Docs Home
Cloudflare v6.1.2 published on Monday, Apr 28, 2025 by Pulumi
cloudflare.ZeroTrustAccessApplication
Explore with Pulumi AI
Example Usage
Create ZeroTrustAccessApplication Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ZeroTrustAccessApplication(name: string, args?: ZeroTrustAccessApplicationArgs, opts?: CustomResourceOptions);@overload
def ZeroTrustAccessApplication(resource_name: str,
args: Optional[ZeroTrustAccessApplicationArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def ZeroTrustAccessApplication(resource_name: str,
opts: Optional[ResourceOptions] = None,
account_id: Optional[str] = None,
allow_authenticate_via_warp: Optional[bool] = None,
allowed_idps: Optional[Sequence[str]] = None,
app_launcher_logo_url: Optional[str] = None,
app_launcher_visible: Optional[bool] = None,
auto_redirect_to_identity: Optional[bool] = None,
bg_color: Optional[str] = None,
cors_headers: Optional[ZeroTrustAccessApplicationCorsHeadersArgs] = None,
custom_deny_message: Optional[str] = None,
custom_deny_url: Optional[str] = None,
custom_non_identity_deny_url: Optional[str] = None,
custom_pages: Optional[Sequence[str]] = None,
destinations: Optional[Sequence[ZeroTrustAccessApplicationDestinationArgs]] = None,
domain: Optional[str] = None,
enable_binding_cookie: Optional[bool] = None,
footer_links: Optional[Sequence[ZeroTrustAccessApplicationFooterLinkArgs]] = None,
header_bg_color: Optional[str] = None,
http_only_cookie_attribute: Optional[bool] = None,
landing_page_design: Optional[ZeroTrustAccessApplicationLandingPageDesignArgs] = None,
logo_url: Optional[str] = None,
name: Optional[str] = None,
options_preflight_bypass: Optional[bool] = None,
path_cookie_attribute: Optional[bool] = None,
policies: Optional[Sequence[ZeroTrustAccessApplicationPolicyArgs]] = None,
read_service_tokens_from_header: Optional[str] = None,
saas_app: Optional[ZeroTrustAccessApplicationSaasAppArgs] = None,
same_site_cookie_attribute: Optional[str] = None,
scim_config: Optional[ZeroTrustAccessApplicationScimConfigArgs] = None,
self_hosted_domains: Optional[Sequence[str]] = None,
service_auth401_redirect: Optional[bool] = None,
session_duration: Optional[str] = None,
skip_app_launcher_login_page: Optional[bool] = None,
skip_interstitial: Optional[bool] = None,
tags: Optional[Sequence[str]] = None,
target_criterias: Optional[Sequence[ZeroTrustAccessApplicationTargetCriteriaArgs]] = None,
type: Optional[str] = None,
zone_id: Optional[str] = None)func NewZeroTrustAccessApplication(ctx *Context, name string, args *ZeroTrustAccessApplicationArgs, opts ...ResourceOption) (*ZeroTrustAccessApplication, error)public ZeroTrustAccessApplication(string name, ZeroTrustAccessApplicationArgs? args = null, CustomResourceOptions? opts = null)
public ZeroTrustAccessApplication(String name, ZeroTrustAccessApplicationArgs args)
public ZeroTrustAccessApplication(String name, ZeroTrustAccessApplicationArgs args, CustomResourceOptions options)
type: cloudflare:ZeroTrustAccessApplication
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ZeroTrustAccessApplicationArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ZeroTrustAccessApplicationArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ZeroTrustAccessApplicationArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ZeroTrustAccessApplicationArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ZeroTrustAccessApplicationArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var zeroTrustAccessApplicationResource = new Cloudflare.ZeroTrustAccessApplication("zeroTrustAccessApplicationResource", new()
{
AccountId = "string",
AllowAuthenticateViaWarp = false,
AllowedIdps = new[]
{
"string",
},
AppLauncherLogoUrl = "string",
AppLauncherVisible = false,
AutoRedirectToIdentity = false,
BgColor = "string",
CorsHeaders = new Cloudflare.Inputs.ZeroTrustAccessApplicationCorsHeadersArgs
{
AllowAllHeaders = false,
AllowAllMethods = false,
AllowAllOrigins = false,
AllowCredentials = false,
AllowedHeaders = new[]
{
"string",
},
AllowedMethods = new[]
{
"string",
},
AllowedOrigins = new[]
{
"string",
},
MaxAge = 0,
},
CustomDenyMessage = "string",
CustomDenyUrl = "string",
CustomNonIdentityDenyUrl = "string",
CustomPages = new[]
{
"string",
},
Destinations = new[]
{
new Cloudflare.Inputs.ZeroTrustAccessApplicationDestinationArgs
{
Cidr = "string",
Hostname = "string",
L4Protocol = "string",
PortRange = "string",
Type = "string",
Uri = "string",
VnetId = "string",
},
},
Domain = "string",
EnableBindingCookie = false,
FooterLinks = new[]
{
new Cloudflare.Inputs.ZeroTrustAccessApplicationFooterLinkArgs
{
Name = "string",
Url = "string",
},
},
HeaderBgColor = "string",
HttpOnlyCookieAttribute = false,
LandingPageDesign = new Cloudflare.Inputs.ZeroTrustAccessApplicationLandingPageDesignArgs
{
ButtonColor = "string",
ButtonTextColor = "string",
ImageUrl = "string",
Message = "string",
Title = "string",
},
LogoUrl = "string",
Name = "string",
OptionsPreflightBypass = false,
PathCookieAttribute = false,
Policies = new[]
{
new Cloudflare.Inputs.ZeroTrustAccessApplicationPolicyArgs
{
ConnectionRules = new Cloudflare.Inputs.ZeroTrustAccessApplicationPolicyConnectionRulesArgs
{
Ssh = new Cloudflare.Inputs.ZeroTrustAccessApplicationPolicyConnectionRulesSshArgs
{
Usernames = new[]
{
"string",
},
AllowEmailAlias = false,
},
},
Decision = "string",
Excludes = new[]
{
new Cloudflare.Inputs.ZeroTrustAccessApplicationPolicyExcludeArgs
{
AnyValidServiceToken = null,
AuthContext = new Cloudflare.Inputs.ZeroTrustAccessApplicationPolicyExcludeAuthContextArgs
{
AcId = "string",
Id = "string",
IdentityProviderId = "string",
},
AuthMethod = new Cloudflare.Inputs.ZeroTrustAccessApplicationPolicyExcludeAuthMethodArgs
{
AuthMethod = "string",
},
AzureAd = new Cloudflare.Inputs.ZeroTrustAccessApplicationPolicyExcludeAzureAdArgs
{
Id = "string",
IdentityProviderId = "string",
},
Certificate = null,
CommonName = new Cloudflare.Inputs.ZeroTrustAccessApplicationPolicyExcludeCommonNameArgs
{
CommonName = "string",
},
DevicePosture = new Cloudflare.Inputs.ZeroTrustAccessApplicationPolicyExcludeDevicePostureArgs
{
IntegrationUid = "string",
},
Email = new Cloudflare.Inputs.ZeroTrustAccessApplicationPolicyExcludeEmailArgs
{
Email = "string",
},
EmailDomain = new Cloudflare.Inputs.ZeroTrustAccessApplicationPolicyExcludeEmailDomainArgs
{
Domain = "string",
},
EmailList = new Cloudflare.Inputs.ZeroTrustAccessApplicationPolicyExcludeEmailListArgs
{
Id = "string",
},
Everyone = null,
ExternalEvaluation = new Cloudflare.Inputs.ZeroTrustAccessApplicationPolicyExcludeExternalEvaluationArgs
{
EvaluateUrl = "string",
KeysUrl = "string",
},
Geo = new Cloudflare.Inputs.ZeroTrustAccessApplicationPolicyExcludeGeoArgs
{
CountryCode = "string",
},
GithubOrganization = new Cloudflare.Inputs.ZeroTrustAccessApplicationPolicyExcludeGithubOrganizationArgs
{
IdentityProviderId = "string",
Name = "string",
Team = "string",
},
Group = new Cloudflare.Inputs.ZeroTrustAccessApplicationPolicyExcludeGroupArgs
{
Id = "string",
},
Gsuite = new Cloudflare.Inputs.ZeroTrustAccessApplicationPolicyExcludeGsuiteArgs
{
Email = "string",
IdentityProviderId = "string",
},
Ip = new Cloudflare.Inputs.ZeroTrustAccessApplicationPolicyExcludeIpArgs
{
Ip = "string",
},
IpList = new Cloudflare.Inputs.ZeroTrustAccessApplicationPolicyExcludeIpListArgs
{
Id = "string",
},
LoginMethod = new Cloudflare.Inputs.ZeroTrustAccessApplicationPolicyExcludeLoginMethodArgs
{
Id = "string",
},
Okta = new Cloudflare.Inputs.ZeroTrustAccessApplicationPolicyExcludeOktaArgs
{
IdentityProviderId = "string",
Name = "string",
},
Saml = new Cloudflare.Inputs.ZeroTrustAccessApplicationPolicyExcludeSamlArgs
{
AttributeName = "string",
AttributeValue = "string",
IdentityProviderId = "string",
},
ServiceToken = new Cloudflare.Inputs.ZeroTrustAccessApplicationPolicyExcludeServiceTokenArgs
{
TokenId = "string",
},
},
},
Id = "string",
Includes = new[]
{
new Cloudflare.Inputs.ZeroTrustAccessApplicationPolicyIncludeArgs
{
AnyValidServiceToken = null,
AuthContext = new Cloudflare.Inputs.ZeroTrustAccessApplicationPolicyIncludeAuthContextArgs
{
AcId = "string",
Id = "string",
IdentityProviderId = "string",
},
AuthMethod = new Cloudflare.Inputs.ZeroTrustAccessApplicationPolicyIncludeAuthMethodArgs
{
AuthMethod = "string",
},
AzureAd = new Cloudflare.Inputs.ZeroTrustAccessApplicationPolicyIncludeAzureAdArgs
{
Id = "string",
IdentityProviderId = "string",
},
Certificate = null,
CommonName = new Cloudflare.Inputs.ZeroTrustAccessApplicationPolicyIncludeCommonNameArgs
{
CommonName = "string",
},
DevicePosture = new Cloudflare.Inputs.ZeroTrustAccessApplicationPolicyIncludeDevicePostureArgs
{
IntegrationUid = "string",
},
Email = new Cloudflare.Inputs.ZeroTrustAccessApplicationPolicyIncludeEmailArgs
{
Email = "string",
},
EmailDomain = new Cloudflare.Inputs.ZeroTrustAccessApplicationPolicyIncludeEmailDomainArgs
{
Domain = "string",
},
EmailList = new Cloudflare.Inputs.ZeroTrustAccessApplicationPolicyIncludeEmailListArgs
{
Id = "string",
},
Everyone = null,
ExternalEvaluation = new Cloudflare.Inputs.ZeroTrustAccessApplicationPolicyIncludeExternalEvaluationArgs
{
EvaluateUrl = "string",
KeysUrl = "string",
},
Geo = new Cloudflare.Inputs.ZeroTrustAccessApplicationPolicyIncludeGeoArgs
{
CountryCode = "string",
},
GithubOrganization = new Cloudflare.Inputs.ZeroTrustAccessApplicationPolicyIncludeGithubOrganizationArgs
{
IdentityProviderId = "string",
Name = "string",
Team = "string",
},
Group = new Cloudflare.Inputs.ZeroTrustAccessApplicationPolicyIncludeGroupArgs
{
Id = "string",
},
Gsuite = new Cloudflare.Inputs.ZeroTrustAccessApplicationPolicyIncludeGsuiteArgs
{
Email = "string",
IdentityProviderId = "string",
},
Ip = new Cloudflare.Inputs.ZeroTrustAccessApplicationPolicyIncludeIpArgs
{
Ip = "string",
},
IpList = new Cloudflare.Inputs.ZeroTrustAccessApplicationPolicyIncludeIpListArgs
{
Id = "string",
},
LoginMethod = new Cloudflare.Inputs.ZeroTrustAccessApplicationPolicyIncludeLoginMethodArgs
{
Id = "string",
},
Okta = new Cloudflare.Inputs.ZeroTrustAccessApplicationPolicyIncludeOktaArgs
{
IdentityProviderId = "string",
Name = "string",
},
Saml = new Cloudflare.Inputs.ZeroTrustAccessApplicationPolicyIncludeSamlArgs
{
AttributeName = "string",
AttributeValue = "string",
IdentityProviderId = "string",
},
ServiceToken = new Cloudflare.Inputs.ZeroTrustAccessApplicationPolicyIncludeServiceTokenArgs
{
TokenId = "string",
},
},
},
Name = "string",
Precedence = 0,
Requires = new[]
{
new Cloudflare.Inputs.ZeroTrustAccessApplicationPolicyRequireArgs
{
AnyValidServiceToken = null,
AuthContext = new Cloudflare.Inputs.ZeroTrustAccessApplicationPolicyRequireAuthContextArgs
{
AcId = "string",
Id = "string",
IdentityProviderId = "string",
},
AuthMethod = new Cloudflare.Inputs.ZeroTrustAccessApplicationPolicyRequireAuthMethodArgs
{
AuthMethod = "string",
},
AzureAd = new Cloudflare.Inputs.ZeroTrustAccessApplicationPolicyRequireAzureAdArgs
{
Id = "string",
IdentityProviderId = "string",
},
Certificate = null,
CommonName = new Cloudflare.Inputs.ZeroTrustAccessApplicationPolicyRequireCommonNameArgs
{
CommonName = "string",
},
DevicePosture = new Cloudflare.Inputs.ZeroTrustAccessApplicationPolicyRequireDevicePostureArgs
{
IntegrationUid = "string",
},
Email = new Cloudflare.Inputs.ZeroTrustAccessApplicationPolicyRequireEmailArgs
{
Email = "string",
},
EmailDomain = new Cloudflare.Inputs.ZeroTrustAccessApplicationPolicyRequireEmailDomainArgs
{
Domain = "string",
},
EmailList = new Cloudflare.Inputs.ZeroTrustAccessApplicationPolicyRequireEmailListArgs
{
Id = "string",
},
Everyone = null,
ExternalEvaluation = new Cloudflare.Inputs.ZeroTrustAccessApplicationPolicyRequireExternalEvaluationArgs
{
EvaluateUrl = "string",
KeysUrl = "string",
},
Geo = new Cloudflare.Inputs.ZeroTrustAccessApplicationPolicyRequireGeoArgs
{
CountryCode = "string",
},
GithubOrganization = new Cloudflare.Inputs.ZeroTrustAccessApplicationPolicyRequireGithubOrganizationArgs
{
IdentityProviderId = "string",
Name = "string",
Team = "string",
},
Group = new Cloudflare.Inputs.ZeroTrustAccessApplicationPolicyRequireGroupArgs
{
Id = "string",
},
Gsuite = new Cloudflare.Inputs.ZeroTrustAccessApplicationPolicyRequireGsuiteArgs
{
Email = "string",
IdentityProviderId = "string",
},
Ip = new Cloudflare.Inputs.ZeroTrustAccessApplicationPolicyRequireIpArgs
{
Ip = "string",
},
IpList = new Cloudflare.Inputs.ZeroTrustAccessApplicationPolicyRequireIpListArgs
{
Id = "string",
},
LoginMethod = new Cloudflare.Inputs.ZeroTrustAccessApplicationPolicyRequireLoginMethodArgs
{
Id = "string",
},
Okta = new Cloudflare.Inputs.ZeroTrustAccessApplicationPolicyRequireOktaArgs
{
IdentityProviderId = "string",
Name = "string",
},
Saml = new Cloudflare.Inputs.ZeroTrustAccessApplicationPolicyRequireSamlArgs
{
AttributeName = "string",
AttributeValue = "string",
IdentityProviderId = "string",
},
ServiceToken = new Cloudflare.Inputs.ZeroTrustAccessApplicationPolicyRequireServiceTokenArgs
{
TokenId = "string",
},
},
},
},
},
ReadServiceTokensFromHeader = "string",
SaasApp = new Cloudflare.Inputs.ZeroTrustAccessApplicationSaasAppArgs
{
AccessTokenLifetime = "string",
AllowPkceWithoutClientSecret = false,
AppLauncherUrl = "string",
AuthType = "string",
ClientId = "string",
ClientSecret = "string",
ConsumerServiceUrl = "string",
CreatedAt = "string",
CustomAttributes = new[]
{
new Cloudflare.Inputs.ZeroTrustAccessApplicationSaasAppCustomAttributeArgs
{
FriendlyName = "string",
Name = "string",
NameFormat = "string",
Required = false,
Source = new Cloudflare.Inputs.ZeroTrustAccessApplicationSaasAppCustomAttributeSourceArgs
{
Name = "string",
NameByIdps = new[]
{
new Cloudflare.Inputs.ZeroTrustAccessApplicationSaasAppCustomAttributeSourceNameByIdpArgs
{
IdpId = "string",
SourceName = "string",
},
},
},
},
},
CustomClaims = new[]
{
new Cloudflare.Inputs.ZeroTrustAccessApplicationSaasAppCustomClaimArgs
{
Name = "string",
Required = false,
Scope = "string",
Source = new Cloudflare.Inputs.ZeroTrustAccessApplicationSaasAppCustomClaimSourceArgs
{
Name = "string",
NameByIdp =
{
{ "string", "string" },
},
},
},
},
DefaultRelayState = "string",
GrantTypes = new[]
{
"string",
},
GroupFilterRegex = "string",
HybridAndImplicitOptions = new Cloudflare.Inputs.ZeroTrustAccessApplicationSaasAppHybridAndImplicitOptionsArgs
{
ReturnAccessTokenFromAuthorizationEndpoint = false,
ReturnIdTokenFromAuthorizationEndpoint = false,
},
IdpEntityId = "string",
NameIdFormat = "string",
NameIdTransformJsonata = "string",
PublicKey = "string",
RedirectUris = new[]
{
"string",
},
RefreshTokenOptions = new Cloudflare.Inputs.ZeroTrustAccessApplicationSaasAppRefreshTokenOptionsArgs
{
Lifetime = "string",
},
SamlAttributeTransformJsonata = "string",
Scopes = new[]
{
"string",
},
SpEntityId = "string",
SsoEndpoint = "string",
UpdatedAt = "string",
},
SameSiteCookieAttribute = "string",
ScimConfig = new Cloudflare.Inputs.ZeroTrustAccessApplicationScimConfigArgs
{
IdpUid = "string",
RemoteUri = "string",
Authentication = new Cloudflare.Inputs.ZeroTrustAccessApplicationScimConfigAuthenticationArgs
{
Scheme = "string",
AuthorizationUrl = "string",
ClientId = "string",
ClientSecret = "string",
Password = "string",
Scopes = new[]
{
"string",
},
Token = "string",
TokenUrl = "string",
User = "string",
},
DeactivateOnDelete = false,
Enabled = false,
Mappings = new[]
{
new Cloudflare.Inputs.ZeroTrustAccessApplicationScimConfigMappingArgs
{
Schema = "string",
Enabled = false,
Filter = "string",
Operations = new Cloudflare.Inputs.ZeroTrustAccessApplicationScimConfigMappingOperationsArgs
{
Create = false,
Delete = false,
Update = false,
},
Strictness = "string",
TransformJsonata = "string",
},
},
},
ServiceAuth401Redirect = false,
SessionDuration = "string",
SkipAppLauncherLoginPage = false,
SkipInterstitial = false,
Tags = new[]
{
"string",
},
TargetCriterias = new[]
{
new Cloudflare.Inputs.ZeroTrustAccessApplicationTargetCriteriaArgs
{
Port = 0,
Protocol = "string",
TargetAttributes =
{
{ "string", new[]
{
"string",
} },
},
},
},
Type = "string",
ZoneId = "string",
});
example, err := cloudflare.NewZeroTrustAccessApplication(ctx, "zeroTrustAccessApplicationResource", &cloudflare.ZeroTrustAccessApplicationArgs{
AccountId: pulumi.String("string"),
AllowAuthenticateViaWarp: pulumi.Bool(false),
AllowedIdps: pulumi.StringArray{
pulumi.String("string"),
},
AppLauncherLogoUrl: pulumi.String("string"),
AppLauncherVisible: pulumi.Bool(false),
AutoRedirectToIdentity: pulumi.Bool(false),
BgColor: pulumi.String("string"),
CorsHeaders: &cloudflare.ZeroTrustAccessApplicationCorsHeadersArgs{
AllowAllHeaders: pulumi.Bool(false),
AllowAllMethods: pulumi.Bool(false),
AllowAllOrigins: pulumi.Bool(false),
AllowCredentials: pulumi.Bool(false),
AllowedHeaders: pulumi.StringArray{
pulumi.String("string"),
},
AllowedMethods: pulumi.StringArray{
pulumi.String("string"),
},
AllowedOrigins: pulumi.StringArray{
pulumi.String("string"),
},
MaxAge: pulumi.Float64(0),
},
CustomDenyMessage: pulumi.String("string"),
CustomDenyUrl: pulumi.String("string"),
CustomNonIdentityDenyUrl: pulumi.String("string"),
CustomPages: pulumi.StringArray{
pulumi.String("string"),
},
Destinations: cloudflare.ZeroTrustAccessApplicationDestinationArray{
&cloudflare.ZeroTrustAccessApplicationDestinationArgs{
Cidr: pulumi.String("string"),
Hostname: pulumi.String("string"),
L4Protocol: pulumi.String("string"),
PortRange: pulumi.String("string"),
Type: pulumi.String("string"),
Uri: pulumi.String("string"),
VnetId: pulumi.String("string"),
},
},
Domain: pulumi.String("string"),
EnableBindingCookie: pulumi.Bool(false),
FooterLinks: cloudflare.ZeroTrustAccessApplicationFooterLinkArray{
&cloudflare.ZeroTrustAccessApplicationFooterLinkArgs{
Name: pulumi.String("string"),
Url: pulumi.String("string"),
},
},
HeaderBgColor: pulumi.String("string"),
HttpOnlyCookieAttribute: pulumi.Bool(false),
LandingPageDesign: &cloudflare.ZeroTrustAccessApplicationLandingPageDesignArgs{
ButtonColor: pulumi.String("string"),
ButtonTextColor: pulumi.String("string"),
ImageUrl: pulumi.String("string"),
Message: pulumi.String("string"),
Title: pulumi.String("string"),
},
LogoUrl: pulumi.String("string"),
Name: pulumi.String("string"),
OptionsPreflightBypass: pulumi.Bool(false),
PathCookieAttribute: pulumi.Bool(false),
Policies: cloudflare.ZeroTrustAccessApplicationPolicyArray{
&cloudflare.ZeroTrustAccessApplicationPolicyArgs{
ConnectionRules: &cloudflare.ZeroTrustAccessApplicationPolicyConnectionRulesArgs{
Ssh: &cloudflare.ZeroTrustAccessApplicationPolicyConnectionRulesSshArgs{
Usernames: pulumi.StringArray{
pulumi.String("string"),
},
AllowEmailAlias: pulumi.Bool(false),
},
},
Decision: pulumi.String("string"),
Excludes: cloudflare.ZeroTrustAccessApplicationPolicyExcludeArray{
&cloudflare.ZeroTrustAccessApplicationPolicyExcludeArgs{
AnyValidServiceToken: &cloudflare.ZeroTrustAccessApplicationPolicyExcludeAnyValidServiceTokenArgs{},
AuthContext: &cloudflare.ZeroTrustAccessApplicationPolicyExcludeAuthContextArgs{
AcId: pulumi.String("string"),
Id: pulumi.String("string"),
IdentityProviderId: pulumi.String("string"),
},
AuthMethod: &cloudflare.ZeroTrustAccessApplicationPolicyExcludeAuthMethodArgs{
AuthMethod: pulumi.String("string"),
},
AzureAd: &cloudflare.ZeroTrustAccessApplicationPolicyExcludeAzureAdArgs{
Id: pulumi.String("string"),
IdentityProviderId: pulumi.String("string"),
},
Certificate: &cloudflare.ZeroTrustAccessApplicationPolicyExcludeCertificateArgs{},
CommonName: &cloudflare.ZeroTrustAccessApplicationPolicyExcludeCommonNameArgs{
CommonName: pulumi.String("string"),
},
DevicePosture: &cloudflare.ZeroTrustAccessApplicationPolicyExcludeDevicePostureArgs{
IntegrationUid: pulumi.String("string"),
},
Email: &cloudflare.ZeroTrustAccessApplicationPolicyExcludeEmailArgs{
Email: pulumi.String("string"),
},
EmailDomain: &cloudflare.ZeroTrustAccessApplicationPolicyExcludeEmailDomainArgs{
Domain: pulumi.String("string"),
},
EmailList: &cloudflare.ZeroTrustAccessApplicationPolicyExcludeEmailListArgs{
Id: pulumi.String("string"),
},
Everyone: &cloudflare.ZeroTrustAccessApplicationPolicyExcludeEveryoneArgs{},
ExternalEvaluation: &cloudflare.ZeroTrustAccessApplicationPolicyExcludeExternalEvaluationArgs{
EvaluateUrl: pulumi.String("string"),
KeysUrl: pulumi.String("string"),
},
Geo: &cloudflare.ZeroTrustAccessApplicationPolicyExcludeGeoArgs{
CountryCode: pulumi.String("string"),
},
GithubOrganization: &cloudflare.ZeroTrustAccessApplicationPolicyExcludeGithubOrganizationArgs{
IdentityProviderId: pulumi.String("string"),
Name: pulumi.String("string"),
Team: pulumi.String("string"),
},
Group: &cloudflare.ZeroTrustAccessApplicationPolicyExcludeGroupArgs{
Id: pulumi.String("string"),
},
Gsuite: &cloudflare.ZeroTrustAccessApplicationPolicyExcludeGsuiteArgs{
Email: pulumi.String("string"),
IdentityProviderId: pulumi.String("string"),
},
Ip: &cloudflare.ZeroTrustAccessApplicationPolicyExcludeIpArgs{
Ip: pulumi.String("string"),
},
IpList: &cloudflare.ZeroTrustAccessApplicationPolicyExcludeIpListArgs{
Id: pulumi.String("string"),
},
LoginMethod: &cloudflare.ZeroTrustAccessApplicationPolicyExcludeLoginMethodArgs{
Id: pulumi.String("string"),
},
Okta: &cloudflare.ZeroTrustAccessApplicationPolicyExcludeOktaArgs{
IdentityProviderId: pulumi.String("string"),
Name: pulumi.String("string"),
},
Saml: &cloudflare.ZeroTrustAccessApplicationPolicyExcludeSamlArgs{
AttributeName: pulumi.String("string"),
AttributeValue: pulumi.String("string"),
IdentityProviderId: pulumi.String("string"),
},
ServiceToken: &cloudflare.ZeroTrustAccessApplicationPolicyExcludeServiceTokenArgs{
TokenId: pulumi.String("string"),
},
},
},
Id: pulumi.String("string"),
Includes: cloudflare.ZeroTrustAccessApplicationPolicyIncludeArray{
&cloudflare.ZeroTrustAccessApplicationPolicyIncludeArgs{
AnyValidServiceToken: &cloudflare.ZeroTrustAccessApplicationPolicyIncludeAnyValidServiceTokenArgs{},
AuthContext: &cloudflare.ZeroTrustAccessApplicationPolicyIncludeAuthContextArgs{
AcId: pulumi.String("string"),
Id: pulumi.String("string"),
IdentityProviderId: pulumi.String("string"),
},
AuthMethod: &cloudflare.ZeroTrustAccessApplicationPolicyIncludeAuthMethodArgs{
AuthMethod: pulumi.String("string"),
},
AzureAd: &cloudflare.ZeroTrustAccessApplicationPolicyIncludeAzureAdArgs{
Id: pulumi.String("string"),
IdentityProviderId: pulumi.String("string"),
},
Certificate: &cloudflare.ZeroTrustAccessApplicationPolicyIncludeCertificateArgs{},
CommonName: &cloudflare.ZeroTrustAccessApplicationPolicyIncludeCommonNameArgs{
CommonName: pulumi.String("string"),
},
DevicePosture: &cloudflare.ZeroTrustAccessApplicationPolicyIncludeDevicePostureArgs{
IntegrationUid: pulumi.String("string"),
},
Email: &cloudflare.ZeroTrustAccessApplicationPolicyIncludeEmailArgs{
Email: pulumi.String("string"),
},
EmailDomain: &cloudflare.ZeroTrustAccessApplicationPolicyIncludeEmailDomainArgs{
Domain: pulumi.String("string"),
},
EmailList: &cloudflare.ZeroTrustAccessApplicationPolicyIncludeEmailListArgs{
Id: pulumi.String("string"),
},
Everyone: &cloudflare.ZeroTrustAccessApplicationPolicyIncludeEveryoneArgs{},
ExternalEvaluation: &cloudflare.ZeroTrustAccessApplicationPolicyIncludeExternalEvaluationArgs{
EvaluateUrl: pulumi.String("string"),
KeysUrl: pulumi.String("string"),
},
Geo: &cloudflare.ZeroTrustAccessApplicationPolicyIncludeGeoArgs{
CountryCode: pulumi.String("string"),
},
GithubOrganization: &cloudflare.ZeroTrustAccessApplicationPolicyIncludeGithubOrganizationArgs{
IdentityProviderId: pulumi.String("string"),
Name: pulumi.String("string"),
Team: pulumi.String("string"),
},
Group: &cloudflare.ZeroTrustAccessApplicationPolicyIncludeGroupArgs{
Id: pulumi.String("string"),
},
Gsuite: &cloudflare.ZeroTrustAccessApplicationPolicyIncludeGsuiteArgs{
Email: pulumi.String("string"),
IdentityProviderId: pulumi.String("string"),
},
Ip: &cloudflare.ZeroTrustAccessApplicationPolicyIncludeIpArgs{
Ip: pulumi.String("string"),
},
IpList: &cloudflare.ZeroTrustAccessApplicationPolicyIncludeIpListArgs{
Id: pulumi.String("string"),
},
LoginMethod: &cloudflare.ZeroTrustAccessApplicationPolicyIncludeLoginMethodArgs{
Id: pulumi.String("string"),
},
Okta: &cloudflare.ZeroTrustAccessApplicationPolicyIncludeOktaArgs{
IdentityProviderId: pulumi.String("string"),
Name: pulumi.String("string"),
},
Saml: &cloudflare.ZeroTrustAccessApplicationPolicyIncludeSamlArgs{
AttributeName: pulumi.String("string"),
AttributeValue: pulumi.String("string"),
IdentityProviderId: pulumi.String("string"),
},
ServiceToken: &cloudflare.ZeroTrustAccessApplicationPolicyIncludeServiceTokenArgs{
TokenId: pulumi.String("string"),
},
},
},
Name: pulumi.String("string"),
Precedence: pulumi.Int(0),
Requires: cloudflare.ZeroTrustAccessApplicationPolicyRequireArray{
&cloudflare.ZeroTrustAccessApplicationPolicyRequireArgs{
AnyValidServiceToken: &cloudflare.ZeroTrustAccessApplicationPolicyRequireAnyValidServiceTokenArgs{},
AuthContext: &cloudflare.ZeroTrustAccessApplicationPolicyRequireAuthContextArgs{
AcId: pulumi.String("string"),
Id: pulumi.String("string"),
IdentityProviderId: pulumi.String("string"),
},
AuthMethod: &cloudflare.ZeroTrustAccessApplicationPolicyRequireAuthMethodArgs{
AuthMethod: pulumi.String("string"),
},
AzureAd: &cloudflare.ZeroTrustAccessApplicationPolicyRequireAzureAdArgs{
Id: pulumi.String("string"),
IdentityProviderId: pulumi.String("string"),
},
Certificate: &cloudflare.ZeroTrustAccessApplicationPolicyRequireCertificateArgs{},
CommonName: &cloudflare.ZeroTrustAccessApplicationPolicyRequireCommonNameArgs{
CommonName: pulumi.String("string"),
},
DevicePosture: &cloudflare.ZeroTrustAccessApplicationPolicyRequireDevicePostureArgs{
IntegrationUid: pulumi.String("string"),
},
Email: &cloudflare.ZeroTrustAccessApplicationPolicyRequireEmailArgs{
Email: pulumi.String("string"),
},
EmailDomain: &cloudflare.ZeroTrustAccessApplicationPolicyRequireEmailDomainArgs{
Domain: pulumi.String("string"),
},
EmailList: &cloudflare.ZeroTrustAccessApplicationPolicyRequireEmailListArgs{
Id: pulumi.String("string"),
},
Everyone: &cloudflare.ZeroTrustAccessApplicationPolicyRequireEveryoneArgs{},
ExternalEvaluation: &cloudflare.ZeroTrustAccessApplicationPolicyRequireExternalEvaluationArgs{
EvaluateUrl: pulumi.String("string"),
KeysUrl: pulumi.String("string"),
},
Geo: &cloudflare.ZeroTrustAccessApplicationPolicyRequireGeoArgs{
CountryCode: pulumi.String("string"),
},
GithubOrganization: &cloudflare.ZeroTrustAccessApplicationPolicyRequireGithubOrganizationArgs{
IdentityProviderId: pulumi.String("string"),
Name: pulumi.String("string"),
Team: pulumi.String("string"),
},
Group: &cloudflare.ZeroTrustAccessApplicationPolicyRequireGroupArgs{
Id: pulumi.String("string"),
},
Gsuite: &cloudflare.ZeroTrustAccessApplicationPolicyRequireGsuiteArgs{
Email: pulumi.String("string"),
IdentityProviderId: pulumi.String("string"),
},
Ip: &cloudflare.ZeroTrustAccessApplicationPolicyRequireIpArgs{
Ip: pulumi.String("string"),
},
