Docs Home
zitadel v0.2.0 published on Monday, Mar 24, 2025 by pulumiverse
zitadel.DefaultLoginPolicy
Explore with Pulumi AI
Resource representing the default login policy.
Example Usage
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Zitadel = Pulumiverse.Zitadel;
return await Deployment.RunAsync(() =>
{
var @default = new Zitadel.DefaultLoginPolicy("default", new()
{
UserLogin = true,
AllowRegister = true,
AllowExternalIdp = true,
ForceMfa = false,
ForceMfaLocalOnly = false,
PasswordlessType = "PASSWORDLESS_TYPE_ALLOWED",
HidePasswordReset = false,
PasswordCheckLifetime = "240h0m0s",
ExternalLoginCheckLifetime = "240h0m0s",
MultiFactorCheckLifetime = "24h0m0s",
MfaInitSkipLifetime = "720h0m0s",
SecondFactorCheckLifetime = "24h0m0s",
IgnoreUnknownUsernames = true,
DefaultRedirectUri = "localhost:8080",
SecondFactors = new[]
{
"SECOND_FACTOR_TYPE_OTP",
"SECOND_FACTOR_TYPE_U2F",
},
MultiFactors = new[]
{
"MULTI_FACTOR_TYPE_U2F_WITH_VERIFICATION",
},
Idps = new[]
{
defaultZitadelIdpGoogle.Id,
defaultZitadelIdpAzureAd.Id,
},
AllowDomainDiscovery = true,
DisableLoginWithEmail = true,
DisableLoginWithPhone = true,
});
});
package main
import (
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/pulumiverse/pulumi-zitadel/sdk/go/zitadel"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := zitadel.NewDefaultLoginPolicy(ctx, "default", &zitadel.DefaultLoginPolicyArgs{
UserLogin: pulumi.Bool(true),
AllowRegister: pulumi.Bool(true),
AllowExternalIdp: pulumi.Bool(true),
ForceMfa: pulumi.Bool(false),
ForceMfaLocalOnly: pulumi.Bool(false),
PasswordlessType: pulumi.String("PASSWORDLESS_TYPE_ALLOWED"),
HidePasswordReset: pulumi.Bool(false),
PasswordCheckLifetime: pulumi.String("240h0m0s"),
ExternalLoginCheckLifetime: pulumi.String("240h0m0s"),
MultiFactorCheckLifetime: pulumi.String("24h0m0s"),
MfaInitSkipLifetime: pulumi.String("720h0m0s"),
SecondFactorCheckLifetime: pulumi.String("24h0m0s"),
IgnoreUnknownUsernames: pulumi.Bool(true),
DefaultRedirectUri: pulumi.String("localhost:8080"),
SecondFactors: pulumi.StringArray{
pulumi.String("SECOND_FACTOR_TYPE_OTP"),
pulumi.String("SECOND_FACTOR_TYPE_U2F"),
},
MultiFactors: pulumi.StringArray{
pulumi.String("MULTI_FACTOR_TYPE_U2F_WITH_VERIFICATION"),
},
Idps: pulumi.StringArray{
defaultZitadelIdpGoogle.Id,
defaultZitadelIdpAzureAd.Id,
},
AllowDomainDiscovery: pulumi.Bool(true),
DisableLoginWithEmail: pulumi.Bool(true),
DisableLoginWithPhone: pulumi.Bool(true),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.zitadel.DefaultLoginPolicy;
import com.pulumi.zitadel.DefaultLoginPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var default_ = new DefaultLoginPolicy("default", DefaultLoginPolicyArgs.builder()
.userLogin(true)
.allowRegister(true)
.allowExternalIdp(true)
.forceMfa(false)
.forceMfaLocalOnly(false)
.passwordlessType("PASSWORDLESS_TYPE_ALLOWED")
.hidePasswordReset("false")
.passwordCheckLifetime("240h0m0s")
.externalLoginCheckLifetime("240h0m0s")
.multiFactorCheckLifetime("24h0m0s")
.mfaInitSkipLifetime("720h0m0s")
.secondFactorCheckLifetime("24h0m0s")
.ignoreUnknownUsernames(true)
.defaultRedirectUri("localhost:8080")
.secondFactors(
"SECOND_FACTOR_TYPE_OTP",
"SECOND_FACTOR_TYPE_U2F")
.multiFactors("MULTI_FACTOR_TYPE_U2F_WITH_VERIFICATION")
.idps(
defaultZitadelIdpGoogle.id(),
defaultZitadelIdpAzureAd.id())
.allowDomainDiscovery(true)
.disableLoginWithEmail(true)
.disableLoginWithPhone(true)
.build());
}
}
import * as pulumi from "@pulumi/pulumi";
import * as zitadel from "@pulumiverse/zitadel";
const _default = new zitadel.DefaultLoginPolicy("default", {
userLogin: true,
allowRegister: true,
allowExternalIdp: true,
forceMfa: false,
forceMfaLocalOnly: false,
passwordlessType: "PASSWORDLESS_TYPE_ALLOWED",
hidePasswordReset: false,
passwordCheckLifetime: "240h0m0s",
externalLoginCheckLifetime: "240h0m0s",
multiFactorCheckLifetime: "24h0m0s",
mfaInitSkipLifetime: "720h0m0s",
