiscovery if set to true, the suffix (@domain.com) of an unknown username input on the login screen will be matched against the org domains and will redirect to the registration of that organisation on success.
- Disable
Login boolWith Email defines if user can additionally (to the loginname) be identified by their verified email address
- Disable
Login boolWith Phone defines if user can additionally (to the loginname) be identified by their verified phone number
- Idps []string
allowed idps to login or register
- Multi
Factors []string allowed multi factors
- Second
Factors []string allowed second factors
- allow
External BooleanIdp defines if a user is allowed to add a defined identity provider. E.g. Google auth
- allow
Register Boolean defines if a person is allowed to register a user on this organisation
- default
Redirect StringUri defines where the user will be redirected to if the login is started without app context (e.g. from mail)
- external
Login StringCheck Lifetime - force
Mfa Boolean defines if a user MUST use a multi factor to log in
- force
Mfa BooleanLocal Only if activated, ZITADEL only enforces MFA on local authentications. On authentications through MFA, ZITADEL won't prompt for MFA.
- hide
Password BooleanReset defines if password reset link should be shown in the login screen
- ignore
Unknown BooleanUsernames defines if unknown username on login screen directly return an error or always display the password screen
- mfa
Init StringSkip Lifetime - multi
Factor StringCheck Lifetime - password
Check StringLifetime - passwordless
Type String defines if passwordless is allowed for users
- second
Factor StringCheck Lifetime - user
Login Boolean defines if a user is allowed to login with his username and password
- allow
Domain BooleanDiscovery if set to true, the suffix (@domain.com) of an unknown username input on the login screen will be matched against the org domains and will redirect to the registration of that organisation on success.
- disable
Login BooleanWith Email defines if user can additionally (to the loginname) be identified by their verified email address
- disable
Login BooleanWith Phone defines if user can additionally (to the loginname) be identified by their verified phone number
- idps List<String>
allowed idps to login or register
- multi
Factors List<String> allowed multi factors
- second
Factors List<String> allowed second factors
- allow
External booleanIdp defines if a user is allowed to add a defined identity provider. E.g. Google auth
- allow
Register boolean defines if a person is allowed to register a user on this organisation
- default
Redirect stringUri defines where the user will be redirected to if the login is started without app context (e.g. from mail)
- external
Login stringCheck Lifetime - force
Mfa boolean defines if a user MUST use a multi factor to log in
- force
Mfa booleanLocal Only if activated, ZITADEL only enforces MFA on local authentications. On authentications through MFA, ZITADEL won't prompt for MFA.
- hide
Password booleanReset defines if password reset link should be shown in the login screen
- ignore
Unknown booleanUsernames defines if unknown username on login screen directly return an error or always display the password screen
- mfa
Init stringSkip Lifetime - multi
Factor stringCheck Lifetime - password
Check stringLifetime - passwordless
Type string defines if passwordless is allowed for users
- second
Factor stringCheck Lifetime - user
Login boolean defines if a user is allowed to login with his username and password
- allow
Domain booleanDiscovery if set to true, the suffix (@domain.com) of an unknown username input on the login screen will be matched against the org domains and will redirect to the registration of that organisation on success.
- disable
Login booleanWith Email defines if user can additionally (to the loginname) be identified by their verified email address
- disable
Login booleanWith Phone defines if user can additionally (to the loginname) be identified by their verified phone number
- idps string[]
allowed idps to login or register
- multi
Factors string[] allowed multi factors
- second
Factors string[] allowed second factors
- allow_
external_ boolidp defines if a user is allowed to add a defined identity provider. E.g. Google auth
- allow_
register bool defines if a person is allowed to register a user on this organisation
- default_
redirect_ struri defines where the user will be redirected to if the login is started without app context (e.g. from mail)
- external_
login_ strcheck_ lifetime - force_
mfa bool defines if a user MUST use a multi factor to log in
- force_
mfa_ boollocal_ only if activated, ZITADEL only enforces MFA on local authentications. On authentications through MFA, ZITADEL won't prompt for MFA.
- hide_
password_ boolreset defines if password reset link should be shown in the login screen
- ignore_
unknown_ boolusernames defines if unknown username on login screen directly return an error or always display the password screen
- mfa_
init_ strskip_ lifetime - multi_
factor_ strcheck_ lifetime - password_
check_ strlifetime - passwordless_
type str defines if passwordless is allowed for users
- second_
factor_ strcheck_ lifetime - user_
login bool defines if a user is allowed to login with his username and password
- allow_
domain_ booldiscovery if set to true, the suffix (@domain.com) of an unknown username input on the login screen will be matched against the org domains and will redirect to the registration of that organisation on success.
