Docs Home
FusionAuth v6.0.2 published on Sunday, Feb 9, 2025 by Theo Gravity
fusionauth.FusionAuthTenant
Explore with Pulumi AI
# Tenant Resource
A FusionAuth Tenant is a named object that represents a discrete namespace for Users, Applications and Groups. A user is unique by email address or username within a tenant.
Tenants may be useful to support a multi-tenant application where you wish to use a single instance of FusionAuth but require the ability to have duplicate users across the tenants in your own application. In this scenario a user may exist multiple times with the same email address and different passwords across tenants.
Tenants may also be useful in a test or staging environment to allow multiple users to call APIs and create and modify users without possibility of collision.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as fusionauth from "pulumi-fusionauth";
const example = new fusionauth.FusionAuthTenant("example", {
connectorPolicies: [{
connectorId: "b57b3d0f-f7a4-4831-a838-549717362ea8",
domains: ["*"],
migrate: false,
}],
emailConfiguration: {
forgotPasswordEmailTemplateId: fusionauth_email.ForgotPassword_Example.id,
host: "smtp.sendgrid.net",
password: "password",
passwordlessEmailTemplateId: fusionauth_email.PasswordlessLogin_Example.id,
port: 587,
security: "TLS",
setPasswordEmailTemplateId: fusionauth_email.SetupPassword_Example.id,
username: "username",
verifyEmail: true,
verifyEmailWhenChanged: true,
additionalHeaders: {
HeaderName1: "HeaderValue1",
HeaderName2: "HeaderValue2",
},
},
eventConfigurations: [
{
enabled: false,
event: "jwt.public-key.update",
transactionType: "None",
},
{
enabled: false,
event: "jwt.refresh-token.revoke",
transactionType: "None",
},
{
enabled: false,
event: "jwt.refresh",
transactionType: "None",
},
{
enabled: false,
event: "group.create",
transactionType: "None",
},
{
enabled: false,
event: "group.create.complete",
transactionType: "None",
},
{
enabled: false,
event: "group.delete",
transactionType: "None",
},
{
enabled: false,
event: "group.delete.complete",
transactionType: "None",
},
{
enabled: false,
event: "group.member.add",
transactionType: "None",
},
{
enabled: false,
event: "group.member.add.complete",
transactionType: "None",
},
{
enabled: false,
event: "group.member.remove",
transactionType: "None",
},
{
enabled: false,
event: "group.member.remove.complete",
transactionType: "None",
},
{
enabled: false,
event: "group.member.update",
transactionType: "None",
},
{
enabled: false,
event: "group.member.update.complete",
transactionType: "None",
},
{
enabled: false,
event: "group.update",
transactionType: "None",
},
{
enabled: false,
event: "group.update.complete",
transactionType: "None",
},
{
enabled: false,
event: "user.action",
transactionType: "None",
},
{
event: "user.bulk.create",
enabled: false,
transactionType: "None",
},
{
enabled: false,
event: "user.create",
transactionType: "None",
},
{
enabled: false,
event: "user.create.complete",
transactionType: "None",
},
{
enabled: false,
event: "user.deactivate",
transactionType: "None",
},
{
enabled: false,
event: "user.delete",
transactionType: "None",
},
{
enabled: false,
event: "user.delete.complete",
transactionType: "None",
},
{
enabled: false,
event: "user.email.update",
transactionType: "None",
},
{
enabled: false,
event: "user.email.verified",
transactionType: "None",
},
{
enabled: false,
event: "user.identity-provider.link",
transactionType: "None",
},
{
enabled: false,
event: "user.identity-provider.unlink",
transactionType: "None",
},
{
enabled: false,
event: "user.loginId.duplicate.create",
transactionType: "None",
},
{
enabled: false,
event: "user.loginId.duplicate.update",
transactionType: "None",
},
{
enabled: false,
event: "user.login.failed",
transactionType: "None",
},
{
enabled: false,
event: "user.login.new-device",
transactionType: "None",
},
{
enabled: false,
event: "user.login.success",
transactionType: "None",
},
{
enabled: false,
event: "user.login.suspicious",
transactionType: "None",
},
{
enabled: false,
event: "user.password.breach",
transactionType: "None",
},
{
enabled: false,
event: "user.password.reset.send",
transactionType: "None",
},
{
enabled: false,
event: "user.password.reset.start",
transactionType: "None",
},
{
enabled: false,
event: "user.password.reset.success",
transactionType: "None",
},
{
enabled: false,
event: "user.password.update",
transactionType: "None",
},
{
enabled: false,
event: "user.reactivate",
transactionType: "None",
},
{
enabled: false,
event: "user.registration.create",
transactionType: "None",
},
{
enabled: false,
event: "user.registration.create.complete",
transactionType: "None",
},
{
enabled: false,
event: "user.registration.delete",
transactionType: "None",
},
{
enabled: false,
event: "user.registration.delete.complete",
transactionType: "None",
},
{
enabled: false,
event: "user.registration.update",
transactionType: "None",
},
{
enabled: false,
event: "user.registration.update.complete",
transactionType: "None",
},
{
enabled: false,
event: "user.registration.verified",
transactionType: "None",
},
{
enabled: false,
event: "user.two-factor.method.add",
transactionType: "None",
},
{
enabled: false,
event: "user.two-factor.method.remove",
transactionType: "None",
},
{
enabled: false,
event: "user.update",
transactionType: "None",
},
{
enabled: false,
event: "user.update.complete",
transactionType: "None",
},
],
externalIdentifierConfiguration: {
authorizationGrantIdTimeToLiveInSeconds: 30,
changePasswordIdGenerator: {
length: 32,
type: "randomBytes",
},
changePasswordIdTimeToLiveInSeconds: 600,
deviceCodeTimeToLiveInSeconds: 1800,
deviceUserCodeIdGenerator: {
length: 6,
type: "randomAlphaNumeric",
},
emailVerificationIdGenerator: {
length: 32,
type: "randomBytes",
},
emailVerificationIdTimeToLiveInSeconds: 86400,
emailVerificationOneTimeCodeGenerator: {
length: 6,
type: "randomAlphaNumeric",
},
externalAuthenticationIdTimeToLiveInSeconds: 300,
loginIntentTimeToLiveInSeconds: 1800,
oneTimePasswordTimeToLiveInSeconds: 60,
passwordlessLoginGenerator: {
length: 32,
type: "randomBytes",
},
passwordlessLoginTimeToLiveInSeconds: 600,
registrationVerificationIdGenerator: {
length: 32,
type: "randomBytes",
},
registrationVerificationIdTimeToLiveInSeconds: 86400,
registrationVerificationOneTimeCodeGenerator: {
length: 6,
type: "randomAlphaNumeric",
},
samlV2AuthnRequestIdTtlSeconds: 300,
setupPasswordIdGenerator: {
length: 32,
type: "randomBytes",
},
setupPasswordIdTimeToLiveInSeconds: 86400,
twoFactorIdTimeToLiveInSeconds: 300,
twoFactorOneTimeCodeIdGenerator: {
length: 6,
type: "randomDigits",
},
twoFactorOneTimeCodeIdTimeToLiveInSeconds: 60,
twoFactorTrustIdTimeToLiveInSeconds: 2592000,
},
failedAuthenticationConfiguration: {
actionDuration: 3,
actionDurationUnit: "MINUTES",
resetCountInSeconds: 60,
tooManyAttempts: 5,
},
familyConfiguration: {
allowChildRegistrations: true,
deleteOrphanedAccounts: false,
deleteOrphanedAccountsDays: 30,
enabled: true,
maximumChildAge: 12,
minimumOwnerAge: 21,
parentEmailRequired: false,
},
formConfiguration: {
adminUserFormId: "e92751a5-25f4-4bca-ad91-66cdf67725d2",
},
httpSessionMaxInactiveInterval: 3600,
issuer: "https://example.com",
jwtConfigurations: [{
accessTokenKeyId: fusionauth_key.accesstoken.id,
idTokenKeyId: fusionauth_key.idtoken.id,
refreshTokenTimeToLiveInMinutes: 43200,
timeToLiveInSeconds: 3600,
}],
loginConfiguration: {
requireAuthentication: true,
},
maximumPasswordAge: {
days: 180,
enabled: false,
},
minimumPasswordAge: {
enabled: false,
seconds: 30,
},
oauthConfigurations: [{
clientCredentialsAccessTokenPopulateLambdaId: fusionauth_lambda.client_jwt_populate.id,
}],
passwordEncryptionConfigurations: [{
encryptionScheme: "salted-pbkdf2-hmac-sha256",
encryptionSchemeFactor: 24000,
modifyEncryptionSchemeOnLogin: false,
}],
passwordValidationRules: {
maxLength: 256,
minLength: 7,
rememberPreviousPasswords: {
count: 1,
enabled: false,
},
requiredMixedCase: false,
requireNonAlpha: false,
requireNumber: false,
validateOnLogin: false,
},
rateLimitConfiguration: {
failedLogin: {
enabled: true,
limit: 5,
timePeriodInSeconds: 60,
},
forgotPassword: {
enabled: false,
limit: 5,
timePeriodInSeconds: 60,
},
sendEmailVerification: {
enabled: false,
limit: 5,
timePeriodInSeconds: 60,
},
sendPasswordless: {
enabled: false,
limit: 5,
timePeriodInSeconds: 60,
},
sendRegistrationVerification: {
enabled: false,
limit: 5,
timePeriodInSeconds: 60,
},
sendTwoFactor: {
enabled: false,
limit: 5,
timePeriodInSeconds: 60,
},
},
registrationConfiguration: {
blockedDomains: ["example.com"],
},
captchaConfiguration: {
enabled: true,
captchaMethod: "GoogleRecaptchaV3",
siteKey: "captcha_site_key",
secretKey: "captcha_secret_key",
threshold: 0.5,
},
themeId: fusionauth_theme.example_theme.id,
userDeletePolicy: {
unverifiedEnabled: false,
unverifiedNumberOfDaysToRetain: 30,
},
});
import pulumi
import theogravity_pulumi_fusionauth as fusionauth
example = fusionauth.FusionAuthTenant("example",
connector_policies=[{
"connector_id": "b57b3d0f-f7a4-4831-a838-549717362ea8",
"domains": ["*"],
"migrate": False,
}],
email_configuration={
"forgot_password_email_template_id": fusionauth_email["ForgotPassword_Example"]["id"],
"host": "smtp.sendgrid.net",
"password": "password",
"passwordless_email_template_id": fusionauth_email["PasswordlessLogin_Example"]["id"],
"port": 587,
"security": "TLS",
"set_password_email_template_id": fusionauth_email["SetupPassword_Example"]["id"],
"username": "username",
"verify_email": True,
"verify_email_when_changed": True,
"additional_headers": {
"HeaderName1": "HeaderValue1",
"HeaderName2": "HeaderValue2",
},
},
event_configurations=[
{
"enabled": False,
"event": "jwt.public-key.update",
"transaction_type": "None",
},
{
"enabled": False,
"event": "jwt.refresh-token.revoke",
"transaction_type": "None",
},
{
"enabled": False,
"event": "jwt.refresh",
"transaction_type": "None",
},
{
"enabled": False,
"event": "group.create",
"transaction_type": "None",
},
{
"enabled": False,
"event": "group.create.complete",
"transaction_type": "None",
},
{
"enabled": False,
"event": "group.delete",
"transaction_type": "None",
},
{
"enabled": False,
"event": "group.delete.complete",
"transaction_type": "None",
},
{
"enabled": False,
"event": "group.member.add",
"transaction_type": "None",
},
{
"enabled": False,
"event": "group.member.add.complete",
"transaction_type": "None",
},
{
"enabled": False,
"event": "group.member.remove",
"transaction_type": "None",
},
{
"enabled": False,
"event": "group.member.remove.complete",
"transaction_type": "None",
},
{
"enabled": False,