secondFactorCheckLifetime: "24h0m0s",
ignoreUnknownUsernames: true,
defaultRedirectUri: "localhost:8080",
secondFactors: [
"SECOND_FACTOR_TYPE_OTP",
"SECOND_FACTOR_TYPE_U2F",
],
multiFactors: ["MULTI_FACTOR_TYPE_U2F_WITH_VERIFICATION"],
idps: [
defaultZitadelIdpGoogle.id,
defaultZitadelIdpAzureAd.id,
],
allowDomainDiscovery: true,
disableLoginWithEmail: true,
disableLoginWithPhone: true,
});
import pulumi
import pulumiverse_zitadel as zitadel
default = zitadel.DefaultLoginPolicy("default",
user_login=True,
allow_register=True,
allow_external_idp=True,
force_mfa=False,
force_mfa_local_only=False,
passwordless_type="PASSWORDLESS_TYPE_ALLOWED",
hide_password_reset=False,
password_check_lifetime="240h0m0s",
external_login_check_lifetime="240h0m0s",
multi_factor_check_lifetime="24h0m0s",
mfa_init_skip_lifetime="720h0m0s",
second_factor_check_lifetime="24h0m0s",
ignore_unknown_usernames=True,
default_redirect_uri="localhost:8080",
second_factors=[
"SECOND_FACTOR_TYPE_OTP",
"SECOND_FACTOR_TYPE_U2F",
],
multi_factors=["MULTI_FACTOR_TYPE_U2F_WITH_VERIFICATION"],
idps=[
default_zitadel_idp_google["id"],
default_zitadel_idp_azure_ad["id"],
],
allow_domain_discovery=True,
disable_login_with_email=True,
disable_login_with_phone=True)
resources:
default:
type: zitadel:DefaultLoginPolicy
properties:
userLogin: true
allowRegister: true
allowExternalIdp: true
forceMfa: false
forceMfaLocalOnly: false
passwordlessType: PASSWORDLESS_TYPE_ALLOWED
hidePasswordReset: 'false'
passwordCheckLifetime: 240h0m0s
externalLoginCheckLifetime: 240h0m0s
multiFactorCheckLifetime: 24h0m0s
mfaInitSkipLifetime: 720h0m0s
secondFactorCheckLifetime: 24h0m0s
ignoreUnknownUsernames: true
defaultRedirectUri: localhost:8080
secondFactors:
- SECOND_FACTOR_TYPE_OTP
- SECOND_FACTOR_TYPE_U2F
multiFactors:
- MULTI_FACTOR_TYPE_U2F_WITH_VERIFICATION
idps:
- ${defaultZitadelIdpGoogle.id}
- ${defaultZitadelIdpAzureAd.id}
allowDomainDiscovery: true
disableLoginWithEmail: true
disableLoginWithPhone: true
Create DefaultLoginPolicy Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new DefaultLoginPolicy(name: string, args: DefaultLoginPolicyArgs, opts?: CustomResourceOptions);@overload
def DefaultLoginPolicy(resource_name: str,
args: DefaultLoginPolicyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def DefaultLoginPolicy(resource_name: str,
opts: Optional[ResourceOptions] = None,
external_login_check_lifetime: Optional[str] = None,
mfa_init_skip_lifetime: Optional[str] = None,
allow_register: Optional[bool] = None,
default_redirect_uri: Optional[str] = None,
user_login: Optional[bool] = None,
second_factor_check_lifetime: Optional[str] = None,
force_mfa_local_only: Optional[bool] = None,
password_check_lifetime: Optional[str] = None,
allow_external_idp: Optional[bool] = None,
hide_password_reset: Optional[bool] = None,
passwordless_type: Optional[str] = None,
ignore_unknown_usernames: Optional[bool] = None,
force_mfa: Optional[bool] = None,
multi_factor_check_lifetime: Optional[str] = None,
disable_login_with_phone: Optional[bool] = None,
multi_factors: Optional[Sequence[str]] = None,
idps: Optional[Sequence[str]] = None,
allow_domain_discovery: Optional[bool] = None,
second_factors: Optional[Sequence[str]] = None,
disable_login_with_email: Optional[bool] = None)func NewDefaultLoginPolicy(ctx *Context, name string, args DefaultLoginPolicyArgs, opts ...ResourceOption) (*DefaultLoginPolicy, error)public DefaultLoginPolicy(string name, DefaultLoginPolicyArgs args, CustomResourceOptions? opts = null)
public DefaultLoginPolicy(String name, DefaultLoginPolicyArgs args)
public DefaultLoginPolicy(String name, DefaultLoginPolicyArgs args, CustomResourceOptions options)