IpList: &cloudflare.ZeroTrustAccessApplicationPolicyRequireIpListArgs{
Id: pulumi.String("string"),
},
LoginMethod: &cloudflare.ZeroTrustAccessApplicationPolicyRequireLoginMethodArgs{
Id: pulumi.String("string"),
},
Okta: &cloudflare.ZeroTrustAccessApplicationPolicyRequireOktaArgs{
IdentityProviderId: pulumi.String("string"),
Name: pulumi.String("string"),
},
Saml: &cloudflare.ZeroTrustAccessApplicationPolicyRequireSamlArgs{
AttributeName: pulumi.String("string"),
AttributeValue: pulumi.String("string"),
IdentityProviderId: pulumi.String("string"),
},
ServiceToken: &cloudflare.ZeroTrustAccessApplicationPolicyRequireServiceTokenArgs{
TokenId: pulumi.String("string"),
},
},
},
},
},
ReadServiceTokensFromHeader: pulumi.String("string"),
SaasApp: &cloudflare.ZeroTrustAccessApplicationSaasAppArgs{
AccessTokenLifetime: pulumi.String("string"),
AllowPkceWithoutClientSecret: pulumi.Bool(false),
AppLauncherUrl: pulumi.String("string"),
AuthType: pulumi.String("string"),
ClientId: pulumi.String("string"),
ClientSecret: pulumi.String("string"),
ConsumerServiceUrl: pulumi.String("string"),
CreatedAt: pulumi.String("string"),
CustomAttributes: cloudflare.ZeroTrustAccessApplicationSaasAppCustomAttributeArray{
&cloudflare.ZeroTrustAccessApplicationSaasAppCustomAttributeArgs{
FriendlyName: pulumi.String("string"),
Name: pulumi.String("string"),
NameFormat: pulumi.String("string"),
Required: pulumi.Bool(false),
Source: &cloudflare.ZeroTrustAccessApplicationSaasAppCustomAttributeSourceArgs{
Name: pulumi.String("string"),
NameByIdps: cloudflare.ZeroTrustAccessApplicationSaasAppCustomAttributeSourceNameByIdpArray{
&cloudflare.ZeroTrustAccessApplicationSaasAppCustomAttributeSourceNameByIdpArgs{
IdpId: pulumi.String("string"),
SourceName: pulumi.String("string"),
},
},
},
},
},
CustomClaims: cloudflare.ZeroTrustAccessApplicationSaasAppCustomClaimArray{
&cloudflare.ZeroTrustAccessApplicationSaasAppCustomClaimArgs{
Name: pulumi.String("string"),
Required: pulumi.Bool(false),
Scope: pulumi.String("string"),
Source: &cloudflare.ZeroTrustAccessApplicationSaasAppCustomClaimSourceArgs{
Name: pulumi.String("string"),
NameByIdp: pulumi.StringMap{
"string": pulumi.String("string"),
},
},
},
},
DefaultRelayState: pulumi.String("string"),
GrantTypes: pulumi.StringArray{
pulumi.String("string"),
},
GroupFilterRegex: pulumi.String("string"),
HybridAndImplicitOptions: &cloudflare.ZeroTrustAccessApplicationSaasAppHybridAndImplicitOptionsArgs{
ReturnAccessTokenFromAuthorizationEndpoint: pulumi.Bool(false),
ReturnIdTokenFromAuthorizationEndpoint: pulumi.Bool(false),
},
IdpEntityId: pulumi.String("string"),
NameIdFormat: pulumi.String("string"),
NameIdTransformJsonata: pulumi.String("string"),
PublicKey: pulumi.String("string"),
RedirectUris: pulumi.StringArray{
pulumi.String("string"),
},
RefreshTokenOptions: &cloudflare.ZeroTrustAccessApplicationSaasAppRefreshTokenOptionsArgs{
Lifetime: pulumi.String("string"),
},
SamlAttributeTransformJsonata: pulumi.String("string"),
Scopes: pulumi.StringArray{
pulumi.String("string"),
},
SpEntityId: pulumi.String("string"),
SsoEndpoint: pulumi.String("string"),
UpdatedAt: pulumi.String("string"),
},
SameSiteCookieAttribute: pulumi.String("string"),
ScimConfig: &cloudflare.ZeroTrustAccessApplicationScimConfigArgs{
IdpUid: pulumi.String("string"),
RemoteUri: pulumi.String("string"),
Authentication: &cloudflare.ZeroTrustAccessApplicationScimConfigAuthenticationArgs{
Scheme: pulumi.String("string"),
AuthorizationUrl: pulumi.String("string"),
ClientId: pulumi.String("string"),
ClientSecret: pulumi.String("string"),
Password: pulumi.String("string"),
Scopes: pulumi.StringArray{
pulumi.String("string"),
},
Token: pulumi.String("string"),
TokenUrl: pulumi.String("string"),
User: pulumi.String("string"),
},
DeactivateOnDelete: pulumi.Bool(false),
Enabled: pulumi.Bool(false),
Mappings: cloudflare.ZeroTrustAccessApplicationScimConfigMappingArray{
&cloudflare.ZeroTrustAccessApplicationScimConfigMappingArgs{
Schema: pulumi.String("string"),
Enabled: pulumi.Bool(false),
Filter: pulumi.String("string"),
Operations: &cloudflare.ZeroTrustAccessApplicationScimConfigMappingOperationsArgs{
Create: pulumi.Bool(false),
Delete: pulumi.Bool(false),
Update: pulumi.Bool(false),
},
Strictness: pulumi.String("string"),
TransformJsonata: pulumi.String("string"),
},
},
},
ServiceAuth401Redirect: pulumi.Bool(false),
SessionDuration: pulumi.String("string"),
SkipAppLauncherLoginPage: pulumi.Bool(false),
SkipInterstitial: pulumi.Bool(false),
Tags: pulumi.StringArray{
pulumi.String("string"),
},
TargetCriterias: cloudflare.ZeroTrustAccessApplicationTargetCriteriaArray{
&cloudflare.ZeroTrustAccessApplicationTargetCriteriaArgs{
Port: pulumi.Int(0),
Protocol: pulumi.String("string"),
TargetAttributes: pulumi.StringArrayMap{
"string": pulumi.StringArray{
pulumi.String("string"),
},
},
},
},
Type: pulumi.String("string"),
ZoneId: pulumi.String("string"),
})
var zeroTrustAccessApplicationResource = new ZeroTrustAccessApplication("zeroTrustAccessApplicationResource", ZeroTrustAccessApplicationArgs.builder()
.accountId("string")
.allowAuthenticateViaWarp(false)
.allowedIdps("string")
.appLauncherLogoUrl("string")
.appLauncherVisible(false)
.autoRedirectToIdentity(false)
.bgColor("string")
.corsHeaders(ZeroTrustAccessApplicationCorsHeadersArgs.builder()
.allowAllHeaders(false)
.allowAllMethods(false)
.allowAllOrigins(false)
.allowCredentials(false)
.allowedHeaders("string")
.allowedMethods("string")
.allowedOrigins("string")
.maxAge(0)
.build())
.customDenyMessage("string")
.customDenyUrl("string")
.customNonIdentityDenyUrl("string")
.customPages("string")
.destinations(ZeroTrustAccessApplicationDestinationArgs.builder()
.cidr("string")
.hostname("string")
.l4Protocol("string")
.portRange("string")
.type("string")
.uri("string")
.vnetId("string")
.build())
.domain("string")
.enableBindingCookie(false)
.footerLinks(ZeroTrustAccessApplicationFooterLinkArgs.builder()
.name("string")
.url("string")
.build())
.headerBgColor("string")
.httpOnlyCookieAttribute(false)
.landingPageDesign(ZeroTrustAccessApplicationLandingPageDesignArgs.builder()
.buttonColor("string")
.buttonTextColor("string")
.imageUrl("string")
.message("string")
.title("string")
.build())
.logoUrl("string")
.name("string")
.optionsPreflightBypass(false)
.pathCookieAttribute(false)
.policies(ZeroTrustAccessApplicationPolicyArgs.builder()
.connectionRules(ZeroTrustAccessApplicationPolicyConnectionRulesArgs.builder()
.ssh(ZeroTrustAccessApplicationPolicyConnectionRulesSshArgs.builder()
.usernames("string")
.allowEmailAlias(false)
.build())
.build())
.decision("string")
.excludes(ZeroTrustAccessApplicationPolicyExcludeArgs.builder()
.anyValidServiceToken()
.authContext(ZeroTrustAccessApplicationPolicyExcludeAuthContextArgs.builder()
.acId("string")
.id("string")
.identityProviderId("string")
.build())
.authMethod(ZeroTrustAccessApplicationPolicyExcludeAuthMethodArgs.builder()
.authMethod("string")
.build())
.azureAd(ZeroTrustAccessApplicationPolicyExcludeAzureAdArgs.builder()
.id("string")
.identityProviderId("string")
.build())
.certificate()
.commonName(ZeroTrustAccessApplicationPolicyExcludeCommonNameArgs.builder()
.commonName("string")
.build())
.devicePosture(ZeroTrustAccessApplicationPolicyExcludeDevicePostureArgs.builder()
.integrationUid("string")
.build())
.email(ZeroTrustAccessApplicationPolicyExcludeEmailArgs.builder()
.email("string")
.build())
.emailDomain(ZeroTrustAccessApplicationPolicyExcludeEmailDomainArgs.builder()
.domain("string")
.build())
.emailList(ZeroTrustAccessApplicationPolicyExcludeEmailListArgs.builder()
.id("string")
.build())
.everyone()
.externalEvaluation(ZeroTrustAccessApplicationPolicyExcludeExternalEvaluationArgs.builder()
.evaluateUrl("string")
.keysUrl("string")
.build())
.geo(ZeroTrustAccessApplicationPolicyExcludeGeoArgs.builder()
.countryCode("string")
.build())
.githubOrganization(ZeroTrustAccessApplicationPolicyExcludeGithubOrganizationArgs.builder()
.identityProviderId("string")
.name("string")
.team("string")
.build())
.group(ZeroTrustAccessApplicationPolicyExcludeGroupArgs.builder()
.id("string")
.build())
.gsuite(ZeroTrustAccessApplicationPolicyExcludeGsuiteArgs.builder()
.email("string")
.identityProviderId("string")
.build())
.ip(ZeroTrustAccessApplicationPolicyExcludeIpArgs.builder()
.ip("string")
.build())
.ipList(ZeroTrustAccessApplicationPolicyExcludeIpListArgs.builder()
.id("string")
.build())
.loginMethod(ZeroTrustAccessApplicationPolicyExcludeLoginMethodArgs.builder()
.id("string")
.build())
.okta(ZeroTrustAccessApplicationPolicyExcludeOktaArgs.builder()
.identityProviderId("string")
.name("string")
.build())
.saml(ZeroTrustAccessApplicationPolicyExcludeSamlArgs.builder()
.attributeName("string")
.attributeValue("string")
.identityProviderId("string")
.build())
.serviceToken(ZeroTrustAccessApplicationPolicyExcludeServiceTokenArgs.builder()
.tokenId("string")
.build())
.build())
.id("string")
.includes(ZeroTrustAccessApplicationPolicyIncludeArgs.builder()
.anyValidServiceToken()
.authContext(ZeroTrustAccessApplicationPolicyIncludeAuthContextArgs.builder()
.acId("string")
.id("string")
.identityProviderId("string")
.build())
.authMethod(ZeroTrustAccessApplicationPolicyIncludeAuthMethodArgs.builder()
.authMethod("string")
.build())
.azureAd(ZeroTrustAccessApplicationPolicyIncludeAzureAdArgs.builder()
.id("string")
.identityProviderId("string")
.build())
.certificate()
.commonName(ZeroTrustAccessApplicationPolicyIncludeCommonNameArgs.builder()
.commonName("string")
.build())
.devicePosture(ZeroTrustAccessApplicationPolicyIncludeDevicePostureArgs.builder()
.integrationUid("string")
.build())
.email(ZeroTrustAccessApplicationPolicyIncludeEmailArgs.builder()
.email("string")
.build())
.emailDomain(ZeroTrustAccessApplicationPolicyIncludeEmailDomainArgs.builder()
.domain("string")
.build())
.emailList(ZeroTrustAccessApplicationPolicyIncludeEmailListArgs.builder()
.id("string")
.build())
.everyone()
.externalEvaluation(ZeroTrustAccessApplicationPolicyIncludeExternalEvaluationArgs.builder()
.evaluateUrl("string")
.keysUrl("string")
.build())
.geo(ZeroTrustAccessApplicationPolicyIncludeGeoArgs.builder()
.countryCode("string")
.build())
.githubOrganization(ZeroTrustAccessApplicationPolicyIncludeGithubOrganizationArgs.builder()
.identityProviderId("string")
.name("string")
.team("string")
.build())
.group(ZeroTrustAccessApplicationPolicyIncludeGroupArgs.builder()
.id("string")
.build())
.gsuite(ZeroTrustAccessApplicationPolicyIncludeGsuiteArgs.builder()
.email("string")
.identityProviderId("string")
.build())
.ip(ZeroTrustAccessApplicationPolicyIncludeIpArgs.builder()
.ip("string")
.build())
.ipList(ZeroTrustAccessApplicationPolicyIncludeIpListArgs.builder()
.id("string")
.build())
.loginMethod(ZeroTrustAccessApplicationPolicyIncludeLoginMethodArgs.builder()
.id("string")
.build())
.okta(ZeroTrustAccessApplicationPolicyIncludeOktaArgs.builder()
.identityProviderId("string")
.name("string")
.build())
.saml(ZeroTrustAccessApplicationPolicyIncludeSamlArgs.builder()
.attributeName("string")
.attributeValue("string")
.identityProviderId("string")
.build())
.serviceToken(ZeroTrustAccessApplicationPolicyIncludeServiceTokenArgs.builder()
.tokenId("string")
.build())
.build())
.name("string")
.precedence(0)
.requires(ZeroTrustAccessApplicationPolicyRequireArgs.builder()
.anyValidServiceToken()
.authContext(ZeroTrustAccessApplicationPolicyRequireAuthContextArgs.builder()
.acId("string")
.id("string")
.identityProviderId("string")
.build())
.authMethod(ZeroTrustAccessApplicationPolicyRequireAuthMethodArgs.builder()
.authMethod("string")
.build())
.azureAd(ZeroTrustAccessApplicationPolicyRequireAzureAdArgs.builder()
.id("string")
.identityProviderId("string")
.build())
.certificate()
.commonName(ZeroTrustAccessApplicationPolicyRequireCommonNameArgs.builder()
.commonName("string")
.build())
.devicePosture(ZeroTrustAccessApplicationPolicyRequireDevicePostureArgs.builder()
.integrationUid("string")
.build())
.email(ZeroTrustAccessApplicationPolicyRequireEmailArgs.builder()
.email("string")
.build())
.emailDomain(ZeroTrustAccessApplicationPolicyRequireEmailDomainArgs.builder()
.domain("string")
.build())
.emailList(ZeroTrustAccessApplicationPolicyRequireEmailListArgs.builder()
.id("string")
.build())
.everyone()
.externalEvaluation(ZeroTrustAccessApplicationPolicyRequireExternalEvaluationArgs.builder()
.evaluateUrl("string")
.keysUrl("string")
.build())
.geo(ZeroTrustAccessApplicationPolicyRequireGeoArgs.builder()
.countryCode("string")
.build())
.githubOrganization(ZeroTrustAccessApplicationPolicyRequireGithubOrganizationArgs.builder()
.identityProviderId("string")
.name("string")
.team("string")
.build())
.group(ZeroTrustAccessApplicationPolicyRequireGroupArgs.builder()
.id("string")
.build())
.gsuite(ZeroTrustAccessApplicationPolicyRequireGsuiteArgs.builder()
.email("string")
.identityProviderId("string")
.build())
.ip(ZeroTrustAccessApplicationPolicyRequireIpArgs.builder()
.ip("string")
.build())
.ipList(ZeroTrustAccessApplicationPolicyRequireIpListArgs.builder()
.id("string")
.build())
.loginMethod(ZeroTrustAccessApplicationPolicyRequireLoginMethodArgs.builder()
.id("string")
.build())
.okta(ZeroTrustAccessApplicationPolicyRequireOktaArgs.builder()
.identityProviderId("string")
.name("string")
.build())
.saml(ZeroTrustAccessApplicationPolicyRequireSamlArgs.builder()
.attributeName("string")
.attributeValue("string")
.identityProviderId("string")
.build())
.serviceToken(ZeroTrustAccessApplicationPolicyRequireServiceTokenArgs.builder()
.tokenId("string")
.build())
.build())
.build())
.readServiceTokensFromHeader("string")
.saasApp(ZeroTrustAccessApplicationSaasAppArgs.builder()
.accessTokenLifetime("string")
.allowPkceWithoutClientSecret(false)
.appLauncherUrl("string")
.authType("string")
.clientId("string")
.clientSecret("string")
.consumerServiceUrl("string")
.createdAt("string")
.customAttributes(ZeroTrustAccessApplicationSaasAppCustomAttributeArgs.builder()
.friendlyName("string")
.name("string")
.nameFormat("string")
.required(false)
.source(ZeroTrustAccessApplicationSaasAppCustomAttributeSourceArgs.builder()
.name("string")
.nameByIdps(ZeroTrustAccessApplicationSaasAppCustomAttributeSourceNameByIdpArgs.builder()
.idpId("string")
.sourceName("string")
.build())
.build())
.build())
.customClaims(ZeroTrustAccessApplicationSaasAppCustomClaimArgs.builder()
.name("string")
.required(false)
.scope("string")
.source(ZeroTrustAccessApplicationSaasAppCustomClaimSourceArgs.builder()
.name("string")
.nameByIdp(Map.of("string", "string"))
.build())
.build())
.defaultRelayState("string")
.grantTypes("string")
.groupFilterRegex("string")
.hybridAndImplicitOptions(ZeroTrustAccessApplicationSaasAppHybridAndImplicitOptionsArgs.builder()
.returnAccessTokenFromAuthorizationEndpoint(false)
.returnIdTokenFromAuthorizationEndpoint(false)
.build())
.idpEntityId("string")
.nameIdFormat("string")
.nameIdTransformJsonata("string")
.publicKey("string")
.redirectUris("string")
.refreshTokenOptions(ZeroTrustAccessApplicationSaasAppRefreshTokenOptionsArgs.builder()
.lifetime("string")
.build())
.samlAttributeTransformJsonata("string")
.scopes("string")
.spEntityId("string")
.ssoEndpoint("string")
.updatedAt("string")
.build())
.sameSiteCookieAttribute("string")
.scimConfig(ZeroTrustAccessApplicationScimConfigArgs.builder()
.idpUid("string")
.remoteUri("string")
.authentication(ZeroTrustAccessApplicationScimConfigAuthenticationArgs.builder()
.scheme("string")
.authorizationUrl("string")
.clientId("string")
.clientSecret("string")
.password("string")
.scopes("string")
.token("string")
.tokenUrl("string")
.user("string")
.build())
.deactivateOnDelete(false)
.enabled(false)
.mappings(ZeroTrustAccessApplicationScimConfigMappingArgs.builder()
.schema("string")
.enabled(false)
.filter("string")
.operations(ZeroTrustAccessApplicationScimConfigMappingOperationsArgs.builder()
.create(false)
.delete(false)
.update(false)
.build())
.strictness("string")
.transformJsonata("string")
.build())
.build())
.serviceAuth401Redirect(false)
.sessionDuration("string")
.skipAppLauncherLoginPage(false)
.skipInterstitial(false)
.tags("string")
.targetCriterias(ZeroTrustAccessApplicationTargetCriteriaArgs.builder()
.port(0)
.protocol("string")
.targetAttributes(Map.of("string", "string"))
.build())
.type("string")
.zoneId("string")
.build());
zero_trust_access_application_resource = cloudflare.ZeroTrustAccessApplication("zeroTrustAccessApplicationResource",
account_id="string",
allow_authenticate_via_warp=False,
allowed_idps=["string"],
app_launcher_logo_url="string",
app_launcher_visible=False,
auto_redirect_to_identity=False,
bg_color="string",
cors_headers={
"allow_all_headers": False,
"allow_all_methods": False,
"allow_all_origins": False,
"allow_credentials": False,
"allowed_headers": ["string"],
"allowed_methods": ["string"],
"allowed_origins": ["string"],
"max_age": 0,
},
custom_deny_message="string",
custom_deny_url="string",
custom_non_identity_deny_url="string",
custom_pages=["string"],
destinations=[{
"cidr": "string",
"hostname": "string",
"l4_protocol": "string",
"port_range": "string",
"type": "string",
"uri": "string",
"vnet_id": "string",
}],
domain="string",
enable_binding_cookie=False,
footer_links=[{
"name": "string",
"url": "string",
}],
header_bg_color="string",
http_only_cookie_attribute=False,
landing_page_design={
"button_color": "string",
"button_text_color": "string",
"image_url": "string",
"message": "string",
"title": "string",
},
logo_url="string",
name="string",
options_preflight_bypass=False,
path_cookie_attribute=False,
policies=[{
"connection_rules": {
"ssh": {
"usernames": ["string"],
"allow_email_alias": False,
},
},
"decision": "string",
"excludes": [{
"any_valid_service_token": {},
"auth_context": {
"ac_id": "string",
"id": "string",
"identity_provider_id": "string",
},
"auth_method": {
"auth_method": "string",
},
"azure_ad": {
"id": "string",
"identity_provider_id": "string",
},
"certificate": {},
"common_name": {
"common_name": "string",
},
"device_posture": {
"integration_uid": "string",
},
"email": {
"email": "string",
},
"email_domain": {
"domain": "string",
},
"email_list": {
"id": "string",
},
"everyone": {},
"external_evaluation": {
"evaluate_url": "string",
"keys_url": "string",
},
"geo": {
"country_code": "string",
},
"github_organization": {
"identity_provider_id": "string",
"name": "string",
"team": "string",
},
"group": {
"id": "string",
},
"gsuite": {
"email": "string",
"identity_provider_id": "string",
},
"ip": {
"ip": "string",
},
"ip_list": {
"id": "string",
},
"login_method": {
"id": "string",
},
"okta": {
"identity_provider_id": "string",
"name": "string",
},
"saml": {
"attribute_name": "string",
"attribute_value": "string",
"identity_provider_id": "string",
},
"service_token": {
"token_id": "string",
},
}],
"id": "string",
"includes": [{
"any_valid_service_token": {},
"auth_context": {
"ac_id": "string",
"id": "string",
"identity_provider_id": "string",
},
"auth_method": {
"auth_method": "string",
},
"azure_ad": {
"id": "string",
"identity_provider_id": "string",
},
"certificate": {},
"common_name": {
"common_name": "string",
},
"device_posture": {
"integration_uid": "string",
},
"email": {
"email": "string",
},
"email_domain": {
"domain": "string",
},
"email_list": {
"id": "string",
},
"everyone": {},
"external_evaluation": {
"evaluate_url": "string",
"keys_url": "string",
},
"geo": {
"country_code": "string",
},
"github_organization": {
"identity_provider_id": "string",
"name": "string",
"team": "string",
},
"group": {
"id": "string",
},
"gsuite": {
"email": "string",
"identity_provider_id": "string",
},
"ip": {
"ip": "string",
},
"ip_list": {
"id": "string",
},
"login_method": {
"id": "string",
},
"okta": {
"identity_provider_id": "string",
"name": "string",
},
"saml": {
"attribute_name": "string",
"attribute_value": "string",
"identity_provider_id": "string",
},
"service_token": {
"token_id": "string",
},
}],
"name": "string",
"precedence": 0,
"requires": [{
"any_valid_service_token": {},
"auth_context": {
"ac_id": "string",
"id": "string",
"identity_provider_id": "string",
},
"auth_method": {
"auth_method": "string",
},
"azure_ad": {
"id": "string",
"identity_provider_id": "string",
},
"certificate": {},
"common_name": {
"common_name": "string",
},
"device_posture": {
"integration_uid": "string",
},
"email": {
"email": "string",
},
"email_domain": {
"domain": "string",
},
"email_list": {
"id": "string",
},
"everyone": {},
"external_evaluation": {
"evaluate_url": "string",
"keys_url": "string",
},
"geo": {
"country_code": "string",
},
"github_organization": {
"identity_provider_id": "string",
"name": "string",
"team": "string",
},
"group": {
"id": "string",
},
"gsuite": {
"email": "string",
"identity_provider_id": "string",
},
"ip": {
"ip": "string",
},
"ip_list": {
"id": "string",
},
"login_method": {
"id": "string",
},
"okta": {
"identity_provider_id": "string",
"name": "string",
},
"saml": {
"attribute_name": "string",
"attribute_value": "string",
"identity_provider_id": "string",
},
"service_token": {
"token_id": "string",
},
}],
}],
read_service_tokens_from_header="string",
saas_app={
"access_token_lifetime": "string",
"allow_pkce_without_client_secret": False,
"app_launcher_url": "string",
"auth_type": "string",
"client_id": "string",
"client_secret": "string",
"consumer_service_url": "string",
"created_at": "string",
"custom_attributes": [{
"friendly_name": "string",
"name": "string",
"name_format": "string",
"required": False,
"source": {
"name": "string",
"name_by_idps": [{
"idp_id": "string",
"source_name": "string",
}],
},
}],
"custom_claims": [{
"name": "string",
"required": False,
"scope": "string",
"source": {
"name": "string",
"name_by_idp": {
"string": "string",
},
},
}],
"default_relay_state": "string",
"grant_types": ["string"],
"group_filter_regex": "string",
"hybrid_and_implicit_options": {
"return_access_token_from_authorization_endpoint": False,
"return_id_token_from_authorization_endpoint": False,
},
"idp_entity_id": "string",
"name_id_format": "string",
"name_id_transform_jsonata": "string",
"public_key": "string",
"redirect_uris": ["string"],
"refresh_token_options": {
"lifetime": "string",
},
"saml_attribute_transform_jsonata": "string",
"scopes": ["string"],
"sp_entity_id": "string",
"sso_endpoint": "string",
"updated_at": "string",
},
same_site_cookie_attribute="string",
scim_config={
"idp_uid": "string",
"remote_uri": "string",
"authentication": {
"scheme": "string",
"authorization_url": "string",
"client_id": "string",
"client_secret": "string",
"password": "string",
"scopes": ["string"],
"token": "string",
"token_url": "string",
"user": "string",
},
"deactivate_on_delete": False,
"enabled": False,
"mappings": [{
"schema": "string",
"enabled": False,
"filter": "string",
"operations": {
"create": False,
"delete": False,
"update": False,
},
"strictness": "string",
"transform_jsonata": "string",
}],
},
service_auth401_redirect=False,
session_duration="string",
skip_app_launcher_login_page=False,
skip_interstitial=False,
tags=["string"],
target_criterias=[{
"port": 0,
"protocol": "string",
"target_attributes": {
"string": ["string"],
},
}],
type="string",
zone_id="string")
const zeroTrustAccessApplicationResource = new cloudflare.ZeroTrustAccessApplication("zeroTrustAccessApplicationResource", {
accountId: "string",
allowAuthenticateViaWarp: false,
allowedIdps: ["string"],
appLauncherLogoUrl: "string",
appLauncherVisible: false,
autoRedirectToIdentity: false,
bgColor: "string",
corsHeaders: {
allowAllHeaders: false,
allowAllMethods: false,
allowAllOrigins: false,
allowCredentials: false,
allowedHeaders: ["string"],
allowedMethods: ["string"],
allowedOrigins: ["string"],
maxAge: 0,
},
customDenyMessage: "string",
customDenyUrl: "string",
customNonIdentityDenyUrl: "string",
customPages: ["string"],
destinations: [{
cidr: "string",
hostname: "string",
l4Protocol: "string",
portRange: "string",
type: "string",
uri: "string",
vnetId: "string",
}],
domain: "string",
enableBindingCookie: false,
footerLinks: [{
name: "string",
url: "string",
}],
headerBgColor: "string",
httpOnlyCookieAttribute: false,
landingPageDesign: {
buttonColor: "string",
buttonTextColor: "string",
imageUrl: "string",
message: "string",
title: "string",
},
logoUrl: "string",
name: "string",
optionsPreflightBypass: false,
pathCookieAttribute: false,
policies: [{
connectionRules: {
ssh: {
usernames: ["string"],
allowEmailAlias: false,
},
},
decision: "string",
excludes: [{
anyValidServiceToken: {},
authContext: {
acId: "string",
id: "string",
identityProviderId: "string",
},
authMethod: {
authMethod: "string",
},
azureAd: {
id: "string",
identityProviderId: "string",
},
certificate: {},
commonName: {
commonName: "string",
},
devicePosture: {
integrationUid: "string",
},
email: {
email: "string",
},
emailDomain: {
domain: "string",
},
emailList: {
id: "string",
},
everyone: {},
externalEvaluation: {
evaluateUrl: "string",
keysUrl: "string",
},
geo: {
countryCode: "string",
},
githubOrganization: {
identityProviderId: "string",
name: "string",
team: "string",
},
group: {
id: "string",
},
gsuite: {
email: "string",
identityProviderId: "string",
},
ip: {
ip: "string",
},
ipList: {
id: "string",
},
loginMethod: {
id: "string",
},
okta: {
identityProviderId: "string",
name: "string",
},
saml: {
attributeName: "string",
attributeValue: "string",
identityProviderId: "string",
},
serviceToken: {
tokenId: "string",
},
}],
id: "string",
includes: [{
anyValidServiceToken: {},
authContext: {
acId: "string",
id: "string",
identityProviderId: "string",
},
authMethod: {
authMethod: "string",
},
azureAd: {
id: "string",
identityProviderId: "string",
},
certificate: {},
commonName: {
commonName: "string",
},
devicePosture: {
integrationUid: "string",
},
email: {
email: "string",
},
emailDomain: {
domain: "string",
},
emailList: {
id: "string",
},
everyone: {},
externalEvaluation: {
evaluateUrl: "string",
keysUrl: "string",
},
geo: {
countryCode: "string",
},
githubOrganization: {
identityProviderId: "string",
name: "string",
team: "string",
},
group: {
id: "string",
},
gsuite: {
email: "string",
identityProviderId: "string",
},
ip: {
ip: "string",
},
ipList: {
id: "string",
},
loginMethod: {
id: "string",
},
okta: {
identityProviderId: "string",
name: "string",
},
saml: {
attributeName: "string",
attributeValue: "string",
identityProviderId: "string",
},
serviceToken: {
tokenId: "string",
},
}],
name: "string",
precedence: 0,
requires: [{
anyValidServiceToken: {},
authContext: {
acId: "string",
id: "string",
identityProviderId: "string",
},
authMethod: {
authMethod: "string",
},
azureAd: {
id: "string",
identityProviderId: "string",
},
certificate: {},
commonName: {
commonName: "string",
},
devicePosture: {
integrationUid: "string",
},
email: {
email: "string",
},
emailDomain: {
domain: "string",
},
emailList: {
id: "string",
},
everyone: {},