"event": "group.member.update",
"transaction_type": "None",
},
{
"enabled": False,
"event": "group.member.update.complete",
"transaction_type": "None",
},
{
"enabled": False,
"event": "group.update",
"transaction_type": "None",
},
{
"enabled": False,
"event": "group.update.complete",
"transaction_type": "None",
},
{
"enabled": False,
"event": "user.action",
"transaction_type": "None",
},
{
"event": "user.bulk.create",
"enabled": False,
"transaction_type": "None",
},
{
"enabled": False,
"event": "user.create",
"transaction_type": "None",
},
{
"enabled": False,
"event": "user.create.complete",
"transaction_type": "None",
},
{
"enabled": False,
"event": "user.deactivate",
"transaction_type": "None",
},
{
"enabled": False,
"event": "user.delete",
"transaction_type": "None",
},
{
"enabled": False,
"event": "user.delete.complete",
"transaction_type": "None",
},
{
"enabled": False,
"event": "user.email.update",
"transaction_type": "None",
},
{
"enabled": False,
"event": "user.email.verified",
"transaction_type": "None",
},
{
"enabled": False,
"event": "user.identity-provider.link",
"transaction_type": "None",
},
{
"enabled": False,
"event": "user.identity-provider.unlink",
"transaction_type": "None",
},
{
"enabled": False,
"event": "user.loginId.duplicate.create",
"transaction_type": "None",
},
{
"enabled": False,
"event": "user.loginId.duplicate.update",
"transaction_type": "None",
},
{
"enabled": False,
"event": "user.login.failed",
"transaction_type": "None",
},
{
"enabled": False,
"event": "user.login.new-device",
"transaction_type": "None",
},
{
"enabled": False,
"event": "user.login.success",
"transaction_type": "None",
},
{
"enabled": False,
"event": "user.login.suspicious",
"transaction_type": "None",
},
{
"enabled": False,
"event": "user.password.breach",
"transaction_type": "None",
},
{
"enabled": False,
"event": "user.password.reset.send",
"transaction_type": "None",
},
{
"enabled": False,
"event": "user.password.reset.start",
"transaction_type": "None",
},
{
"enabled": False,
"event": "user.password.reset.success",
"transaction_type": "None",
},
{
"enabled": False,
"event": "user.password.update",
"transaction_type": "None",
},
{
"enabled": False,
"event": "user.reactivate",
"transaction_type": "None",
},
{
"enabled": False,
"event": "user.registration.create",
"transaction_type": "None",
},
{
"enabled": False,
"event": "user.registration.create.complete",
"transaction_type": "None",
},
{
"enabled": False,
"event": "user.registration.delete",
"transaction_type": "None",
},
{
"enabled": False,
"event": "user.registration.delete.complete",
"transaction_type": "None",
},
{
"enabled": False,
"event": "user.registration.update",
"transaction_type": "None",
},
{
"enabled": False,
"event": "user.registration.update.complete",
"transaction_type": "None",
},
{
"enabled": False,
"event": "user.registration.verified",
"transaction_type": "None",
},
{
"enabled": False,
"event": "user.two-factor.method.add",
"transaction_type": "None",
},
{
"enabled": False,
"event": "user.two-factor.method.remove",
"transaction_type": "None",
},
{
"enabled": False,
"event": "user.update",
"transaction_type": "None",
},
{
"enabled": False,
"event": "user.update.complete",
"transaction_type": "None",
},
],
external_identifier_configuration={
"authorization_grant_id_time_to_live_in_seconds": 30,
"change_password_id_generator": {
"length": 32,
"type": "randomBytes",
},
"change_password_id_time_to_live_in_seconds": 600,
"device_code_time_to_live_in_seconds": 1800,
"device_user_code_id_generator": {
"length": 6,
"type": "randomAlphaNumeric",
},
"email_verification_id_generator": {
"length": 32,
"type": "randomBytes",
},
"email_verification_id_time_to_live_in_seconds": 86400,
"email_verification_one_time_code_generator": {
"length": 6,
"type": "randomAlphaNumeric",
},
"external_authentication_id_time_to_live_in_seconds": 300,
"login_intent_time_to_live_in_seconds": 1800,
"one_time_password_time_to_live_in_seconds": 60,
"passwordless_login_generator": {
"length": 32,
"type": "randomBytes",
},
"passwordless_login_time_to_live_in_seconds": 600,
"registration_verification_id_generator": {
"length": 32,
"type": "randomBytes",
},
"registration_verification_id_time_to_live_in_seconds": 86400,
"registration_verification_one_time_code_generator": {
"length": 6,
"type": "randomAlphaNumeric",
},
"saml_v2_authn_request_id_ttl_seconds": 300,
"setup_password_id_generator": {
"length": 32,
"type": "randomBytes",
},
"setup_password_id_time_to_live_in_seconds": 86400,
"two_factor_id_time_to_live_in_seconds": 300,
"two_factor_one_time_code_id_generator": {
"length": 6,
"type": "randomDigits",
},
"two_factor_one_time_code_id_time_to_live_in_seconds": 60,
"two_factor_trust_id_time_to_live_in_seconds": 2592000,
},
failed_authentication_configuration={
"action_duration": 3,
"action_duration_unit": "MINUTES",
"reset_count_in_seconds": 60,
"too_many_attempts": 5,
},
family_configuration={
"allow_child_registrations": True,
"delete_orphaned_accounts": False,
"delete_orphaned_accounts_days": 30,
"enabled": True,
"maximum_child_age": 12,
"minimum_owner_age": 21,
"parent_email_required": False,
},
form_configuration={
"admin_user_form_id": "e92751a5-25f4-4bca-ad91-66cdf67725d2",
},
http_session_max_inactive_interval=3600,
issuer="https://example.com",
jwt_configurations=[{
"access_token_key_id": fusionauth_key["accesstoken"]["id"],
"id_token_key_id": fusionauth_key["idtoken"]["id"],
"refresh_token_time_to_live_in_minutes": 43200,
"time_to_live_in_seconds": 3600,
}],
login_configuration={
"require_authentication": True,
},
maximum_password_age={
"days": 180,
"enabled": False,
},
minimum_password_age={
"enabled": False,
"seconds": 30,
},
oauth_configurations=[{
"client_credentials_access_token_populate_lambda_id": fusionauth_lambda["client_jwt_populate"]["id"],
}],
password_encryption_configurations=[{
"encryption_scheme": "salted-pbkdf2-hmac-sha256",
"encryption_scheme_factor": 24000,
"modify_encryption_scheme_on_login": False,
}],
password_validation_rules={
"max_length": 256,
"min_length": 7,
"remember_previous_passwords": {
"count": 1,
"enabled": False,
},
"required_mixed_case": False,
"require_non_alpha": False,
"require_number": False,
"validate_on_login": False,
},
rate_limit_configuration={
"failed_login": {
"enabled": True,
"limit": 5,
"time_period_in_seconds": 60,
},
"forgot_password": {
"enabled": False,
"limit": 5,
"time_period_in_seconds": 60,
},
"send_email_verification": {
"enabled": False,
"limit": 5,
"time_period_in_seconds": 60,
},
"send_passwordless": {
"enabled": False,
"limit": 5,
"time_period_in_seconds": 60,
},
"send_registration_verification": {
"enabled": False,
"limit": 5,
"time_period_in_seconds": 60,
},
"send_two_factor": {
"enabled": False,
"limit": 5,
"time_period_in_seconds": 60,
},
},
registration_configuration={
"blocked_domains": ["example.com"],
},
captcha_configuration={
"enabled": True,
"captcha_method": "GoogleRecaptchaV3",
"site_key": "captcha_site_key",
"secret_key": "captcha_secret_key",
"threshold": 0.5,
},
theme_id=fusionauth_theme["example_theme"]["id"],
user_delete_policy={
"unverified_enabled": False,
"unverified_number_of_days_to_retain": 30,
})
package main
import (
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/theogravity/pulumi-fusionauth/sdk/go/fusionauth"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := fusionauth.NewFusionAuthTenant(ctx, "example", &fusionauth.FusionAuthTenantArgs{
ConnectorPolicies: fusionauth.FusionAuthTenantConnectorPolicyArray{
&fusionauth.FusionAuthTenantConnectorPolicyArgs{
ConnectorId: pulumi.String("b57b3d0f-f7a4-4831-a838-549717362ea8"),
Domains: pulumi.StringArray{
pulumi.String("*"),
},
Migrate: pulumi.Bool(false),
},
},
EmailConfiguration: &fusionauth.FusionAuthTenantEmailConfigurationArgs{
ForgotPasswordEmailTemplateId: pulumi.Any(fusionauth_email.ForgotPassword_Example.Id),
Host: pulumi.String("smtp.sendgrid.net"),
Password: pulumi.String("password"),
PasswordlessEmailTemplateId: pulumi.Any(fusionauth_email.PasswordlessLogin_Example.Id),
Port: pulumi.Int(587),
Security: pulumi.String("TLS"),
SetPasswordEmailTemplateId: pulumi.Any(fusionauth_email.SetupPassword_Example.Id),
Username: pulumi.String("username"),
VerifyEmail: pulumi.Bool(true),
VerifyEmailWhenChanged: pulumi.Bool(true),
AdditionalHeaders: pulumi.StringMap{
"HeaderName1": pulumi.String("HeaderValue1"),
"HeaderName2": pulumi.String("HeaderValue2"),
},
},
EventConfigurations: fusionauth.FusionAuthTenantEventConfigurationArray{
&fusionauth.FusionAuthTenantEventConfigurationArgs{
Enabled: pulumi.Bool(false),
Event: pulumi.String("jwt.public-key.update"),
TransactionType: pulumi.String("None"),
},
&fusionauth.FusionAuthTenantEventConfigurationArgs{
Enabled: pulumi.Bool(false),
Event: pulumi.String("jwt.refresh-token.revoke"),
TransactionType: pulumi.String("None"),
},
&fusionauth.FusionAuthTenantEventConfigurationArgs{
Enabled: pulumi.Bool(false),
Event: pulumi.String("jwt.refresh"),
TransactionType: pulumi.String("None"),
},
&fusionauth.FusionAuthTenantEventConfigurationArgs{
Enabled: pulumi.Bool(false),
Event: pulumi.String("group.create"),
TransactionType: pulumi.String("None"),
},
&fusionauth.FusionAuthTenantEventConfigurationArgs{
Enabled: pulumi.Bool(false),
Event: pulumi.String("group.create.complete"),
TransactionType: pulumi.String("None"),
},
&fusionauth.FusionAuthTenantEventConfigurationArgs{
Enabled: pulumi.Bool(false),
Event: pulumi.String("group.delete"),
TransactionType: pulumi.String("None"),
},
&fusionauth.FusionAuthTenantEventConfigurationArgs{
Enabled: pulumi.Bool(false),
Event: pulumi.String("group.delete.complete"),
TransactionType: pulumi.String("None"),
},
&fusionauth.FusionAuthTenantEventConfigurationArgs{
Enabled: pulumi.Bool(false),
Event: pulumi.String("group.member.add"),
TransactionType: pulumi.String("None"),
},
&fusionauth.FusionAuthTenantEventConfigurationArgs{
Enabled: pulumi.Bool(false),
Event: pulumi.String("group.member.add.complete"),
TransactionType: pulumi.String("None"),
},
&fusionauth.FusionAuthTenantEventConfigurationArgs{
Enabled: pulumi.Bool(false),
Event: pulumi.String("group.member.remove"),
TransactionType: pulumi.String("None"),
},
&fusionauth.FusionAuthTenantEventConfigurationArgs{
Enabled: pulumi.Bool(false),
Event: pulumi.String("group.member.remove.complete"),
TransactionType: pulumi.String("None"),
},
&fusionauth.FusionAuthTenantEventConfigurationArgs{
Enabled: pulumi.Bool(false),
Event: pulumi.String("group.member.update"),
TransactionType: pulumi.String("None"),
},
&fusionauth.FusionAuthTenantEventConfigurationArgs{
Enabled: pulumi.Bool(false),