type: zitadel:DefaultLoginPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args DefaultLoginPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args DefaultLoginPolicyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args DefaultLoginPolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args DefaultLoginPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args DefaultLoginPolicyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var defaultLoginPolicyResource = new Zitadel.DefaultLoginPolicy("defaultLoginPolicyResource", new()
{
ExternalLoginCheckLifetime = "string",
MfaInitSkipLifetime = "string",
AllowRegister = false,
DefaultRedirectUri = "string",
UserLogin = false,
SecondFactorCheckLifetime = "string",
ForceMfaLocalOnly = false,
PasswordCheckLifetime = "string",
AllowExternalIdp = false,
HidePasswordReset = false,
PasswordlessType = "string",
IgnoreUnknownUsernames = false,
ForceMfa = false,
MultiFactorCheckLifetime = "string",
DisableLoginWithPhone = false,
MultiFactors = new[]
{
"string",
},
Idps = new[]
{
"string",
},
AllowDomainDiscovery = false,
SecondFactors = new[]
{
"string",
},
DisableLoginWithEmail = false,
});
example, err := zitadel.NewDefaultLoginPolicy(ctx, "defaultLoginPolicyResource", &zitadel.DefaultLoginPolicyArgs{
ExternalLoginCheckLifetime: pulumi.String("string"),
MfaInitSkipLifetime: pulumi.String("string"),
AllowRegister: pulumi.Bool(false),
DefaultRedirectUri: pulumi.String("string"),
UserLogin: pulumi.Bool(false),
SecondFactorCheckLifetime: pulumi.String("string"),
ForceMfaLocalOnly: pulumi.Bool(false),
PasswordCheckLifetime: pulumi.String("string"),
AllowExternalIdp: pulumi.Bool(false),
HidePasswordReset: pulumi.Bool(false),
PasswordlessType: pulumi.String("string"),
IgnoreUnknownUsernames: pulumi.Bool(false),
ForceMfa: pulumi.Bool(false),
MultiFactorCheckLifetime: pulumi.String("string"),
DisableLoginWithPhone: pulumi.Bool(false),
MultiFactors: pulumi.StringArray{
pulumi.String("string"),
},
Idps: pulumi.StringArray{
pulumi.String("string"),
},
AllowDomainDiscovery: pulumi.Bool(false),
SecondFactors: pulumi.StringArray{
pulumi.String("string"),
},
DisableLoginWithEmail: pulumi.Bool(false),
})
var defaultLoginPolicyResource = new DefaultLoginPolicy("defaultLoginPolicyResource", DefaultLoginPolicyArgs.builder()
.externalLoginCheckLifetime("string")
.mfaInitSkipLifetime("string")
.allowRegister(false)
.defaultRedirectUri("string")
.userLogin(false)
.secondFactorCheckLifetime("string")
.forceMfaLocalOnly(false)
.passwordCheckLifetime("string")
.allowExternalIdp(false)
.hidePasswordReset(false)
.passwordlessType("string")
.ignoreUnknownUsernames(false)
.forceMfa(false)
.multiFactorCheckLifetime("string")
.disableLoginWithPhone(false)
.multiFactors("string")
.idps("string")
.allowDomainDiscovery(false)
.secondFactors("string")
.disableLoginWithEmail(false)
.build());
default_login_policy_resource = zitadel.DefaultLoginPolicy("defaultLoginPolicyResource",
external_login_check_lifetime="string",
mfa_init_skip_lifetime="string",
allow_register=False,
default_redirect_uri="string",
user_login=False,
second_factor_check_lifetime="string",
force_mfa_local_only=False,
password_check_lifetime="string",
allow_external_idp=False,
hide_password_reset=False,
passwordless_type="string",
ignore_unknown_usernames=False,
force_mfa=False,
multi_factor_check_lifetime="string",
disable_login_with_phone=False,
multi_factors=["string"],
idps=["string"],
allow_domain_discovery=False,
second_factors=["string"],
disable_login_with_email=False)
const defaultLoginPolicyResource = new zitadel.DefaultLoginPolicy("defaultLoginPolicyResource", {
externalLoginCheckLifetime: "string",
mfaInitSkipLifetime: "string",
allowRegister: false,
defaultRedirectUri: "string",
userLogin: false,
secondFactorCheckLifetime: "string",
forceMfaLocalOnly: false,
passwordCheckLifetime: "string",
allowExternalIdp: false,
hidePasswordReset: false,
passwordlessType: "string",
ignoreUnknownUsernames: false,
forceMfa: false,
multiFactorCheckLifetime: "string",
disableLoginWithPhone: false,
multiFactors: ["string"],
idps: ["string"],
allowDomainDiscovery: false,
secondFactors: ["string"],