externalEvaluation: {
evaluateUrl: "string",
keysUrl: "string",
},
geo: {
countryCode: "string",
},
githubOrganization: {
identityProviderId: "string",
name: "string",
team: "string",
},
group: {
id: "string",
},
gsuite: {
email: "string",
identityProviderId: "string",
},
ip: {
ip: "string",
},
ipList: {
id: "string",
},
loginMethod: {
id: "string",
},
okta: {
identityProviderId: "string",
name: "string",
},
saml: {
attributeName: "string",
attributeValue: "string",
identityProviderId: "string",
},
serviceToken: {
tokenId: "string",
},
}],
}],
readServiceTokensFromHeader: "string",
saasApp: {
accessTokenLifetime: "string",
allowPkceWithoutClientSecret: false,
appLauncherUrl: "string",
authType: "string",
clientId: "string",
clientSecret: "string",
consumerServiceUrl: "string",
createdAt: "string",
customAttributes: [{
friendlyName: "string",
name: "string",
nameFormat: "string",
required: false,
source: {
name: "string",
nameByIdps: [{
idpId: "string",
sourceName: "string",
}],
},
}],
customClaims: [{
name: "string",
required: false,
scope: "string",
source: {
name: "string",
nameByIdp: {
string: "string",
},
},
}],
defaultRelayState: "string",
grantTypes: ["string"],
groupFilterRegex: "string",
hybridAndImplicitOptions: {
returnAccessTokenFromAuthorizationEndpoint: false,
returnIdTokenFromAuthorizationEndpoint: false,
},
idpEntityId: "string",
nameIdFormat: "string",
nameIdTransformJsonata: "string",
publicKey: "string",
redirectUris: ["string"],
refreshTokenOptions: {
lifetime: "string",
},
samlAttributeTransformJsonata: "string",
scopes: ["string"],
spEntityId: "string",
ssoEndpoint: "string",
updatedAt: "string",
},
sameSiteCookieAttribute: "string",
scimConfig: {
idpUid: "string",
remoteUri: "string",
authentication: {
scheme: "string",
authorizationUrl: "string",
clientId: "string",
clientSecret: "string",
password: "string",
scopes: ["string"],
token: "string",
tokenUrl: "string",
user: "string",
},
deactivateOnDelete: false,
enabled: false,
mappings: [{
schema: "string",
enabled: false,
filter: "string",
operations: {
create: false,
"delete": false,
update: false,
},
strictness: "string",
transformJsonata: "string",
}],
},
serviceAuth401Redirect: false,
sessionDuration: "string",
skipAppLauncherLoginPage: false,
skipInterstitial: false,
tags: ["string"],
targetCriterias: [{
port: 0,
protocol: "string",
targetAttributes: {
string: ["string"],
},
}],
type: "string",
zoneId: "string",
});
type: cloudflare:ZeroTrustAccessApplication
properties:
accountId: string
allowAuthenticateViaWarp: false
allowedIdps:
- string
appLauncherLogoUrl: string
appLauncherVisible: false
autoRedirectToIdentity: false
bgColor: string
corsHeaders:
allowAllHeaders: false
allowAllMethods: false
allowAllOrigins: false
allowCredentials: false
allowedHeaders:
- string
allowedMethods:
- string
allowedOrigins:
- string
maxAge: 0
customDenyMessage: string
customDenyUrl: string
customNonIdentityDenyUrl: string
customPages:
- string
destinations:
- cidr: string
hostname: string
l4Protocol: string
portRange: string
type: string
uri: string
vnetId: string
domain: string
enableBindingCookie: false
footerLinks:
- name: string
url: string
headerBgColor: string
httpOnlyCookieAttribute: false
landingPageDesign:
buttonColor: string
buttonTextColor: string
imageUrl: string
message: string
title: string
logoUrl: string
name: string
optionsPreflightBypass: false
pathCookieAttribute: false
policies:
- connectionRules:
ssh:
allowEmailAlias: false
usernames:
- string
decision: string
excludes:
- anyValidServiceToken: {}
authContext:
acId: string
id: string
identityProviderId: string
authMethod:
authMethod: string
azureAd:
id: string
identityProviderId: string
certificate: {}
commonName:
commonName: string
devicePosture:
integrationUid: string
email:
email: string
emailDomain:
domain: string
emailList:
id: string
everyone: {}
externalEvaluation:
evaluateUrl: string
keysUrl: string
geo:
countryCode: string
githubOrganization:
identityProviderId: string
name: string
team: string
group:
id: string
gsuite:
email: string
identityProviderId: string
ip:
ip: string
ipList:
id: string
loginMethod:
id: string
okta:
identityProviderId: string
name: string
saml:
attributeName: string
attributeValue: string
identityProviderId: string
serviceToken:
tokenId: string
id: string
includes:
- anyValidServiceToken: {}
authContext:
acId: string
id: string
identityProviderId: string
authMethod:
authMethod: string
azureAd:
id: string
identityProviderId: string
certificate: {}
commonName:
commonName: string
devicePosture:
integrationUid: string
email:
email: string
emailDomain:
domain: string
emailList:
id: string
everyone: {}
externalEvaluation:
evaluateUrl: string
keysUrl: string
geo:
countryCode: string
githubOrganization:
identityProviderId: string
name: string
team: string
group:
id: string
gsuite:
email: string
identityProviderId: string
ip:
ip: string
ipList:
id: string
loginMethod:
id: string
okta:
identityProviderId: string
name: string
saml:
attributeName: string
attributeValue: string
identityProviderId: string
serviceToken:
tokenId: string
name: string
precedence: 0
requires:
- anyValidServiceToken: {}
authContext:
acId: string
id: string
identityProviderId: string
authMethod:
authMethod: string
azureAd:
id: string
identityProviderId: string
certificate: {}
commonName:
commonName: string
devicePosture:
integrationUid: string
email:
email: string
emailDomain:
domain: string
emailList:
id: string
everyone: {}
externalEvaluation:
evaluateUrl: string
keysUrl: string
geo:
countryCode: string
githubOrganization:
identityProviderId: string
name: string
team: string
group:
id: string
gsuite:
email: string
identityProviderId: string
ip:
ip: string
ipList:
id: string
loginMethod:
id: string
okta:
identityProviderId: string
name: string
saml:
attributeName: string
attributeValue: string
identityProviderId: string
serviceToken:
tokenId: string
readServiceTokensFromHeader: string
saasApp:
accessTokenLifetime: string
allowPkceWithoutClientSecret: false
appLauncherUrl: string
authType: string
clientId: string
clientSecret: string
consumerServiceUrl: string
createdAt: string
customAttributes:
- friendlyName: string
name: string
nameFormat: string
required: false
source:
name: string
nameByIdps:
- idpId: string
sourceName: string
customClaims:
- name: string
required: false
scope: string
source:
name: string
nameByIdp:
string: string
defaultRelayState: string
grantTypes:
- string
groupFilterRegex: string
hybridAndImplicitOptions:
returnAccessTokenFromAuthorizationEndpoint: false
returnIdTokenFromAuthorizationEndpoint: false
idpEntityId: string
nameIdFormat: string
nameIdTransformJsonata: string
publicKey: string
redirectUris:
- string
refreshTokenOptions:
lifetime: string
samlAttributeTransformJsonata: string
scopes:
- string
spEntityId: string
ssoEndpoint: string
updatedAt: string
sameSiteCookieAttribute: string
scimConfig:
authentication:
authorizationUrl: string
clientId: string
clientSecret: string
password: string
scheme: string
scopes:
- string
token: string
tokenUrl: string
user: string
deactivateOnDelete: false
enabled: false
idpUid: string
mappings:
- enabled: false
filter: string
operations:
create: false
delete: false
update: false
schema: string
strictness: string
transformJsonata: string
remoteUri: string
serviceAuth401Redirect: false
sessionDuration: string
skipAppLauncherLoginPage: false
skipInterstitial: false
tags:
- string
targetCriterias:
- port: 0
protocol: string
targetAttributes:
string:
- string
type: string
zoneId: string
ZeroTrustAccessApplication Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The ZeroTrustAccessApplication resource accepts the following input properties:
- Account
Id string - The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.
- Allow
Authenticate boolVia Warp - When set to true, users can authenticate to this application using their WARP session. When set to false this application will always require direct IdP authentication. This setting always overrides the organization setting for WARP authentication.
- Allowed
Idps List<string> - The identity providers your users can select when connecting to this application. Defaults to all IdPs configured in your account.
- App
Launcher stringLogo Url - The image URL of the logo shown in the App Launcher header.
- App
Launcher boolVisible - Displays the application in the App Launcher.
- Auto
Redirect boolTo Identity - When set to
true, users skip the identity provider selection step during login. You must specify only one identity provider in allowed_idps. - Bg
Color string - The background color of the App Launcher page.
- Cors
Headers ZeroTrust Access Application Cors Headers - Custom
Deny stringMessage - The custom error message shown to a user when they are denied access to the application.
- Custom
Deny stringUrl - The custom URL a user is redirected to when they are denied access to the application when failing identity-based rules.
- Custom
Non stringIdentity Deny Url - The custom URL a user is redirected to when they are denied access to the application when failing non-identity rules.
- Custom
Pages List<string> - The custom pages that will be displayed when applicable for this application
- Destinations
List<Zero
Trust Access Application Destination> - List of destinations secured by Access. This supersedes
self_hosted_domainsto allow for more flexibility in defining different types of domains. Ifdestinationsare provided, thenself_hosted_domainswill be ignored. - Domain string
- The primary hostname and path secured by Access. This domain will be displayed if the app is visible in the App Launcher.
- bool
- Enables the binding cookie, which increases security against compromised authorization tokens and CSRF attacks.
-
List<Zero
Trust Access Application Footer Link> - The links in the App Launcher footer.
- Header
Bg stringColor - The background color of the App Launcher header.
- bool
- Enables the HttpOnly cookie attribute, which increases security against XSS attacks.
- Landing
Page ZeroDesign Trust Access Application Landing Page Design - The design of the App Launcher landing page shown to users when they log in.
- Logo
Url string - The image URL for the logo shown in the App Launcher dashboard.
- Name string
- The name of the application.
- Options
Preflight boolBypass - Allows options preflight requests to bypass Access authentication and go directly to the origin. Cannot turn on if cors_headers is set.
- bool
- Enables cookie paths to scope an application's JWT to the application path. If disabled, the JWT will scope to the hostname by default
- Policies
List<Zero
Trust Access Application Policy> - The policies that Access applies to the application, in ascending order of precedence. Items can reference existing policies or create new policies exclusive to the application.
- Read
Service stringTokens From Header - Allows matching Access Service Tokens passed HTTP in a single header with this name. This works as an alternative to the (CF-Access-Client-Id, CF-Access-Client-Secret) pair of headers. The header value will be interpreted as a json object similar to: { "cf-access-client-id": "88bf3b6d86161464f6509f7219099e57.access.example.com", "cf-access-client-secret": "bdd31cbc4dec990953e39163fbbb194c93313ca9f0a6e420346af9d326b1d2a5" }
- Saas
App ZeroTrust Access Application Saas App - string
- Sets the SameSite cookie setting, which provides increased security against CSRF attacks.
- Scim
Config ZeroTrust Access Application Scim Config - Configuration for provisioning to this application via SCIM. This is currently in closed beta.
- Self
Hosted List<string>Domains - List of public domains that Access will secure. This field is deprecated in favor of
destinationsand will be supported until November 21, 2025. Ifdestinationsare provided, thenself_hosted_domainswill be ignored. - Service
Auth401Redirect bool - Returns a 401 status code when the request is blocked by a Service Auth policy.
- Session
Duration string - The amount of time that tokens issued for this application will be valid. Must be in the format
300msor2h45m. Valid time units are: ns, us (or µs), ms, s, m, h. - Skip
App boolLauncher Login Page - Determines when to skip the App Launcher landing page.
- Skip
Interstitial bool - Enables automatic authentication through cloudflared.
- List<string>
- The tags you want assigned to an application. Tags are used to filter applications in the App Launcher dashboard.
- Target
Criterias List<ZeroTrust Access Application Target Criteria> - Type string
- The application type.
- Zone
Id string - The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.
- Account
Id string - The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.
- Allow
Authenticate boolVia Warp - When set to true, users can authenticate to this application using their WARP session. When set to false this application will always require direct IdP authentication. This setting always overrides the organization setting for WARP authentication.
- Allowed
Idps []string - The identity providers your users can select when connecting to this application. Defaults to all IdPs configured in your account.
- App
Launcher stringLogo Url - The image URL of the logo shown in the App Launcher header.
- App
Launcher boolVisible - Displays the application in the App Launcher.
- Auto
Redirect boolTo Identity - When set to
true, users skip the identity provider selection step during login. You must specify only one identity provider in allowed_idps. - Bg
Color string - The background color of the App Launcher page.
- Cors
Headers ZeroTrust Access Application Cors Headers Args - Custom
Deny stringMessage - The custom error message shown to a user when they are denied access to the application.
- Custom
Deny stringUrl - The custom URL a user is redirected to when they are denied access to the application when failing identity-based rules.
- Custom
Non stringIdentity Deny Url - The custom URL a user is redirected to when they are denied access to the application when failing non-identity rules.
- Custom
Pages []string - The custom pages that will be displayed when applicable for this application
- Destinations
[]Zero
Trust Access Application Destination Args - List of destinations secured by Access. This supersedes
self_hosted_domainsto allow for more flexibility in defining different types of domains. Ifdestinationsare provided, thenself_hosted_domainswill be ignored. - Domain string
- The primary hostname and path secured by Access. This domain will be displayed if the app is visible in the App Launcher.
- bool
- Enables the binding cookie, which increases security against compromised authorization tokens and CSRF attacks.
-
[]Zero
Trust Access Application Footer Link Args - The links in the App Launcher footer.
- Header
Bg stringColor - The background color of the App Launcher header.
- bool
- Enables the HttpOnly cookie attribute, which increases security against XSS attacks.
- Landing
Page ZeroDesign Trust Access Application Landing Page Design Args - The design of the App Launcher landing page shown to users when they log in.
- Logo
Url string - The image URL for the logo shown in the App Launcher dashboard.
- Name string
- The name of the application.
- Options
Preflight boolBypass - Allows options preflight requests to bypass Access authentication and go directly to the origin. Cannot turn on if cors_headers is set.
- bool
- Enables cookie paths to scope an application's JWT to the application path. If disabled, the JWT will scope to the hostname by default
- Policies
[]Zero
Trust Access Application Policy Args - The policies that Access applies to the application, in ascending order of precedence. Items can reference existing policies or create new policies exclusive to the application.
- Read
Service stringTokens From Header - Allows matching Access Service Tokens passed HTTP in a single header with this name. This works as an alternative to the (CF-Access-Client-Id, CF-Access-Client-Secret) pair of headers. The header value will be interpreted as a json object similar to: { "cf-access-client-id": "88bf3b6d86161464f6509f7219099e57.access.example.com", "cf-access-client-secret": "bdd31cbc4dec990953e39163fbbb194c93313ca9f0a6e420346af9d326b1d2a5" }
- Saas
App ZeroTrust Access Application Saas App Args - string
- Sets the SameSite cookie setting, which provides increased security against CSRF attacks.
- Scim
Config ZeroTrust Access Application Scim Config Args - Configuration for provisioning to this application via SCIM. This is currently in closed beta.
- Self
Hosted []stringDomains - List of public domains that Access will secure. This field is deprecated in favor of
destinationsand will be supported until November 21, 2025. Ifdestinationsare provided, thenself_hosted_domainswill be ignored. - Service
Auth401Redirect bool - Returns a 401 status code when the request is blocked by a Service Auth policy.
- Session
Duration string - The amount of time that tokens issued for this application will be valid. Must be in the format
300msor2h45m. Valid time units are: ns, us (or µs), ms, s, m, h. - Skip
App boolLauncher Login Page - Determines when to skip the App Launcher landing page.
- Skip
Interstitial bool - Enables automatic authentication through cloudflared.
- []string
- The tags you want assigned to an application. Tags are used to filter applications in the App Launcher dashboard.
- Target
Criterias []ZeroTrust Access Application Target Criteria Args - Type string
- The application type.
- Zone
Id string - The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.
- account
Id String - The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.
- allow
Authenticate BooleanVia Warp - When set to true, users can authenticate to this application using their WARP session. When set to false this application will always require direct IdP authentication. This setting always overrides the organization setting for WARP authentication.
- allowed
Idps List<String> - The identity providers your users can select when connecting to this application. Defaults to all IdPs configured in your account.
- app
Launcher StringLogo Url - The image URL of the logo shown in the App Launcher header.
- app
Launcher BooleanVisible - Displays the application in the App Launcher.
- auto
Redirect BooleanTo Identity - When set to
true, users skip the identity provider selection step during login. You must specify only one identity provider in allowed_idps. - bg
Color String - The background color of the App Launcher page.
- cors
Headers ZeroTrust Access Application Cors Headers - custom
Deny StringMessage - The custom error message shown to a user when they are denied access to the application.
- custom
Deny StringUrl - The custom URL a user is redirected to when they are denied access to the application when failing identity-based rules.
- custom
Non StringIdentity Deny Url - The custom URL a user is redirected to when they are denied access to the application when failing non-identity rules.
- custom
Pages List<String> - The custom pages that will be displayed when applicable for this application
- destinations
List<Zero
Trust Access Application Destination> - List of destinations secured by Access. This supersedes
self_hosted_domainsto allow for more flexibility in defining different types of domains. Ifdestinationsare provided, thenself_hosted_domainswill be ignored. - domain String
- The primary hostname and path secured by Access. This domain will be displayed if the app is visible in the App Launcher.
- Boolean
- Enables the binding cookie, which increases security against compromised authorization tokens and CSRF attacks.
-
List<Zero
Trust Access Application Footer Link> - The links in the App Launcher footer.
- header
Bg StringColor - The background color of the App Launcher header.
- Boolean
- Enables the HttpOnly cookie attribute, which increases security against XSS attacks.
- landing
Page ZeroDesign Trust Access Application Landing Page Design - The design of the App Launcher landing page shown to users when they log in.
- logo
Url String - The image URL for the logo shown in the App Launcher dashboard.
- name String
- The name of the application.
- options
Preflight BooleanBypass - Allows options preflight requests to bypass Access authentication and go directly to the origin. Cannot turn on if cors_headers is set.
- Boolean
- Enables cookie paths to scope an application's JWT to the application path. If disabled, the JWT will scope to the hostname by default
- policies
List<Zero
Trust Access Application Policy> - The policies that Access applies to the application, in ascending order of precedence. Items can reference existing policies or create new policies exclusive to the application.
- read
Service StringTokens From Header - Allows matching Access Service Tokens passed HTTP in a single header with this name. This works as an alternative to the (CF-Access-Client-Id, CF-Access-Client-Secret) pair of headers. The header value will be interpreted as a json object similar to: { "cf-access-client-id": "88bf3b6d86161464f6509f7219099e57.access.example.com", "cf-access-client-secret": "bdd31cbc4dec990953e39163fbbb194c93313ca9f0a6e420346af9d326b1d2a5" }
- saas
App ZeroTrust Access Application Saas App - String
- Sets the SameSite cookie setting, which provides increased security against CSRF attacks.
- scim
Config ZeroTrust Access Application Scim Config - Configuration for provisioning to this application via SCIM. This is currently in closed beta.
- self
Hosted List<String>Domains - List of public domains that Access will secure. This field is deprecated in favor of
destinationsand will be supported until November 21, 2025. Ifdestinationsare provided, thenself_hosted_domainswill be ignored. - service
Auth401Redirect Boolean - Returns a 401 status code when the request is blocked by a Service Auth policy.
- session
Duration String - The amount of time that tokens issued for this application will be valid. Must be in the format
300msor2h45m. Valid time units are: ns, us (or µs), ms, s, m, h. - skip
App BooleanLauncher Login Page - Determines when to skip the App Launcher landing page.
- skip
Interstitial Boolean - Enables automatic authentication through cloudflared.
- List<String>
- The tags you want assigned to an application. Tags are used to filter applications in the App Launcher dashboard.
- target
Criterias List<ZeroTrust Access Application Target Criteria> - type String
- The application type.
- zone
Id String - The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.
- account
Id string - The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.
- allow
Authenticate booleanVia Warp - When set to true, users can authenticate to this application using their WARP session. When set to false this application will always require direct IdP authentication. This setting always overrides the organization setting for WARP authentication.
- allowed
Idps string[] - The identity providers your users can select when connecting to this application. Defaults to all IdPs configured in your account.
- app
Launcher stringLogo Url - The image URL of the logo shown in the App Launcher header.
- app
Launcher booleanVisible - Displays the application in the App Launcher.
- auto
Redirect booleanTo Identity - When set to
true, users skip the identity provider selection step during login. You must specify only one identity provider in allowed_idps. - bg
Color string - The background color of the App Launcher page.
- cors
Headers ZeroTrust Access Application Cors Headers - custom
Deny stringMessage - The custom error message shown to a user when they are denied access to the application.
- custom
Deny stringUrl - The custom URL a user is redirected to when they are denied access to the application when failing identity-based rules.
- custom
Non stringIdentity Deny Url - The custom URL a user is redirected to when they are denied access to the application when failing non-identity rules.
- custom
Pages string[] - The custom pages that will be displayed when applicable for this application
- destinations
Zero
Trust Access Application Destination[] - List of destinations secured by Access. This supersedes
self_hosted_domainsto allow for more flexibility in defining different types of domains. Ifdestinationsare provided, thenself_hosted_domainswill be ignored. - domain string
- The primary hostname and path secured by Access. This domain will be displayed if the app is visible in the App Launcher.
- boolean
- Enables the binding cookie, which increases security against compromised authorization tokens and CSRF attacks.
-
Zero
Trust Access Application Footer Link[] - The links in the App Launcher footer.
- header
Bg stringColor - The background color of the App Launcher header.
- boolean
- Enables the HttpOnly cookie attribute, which increases security against XSS attacks.
- landing
Page ZeroDesign Trust Access Application Landing Page Design - The design of the App Launcher landing page shown to users when they log in.
- logo
Url string - The image URL for the logo shown in the App Launcher dashboard.
- name string
- The name of the application.
- options
Preflight booleanBypass - Allows options preflight requests to bypass Access authentication and go directly to the origin. Cannot turn on if cors_headers is set.
- boolean
- Enables cookie paths to scope an application's JWT to the application path. If disabled, the JWT will scope to the hostname by default
- policies
Zero
Trust Access Application Policy[] - The policies that Access applies to the application, in ascending order of precedence. Items can reference existing policies or create new policies exclusive to the application.
- read
Service stringTokens From Header - Allows matching Access Service Tokens passed HTTP in a single header with this name. This works as an alternative to the (CF-Access-Client-Id, CF-Access-Client-Secret) pair of headers. The header value will be interpreted as a json object similar to: { "cf-access-client-id": "88bf3b6d86161464f6509f7219099e57.access.example.com", "cf-access-client-secret": "bdd31cbc4dec990953e39163fbbb194c93313ca9f0a6e420346af9d326b1d2a5" }
- saas
App ZeroTrust Access Application Saas App - string
- Sets the SameSite cookie setting, which provides increased security against CSRF attacks.
- scim
Config ZeroTrust Access Application Scim Config - Configuration for provisioning to this application via SCIM. This is currently in closed beta.
- self
Hosted string[]Domains - List of public domains that Access will secure. This field is deprecated in favor of
destinationsand will be supported until November 21, 2025. Ifdestinationsare provided, thenself_hosted_domainswill be ignored. - service
Auth401Redirect boolean - Returns a 401 status code when the request is blocked by a Service Auth policy.