Event: pulumi.String("group.member.update.complete"),
TransactionType: pulumi.String("None"),
},
&fusionauth.FusionAuthTenantEventConfigurationArgs{
Enabled: pulumi.Bool(false),
Event: pulumi.String("group.update"),
TransactionType: pulumi.String("None"),
},
&fusionauth.FusionAuthTenantEventConfigurationArgs{
Enabled: pulumi.Bool(false),
Event: pulumi.String("group.update.complete"),
TransactionType: pulumi.String("None"),
},
&fusionauth.FusionAuthTenantEventConfigurationArgs{
Enabled: pulumi.Bool(false),
Event: pulumi.String("user.action"),
TransactionType: pulumi.String("None"),
},
&fusionauth.FusionAuthTenantEventConfigurationArgs{
Event: pulumi.String("user.bulk.create"),
Enabled: pulumi.Bool(false),
TransactionType: pulumi.String("None"),
},
&fusionauth.FusionAuthTenantEventConfigurationArgs{
Enabled: pulumi.Bool(false),
Event: pulumi.String("user.create"),
TransactionType: pulumi.String("None"),
},
&fusionauth.FusionAuthTenantEventConfigurationArgs{
Enabled: pulumi.Bool(false),
Event: pulumi.String("user.create.complete"),
TransactionType: pulumi.String("None"),
},
&fusionauth.FusionAuthTenantEventConfigurationArgs{
Enabled: pulumi.Bool(false),
Event: pulumi.String("user.deactivate"),
TransactionType: pulumi.String("None"),
},
&fusionauth.FusionAuthTenantEventConfigurationArgs{
Enabled: pulumi.Bool(false),
Event: pulumi.String("user.delete"),
TransactionType: pulumi.String("None"),
},
&fusionauth.FusionAuthTenantEventConfigurationArgs{
Enabled: pulumi.Bool(false),
Event: pulumi.String("user.delete.complete"),
TransactionType: pulumi.String("None"),
},
&fusionauth.FusionAuthTenantEventConfigurationArgs{
Enabled: pulumi.Bool(false),
Event: pulumi.String("user.email.update"),
TransactionType: pulumi.String("None"),
},
&fusionauth.FusionAuthTenantEventConfigurationArgs{
Enabled: pulumi.Bool(false),
Event: pulumi.String("user.email.verified"),
TransactionType: pulumi.String("None"),
},
&fusionauth.FusionAuthTenantEventConfigurationArgs{
Enabled: pulumi.Bool(false),
Event: pulumi.String("user.identity-provider.link"),
TransactionType: pulumi.String("None"),
},
&fusionauth.FusionAuthTenantEventConfigurationArgs{
Enabled: pulumi.Bool(false),
Event: pulumi.String("user.identity-provider.unlink"),
TransactionType: pulumi.String("None"),
},
&fusionauth.FusionAuthTenantEventConfigurationArgs{
Enabled: pulumi.Bool(false),
Event: pulumi.String("user.loginId.duplicate.create"),
TransactionType: pulumi.String("None"),
},
&fusionauth.FusionAuthTenantEventConfigurationArgs{
Enabled: pulumi.Bool(false),
Event: pulumi.String("user.loginId.duplicate.update"),
TransactionType: pulumi.String("None"),
},
&fusionauth.FusionAuthTenantEventConfigurationArgs{
Enabled: pulumi.Bool(false),
Event: pulumi.String("user.login.failed"),
TransactionType: pulumi.String("None"),
},
&fusionauth.FusionAuthTenantEventConfigurationArgs{
Enabled: pulumi.Bool(false),
Event: pulumi.String("user.login.new-device"),
TransactionType: pulumi.String("None"),
},
&fusionauth.FusionAuthTenantEventConfigurationArgs{
Enabled: pulumi.Bool(false),
Event: pulumi.String("user.login.success"),
TransactionType: pulumi.String("None"),
},
&fusionauth.FusionAuthTenantEventConfigurationArgs{
Enabled: pulumi.Bool(false),
Event: pulumi.String("user.login.suspicious"),
TransactionType: pulumi.String("None"),
},
&fusionauth.FusionAuthTenantEventConfigurationArgs{
Enabled: pulumi.Bool(false),
Event: pulumi.String("user.password.breach"),
TransactionType: pulumi.String("None"),
},
&fusionauth.FusionAuthTenantEventConfigurationArgs{
Enabled: pulumi.Bool(false),
Event: pulumi.String("user.password.reset.send"),
TransactionType: pulumi.String("None"),
},
&fusionauth.FusionAuthTenantEventConfigurationArgs{
Enabled: pulumi.Bool(false),
Event: pulumi.String("user.password.reset.start"),
TransactionType: pulumi.String("None"),
},
&fusionauth.FusionAuthTenantEventConfigurationArgs{
Enabled: pulumi.Bool(false),
Event: pulumi.String("user.password.reset.success"),
TransactionType: pulumi.String("None"),
},
&fusionauth.FusionAuthTenantEventConfigurationArgs{
Enabled: pulumi.Bool(false),
Event: pulumi.String("user.password.update"),
TransactionType: pulumi.String("None"),
},
&fusionauth.FusionAuthTenantEventConfigurationArgs{
Enabled: pulumi.Bool(false),
Event: pulumi.String("user.reactivate"),
TransactionType: pulumi.String("None"),
},
&fusionauth.FusionAuthTenantEventConfigurationArgs{
Enabled: pulumi.Bool(false),
Event: pulumi.String("user.registration.create"),
TransactionType: pulumi.String("None"),
},
&fusionauth.FusionAuthTenantEventConfigurationArgs{
Enabled: pulumi.Bool(false),
Event: pulumi.String("user.registration.create.complete"),
TransactionType: pulumi.String("None"),
},
&fusionauth.FusionAuthTenantEventConfigurationArgs{
Enabled: pulumi.Bool(false),
Event: pulumi.String("user.registration.delete"),
TransactionType: pulumi.String("None"),
},
&fusionauth.FusionAuthTenantEventConfigurationArgs{
Enabled: pulumi.Bool(false),
Event: pulumi.String("user.registration.delete.complete"),
TransactionType: pulumi.String("None"),
},
&fusionauth.FusionAuthTenantEventConfigurationArgs{
Enabled: pulumi.Bool(false),
Event: pulumi.String("user.registration.update"),
TransactionType: pulumi.String("None"),
},
&fusionauth.FusionAuthTenantEventConfigurationArgs{
Enabled: pulumi.Bool(false),
Event: pulumi.String("user.registration.update.complete"),
TransactionType: pulumi.String("None"),
},
&fusionauth.FusionAuthTenantEventConfigurationArgs{
Enabled: pulumi.Bool(false),
Event: pulumi.String("user.registration.verified"),
TransactionType: pulumi.String("None"),
},
&fusionauth.FusionAuthTenantEventConfigurationArgs{
Enabled: pulumi.Bool(false),
Event: pulumi.String("user.two-factor.method.add"),
TransactionType: pulumi.String("None"),
},
&fusionauth.FusionAuthTenantEventConfigurationArgs{
Enabled: pulumi.Bool(false),
Event: pulumi.String("user.two-factor.method.remove"),
TransactionType: pulumi.String("None"),
},
&fusionauth.FusionAuthTenantEventConfigurationArgs{
Enabled: pulumi.Bool(false),
Event: pulumi.String("user.update"),
TransactionType: pulumi.String("None"),
},
&fusionauth.FusionAuthTenantEventConfigurationArgs{
Enabled: pulumi.Bool(false),
Event: pulumi.String("user.update.complete"),
TransactionType: pulumi.String("None"),
},
},
ExternalIdentifierConfiguration: &fusionauth.FusionAuthTenantExternalIdentifierConfigurationArgs{
AuthorizationGrantIdTimeToLiveInSeconds: pulumi.Int(30),
ChangePasswordIdGenerator: &fusionauth.FusionAuthTenantExternalIdentifierConfigurationChangePasswordIdGeneratorArgs{
Length: pulumi.Int(32),
Type: pulumi.String("randomBytes"),
},
ChangePasswordIdTimeToLiveInSeconds: pulumi.Int(600),
DeviceCodeTimeToLiveInSeconds: pulumi.Int(1800),
DeviceUserCodeIdGenerator: &fusionauth.FusionAuthTenantExternalIdentifierConfigurationDeviceUserCodeIdGeneratorArgs{
Length: pulumi.Int(6),
Type: pulumi.String("randomAlphaNumeric"),
},
EmailVerificationIdGenerator: &fusionauth.FusionAuthTenantExternalIdentifierConfigurationEmailVerificationIdGeneratorArgs{
Length: pulumi.Int(32),
Type: pulumi.String("randomBytes"),
},
EmailVerificationIdTimeToLiveInSeconds: pulumi.Int(86400),
EmailVerificationOneTimeCodeGenerator: &fusionauth.FusionAuthTenantExternalIdentifierConfigurationEmailVerificationOneTimeCodeGeneratorArgs{
Length: pulumi.Int(6),
Type: pulumi.String("randomAlphaNumeric"),
},
ExternalAuthenticationIdTimeToLiveInSeconds: pulumi.Int(300),
LoginIntentTimeToLiveInSeconds: pulumi.Int(1800),
OneTimePasswordTimeToLiveInSeconds: pulumi.Int(60),
PasswordlessLoginGenerator: &fusionauth.FusionAuthTenantExternalIdentifierConfigurationPasswordlessLoginGeneratorArgs{
Length: pulumi.Int(32),
Type: pulumi.String("randomBytes"),
},
PasswordlessLoginTimeToLiveInSeconds: pulumi.Int(600),
RegistrationVerificationIdGenerator: &fusionauth.FusionAuthTenantExternalIdentifierConfigurationRegistrationVerificationIdGeneratorArgs{
Length: pulumi.Int(32),
Type: pulumi.String("randomBytes"),
},
RegistrationVerificationIdTimeToLiveInSeconds: pulumi.Int(86400),
RegistrationVerificationOneTimeCodeGenerator: &fusionauth.FusionAuthTenantExternalIdentifierConfigurationRegistrationVerificationOneTimeCodeGeneratorArgs{
Length: pulumi.Int(6),
Type: pulumi.String("randomAlphaNumeric"),
},
SamlV2AuthnRequestIdTtlSeconds: pulumi.Int(300),
SetupPasswordIdGenerator: &fusionauth.FusionAuthTenantExternalIdentifierConfigurationSetupPasswordIdGeneratorArgs{
Length: pulumi.Int(32),
Type: pulumi.String("randomBytes"),
},
SetupPasswordIdTimeToLiveInSeconds: pulumi.Int(86400),
TwoFactorIdTimeToLiveInSeconds: pulumi.Int(300),
TwoFactorOneTimeCodeIdGenerator: &fusionauth.FusionAuthTenantExternalIdentifierConfigurationTwoFactorOneTimeCodeIdGeneratorArgs{
Length: pulumi.Int(6),
Type: pulumi.String("randomDigits"),
},
TwoFactorOneTimeCodeIdTimeToLiveInSeconds: pulumi.Int(60),
TwoFactorTrustIdTimeToLiveInSeconds: pulumi.Int(2592000),
},
FailedAuthenticationConfiguration: &fusionauth.FusionAuthTenantFailedAuthenticationConfigurationArgs{
ActionDuration: pulumi.Int(3),
ActionDurationUnit: pulumi.String("MINUTES"),
ResetCountInSeconds: pulumi.Int(60),
TooManyAttempts: pulumi.Int(5),
},
FamilyConfiguration: &fusionauth.FusionAuthTenantFamilyConfigurationArgs{
AllowChildRegistrations: pulumi.Bool(true),
DeleteOrphanedAccounts: pulumi.Bool(false),
DeleteOrphanedAccountsDays: pulumi.Int(30),
Enabled: pulumi.Bool(true),
MaximumChildAge: pulumi.Int(12),
MinimumOwnerAge: pulumi.Int(21),
ParentEmailRequired: pulumi.Bool(false),
},
FormConfiguration: &fusionauth.FusionAuthTenantFormConfigurationArgs{
AdminUserFormId: pulumi.String("e92751a5-25f4-4bca-ad91-66cdf67725d2"),
},
HttpSessionMaxInactiveInterval: pulumi.Int(3600),
Issuer: pulumi.String("https://example.com"),
JwtConfigurations: fusionauth.FusionAuthTenantJwtConfigurationArray{
&fusionauth.FusionAuthTenantJwtConfigurationArgs{
AccessTokenKeyId: pulumi.Any(fusionauth_key.Accesstoken.Id),
IdTokenKeyId: pulumi.Any(fusionauth_key.Idtoken.Id),
RefreshTokenTimeToLiveInMinutes: pulumi.Int(43200),
TimeToLiveInSeconds: pulumi.Int(3600),
},
},
LoginConfiguration: &fusionauth.FusionAuthTenantLoginConfigurationArgs{
RequireAuthentication: pulumi.Bool(true),
},
MaximumPasswordAge: &fusionauth.FusionAuthTenantMaximumPasswordAgeArgs{
Days: pulumi.Int(180),
Enabled: pulumi.Bool(false),
},
MinimumPasswordAge: &fusionauth.FusionAuthTenantMinimumPasswordAgeArgs{
Enabled: pulumi.Bool(false),
Seconds: pulumi.Int(30),
},
OauthConfigurations: fusionauth.FusionAuthTenantOauthConfigurationArray{
&fusionauth.FusionAuthTenantOauthConfigurationArgs{