disableLoginWithEmail: false,
});
type: zitadel:DefaultLoginPolicy
properties:
allowDomainDiscovery: false
allowExternalIdp: false
allowRegister: false
defaultRedirectUri: string
disableLoginWithEmail: false
disableLoginWithPhone: false
externalLoginCheckLifetime: string
forceMfa: false
forceMfaLocalOnly: false
hidePasswordReset: false
idps:
- string
ignoreUnknownUsernames: false
mfaInitSkipLifetime: string
multiFactorCheckLifetime: string
multiFactors:
- string
passwordCheckLifetime: string
passwordlessType: string
secondFactorCheckLifetime: string
secondFactors:
- string
userLogin: false
DefaultLoginPolicy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The DefaultLoginPolicy resource accepts the following input properties:
- Allow
External boolIdp - defines if a user is allowed to add a defined identity provider. E.g. Google auth
- Allow
Register bool - defines if a person is allowed to register a user on this organisation
- Default
Redirect stringUri - defines where the user will be redirected to if the login is started without app context (e.g. from mail)
- External
Login stringCheck Lifetime - Force
Mfa bool - defines if a user MUST use a multi factor to log in
- Force
Mfa boolLocal Only - if activated, ZITADEL only enforces MFA on local authentications. On authentications through MFA, ZITADEL won't prompt for MFA.
- Hide
Password boolReset - defines if password reset link should be shown in the login screen
- Ignore
Unknown boolUsernames - defines if unknown username on login screen directly return an error or always display the password screen
- Mfa
Init stringSkip Lifetime - Multi
Factor stringCheck Lifetime - Password
Check stringLifetime - Passwordless
Type string - defines if passwordless is allowed for users
- Second
Factor stringCheck Lifetime - User
Login bool - defines if a user is allowed to login with his username and password
- Allow
Domain boolDiscovery - if set to true, the suffix (@domain.com) of an unknown username input on the login screen will be matched against the org domains and will redirect to the registration of that organisation on success.
- Disable
Login boolWith Email - defines if user can additionally (to the loginname) be identified by their verified email address
- Disable
Login boolWith Phone - defines if user can additionally (to the loginname) be identified by their verified phone number
- Idps List<string>
- allowed idps to login or register
- Multi
Factors List<string> - allowed multi factors
- Second
Factors List<string> - allowed second factors
- Allow
External boolIdp - defines if a user is allowed to add a defined identity provider. E.g. Google auth
- Allow
Register bool - defines if a person is allowed to register a user on this organisation
- Default
Redirect stringUri - defines where the user will be redirected to if the login is started without app context (e.g. from mail)
- External
Login stringCheck Lifetime - Force
Mfa bool - defines if a user MUST use a multi factor to log in
- Force
Mfa boolLocal Only - if activated, ZITADEL only enforces MFA on local authentications. On authentications through MFA, ZITADEL won't prompt for MFA.
- Hide
Password boolReset - defines if password reset link should be shown in the login screen
- Ignore
Unknown boolUsernames - defines if unknown username on login screen directly return an error or always display the password screen
- Mfa
Init stringSkip Lifetime - Multi
Factor stringCheck Lifetime - Password
Check stringLifetime - Passwordless
Type string - defines if passwordless is allowed for users
- Second
Factor stringCheck Lifetime - User
Login bool - defines if a user is allowed to login with his username and password
- Allow
Domain boolDiscovery - if set to true, the suffix (@domain.com) of an unknown username input on the login screen will be matched against the org domains and will redirect to the registration of that organisation on success.