- session
Duration string - The amount of time that tokens issued for this application will be valid. Must be in the format
300msor2h45m. Valid time units are: ns, us (or µs), ms, s, m, h. - skip
App booleanLauncher Login Page - Determines when to skip the App Launcher landing page.
- skip
Interstitial boolean - Enables automatic authentication through cloudflared.
- string[]
- The tags you want assigned to an application. Tags are used to filter applications in the App Launcher dashboard.
- target
Criterias ZeroTrust Access Application Target Criteria[] - type string
- The application type.
- zone
Id string - The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.
- account_
id str - The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.
- allow_
authenticate_ boolvia_ warp - When set to true, users can authenticate to this application using their WARP session. When set to false this application will always require direct IdP authentication. This setting always overrides the organization setting for WARP authentication.
- allowed_
idps Sequence[str] - The identity providers your users can select when connecting to this application. Defaults to all IdPs configured in your account.
- app_
launcher_ strlogo_ url - The image URL of the logo shown in the App Launcher header.
- app_
launcher_ boolvisible - Displays the application in the App Launcher.
- auto_
redirect_ boolto_ identity - When set to
true, users skip the identity provider selection step during login. You must specify only one identity provider in allowed_idps. - bg_
color str - The background color of the App Launcher page.
- cors_
headers ZeroTrust Access Application Cors Headers Args - custom_
deny_ strmessage - The custom error message shown to a user when they are denied access to the application.
- custom_
deny_ strurl - The custom URL a user is redirected to when they are denied access to the application when failing identity-based rules.
- custom_
non_ stridentity_ deny_ url - The custom URL a user is redirected to when they are denied access to the application when failing non-identity rules.
- custom_
pages Sequence[str] - The custom pages that will be displayed when applicable for this application
- destinations
Sequence[Zero
Trust Access Application Destination Args] - List of destinations secured by Access. This supersedes
self_hosted_domainsto allow for more flexibility in defining different types of domains. Ifdestinationsare provided, thenself_hosted_domainswill be ignored. - domain str
- The primary hostname and path secured by Access. This domain will be displayed if the app is visible in the App Launcher.
- bool
- Enables the binding cookie, which increases security against compromised authorization tokens and CSRF attacks.
-
Sequence[Zero
Trust Access Application Footer Link Args] - The links in the App Launcher footer.
- header_
bg_ strcolor - The background color of the App Launcher header.
- bool
- Enables the HttpOnly cookie attribute, which increases security against XSS attacks.
- landing_
page_ Zerodesign Trust Access Application Landing Page Design Args - The design of the App Launcher landing page shown to users when they log in.
- logo_
url str - The image URL for the logo shown in the App Launcher dashboard.
- name str
- The name of the application.
- options_
preflight_ boolbypass - Allows options preflight requests to bypass Access authentication and go directly to the origin. Cannot turn on if cors_headers is set.
- bool
- Enables cookie paths to scope an application's JWT to the application path. If disabled, the JWT will scope to the hostname by default
- policies
Sequence[Zero
Trust Access Application Policy Args] - The policies that Access applies to the application, in ascending order of precedence. Items can reference existing policies or create new policies exclusive to the application.
- read_
service_ strtokens_ from_ header - Allows matching Access Service Tokens passed HTTP in a single header with this name. This works as an alternative to the (CF-Access-Client-Id, CF-Access-Client-Secret) pair of headers. The header value will be interpreted as a json object similar to: { "cf-access-client-id": "88bf3b6d86161464f6509f7219099e57.access.example.com", "cf-access-client-secret": "bdd31cbc4dec990953e39163fbbb194c93313ca9f0a6e420346af9d326b1d2a5" }
- saas_
app ZeroTrust Access Application Saas App Args - str
- Sets the SameSite cookie setting, which provides increased security against CSRF attacks.
- scim_
config ZeroTrust Access Application Scim Config Args - Configuration for provisioning to this application via SCIM. This is currently in closed beta.
- self_
hosted_ Sequence[str]domains - List of public domains that Access will secure. This field is deprecated in favor of
destinationsand will be supported until November 21, 2025. Ifdestinationsare provided, thenself_hosted_domainswill be ignored. - service_
auth401_ boolredirect - Returns a 401 status code when the request is blocked by a Service Auth policy.
- session_
duration str - The amount of time that tokens issued for this application will be valid. Must be in the format
300msor2h45m. Valid time units are: ns, us (or µs), ms, s, m, h. - skip_
app_ boollauncher_ login_ page - Determines when to skip the App Launcher landing page.
- skip_
interstitial bool - Enables automatic authentication through cloudflared.
- Sequence[str]
- The tags you want assigned to an application. Tags are used to filter applications in the App Launcher dashboard.
- target_
criterias Sequence[ZeroTrust Access Application Target Criteria Args] - type str
- The application type.
- zone_
id str - The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.
- account
Id String - The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.
- allow
Authenticate BooleanVia Warp - When set to true, users can authenticate to this application using their WARP session. When set to false this application will always require direct IdP authentication. This setting always overrides the organization setting for WARP authentication.
- allowed
Idps List<String> - The identity providers your users can select when connecting to this application. Defaults to all IdPs configured in your account.
- app
Launcher StringLogo Url - The image URL of the logo shown in the App Launcher header.
- app
Launcher BooleanVisible - Displays the application in the App Launcher.
- auto
Redirect BooleanTo Identity - When set to
true, users skip the identity provider selection step during login. You must specify only one identity provider in allowed_idps. - bg
Color String - The background color of the App Launcher page.
- cors
Headers Property Map - custom
Deny StringMessage - The custom error message shown to a user when they are denied access to the application.
- custom
Deny StringUrl - The custom URL a user is redirected to when they are denied access to the application when failing identity-based rules.
- custom
Non StringIdentity Deny Url - The custom URL a user is redirected to when they are denied access to the application when failing non-identity rules.
- custom
Pages List<String> - The custom pages that will be displayed when applicable for this application
- destinations List<Property Map>
- List of destinations secured by Access. This supersedes
self_hosted_domainsto allow for more flexibility in defining different types of domains. Ifdestinationsare provided, thenself_hosted_domainswill be ignored. - domain String
- The primary hostname and path secured by Access. This domain will be displayed if the app is visible in the App Launcher.
- Boolean
- Enables the binding cookie, which increases security against compromised authorization tokens and CSRF attacks.
- List<Property Map>
- The links in the App Launcher footer.
- header
Bg StringColor - The background color of the App Launcher header.
- Boolean
- Enables the HttpOnly cookie attribute, which increases security against XSS attacks.
- landing
Page Property MapDesign - The design of the App Launcher landing page shown to users when they log in.
- logo
Url String - The image URL for the logo shown in the App Launcher dashboard.
- name String
- The name of the application.
- options
Preflight BooleanBypass - Allows options preflight requests to bypass Access authentication and go directly to the origin. Cannot turn on if cors_headers is set.
- Boolean
- Enables cookie paths to scope an application's JWT to the application path. If disabled, the JWT will scope to the hostname by default
- policies List<Property Map>
- The policies that Access applies to the application, in ascending order of precedence. Items can reference existing policies or create new policies exclusive to the application.
- read
Service StringTokens From Header - Allows matching Access Service Tokens passed HTTP in a single header with this name. This works as an alternative to the (CF-Access-Client-Id, CF-Access-Client-Secret) pair of headers. The header value will be interpreted as a json object similar to: { "cf-access-client-id": "88bf3b6d86161464f6509f7219099e57.access.example.com", "cf-access-client-secret": "bdd31cbc4dec990953e39163fbbb194c93313ca9f0a6e420346af9d326b1d2a5" }
- saas
App Property Map - String
- Sets the SameSite cookie setting, which provides increased security against CSRF attacks.
- scim
Config Property Map - Configuration for provisioning to this application via SCIM. This is currently in closed beta.
- self
Hosted List<String>Domains - List of public domains that Access will secure. This field is deprecated in favor of
destinationsand will be supported until November 21, 2025. Ifdestinationsare provided, thenself_hosted_domainswill be ignored. - service
Auth401Redirect Boolean - Returns a 401 status code when the request is blocked by a Service Auth policy.
- session
Duration String - The amount of time that tokens issued for this application will be valid. Must be in the format
300msor2h45m. Valid time units are: ns, us (or µs), ms, s, m, h. - skip
App BooleanLauncher Login Page - Determines when to skip the App Launcher landing page.
- skip
Interstitial Boolean - Enables automatic authentication through cloudflared.
- List<String>
- The tags you want assigned to an application. Tags are used to filter applications in the App Launcher dashboard.
- target
Criterias List<Property Map> - type String
- The application type.
- zone
Id String - The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.
Outputs
All input properties are implicitly available as output properties. Additionally, the ZeroTrustAccessApplication resource produces the following output properties:
- aud str
- Audience tag.
- created_
at str - id str
- The provider-assigned unique ID for this managed resource.
- updated_
at str
Look up Existing ZeroTrustAccessApplication Resource
Get an existing ZeroTrustAccessApplication resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ZeroTrustAccessApplicationState, opts?: CustomResourceOptions): ZeroTrustAccessApplication@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
account_id: Optional[str] = None,
allow_authenticate_via_warp: Optional[bool] = None,
allowed_idps: Optional[Sequence[str]] = None,
app_launcher_logo_url: Optional[str] = None,
app_launcher_visible: Optional[bool] = None,
aud: Optional[str] = None,
auto_redirect_to_identity: Optional[bool] = None,
bg_color: Optional[str] = None,
cors_headers: Optional[ZeroTrustAccessApplicationCorsHeadersArgs] = None,
created_at: Optional[str] = None,
custom_deny_message: Optional[str] = None,
custom_deny_url: Optional[str] = None,
custom_non_identity_deny_url: Optional[str] = None,
custom_pages: Optional[Sequence[str]] = None,
destinations: Optional[Sequence[ZeroTrustAccessApplicationDestinationArgs]] = None,
domain: Optional[str] = None,
enable_binding_cookie: Optional[bool] = None,
footer_links: Optional[Sequence[ZeroTrustAccessApplicationFooterLinkArgs]] = None,
header_bg_color: Optional[str] = None,
http_only_cookie_attribute: Optional[bool] = None,
landing_page_design: Optional[ZeroTrustAccessApplicationLandingPageDesignArgs] = None,
logo_url: Optional[str] = None,
name: Optional[str] = None,
options_preflight_bypass: Optional[bool] = None,
path_cookie_attribute: Optional[bool] = None,
policies: Optional[Sequence[ZeroTrustAccessApplicationPolicyArgs]] = None,
read_service_tokens_from_header: Optional[str] = None,
saas_app: Optional[ZeroTrustAccessApplicationSaasAppArgs] = None,
same_site_cookie_attribute: Optional[str] = None,
scim_config: Optional[ZeroTrustAccessApplicationScimConfigArgs] = None,
self_hosted_domains: Optional[Sequence[str]] = None,
service_auth401_redirect: Optional[bool] = None,
session_duration: Optional[str] = None,
skip_app_launcher_login_page: Optional[bool] = None,
skip_interstitial: Optional[bool] = None,
tags: Optional[Sequence[str]] = None,
target_criterias: Optional[Sequence[ZeroTrustAccessApplicationTargetCriteriaArgs]] = None,
type: Optional[str] = None,
updated_at: Optional[str] = None,
zone_id: Optional[str] = None) -> ZeroTrustAccessApplicationfunc GetZeroTrustAccessApplication(ctx *Context, name string, id IDInput, state *ZeroTrustAccessApplicationState, opts ...ResourceOption) (*ZeroTrustAccessApplication, error)public static ZeroTrustAccessApplication Get(string name, Input<string> id, ZeroTrustAccessApplicationState? state, CustomResourceOptions? opts = null)public static ZeroTrustAccessApplication get(String name, Output<String> id, ZeroTrustAccessApplicationState state, CustomResourceOptions options)resources: _: type: cloudflare:ZeroTrustAccessApplication get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Account
Id string - The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.
- Allow
Authenticate boolVia Warp - When set to true, users can authenticate to this application using their WARP session. When set to false this application will always require direct IdP authentication. This setting always overrides the organization setting for WARP authentication.
- Allowed
Idps List<string> - The identity providers your users can select when connecting to this application. Defaults to all IdPs configured in your account.
- App
Launcher stringLogo Url - The image URL of the logo shown in the App Launcher header.
- App
Launcher boolVisible - Displays the application in the App Launcher.
- Aud string
- Audience tag.
- Auto
Redirect boolTo Identity - When set to
true, users skip the identity provider selection step during login. You must specify only one identity provider in allowed_idps. - Bg
Color string - The background color of the App Launcher page.
- Cors
Headers ZeroTrust Access Application Cors Headers - Created
At string - Custom
Deny stringMessage - The custom error message shown to a user when they are denied access to the application.
- Custom
Deny stringUrl - The custom URL a user is redirected to when they are denied access to the application when failing identity-based rules.
- Custom
Non stringIdentity Deny Url - The custom URL a user is redirected to when they are denied access to the application when failing non-identity rules.
- Custom
Pages List<string> - The custom pages that will be displayed when applicable for this application
- Destinations
List<Zero
Trust Access Application Destination> - List of destinations secured by Access. This supersedes
self_hosted_domainsto allow for more flexibility in defining different types of domains. Ifdestinationsare provided, thenself_hosted_domainswill be ignored. - Domain string
- The primary hostname and path secured by Access. This domain will be displayed if the app is visible in the App Launcher.
- bool
- Enables the binding cookie, which increases security against compromised authorization tokens and CSRF attacks.
-
List<Zero
Trust Access Application Footer Link> - The links in the App Launcher footer.
- Header
Bg stringColor - The background color of the App Launcher header.
- bool
- Enables the HttpOnly cookie attribute, which increases security against XSS attacks.
- Landing
Page ZeroDesign Trust Access Application Landing Page Design - The design of the App Launcher landing page shown to users when they log in.
- Logo
Url string - The image URL for the logo shown in the App Launcher dashboard.
- Name string
- The name of the application.
- Options
Preflight boolBypass - Allows options preflight requests to bypass Access authentication and go directly to the origin. Cannot turn on if cors_headers is set.
- bool
- Enables cookie paths to scope an application's JWT to the application path. If disabled, the JWT will scope to the hostname by default
- Policies
List<Zero
Trust Access Application Policy> - The policies that Access applies to the application, in ascending order of precedence. Items can reference existing policies or create new policies exclusive to the application.
- Read
Service stringTokens From Header - Allows matching Access Service Tokens passed HTTP in a single header with this name. This works as an alternative to the (CF-Access-Client-Id, CF-Access-Client-Secret) pair of headers. The header value will be interpreted as a json object similar to: { "cf-access-client-id": "88bf3b6d86161464f6509f7219099e57.access.example.com", "cf-access-client-secret": "bdd31cbc4dec990953e39163fbbb194c93313ca9f0a6e420346af9d326b1d2a5" }
- Saas
App ZeroTrust Access Application Saas App - string
- Sets the SameSite cookie setting, which provides increased security against CSRF attacks.
- Scim
Config ZeroTrust Access Application Scim Config - Configuration for provisioning to this application via SCIM. This is currently in closed beta.
- Self
Hosted List<string>Domains - List of public domains that Access will secure. This field is deprecated in favor of
destinationsand will be supported until November 21, 2025. Ifdestinationsare provided, thenself_hosted_domainswill be ignored. - Service
Auth401Redirect bool - Returns a 401 status code when the request is blocked by a Service Auth policy.
- Session
Duration string - The amount of time that tokens issued for this application will be valid. Must be in the format
300msor2h45m. Valid time units are: ns, us (or µs), ms, s, m, h. - Skip
App boolLauncher Login Page - Determines when to skip the App Launcher landing page.
- Skip
Interstitial bool - Enables automatic authentication through cloudflared.
- List<string>
- The tags you want assigned to an application. Tags are used to filter applications in the App Launcher dashboard.
- Target
Criterias List<ZeroTrust Access Application Target Criteria> - Type string
- The application type.
- Updated
At string - Zone
Id string - The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.
- Account
Id string - The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.
- Allow
Authenticate boolVia Warp - When set to true, users can authenticate to this application using their WARP session. When set to false this application will always require direct IdP authentication. This setting always overrides the organization setting for WARP authentication.
- Allowed
Idps []string - The identity providers your users can select when connecting to this application. Defaults to all IdPs configured in your account.
- App
Launcher stringLogo Url - The image URL of the logo shown in the App Launcher header.
- App
Launcher boolVisible - Displays the application in the App Launcher.
- Aud string
- Audience tag.
- Auto
Redirect boolTo Identity - When set to
true, users skip the identity provider selection step during login. You must specify only one identity provider in allowed_idps. - Bg
Color string - The background color of the App Launcher page.
- Cors
Headers ZeroTrust Access Application Cors Headers Args - Created
At string - Custom
Deny stringMessage - The custom error message shown to a user when they are denied access to the application.
- Custom
Deny stringUrl - The custom URL a user is redirected to when they are denied access to the application when failing identity-based rules.
- Custom
Non stringIdentity Deny Url - The custom URL a user is redirected to when they are denied access to the application when failing non-identity rules.
- Custom
Pages []string - The custom pages that will be displayed when applicable for this application
- Destinations
[]Zero
Trust Access Application Destination Args - List of destinations secured by Access. This supersedes
self_hosted_domainsto allow for more flexibility in defining different types of domains. Ifdestinationsare provided, thenself_hosted_domainswill be ignored. - Domain string
- The primary hostname and path secured by Access. This domain will be displayed if the app is visible in the App Launcher.
- bool
- Enables the binding cookie, which increases security against compromised authorization tokens and CSRF attacks.
-
[]Zero
Trust Access Application Footer Link Args - The links in the App Launcher footer.
- Header
Bg stringColor - The background color of the App Launcher header.
- bool
- Enables the HttpOnly cookie attribute, which increases security against XSS attacks.
- Landing
Page ZeroDesign Trust Access Application Landing Page Design Args - The design of the App Launcher landing page shown to users when they log in.
- Logo
Url string - The image URL for the logo shown in the App Launcher dashboard.
- Name string
- The name of the application.
- Options
Preflight boolBypass - Allows options preflight requests to bypass Access authentication and go directly to the origin. Cannot turn on if cors_headers is set.
- bool
- Enables cookie paths to scope an application's JWT to the application path. If disabled, the JWT will scope to the hostname by default
- Policies
[]Zero
Trust Access Application Policy Args - The policies that Access applies to the application, in ascending order of precedence. Items can reference existing policies or create new policies exclusive to the application.
- Read
Service stringTokens From Header - Allows matching Access Service Tokens passed HTTP in a single header with this name. This works as an alternative to the (CF-Access-Client-Id, CF-Access-Client-Secret) pair of headers. The header value will be interpreted as a json object similar to: { "cf-access-client-id": "88bf3b6d86161464f6509f7219099e57.access.example.com", "cf-access-client-secret": "bdd31cbc4dec990953e39163fbbb194c93313ca9f0a6e420346af9d326b1d2a5" }
- Saas
App ZeroTrust Access Application Saas App Args - string
- Sets the SameSite cookie setting, which provides increased security against CSRF attacks.
- Scim
Config ZeroTrust Access Application Scim Config Args - Configuration for provisioning to this application via SCIM. This is currently in closed beta.
- Self
Hosted []stringDomains - List of public domains that Access will secure. This field is deprecated in favor of
destinationsand will be supported until November 21, 2025. Ifdestinationsare provided, thenself_hosted_domainswill be ignored. - Service
Auth401Redirect bool - Returns a 401 status code when the request is blocked by a Service Auth policy.
- Session
Duration string - The amount of time that tokens issued for this application will be valid. Must be in the format
300msor2h45m. Valid time units are: ns, us (or µs), ms, s, m, h. - Skip
App boolLauncher Login Page - Determines when to skip the App Launcher landing page.
- Skip
Interstitial bool - Enables automatic authentication through cloudflared.
- []string
- The tags you want assigned to an application. Tags are used to filter applications in the App Launcher dashboard.
- Target
Criterias []ZeroTrust Access Application Target Criteria Args - Type string
- The application type.
- Updated
At string - Zone
Id string - The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.
- account
Id String - The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.
- allow
Authenticate BooleanVia Warp - When set to true, users can authenticate to this application using their WARP session. When set to false this application will always require direct IdP authentication. This setting always overrides the organization setting for WARP authentication.
- allowed
Idps List<String> - The identity providers your users can select when connecting to this application. Defaults to all IdPs configured in your account.
- app
Launcher StringLogo Url - The image URL of the logo shown in the App Launcher header.
- app
Launcher BooleanVisible - Displays the application in the App Launcher.
- aud String
- Audience tag.
- auto
Redirect BooleanTo Identity - When set to
true, users skip the identity provider selection step during login. You must specify only one identity provider in allowed_idps. - bg
Color String - The background color of the App Launcher page.
- cors
Headers ZeroTrust Access Application Cors Headers - created
At String - custom
Deny StringMessage - The custom error message shown to a user when they are denied access to the application.
- custom
Deny StringUrl - The custom URL a user is redirected to when they are denied access to the application when failing identity-based rules.
- custom
Non StringIdentity Deny Url - The custom URL a user is redirected to when they are denied access to the application when failing non-identity rules.
- custom
Pages List<String> - The custom pages that will be displayed when applicable for this application
- destinations
List<Zero
Trust Access Application Destination> - List of destinations secured by Access. This supersedes
self_hosted_domainsto allow for more flexibility in defining different types of domains. Ifdestinationsare provided, thenself_hosted_domainswill be ignored. - domain String
- The primary hostname and path secured by Access. This domain will be displayed if the app is visible in the App Launcher.
- Boolean
- Enables the binding cookie, which increases security against compromised authorization tokens and CSRF attacks.
-
List<Zero
Trust Access Application Footer Link> - The links in the App Launcher footer.
- header
Bg StringColor - The background color of the App Launcher header.
- Boolean
- Enables the HttpOnly cookie attribute, which increases security against XSS attacks.
- landing
Page ZeroDesign Trust Access Application Landing Page Design - The design of the App Launcher landing page shown to users when they log in.
- logo
Url String - The image URL for the logo shown in the App Launcher dashboard.
- name String
- The name of the application.
- options
Preflight BooleanBypass - Allows options preflight requests to bypass Access authentication and go directly to the origin. Cannot turn on if cors_headers is set.
- Boolean
- Enables cookie paths to scope an application's JWT to the application path. If disabled, the JWT will scope to the hostname by default
- policies
List<Zero
Trust Access Application Policy> - The policies that Access applies to the application, in ascending order of precedence. Items can reference existing policies or create new policies exclusive to the application.
- read
Service StringTokens From Header - Allows matching Access Service Tokens passed HTTP in a single header with this name. This works as an alternative to the (CF-Access-Client-Id, CF-Access-Client-Secret) pair of headers. The header value will be interpreted as a json object similar to: { "cf-access-client-id": "88bf3b6d86161464f6509f7219099e57.access.example.com", "cf-access-client-secret": "bdd31cbc4dec990953e39163fbbb194c93313ca9f0a6e420346af9d326b1d2a5" }
- saas
App ZeroTrust Access Application Saas App - String
- Sets the SameSite cookie setting, which provides increased security against CSRF attacks.
- scim
Config ZeroTrust Access Application Scim Config - Configuration for provisioning to this application via SCIM. This is currently in closed beta.
- self
Hosted List<String>Domains - List of public domains that Access will secure. This field is deprecated in favor of
destinationsand will be supported until November 21, 2025. Ifdestinationsare provided, thenself_hosted_domainswill be ignored. - service
Auth401Redirect Boolean - Returns a 401 status code when the request is blocked by a Service Auth policy.
- session
Duration String - The amount of time that tokens issued for this application will be valid. Must be in the format
300msor2h45m. Valid time units are: ns, us (or µs), ms, s, m, h. - skip
App BooleanLauncher Login Page - Determines when to skip the App Launcher landing page.
- skip
Interstitial Boolean - Enables automatic authentication through cloudflared.
- List<String>
- The tags you want assigned to an application. Tags are used to filter applications in the App Launcher dashboard.
- target
Criterias List<ZeroTrust Access Application Target Criteria> - type String
- The application type.
- updated
At String - zone
Id String - The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.
- account
Id string - The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.
- allow
Authenticate booleanVia Warp - When set to true, users can authenticate to this application using their WARP session. When set to false this application will always require direct IdP authentication. This setting always overrides the organization setting for WARP authentication.
- allowed
Idps string[] - The identity providers your users can select when connecting to this application. Defaults to all IdPs configured in your account.
- app
Launcher stringLogo Url - The image URL of the logo shown in the App Launcher header.
- app
Launcher booleanVisible - Displays the application in the App Launcher.
- aud string
- Audience tag.
- auto
Redirect booleanTo Identity - When set to
true, users skip the identity provider selection step during login. You must specify only one identity provider in allowed_idps. - bg
Color string - The background color of the App Launcher page.
- cors
Headers ZeroTrust Access Application Cors Headers - created
At string - custom
Deny stringMessage - The custom error message shown to a user when they are denied access to the application.
- custom
Deny stringUrl - The custom URL a user is redirected to when they are denied access to the application when failing identity-based rules.
- custom
Non stringIdentity Deny Url - The custom URL a user is redirected to when they are denied access to the application when failing non-identity rules.
- custom
Pages string[] - The custom pages that will be displayed when applicable for this application
- destinations
Zero
Trust Access Application Destination[] - List of destinations secured by Access. This supersedes
self_hosted_domainsto allow for more flexibility in defining different types of domains. Ifdestinationsare provided, thenself_hosted_domainswill be ignored. - domain string
- The primary hostname and path secured by Access. This domain will be displayed if the app is visible in the App Launcher.
- boolean
- Enables the binding cookie, which increases security against compromised authorization tokens and CSRF attacks.
-
Zero
Trust Access Application Footer Link[] - The links in the App Launcher footer.
- header
Bg stringColor - The background color of the App Launcher header.
- boolean
- Enables the HttpOnly cookie attribute, which increases security against XSS attacks.
- landing
Page ZeroDesign Trust Access Application Landing Page Design - The design of the App Launcher landing page shown to users when they log in.
- logo
Url string - The image URL for the logo shown in the App Launcher dashboard.
- name string
- The name of the application.
- options
Preflight booleanBypass - Allows options preflight requests to bypass Access authentication and go directly to the origin. Cannot turn on if cors_headers is set.
- boolean
- Enables cookie paths to scope an application's JWT to the application path. If disabled, the JWT will scope to the hostname by default
- policies
Zero
Trust Access Application Policy[] - The policies that Access applies to the application, in ascending order of precedence. Items can reference existing policies or create new policies exclusive to the application.
- read
Service stringTokens From Header - Allows matching Access Service Tokens passed HTTP in a single header with this name. This works as an alternative to the (CF-Access-Client-Id, CF-Access-Client-Secret) pair of headers. The header value will be interpreted as a json object similar to: { "cf-access-client-id": "88bf3b6d86161464f6509f7219099e57.access.example.com", "cf-access-client-secret": "bdd31cbc4dec990953e39163fbbb194c93313ca9f0a6e420346af9d326b1d2a5" }
- saas
App ZeroTrust Access Application Saas App - string
- Sets the SameSite cookie setting, which provides increased security against CSRF attacks.
- scim
Config ZeroTrust Access Application Scim Config - Configuration for provisioning to this application via SCIM. This is currently in closed beta.
- self
Hosted string[]Domains - List of public domains that Access will secure. This field is deprecated in favor of
destinationsand will be supported until November 21, 2025. Ifdestinationsare provided, thenself_hosted_domainswill be ignored. - service
Auth401Redirect boolean - Returns a 401 status code when the request is blocked by a Service Auth policy.
- session
Duration string - The amount of time that tokens issued for this application will be valid. Must be in the format
300msor2h45m. Valid time units are: ns, us (or µs), ms, s, m, h. - skip
App booleanLauncher Login Page - Determines when to skip the App Launcher landing page.
- skip
Interstitial boolean - Enables automatic authentication through cloudflared.
- string[]
- The tags you want assigned to an application. Tags are used to filter applications in the App Launcher dashboard.
- target
Criterias ZeroTrust Access Application Target Criteria[] - type string
- The application type.
- updated
At string - zone
Id string - The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.
- account_
id str - The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.
- allow_
authenticate_ boolvia_ warp - When set to true, users can authenticate to this application using their WARP session. When set to false this application will always require direct IdP authentication. This setting always overrides the organization setting for WARP authentication.
- allowed_
idps Sequence[str] - The identity providers your users can select when connecting to this application. Defaults to all IdPs configured in your account.
- app_
launcher_ strlogo_ url - The image URL of the logo shown in the App Launcher header.
- app_
launcher_ boolvisible - Displays the application in the App Launcher.
- aud str
- Audience tag.
- auto_
redirect_ boolto_ identity - When set to
true, users skip the identity provider selection step during login. You must specify only one identity provider in allowed_idps. - bg_
color str - The background color of the App Launcher page.
- cors_
headers ZeroTrust Access Application Cors Headers Args - created_
at str - custom_
deny_ strmessage - The custom error message shown to a user when they are denied access to the application.
- custom_
deny_ strurl - The custom URL a user is redirected to when they are denied access to the application when failing identity-based rules.
- custom_
non_ stridentity_ deny_ url - The custom URL a user is redirected to when they are denied access to the application when failing non-identity rules.
- custom_
pages Sequence[str] - The custom pages that will be displayed when applicable for this application
- destinations
Sequence[Zero
Trust Access Application Destination Args] - List of destinations secured by Access. This supersedes
self_hosted_domainsto allow for more flexibility in defining different types of domains. Ifdestinationsare provided, thenself_hosted_domainswill be ignored. - domain str
- The primary hostname and path secured by Access. This domain will be displayed if the app is visible in the App Launcher.