ClientCredentialsAccessTokenPopulateLambdaId: pulumi.Any(fusionauth_lambda.Client_jwt_populate.Id),
},
},
PasswordEncryptionConfigurations: fusionauth.FusionAuthTenantPasswordEncryptionConfigurationArray{
&fusionauth.FusionAuthTenantPasswordEncryptionConfigurationArgs{
EncryptionScheme: pulumi.String("salted-pbkdf2-hmac-sha256"),
EncryptionSchemeFactor: pulumi.Int(24000),
ModifyEncryptionSchemeOnLogin: pulumi.Bool(false),
},
},
PasswordValidationRules: &fusionauth.FusionAuthTenantPasswordValidationRulesArgs{
MaxLength: pulumi.Int(256),
MinLength: pulumi.Int(7),
RememberPreviousPasswords: &fusionauth.FusionAuthTenantPasswordValidationRulesRememberPreviousPasswordsArgs{
Count: pulumi.Int(1),
Enabled: pulumi.Bool(false),
},
RequiredMixedCase: pulumi.Bool(false),
RequireNonAlpha: pulumi.Bool(false),
RequireNumber: pulumi.Bool(false),
ValidateOnLogin: pulumi.Bool(false),
},
RateLimitConfiguration: &fusionauth.FusionAuthTenantRateLimitConfigurationArgs{
FailedLogin: &fusionauth.FusionAuthTenantRateLimitConfigurationFailedLoginArgs{
Enabled: pulumi.Bool(true),
Limit: pulumi.Int(5),
TimePeriodInSeconds: pulumi.Int(60),
},
ForgotPassword: &fusionauth.FusionAuthTenantRateLimitConfigurationForgotPasswordArgs{
Enabled: pulumi.Bool(false),
Limit: pulumi.Int(5),
TimePeriodInSeconds: pulumi.Int(60),
},
SendEmailVerification: &fusionauth.FusionAuthTenantRateLimitConfigurationSendEmailVerificationArgs{
Enabled: pulumi.Bool(false),
Limit: pulumi.Int(5),
TimePeriodInSeconds: pulumi.Int(60),
},
SendPasswordless: &fusionauth.FusionAuthTenantRateLimitConfigurationSendPasswordlessArgs{
Enabled: pulumi.Bool(false),
Limit: pulumi.Int(5),
TimePeriodInSeconds: pulumi.Int(60),
},
SendRegistrationVerification: &fusionauth.FusionAuthTenantRateLimitConfigurationSendRegistrationVerificationArgs{
Enabled: pulumi.Bool(false),
Limit: pulumi.Int(5),
TimePeriodInSeconds: pulumi.Int(60),
},
SendTwoFactor: &fusionauth.FusionAuthTenantRateLimitConfigurationSendTwoFactorArgs{
Enabled: pulumi.Bool(false),
Limit: pulumi.Int(5),
TimePeriodInSeconds: pulumi.Int(60),
},
},
RegistrationConfiguration: &fusionauth.FusionAuthTenantRegistrationConfigurationArgs{
BlockedDomains: pulumi.StringArray{
pulumi.String("example.com"),
},
},
CaptchaConfiguration: &fusionauth.FusionAuthTenantCaptchaConfigurationArgs{
Enabled: pulumi.Bool(true),
CaptchaMethod: pulumi.String("GoogleRecaptchaV3"),
SiteKey: pulumi.String("captcha_site_key"),
SecretKey: pulumi.String("captcha_secret_key"),
Threshold: pulumi.Float64(0.5),
},
ThemeId: pulumi.Any(fusionauth_theme.Example_theme.Id),
UserDeletePolicy: &fusionauth.FusionAuthTenantUserDeletePolicyArgs{
UnverifiedEnabled: pulumi.Bool(false),
UnverifiedNumberOfDaysToRetain: pulumi.Int(30),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Fusionauth = theogravity.Fusionauth;
return await Deployment.RunAsync(() =>
{
var example = new Fusionauth.FusionAuthTenant("example", new()
{
ConnectorPolicies = new[]
{
new Fusionauth.Inputs.FusionAuthTenantConnectorPolicyArgs
{
ConnectorId = "b57b3d0f-f7a4-4831-a838-549717362ea8",
Domains = new[]
{
"*",
},
Migrate = false,
},
},
EmailConfiguration = new Fusionauth.Inputs.FusionAuthTenantEmailConfigurationArgs
{
ForgotPasswordEmailTemplateId = fusionauth_email.ForgotPassword_Example.Id,
Host = "smtp.sendgrid.net",
Password = "password",
PasswordlessEmailTemplateId = fusionauth_email.PasswordlessLogin_Example.Id,
Port = 587,
Security = "TLS",
SetPasswordEmailTemplateId = fusionauth_email.SetupPassword_Example.Id,
Username = "username",
VerifyEmail = true,
VerifyEmailWhenChanged = true,
AdditionalHeaders =
{
{ "HeaderName1", "HeaderValue1" },
{ "HeaderName2", "HeaderValue2" },
},
},
EventConfigurations = new[]
{
new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs
{
Enabled = false,
Event = "jwt.public-key.update",
TransactionType = "None",
},
new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs
{
Enabled = false,
Event = "jwt.refresh-token.revoke",
TransactionType = "None",
},
new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs
{
Enabled = false,
Event = "jwt.refresh",
TransactionType = "None",
},
new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs
{
Enabled = false,
Event = "group.create",
TransactionType = "None",
},
new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs
{
Enabled = false,
Event = "group.create.complete",
TransactionType = "None",
},
new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs
{
Enabled = false,
Event = "group.delete",
TransactionType = "None",
},
new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs
{
Enabled = false,
Event = "group.delete.complete",
TransactionType = "None",
},
new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs
{
Enabled = false,
Event = "group.member.add",
TransactionType = "None",
},
new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs
{
Enabled = false,
Event = "group.member.add.complete",
TransactionType = "None",
},
new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs
{
Enabled = false,
Event = "group.member.remove",
TransactionType = "None",
},
new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs
{
Enabled = false,
Event = "group.member.remove.complete",
TransactionType = "None",
},
new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs
{
Enabled = false,
Event = "group.member.update",
TransactionType = "None",
},
new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs
{
Enabled = false,
Event = "group.member.update.complete",
TransactionType = "None",
},
new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs
{
Enabled = false,
Event = "group.update",
TransactionType = "None",
},
new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs
{
Enabled = false,
Event = "group.update.complete",
TransactionType = "None",
},
new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs
{
Enabled = false,
Event = "user.action",
TransactionType = "None",
},
new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs
{
Event = "user.bulk.create",
Enabled = false,
TransactionType = "None",
},
new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs
{
Enabled = false,
Event = "user.create",
TransactionType = "None",
},
new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs
{
Enabled = false,
Event = "user.create.complete",
TransactionType = "None",
},
new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs
{
Enabled = false,
Event = "user.deactivate",
TransactionType = "None",
},
new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs
{
Enabled = false,
Event = "user.delete",
TransactionType = "None",
},
new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs
{
Enabled = false,
Event = "user.delete.complete",
TransactionType = "None",
},
new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs
{
Enabled = false,
Event = "user.email.update",
TransactionType = "None",
},
new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs
{
Enabled = false,
Event = "user.email.verified",
TransactionType = "None",
},
new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs
{
Enabled = false,
Event = "user.identity-provider.link",
TransactionType = "None",
},
new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs
{
Enabled = false,
Event = "user.identity-provider.unlink",
TransactionType = "None",
},
new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs
{
Enabled = false,
Event = "user.loginId.duplicate.create",
TransactionType = "None",
},
new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs
{
Enabled = false,
Event = "user.loginId.duplicate.update",
TransactionType = "None",
},
new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs
{
Enabled = false,
Event = "user.login.failed",
TransactionType = "None",
},
new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs
{
Enabled = false,
Event = "user.login.new-device",
TransactionType = "None",
},
new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs
{
Enabled = false,
Event = "user.login.success",
TransactionType = "None",
},
new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs
{
Enabled = false,
Event = "user.login.suspicious",
TransactionType = "None",
},
new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs
{
Enabled = false,
Event = "user.password.breach",
TransactionType = "None",
},
new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs
{
Enabled = false,
Event = "user.password.reset.send",
TransactionType = "None",
},
new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs
{
Enabled = false,
Event = "user.password.reset.start",
TransactionType = "None",
},
new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs
{
Enabled = false,
Event = "user.password.reset.success",
TransactionType = "None",
},
new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs
{
Enabled = false,
Event = "user.password.update",
TransactionType = "None",
},
new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs
{
Enabled = false,
Event = "user.reactivate",
TransactionType = "None",
},
new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs
{
Enabled = false,
Event = "user.registration.create",
TransactionType = "None",
},
new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs
{
Enabled = false,
Event = "user.registration.create.complete",
TransactionType = "None",
},
new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs
{
Enabled = false,
Event = "user.registration.delete",
TransactionType = "None",
},
new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs
{
Enabled = false,
Event = "user.registration.delete.complete",
TransactionType = "None",
},
new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs
{
Enabled = false,
Event = "user.registration.update",
TransactionType = "None",
},
new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs
{
Enabled = false,
Event = "user.registration.update.complete",
TransactionType = "None",
},
new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs
{
Enabled = false,
Event = "user.registration.verified",
TransactionType = "None",
},
new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs
{
Enabled = false,
Event = "user.two-factor.method.add",
TransactionType = "None",
},
new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs
{
Enabled = false,
Event = "user.two-factor.method.remove",
TransactionType = "None",
},
new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs
{
Enabled = false,
Event = "user.update",
TransactionType = "None",
},
new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs
{
Enabled = false,
Event = "user.update.complete",
TransactionType = "None",
},
},
ExternalIdentifierConfiguration = new Fusionauth.Inputs.FusionAuthTenantExternalIdentifierConfigurationArgs
{