- Disable
Login boolWith Email - defines if user can additionally (to the loginname) be identified by their verified email address
- Disable
Login boolWith Phone - defines if user can additionally (to the loginname) be identified by their verified phone number
- Idps []string
- allowed idps to login or register
- Multi
Factors []string - allowed multi factors
- Second
Factors []string - allowed second factors
- allow
External BooleanIdp - defines if a user is allowed to add a defined identity provider. E.g. Google auth
- allow
Register Boolean - defines if a person is allowed to register a user on this organisation
- default
Redirect StringUri - defines where the user will be redirected to if the login is started without app context (e.g. from mail)
- external
Login StringCheck Lifetime - force
Mfa Boolean - defines if a user MUST use a multi factor to log in
- force
Mfa BooleanLocal Only - if activated, ZITADEL only enforces MFA on local authentications. On authentications through MFA, ZITADEL won't prompt for MFA.
- hide
Password BooleanReset - defines if password reset link should be shown in the login screen
- ignore
Unknown BooleanUsernames - defines if unknown username on login screen directly return an error or always display the password screen
- mfa
Init StringSkip Lifetime - multi
Factor StringCheck Lifetime - password
Check StringLifetime - passwordless
Type String - defines if passwordless is allowed for users
- second
Factor StringCheck Lifetime - user
Login Boolean - defines if a user is allowed to login with his username and password
- allow
Domain BooleanDiscovery - if set to true, the suffix (@domain.com) of an unknown username input on the login screen will be matched against the org domains and will redirect to the registration of that organisation on success.
- disable
Login BooleanWith Email - defines if user can additionally (to the loginname) be identified by their verified email address
- disable
Login BooleanWith Phone - defines if user can additionally (to the loginname) be identified by their verified phone number
- idps List<String>
- allowed idps to login or register
- multi
Factors List<String> - allowed multi factors
- second
Factors List<String> - allowed second factors
- allow
External booleanIdp - defines if a user is allowed to add a defined identity provider. E.g. Google auth
- allow
Register boolean - defines if a person is allowed to register a user on this organisation
- default
Redirect stringUri - defines where the user will be redirected to if the login is started without app context (e.g. from mail)
- external
Login stringCheck Lifetime - force
Mfa boolean - defines if a user MUST use a multi factor to log in
- force
Mfa booleanLocal Only - if activated, ZITADEL only enforces MFA on local authentications. On authentications through MFA, ZITADEL won't prompt for MFA.
- hide
Password booleanReset - defines if password reset link should be shown in the login screen
- ignore
Unknown booleanUsernames - defines if unknown username on login screen directly return an error or always display the password screen
- mfa
Init stringSkip Lifetime - multi
Factor stringCheck Lifetime - password
Check stringLifetime - passwordless
Type string - defines if passwordless is allowed for users
- second
Factor stringCheck Lifetime - user
Login boolean - defines if a user is allowed to login with his username and password
- allow
Domain booleanDiscovery - if set to true, the suffix (@domain.com) of an unknown username input on the login screen will be matched against the org domains and will redirect to the registration of that organisation on success.
- disable
Login booleanWith Email - defines if user can additionally (to the loginname) be identified by their verified email address
- disable
Login booleanWith Phone - defines if user can additionally (to the loginname) be identified by their verified phone number
- idps string[]
- allowed idps to login or register
- multi
Factors string[] - allowed multi factors
- second
Factors string[] - allowed second factors
- allow_
external_ boolidp - defines if a user is allowed to add a defined identity provider. E.g. Google auth
- allow_
register bool - defines if a person is allowed to register a user on this organisation
- default_
redirect_ struri - defines where the user will be redirected to if the login is started without app context (e.g. from mail)
- external_
login_ strcheck_ lifetime - force_
mfa bool - defines if a user MUST use a multi factor to log in
- force_
mfa_ boollocal_ only - if activated, ZITADEL only enforces MFA on local authentications. On authentications through MFA, ZITADEL won't prompt for MFA.
- hide_
password_ boolreset - defines if password reset link should be shown in the login screen
- ignore_
unknown_ boolusernames - defines if unknown username on login screen directly return an error or always display the password screen
- mfa_
init_ strskip_ lifetime - multi_
factor_ strcheck_ lifetime - password_
check_ strlifetime - passwordless_
type str - defines if passwordless is allowed for users
- second_
factor_ strcheck_ lifetime - user_
login bool - defines if a user is allowed to login with his username and password
- allow_
domain_ booldiscovery - if set to true, the suffix (@domain.com) of an unknown username input on the login screen will be matched against the org domains and will redirect to the registration of that organisation on success.
