import * as pulumi from "@pulumi/pulumi"; import * as inputs from "./types/input"; import * as outputs from "./types/output"; /** * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as cloudflare from "@pulumi/cloudflare"; * * const exampleZeroTrustOrganization = new cloudflare.ZeroTrustOrganization("example_zero_trust_organization", { * zoneId: "zone_id", * allowAuthenticateViaWarp: true, * authDomain: "test.cloudflareaccess.com", * autoRedirectToIdentity: true, * customPages: { * forbidden: "699d98642c564d2e855e9661899b7252", * identityDenied: "699d98642c564d2e855e9661899b7252", * }, * denyUnmatchedRequests: true, * denyUnmatchedRequestsExemptedZoneNames: ["example.com"], * isUiReadOnly: true, * loginDesign: { * backgroundColor: "#c5ed1b", * footerText: "This is an example description.", * headerText: "This is an example description.", * logoPath: "https://example.com/logo.png", * textColor: "#c5ed1b", * }, * mfaConfig: { * allowedAuthenticators: [ * "totp", * "biometrics", * "security_key", * ], * sessionDuration: "24h", * }, * mfaConfigurationAllowed: true, * mfaRequiredForAllApps: false, * name: "Widget Corps Internal Applications", * sessionDuration: "24h", * uiReadOnlyToggleReason: "Temporarily turn off the UI read only lock to make a change via the UI", * userSeatExpirationInactiveTime: "730h", * warpAuthSessionDuration: "24h", * }); * ``` * * ## Import * * > This resource does not currently support `pulumi import`. */ export declare class ZeroTrustOrganization extends pulumi.CustomResource { /** * Get an existing ZeroTrustOrganization resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: ZeroTrustOrganizationState, opts?: pulumi.CustomResourceOptions): ZeroTrustOrganization; /** * Returns true if the given object is an instance of ZeroTrustOrganization. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is ZeroTrustOrganization; /** * The Account ID to use for this endpoint. Mutually exclusive with the Zone ID. */ readonly accountId: pulumi.Output; /** * When set to true, users can authenticate via WARP for any application in your organization. Application settings will take precedence over this value. */ readonly allowAuthenticateViaWarp: pulumi.Output; /** * The unique subdomain assigned to your Zero Trust organization. */ readonly authDomain: pulumi.Output; /** * When set to `true`, users skip the identity provider selection step during login. */ readonly autoRedirectToIdentity: pulumi.Output; readonly customPages: pulumi.Output; /** * Determines whether to deny all requests to Cloudflare-protected resources that lack an associated Access application. If enabled, you must explicitly configure an Access application and policy to allow traffic to your Cloudflare-protected resources. For domains you want to be public across all subdomains, add the domain to the `denyUnmatchedRequestsExemptedZoneNames` array. */ readonly denyUnmatchedRequests: pulumi.Output; /** * Contains zone names to exempt from the `denyUnmatchedRequests` feature. Requests to a subdomain in an exempted zone will block unauthenticated traffic by default if there is a configured Access application and policy that matches the request. */ readonly denyUnmatchedRequestsExemptedZoneNames: pulumi.Output; /** * Lock all settings as Read-Only in the Dashboard, regardless of user permission. Updates may only be made via the API or Terraform for this account when enabled. */ readonly isUiReadOnly: pulumi.Output; readonly loginDesign: pulumi.Output; /** * Configures multi-factor authentication (MFA) settings for an organization. */ readonly mfaConfig: pulumi.Output; /** * Indicates if this organization can enforce multi-factor authentication (MFA) requirements at the application and policy level. */ readonly mfaConfigurationAllowed: pulumi.Output; /** * Determines whether global MFA settings apply to applications by default. The organization must have MFA enabled with at least one authentication method and a session duration configured. */ readonly mfaRequiredForAllApps: pulumi.Output; /** * The name of your Zero Trust organization. */ readonly name: pulumi.Output; /** * The amount of time that tokens issued for applications will be valid. Must be in the format `300ms` or `2h45m`. Valid time units are: ns, us (or µs), ms, s, m, h. */ readonly sessionDuration: pulumi.Output; /** * A description of the reason why the UI read only field is being toggled. */ readonly uiReadOnlyToggleReason: pulumi.Output; /** * The amount of time a user seat is inactive before it expires. When the user seat exceeds the set time of inactivity, the user is removed as an active seat and no longer counts against your Teams seat count. Minimum value for this setting is 1 month (730h). Must be in the format `300ms` or `2h45m`. Valid time units are: `ns`, `us` (or `µs`), `ms`, `s`, `m`, `h`. */ readonly userSeatExpirationInactiveTime: pulumi.Output; /** * The amount of time that tokens issued for applications will be valid. Must be in the format `30m` or `2h45m`. Valid time units are: m, h. */ readonly warpAuthSessionDuration: pulumi.Output; /** * The Zone ID to use for this endpoint. Mutually exclusive with the Account ID. */ readonly zoneId: pulumi.Output; /** * Create a ZeroTrustOrganization resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args?: ZeroTrustOrganizationArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering ZeroTrustOrganization resources. */ export interface ZeroTrustOrganizationState { /** * The Account ID to use for this endpoint. Mutually exclusive with the Zone ID. */ accountId?: pulumi.Input; /** * When set to true, users can authenticate via WARP for any application in your organization. Application settings will take precedence over this value. */ allowAuthenticateViaWarp?: pulumi.Input; /** * The unique subdomain assigned to your Zero Trust organization. */ authDomain?: pulumi.Input; /** * When set to `true`, users skip the identity provider selection step during