AuthorizationGrantIdTimeToLiveInSeconds = 30,
ChangePasswordIdGenerator = new Fusionauth.Inputs.FusionAuthTenantExternalIdentifierConfigurationChangePasswordIdGeneratorArgs
{
Length = 32,
Type = "randomBytes",
},
ChangePasswordIdTimeToLiveInSeconds = 600,
DeviceCodeTimeToLiveInSeconds = 1800,
DeviceUserCodeIdGenerator = new Fusionauth.Inputs.FusionAuthTenantExternalIdentifierConfigurationDeviceUserCodeIdGeneratorArgs
{
Length = 6,
Type = "randomAlphaNumeric",
},
EmailVerificationIdGenerator = new Fusionauth.Inputs.FusionAuthTenantExternalIdentifierConfigurationEmailVerificationIdGeneratorArgs
{
Length = 32,
Type = "randomBytes",
},
EmailVerificationIdTimeToLiveInSeconds = 86400,
EmailVerificationOneTimeCodeGenerator = new Fusionauth.Inputs.FusionAuthTenantExternalIdentifierConfigurationEmailVerificationOneTimeCodeGeneratorArgs
{
Length = 6,
Type = "randomAlphaNumeric",
},
ExternalAuthenticationIdTimeToLiveInSeconds = 300,
LoginIntentTimeToLiveInSeconds = 1800,
OneTimePasswordTimeToLiveInSeconds = 60,
PasswordlessLoginGenerator = new Fusionauth.Inputs.FusionAuthTenantExternalIdentifierConfigurationPasswordlessLoginGeneratorArgs
{
Length = 32,
Type = "randomBytes",
},
PasswordlessLoginTimeToLiveInSeconds = 600,
RegistrationVerificationIdGenerator = new Fusionauth.Inputs.FusionAuthTenantExternalIdentifierConfigurationRegistrationVerificationIdGeneratorArgs
{
Length = 32,
Type = "randomBytes",
},
RegistrationVerificationIdTimeToLiveInSeconds = 86400,
RegistrationVerificationOneTimeCodeGenerator = new Fusionauth.Inputs.FusionAuthTenantExternalIdentifierConfigurationRegistrationVerificationOneTimeCodeGeneratorArgs
{
Length = 6,
Type = "randomAlphaNumeric",
},
SamlV2AuthnRequestIdTtlSeconds = 300,
SetupPasswordIdGenerator = new Fusionauth.Inputs.FusionAuthTenantExternalIdentifierConfigurationSetupPasswordIdGeneratorArgs
{
Length = 32,
Type = "randomBytes",
},
SetupPasswordIdTimeToLiveInSeconds = 86400,
TwoFactorIdTimeToLiveInSeconds = 300,
TwoFactorOneTimeCodeIdGenerator = new Fusionauth.Inputs.FusionAuthTenantExternalIdentifierConfigurationTwoFactorOneTimeCodeIdGeneratorArgs
{
Length = 6,
Type = "randomDigits",
},
TwoFactorOneTimeCodeIdTimeToLiveInSeconds = 60,
TwoFactorTrustIdTimeToLiveInSeconds = 2592000,
},
FailedAuthenticationConfiguration = new Fusionauth.Inputs.FusionAuthTenantFailedAuthenticationConfigurationArgs
{
ActionDuration = 3,
ActionDurationUnit = "MINUTES",
ResetCountInSeconds = 60,
TooManyAttempts = 5,
},
FamilyConfiguration = new Fusionauth.Inputs.FusionAuthTenantFamilyConfigurationArgs
{
AllowChildRegistrations = true,
DeleteOrphanedAccounts = false,
DeleteOrphanedAccountsDays = 30,
Enabled = true,
MaximumChildAge = 12,
MinimumOwnerAge = 21,
ParentEmailRequired = false,
},
FormConfiguration = new Fusionauth.Inputs.FusionAuthTenantFormConfigurationArgs
{
AdminUserFormId = "e92751a5-25f4-4bca-ad91-66cdf67725d2",
},
HttpSessionMaxInactiveInterval = 3600,
Issuer = "https://example.com",
JwtConfigurations = new[]
{
new Fusionauth.Inputs.FusionAuthTenantJwtConfigurationArgs
{
AccessTokenKeyId = fusionauth_key.Accesstoken.Id,
IdTokenKeyId = fusionauth_key.Idtoken.Id,
RefreshTokenTimeToLiveInMinutes = 43200,
TimeToLiveInSeconds = 3600,
},
},
LoginConfiguration = new Fusionauth.Inputs.FusionAuthTenantLoginConfigurationArgs
{
RequireAuthentication = true,
},
MaximumPasswordAge = new Fusionauth.Inputs.FusionAuthTenantMaximumPasswordAgeArgs
{
Days = 180,
Enabled = false,
},
MinimumPasswordAge = new Fusionauth.Inputs.FusionAuthTenantMinimumPasswordAgeArgs
{
Enabled = false,
Seconds = 30,
},
OauthConfigurations = new[]
{
new Fusionauth.Inputs.FusionAuthTenantOauthConfigurationArgs
{
ClientCredentialsAccessTokenPopulateLambdaId = fusionauth_lambda.Client_jwt_populate.Id,
},
},
PasswordEncryptionConfigurations = new[]
{
new Fusionauth.Inputs.FusionAuthTenantPasswordEncryptionConfigurationArgs
{
EncryptionScheme = "salted-pbkdf2-hmac-sha256",
EncryptionSchemeFactor = 24000,
ModifyEncryptionSchemeOnLogin = false,
},
},
PasswordValidationRules = new Fusionauth.Inputs.FusionAuthTenantPasswordValidationRulesArgs
{
MaxLength = 256,
MinLength = 7,
RememberPreviousPasswords = new Fusionauth.Inputs.FusionAuthTenantPasswordValidationRulesRememberPreviousPasswordsArgs
{
Count = 1,
Enabled = false,
},
RequiredMixedCase = false,
RequireNonAlpha = false,
RequireNumber = false,
ValidateOnLogin = false,
},
RateLimitConfiguration = new Fusionauth.Inputs.FusionAuthTenantRateLimitConfigurationArgs
{
FailedLogin = new Fusionauth.Inputs.FusionAuthTenantRateLimitConfigurationFailedLoginArgs
{
Enabled = true,
Limit = 5,
TimePeriodInSeconds = 60,
},
ForgotPassword = new Fusionauth.Inputs.FusionAuthTenantRateLimitConfigurationForgotPasswordArgs
{
Enabled = false,
Limit = 5,
TimePeriodInSeconds = 60,
},
SendEmailVerification = new Fusionauth.Inputs.FusionAuthTenantRateLimitConfigurationSendEmailVerificationArgs
{
Enabled = false,
Limit = 5,
TimePeriodInSeconds = 60,
},
SendPasswordless = new Fusionauth.Inputs.FusionAuthTenantRateLimitConfigurationSendPasswordlessArgs
{
Enabled = false,
Limit = 5,
TimePeriodInSeconds = 60,
},
SendRegistrationVerification = new Fusionauth.Inputs.FusionAuthTenantRateLimitConfigurationSendRegistrationVerificationArgs
{
Enabled = false,
Limit = 5,
TimePeriodInSeconds = 60,
},
SendTwoFactor = new Fusionauth.Inputs.FusionAuthTenantRateLimitConfigurationSendTwoFactorArgs
{
Enabled = false,
Limit = 5,
TimePeriodInSeconds = 60,
},
},
RegistrationConfiguration = new Fusionauth.Inputs.FusionAuthTenantRegistrationConfigurationArgs
{
BlockedDomains = new[]
{
"example.com",
},
},
CaptchaConfiguration = new Fusionauth.Inputs.FusionAuthTenantCaptchaConfigurationArgs
{
Enabled = true,
CaptchaMethod = "GoogleRecaptchaV3",
SiteKey = "captcha_site_key",
SecretKey = "captcha_secret_key",
Threshold = 0.5,
},
ThemeId = fusionauth_theme.Example_theme.Id,
UserDeletePolicy = new Fusionauth.Inputs.FusionAuthTenantUserDeletePolicyArgs
{
UnverifiedEnabled = false,
UnverifiedNumberOfDaysToRetain = 30,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.fusionauth.FusionAuthTenant;
import com.pulumi.fusionauth.FusionAuthTenantArgs;
import com.pulumi.fusionauth.inputs.FusionAuthTenantConnectorPolicyArgs;
import com.pulumi.fusionauth.inputs.FusionAuthTenantEmailConfigurationArgs;
import com.pulumi.fusionauth.inputs.FusionAuthTenantEventConfigurationArgs;
import com.pulumi.fusionauth.inputs.FusionAuthTenantExternalIdentifierConfigurationArgs;
import com.pulumi.fusionauth.inputs.FusionAuthTenantExternalIdentifierConfigurationChangePasswordIdGeneratorArgs;
import com.pulumi.fusionauth.inputs.FusionAuthTenantExternalIdentifierConfigurationDeviceUserCodeIdGeneratorArgs;
import com.pulumi.fusionauth.inputs.FusionAuthTenantExternalIdentifierConfigurationEmailVerificationIdGeneratorArgs;
import com.pulumi.fusionauth.inputs.FusionAuthTenantExternalIdentifierConfigurationEmailVerificationOneTimeCodeGeneratorArgs;
import com.pulumi.fusionauth.inputs.FusionAuthTenantExternalIdentifierConfigurationPasswordlessLoginGeneratorArgs;
import com.pulumi.fusionauth.inputs.FusionAuthTenantExternalIdentifierConfigurationRegistrationVerificationIdGeneratorArgs;
import com.pulumi.fusionauth.inputs.FusionAuthTenantExternalIdentifierConfigurationRegistrationVerificationOneTimeCodeGeneratorArgs;
import com.pulumi.fusionauth.inputs.FusionAuthTenantExternalIdentifierConfigurationSetupPasswordIdGeneratorArgs;
import com.pulumi.fusionauth.inputs.FusionAuthTenantExternalIdentifierConfigurationTwoFactorOneTimeCodeIdGeneratorArgs;
import com.pulumi.fusionauth.inputs.FusionAuthTenantFailedAuthenticationConfigurationArgs;
import com.pulumi.fusionauth.inputs.FusionAuthTenantFamilyConfigurationArgs;
import com.pulumi.fusionauth.inputs.FusionAuthTenantFormConfigurationArgs;
import com.pulumi.fusionauth.inputs.FusionAuthTenantJwtConfigurationArgs;
import com.pulumi.fusionauth.inputs.FusionAuthTenantLoginConfigurationArgs;
import com.pulumi.fusionauth.inputs.FusionAuthTenantMaximumPasswordAgeArgs;
import com.pulumi.fusionauth.inputs.FusionAuthTenantMinimumPasswordAgeArgs;
import com.pulumi.fusionauth.inputs.FusionAuthTenantOauthConfigurationArgs;
import com.pulumi.fusionauth.inputs.FusionAuthTenantPasswordEncryptionConfigurationArgs;
import com.pulumi.fusionauth.inputs.FusionAuthTenantPasswordValidationRulesArgs;
import com.pulumi.fusionauth.inputs.FusionAuthTenantPasswordValidationRulesRememberPreviousPasswordsArgs;
import com.pulumi.fusionauth.inputs.FusionAuthTenantRateLimitConfigurationArgs;
import com.pulumi.fusionauth.inputs.FusionAuthTenantRateLimitConfigurationFailedLoginArgs;
import com.pulumi.fusionauth.inputs.FusionAuthTenantRateLimitConfigurationForgotPasswordArgs;
import com.pulumi.fusionauth.inputs.FusionAuthTenantRateLimitConfigurationSendEmailVerificationArgs;
import com.pulumi.fusionauth.inputs.FusionAuthTenantRateLimitConfigurationSendPasswordlessArgs;
import com.pulumi.fusionauth.inputs.FusionAuthTenantRateLimitConfigurationSendRegistrationVerificationArgs;
import com.pulumi.fusionauth.inputs.FusionAuthTenantRateLimitConfigurationSendTwoFactorArgs;
import com.pulumi.fusionauth.inputs.FusionAuthTenantRegistrationConfigurationArgs;
import com.pulumi.fusionauth.inputs.FusionAuthTenantCaptchaConfigurationArgs;
import com.pulumi.fusionauth.inputs.FusionAuthTenantUserDeletePolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new FusionAuthTenant("example", FusionAuthTenantArgs.builder()
.connectorPolicies(FusionAuthTenantConnectorPolicyArgs.builder()
.connectorId("b57b3d0f-f7a4-4831-a838-549717362ea8")
.domains("*")
.migrate(false)
.build())
.emailConfiguration(FusionAuthTenantEmailConfigurationArgs.builder()
.forgotPasswordEmailTemplateId(fusionauth_email.ForgotPassword_Example().id())
.host("smtp.sendgrid.net")
.password("password")
.passwordlessEmailTemplateId(fusionauth_email.PasswordlessLogin_Example().id())
.port(587)
.security("TLS")
.setPasswordEmailTemplateId(fusionauth_email.SetupPassword_Example().id())
.username("username")
.verifyEmail(true)
.verifyEmailWhenChanged(true)
.additionalHeaders(Map.ofEntries(
Map.entry("HeaderName1", "HeaderValue1"),
Map.entry("HeaderName2", "HeaderValue2")
))
.build())
.eventConfigurations(
FusionAuthTenantEventConfigurationArgs.builder()
.enabled(false)
.event("jwt.public-key.update")
.transactionType("None")
.build(),
FusionAuthTenantEventConfigurationArgs.builder()
.enabled(false)
.event("jwt.refresh-token.revoke")
.transactionType("None")
.build(),
FusionAuthTenantEventConfigurationArgs.builder()
.enabled(false)
.event("jwt.refresh")
.transactionType("None")
.build(),