- bool
- Enables the binding cookie, which increases security against compromised authorization tokens and CSRF attacks.
-
Sequence[Zero
Trust Access Application Footer Link Args] - The links in the App Launcher footer.
- header_
bg_ strcolor - The background color of the App Launcher header.
- bool
- Enables the HttpOnly cookie attribute, which increases security against XSS attacks.
- landing_
page_ Zerodesign Trust Access Application Landing Page Design Args - The design of the App Launcher landing page shown to users when they log in.
- logo_
url str - The image URL for the logo shown in the App Launcher dashboard.
- name str
- The name of the application.
- options_
preflight_ boolbypass - Allows options preflight requests to bypass Access authentication and go directly to the origin. Cannot turn on if cors_headers is set.
- bool
- Enables cookie paths to scope an application's JWT to the application path. If disabled, the JWT will scope to the hostname by default
- policies
Sequence[Zero
Trust Access Application Policy Args] - The policies that Access applies to the application, in ascending order of precedence. Items can reference existing policies or create new policies exclusive to the application.
- read_
service_ strtokens_ from_ header - Allows matching Access Service Tokens passed HTTP in a single header with this name. This works as an alternative to the (CF-Access-Client-Id, CF-Access-Client-Secret) pair of headers. The header value will be interpreted as a json object similar to: { "cf-access-client-id": "88bf3b6d86161464f6509f7219099e57.access.example.com", "cf-access-client-secret": "bdd31cbc4dec990953e39163fbbb194c93313ca9f0a6e420346af9d326b1d2a5" }
- saas_
app ZeroTrust Access Application Saas App Args - str
- Sets the SameSite cookie setting, which provides increased security against CSRF attacks.
- scim_
config ZeroTrust Access Application Scim Config Args - Configuration for provisioning to this application via SCIM. This is currently in closed beta.
- self_
hosted_ Sequence[str]domains - List of public domains that Access will secure. This field is deprecated in favor of
destinationsand will be supported until November 21, 2025. Ifdestinationsare provided, thenself_hosted_domainswill be ignored. - service_
auth401_ boolredirect - Returns a 401 status code when the request is blocked by a Service Auth policy.
- session_
duration str - The amount of time that tokens issued for this application will be valid. Must be in the format
300msor2h45m. Valid time units are: ns, us (or µs), ms, s, m, h. - skip_
app_ boollauncher_ login_ page - Determines when to skip the App Launcher landing page.
- skip_
interstitial bool - Enables automatic authentication through cloudflared.
- Sequence[str]
- The tags you want assigned to an application. Tags are used to filter applications in the App Launcher dashboard.
- target_
criterias Sequence[ZeroTrust Access Application Target Criteria Args] - type str
- The application type.
- updated_
at str - zone_
id str - The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.
- account
Id String - The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.
- allow
Authenticate BooleanVia Warp - When set to true, users can authenticate to this application using their WARP session. When set to false this application will always require direct IdP authentication. This setting always overrides the organization setting for WARP authentication.
- allowed
Idps List<String> - The identity providers your users can select when connecting to this application. Defaults to all IdPs configured in your account.
- app
Launcher StringLogo Url - The image URL of the logo shown in the App Launcher header.
- app
Launcher BooleanVisible - Displays the application in the App Launcher.
- aud String
- Audience tag.
- auto
Redirect BooleanTo Identity - When set to
true, users skip the identity provider selection step during login. You must specify only one identity provider in allowed_idps. - bg
Color String - The background color of the App Launcher page.
- cors
Headers Property Map - created
At String - custom
Deny StringMessage - The custom error message shown to a user when they are denied access to the application.
- custom
Deny StringUrl - The custom URL a user is redirected to when they are denied access to the application when failing identity-based rules.
- custom
Non StringIdentity Deny Url - The custom URL a user is redirected to when they are denied access to the application when failing non-identity rules.
- custom
Pages List<String> - The custom pages that will be displayed when applicable for this application
- destinations List<Property Map>
- List of destinations secured by Access. This supersedes
self_hosted_domainsto allow for more flexibility in defining different types of domains. Ifdestinationsare provided, thenself_hosted_domainswill be ignored. - domain String
- The primary hostname and path secured by Access. This domain will be displayed if the app is visible in the App Launcher.
- Boolean
- Enables the binding cookie, which increases security against compromised authorization tokens and CSRF attacks.
- List<Property Map>
- The links in the App Launcher footer.
- header
Bg StringColor - The background color of the App Launcher header.
- Boolean
- Enables the HttpOnly cookie attribute, which increases security against XSS attacks.
- landing
Page Property MapDesign - The design of the App Launcher landing page shown to users when they log in.
- logo
Url String - The image URL for the logo shown in the App Launcher dashboard.
- name String
- The name of the application.
- options
Preflight BooleanBypass - Allows options preflight requests to bypass Access authentication and go directly to the origin. Cannot turn on if cors_headers is set.
- Boolean
- Enables cookie paths to scope an application's JWT to the application path. If disabled, the JWT will scope to the hostname by default
- policies List<Property Map>
- The policies that Access applies to the application, in ascending order of precedence. Items can reference existing policies or create new policies exclusive to the application.
- read
Service StringTokens From Header - Allows matching Access Service Tokens passed HTTP in a single header with this name. This works as an alternative to the (CF-Access-Client-Id, CF-Access-Client-Secret) pair of headers. The header value will be interpreted as a json object similar to: { "cf-access-client-id": "88bf3b6d86161464f6509f7219099e57.access.example.com", "cf-access-client-secret": "bdd31cbc4dec990953e39163fbbb194c93313ca9f0a6e420346af9d326b1d2a5" }
- saas
App Property Map - String
- Sets the SameSite cookie setting, which provides increased security against CSRF attacks.
- scim
Config Property Map - Configuration for provisioning to this application via SCIM. This is currently in closed beta.
- self
Hosted List<String>Domains - List of public domains that Access will secure. This field is deprecated in favor of
destinationsand will be supported until November 21, 2025. Ifdestinationsare provided, thenself_hosted_domainswill be ignored. - service
Auth401Redirect Boolean - Returns a 401 status code when the request is blocked by a Service Auth policy.
- session
Duration String - The amount of time that tokens issued for this application will be valid. Must be in the format
300msor2h45m. Valid time units are: ns, us (or µs), ms, s, m, h. - skip
App BooleanLauncher Login Page - Determines when to skip the App Launcher landing page.
- skip
Interstitial Boolean - Enables automatic authentication through cloudflared.
- List<String>
- The tags you want assigned to an application. Tags are used to filter applications in the App Launcher dashboard.
- target
Criterias List<Property Map> - type String
- The application type.
- updated
At String - zone
Id String - The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.
Supporting Types
ZeroTrustAccessApplicationCorsHeaders, ZeroTrustAccessApplicationCorsHeadersArgs
- Allow
All boolHeaders - Allows all HTTP request headers.
- Allow
All boolMethods - Allows all HTTP request methods.
- Allow
All boolOrigins - Allows all origins.
- Allow
Credentials bool - When set to
true, includes credentials (cookies, authorization headers, or TLS client certificates) with requests. - Allowed
Headers List<string> - Allowed HTTP request headers.
- Allowed
Methods List<string> - Allowed HTTP request methods.
- Allowed
Origins List<string> - Allowed origins.
- Max
Age double - The maximum number of seconds the results of a preflight request can be cached.
- Allow
All boolHeaders - Allows all HTTP request headers.
- Allow
All boolMethods - Allows all HTTP request methods.
- Allow
All boolOrigins - Allows all origins.
- Allow
Credentials bool - When set to
true, includes credentials (cookies, authorization headers, or TLS client certificates) with requests. - Allowed
Headers []string - Allowed HTTP request headers.
- Allowed
Methods []string - Allowed HTTP request methods.
- Allowed
Origins []string - Allowed origins.
- Max
Age float64 - The maximum number of seconds the results of a preflight request can be cached.
- allow
All BooleanHeaders - Allows all HTTP request headers.
- allow
All BooleanMethods - Allows all HTTP request methods.
- allow
All BooleanOrigins - Allows all origins.
- allow
Credentials Boolean - When set to
true, includes credentials (cookies, authorization headers, or TLS client certificates) with requests. - allowed
Headers List<String> - Allowed HTTP request headers.
- allowed
Methods List<String> - Allowed HTTP request methods.
- allowed
Origins List<String> - Allowed origins.
- max
Age Double - The maximum number of seconds the results of a preflight request can be cached.
- allow
All booleanHeaders - Allows all HTTP request headers.
- allow
All booleanMethods - Allows all HTTP request methods.
- allow
All booleanOrigins - Allows all origins.
- allow
Credentials boolean - When set to
true, includes credentials (cookies, authorization headers, or TLS client certificates) with requests. - allowed
Headers string[] - Allowed HTTP request headers.
- allowed
Methods string[] - Allowed HTTP request methods.
- allowed
Origins string[] - Allowed origins.
- max
Age number - The maximum number of seconds the results of a preflight request can be cached.
- allow_
all_ boolheaders - Allows all HTTP request headers.
- allow_
all_ boolmethods - Allows all HTTP request methods.
- allow_
all_ boolorigins - Allows all origins.
- allow_
credentials bool - When set to
true, includes credentials (cookies, authorization headers, or TLS client certificates) with requests. - allowed_
headers Sequence[str] - Allowed HTTP request headers.
- allowed_
methods Sequence[str] - Allowed HTTP request methods.
- allowed_
origins Sequence[str] - Allowed origins.
- max_
age float - The maximum number of seconds the results of a preflight request can be cached.
- allow
All BooleanHeaders - Allows all HTTP request headers.
- allow
All BooleanMethods - Allows all HTTP request methods.
- allow
All BooleanOrigins - Allows all origins.
- allow
Credentials Boolean - When set to
true, includes credentials (cookies, authorization headers, or TLS client certificates) with requests. - allowed
Headers List<String> - Allowed HTTP request headers.
- allowed
Methods List<String> - Allowed HTTP request methods.
- allowed
Origins List<String> - Allowed origins.
- max
Age Number - The maximum number of seconds the results of a preflight request can be cached.
ZeroTrustAccessApplicationDestination, ZeroTrustAccessApplicationDestinationArgs
- Cidr string
- The CIDR range of the destination. Single IPs will be computed as /32.
- Hostname string
- The hostname of the destination. Matches a valid SNI served by an HTTPS origin.
- L4Protocol string
- The L4 protocol of the destination. When omitted, both UDP and TCP traffic will match. Available values: "tcp", "udp".
- Port
Range string - The port range of the destination. Can be a single port or a range of ports. When omitted, all ports will match.
- Type string
- Available values: "public".
- Uri string
- The URI of the destination. Public destinations' URIs can include a domain and path with wildcards.
- Vnet
Id string - The VNET ID to match the destination. When omitted, all VNETs will match.
- Cidr string
- The CIDR range of the destination. Single IPs will be computed as /32.
- Hostname string
- The hostname of the destination. Matches a valid SNI served by an HTTPS origin.
- L4Protocol string
- The L4 protocol of the destination. When omitted, both UDP and TCP traffic will match. Available values: "tcp", "udp".
- Port
Range string - The port range of the destination. Can be a single port or a range of ports. When omitted, all ports will match.
- Type string
- Available values: "public".
- Uri string
- The URI of the destination. Public destinations' URIs can include a domain and path with wildcards.
- Vnet
Id string - The VNET ID to match the destination. When omitted, all VNETs will match.
- cidr String
- The CIDR range of the destination. Single IPs will be computed as /32.
- hostname String
- The hostname of the destination. Matches a valid SNI served by an HTTPS origin.
- l4Protocol String
- The L4 protocol of the destination. When omitted, both UDP and TCP traffic will match. Available values: "tcp", "udp".
- port
Range String - The port range of the destination. Can be a single port or a range of ports. When omitted, all ports will match.
- type String
- Available values: "public".
- uri String
- The URI of the destination. Public destinations' URIs can include a domain and path with wildcards.
- vnet
Id String - The VNET ID to match the destination. When omitted, all VNETs will match.
- cidr string
- The CIDR range of the destination. Single IPs will be computed as /32.
- hostname string
- The hostname of the destination. Matches a valid SNI served by an HTTPS origin.
- l4Protocol string
- The L4 protocol of the destination. When omitted, both UDP and TCP traffic will match. Available values: "tcp", "udp".
- port
Range string - The port range of the destination. Can be a single port or a range of ports. When omitted, all ports will match.
- type string
- Available values: "public".
- uri string
- The URI of the destination. Public destinations' URIs can include a domain and path with wildcards.
- vnet
Id string - The VNET ID to match the destination. When omitted, all VNETs will match.
- cidr str
- The CIDR range of the destination. Single IPs will be computed as /32.
- hostname str
- The hostname of the destination. Matches a valid SNI served by an HTTPS origin.
- l4_
protocol str - The L4 protocol of the destination. When omitted, both UDP and TCP traffic will match. Available values: "tcp", "udp".
- port_
range str - The port range of the destination. Can be a single port or a range of ports. When omitted, all ports will match.
- type str
- Available values: "public".
- uri str
- The URI of the destination. Public destinations' URIs can include a domain and path with wildcards.
- vnet_
id str - The VNET ID to match the destination. When omitted, all VNETs will match.
- cidr String
- The CIDR range of the destination. Single IPs will be computed as /32.
- hostname String
- The hostname of the destination. Matches a valid SNI served by an HTTPS origin.
- l4Protocol String
- The L4 protocol of the destination. When omitted, both UDP and TCP traffic will match. Available values: "tcp", "udp".
- port
Range String - The port range of the destination. Can be a single port or a range of ports. When omitted, all ports will match.
- type String
- Available values: "public".
- uri String
- The URI of the destination. Public destinations' URIs can include a domain and path with wildcards.
- vnet
Id String - The VNET ID to match the destination. When omitted, all VNETs will match.
ZeroTrustAccessApplicationFooterLink, ZeroTrustAccessApplicationFooterLinkArgs
ZeroTrustAccessApplicationLandingPageDesign, ZeroTrustAccessApplicationLandingPageDesignArgs
- string
- The background color of the log in button on the landing page.
- string
- The color of the text in the log in button on the landing page.
- Image
Url string - The URL of the image shown on the landing page.
- Message string
- The message shown on the landing page.
- Title string
- The title shown on the landing page.
- string
- The background color of the log in button on the landing page.
- string
- The color of the text in the log in button on the landing page.
- Image
Url string - The URL of the image shown on the landing page.
- Message string
- The message shown on the landing page.
- Title string
- The title shown on the landing page.
- String
- The background color of the log in button on the landing page.
- String
- The color of the text in the log in button on the landing page.
- image
Url String - The URL of the image shown on the landing page.
- message String
- The message shown on the landing page.
- title String
- The title shown on the landing page.
- string
- The background color of the log in button on the landing page.
- string
- The color of the text in the log in button on the landing page.
- image
Url string - The URL of the image shown on the landing page.
- message string
- The message shown on the landing page.
- title string
- The title shown on the landing page.
- String
- The background color of the log in button on the landing page.
- String
- The color of the text in the log in button on the landing page.
- image
Url String - The URL of the image shown on the landing page.
- message String
- The message shown on the landing page.
- title String
- The title shown on the landing page.
ZeroTrustAccessApplicationPolicy, ZeroTrustAccessApplicationPolicyArgs
- Connection
Rules ZeroTrust Access Application Policy Connection Rules - The rules that define how users may connect to the targets secured by your application.
- Decision string
- The action Access will take if a user matches this policy. Infrastructure application policies can only use the Allow action. Available values: "allow", "deny", "non_identity", "bypass".
- Excludes
List<Zero
Trust Access Application Policy Exclude> - Rules evaluated with a NOT logical operator. To match the policy, a user cannot meet any of the Exclude rules.
- Id string
- The UUID of the policy
- Includes
List<Zero
Trust Access Application Policy Include> - Rules evaluated with an OR logical operator. A user needs to meet only one of the Include rules.
- Name string
- The name of the Access policy.
- Precedence int
- The order of execution for this policy. Must be unique for each policy within an app.
- Requires
List<Zero
Trust Access Application Policy Require> - Rules evaluated with an AND logical operator. To match the policy, a user must meet all of the Require rules.
- Connection
Rules ZeroTrust Access Application Policy Connection Rules - The rules that define how users may connect to the targets secured by your application.
- Decision string
- The action Access will take if a user matches this policy. Infrastructure application policies can only use the Allow action. Available values: "allow", "deny", "non_identity", "bypass".
- Excludes
[]Zero
Trust Access Application Policy Exclude - Rules evaluated with a NOT logical operator. To match the policy, a user cannot meet any of the Exclude rules.
- Id string
- The UUID of the policy
- Includes
[]Zero
Trust Access Application Policy Include - Rules evaluated with an OR logical operator. A user needs to meet only one of the Include rules.
- Name string
- The name of the Access policy.
- Precedence int
- The order of execution for this policy. Must be unique for each policy within an app.
- Requires
[]Zero
Trust Access Application Policy Require - Rules evaluated with an AND logical operator. To match the policy, a user must meet all of the Require rules.
- connection
Rules ZeroTrust Access Application Policy Connection Rules - The rules that define how users may connect to the targets secured by your application.
- decision String
- The action Access will take if a user matches this policy. Infrastructure application policies can only use the Allow action. Available values: "allow", "deny", "non_identity", "bypass".
- excludes
List<Zero
Trust Access Application Policy Exclude> - Rules evaluated with a NOT logical operator. To match the policy, a user cannot meet any of the Exclude rules.
- id String
- The UUID of the policy
- includes
List<Zero
Trust Access Application Policy Include> - Rules evaluated with an OR logical operator. A user needs to meet only one of the Include rules.
- name String
- The name of the Access policy.
- precedence Integer
- The order of execution for this policy. Must be unique for each policy within an app.
- requires
List<Zero
Trust Access Application Policy Require> - Rules evaluated with an AND logical operator. To match the policy, a user must meet all of the Require rules.
- connection
Rules ZeroTrust Access Application Policy Connection Rules - The rules that define how users may connect to the targets secured by your application.
- decision string
- The action Access will take if a user matches this policy. Infrastructure application policies can only use the Allow action. Available values: "allow", "deny", "non_identity", "bypass".
- excludes
Zero
Trust Access Application Policy Exclude[] - Rules evaluated with a NOT logical operator. To match the policy, a user cannot meet any of the Exclude rules.
- id string
- The UUID of the policy
- includes
Zero
Trust Access Application Policy Include[] - Rules evaluated with an OR logical operator. A user needs to meet only one of the Include rules.
- name string
- The name of the Access policy.
- precedence number
- The order of execution for this policy. Must be unique for each policy within an app.
- requires
Zero
Trust Access Application Policy Require[] - Rules evaluated with an AND logical operator. To match the policy, a user must meet all of the Require rules.
- connection_
rules ZeroTrust Access Application Policy Connection Rules - The rules that define how users may connect to the targets secured by your application.
- decision str
- The action Access will take if a user matches this policy. Infrastructure application policies can only use the Allow action. Available values: "allow", "deny", "non_identity", "bypass".
- excludes
Sequence[Zero
Trust Access Application Policy Exclude] - Rules evaluated with a NOT logical operator. To match the policy, a user cannot meet any of the Exclude rules.
- id str
- The UUID of the policy
- includes
Sequence[Zero
Trust Access Application Policy Include] - Rules evaluated with an OR logical operator. A user needs to meet only one of the Include rules.
- name str
- The name of the Access policy.
- precedence int
- The order of execution for this policy. Must be unique for each policy within an app.
- requires
Sequence[Zero
Trust Access Application Policy Require] - Rules evaluated with an AND logical operator. To match the policy, a user must meet all of the Require rules.
- connection
Rules Property Map - The rules that define how users may connect to the targets secured by your application.
- decision String
- The action Access will take if a user matches this policy. Infrastructure application policies can only use the Allow action. Available values: "allow", "deny", "non_identity", "bypass".
- excludes List<Property Map>
- Rules evaluated with a NOT logical operator. To match the policy, a user cannot meet any of the Exclude rules.
- id String
- The UUID of the policy
- includes List<Property Map>
- Rules evaluated with an OR logical operator. A user needs to meet only one of the Include rules.
- name String
- The name of the Access policy.
- precedence Number
- The order of execution for this policy. Must be unique for each policy within an app.
- requires List<Property Map>
- Rules evaluated with an AND logical operator. To match the policy, a user must meet all of the Require rules.
ZeroTrustAccessApplicationPolicyConnectionRules, ZeroTrustAccessApplicationPolicyConnectionRulesArgs
- Ssh
Zero
Trust Access Application Policy Connection Rules Ssh - The SSH-specific rules that define how users may connect to the targets secured by your application.
- Ssh
Zero
Trust Access Application Policy Connection Rules Ssh - The SSH-specific rules that define how users may connect to the targets secured by your application.
- ssh
Zero
Trust Access Application Policy Connection Rules Ssh - The SSH-specific rules that define how users may connect to the targets secured by your application.
- ssh
Zero
Trust Access Application Policy Connection Rules Ssh - The SSH-specific rules that define how users may connect to the targets secured by your application.
- ssh
Zero
Trust Access Application Policy Connection Rules Ssh - The SSH-specific rules that define how users may connect to the targets secured by your application.
- ssh Property Map
- The SSH-specific rules that define how users may connect to the targets secured by your application.
ZeroTrustAccessApplicationPolicyConnectionRulesSsh, ZeroTrustAccessApplicationPolicyConnectionRulesSshArgs
- Usernames List<string>
- Contains the Unix usernames that may be used when connecting over SSH.
- Allow
Email boolAlias - Enables using Identity Provider email alias as SSH username.
- Usernames []string
- Contains the Unix usernames that may be used when connecting over SSH.
- Allow
Email boolAlias - Enables using Identity Provider email alias as SSH username.
- usernames List<String>
- Contains the Unix usernames that may be used when connecting over SSH.
- allow
Email BooleanAlias - Enables using Identity Provider email alias as SSH username.
- usernames string[]
- Contains the Unix usernames that may be used when connecting over SSH.
- allow
Email booleanAlias - Enables using Identity Provider email alias as SSH username.
- usernames Sequence[str]
- Contains the Unix usernames that may be used when connecting over SSH.
- allow_
email_ boolalias - Enables using Identity Provider email alias as SSH username.
- usernames List<String>
- Contains the Unix usernames that may be used when connecting over SSH.
- allow
Email BooleanAlias - Enables using Identity Provider email alias as SSH username.
ZeroTrustAccessApplicationPolicyExclude, ZeroTrustAccessApplicationPolicyExcludeArgs
- Any
Valid ZeroService Token Trust Access Application Policy Exclude Any Valid Service Token - An empty object which matches on all service tokens.
- Auth
Context ZeroTrust Access Application Policy Exclude Auth Context - Auth
Method ZeroTrust Access Application Policy Exclude Auth Method - Azure
Ad ZeroTrust Access Application Policy Exclude Azure Ad - Certificate
Zero
Trust Access Application Policy Exclude Certificate - Common
Name ZeroTrust Access Application Policy Exclude Common Name - Device
Posture ZeroTrust Access Application Policy Exclude Device Posture - Email
Zero
Trust Access Application Policy Exclude Email - Email
Domain ZeroTrust Access Application Policy Exclude Email Domain - Email
List ZeroTrust Access Application Policy Exclude Email List - Everyone
Zero
Trust Access Application Policy Exclude Everyone - An empty object which matches on all users.
- External
Evaluation ZeroTrust Access Application Policy Exclude External Evaluation - Geo
Zero
Trust Access Application Policy Exclude Geo - Github
Organization ZeroTrust Access Application Policy Exclude Github Organization - Group
Zero
Trust Access Application Policy Exclude Group - Gsuite
Zero
Trust Access Application Policy Exclude Gsuite - Ip
Zero
Trust Access Application Policy Exclude Ip - Ip
List ZeroTrust Access Application Policy Exclude Ip List - Login
Method ZeroTrust Access Application Policy Exclude Login Method - Okta
Zero
Trust Access Application Policy Exclude Okta - Saml
Zero
Trust Access Application Policy Exclude Saml - Service
Token ZeroTrust Access Application Policy Exclude Service Token
- Any
Valid ZeroService Token Trust Access Application Policy Exclude Any Valid Service Token - An empty object which matches on all service tokens.
- Auth
Context ZeroTrust Access Application Policy Exclude Auth Context - Auth
Method ZeroTrust Access Application Policy Exclude Auth Method - Azure
Ad ZeroTrust Access Application Policy Exclude Azure Ad - Certificate
Zero
Trust Access Application Policy Exclude Certificate - Common
Name ZeroTrust Access Application Policy Exclude Common Name - Device
Posture ZeroTrust Access Application Policy Exclude Device Posture - Email
Zero
Trust Access Application Policy Exclude Email - Email
Domain ZeroTrust Access Application Policy Exclude Email Domain - Email
List ZeroTrust Access Application Policy Exclude Email List - Everyone
Zero
Trust Access Application Policy Exclude Everyone - An empty object which matches on all users.
- External
Evaluation ZeroTrust Access Application Policy Exclude External Evaluation - Geo
Zero
Trust Access Application Policy Exclude Geo - Github
Organization ZeroTrust Access Application Policy Exclude Github Organization - Group
Zero
Trust Access Application Policy Exclude Group - Gsuite
Zero
Trust Access Application Policy Exclude Gsuite - Ip
Zero
Trust Access Application Policy Exclude Ip - Ip
List ZeroTrust Access Application Policy Exclude Ip List - Login
Method ZeroTrust Access Application Policy Exclude Login Method - Okta
Zero
Trust Access Application Policy Exclude Okta - Saml
Zero
Trust Access Application Policy Exclude Saml - Service
Token ZeroTrust Access Application Policy Exclude Service Token
- any
Valid ZeroService Token Trust Access Application Policy Exclude Any Valid Service Token - An empty object which matches on all service tokens.
- auth
Context ZeroTrust Access Application Policy Exclude Auth Context - auth
Method ZeroTrust Access Application Policy Exclude Auth Method - azure
Ad ZeroTrust Access Application Policy Exclude Azure Ad - certificate
Zero
Trust Access Application Policy Exclude Certificate - common
Name ZeroTrust Access Application Policy Exclude Common Name - device
Posture ZeroTrust Access Application Policy Exclude Device Posture - email
Zero
Trust Access Application Policy Exclude Email - email
Domain ZeroTrust Access Application Policy Exclude Email Domain - email
List ZeroTrust Access Application Policy Exclude Email List - everyone
Zero
Trust Access Application Policy Exclude Everyone - An empty object which matches on all users.
- external
Evaluation ZeroTrust Access Application Policy Exclude External Evaluation - geo
Zero
Trust Access Application Policy Exclude Geo - github
Organization ZeroTrust Access Application Policy Exclude Github Organization - group
Zero
Trust Access Application Policy Exclude Group - gsuite
Zero
Trust Access Application Policy Exclude Gsuite - ip
Zero
Trust Access Application Policy Exclude Ip - ip
List ZeroTrust Access Application Policy Exclude Ip List - login
Method ZeroTrust Access Application Policy Exclude Login Method - okta
Zero
Trust Access Application Policy Exclude Okta - saml
Zero
Trust Access Application Policy Exclude Saml - service
Token ZeroTrust Access Application Policy Exclude Service Token
- any
Valid ZeroService Token Trust Access Application Policy Exclude Any Valid Service Token - An empty object which matches on all service tokens.
- auth
Context ZeroTrust Access Application Policy Exclude Auth Context - auth
Method ZeroTrust Access Application Policy Exclude Auth Method - azure
Ad ZeroTrust Access Application Policy Exclude Azure Ad - certificate
Zero
Trust Access Application Policy Exclude Certificate - common
Name ZeroTrust Access Application Policy Exclude Common Name - device
Posture ZeroTrust Access Application Policy Exclude Device Posture - email
Zero
Trust Access Application Policy Exclude Email - email
Domain ZeroTrust Access Application Policy Exclude Email Domain - email
List ZeroTrust Access Application Policy Exclude Email List - everyone
Zero
Trust Access Application Policy Exclude Everyone - An empty object which matches on all users.
- external
Evaluation ZeroTrust Access Application Policy Exclude External Evaluation - geo
Zero
Trust Access Application Policy Exclude Geo - github
Organization ZeroTrust Access Application Policy Exclude Github Organization - group
Zero
Trust Access Application Policy Exclude Group - gsuite
Zero
Trust Access Application Policy Exclude Gsuite - ip
Zero
Trust Access Application Policy Exclude Ip - ip
List ZeroTrust Access Application Policy Exclude Ip List - login
Method ZeroTrust Access Application Policy Exclude Login Method - okta
Zero
Trust Access Application Policy Exclude Okta - saml
Zero
Trust Access Application Policy Exclude Saml - service
Token ZeroTrust Access Application Policy Exclude Service Token
- any_
valid_ Zeroservice_ token Trust Access Application Policy Exclude Any Valid Service Token - An empty object which matches on all service tokens.