- disable_
login_ boolwith_ email defines if user can additionally (to the loginname) be identified by their verified email address
- disable_
login_ boolwith_ phone defines if user can additionally (to the loginname) be identified by their verified phone number
- idps Sequence[str]
allowed idps to login or register
- multi_
factors Sequence[str] allowed multi factors
- second_
factors Sequence[str] allowed second factors
- allow
External BooleanIdp defines if a user is allowed to add a defined identity provider. E.g. Google auth
- allow
Register Boolean defines if a person is allowed to register a user on this organisation
- default
Redirect StringUri defines where the user will be redirected to if the login is started without app context (e.g. from mail)
- external
Login StringCheck Lifetime - force
Mfa Boolean defines if a user MUST use a multi factor to log in
- force
Mfa BooleanLocal Only if activated, ZITADEL only enforces MFA on local authentications. On authentications through MFA, ZITADEL won't prompt for MFA.
- hide
Password BooleanReset defines if password reset link should be shown in the login screen
- ignore
Unknown BooleanUsernames defines if unknown username on login screen directly return an error or always display the password screen
- mfa
Init StringSkip Lifetime - multi
Factor StringCheck Lifetime - password
Check StringLifetime - passwordless
Type String defines if passwordless is allowed for users
- second
Factor StringCheck Lifetime - user
Login Boolean defines if a user is allowed to login with his username and password
- allow
Domain BooleanDiscovery if set to true, the suffix (@domain.com) of an unknown username input on the login screen will be matched against the org domains and will redirect to the registration of that organisation on success.
- disable
Login BooleanWith Email defines if user can additionally (to the loginname) be identified by their verified email address
- disable
Login BooleanWith Phone defines if user can additionally (to the loginname) be identified by their verified phone number
- idps List<String>
allowed idps to login or register
- multi
Factors List<String> allowed multi factors
- second
Factors List<String> allowed second factors
Outputs
All input properties are implicitly available as output properties. Additionally, the DefaultLoginPolicy resource produces the following output properties:
- Id string
The provider-assigned unique ID for this managed resource.
- Id string
The provider-assigned unique ID for this managed resource.
- id String
The provider-assigned unique ID for this managed resource.
- id string
The provider-assigned unique ID for this managed resource.
- id str
The provider-assigned unique ID for this managed resource.
- id String
The provider-assigned unique ID for this managed resource.
Look up Existing DefaultLoginPolicy Resource
Get an existing DefaultLoginPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: DefaultLoginPolicyState, opts?: CustomResourceOptions): DefaultLoginPolicy@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
allow_domain_discovery: Optional[bool] = None,
allow_external_idp: Optional[bool] = None,
allow_register: Optional[bool] = None,
default_redirect_uri: Optional[str] = None,
disable_login_with_email: Optional[bool] = None,
disable_login_with_phone: Optional[bool] = None,
external_login_check_lifetime: Optional[str] = None,
force_mfa: Optional[bool] = None,
force_mfa_local_only: Optional[bool] = None,
hide_password_reset: Optional[bool] = None,
idps: Optional[Sequence[str]] = None,
ignore_unknown_usernames: Optional[bool] = None,
mfa_init_skip_lifetime: Optional[str] = None,
multi_factor_check_lifetime: Optional[str] = None,
multi_factors: Optional[Sequence[str]] = None,
password_check_lifetime: Optional[str] = None,
passwordless_type: Optional[str] = None,
second_factor_check_lifetime: Optional[str] = None,
second_factors: Optional[Sequence[str]] = None,
user_login: Optional[bool] = None) -> DefaultLoginPolicyfunc GetDefaultLoginPolicy(ctx *Context, name string, id IDInput, state *DefaultLoginPolicyState, opts ...ResourceOption) (*DefaultLoginPolicy, error)public static DefaultLoginPolicy Get(string name, Input<string> id, DefaultLoginPolicyState? state, CustomResourceOptions? opts = null)public static DefaultLoginPolicy get(String name, Output<String> id, DefaultLoginPolicyState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Allow
Domain boolDiscovery if set to true, the suffix (@domain.com) of an unknown username input on the login screen will be matched against the org domains and will redirect to the registration of that organisation on success.