- disable_
login_ boolwith_ email - defines if user can additionally (to the loginname) be identified by their verified email address
- disable_
login_ boolwith_ phone - defines if user can additionally (to the loginname) be identified by their verified phone number
- idps Sequence[str]
- allowed idps to login or register
- multi_
factors Sequence[str] - allowed multi factors
- second_
factors Sequence[str] - allowed second factors
- allow
External BooleanIdp - defines if a user is allowed to add a defined identity provider. E.g. Google auth
- allow
Register Boolean - defines if a person is allowed to register a user on this organisation
- default
Redirect StringUri - defines where the user will be redirected to if the login is started without app context (e.g. from mail)
- external
Login StringCheck Lifetime - force
Mfa Boolean - defines if a user MUST use a multi factor to log in
- force
Mfa BooleanLocal Only - if activated, ZITADEL only enforces MFA on local authentications. On authentications through MFA, ZITADEL won't prompt for MFA.
- hide
Password BooleanReset - defines if password reset link should be shown in the login screen
- ignore
Unknown BooleanUsernames - defines if unknown username on login screen directly return an error or always display the password screen
- mfa
Init StringSkip Lifetime - multi
Factor StringCheck Lifetime - password
Check StringLifetime - passwordless
Type String - defines if passwordless is allowed for users
- second
Factor StringCheck Lifetime - user
Login Boolean - defines if a user is allowed to login with his username and password
- allow
Domain BooleanDiscovery - if set to true, the suffix (@domain.com) of an unknown username input on the login screen will be matched against the org domains and will redirect to the registration of that organisation on success.
- disable
Login BooleanWith Email - defines if user can additionally (to the loginname) be identified by their verified email address
- disable
Login BooleanWith Phone - defines if user can additionally (to the loginname) be identified by their verified phone number
- idps List<String>
- allowed idps to login or register
- multi
Factors List<String> - allowed multi factors
- second
Factors List<String> - allowed second factors
Outputs
All input properties are implicitly available as output properties. Additionally, the DefaultLoginPolicy resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing DefaultLoginPolicy Resource
Get an existing DefaultLoginPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: DefaultLoginPolicyState, opts?: CustomResourceOptions): DefaultLoginPolicy@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
allow_domain_discovery: Optional[bool] = None,
allow_external_idp: Optional[bool] = None,
allow_register: Optional[bool] = None,
default_redirect_uri: Optional[str] = None,
disable_login_with_email: Optional[bool] = None,
disable_login_with_phone: Optional[bool] = None,
external_login_check_lifetime: Optional[str] = None,
force_mfa: Optional[bool] = None,
force_mfa_local_only: Optional[bool] = None,
hide_password_reset: Optional[bool] = None,
idps: Optional[Sequence[str]] = None,
ignore_unknown_usernames: Optional[bool] = None,
mfa_init_skip_lifetime: Optional[str] = None,
multi_factor_check_lifetime: Optional[str] = None,
multi_factors: Optional[Sequence[str]] = None,
password_check_lifetime: Optional[str] = None,
passwordless_type: Optional[str] = None,
second_factor_check_lifetime: Optional[str] = None,
second_factors: Optional[Sequence[str]] = None,
user_login: Optional[bool] = None) -> DefaultLoginPolicyfunc GetDefaultLoginPolicy(ctx *Context, name string, id IDInput, state *DefaultLoginPolicyState, opts ...ResourceOption) (*DefaultLoginPolicy, error)public static DefaultLoginPolicy Get(string name, Input<string> id, DefaultLoginPolicyState? state, CustomResourceOptions? opts = null)public static DefaultLoginPolicy get(String name, Output<String> id, DefaultLoginPolicyState state, CustomResourceOptions options)resources: _: type: zitadel:DefaultLoginPolicy get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Allow
Domain boolDiscovery - if set to true, the suffix (@domain.com) of an unknown username input on the login screen will be matched against the org domains and will redirect to the registration of that organisation on success.