- auth_
context ZeroTrust Access Application Policy Exclude Auth Context - auth_
method ZeroTrust Access Application Policy Exclude Auth Method - azure_
ad ZeroTrust Access Application Policy Exclude Azure Ad - certificate
Zero
Trust Access Application Policy Exclude Certificate - common_
name ZeroTrust Access Application Policy Exclude Common Name - device_
posture ZeroTrust Access Application Policy Exclude Device Posture - email
Zero
Trust Access Application Policy Exclude Email - email_
domain ZeroTrust Access Application Policy Exclude Email Domain - email_
list ZeroTrust Access Application Policy Exclude Email List - everyone
Zero
Trust Access Application Policy Exclude Everyone - An empty object which matches on all users.
- external_
evaluation ZeroTrust Access Application Policy Exclude External Evaluation - geo
Zero
Trust Access Application Policy Exclude Geo - github_
organization ZeroTrust Access Application Policy Exclude Github Organization - group
Zero
Trust Access Application Policy Exclude Group - gsuite
Zero
Trust Access Application Policy Exclude Gsuite - ip
Zero
Trust Access Application Policy Exclude Ip - ip_
list ZeroTrust Access Application Policy Exclude Ip List - login_
method ZeroTrust Access Application Policy Exclude Login Method - okta
Zero
Trust Access Application Policy Exclude Okta - saml
Zero
Trust Access Application Policy Exclude Saml - service_
token ZeroTrust Access Application Policy Exclude Service Token
- any
Valid Property MapService Token - An empty object which matches on all service tokens.
- auth
Context Property Map - auth
Method Property Map - azure
Ad Property Map - certificate Property Map
- common
Name Property Map - device
Posture Property Map - email Property Map
- email
Domain Property Map - email
List Property Map - everyone Property Map
- An empty object which matches on all users.
- external
Evaluation Property Map - geo Property Map
- github
Organization Property Map - group Property Map
- gsuite Property Map
- ip Property Map
- ip
List Property Map - login
Method Property Map - okta Property Map
- saml Property Map
- service
Token Property Map
ZeroTrustAccessApplicationPolicyExcludeAuthContext, ZeroTrustAccessApplicationPolicyExcludeAuthContextArgs
- Ac
Id string - The ACID of an Authentication context.
- Id string
- The ID of an Authentication context.
- Identity
Provider stringId - The ID of your Azure identity provider.
- Ac
Id string - The ACID of an Authentication context.
- Id string
- The ID of an Authentication context.
- Identity
Provider stringId - The ID of your Azure identity provider.
- ac
Id String - The ACID of an Authentication context.
- id String
- The ID of an Authentication context.
- identity
Provider StringId - The ID of your Azure identity provider.
- ac
Id string - The ACID of an Authentication context.
- id string
- The ID of an Authentication context.
- identity
Provider stringId - The ID of your Azure identity provider.
- ac_
id str - The ACID of an Authentication context.
- id str
- The ID of an Authentication context.
- identity_
provider_ strid - The ID of your Azure identity provider.
- ac
Id String - The ACID of an Authentication context.
- id String
- The ID of an Authentication context.
- identity
Provider StringId - The ID of your Azure identity provider.
ZeroTrustAccessApplicationPolicyExcludeAuthMethod, ZeroTrustAccessApplicationPolicyExcludeAuthMethodArgs
- Auth
Method string - The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.
- Auth
Method string - The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.
- auth
Method String - The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.
- auth
Method string - The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.
- auth_
method str - The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.
- auth
Method String - The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.
ZeroTrustAccessApplicationPolicyExcludeAzureAd, ZeroTrustAccessApplicationPolicyExcludeAzureAdArgs
- Id string
- The ID of an Azure group.
- Identity
Provider stringId - The ID of your Azure identity provider.
- Id string
- The ID of an Azure group.
- Identity
Provider stringId - The ID of your Azure identity provider.
- id String
- The ID of an Azure group.
- identity
Provider StringId - The ID of your Azure identity provider.
- id string
- The ID of an Azure group.
- identity
Provider stringId - The ID of your Azure identity provider.
- id str
- The ID of an Azure group.
- identity_
provider_ strid - The ID of your Azure identity provider.
- id String
- The ID of an Azure group.
- identity
Provider StringId - The ID of your Azure identity provider.
ZeroTrustAccessApplicationPolicyExcludeCommonName, ZeroTrustAccessApplicationPolicyExcludeCommonNameArgs
- Common
Name string - The common name to match.
- Common
Name string - The common name to match.
- common
Name String - The common name to match.
- common
Name string - The common name to match.
- common_
name str - The common name to match.
- common
Name String - The common name to match.
ZeroTrustAccessApplicationPolicyExcludeDevicePosture, ZeroTrustAccessApplicationPolicyExcludeDevicePostureArgs
- Integration
Uid string - The ID of a device posture integration.
- Integration
Uid string - The ID of a device posture integration.
- integration
Uid String - The ID of a device posture integration.
- integration
Uid string - The ID of a device posture integration.
- integration_
uid str - The ID of a device posture integration.
- integration
Uid String - The ID of a device posture integration.
ZeroTrustAccessApplicationPolicyExcludeEmail, ZeroTrustAccessApplicationPolicyExcludeEmailArgs
- Email string
- The email of the user.
- Email string
- The email of the user.
- email String
- The email of the user.
- email string
- The email of the user.
- email str
- The email of the user.
- email String
- The email of the user.
ZeroTrustAccessApplicationPolicyExcludeEmailDomain, ZeroTrustAccessApplicationPolicyExcludeEmailDomainArgs
- Domain string
- The email domain to match.
- Domain string
- The email domain to match.
- domain String
- The email domain to match.
- domain string
- The email domain to match.
- domain str
- The email domain to match.
- domain String
- The email domain to match.
ZeroTrustAccessApplicationPolicyExcludeEmailList, ZeroTrustAccessApplicationPolicyExcludeEmailListArgs
- Id string
- The ID of a previously created email list.
- Id string
- The ID of a previously created email list.
- id String
- The ID of a previously created email list.
- id string
- The ID of a previously created email list.
- id str
- The ID of a previously created email list.
- id String
- The ID of a previously created email list.
ZeroTrustAccessApplicationPolicyExcludeExternalEvaluation, ZeroTrustAccessApplicationPolicyExcludeExternalEvaluationArgs
- Evaluate
Url string - The API endpoint containing your business logic.
- Keys
Url string - The API endpoint containing the key that Access uses to verify that the response came from your API.
- Evaluate
Url string - The API endpoint containing your business logic.
- Keys
Url string - The API endpoint containing the key that Access uses to verify that the response came from your API.
- evaluate
Url String - The API endpoint containing your business logic.
- keys
Url String - The API endpoint containing the key that Access uses to verify that the response came from your API.
- evaluate
Url string - The API endpoint containing your business logic.
- keys
Url string - The API endpoint containing the key that Access uses to verify that the response came from your API.
- evaluate_
url str - The API endpoint containing your business logic.
- keys_
url str - The API endpoint containing the key that Access uses to verify that the response came from your API.
- evaluate
Url String - The API endpoint containing your business logic.
- keys
Url String - The API endpoint containing the key that Access uses to verify that the response came from your API.
ZeroTrustAccessApplicationPolicyExcludeGeo, ZeroTrustAccessApplicationPolicyExcludeGeoArgs
- Country
Code string - The country code that should be matched.
- Country
Code string - The country code that should be matched.
- country
Code String - The country code that should be matched.
- country
Code string - The country code that should be matched.
- country_
code str - The country code that should be matched.
- country
Code String - The country code that should be matched.
ZeroTrustAccessApplicationPolicyExcludeGithubOrganization, ZeroTrustAccessApplicationPolicyExcludeGithubOrganizationArgs
- Identity
Provider stringId - The ID of your Github identity provider.
- Name string
- The name of the organization.
- Team string
- The name of the team
- Identity
Provider stringId - The ID of your Github identity provider.
- Name string
- The name of the organization.
- Team string
- The name of the team
- identity
Provider StringId - The ID of your Github identity provider.
- name String
- The name of the organization.
- team String
- The name of the team
- identity
Provider stringId - The ID of your Github identity provider.
- name string
- The name of the organization.
- team string
- The name of the team
- identity_
provider_ strid - The ID of your Github identity provider.
- name str
- The name of the organization.
- team str
- The name of the team
- identity
Provider StringId - The ID of your Github identity provider.
- name String
- The name of the organization.
- team String
- The name of the team
ZeroTrustAccessApplicationPolicyExcludeGroup, ZeroTrustAccessApplicationPolicyExcludeGroupArgs
- Id string
- The ID of a previously created Access group.
- Id string
- The ID of a previously created Access group.
- id String
- The ID of a previously created Access group.
- id string
- The ID of a previously created Access group.
- id str
- The ID of a previously created Access group.
- id String
- The ID of a previously created Access group.
ZeroTrustAccessApplicationPolicyExcludeGsuite, ZeroTrustAccessApplicationPolicyExcludeGsuiteArgs
- Email string
- The email of the Google Workspace group.
- Identity
Provider stringId - The ID of your Google Workspace identity provider.
- Email string
- The email of the Google Workspace group.
- Identity
Provider stringId - The ID of your Google Workspace identity provider.
- email String
- The email of the Google Workspace group.
- identity
Provider StringId - The ID of your Google Workspace identity provider.
- email string
- The email of the Google Workspace group.
- identity
Provider stringId - The ID of your Google Workspace identity provider.
- email str
- The email of the Google Workspace group.
- identity_
provider_ strid - The ID of your Google Workspace identity provider.
- email String
- The email of the Google Workspace group.
- identity
Provider StringId - The ID of your Google Workspace identity provider.
ZeroTrustAccessApplicationPolicyExcludeIp, ZeroTrustAccessApplicationPolicyExcludeIpArgs
- Ip string
- An IPv4 or IPv6 CIDR block.
- Ip string
- An IPv4 or IPv6 CIDR block.
- ip String
- An IPv4 or IPv6 CIDR block.
- ip string
- An IPv4 or IPv6 CIDR block.
- ip str
- An IPv4 or IPv6 CIDR block.
- ip String
- An IPv4 or IPv6 CIDR block.
ZeroTrustAccessApplicationPolicyExcludeIpList, ZeroTrustAccessApplicationPolicyExcludeIpListArgs
- Id string
- The ID of a previously created IP list.
- Id string
- The ID of a previously created IP list.
- id String
- The ID of a previously created IP list.
- id string
- The ID of a previously created IP list.
- id str
- The ID of a previously created IP list.
- id String
- The ID of a previously created IP list.
ZeroTrustAccessApplicationPolicyExcludeLoginMethod, ZeroTrustAccessApplicationPolicyExcludeLoginMethodArgs
- Id string
- The ID of an identity provider.
- Id string
- The ID of an identity provider.
- id String
- The ID of an identity provider.
- id string
- The ID of an identity provider.
- id str
- The ID of an identity provider.
- id String
- The ID of an identity provider.
ZeroTrustAccessApplicationPolicyExcludeOkta, ZeroTrustAccessApplicationPolicyExcludeOktaArgs
- Identity
Provider stringId - The ID of your Okta identity provider.
- Name string
- The name of the Okta group.
- Identity
Provider stringId - The ID of your Okta identity provider.
- Name string
- The name of the Okta group.
- identity
Provider StringId - The ID of your Okta identity provider.
- name String
- The name of the Okta group.
- identity
Provider stringId - The ID of your Okta identity provider.
- name string
- The name of the Okta group.
- identity_
provider_ strid - The ID of your Okta identity provider.
- name str
- The name of the Okta group.
- identity
Provider StringId - The ID of your Okta identity provider.
- name String
- The name of the Okta group.
ZeroTrustAccessApplicationPolicyExcludeSaml, ZeroTrustAccessApplicationPolicyExcludeSamlArgs
- Attribute
Name string - The name of the SAML attribute.
- Attribute
Value string - The SAML attribute value to look for.
- Identity
Provider stringId - The ID of your SAML identity provider.
- Attribute
Name string - The name of the SAML attribute.
- Attribute
Value string - The SAML attribute value to look for.
- Identity
Provider stringId - The ID of your SAML identity provider.
- attribute
Name String - The name of the SAML attribute.
- attribute
Value String - The SAML attribute value to look for.
- identity
Provider StringId - The ID of your SAML identity provider.
- attribute
Name string - The name of the SAML attribute.
- attribute
Value string - The SAML attribute value to look for.
- identity
Provider stringId - The ID of your SAML identity provider.
- attribute_
name str - The name of the SAML attribute.
- attribute_
value str - The SAML attribute value to look for.
- identity_
provider_ strid - The ID of your SAML identity provider.
- attribute
Name String - The name of the SAML attribute.
- attribute
Value String - The SAML attribute value to look for.
- identity
Provider StringId - The ID of your SAML identity provider.
ZeroTrustAccessApplicationPolicyExcludeServiceToken, ZeroTrustAccessApplicationPolicyExcludeServiceTokenArgs
- Token
Id string - The ID of a Service Token.
- Token
Id string - The ID of a Service Token.
- token
Id String - The ID of a Service Token.
- token
Id string - The ID of a Service Token.
- token_
id str - The ID of a Service Token.
- token
Id String - The ID of a Service Token.
ZeroTrustAccessApplicationPolicyInclude, ZeroTrustAccessApplicationPolicyIncludeArgs
- Any
Valid ZeroService Token Trust Access Application Policy Include Any Valid Service Token - An empty object which matches on all service tokens.
- Auth
Context ZeroTrust Access Application Policy Include Auth Context - Auth
Method ZeroTrust Access Application Policy Include Auth Method - Azure
Ad ZeroTrust Access Application Policy Include Azure Ad - Certificate
Zero
Trust Access Application Policy Include Certificate - Common
Name ZeroTrust Access Application Policy Include Common Name - Device
Posture ZeroTrust Access Application Policy Include Device Posture - Email
Zero
Trust Access Application Policy Include Email - Email
Domain ZeroTrust Access Application Policy Include Email Domain - Email
List ZeroTrust Access Application Policy Include Email List - Everyone
Zero
Trust Access Application Policy Include Everyone - An empty object which matches on all users.
- External
Evaluation ZeroTrust Access Application Policy Include External Evaluation - Geo
Zero
Trust Access Application Policy Include Geo - Github
Organization ZeroTrust Access Application Policy Include Github Organization - Group
Zero
Trust Access Application Policy Include Group - Gsuite
Zero
Trust Access Application Policy Include Gsuite - Ip
Zero
Trust Access Application Policy Include Ip - Ip
List ZeroTrust Access Application Policy Include Ip List - Login
Method ZeroTrust Access Application Policy Include Login Method - Okta
Zero
Trust Access Application Policy Include Okta - Saml
Zero
Trust Access Application Policy Include Saml - Service
Token ZeroTrust Access Application Policy Include Service Token
- Any
Valid ZeroService Token Trust Access Application Policy Include Any Valid Service Token - An empty object which matches on all service tokens.
- Auth
Context ZeroTrust Access Application Policy Include Auth Context - Auth
Method ZeroTrust Access Application Policy Include Auth Method - Azure
Ad ZeroTrust Access Application Policy Include Azure Ad - Certificate
Zero
Trust Access Application Policy Include Certificate - Common
Name ZeroTrust Access Application Policy Include Common Name - Device
Posture ZeroTrust Access Application Policy Include Device Posture - Email
Zero
Trust Access Application Policy Include Email - Email
Domain ZeroTrust Access Application Policy Include Email Domain - Email
List ZeroTrust Access Application Policy Include Email List - Everyone
Zero
Trust Access Application Policy Include Everyone - An empty object which matches on all users.
- External
Evaluation ZeroTrust Access Application Policy Include External Evaluation - Geo
Zero
Trust Access Application Policy Include Geo - Github
Organization ZeroTrust Access Application Policy Include Github Organization - Group
Zero
Trust Access Application Policy Include Group - Gsuite
Zero
Trust Access Application Policy Include Gsuite - Ip
Zero
Trust Access Application Policy Include Ip - Ip
List ZeroTrust Access Application Policy Include Ip List - Login
Method ZeroTrust Access Application Policy Include Login Method - Okta
Zero
Trust Access Application Policy Include Okta - Saml
Zero
Trust Access Application Policy Include Saml - Service
Token ZeroTrust Access Application Policy Include Service Token
- any
Valid ZeroService Token Trust Access Application Policy Include Any Valid Service Token - An empty object which matches on all service tokens.
- auth
Context ZeroTrust Access Application Policy Include Auth Context - auth
Method ZeroTrust Access Application Policy Include Auth Method - azure
Ad ZeroTrust Access Application Policy Include Azure Ad - certificate
Zero
Trust Access Application Policy Include Certificate - common
Name ZeroTrust Access Application Policy Include Common Name - device
Posture ZeroTrust Access Application Policy Include Device Posture - email
Zero
Trust Access Application Policy Include Email - email
Domain ZeroTrust Access Application Policy Include Email Domain - email
List ZeroTrust Access Application Policy Include Email List - everyone
Zero
Trust Access Application Policy Include Everyone - An empty object which matches on all users.
- external
Evaluation ZeroTrust Access Application Policy Include External Evaluation - geo
Zero
Trust Access Application Policy Include Geo - github
Organization ZeroTrust Access Application Policy Include Github Organization - group
Zero
Trust Access Application Policy Include Group - gsuite
Zero
Trust Access Application Policy Include Gsuite - ip
Zero
Trust Access Application Policy Include Ip - ip
List ZeroTrust Access Application Policy Include Ip List - login
Method ZeroTrust Access Application Policy Include Login Method - okta
Zero
Trust Access Application Policy Include Okta - saml
Zero
Trust Access Application Policy Include Saml - service
Token ZeroTrust Access Application Policy Include Service Token
- any
Valid ZeroService Token Trust Access Application Policy Include Any Valid Service Token - An empty object which matches on all service tokens.
- auth
Context ZeroTrust Access Application Policy Include Auth Context - auth
Method ZeroTrust Access Application Policy Include Auth Method - azure
Ad ZeroTrust Access Application Policy Include Azure Ad - certificate
Zero
Trust Access Application Policy Include Certificate - common
Name ZeroTrust Access Application Policy Include Common Name - device
Posture ZeroTrust Access Application Policy Include Device Posture - email
Zero
Trust Access Application Policy Include Email - email
Domain ZeroTrust Access Application Policy Include Email Domain - email
List ZeroTrust Access Application Policy Include Email List - everyone
Zero
Trust Access Application Policy Include Everyone - An empty object which matches on all users.
- external
Evaluation ZeroTrust Access Application Policy Include External Evaluation - geo
Zero
Trust Access Application Policy Include Geo - github
Organization ZeroTrust Access Application Policy Include Github Organization - group
Zero
Trust Access Application Policy Include Group - gsuite
Zero
Trust Access Application Policy Include Gsuite - ip
Zero
Trust Access Application Policy Include Ip - ip
List ZeroTrust Access Application Policy Include Ip List - login
Method ZeroTrust Access Application Policy Include Login Method - okta
Zero
Trust Access Application Policy Include Okta - saml
Zero
Trust Access Application Policy Include Saml - service
Token ZeroTrust Access Application Policy Include Service Token
- any_
valid_ Zeroservice_ token Trust Access Application Policy Include Any Valid Service Token - An empty object which matches on all service tokens.
- auth_
context ZeroTrust Access Application Policy Include Auth Context - auth_
method ZeroTrust Access Application Policy Include Auth Method - azure_
ad ZeroTrust Access Application Policy Include Azure Ad - certificate
Zero
Trust Access Application Policy Include Certificate - common_
name ZeroTrust Access Application Policy Include Common Name - device_
posture ZeroTrust Access Application Policy Include Device Posture - email
Zero
Trust Access Application Policy Include Email - email_
domain ZeroTrust Access Application Policy Include Email Domain - email_
list ZeroTrust Access Application Policy Include Email List - everyone
Zero
Trust Access Application Policy Include Everyone - An empty object which matches on all users.
- external_
evaluation ZeroTrust Access Application Policy Include External Evaluation - geo
Zero
Trust Access Application Policy Include Geo - github_
organization ZeroTrust Access Application Policy Include Github Organization - group
Zero
Trust Access Application Policy Include Group - gsuite
Zero
Trust Access Application Policy Include Gsuite - ip
Zero
Trust Access Application Policy Include Ip - ip_
list ZeroTrust Access Application Policy Include Ip List - login_
method ZeroTrust Access Application Policy Include Login Method - okta
Zero
Trust Access Application Policy Include Okta - saml
Zero
Trust Access Application Policy Include Saml - service_
token ZeroTrust Access Application Policy Include Service Token
- any
Valid Property MapService Token - An empty object which matches on all service tokens.
- auth
Context Property Map - auth
Method Property Map - azure
Ad Property Map - certificate Property Map
- common
Name Property Map - device
Posture Property Map - email Property Map
- email
Domain Property Map - email
List Property Map - everyone Property Map
- An empty object which matches on all users.
- external
Evaluation Property Map - geo Property Map
- github
Organization Property Map - group Property Map
- gsuite Property Map
- ip Property Map
- ip
List Property Map - login
Method Property Map - okta Property Map
- saml Property Map
- service
Token Property Map
ZeroTrustAccessApplicationPolicyIncludeAuthContext, ZeroTrustAccessApplicationPolicyIncludeAuthContextArgs
- Ac
Id string - The ACID of an Authentication context.
- Id string
- The ID of an Authentication context.
- Identity
Provider stringId - The ID of your Azure identity provider.
- Ac
Id string - The ACID of an Authentication context.
- Id string
- The ID of an Authentication context.
- Identity
Provider stringId - The ID of your Azure identity provider.
- ac
Id String - The ACID of an Authentication context.
- id String
- The ID of an Authentication context.
- identity
Provider StringId - The ID of your Azure identity provider.
- ac
Id string - The ACID of an Authentication context.
- id string
- The ID of an Authentication context.
- identity
Provider stringId - The ID of your Azure identity provider.
- ac_
id str - The ACID of an Authentication context.
- id str
- The ID of an Authentication context.
- identity_
provider_ strid - The ID of your Azure identity provider.
- ac
Id String - The ACID of an Authentication context.
- id String
- The ID of an Authentication context.
- identity
Provider StringId - The ID of your Azure identity provider.
ZeroTrustAccessApplicationPolicyIncludeAuthMethod, ZeroTrustAccessApplicationPolicyIncludeAuthMethodArgs
- Auth
Method string - The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.
- Auth
Method string - The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.
- auth
Method String - The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.
- auth
Method string - The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.
- auth_
method str - The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.
- auth
Method String - The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.
ZeroTrustAccessApplicationPolicyIncludeAzureAd, ZeroTrustAccessApplicationPolicyIncludeAzureAdArgs
- Id string
- The ID of an Azure group.
- Identity
Provider stringId - The ID of your Azure identity provider.
- Id string
- The ID of an Azure group.
- Identity
Provider stringId - The ID of your Azure identity provider.
- id String
- The ID of an Azure group.
- identity
Provider StringId - The ID of your Azure identity provider.
- id string
- The ID of an Azure group.
- identity
Provider stringId - The ID of your Azure identity provider.
- id str
- The ID of an Azure group.
- identity_
provider_ strid - The ID of your Azure identity provider.
- id String
- The ID of an Azure group.
- identity
Provider StringId - The ID of your Azure identity provider.
ZeroTrustAccessApplicationPolicyIncludeCommonName, ZeroTrustAccessApplicationPolicyIncludeCommonNameArgs
- Common
Name string - The common name to match.
- Common
Name string - The common name to match.
- common
Name String - The common name to match.
- common
Name string - The common name to match.
- common_
name str - The common name to match.
- common
Name String - The common name to match.
ZeroTrustAccessApplicationPolicyIncludeDevicePosture, ZeroTrustAccessApplicationPolicyIncludeDevicePostureArgs
- Integration
Uid string - The ID of a device posture integration.
- Integration
Uid string - The ID of a device posture integration.
- integration
Uid String - The ID of a device posture integration.
- integration
Uid string - The ID of a device posture integration.
- integration_
uid str - The ID of a device posture integration.
- integration
Uid String - The ID of a device posture integration.
ZeroTrustAccessApplicationPolicyIncludeEmail, ZeroTrustAccessApplicationPolicyIncludeEmailArgs
- Email string
- The email of the user.
- Email string
- The email of the user.
- email String
- The email of the user.
- email string
- The email of the user.
- email str
- The email of the user.
- email String
- The email of the user.
ZeroTrustAccessApplicationPolicyIncludeEmailDomain, ZeroTrustAccessApplicationPolicyIncludeEmailDomainArgs
- Domain string
- The email domain to match.
- Domain string
- The email domain to match.
- domain String
- The email domain to match.
- domain string
- The email domain to match.
- domain str
- The email domain to match.
- domain String
- The email domain to match.
ZeroTrustAccessApplicationPolicyIncludeEmailList, ZeroTrustAccessApplicationPolicyIncludeEmailListArgs
- Id string
- The ID of a previously created email list.
- Id string
- The ID of a previously created email list.
- id String
- The ID of a previously created email list.
- id string
- The ID of a previously created email list.
- id str
- The ID of a previously created email list.
- id String
- The ID of a previously created email list.
ZeroTrustAccessApplicationPolicyIncludeExternalEvaluation, ZeroTrustAccessApplicationPolicyIncludeExternalEvaluationArgs
- Evaluate
Url string - The API endpoint containing your business logic.
- Keys
Url string - The API endpoint containing the key that Access uses to verify that the response came from your API.
- Evaluate
Url string - The API endpoint containing your business logic.
- Keys
Url string - The API endpoint containing the key that Access uses to verify that the response came from your API.
- evaluate
Url String - The API endpoint containing your business logic.
- keys
Url String - The API endpoint containing the key that Access uses to verify that the response came from your API.
- evaluate
Url string - The API endpoint containing your business logic.
- keys
Url string - The API endpoint containing the key that Access uses to verify that the response came from your API.
- evaluate_
url str - The API endpoint containing your business logic.
- keys_
url str - The API endpoint containing the key that Access uses to verify that the response came from your API.
- evaluate
Url String - The API endpoint containing your business logic.
- keys
Url String - The API endpoint containing the key that Access uses to verify that the response came from your API.
ZeroTrustAccessApplicationPolicyIncludeGeo, ZeroTrustAccessApplicationPolicyIncludeGeoArgs
- Country
Code string - The country code that should be matched.
- Country
Code string - The country code that should be matched.
- country
Code String - The country code that should be matched.
- country
Code string - The country code that should be matched.
- country_
code str - The country code that should be matched.
- country
Code String - The country code that should be matched.
ZeroTrustAccessApplicationPolicyIncludeGithubOrganization, ZeroTrustAccessApplicationPolicyIncludeGithubOrganizationArgs
- Identity
Provider stringId - The ID of your Github identity provider.
- Name string
- The name of the organization.
- Team string
- The name of the team
- Identity
Provider stringId - The ID of your Github identity provider.
- Name string
- The name of the organization.
- Team string
- The name of the team
- identity
Provider StringId - The ID of your Github identity provider.
- name String
- The name of the organization.
- team String
- The name of the team
- identity
Provider stringId - The ID of your Github identity provider.
- name string
- The name of the organization.
- team string
- The name of the team
- identity_
provider_ strid - The ID of your Github identity provider.
- name str
- The name of the organization.
- team str
- The name of the team
- identity
Provider StringId - The ID of your Github identity provider.
- name String
- The name of the organization.
- team String
- The name of the team
ZeroTrustAccessApplicationPolicyIncludeGroup, ZeroTrustAccessApplicationPolicyIncludeGroupArgs
- Id string
- The ID of a previously created Access group.
- Id string
- The ID of a previously created Access group.
- id String
- The ID of a previously created Access group.
- id string
- The ID of a previously created Access group.
- id str
- The ID of a previously created Access group.
- id String
- The ID of a previously created Access group.
ZeroTrustAccessApplicationPolicyIncludeGsuite, ZeroTrustAccessApplicationPolicyIncludeGsuiteArgs
- Email string
- The email of the Google Workspace group.
- Identity
Provider stringId - The ID of your Google Workspace identity provider.
- Email string
- The email of the Google Workspace group.
- Identity
Provider stringId - The ID of your Google Workspace identity provider.
- email String
- The email of the Google Workspace group.
- identity
Provider StringId - The ID of your Google Workspace identity provider.
- email string
- The email of the Google Workspace group.
- identity
Provider stringId - The ID of your Google Workspace identity provider.
- email str
- The email of the Google Workspace group.
- identity_
provider_ strid - The ID of your Google Workspace identity provider.
- email String
- The email of the Google Workspace group.
- identity
Provider StringId - The ID of your Google Workspace identity provider.
ZeroTrustAccessApplicationPolicyIncludeIp, ZeroTrustAccessApplicationPolicyIncludeIpArgs
- Ip string
- An IPv4 or IPv6 CIDR block.
- Ip string
- An IPv4 or IPv6 CIDR block.
- ip String
- An IPv4 or IPv6 CIDR block.
- ip string
- An IPv4 or IPv6 CIDR block.
- ip str
- An IPv4 or IPv6 CIDR block.
- ip String
- An IPv4 or IPv6 CIDR block.
ZeroTrustAccessApplicationPolicyIncludeIpList, ZeroTrustAccessApplicationPolicyIncludeIpListArgs
- Id string
- The ID of a previously created IP list.
- Id string
- The ID of a previously created IP list.
- id String
- The ID of a previously created IP list.
- id string
- The ID of a previously created IP list.
- id str
- The ID of a previously created IP list.
- id String
- The ID of a previously created IP list.
ZeroTrustAccessApplicationPolicyIncludeLoginMethod, ZeroTrustAccessApplicationPolicyIncludeLoginMethodArgs
- Id string
- The ID of an identity provider.
- Id string
- The ID of an identity provider.
- id String
- The ID of an identity provider.