login. */ autoRedirectToIdentity?: pulumi.Input; customPages?: pulumi.Input; /** * Determines whether to deny all requests to Cloudflare-protected resources that lack an associated Access application. If enabled, you must explicitly configure an Access application and policy to allow traffic to your Cloudflare-protected resources. For domains you want to be public across all subdomains, add the domain to the `denyUnmatchedRequestsExemptedZoneNames` array. */ denyUnmatchedRequests?: pulumi.Input; /** * Contains zone names to exempt from the `denyUnmatchedRequests` feature. Requests to a subdomain in an exempted zone will block unauthenticated traffic by default if there is a configured Access application and policy that matches the request. */ denyUnmatchedRequestsExemptedZoneNames?: pulumi.Input[]>; /** * Lock all settings as Read-Only in the Dashboard, regardless of user permission. Updates may only be made via the API or Terraform for this account when enabled. */ isUiReadOnly?: pulumi.Input; loginDesign?: pulumi.Input; /** * Configures multi-factor authentication (MFA) settings for an organization. */ mfaConfig?: pulumi.Input; /** * Indicates if this organization can enforce multi-factor authentication (MFA) requirements at the application and policy level. */ mfaConfigurationAllowed?: pulumi.Input; /** * Determines whether global MFA settings apply to applications by default. The organization must have MFA enabled with at least one authentication method and a session duration configured. */ mfaRequiredForAllApps?: pulumi.Input; /** * The name of your Zero Trust organization. */ name?: pulumi.Input; /** * The amount of time that tokens issued for applications will be valid. Must be in the format `300ms` or `2h45m`. Valid time units are: ns, us (or µs), ms, s, m, h. */ sessionDuration?: pulumi.Input; /** * A description of the reason why the UI read only field is being toggled. */ uiReadOnlyToggleReason?: pulumi.Input; /** * The amount of time a user seat is inactive before it expires. When the user seat exceeds the set time of inactivity, the user is removed as an active seat and no longer counts against your Teams seat count. Minimum value for this setting is 1 month (730h). Must be in the format `300ms` or `2h45m`. Valid time units are: `ns`, `us` (or `µs`), `ms`, `s`, `m`, `h`. */ userSeatExpirationInactiveTime?: pulumi.Input; /** * The amount of time that tokens issued for applications will be valid. Must be in the format `30m` or `2h45m`. Valid time units are: m, h. */ warpAuthSessionDuration?: pulumi.Input; /** * The Zone ID to use for this endpoint. Mutually exclusive with the Account ID. */ zoneId?: pulumi.Input; } /** * The set of arguments for constructing a ZeroTrustOrganization resource. */ export interface ZeroTrustOrganizationArgs { /** * The Account ID to use for this endpoint. Mutually exclusive with the Zone ID. */ accountId?: pulumi.Input; /** * When set to true, users can authenticate via WARP for any application in your organization. Application settings will take precedence over this value. */ allowAuthenticateViaWarp?: pulumi.Input; /** * The unique subdomain assigned to your Zero Trust organization. */ authDomain?: pulumi.Input; /** * When set to `true`, users skip the identity provider selection step during login. */ autoRedirectToIdentity?: pulumi.Input; customPages?: pulumi.Input; /** * Determines whether to deny all requests to Cloudflare-protected resources that lack an associated Access application. If enabled, you must explicitly configure an Access application and policy to allow traffic to your Cloudflare-protected resources. For domains you want to be public across all subdomains, add the domain to the `denyUnmatchedRequestsExemptedZoneNames` array. */ denyUnmatchedRequests?: pulumi.Input; /** * Contains zone names to exempt from the `denyUnmatchedRequests` feature. Requests to a subdomain in an exempted zone will block unauthenticated traffic by default if there is a configured Access application and policy that matches the request. */ denyUnmatchedRequestsExemptedZoneNames?: pulumi.Input[]>; /** * Lock all settings as Read-Only in the Dashboard, regardless of user permission. Updates may only be made via the API or Terraform for this account when enabled. */ isUiReadOnly?: pulumi.Input; loginDesign?: pulumi.Input; /** * Configures multi-factor authentication (MFA) settings for an organization. */ mfaConfig?: pulumi.Input; /** * Indicates if this organization can enforce multi-factor authentication (MFA) requirements at the application and policy level. */ mfaConfigurationAllowed?: pulumi.Input; /** * Determines whether global MFA settings apply to applications by default. The organization must have MFA enabled with at least one authentication method and a session duration configured. */ mfaRequiredForAllApps?: pulumi.Input; /** * The name of your Zero Trust organization. */ name?: pulumi.Input; /** * The amount of time that tokens issued for applications will be valid. Must be in the format `300ms` or `2h45m`. Valid time units are: ns, us (or µs), ms, s, m, h. */ sessionDuration?: pulumi.Input; /** * A description of the reason why the UI read only field is being toggled. */ uiReadOnlyToggleReason?: pulumi.Input; /** * The amount of time a user seat is inactive before it expires. When the user seat exceeds the set time of inactivity, the user is removed as an active seat and no longer counts against your Teams seat count. Minimum value for this setting is 1 month (730h). Must be in the format `300ms` or `2h45m`. Valid time units are: `ns`, `us` (or `µs`), `ms`, `s`, `m`, `h`. */ userSeatExpirationInactiveTime?: pulumi.Input; /** * The amount of time that tokens issued for applications will be valid. Must be in the format `30m` or `2h45m`. Valid time units are: m, h. */ warpAuthSessionDuration?: pulumi.Input; /** * The Zone ID to use for this endpoint. Mutually exclusive with the Account ID. */ zoneId?: pulumi.Input; }