- Allow
External boolIdp - defines if a user is allowed to add a defined identity provider. E.g. Google auth
- Allow
Register bool - defines if a person is allowed to register a user on this organisation
- Default
Redirect stringUri - defines where the user will be redirected to if the login is started without app context (e.g. from mail)
- Disable
Login boolWith Email - defines if user can additionally (to the loginname) be identified by their verified email address
- Disable
Login boolWith Phone - defines if user can additionally (to the loginname) be identified by their verified phone number
- External
Login stringCheck Lifetime - Force
Mfa bool - defines if a user MUST use a multi factor to log in
- Force
Mfa boolLocal Only - if activated, ZITADEL only enforces MFA on local authentications. On authentications through MFA, ZITADEL won't prompt for MFA.
- Hide
Password boolReset - defines if password reset link should be shown in the login screen
- Idps List<string>
- allowed idps to login or register
- Ignore
Unknown boolUsernames - defines if unknown username on login screen directly return an error or always display the password screen
- Mfa
Init stringSkip Lifetime - Multi
Factor stringCheck Lifetime - Multi
Factors List<string> - allowed multi factors
- Password
Check stringLifetime - Passwordless
Type string - defines if passwordless is allowed for users
- Second
Factor stringCheck Lifetime - Second
Factors List<string> - allowed second factors
- User
Login bool - defines if a user is allowed to login with his username and password
- Allow
Domain boolDiscovery - if set to true, the suffix (@domain.com) of an unknown username input on the login screen will be matched against the org domains and will redirect to the registration of that organisation on success.
- Allow
External boolIdp - defines if a user is allowed to add a defined identity provider. E.g. Google auth
- Allow
Register bool - defines if a person is allowed to register a user on this organisation
- Default
Redirect stringUri - defines where the user will be redirected to if the login is started without app context (e.g. from mail)
- Disable
Login boolWith Email - defines if user can additionally (to the loginname) be identified by their verified email address
- Disable
Login boolWith Phone - defines if user can additionally (to the loginname) be identified by their verified phone number
- External
Login stringCheck Lifetime - Force
Mfa bool - defines if a user MUST use a multi factor to log in
- Force
Mfa boolLocal Only - if activated, ZITADEL only enforces MFA on local authentications. On authentications through MFA, ZITADEL won't prompt for MFA.
- Hide
Password boolReset - defines if password reset link should be shown in the login screen
- Idps []string
- allowed idps to login or register
- Ignore
Unknown boolUsernames - defines if unknown username on login screen directly return an error or always display the password screen
- Mfa
Init stringSkip Lifetime - Multi
Factor stringCheck Lifetime - Multi
Factors []string - allowed multi factors
- Password
Check stringLifetime - Passwordless
Type string - defines if passwordless is allowed for users
- Second
Factor stringCheck Lifetime - Second
Factors []string - allowed second factors
- User
Login bool - defines if a user is allowed to login with his username and password
- allow
Domain BooleanDiscovery - if set to true, the suffix (@domain.com) of an unknown username input on the login screen will be matched against the org domains and will redirect to the registration of that organisation on success.
- allow
External BooleanIdp - defines if a user is allowed to add a defined identity provider. E.g. Google auth
- allow
Register Boolean - defines if a person is allowed to register a user on this organisation
- default
Redirect StringUri - defines where the user will be redirected to if the login is started without app context (e.g. from mail)
- disable
Login BooleanWith Email - defines if user can additionally (to the loginname) be identified by their verified email address
- disable
Login BooleanWith Phone - defines if user can additionally (to the loginname) be identified by their verified phone number
- external
Login StringCheck Lifetime - force
Mfa Boolean - defines if a user MUST use a multi factor to log in
- force
Mfa BooleanLocal Only - if activated, ZITADEL only enforces MFA on local authentications. On authentications through MFA, ZITADEL won't prompt for MFA.
- hide
Password BooleanReset - defines if password reset link should be shown in the login screen
- idps List<String>
- allowed idps to login or register
- ignore
Unknown BooleanUsernames - defines if unknown username on login screen directly return an error or always display the password screen
- mfa
Init StringSkip Lifetime - multi
Factor StringCheck Lifetime - multi
Factors List<String> - allowed multi factors
- password
Check StringLifetime - passwordless
Type String - defines if passwordless is allowed for users
- second
Factor StringCheck Lifetime - second
Factors List<String> - allowed second factors
- user
Login Boolean - defines if a user is allowed to login with his username and password
- allow
Domain booleanDiscovery - if set to true, the suffix (@domain.com) of an unknown username input on the login screen will be matched against the org domains and will redirect to the registration of that organisation on success.