- id string
- The ID of an identity provider.
- id str
- The ID of an identity provider.
- id String
- The ID of an identity provider.
ZeroTrustAccessApplicationPolicyIncludeOkta, ZeroTrustAccessApplicationPolicyIncludeOktaArgs
- Identity
Provider stringId - The ID of your Okta identity provider.
- Name string
- The name of the Okta group.
- Identity
Provider stringId - The ID of your Okta identity provider.
- Name string
- The name of the Okta group.
- identity
Provider StringId - The ID of your Okta identity provider.
- name String
- The name of the Okta group.
- identity
Provider stringId - The ID of your Okta identity provider.
- name string
- The name of the Okta group.
- identity_
provider_ strid - The ID of your Okta identity provider.
- name str
- The name of the Okta group.
- identity
Provider StringId - The ID of your Okta identity provider.
- name String
- The name of the Okta group.
ZeroTrustAccessApplicationPolicyIncludeSaml, ZeroTrustAccessApplicationPolicyIncludeSamlArgs
- Attribute
Name string - The name of the SAML attribute.
- Attribute
Value string - The SAML attribute value to look for.
- Identity
Provider stringId - The ID of your SAML identity provider.
- Attribute
Name string - The name of the SAML attribute.
- Attribute
Value string - The SAML attribute value to look for.
- Identity
Provider stringId - The ID of your SAML identity provider.
- attribute
Name String - The name of the SAML attribute.
- attribute
Value String - The SAML attribute value to look for.
- identity
Provider StringId - The ID of your SAML identity provider.
- attribute
Name string - The name of the SAML attribute.
- attribute
Value string - The SAML attribute value to look for.
- identity
Provider stringId - The ID of your SAML identity provider.
- attribute_
name str - The name of the SAML attribute.
- attribute_
value str - The SAML attribute value to look for.
- identity_
provider_ strid - The ID of your SAML identity provider.
- attribute
Name String - The name of the SAML attribute.
- attribute
Value String - The SAML attribute value to look for.
- identity
Provider StringId - The ID of your SAML identity provider.
ZeroTrustAccessApplicationPolicyIncludeServiceToken, ZeroTrustAccessApplicationPolicyIncludeServiceTokenArgs
- Token
Id string - The ID of a Service Token.
- Token
Id string - The ID of a Service Token.
- token
Id String - The ID of a Service Token.
- token
Id string - The ID of a Service Token.
- token_
id str - The ID of a Service Token.
- token
Id String - The ID of a Service Token.
ZeroTrustAccessApplicationPolicyRequire, ZeroTrustAccessApplicationPolicyRequireArgs
- Any
Valid ZeroService Token Trust Access Application Policy Require Any Valid Service Token - An empty object which matches on all service tokens.
- Auth
Context ZeroTrust Access Application Policy Require Auth Context - Auth
Method ZeroTrust Access Application Policy Require Auth Method - Azure
Ad ZeroTrust Access Application Policy Require Azure Ad - Certificate
Zero
Trust Access Application Policy Require Certificate - Common
Name ZeroTrust Access Application Policy Require Common Name - Device
Posture ZeroTrust Access Application Policy Require Device Posture - Email
Zero
Trust Access Application Policy Require Email - Email
Domain ZeroTrust Access Application Policy Require Email Domain - Email
List ZeroTrust Access Application Policy Require Email List - Everyone
Zero
Trust Access Application Policy Require Everyone - An empty object which matches on all users.
- External
Evaluation ZeroTrust Access Application Policy Require External Evaluation - Geo
Zero
Trust Access Application Policy Require Geo - Github
Organization ZeroTrust Access Application Policy Require Github Organization - Group
Zero
Trust Access Application Policy Require Group - Gsuite
Zero
Trust Access Application Policy Require Gsuite - Ip
Zero
Trust Access Application Policy Require Ip - Ip
List ZeroTrust Access Application Policy Require Ip List - Login
Method ZeroTrust Access Application Policy Require Login Method - Okta
Zero
Trust Access Application Policy Require Okta - Saml
Zero
Trust Access Application Policy Require Saml - Service
Token ZeroTrust Access Application Policy Require Service Token
- Any
Valid ZeroService Token Trust Access Application Policy Require Any Valid Service Token - An empty object which matches on all service tokens.
- Auth
Context ZeroTrust Access Application Policy Require Auth Context - Auth
Method ZeroTrust Access Application Policy Require Auth Method - Azure
Ad ZeroTrust Access Application Policy Require Azure Ad - Certificate
Zero
Trust Access Application Policy Require Certificate - Common
Name ZeroTrust Access Application Policy Require Common Name - Device
Posture ZeroTrust Access Application Policy Require Device Posture - Email
Zero
Trust Access Application Policy Require Email - Email
Domain ZeroTrust Access Application Policy Require Email Domain - Email
List ZeroTrust Access Application Policy Require Email List - Everyone
Zero
Trust Access Application Policy Require Everyone - An empty object which matches on all users.
- External
Evaluation ZeroTrust Access Application Policy Require External Evaluation - Geo
Zero
Trust Access Application Policy Require Geo - Github
Organization ZeroTrust Access Application Policy Require Github Organization - Group
Zero
Trust Access Application Policy Require Group - Gsuite
Zero
Trust Access Application Policy Require Gsuite - Ip
Zero
Trust Access Application Policy Require Ip - Ip
List ZeroTrust Access Application Policy Require Ip List - Login
Method ZeroTrust Access Application Policy Require Login Method - Okta
Zero
Trust Access Application Policy Require Okta - Saml
Zero
Trust Access Application Policy Require Saml - Service
Token ZeroTrust Access Application Policy Require Service Token
- any
Valid ZeroService Token Trust Access Application Policy Require Any Valid Service Token - An empty object which matches on all service tokens.
- auth
Context ZeroTrust Access Application Policy Require Auth Context - auth
Method ZeroTrust Access Application Policy Require Auth Method - azure
Ad ZeroTrust Access Application Policy Require Azure Ad - certificate
Zero
Trust Access Application Policy Require Certificate - common
Name ZeroTrust Access Application Policy Require Common Name - device
Posture ZeroTrust Access Application Policy Require Device Posture - email
Zero
Trust Access Application Policy Require Email - email
Domain ZeroTrust Access Application Policy Require Email Domain - email
List ZeroTrust Access Application Policy Require Email List - everyone
Zero
Trust Access Application Policy Require Everyone - An empty object which matches on all users.
- external
Evaluation ZeroTrust Access Application Policy Require External Evaluation - geo
Zero
Trust Access Application Policy Require Geo - github
Organization ZeroTrust Access Application Policy Require Github Organization - group
Zero
Trust Access Application Policy Require Group - gsuite
Zero
Trust Access Application Policy Require Gsuite - ip
Zero
Trust Access Application Policy Require Ip - ip
List ZeroTrust Access Application Policy Require Ip List - login
Method ZeroTrust Access Application Policy Require Login Method - okta
Zero
Trust Access Application Policy Require Okta - saml
Zero
Trust Access Application Policy Require Saml - service
Token ZeroTrust Access Application Policy Require Service Token
- any
Valid ZeroService Token Trust Access Application Policy Require Any Valid Service Token - An empty object which matches on all service tokens.
- auth
Context ZeroTrust Access Application Policy Require Auth Context - auth
Method ZeroTrust Access Application Policy Require Auth Method - azure
Ad ZeroTrust Access Application Policy Require Azure Ad - certificate
Zero
Trust Access Application Policy Require Certificate - common
Name ZeroTrust Access Application Policy Require Common Name - device
Posture ZeroTrust Access Application Policy Require Device Posture - email
Zero
Trust Access Application Policy Require Email - email
Domain ZeroTrust Access Application Policy Require Email Domain - email
List ZeroTrust Access Application Policy Require Email List - everyone
Zero
Trust Access Application Policy Require Everyone - An empty object which matches on all users.
- external
Evaluation ZeroTrust Access Application Policy Require External Evaluation - geo
Zero
Trust Access Application Policy Require Geo - github
Organization ZeroTrust Access Application Policy Require Github Organization - group
Zero
Trust Access Application Policy Require Group - gsuite
Zero
Trust Access Application Policy Require Gsuite - ip
Zero
Trust Access Application Policy Require Ip - ip
List ZeroTrust Access Application Policy Require Ip List - login
Method ZeroTrust Access Application Policy Require Login Method - okta
Zero
Trust Access Application Policy Require Okta - saml
Zero
Trust Access Application Policy Require Saml - service
Token ZeroTrust Access Application Policy Require Service Token
- any_
valid_ Zeroservice_ token Trust Access Application Policy Require Any Valid Service Token - An empty object which matches on all service tokens.
- auth_
context ZeroTrust Access Application Policy Require Auth Context - auth_
method ZeroTrust Access Application Policy Require Auth Method - azure_
ad ZeroTrust Access Application Policy Require Azure Ad - certificate
Zero
Trust Access Application Policy Require Certificate - common_
name ZeroTrust Access Application Policy Require Common Name - device_
posture ZeroTrust Access Application Policy Require Device Posture - email
Zero
Trust Access Application Policy Require Email - email_
domain ZeroTrust Access Application Policy Require Email Domain - email_
list ZeroTrust Access Application Policy Require Email List - everyone
Zero
Trust Access Application Policy Require Everyone - An empty object which matches on all users.
- external_
evaluation ZeroTrust Access Application Policy Require External Evaluation - geo
Zero
Trust Access Application Policy Require Geo - github_
organization ZeroTrust Access Application Policy Require Github Organization - group
Zero
Trust Access Application Policy Require Group - gsuite
Zero
Trust Access Application Policy Require Gsuite - ip
Zero
Trust Access Application Policy Require Ip - ip_
list ZeroTrust Access Application Policy Require Ip List - login_
method ZeroTrust Access Application Policy Require Login Method - okta
Zero
Trust Access Application Policy Require Okta - saml
Zero
Trust Access Application Policy Require Saml - service_
token ZeroTrust Access Application Policy Require Service Token
- any
Valid Property MapService Token - An empty object which matches on all service tokens.
- auth
Context Property Map - auth
Method Property Map - azure
Ad Property Map - certificate Property Map
- common
Name Property Map - device
Posture Property Map - email Property Map
- email
Domain Property Map - email
List Property Map - everyone Property Map
- An empty object which matches on all users.
- external
Evaluation Property Map - geo Property Map
- github
Organization Property Map - group Property Map
- gsuite Property Map
- ip Property Map
- ip
List Property Map - login
Method Property Map - okta Property Map
- saml Property Map
- service
Token Property Map
ZeroTrustAccessApplicationPolicyRequireAuthContext, ZeroTrustAccessApplicationPolicyRequireAuthContextArgs
- Ac
Id string - The ACID of an Authentication context.
- Id string
- The ID of an Authentication context.
- Identity
Provider stringId - The ID of your Azure identity provider.
- Ac
Id string - The ACID of an Authentication context.
- Id string
- The ID of an Authentication context.
- Identity
Provider stringId - The ID of your Azure identity provider.
- ac
Id String - The ACID of an Authentication context.
- id String
- The ID of an Authentication context.
- identity
Provider StringId - The ID of your Azure identity provider.
- ac
Id string - The ACID of an Authentication context.
- id string
- The ID of an Authentication context.
- identity
Provider stringId - The ID of your Azure identity provider.
- ac_
id str - The ACID of an Authentication context.
- id str
- The ID of an Authentication context.
- identity_
provider_ strid - The ID of your Azure identity provider.
- ac
Id String - The ACID of an Authentication context.
- id String
- The ID of an Authentication context.
- identity
Provider StringId - The ID of your Azure identity provider.
ZeroTrustAccessApplicationPolicyRequireAuthMethod, ZeroTrustAccessApplicationPolicyRequireAuthMethodArgs
- Auth
Method string - The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.
- Auth
Method string - The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.
- auth
Method String - The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.
- auth
Method string - The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.
- auth_
method str - The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.
- auth
Method String - The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.
ZeroTrustAccessApplicationPolicyRequireAzureAd, ZeroTrustAccessApplicationPolicyRequireAzureAdArgs
- Id string
- The ID of an Azure group.
- Identity
Provider stringId - The ID of your Azure identity provider.
- Id string
- The ID of an Azure group.
- Identity
Provider stringId - The ID of your Azure identity provider.
- id String
- The ID of an Azure group.
- identity
Provider StringId - The ID of your Azure identity provider.
- id string
- The ID of an Azure group.
- identity
Provider stringId - The ID of your Azure identity provider.
- id str
- The ID of an Azure group.
- identity_
provider_ strid - The ID of your Azure identity provider.
- id String
- The ID of an Azure group.
- identity
Provider StringId - The ID of your Azure identity provider.
ZeroTrustAccessApplicationPolicyRequireCommonName, ZeroTrustAccessApplicationPolicyRequireCommonNameArgs
- Common
Name string - The common name to match.
- Common
Name string - The common name to match.
- common
Name String - The common name to match.
- common
Name string - The common name to match.
- common_
name str - The common name to match.
- common
Name String - The common name to match.
ZeroTrustAccessApplicationPolicyRequireDevicePosture, ZeroTrustAccessApplicationPolicyRequireDevicePostureArgs
- Integration
Uid string - The ID of a device posture integration.
- Integration
Uid string - The ID of a device posture integration.
- integration
Uid String - The ID of a device posture integration.
- integration
Uid string - The ID of a device posture integration.
- integration_
uid str - The ID of a device posture integration.
- integration
Uid String - The ID of a device posture integration.
ZeroTrustAccessApplicationPolicyRequireEmail, ZeroTrustAccessApplicationPolicyRequireEmailArgs
- Email string
- The email of the user.
- Email string
- The email of the user.
- email String
- The email of the user.
- email string
- The email of the user.
- email str
- The email of the user.
- email String
- The email of the user.
ZeroTrustAccessApplicationPolicyRequireEmailDomain, ZeroTrustAccessApplicationPolicyRequireEmailDomainArgs
- Domain string
- The email domain to match.
- Domain string
- The email domain to match.
- domain String
- The email domain to match.
- domain string
- The email domain to match.
- domain str
- The email domain to match.
- domain String
- The email domain to match.
ZeroTrustAccessApplicationPolicyRequireEmailList, ZeroTrustAccessApplicationPolicyRequireEmailListArgs
- Id string
- The ID of a previously created email list.
- Id string
- The ID of a previously created email list.
- id String
- The ID of a previously created email list.
- id string
- The ID of a previously created email list.
- id str
- The ID of a previously created email list.
- id String
- The ID of a previously created email list.
ZeroTrustAccessApplicationPolicyRequireExternalEvaluation, ZeroTrustAccessApplicationPolicyRequireExternalEvaluationArgs
- Evaluate
Url string - The API endpoint containing your business logic.
- Keys
Url string - The API endpoint containing the key that Access uses to verify that the response came from your API.
- Evaluate
Url string - The API endpoint containing your business logic.
- Keys
Url string - The API endpoint containing the key that Access uses to verify that the response came from your API.
- evaluate
Url String - The API endpoint containing your business logic.
- keys
Url String - The API endpoint containing the key that Access uses to verify that the response came from your API.
- evaluate
Url string - The API endpoint containing your business logic.
- keys
Url string - The API endpoint containing the key that Access uses to verify that the response came from your API.
- evaluate_
url str - The API endpoint containing your business logic.
- keys_
url str - The API endpoint containing the key that Access uses to verify that the response came from your API.
- evaluate
Url String - The API endpoint containing your business logic.
- keys
Url String - The API endpoint containing the key that Access uses to verify that the response came from your API.
ZeroTrustAccessApplicationPolicyRequireGeo, ZeroTrustAccessApplicationPolicyRequireGeoArgs
- Country
Code string - The country code that should be matched.
- Country
Code string - The country code that should be matched.
- country
Code String - The country code that should be matched.
- country
Code string - The country code that should be matched.
- country_
code str - The country code that should be matched.
- country
Code String - The country code that should be matched.
ZeroTrustAccessApplicationPolicyRequireGithubOrganization, ZeroTrustAccessApplicationPolicyRequireGithubOrganizationArgs
- Identity
Provider stringId - The ID of your Github identity provider.
- Name string
- The name of the organization.
- Team string
- The name of the team
- Identity
Provider stringId - The ID of your Github identity provider.
- Name string
- The name of the organization.
- Team string
- The name of the team
- identity
Provider StringId - The ID of your Github identity provider.
- name String
- The name of the organization.
- team String
- The name of the team
- identity
Provider stringId - The ID of your Github identity provider.
- name string
- The name of the organization.
- team string
- The name of the team
- identity_
provider_ strid - The ID of your Github identity provider.
- name str
- The name of the organization.
- team str
- The name of the team
- identity
Provider StringId - The ID of your Github identity provider.
- name String
- The name of the organization.
- team String
- The name of the team
ZeroTrustAccessApplicationPolicyRequireGroup, ZeroTrustAccessApplicationPolicyRequireGroupArgs
- Id string
- The ID of a previously created Access group.
- Id string
- The ID of a previously created Access group.
- id String
- The ID of a previously created Access group.
- id string
- The ID of a previously created Access group.
- id str
- The ID of a previously created Access group.
- id String
- The ID of a previously created Access group.
ZeroTrustAccessApplicationPolicyRequireGsuite, ZeroTrustAccessApplicationPolicyRequireGsuiteArgs
- Email string
- The email of the Google Workspace group.
- Identity
Provider stringId - The ID of your Google Workspace identity provider.
- Email string
- The email of the Google Workspace group.
- Identity
Provider stringId - The ID of your Google Workspace identity provider.
- email String
- The email of the Google Workspace group.
- identity
Provider StringId - The ID of your Google Workspace identity provider.
- email string
- The email of the Google Workspace group.
- identity
Provider stringId - The ID of your Google Workspace identity provider.
- email str
- The email of the Google Workspace group.
- identity_
provider_ strid - The ID of your Google Workspace identity provider.
- email String
- The email of the Google Workspace group.
- identity
Provider StringId - The ID of your Google Workspace identity provider.
ZeroTrustAccessApplicationPolicyRequireIp, ZeroTrustAccessApplicationPolicyRequireIpArgs
- Ip string
- An IPv4 or IPv6 CIDR block.
- Ip string
- An IPv4 or IPv6 CIDR block.
- ip String
- An IPv4 or IPv6 CIDR block.
- ip string
- An IPv4 or IPv6 CIDR block.
- ip str
- An IPv4 or IPv6 CIDR block.
- ip String
- An IPv4 or IPv6 CIDR block.
ZeroTrustAccessApplicationPolicyRequireIpList, ZeroTrustAccessApplicationPolicyRequireIpListArgs
- Id string
- The ID of a previously created IP list.
- Id string
- The ID of a previously created IP list.
- id String
- The ID of a previously created IP list.
- id string
- The ID of a previously created IP list.
- id str
- The ID of a previously created IP list.
- id String
- The ID of a previously created IP list.
ZeroTrustAccessApplicationPolicyRequireLoginMethod, ZeroTrustAccessApplicationPolicyRequireLoginMethodArgs
- Id string
- The ID of an identity provider.
- Id string
- The ID of an identity provider.
- id String
- The ID of an identity provider.
- id string
- The ID of an identity provider.
- id str
- The ID of an identity provider.
- id String
- The ID of an identity provider.
ZeroTrustAccessApplicationPolicyRequireOkta, ZeroTrustAccessApplicationPolicyRequireOktaArgs
- Identity
Provider stringId - The ID of your Okta identity provider.
- Name string
- The name of the Okta group.
- Identity
Provider stringId - The ID of your Okta identity provider.
- Name string
- The name of the Okta group.
- identity
Provider StringId - The ID of your Okta identity provider.
- name String
- The name of the Okta group.
- identity
Provider stringId - The ID of your Okta identity provider.
- name string
- The name of the Okta group.
- identity_
provider_ strid - The ID of your Okta identity provider.
- name str
- The name of the Okta group.
- identity
Provider StringId - The ID of your Okta identity provider.
- name String
- The name of the Okta group.
ZeroTrustAccessApplicationPolicyRequireSaml, ZeroTrustAccessApplicationPolicyRequireSamlArgs
- Attribute
Name string - The name of the SAML attribute.
- Attribute
Value string - The SAML attribute value to look for.
- Identity
Provider stringId - The ID of your SAML identity provider.
- Attribute
Name string - The name of the SAML attribute.
- Attribute
Value string - The SAML attribute value to look for.
- Identity
Provider stringId - The ID of your SAML identity provider.
- attribute
Name String - The name of the SAML attribute.
- attribute
Value String - The SAML attribute value to look for.
- identity
Provider StringId - The ID of your SAML identity provider.
- attribute
Name string - The name of the SAML attribute.
- attribute
Value string - The SAML attribute value to look for.
- identity
Provider stringId - The ID of your SAML identity provider.
- attribute_
name str - The name of the SAML attribute.
- attribute_
value str - The SAML attribute value to look for.
- identity_
provider_ strid - The ID of your SAML identity provider.
- attribute
Name String - The name of the SAML attribute.
- attribute
Value String - The SAML attribute value to look for.
- identity
Provider StringId - The ID of your SAML identity provider.
ZeroTrustAccessApplicationPolicyRequireServiceToken, ZeroTrustAccessApplicationPolicyRequireServiceTokenArgs
- Token
Id string - The ID of a Service Token.
- Token
Id string - The ID of a Service Token.
- token
Id String - The ID of a Service Token.
- token
Id string - The ID of a Service Token.
- token_
id str - The ID of a Service Token.
- token
Id String - The ID of a Service Token.
ZeroTrustAccessApplicationSaasApp, ZeroTrustAccessApplicationSaasAppArgs
- Access
Token stringLifetime - The lifetime of the OIDC Access Token after creation. Valid units are m,h. Must be greater than or equal to 1m and less than or equal to 24h.
- Allow
Pkce boolWithout Client Secret - If client secret should be required on the token endpoint when authorizationcodewith_pkce grant is used.
- App
Launcher stringUrl - The URL where this applications tile redirects users
- Auth
Type string - Optional identifier indicating the authentication protocol used for the saas app. Required for OIDC. Default if unset is "saml" Available values: "saml", "oidc".
- Client
Id string - The application client id
- Client
Secret string - The application client secret, only returned on POST request.
- Consumer
Service stringUrl - The service provider's endpoint that is responsible for receiving and parsing a SAML assertion.
- Created
At string - Custom
Attributes List<ZeroTrust Access Application Saas App Custom Attribute> - Custom
Claims List<ZeroTrust Access Application Saas App Custom Claim> - Default
Relay stringState - The URL that the user will be redirected to after a successful login for IDP initiated logins.
- Grant
Types List<string> - The OIDC flows supported by this application
- Group
Filter stringRegex - A regex to filter Cloudflare groups returned in ID token and userinfo endpoint
- Hybrid
And ZeroImplicit Options Trust Access Application Saas App Hybrid And Implicit Options - Idp
Entity stringId - The unique identifier for your SaaS application.
- Name
Id stringFormat - The format of the name identifier sent to the SaaS application. Available values: "id", "email".
- Name
Id stringTransform Jsonata - A JSONata expression that transforms an application's user identities into a NameID value for its SAML assertion. This expression should evaluate to a singular string. The output of this expression can override the
name_id_formatsetting. - Public
Key string - The Access public certificate that will be used to verify your identity.
- Redirect
Uris List<string> - The permitted URL's for Cloudflare to return Authorization codes and Access/ID tokens
- Refresh
Token ZeroOptions Trust Access Application Saas App Refresh Token Options - Saml
Attribute stringTransform Jsonata - A JSONata expression that transforms an application's user identities into attribute assertions in the SAML response. The expression can transform id, email, name, and groups values. It can also transform fields listed in the samlattributes or oidcfields of the identity provider used to authenticate. The output of this expression must be a JSON object.
- Scopes List<string>
- Define the user information shared with access, "offline_access" scope will be automatically enabled if refresh tokens are enabled
- Sp
Entity stringId - A globally unique name for an identity or service provider.
- Sso
Endpoint string - The endpoint where your SaaS application will send login requests.
- Updated
At string
- Access
Token stringLifetime - The lifetime of the OIDC Access Token after creation. Valid units are m,h. Must be greater than or equal to 1m and less than or equal to 24h.
- Allow
Pkce boolWithout Client Secret - If client secret should be required on the token endpoint when authorizationcodewith_pkce grant is used.
- App
Launcher stringUrl - The URL where this applications tile redirects users
- Auth
Type string - Optional identifier indicating the authentication protocol used for the saas app. Required for OIDC. Default if unset is "saml" Available values: "saml", "oidc".
- Client
Id string - The application client id
- Client
Secret string - The application client secret, only returned on POST request.
- Consumer
Service stringUrl - The service provider's endpoint that is responsible for receiving and parsing a SAML assertion.
- Created
At string - Custom
Attributes []ZeroTrust Access Application Saas App Custom Attribute - Custom
Claims []ZeroTrust Access Application Saas App Custom Claim - Default
Relay stringState - The URL that the user will be redirected to after a successful login for IDP initiated logins.
- Grant
Types []string - The OIDC flows supported by this application
- Group
Filter stringRegex - A regex to filter Cloudflare groups returned in ID token and userinfo endpoint
- Hybrid
And ZeroImplicit Options Trust Access Application Saas App Hybrid And Implicit Options - Idp
Entity stringId - The unique identifier for your SaaS application.
- Name
Id stringFormat - The format of the name identifier sent to the SaaS application. Available values: "id", "email".
- Name
Id stringTransform Jsonata - A JSONata expression that transforms an application's user identities into a NameID value for its SAML assertion. This expression should evaluate to a singular string. The output of this expression can override the
name_id_formatsetting. - Public
Key string - The Access public certificate that will be used to verify your identity.
- Redirect
Uris []string - The permitted URL's for Cloudflare to return Authorization codes and Access/ID tokens
- Refresh
Token ZeroOptions Trust Access Application Saas App Refresh Token Options - Saml
Attribute stringTransform Jsonata - A JSONata expression that transforms an application's user identities into attribute assertions in the SAML response. The expression can transform id, email, name, and groups values. It can also transform fields listed in the samlattributes or oidcfields of the identity provider used to authenticate. The output of this expression must be a JSON object.
- Scopes []string
- Define the user information shared with access, "offline_access" scope will be automatically enabled if refresh tokens are enabled
- Sp
Entity stringId - A globally unique name for an identity or service provider.
- Sso
Endpoint string - The endpoint where your SaaS application will send login requests.
- Updated
At string
- access
Token StringLifetime - The lifetime of the OIDC Access Token after creation. Valid units are m,h. Must be greater than or equal to 1m and less than or equal to 24h.
- allow
Pkce BooleanWithout Client Secret - If client secret should be required on the token endpoint when authorizationcodewith_pkce grant is used.
- app
Launcher StringUrl - The URL where this applications tile redirects users
- auth
Type String - Optional identifier indicating the authentication protocol used for the saas app. Required for OIDC. Default if unset is "saml" Available values: "saml", "oidc".
- client
Id String - The application client id
- client
Secret String - The application client secret, only returned on POST request.
- consumer
Service StringUrl - The service provider's endpoint that is responsible for receiving and parsing a SAML assertion.
- created
At String - custom
Attributes List<ZeroTrust Access Application Saas App Custom Attribute> - custom
Claims List<ZeroTrust Access Application Saas App Custom Claim> - default
Relay StringState - The URL that the user will be redirected to after a successful login for IDP initiated logins.
- grant
Types List<String> - The OIDC flows supported by this application
- group
Filter StringRegex - A regex to filter Cloudflare groups returned in ID token and userinfo endpoint
- hybrid
And ZeroImplicit Options Trust Access Application Saas App Hybrid And Implicit Options - idp
Entity StringId - The unique identifier for your SaaS application.
- name
Id StringFormat - The format of the name identifier sent to the SaaS application. Available values: "id", "email".
- name
Id StringTransform Jsonata - A JSONata expression that transforms an application's user identities into a NameID value for its SAML assertion. This expression should evaluate to a singular string. The output of this expression can override the
name_id_formatsetting. - public
Key String - The Access public certificate that will be used to verify your identity.
- redirect
Uris List<String> - The permitted URL's for Cloudflare to return Authorization codes and Access/ID tokens
- refresh
Token ZeroOptions Trust Access Application Saas App Refresh Token Options - saml
Attribute StringTransform Jsonata - A JSONata expression that transforms an application's user identities into attribute assertions in the SAML response. The expression can transform id, email, name, and groups values. It can also transform fields listed in the samlattributes or oidcfields of the identity provider used to authenticate. The output of this expression must be a JSON object.
- scopes List<String>
- Define the user information shared with access, "offline_access" scope will be automatically enabled if refresh tokens are enabled
- sp
Entity StringId - A globally unique name for an identity or service provider.
- sso
Endpoint String - The endpoint where your SaaS application will send login requests.
- updated
At String
- access
Token stringLifetime - The lifetime of the OIDC Access Token after creation. Valid units are m,h. Must be greater than or equal to 1m and less than or equal to 24h.
- allow
Pkce booleanWithout Client Secret - If client secret should be required on the token endpoint when authorizationcodewith_pkce grant is used.
- app
Launcher stringUrl - The URL where this applications tile redirects users
- auth
Type string - Optional identifier indicating the authentication protocol used for the saas app. Required for OIDC. Default if unset is "saml" Available values: "saml", "oidc".
- client
Id string - The application client id
- client
Secret string - The application client secret, only returned on POST request.
- consumer
Service stringUrl - The service provider's endpoint that is responsible for receiving and parsing a SAML assertion.