FusionAuthTenantEventConfigurationArgs.builder()
.enabled(false)
.event("group.create")
.transactionType("None")
.build(),
FusionAuthTenantEventConfigurationArgs.builder()
.enabled(false)
.event("group.create.complete")
.transactionType("None")
.build(),
FusionAuthTenantEventConfigurationArgs.builder()
.enabled(false)
.event("group.delete")
.transactionType("None")
.build(),
FusionAuthTenantEventConfigurationArgs.builder()
.enabled(false)
.event("group.delete.complete")
.transactionType("None")
.build(),
FusionAuthTenantEventConfigurationArgs.builder()
.enabled(false)
.event("group.member.add")
.transactionType("None")
.build(),
FusionAuthTenantEventConfigurationArgs.builder()
.enabled(false)
.event("group.member.add.complete")
.transactionType("None")
.build(),
FusionAuthTenantEventConfigurationArgs.builder()
.enabled(false)
.event("group.member.remove")
.transactionType("None")
.build(),
FusionAuthTenantEventConfigurationArgs.builder()
.enabled(false)
.event("group.member.remove.complete")
.transactionType("None")
.build(),
FusionAuthTenantEventConfigurationArgs.builder()
.enabled(false)
.event("group.member.update")
.transactionType("None")
.build(),
FusionAuthTenantEventConfigurationArgs.builder()
.enabled(false)
.event("group.member.update.complete")
.transactionType("None")
.build(),
FusionAuthTenantEventConfigurationArgs.builder()
.enabled(false)
.event("group.update")
.transactionType("None")
.build(),
FusionAuthTenantEventConfigurationArgs.builder()
.enabled(false)
.event("group.update.complete")
.transactionType("None")
.build(),
FusionAuthTenantEventConfigurationArgs.builder()
.enabled(false)
.event("user.action")
.transactionType("None")
.build(),
FusionAuthTenantEventConfigurationArgs.builder()
.event("user.bulk.create")
.enabled(false)
.transactionType("None")
.build(),
FusionAuthTenantEventConfigurationArgs.builder()
.enabled(false)
.event("user.create")
.transactionType("None")
.build(),
FusionAuthTenantEventConfigurationArgs.builder()
.enabled(false)
.event("user.create.complete")
.transactionType("None")
.build(),
FusionAuthTenantEventConfigurationArgs.builder()
.enabled(false)
.event("user.deactivate")
.transactionType("None")
.build(),
FusionAuthTenantEventConfigurationArgs.builder()
.enabled(false)
.event("user.delete")
.transactionType("None")
.build(),
FusionAuthTenantEventConfigurationArgs.builder()
.enabled(false)
.event("user.delete.complete")
.transactionType("None")
.build(),
FusionAuthTenantEventConfigurationArgs.builder()
.enabled(false)
.event("user.email.update")
.transactionType("None")
.build(),
FusionAuthTenantEventConfigurationArgs.builder()
.enabled(false)
.event("user.email.verified")
.transactionType("None")
.build(),
FusionAuthTenantEventConfigurationArgs.builder()
.enabled(false)
.event("user.identity-provider.link")
.transactionType("None")
.build(),
FusionAuthTenantEventConfigurationArgs.builder()
.enabled(false)
.event("user.identity-provider.unlink")
.transactionType("None")
.build(),
FusionAuthTenantEventConfigurationArgs.builder()
.enabled(false)
.event("user.loginId.duplicate.create")
.transactionType("None")
.build(),
FusionAuthTenantEventConfigurationArgs.builder()
.enabled(false)
.event("user.loginId.duplicate.update")
.transactionType("None")
.build(),
FusionAuthTenantEventConfigurationArgs.builder()
.enabled(false)
.event("user.login.failed")
.transactionType("None")
.build(),
FusionAuthTenantEventConfigurationArgs.builder()
.enabled(false)
.event("user.login.new-device")
.transactionType("None")
.build(),
FusionAuthTenantEventConfigurationArgs.builder()
.enabled(false)
.event("user.login.success")
.transactionType("None")
.build(),
FusionAuthTenantEventConfigurationArgs.builder()
.enabled(false)
.event("user.login.suspicious")
.transactionType("None")
.build(),
FusionAuthTenantEventConfigurationArgs.builder()
.enabled(false)
.event("user.password.breach")
.transactionType("None")
.build(),
FusionAuthTenantEventConfigurationArgs.builder()
.enabled(false)
.event("user.password.reset.send")
.transactionType("None")
.build(),
FusionAuthTenantEventConfigurationArgs.builder()
.enabled(false)
.event("user.password.reset.start")
.transactionType("None")
.build(),
FusionAuthTenantEventConfigurationArgs.builder()
.enabled(false)
.event("user.password.reset.success")
.transactionType("None")
.build(),
FusionAuthTenantEventConfigurationArgs.builder()
.enabled(false)
.event("user.password.update")
.transactionType("None")
.build(),
FusionAuthTenantEventConfigurationArgs.builder()
.enabled(false)
.event("user.reactivate")
.transactionType("None")
.build(),
FusionAuthTenantEventConfigurationArgs.builder()
.enabled(false)
.event("user.registration.create")
.transactionType("None")
.build(),
FusionAuthTenantEventConfigurationArgs.builder()
.enabled(false)
.event("user.registration.create.complete")
.transactionType("None")
.build(),
FusionAuthTenantEventConfigurationArgs.builder()
.enabled(false)
.event("user.registration.delete")
.transactionType("None")
.build(),
FusionAuthTenantEventConfigurationArgs.builder()
.enabled(false)
.event("user.registration.delete.complete")
.transactionType("None")
.build(),
FusionAuthTenantEventConfigurationArgs.builder()
.enabled(false)
.event("user.registration.update")
.transactionType("None")
.build(),
FusionAuthTenantEventConfigurationArgs.builder()
.enabled(false)
.event("user.registration.update.complete")
.transactionType("None")
.build(),
FusionAuthTenantEventConfigurationArgs.builder()
.enabled(false)
.event("user.registration.verified")
.transactionType("None")
.build(),
FusionAuthTenantEventConfigurationArgs.builder()
.enabled(false)
.event("user.two-factor.method.add")
.transactionType("None")
.build(),
FusionAuthTenantEventConfigurationArgs.builder()
.enabled(false)
.event("user.two-factor.method.remove")
.transactionType("None")
.build(),
FusionAuthTenantEventConfigurationArgs.builder()
.enabled(false)
.event("user.update")
.transactionType("None")
.build(),
FusionAuthTenantEventConfigurationArgs.builder()
.enabled(false)
.event("user.update.complete")
.transactionType("None")
.build())
.externalIdentifierConfiguration(FusionAuthTenantExternalIdentifierConfigurationArgs.builder()
.authorizationGrantIdTimeToLiveInSeconds(30)
.changePasswordIdGenerator(FusionAuthTenantExternalIdentifierConfigurationChangePasswordIdGeneratorArgs.builder()
.length(32)
.type("randomBytes")
.build())
.changePasswordIdTimeToLiveInSeconds(600)
.deviceCodeTimeToLiveInSeconds(1800)
.deviceUserCodeIdGenerator(FusionAuthTenantExternalIdentifierConfigurationDeviceUserCodeIdGeneratorArgs.builder()
.length(6)
.type("randomAlphaNumeric")
.build())
.emailVerificationIdGenerator(FusionAuthTenantExternalIdentifierConfigurationEmailVerificationIdGeneratorArgs.builder()
.length(32)
.type("randomBytes")
.build())
.emailVerificationIdTimeToLiveInSeconds(86400)
.emailVerificationOneTimeCodeGenerator(FusionAuthTenantExternalIdentifierConfigurationEmailVerificationOneTimeCodeGeneratorArgs.builder()
.length(6)
.type("randomAlphaNumeric")
.build())
.externalAuthenticationIdTimeToLiveInSeconds(300)
.loginIntentTimeToLiveInSeconds(1800)
.oneTimePasswordTimeToLiveInSeconds(60)
.passwordlessLoginGenerator(FusionAuthTenantExternalIdentifierConfigurationPasswordlessLoginGeneratorArgs.builder()
.length(32)
.type("randomBytes")
.build())
.passwordlessLoginTimeToLiveInSeconds(600)
.registrationVerificationIdGenerator(FusionAuthTenantExternalIdentifierConfigurationRegistrationVerificationIdGeneratorArgs.builder()
.length(32)
.type("randomBytes")
.build())
.registrationVerificationIdTimeToLiveInSeconds(86400)
.registrationVerificationOneTimeCodeGenerator(FusionAuthTenantExternalIdentifierConfigurationRegistrationVerificationOneTimeCodeGeneratorArgs.builder()
.length(6)
.type("randomAlphaNumeric")
.build())
.samlV2AuthnRequestIdTtlSeconds(300)
.setupPasswordIdGenerator(FusionAuthTenantExternalIdentifierConfigurationSetupPasswordIdGeneratorArgs.builder()
.length(32)
.type("randomBytes")
.build())
.setupPasswordIdTimeToLiveInSeconds(86400)
.twoFactorIdTimeToLiveInSeconds(300)
.twoFactorOneTimeCodeIdGenerator(FusionAuthTenantExternalIdentifierConfigurationTwoFactorOneTimeCodeIdGeneratorArgs.builder()
.length(6)
.type("randomDigits")
.build())
.twoFactorOneTimeCodeIdTimeToLiveInSeconds(60)
.twoFactorTrustIdTimeToLiveInSeconds(2592000)
.build())
.failedAuthenticationConfiguration(FusionAuthTenantFailedAuthenticationConfigurationArgs.builder()
.actionDuration(3)
.actionDurationUnit("MINUTES")
.resetCountInSeconds(60)
.tooManyAttempts(5)
.build())
.familyConfiguration(FusionAuthTenantFamilyConfigurationArgs.builder()
.allowChildRegistrations(true)
.deleteOrphanedAccounts(false)
.deleteOrphanedAccountsDays(30)
.enabled(true)
.maximumChildAge(12)
.minimumOwnerAge(21)
.parentEmailRequired(false)
.build())
.formConfiguration(FusionAuthTenantFormConfigurationArgs.builder()
.adminUserFormId("e92751a5-25f4-4bca-ad91-66cdf67725d2")
.build())
.httpSessionMaxInactiveInterval(3600)
.issuer("https://example.com")
.jwtConfigurations(FusionAuthTenantJwtConfigurationArgs.builder()
.accessTokenKeyId(fusionauth_key.accesstoken().id())
.idTokenKeyId(fusionauth_key.idtoken().id())
.refreshTokenTimeToLiveInMinutes(43200)
.timeToLiveInSeconds(3600)
.build())
.loginConfiguration(FusionAuthTenantLoginConfigurationArgs.builder()
.requireAuthentication(true)
.build())
.maximumPasswordAge(FusionAuthTenantMaximumPasswordAgeArgs.builder()
.days(180)
.enabled(false)
.build())
.minimumPasswordAge(FusionAuthTenantMinimumPasswordAgeArgs.builder()
.enabled(false)
.seconds(30)
.build())
.oauthConfigurations(FusionAuthTenantOauthConfigurationArgs.builder()
.clientCredentialsAccessTokenPopulateLambdaId(fusionauth_lambda.client_jwt_populate().id())
.build())
.passwordEncryptionConfigurations(FusionAuthTenantPasswordEncryptionConfigurationArgs.builder()
.encryptionScheme("salted-pbkdf2-hmac-sha256")
.encryptionSchemeFactor(24000)
.modifyEncryptionSchemeOnLogin(false)
.build())
.passwordValidationRules(FusionAuthTenantPasswordValidationRulesArgs.builder()
.maxLength(256)
.minLength(7)
.rememberPreviousPasswords(FusionAuthTenantPasswordValidationRulesRememberPreviousPasswordsArgs.builder()
.count(1)
.enabled(false)
.build())
.requiredMixedCase(false)
.requireNonAlpha(false)
.requireNumber(false)
.validateOnLogin(false)
.build())
.rateLimitConfiguration(FusionAuthTenantRateLimitConfigurationArgs.builder()
.failedLogin(FusionAuthTenantRateLimitConfigurationFailedLoginArgs.builder()
.enabled(true)
.limit(5)
.timePeriodInSeconds(60)
.build())
.forgotPassword(FusionAuthTenantRateLimitConfigurationForgotPasswordArgs.builder()