- Allow
External boolIdp defines if a user is allowed to add a defined identity provider. E.g. Google auth
- Allow
Register bool defines if a person is allowed to register a user on this organisation
- Default
Redirect stringUri defines where the user will be redirected to if the login is started without app context (e.g. from mail)
- Disable
Login boolWith Email defines if user can additionally (to the loginname) be identified by their verified email address
- Disable
Login boolWith Phone defines if user can additionally (to the loginname) be identified by their verified phone number
- External
Login stringCheck Lifetime - Force
Mfa bool defines if a user MUST use a multi factor to log in
- Force
Mfa boolLocal Only if activated, ZITADEL only enforces MFA on local authentications. On authentications through MFA, ZITADEL won't prompt for MFA.
- Hide
Password boolReset defines if password reset link should be shown in the login screen
- Idps List<string>
allowed idps to login or register
- Ignore
Unknown boolUsernames defines if unknown username on login screen directly return an error or always display the password screen
- Mfa
Init stringSkip Lifetime - Multi
Factor stringCheck Lifetime - Multi
Factors List<string> allowed multi factors
- Password
Check stringLifetime - Passwordless
Type string defines if passwordless is allowed for users
- Second
Factor stringCheck Lifetime - Second
Factors List<string> allowed second factors
- User
Login bool defines if a user is allowed to login with his username and password
- Allow
Domain boolDiscovery if set to true, the suffix (@domain.com) of an unknown username input on the login screen will be matched against the org domains and will redirect to the registration of that organisation on success.
- Allow
External boolIdp defines if a user is allowed to add a defined identity provider. E.g. Google auth
- Allow
Register bool defines if a person is allowed to register a user on this organisation
- Default
Redirect stringUri defines where the user will be redirected to if the login is started without app context (e.g. from mail)
- Disable
Login boolWith Email defines if user can additionally (to the loginname) be identified by their verified email address
- Disable
Login boolWith Phone defines if user can additionally (to the loginname) be identified by their verified phone number
- External
Login stringCheck Lifetime - Force
Mfa bool defines if a user MUST use a multi factor to log in
- Force
Mfa boolLocal Only if activated, ZITADEL only enforces MFA on local authentications. On authentications through MFA, ZITADEL won't prompt for MFA.
- Hide
Password boolReset defines if password reset link should be shown in the login screen
- Idps []string
allowed idps to login or register
- Ignore
Unknown boolUsernames defines if unknown username on login screen directly return an error or always display the password screen
- Mfa
Init stringSkip Lifetime - Multi
Factor stringCheck Lifetime - Multi
Factors []string allowed multi factors
- Password
Check stringLifetime - Passwordless
Type string defines if passwordless is allowed for users
- Second
Factor stringCheck Lifetime - Second
Factors []string allowed second factors
- User
Login bool defines if a user is allowed to login with his username and password
- allow
Domain BooleanDiscovery if set to true, the suffix (@domain.com) of an unknown username input on the login screen will be matched against the org domains and will redirect to the registration of that organisation on success.
- allow
External BooleanIdp defines if a user is allowed to add a defined identity provider. E.g. Google auth
- allow
Register Boolean defines if a person is allowed to register a user on this organisation
- default
Redirect StringUri defines where the user will be redirected to if the login is started without app context (e.g. from mail)
- disable
Login BooleanWith Email defines if user can additionally (to the loginname) be identified by their verified email address
- disable
Login BooleanWith Phone defines if user can additionally (to the loginname) be identified by their verified phone number
- external
Login StringCheck Lifetime - force
Mfa Boolean defines if a user MUST use a multi factor to log in
- force
Mfa BooleanLocal Only if activated, ZITADEL only enforces MFA on local authentications. On authentications through MFA, ZITADEL won't prompt for MFA.
- hide
Password BooleanReset defines if password reset link should be shown in the login screen
- idps List<String>
allowed idps to login or register
- ignore
Unknown BooleanUsernames defines if unknown username on login screen directly return an error or always display the password screen
- mfa
Init StringSkip Lifetime - multi
Factor StringCheck Lifetime - multi
Factors List<String> allowed multi factors
- password
Check StringLifetime - passwordless
Type String defines if passwordless is allowed for users
- second
Factor StringCheck Lifetime - second
Factors List<String> allowed second factors
- user
Login Boolean defines if a user is allowed to login with his username and password
- allow
Domain booleanDiscovery if set to true, the suffix (@domain.com) of an unknown username input on the login screen will be matched against the org domains and will redirect to the registration of that organisation on success.