- created
At string - custom
Attributes ZeroTrust Access Application Saas App Custom Attribute[] - custom
Claims ZeroTrust Access Application Saas App Custom Claim[] - default
Relay stringState - The URL that the user will be redirected to after a successful login for IDP initiated logins.
- grant
Types string[] - The OIDC flows supported by this application
- group
Filter stringRegex - A regex to filter Cloudflare groups returned in ID token and userinfo endpoint
- hybrid
And ZeroImplicit Options Trust Access Application Saas App Hybrid And Implicit Options - idp
Entity stringId - The unique identifier for your SaaS application.
- name
Id stringFormat - The format of the name identifier sent to the SaaS application. Available values: "id", "email".
- name
Id stringTransform Jsonata - A JSONata expression that transforms an application's user identities into a NameID value for its SAML assertion. This expression should evaluate to a singular string. The output of this expression can override the
name_id_formatsetting. - public
Key string - The Access public certificate that will be used to verify your identity.
- redirect
Uris string[] - The permitted URL's for Cloudflare to return Authorization codes and Access/ID tokens
- refresh
Token ZeroOptions Trust Access Application Saas App Refresh Token Options - saml
Attribute stringTransform Jsonata - A JSONata expression that transforms an application's user identities into attribute assertions in the SAML response. The expression can transform id, email, name, and groups values. It can also transform fields listed in the samlattributes or oidcfields of the identity provider used to authenticate. The output of this expression must be a JSON object.
- scopes string[]
- Define the user information shared with access, "offline_access" scope will be automatically enabled if refresh tokens are enabled
- sp
Entity stringId - A globally unique name for an identity or service provider.
- sso
Endpoint string - The endpoint where your SaaS application will send login requests.
- updated
At string
- access_
token_ strlifetime - The lifetime of the OIDC Access Token after creation. Valid units are m,h. Must be greater than or equal to 1m and less than or equal to 24h.
- allow_
pkce_ boolwithout_ client_ secret - If client secret should be required on the token endpoint when authorizationcodewith_pkce grant is used.
- app_
launcher_ strurl - The URL where this applications tile redirects users
- auth_
type str - Optional identifier indicating the authentication protocol used for the saas app. Required for OIDC. Default if unset is "saml" Available values: "saml", "oidc".
- client_
id str - The application client id
- client_
secret str - The application client secret, only returned on POST request.
- consumer_
service_ strurl - The service provider's endpoint that is responsible for receiving and parsing a SAML assertion.
- created_
at str - custom_
attributes Sequence[ZeroTrust Access Application Saas App Custom Attribute] - custom_
claims Sequence[ZeroTrust Access Application Saas App Custom Claim] - default_
relay_ strstate - The URL that the user will be redirected to after a successful login for IDP initiated logins.
- grant_
types Sequence[str] - The OIDC flows supported by this application
- group_
filter_ strregex - A regex to filter Cloudflare groups returned in ID token and userinfo endpoint
- hybrid_
and_ Zeroimplicit_ options Trust Access Application Saas App Hybrid And Implicit Options - idp_
entity_ strid - The unique identifier for your SaaS application.
- name_
id_ strformat - The format of the name identifier sent to the SaaS application. Available values: "id", "email".
- name_
id_ strtransform_ jsonata - A JSONata expression that transforms an application's user identities into a NameID value for its SAML assertion. This expression should evaluate to a singular string. The output of this expression can override the
name_id_formatsetting. - public_
key str - The Access public certificate that will be used to verify your identity.
- redirect_
uris Sequence[str] - The permitted URL's for Cloudflare to return Authorization codes and Access/ID tokens
- refresh_
token_ Zerooptions Trust Access Application Saas App Refresh Token Options - saml_
attribute_ strtransform_ jsonata - A JSONata expression that transforms an application's user identities into attribute assertions in the SAML response. The expression can transform id, email, name, and groups values. It can also transform fields listed in the samlattributes or oidcfields of the identity provider used to authenticate. The output of this expression must be a JSON object.
- scopes Sequence[str]
- Define the user information shared with access, "offline_access" scope will be automatically enabled if refresh tokens are enabled
- sp_
entity_ strid - A globally unique name for an identity or service provider.
- sso_
endpoint str - The endpoint where your SaaS application will send login requests.
- updated_
at str
- access
Token StringLifetime - The lifetime of the OIDC Access Token after creation. Valid units are m,h. Must be greater than or equal to 1m and less than or equal to 24h.
- allow
Pkce BooleanWithout Client Secret - If client secret should be required on the token endpoint when authorizationcodewith_pkce grant is used.
- app
Launcher StringUrl - The URL where this applications tile redirects users
- auth
Type String - Optional identifier indicating the authentication protocol used for the saas app. Required for OIDC. Default if unset is "saml" Available values: "saml", "oidc".
- client
Id String - The application client id
- client
Secret String - The application client secret, only returned on POST request.
- consumer
Service StringUrl - The service provider's endpoint that is responsible for receiving and parsing a SAML assertion.
- created
At String - custom
Attributes List<Property Map> - custom
Claims List<Property Map> - default
Relay StringState - The URL that the user will be redirected to after a successful login for IDP initiated logins.
- grant
Types List<String> - The OIDC flows supported by this application
- group
Filter StringRegex - A regex to filter Cloudflare groups returned in ID token and userinfo endpoint
- hybrid
And Property MapImplicit Options - idp
Entity StringId - The unique identifier for your SaaS application.
- name
Id StringFormat - The format of the name identifier sent to the SaaS application. Available values: "id", "email".
- name
Id StringTransform Jsonata - A JSONata expression that transforms an application's user identities into a NameID value for its SAML assertion. This expression should evaluate to a singular string. The output of this expression can override the
name_id_formatsetting. - public
Key String - The Access public certificate that will be used to verify your identity.
- redirect
Uris List<String> - The permitted URL's for Cloudflare to return Authorization codes and Access/ID tokens
- refresh
Token Property MapOptions - saml
Attribute StringTransform Jsonata - A JSONata expression that transforms an application's user identities into attribute assertions in the SAML response. The expression can transform id, email, name, and groups values. It can also transform fields listed in the samlattributes or oidcfields of the identity provider used to authenticate. The output of this expression must be a JSON object.
- scopes List<String>
- Define the user information shared with access, "offline_access" scope will be automatically enabled if refresh tokens are enabled
- sp
Entity StringId - A globally unique name for an identity or service provider.
- sso
Endpoint String - The endpoint where your SaaS application will send login requests.
- updated
At String
ZeroTrustAccessApplicationSaasAppCustomAttribute, ZeroTrustAccessApplicationSaasAppCustomAttributeArgs
- Friendly
Name string - The SAML FriendlyName of the attribute.
- Name string
- The name of the attribute.
- Name
Format string - A globally unique name for an identity or service provider. Available values: "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified", "urn:oasis:names:tc:SAML:2.0:attrname-format:basic", "urn:oasis:names:tc:SAML:2.0:attrname-format:uri".
- Required bool
- If the attribute is required when building a SAML assertion.
- Source
Zero
Trust Access Application Saas App Custom Attribute Source
- Friendly
Name string - The SAML FriendlyName of the attribute.
- Name string
- The name of the attribute.
- Name
Format string - A globally unique name for an identity or service provider. Available values: "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified", "urn:oasis:names:tc:SAML:2.0:attrname-format:basic", "urn:oasis:names:tc:SAML:2.0:attrname-format:uri".
- Required bool
- If the attribute is required when building a SAML assertion.
- Source
Zero
Trust Access Application Saas App Custom Attribute Source
- friendly
Name String - The SAML FriendlyName of the attribute.
- name String
- The name of the attribute.
- name
Format String - A globally unique name for an identity or service provider. Available values: "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified", "urn:oasis:names:tc:SAML:2.0:attrname-format:basic", "urn:oasis:names:tc:SAML:2.0:attrname-format:uri".
- required Boolean
- If the attribute is required when building a SAML assertion.
- source
Zero
Trust Access Application Saas App Custom Attribute Source
- friendly
Name string - The SAML FriendlyName of the attribute.
- name string
- The name of the attribute.
- name
Format string - A globally unique name for an identity or service provider. Available values: "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified", "urn:oasis:names:tc:SAML:2.0:attrname-format:basic", "urn:oasis:names:tc:SAML:2.0:attrname-format:uri".
- required boolean
- If the attribute is required when building a SAML assertion.
- source
Zero
Trust Access Application Saas App Custom Attribute Source
- friendly_
name str - The SAML FriendlyName of the attribute.
- name str
- The name of the attribute.
- name_
format str - A globally unique name for an identity or service provider. Available values: "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified", "urn:oasis:names:tc:SAML:2.0:attrname-format:basic", "urn:oasis:names:tc:SAML:2.0:attrname-format:uri".
- required bool
- If the attribute is required when building a SAML assertion.
- source
Zero
Trust Access Application Saas App Custom Attribute Source
- friendly
Name String - The SAML FriendlyName of the attribute.
- name String
- The name of the attribute.
- name
Format String - A globally unique name for an identity or service provider. Available values: "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified", "urn:oasis:names:tc:SAML:2.0:attrname-format:basic", "urn:oasis:names:tc:SAML:2.0:attrname-format:uri".
- required Boolean
- If the attribute is required when building a SAML assertion.
- source Property Map
ZeroTrustAccessApplicationSaasAppCustomAttributeSource, ZeroTrustAccessApplicationSaasAppCustomAttributeSourceArgs
- Name string
- The name of the IdP attribute.
- Name
By List<ZeroIdps Trust Access Application Saas App Custom Attribute Source Name By Idp> - A mapping from IdP ID to attribute name.
- Name string
- The name of the IdP attribute.
- Name
By []ZeroIdps Trust Access Application Saas App Custom Attribute Source Name By Idp - A mapping from IdP ID to attribute name.
- name String
- The name of the IdP attribute.
- name
By List<ZeroIdps Trust Access Application Saas App Custom Attribute Source Name By Idp> - A mapping from IdP ID to attribute name.
- name string
- The name of the IdP attribute.
- name
By ZeroIdps Trust Access Application Saas App Custom Attribute Source Name By Idp[] - A mapping from IdP ID to attribute name.
- name str
- The name of the IdP attribute.
- name_
by_ Sequence[Zeroidps Trust Access Application Saas App Custom Attribute Source Name By Idp] - A mapping from IdP ID to attribute name.
- name String
- The name of the IdP attribute.
- name
By List<Property Map>Idps - A mapping from IdP ID to attribute name.
ZeroTrustAccessApplicationSaasAppCustomAttributeSourceNameByIdp, ZeroTrustAccessApplicationSaasAppCustomAttributeSourceNameByIdpArgs
- Idp
Id string - The UID of the IdP.
- Source
Name string - The name of the IdP provided attribute.
- Idp
Id string - The UID of the IdP.
- Source
Name string - The name of the IdP provided attribute.
- idp
Id String - The UID of the IdP.
- source
Name String - The name of the IdP provided attribute.
- idp
Id string - The UID of the IdP.
- source
Name string - The name of the IdP provided attribute.
- idp_
id str - The UID of the IdP.
- source_
name str - The name of the IdP provided attribute.
- idp
Id String - The UID of the IdP.
- source
Name String - The name of the IdP provided attribute.
ZeroTrustAccessApplicationSaasAppCustomClaim, ZeroTrustAccessApplicationSaasAppCustomClaimArgs
- Name string
- The name of the claim.
- Required bool
- If the claim is required when building an OIDC token.
- Scope string
- The scope of the claim. Available values: "groups", "profile", "email", "openid".
- Source
Zero
Trust Access Application Saas App Custom Claim Source
- Name string
- The name of the claim.
- Required bool
- If the claim is required when building an OIDC token.
- Scope string
- The scope of the claim. Available values: "groups", "profile", "email", "openid".
- Source
Zero
Trust Access Application Saas App Custom Claim Source
- name String
- The name of the claim.
- required Boolean
- If the claim is required when building an OIDC token.
- scope String
- The scope of the claim. Available values: "groups", "profile", "email", "openid".
- source
Zero
Trust Access Application Saas App Custom Claim Source
- name string
- The name of the claim.
- required boolean
- If the claim is required when building an OIDC token.
- scope string
- The scope of the claim. Available values: "groups", "profile", "email", "openid".
- source
Zero
Trust Access Application Saas App Custom Claim Source
- name str
- The name of the claim.
- required bool
- If the claim is required when building an OIDC token.
- scope str
- The scope of the claim. Available values: "groups", "profile", "email", "openid".
- source
Zero
Trust Access Application Saas App Custom Claim Source
- name String
- The name of the claim.
- required Boolean
- If the claim is required when building an OIDC token.
- scope String
- The scope of the claim. Available values: "groups", "profile", "email", "openid".
- source Property Map
ZeroTrustAccessApplicationSaasAppCustomClaimSource, ZeroTrustAccessApplicationSaasAppCustomClaimSourceArgs
- name str
- The name of the IdP claim.
- name_
by_ Mapping[str, str]idp - A mapping from IdP ID to claim name.
ZeroTrustAccessApplicationSaasAppHybridAndImplicitOptions, ZeroTrustAccessApplicationSaasAppHybridAndImplicitOptionsArgs
- bool
- If an Access Token should be returned from the OIDC Authorization endpoint
- bool
- If an ID Token should be returned from the OIDC Authorization endpoint
- bool
- If an Access Token should be returned from the OIDC Authorization endpoint
- bool
- If an ID Token should be returned from the OIDC Authorization endpoint
- Boolean
- If an Access Token should be returned from the OIDC Authorization endpoint
- Boolean
- If an ID Token should be returned from the OIDC Authorization endpoint
- boolean
- If an Access Token should be returned from the OIDC Authorization endpoint
- boolean
- If an ID Token should be returned from the OIDC Authorization endpoint
- bool
- If an Access Token should be returned from the OIDC Authorization endpoint
- bool
- If an ID Token should be returned from the OIDC Authorization endpoint
- Boolean
- If an Access Token should be returned from the OIDC Authorization endpoint
- Boolean
- If an ID Token should be returned from the OIDC Authorization endpoint
ZeroTrustAccessApplicationSaasAppRefreshTokenOptions, ZeroTrustAccessApplicationSaasAppRefreshTokenOptionsArgs
- Lifetime string
- How long a refresh token will be valid for after creation. Valid units are m,h,d. Must be longer than 1m.
- Lifetime string
- How long a refresh token will be valid for after creation. Valid units are m,h,d. Must be longer than 1m.
- lifetime String
- How long a refresh token will be valid for after creation. Valid units are m,h,d. Must be longer than 1m.
- lifetime string
- How long a refresh token will be valid for after creation. Valid units are m,h,d. Must be longer than 1m.
- lifetime str
- How long a refresh token will be valid for after creation. Valid units are m,h,d. Must be longer than 1m.
- lifetime String
- How long a refresh token will be valid for after creation. Valid units are m,h,d. Must be longer than 1m.
ZeroTrustAccessApplicationScimConfig, ZeroTrustAccessApplicationScimConfigArgs
- Idp
Uid string - The UID of the IdP to use as the source for SCIM resources to provision to this application.
- Remote
Uri string - The base URI for the application's SCIM-compatible API.
- Authentication
Zero
Trust Access Application Scim Config Authentication - Attributes for configuring HTTP Basic authentication scheme for SCIM provisioning to an application.
- Deactivate
On boolDelete - If false, propagates DELETE requests to the target application for SCIM resources. If true, sets 'active' to false on the SCIM resource. Note: Some targets do not support DELETE operations.
- Enabled bool
- Whether SCIM provisioning is turned on for this application.
- Mappings
List<Zero
Trust Access Application Scim Config Mapping> - A list of mappings to apply to SCIM resources before provisioning them in this application. These can transform or filter the resources to be provisioned.
- Idp
Uid string - The UID of the IdP to use as the source for SCIM resources to provision to this application.
- Remote
Uri string - The base URI for the application's SCIM-compatible API.
- Authentication
Zero
Trust Access Application Scim Config Authentication - Attributes for configuring HTTP Basic authentication scheme for SCIM provisioning to an application.
- Deactivate
On boolDelete - If false, propagates DELETE requests to the target application for SCIM resources. If true, sets 'active' to false on the SCIM resource. Note: Some targets do not support DELETE operations.
- Enabled bool
- Whether SCIM provisioning is turned on for this application.
- Mappings
[]Zero
Trust Access Application Scim Config Mapping - A list of mappings to apply to SCIM resources before provisioning them in this application. These can transform or filter the resources to be provisioned.
- idp
Uid String - The UID of the IdP to use as the source for SCIM resources to provision to this application.
- remote
Uri String - The base URI for the application's SCIM-compatible API.
- authentication
Zero
Trust Access Application Scim Config Authentication - Attributes for configuring HTTP Basic authentication scheme for SCIM provisioning to an application.
- deactivate
On BooleanDelete - If false, propagates DELETE requests to the target application for SCIM resources. If true, sets 'active' to false on the SCIM resource. Note: Some targets do not support DELETE operations.
- enabled Boolean
- Whether SCIM provisioning is turned on for this application.
- mappings
List<Zero
Trust Access Application Scim Config Mapping> - A list of mappings to apply to SCIM resources before provisioning them in this application. These can transform or filter the resources to be provisioned.
- idp
Uid string - The UID of the IdP to use as the source for SCIM resources to provision to this application.
- remote
Uri string - The base URI for the application's SCIM-compatible API.
- authentication
Zero
Trust Access Application Scim Config Authentication - Attributes for configuring HTTP Basic authentication scheme for SCIM provisioning to an application.
- deactivate
On booleanDelete - If false, propagates DELETE requests to the target application for SCIM resources. If true, sets 'active' to false on the SCIM resource. Note: Some targets do not support DELETE operations.
- enabled boolean
- Whether SCIM provisioning is turned on for this application.
- mappings
Zero
Trust Access Application Scim Config Mapping[] - A list of mappings to apply to SCIM resources before provisioning them in this application. These can transform or filter the resources to be provisioned.
- idp_
uid str - The UID of the IdP to use as the source for SCIM resources to provision to this application.
- remote_
uri str - The base URI for the application's SCIM-compatible API.
- authentication
Zero
Trust Access Application Scim Config Authentication - Attributes for configuring HTTP Basic authentication scheme for SCIM provisioning to an application.
- deactivate_
on_ booldelete - If false, propagates DELETE requests to the target application for SCIM resources. If true, sets 'active' to false on the SCIM resource. Note: Some targets do not support DELETE operations.
- enabled bool
- Whether SCIM provisioning is turned on for this application.
- mappings
Sequence[Zero
Trust Access Application Scim Config Mapping] - A list of mappings to apply to SCIM resources before provisioning them in this application. These can transform or filter the resources to be provisioned.
- idp
Uid String - The UID of the IdP to use as the source for SCIM resources to provision to this application.
- remote
Uri String - The base URI for the application's SCIM-compatible API.
- authentication Property Map
- Attributes for configuring HTTP Basic authentication scheme for SCIM provisioning to an application.
- deactivate
On BooleanDelete - If false, propagates DELETE requests to the target application for SCIM resources. If true, sets 'active' to false on the SCIM resource. Note: Some targets do not support DELETE operations.
- enabled Boolean
- Whether SCIM provisioning is turned on for this application.
- mappings List<Property Map>
- A list of mappings to apply to SCIM resources before provisioning them in this application. These can transform or filter the resources to be provisioned.
ZeroTrustAccessApplicationScimConfigAuthentication, ZeroTrustAccessApplicationScimConfigAuthenticationArgs
- Scheme string
- The authentication scheme to use when making SCIM requests to this application. Available values: "httpbasic".
- string
- URL used to generate the auth code used during token generation.
- Client
Id string - Client ID used to authenticate when generating a token for authenticating with the remote SCIM service.
- Client
Secret string - Secret used to authenticate when generating a token for authenticating with the remove SCIM service.
- Password string
- Password used to authenticate with the remote SCIM service.
- Scopes List<string>
- The authorization scopes to request when generating the token used to authenticate with the remove SCIM service.
- Token string
- Token used to authenticate with the remote SCIM service.
- Token
Url string - URL used to generate the token used to authenticate with the remote SCIM service.
- User string
- User name used to authenticate with the remote SCIM service.
- Scheme string
- The authentication scheme to use when making SCIM requests to this application. Available values: "httpbasic".
- string
- URL used to generate the auth code used during token generation.
- Client
Id string - Client ID used to authenticate when generating a token for authenticating with the remote SCIM service.
- Client
Secret string - Secret used to authenticate when generating a token for authenticating with the remove SCIM service.
- Password string
- Password used to authenticate with the remote SCIM service.
- Scopes []string
- The authorization scopes to request when generating the token used to authenticate with the remove SCIM service.
- Token string
- Token used to authenticate with the remote SCIM service.
- Token
Url string - URL used to generate the token used to authenticate with the remote SCIM service.
- User string
- User name used to authenticate with the remote SCIM service.
- scheme String
- The authentication scheme to use when making SCIM requests to this application. Available values: "httpbasic".
- String
- URL used to generate the auth code used during token generation.
- client
Id String - Client ID used to authenticate when generating a token for authenticating with the remote SCIM service.
- client
Secret String - Secret used to authenticate when generating a token for authenticating with the remove SCIM service.
- password String
- Password used to authenticate with the remote SCIM service.
- scopes List<String>
- The authorization scopes to request when generating the token used to authenticate with the remove SCIM service.
- token String
- Token used to authenticate with the remote SCIM service.
- token
Url String - URL used to generate the token used to authenticate with the remote SCIM service.
- user String
- User name used to authenticate with the remote SCIM service.
- scheme string
- The authentication scheme to use when making SCIM requests to this application. Available values: "httpbasic".
- string
- URL used to generate the auth code used during token generation.
- client
Id string - Client ID used to authenticate when generating a token for authenticating with the remote SCIM service.
- client
Secret string - Secret used to authenticate when generating a token for authenticating with the remove SCIM service.
- password string
- Password used to authenticate with the remote SCIM service.
- scopes string[]
- The authorization scopes to request when generating the token used to authenticate with the remove SCIM service.
- token string
- Token used to authenticate with the remote SCIM service.
- token
Url string - URL used to generate the token used to authenticate with the remote SCIM service.
- user string
- User name used to authenticate with the remote SCIM service.
- scheme str
- The authentication scheme to use when making SCIM requests to this application. Available values: "httpbasic".
- str
- URL used to generate the auth code used during token generation.
- client_
id str - Client ID used to authenticate when generating a token for authenticating with the remote SCIM service.
- client_
secret str - Secret used to authenticate when generating a token for authenticating with the remove SCIM service.
- password str
- Password used to authenticate with the remote SCIM service.
- scopes Sequence[str]
- The authorization scopes to request when generating the token used to authenticate with the remove SCIM service.
- token str
- Token used to authenticate with the remote SCIM service.
- token_
url str - URL used to generate the token used to authenticate with the remote SCIM service.
- user str
- User name used to authenticate with the remote SCIM service.
- scheme String
- The authentication scheme to use when making SCIM requests to this application. Available values: "httpbasic".
- String
- URL used to generate the auth code used during token generation.
- client
Id String - Client ID used to authenticate when generating a token for authenticating with the remote SCIM service.
- client
Secret String - Secret used to authenticate when generating a token for authenticating with the remove SCIM service.
- password String
- Password used to authenticate with the remote SCIM service.
- scopes List<String>
- The authorization scopes to request when generating the token used to authenticate with the remove SCIM service.
- token String
- Token used to authenticate with the remote SCIM service.
- token
Url String - URL used to generate the token used to authenticate with the remote SCIM service.
- user String
- User name used to authenticate with the remote SCIM service.
ZeroTrustAccessApplicationScimConfigMapping, ZeroTrustAccessApplicationScimConfigMappingArgs
- Schema string
- Which SCIM resource type this mapping applies to.
- Enabled bool
- Whether or not this mapping is enabled.
- Filter string
- A SCIM filter expression that matches resources that should be provisioned to this application.
- Operations
Zero
Trust Access Application Scim Config Mapping Operations - Whether or not this mapping applies to creates, updates, or deletes.
- Strictness string
- The level of adherence to outbound resource schemas when provisioning to this mapping. ‘Strict’ removes unknown values, while ‘passthrough’ passes unknown values to the target. Available values: "strict", "passthrough".
- Transform
Jsonata string - A JSONata expression that transforms the resource before provisioning it in the application.
- Schema string
- Which SCIM resource type this mapping applies to.
- Enabled bool
- Whether or not this mapping is enabled.
- Filter string
- A SCIM filter expression that matches resources that should be provisioned to this application.
- Operations
Zero
Trust Access Application Scim Config Mapping Operations - Whether or not this mapping applies to creates, updates, or deletes.
- Strictness string
- The level of adherence to outbound resource schemas when provisioning to this mapping. ‘Strict’ removes unknown values, while ‘passthrough’ passes unknown values to the target. Available values: "strict", "passthrough".
- Transform
Jsonata string - A JSONata expression that transforms the resource before provisioning it in the application.
- schema String
- Which SCIM resource type this mapping applies to.
- enabled Boolean
- Whether or not this mapping is enabled.
- filter String
- A SCIM filter expression that matches resources that should be provisioned to this application.
- operations
Zero
Trust Access Application Scim Config Mapping Operations - Whether or not this mapping applies to creates, updates, or deletes.
- strictness String
- The level of adherence to outbound resource schemas when provisioning to this mapping. ‘Strict’ removes unknown values, while ‘passthrough’ passes unknown values to the target. Available values: "strict", "passthrough".
- transform
Jsonata String - A JSONata expression that transforms the resource before provisioning it in the application.
- schema string
- Which SCIM resource type this mapping applies to.
- enabled boolean
- Whether or not this mapping is enabled.
- filter string
- A SCIM filter expression that matches resources that should be provisioned to this application.
- operations
Zero
Trust Access Application Scim Config Mapping Operations - Whether or not this mapping applies to creates, updates, or deletes.
- strictness string
- The level of adherence to outbound resource schemas when provisioning to this mapping. ‘Strict’ removes unknown values, while ‘passthrough’ passes unknown values to the target. Available values: "strict", "passthrough".
- transform
Jsonata string - A JSONata expression that transforms the resource before provisioning it in the application.
- schema str
- Which SCIM resource type this mapping applies to.
- enabled bool
- Whether or not this mapping is enabled.
- filter str
- A SCIM filter expression that matches resources that should be provisioned to this application.
- operations
Zero
Trust Access Application Scim Config Mapping Operations - Whether or not this mapping applies to creates, updates, or deletes.
- strictness str
- The level of adherence to outbound resource schemas when provisioning to this mapping. ‘Strict’ removes unknown values, while ‘passthrough’ passes unknown values to the target. Available values: "strict", "passthrough".
- transform_
jsonata str - A JSONata expression that transforms the resource before provisioning it in the application.
- schema String
- Which SCIM resource type this mapping applies to.
- enabled Boolean
- Whether or not this mapping is enabled.
- filter String
- A SCIM filter expression that matches resources that should be provisioned to this application.
- operations Property Map
- Whether or not this mapping applies to creates, updates, or deletes.
- strictness String
- The level of adherence to outbound resource schemas when provisioning to this mapping. ‘Strict’ removes unknown values, while ‘passthrough’ passes unknown values to the target. Available values: "strict", "passthrough".
- transform
Jsonata String - A JSONata expression that transforms the resource before provisioning it in the application.
ZeroTrustAccessApplicationScimConfigMappingOperations, ZeroTrustAccessApplicationScimConfigMappingOperationsArgs
ZeroTrustAccessApplicationTargetCriteria, ZeroTrustAccessApplicationTargetCriteriaArgs
- Port int
- The port that the targets use for the chosen communication protocol. A port cannot be assigned to multiple protocols.
- Protocol string
- The communication protocol your application secures. Available values: "ssh".
- Target
Attributes Dictionary<string, ImmutableArray<string>> - Contains a map of target attribute keys to target attribute values.
- Port int
- The port that the targets use for the chosen communication protocol. A port cannot be assigned to multiple protocols.
- Protocol string
- The communication protocol your application secures. Available values: "ssh".
- Target
Attributes map[string][]string - Contains a map of target attribute keys to target attribute values.
- port Integer
- The port that the targets use for the chosen communication protocol. A port cannot be assigned to multiple protocols.
- protocol String
- The communication protocol your application secures. Available values: "ssh".
- target
Attributes Map<String,List<String>> - Contains a map of target attribute keys to target attribute values.
- port number
- The port that the targets use for the chosen communication protocol. A port cannot be assigned to multiple protocols.
- protocol string
- The communication protocol your application secures. Available values: "ssh".
- target
Attributes {[key: string]: string[]} - Contains a map of target attribute keys to target attribute values.
- port int
- The port that the targets use for the chosen communication protocol. A port cannot be assigned to multiple protocols.
- protocol str
- The communication protocol your application secures. Available values: "ssh".
- target_
attributes Mapping[str, Sequence[str]] - Contains a map of target attribute keys to target attribute values.
- port Number
- The port that the targets use for the chosen communication protocol. A port cannot be assigned to multiple protocols.
- protocol String
- The communication protocol your application secures. Available values: "ssh".
- target
Attributes Map<List<String>> - Contains a map of target attribute keys to target attribute values.
Import
$ pulumi import cloudflare:index/zeroTrustAccessApplication:ZeroTrustAccessApplication example '<{accounts|zones}/{account_id|zone_id}>/<app_id>'
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Cloudflare pulumi/pulumi-cloudflare
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
cloudflareTerraform Provider.