.enabled(false)
.limit(5)
.timePeriodInSeconds(60)
.build())
.sendEmailVerification(FusionAuthTenantRateLimitConfigurationSendEmailVerificationArgs.builder()
.enabled(false)
.limit(5)
.timePeriodInSeconds(60)
.build())
.sendPasswordless(FusionAuthTenantRateLimitConfigurationSendPasswordlessArgs.builder()
.enabled(false)
.limit(5)
.timePeriodInSeconds(60)
.build())
.sendRegistrationVerification(FusionAuthTenantRateLimitConfigurationSendRegistrationVerificationArgs.builder()
.enabled(false)
.limit(5)
.timePeriodInSeconds(60)
.build())
.sendTwoFactor(FusionAuthTenantRateLimitConfigurationSendTwoFactorArgs.builder()
.enabled(false)
.limit(5)
.timePeriodInSeconds(60)
.build())
.build())
.registrationConfiguration(FusionAuthTenantRegistrationConfigurationArgs.builder()
.blockedDomains("example.com")
.build())
.captchaConfiguration(FusionAuthTenantCaptchaConfigurationArgs.builder()
.enabled(true)
.captchaMethod("GoogleRecaptchaV3")
.siteKey("captcha_site_key")
.secretKey("captcha_secret_key")
.threshold(0.5)
.build())
.themeId(fusionauth_theme.example_theme().id())
.userDeletePolicy(FusionAuthTenantUserDeletePolicyArgs.builder()
.unverifiedEnabled(false)
.unverifiedNumberOfDaysToRetain(30)
.build())
.build());
}
}
resources:
example:
type: fusionauth:FusionAuthTenant
properties:
connectorPolicies:
- connectorId: b57b3d0f-f7a4-4831-a838-549717362ea8
domains:
- '*'
migrate: false
emailConfiguration:
forgotPasswordEmailTemplateId: ${fusionauth_email.ForgotPassword_Example.id}
host: smtp.sendgrid.net
password: password
passwordlessEmailTemplateId: ${fusionauth_email.PasswordlessLogin_Example.id}
port: 587
security: TLS
setPasswordEmailTemplateId: ${fusionauth_email.SetupPassword_Example.id}
username: username
verifyEmail: true
verifyEmailWhenChanged: true
additionalHeaders:
HeaderName1: HeaderValue1
HeaderName2: HeaderValue2
eventConfigurations:
- enabled: false
event: jwt.public-key.update
transactionType: None
- enabled: false
event: jwt.refresh-token.revoke
transactionType: None
- enabled: false
event: jwt.refresh
transactionType: None
- enabled: false
event: group.create
transactionType: None
- enabled: false
event: group.create.complete
transactionType: None
- enabled: false
event: group.delete
transactionType: None
- enabled: false
event: group.delete.complete
transactionType: None
- enabled: false
event: group.member.add
transactionType: None
- enabled: false
event: group.member.add.complete
transactionType: None
- enabled: false
event: group.member.remove
transactionType: None
- enabled: false
event: group.member.remove.complete
transactionType: None
- enabled: false
event: group.member.update
transactionType: None
- enabled: false
event: group.member.update.complete
transactionType: None
- enabled: false
event: group.update
transactionType: None
- enabled: false
event: group.update.complete
transactionType: None
- enabled: false
event: user.action
transactionType: None
- event: user.bulk.create
enabled: false
transactionType: None
- enabled: false
event: user.create
transactionType: None
- enabled: false
event: user.create.complete
transactionType: None
- enabled: false
event: user.deactivate
transactionType: None
- enabled: false
event: user.delete
transactionType: None
- enabled: false
event: user.delete.complete
transactionType: None
- enabled: false
event: user.email.update
transactionType: None
- enabled: false
event: user.email.verified
transactionType: None
- enabled: false
event: user.identity-provider.link
transactionType: None
- enabled: false
event: user.identity-provider.unlink
transactionType: None
- enabled: false
event: user.loginId.duplicate.create
transactionType: None
- enabled: false
event: user.loginId.duplicate.update
transactionType: None
- enabled: false
event: user.login.failed
transactionType: None
- enabled: false
event: user.login.new-device
transactionType: None
- enabled: false
event: user.login.success
transactionType: None
- enabled: false
event: user.login.suspicious
transactionType: None
- enabled: false
event: user.password.breach
transactionType: None
- enabled: false
event: user.password.reset.send
transactionType: None
- enabled: false
event: user.password.reset.start
transactionType: None
- enabled: false
event: user.password.reset.success
transactionType: None
- enabled: false
event: user.password.update
transactionType: None
- enabled: false
event: user.reactivate
transactionType: None
- enabled: false
event: user.registration.create
transactionType: None
- enabled: false
event: user.registration.create.complete
transactionType: None
- enabled: false
event: user.registration.delete
transactionType: None
- enabled: false
event: user.registration.delete.complete
transactionType: None
- enabled: false
event: user.registration.update
transactionType: None
- enabled: false
event: user.registration.update.complete
transactionType: None
- enabled: false
event: user.registration.verified
transactionType: None
- enabled: false
event: user.two-factor.method.add
transactionType: None
- enabled: false
event: user.two-factor.method.remove
transactionType: None
- enabled: false
event: user.update
transactionType: None
- enabled: false
event: user.update.complete
transactionType: None
externalIdentifierConfiguration:
authorizationGrantIdTimeToLiveInSeconds: 30
changePasswordIdGenerator:
length: 32
type: randomBytes
changePasswordIdTimeToLiveInSeconds: 600
deviceCodeTimeToLiveInSeconds: 1800
deviceUserCodeIdGenerator:
length: 6
type: randomAlphaNumeric
emailVerificationIdGenerator:
length: 32
type: randomBytes
emailVerificationIdTimeToLiveInSeconds: 86400
emailVerificationOneTimeCodeGenerator:
length: 6
type: randomAlphaNumeric
externalAuthenticationIdTimeToLiveInSeconds: 300
loginIntentTimeToLiveInSeconds: 1800
oneTimePasswordTimeToLiveInSeconds: 60
passwordlessLoginGenerator:
length: 32
type: randomBytes
passwordlessLoginTimeToLiveInSeconds: 600
registrationVerificationIdGenerator:
length: 32
type: randomBytes
registrationVerificationIdTimeToLiveInSeconds: 86400
registrationVerificationOneTimeCodeGenerator:
length: 6
type: randomAlphaNumeric
samlV2AuthnRequestIdTtlSeconds: 300
setupPasswordIdGenerator:
length: 32
type: randomBytes
setupPasswordIdTimeToLiveInSeconds: 86400
twoFactorIdTimeToLiveInSeconds: 300
twoFactorOneTimeCodeIdGenerator:
length: 6
type: randomDigits
twoFactorOneTimeCodeIdTimeToLiveInSeconds: 60
twoFactorTrustIdTimeToLiveInSeconds: 2.592e+06
failedAuthenticationConfiguration:
actionDuration: 3
actionDurationUnit: MINUTES
resetCountInSeconds: 60
tooManyAttempts: 5
familyConfiguration:
allowChildRegistrations: true
deleteOrphanedAccounts: false
deleteOrphanedAccountsDays: 30
enabled: true
maximumChildAge: 12
minimumOwnerAge: 21
parentEmailRequired: false
formConfiguration:
adminUserFormId: e92751a5-25f4-4bca-ad91-66cdf67725d2
httpSessionMaxInactiveInterval: 3600
issuer: https://example.com
jwtConfigurations:
- accessTokenKeyId: ${fusionauth_key.accesstoken.id}
idTokenKeyId: ${fusionauth_key.idtoken.id}
refreshTokenTimeToLiveInMinutes: 43200
timeToLiveInSeconds: 3600
loginConfiguration:
requireAuthentication: true
maximumPasswordAge:
days: 180
enabled: false
minimumPasswordAge:
enabled: false
seconds: 30
oauthConfigurations:
- clientCredentialsAccessTokenPopulateLambdaId: ${fusionauth_lambda.client_jwt_populate.id}
passwordEncryptionConfigurations:
- encryptionScheme: salted-pbkdf2-hmac-sha256
encryptionSchemeFactor: 24000
modifyEncryptionSchemeOnLogin: false
passwordValidationRules:
maxLength: 256
minLength: 7
rememberPreviousPasswords:
count: 1
enabled: false
requiredMixedCase: false
requireNonAlpha: false
requireNumber: false
validateOnLogin: false
rateLimitConfiguration:
failedLogin:
enabled: true
limit: 5
timePeriodInSeconds: 60
forgotPassword:
enabled: false
limit: 5
timePeriodInSeconds: 60
sendEmailVerification:
enabled: false
limit: 5
timePeriodInSeconds: 60
sendPasswordless:
enabled: false
limit: 5
timePeriodInSeconds: 60
sendRegistrationVerification:
enabled: false
limit: 5
timePeriodInSeconds: 60
sendTwoFactor:
enabled: false
limit: 5
timePeriodInSeconds: 60
registrationConfiguration:
blockedDomains:
- example.com
captchaConfiguration:
enabled: true
captchaMethod: GoogleRecaptchaV3
siteKey: captcha_site_key
secretKey: captcha_secret_key
threshold: 0.5
themeId: ${fusionauth_theme.example_theme.id}
userDeletePolicy:
unverifiedEnabled: false
unverifiedNumberOfDaysToRetain: 30
Create FusionAuthTenant Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new FusionAuthTenant(name: string, args?: FusionAuthTenantArgs, opts?: CustomResourceOptions);@overload
def FusionAuthTenant(resource_name: str,
args: Optional[FusionAuthTenantArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def FusionAuthTenant(resource_name: str,
opts: Optional[ResourceOptions] = None,
access_control_configuration: Optional[FusionAuthTenantAccessControlConfigurationArgs] = None,
captcha_configuration: Optional[FusionAuthTenantCaptchaConfigurationArgs] = None,
connector_policies: Optional[Sequence[FusionAuthTenantConnectorPolicyArgs]] = None,
data: Optional[Mapping[str, str]] = None,
email_configuration: Optional[FusionAuthTenantEmailConfigurationArgs] = None,
event_configurations: Optional[Sequence[FusionAuthTenantEventConfigurationArgs]] = None,
external_identifier_configuration: Optional[FusionAuthTenantExternalIdentifierConfigurationArgs] = None,
failed_authentication_configuration: Optional[FusionAuthTenantFailedAuthenticationConfigurationArgs] = None,
family_configuration: Optional[FusionAuthTenantFamilyConfigurationArgs] = None,
form_configuration: Optional[FusionAuthTenantFormConfigurationArgs] = None,
http_session_max_inactive_interval: Optional[int] = None,
issuer: Optional[str] = None,
jwt_configurations: Optional[Sequence[FusionAuthTenantJwtConfigurationArgs]] = None,
lambda_configuration: Optional[FusionAuthTenantLambdaConfigurationArgs] = None,
login_configuration: Optional[FusionAuthTenantLoginConfigurationArgs] = None,
logout_url: Optional[str] = None,
maximum_password_age: Optional[FusionAuthTenantMaximumPasswordAgeArgs] = None,
minimum_password_age: Optional[FusionAuthTenantMinimumPasswordAgeArgs] = None,
multi_factor_configuration: Optional[FusionAuthTenantMultiFactorConfigurationArgs] = None,
name: Optional[str] = None,
oauth_configurations: Optional[Sequence[FusionAuthTenantOauthConfigurationArgs]] = None,
password_encryption_configurations: Optional[Sequence[FusionAuthTenantPasswordEncryptionConfigurationArgs]] = None,
password_validation_rules: Optional[FusionAuthTenantPasswordValidationRulesArgs] = None,
rate_limit_configuration: Optional[FusionAuthTenantRateLimitConfigurationArgs] = None,