- allow
External booleanIdp defines if a user is allowed to add a defined identity provider. E.g. Google auth
- allow
Register boolean defines if a person is allowed to register a user on this organisation
- default
Redirect stringUri defines where the user will be redirected to if the login is started without app context (e.g. from mail)
- disable
Login booleanWith Email defines if user can additionally (to the loginname) be identified by their verified email address
- disable
Login booleanWith Phone defines if user can additionally (to the loginname) be identified by their verified phone number
- external
Login stringCheck Lifetime - force
Mfa boolean defines if a user MUST use a multi factor to log in
- force
Mfa booleanLocal Only if activated, ZITADEL only enforces MFA on local authentications. On authentications through MFA, ZITADEL won't prompt for MFA.
- hide
Password booleanReset defines if password reset link should be shown in the login screen
- idps string[]
allowed idps to login or register
- ignore
Unknown booleanUsernames defines if unknown username on login screen directly return an error or always display the password screen
- mfa
Init stringSkip Lifetime - multi
Factor stringCheck Lifetime - multi
Factors string[] allowed multi factors
- password
Check stringLifetime - passwordless
Type string defines if passwordless is allowed for users
- second
Factor stringCheck Lifetime - second
Factors string[] allowed second factors
- user
Login boolean defines if a user is allowed to login with his username and password
- allow_
domain_ booldiscovery if set to true, the suffix (@domain.com) of an unknown username input on the login screen will be matched against the org domains and will redirect to the registration of that organisation on success.
- allow_
external_ boolidp defines if a user is allowed to add a defined identity provider. E.g. Google auth
- allow_
register bool defines if a person is allowed to register a user on this organisation
- default_
redirect_ struri defines where the user will be redirected to if the login is started without app context (e.g. from mail)
- disable_
login_ boolwith_ email defines if user can additionally (to the loginname) be identified by their verified email address
- disable_
login_ boolwith_ phone defines if user can additionally (to the loginname) be identified by their verified phone number
- external_
login_ strcheck_ lifetime - force_
mfa bool defines if a user MUST use a multi factor to log in
- force_
mfa_ boollocal_ only if activated, ZITADEL only enforces MFA on local authentications. On authentications through MFA, ZITADEL won't prompt for MFA.
- hide_
password_ boolreset defines if password reset link should be shown in the login screen
- idps Sequence[str]
allowed idps to login or register
- ignore_
unknown_ boolusernames defines if unknown username on login screen directly return an error or always display the password screen
- mfa_
init_ strskip_ lifetime - multi_
factor_ strcheck_ lifetime - multi_
factors Sequence[str] allowed multi factors
- password_
check_ strlifetime - passwordless_
type str defines if passwordless is allowed for users
- second_
factor_ strcheck_ lifetime - second_
factors Sequence[str] allowed second factors
- user_
login bool defines if a user is allowed to login with his username and password
- allow
Domain BooleanDiscovery if set to true, the suffix (@domain.com) of an unknown username input on the login screen will be matched against the org domains and will redirect to the registration of that organisation on success.
- allow
External BooleanIdp defines if a user is allowed to add a defined identity provider. E.g. Google auth
- allow
Register Boolean defines if a person is allowed to register a user on this organisation
- default
Redirect StringUri defines where the user will be redirected to if the login is started without app context (e.g. from mail)
- disable
Login BooleanWith Email defines if user can additionally (to the loginname) be identified by their verified email address
- disable
Login BooleanWith Phone defines if user can additionally (to the loginname) be identified by their verified phone number
- external
Login StringCheck Lifetime - force
Mfa Boolean defines if a user MUST use a multi factor to log in
- force
Mfa BooleanLocal Only if activated, ZITADEL only enforces MFA on local authentications. On authentications through MFA, ZITADEL won't prompt for MFA.
- hide
Password BooleanReset defines if password reset link should be shown in the login screen
- idps List<String>
allowed idps to login or register
- ignore
Unknown BooleanUsernames defines if unknown username on login screen directly return an error or always display the password screen
- mfa
Init StringSkip Lifetime - multi
Factor StringCheck Lifetime - multi
Factors List<String> allowed multi factors
- password
Check StringLifetime - passwordless
Type String defines if passwordless is allowed for users
- second
Factor StringCheck Lifetime - second
Factors List<String> allowed second factors
- user
Login Boolean defines if a user is allowed to login with his username and password
Import
terraform # The resource can be imported using the ID format <>, e.g.
$ pulumi import zitadel:index/defaultLoginPolicy:DefaultLoginPolicy imported ''
Package Details
- Repository
- zitadel pulumiverse/pulumi-zitadel
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
zitadelTerraform Provider.