- allow
External booleanIdp - defines if a user is allowed to add a defined identity provider. E.g. Google auth
- allow
Register boolean - defines if a person is allowed to register a user on this organisation
- default
Redirect stringUri - defines where the user will be redirected to if the login is started without app context (e.g. from mail)
- disable
Login booleanWith Email - defines if user can additionally (to the loginname) be identified by their verified email address
- disable
Login booleanWith Phone - defines if user can additionally (to the loginname) be identified by their verified phone number
- external
Login stringCheck Lifetime - force
Mfa boolean - defines if a user MUST use a multi factor to log in
- force
Mfa booleanLocal Only - if activated, ZITADEL only enforces MFA on local authentications. On authentications through MFA, ZITADEL won't prompt for MFA.
- hide
Password booleanReset - defines if password reset link should be shown in the login screen
- idps string[]
- allowed idps to login or register
- ignore
Unknown booleanUsernames - defines if unknown username on login screen directly return an error or always display the password screen
- mfa
Init stringSkip Lifetime - multi
Factor stringCheck Lifetime - multi
Factors string[] - allowed multi factors
- password
Check stringLifetime - passwordless
Type string - defines if passwordless is allowed for users
- second
Factor stringCheck Lifetime - second
Factors string[] - allowed second factors
- user
Login boolean - defines if a user is allowed to login with his username and password
- allow_
domain_ booldiscovery - if set to true, the suffix (@domain.com) of an unknown username input on the login screen will be matched against the org domains and will redirect to the registration of that organisation on success.
- allow_
external_ boolidp - defines if a user is allowed to add a defined identity provider. E.g. Google auth
- allow_
register bool - defines if a person is allowed to register a user on this organisation
- default_
redirect_ struri - defines where the user will be redirected to if the login is started without app context (e.g. from mail)
- disable_
login_ boolwith_ email - defines if user can additionally (to the loginname) be identified by their verified email address
- disable_
login_ boolwith_ phone - defines if user can additionally (to the loginname) be identified by their verified phone number
- external_
login_ strcheck_ lifetime - force_
mfa bool - defines if a user MUST use a multi factor to log in
- force_
mfa_ boollocal_ only - if activated, ZITADEL only enforces MFA on local authentications. On authentications through MFA, ZITADEL won't prompt for MFA.
- hide_
password_ boolreset - defines if password reset link should be shown in the login screen
- idps Sequence[str]
- allowed idps to login or register
- ignore_
unknown_ boolusernames - defines if unknown username on login screen directly return an error or always display the password screen
- mfa_
init_ strskip_ lifetime - multi_
factor_ strcheck_ lifetime - multi_
factors Sequence[str] - allowed multi factors
- password_
check_ strlifetime - passwordless_
type str - defines if passwordless is allowed for users
- second_
factor_ strcheck_ lifetime - second_
factors Sequence[str] - allowed second factors
- user_
login bool - defines if a user is allowed to login with his username and password
- allow
Domain BooleanDiscovery - if set to true, the suffix (@domain.com) of an unknown username input on the login screen will be matched against the org domains and will redirect to the registration of that organisation on success.
- allow
External BooleanIdp - defines if a user is allowed to add a defined identity provider. E.g. Google auth
- allow
Register Boolean - defines if a person is allowed to register a user on this organisation
- default
Redirect StringUri - defines where the user will be redirected to if the login is started without app context (e.g. from mail)
- disable
Login BooleanWith Email - defines if user can additionally (to the loginname) be identified by their verified email address
- disable
Login BooleanWith Phone - defines if user can additionally (to the loginname) be identified by their verified phone number
- external
Login StringCheck Lifetime - force
Mfa Boolean - defines if a user MUST use a multi factor to log in
- force
Mfa BooleanLocal Only - if activated, ZITADEL only enforces MFA on local authentications. On authentications through MFA, ZITADEL won't prompt for MFA.
- hide
Password BooleanReset - defines if password reset link should be shown in the login screen
- idps List<String>
- allowed idps to login or register
- ignore
Unknown BooleanUsernames - defines if unknown username on login screen directly return an error or always display the password screen
- mfa
Init StringSkip Lifetime - multi
Factor StringCheck Lifetime - multi
Factors List<String> - allowed multi factors
- password
Check StringLifetime - passwordless
Type String - defines if passwordless is allowed for users
- second
Factor StringCheck Lifetime - second
Factors List<String> - allowed second factors
- user
Login Boolean - defines if a user is allowed to login with his username and password
Import
bash The resource can be imported using the ID format <>, e.g.
$ pulumi import zitadel:index/defaultLoginPolicy:DefaultLoginPolicy imported ''
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- zitadel pulumiverse/pulumi-zitadel
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
zitadelTerraform Provider.