registration_configuration: Optional[FusionAuthTenantRegistrationConfigurationArgs] = None,
scim_server_configuration: Optional[FusionAuthTenantScimServerConfigurationArgs] = None,
source_tenant_id: Optional[str] = None,
sso_configuration: Optional[FusionAuthTenantSsoConfigurationArgs] = None,
tenant_id: Optional[str] = None,
theme_id: Optional[str] = None,
user_delete_policy: Optional[FusionAuthTenantUserDeletePolicyArgs] = None,
username_configuration: Optional[FusionAuthTenantUsernameConfigurationArgs] = None,
webauthn_configuration: Optional[FusionAuthTenantWebauthnConfigurationArgs] = None,
webhook_ids: Optional[Sequence[str]] = None)func NewFusionAuthTenant(ctx *Context, name string, args *FusionAuthTenantArgs, opts ...ResourceOption) (*FusionAuthTenant, error)public FusionAuthTenant(string name, FusionAuthTenantArgs? args = null, CustomResourceOptions? opts = null)
public FusionAuthTenant(String name, FusionAuthTenantArgs args)
public FusionAuthTenant(String name, FusionAuthTenantArgs args, CustomResourceOptions options)
type: fusionauth:FusionAuthTenant
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args FusionAuthTenantArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args FusionAuthTenantArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args FusionAuthTenantArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args FusionAuthTenantArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args FusionAuthTenantArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var fusionAuthTenantResource = new Fusionauth.FusionAuthTenant("fusionAuthTenantResource", new()
{
AccessControlConfiguration = new Fusionauth.Inputs.FusionAuthTenantAccessControlConfigurationArgs
{
UiIpAccessControlListId = "string",
},
CaptchaConfiguration = new Fusionauth.Inputs.FusionAuthTenantCaptchaConfigurationArgs
{
CaptchaMethod = "string",
Enabled = false,
SecretKey = "string",
SiteKey = "string",
Threshold = 0,
},
ConnectorPolicies = new[]
{
new Fusionauth.Inputs.FusionAuthTenantConnectorPolicyArgs
{
ConnectorId = "string",
Domains = new[]
{
"string",
},
Migrate = false,
},
},
Data =
{
{ "string", "string" },
},
EmailConfiguration = new Fusionauth.Inputs.FusionAuthTenantEmailConfigurationArgs
{
AdditionalHeaders =
{
{ "string", "string" },
},
Debug = false,
DefaultFromEmail = "string",
DefaultFromName = "string",
EmailUpdateEmailTemplateId = "string",
EmailVerifiedEmailTemplateId = "string",
ForgotPasswordEmailTemplateId = "string",
Host = "string",
ImplicitEmailVerificationAllowed = false,
LoginIdInUseOnCreateEmailTemplateId = "string",
LoginIdInUseOnUpdateEmailTemplateId = "string",
LoginNewDeviceEmailTemplateId = "string",
LoginSuspiciousEmailTemplateId = "string",
Password = "string",
PasswordResetSuccessEmailTemplateId = "string",
PasswordUpdateEmailTemplateId = "string",
PasswordlessEmailTemplateId = "string",
Port = 0,
Properties = "string",
Security = "string",
SetPasswordEmailTemplateId = "string",
TwoFactorMethodAddEmailTemplateId = "string",
TwoFactorMethodRemoveEmailTemplateId = "string",
Unverified = new Fusionauth.Inputs.FusionAuthTenantEmailConfigurationUnverifiedArgs
{
AllowEmailChangeWhenGated = false,
Behavior = "string",
},
Username = "string",
VerificationEmailTemplateId = "string",
VerificationStrategy = "string",
VerifyEmail = false,
VerifyEmailWhenChanged = false,
},
EventConfigurations = new[]
{
new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs
{
Enabled = false,
Event = "string",
TransactionType = "string",
},
},
ExternalIdentifierConfiguration = new Fusionauth.Inputs.FusionAuthTenantExternalIdentifierConfigurationArgs
{
AuthorizationGrantIdTimeToLiveInSeconds = 0,
ChangePasswordIdGenerator = new Fusionauth.Inputs.FusionAuthTenantExternalIdentifierConfigurationChangePasswordIdGeneratorArgs
{
Length = 0,
Type = "string",
},
ChangePasswordIdTimeToLiveInSeconds = 0,
DeviceCodeTimeToLiveInSeconds = 0,
DeviceUserCodeIdGenerator = new Fusionauth.Inputs.FusionAuthTenantExternalIdentifierConfigurationDeviceUserCodeIdGeneratorArgs
{
Length = 0,
Type = "string",
},
EmailVerificationIdGenerator = new Fusionauth.Inputs.FusionAuthTenantExternalIdentifierConfigurationEmailVerificationIdGeneratorArgs
{
Length = 0,
Type = "string",
},
EmailVerificationIdTimeToLiveInSeconds = 0,
EmailVerificationOneTimeCodeGenerator = new Fusionauth.Inputs.FusionAuthTenantExternalIdentifierConfigurationEmailVerificationOneTimeCodeGeneratorArgs
{
Length = 0,
Type = "string",
},
ExternalAuthenticationIdTimeToLiveInSeconds = 0,
LoginIntentTimeToLiveInSeconds = 0,
OneTimePasswordTimeToLiveInSeconds = 0,
PasswordlessLoginGenerator = new Fusionauth.Inputs.FusionAuthTenantExternalIdentifierConfigurationPasswordlessLoginGeneratorArgs
{
Length = 0,
Type = "string",
},
PasswordlessLoginTimeToLiveInSeconds = 0,
PendingAccountLinkTimeToLiveInSeconds = 0,
RegistrationVerificationIdGenerator = new Fusionauth.Inputs.FusionAuthTenantExternalIdentifierConfigurationRegistrationVerificationIdGeneratorArgs
{
Length = 0,
Type = "string",
},
RegistrationVerificationIdTimeToLiveInSeconds = 0,
RegistrationVerificationOneTimeCodeGenerator = new Fusionauth.Inputs.FusionAuthTenantExternalIdentifierConfigurationRegistrationVerificationOneTimeCodeGeneratorArgs
{
Length = 0,
Type = "string",
},
RememberOauthScopeConsentChoiceTimeToLiveInSeconds = 0,
SamlV2AuthnRequestIdTtlSeconds = 0,
SetupPasswordIdGenerator = new Fusionauth.Inputs.FusionAuthTenantExternalIdentifierConfigurationSetupPasswordIdGeneratorArgs
{
Length = 0,
Type = "string",
},
SetupPasswordIdTimeToLiveInSeconds = 0,
TrustTokenTimeToLiveInSeconds = 0,
TwoFactorIdTimeToLiveInSeconds = 0,
TwoFactorOneTimeCodeIdGenerator = new Fusionauth.Inputs.FusionAuthTenantExternalIdentifierConfigurationTwoFactorOneTimeCodeIdGeneratorArgs
{
Length = 0,
Type = "string",
},
TwoFactorOneTimeCodeIdTimeToLiveInSeconds = 0,
TwoFactorTrustIdTimeToLiveInSeconds = 0,
WebauthnAuthenticationChallengeTimeToLiveInSeconds = 0,
WebauthnRegistrationChallengeTimeToLiveInSeconds = 0,
},
FailedAuthenticationConfiguration = new Fusionauth.Inputs.FusionAuthTenantFailedAuthenticationConfigurationArgs
{
ActionCancelPolicyOnPasswordReset = false,
ActionDuration = 0,
ActionDurationUnit = "string",
EmailUser = false,
ResetCountInSeconds = 0,
TooManyAttempts = 0,
UserActionId = "string",
},
FamilyConfiguration = new Fusionauth.Inputs.FusionAuthTenantFamilyConfigurationArgs
{
AllowChildRegistrations = false,
ConfirmChildEmailTemplateId = "string",
DeleteOrphanedAccounts = false,
DeleteOrphanedAccountsDays = 0,
Enabled = false,
FamilyRequestEmailTemplateId = "string",
MaximumChildAge = 0,
MinimumOwnerAge = 0,
ParentEmailRequired = false,
ParentRegistrationEmailTemplateId = "string",
},
FormConfiguration = new Fusionauth.Inputs.FusionAuthTenantFormConfigurationArgs
{
AdminUserFormId = "string",
},
HttpSessionMaxInactiveInterval = 0,
Issuer = "string",
JwtConfigurations = new[]
{
new Fusionauth.Inputs.FusionAuthTenantJwtConfigurationArgs
{
AccessTokenKeyId = "string",
IdTokenKeyId = "string",
RefreshTokenExpirationPolicy = "string",
RefreshTokenOneTimeUseConfigurationGracePeriodInSeconds = 0,
RefreshTokenRevocationPolicyOnLoginPrevented = false,
RefreshTokenRevocationPolicyOnMultiFactorEnable = false,
RefreshTokenRevocationPolicyOnOneTimeTokenReuse = false,
RefreshTokenRevocationPolicyOnPasswordChange = false,
RefreshTokenSlidingWindowMaximumTimeToLiveInMinutes = 0,
RefreshTokenTimeToLiveInMinutes = 0,
RefreshTokenUsagePolicy = "string",
TimeToLiveInSeconds = 0,
},
},
LambdaConfiguration = new Fusionauth.Inputs.FusionAuthTenantLambdaConfigurationArgs
{
LoginValidationId = "string",
ScimEnterpriseUserRequestConverterId = "string",
ScimEnterpriseUserResponseConverterId = "string",
ScimGroupRequestConverterId = "string",
ScimGroupResponseConverterId = "string",
ScimUserRequestConverterId = "string",
ScimUserResponseConverterId = "string",
},
LoginConfiguration = new Fusionauth.Inputs.FusionAuthTenantLoginConfigurationArgs
{
RequireAuthentication = false,
},
LogoutUrl = "string",
MaximumPasswordAge = new Fusionauth.Inputs.FusionAuthTenantMaximumPasswordAgeArgs
{
Days = 0,
Enabled = false,
},
MinimumPasswordAge = new Fusionauth.Inputs.FusionAuthTenantMinimumPasswordAgeArgs
{
Enabled = false,
Seconds = 0,
},
MultiFactorConfiguration = new Fusionauth.Inputs.FusionAuthTenantMultiFactorConfigurationArgs
{
Authenticator = new Fusionauth.Inputs.FusionAuthTenantMultiFactorConfigurationAuthenticatorArgs
{
Enabled = false,
},
Email = new Fusionauth.Inputs.FusionAuthTenantMultiFactorConfigurationEmailArgs
{
Enabled = false,
TemplateId = "string",
},
LoginPolicy = "string",
Sms = new Fusionauth.Inputs.FusionAuthTenantMultiFactorConfigurationSmsArgs
{
Enabled = false,
MessengerId = "string",
TemplateId = "string",
},
},
Name = "string",
OauthConfigurations = new[]
{
new Fusionauth.Inputs.FusionAuthTenantOauthConfigurationArgs
{
ClientCredentialsAccessTokenPopulateLambdaId = "string",
},
},
PasswordEncryptionConfigurations = new[]
{
new Fusionauth.Inputs.FusionAuthTenantPasswordEncryptionConfigurationArgs
{
EncryptionScheme = "string",
EncryptionSchemeFactor = 0,
ModifyEncryptionSchemeOnLogin = false,
},
},
PasswordValidationRules = new Fusionauth.Inputs.FusionAuthTenantPasswordValidationRulesArgs
{
BreachDetection = new Fusionauth.Inputs.FusionAuthTenantPasswordValidationRulesBreachDetectionArgs
{
Enabled = false,
MatchMode = "string",
NotifyUserEmailTemplateId = "string",
OnLogin = "string",
},
MaxLength = 0,
MinLength = 0,
RememberPreviousPasswords = new Fusionauth.Inputs.FusionAuthTenantPasswordValidationRulesRememberPreviousPasswordsArgs
{
Count = 0,
Enabled = false,
},
RequireNonAlpha = false,
RequireNumber = false,
RequiredMixedCase = false,
ValidateOnLogin = false,
},
RateLimitConfiguration = new Fusionauth.Inputs.FusionAuthTenantRateLimitConfigurationArgs
{
FailedLogin = new Fusionauth.Inputs.FusionAuthTenantRateLimitConfigurationFailedLoginArgs
{
Enabled = false,
Limit = 0,
TimePeriodInSeconds = 0,
},
ForgotPassword = new Fusionauth.Inputs.FusionAuthTenantRateLimitConfigurationForgotPasswordArgs
{
Enabled = false,
Limit = 0,
TimePeriodInSeconds = 0,
},
SendEmailVerification = new Fusionauth.Inputs.FusionAuthTenantRateLimitConfigurationSendEmailVerificationArgs
{
Enabled = false,
Limit = 0,
TimePeriodInSeconds = 0,
},
SendPasswordless = new Fusionauth.Inputs.FusionAuthTenantRateLimitConfigurationSendPasswordlessArgs
{
Enabled = false,
Limit = 0,
TimePeriodInSeconds = 0,
},
SendRegistrationVerification = new Fusionauth.Inputs.FusionAuthTenantRateLimitConfigurationSendRegistrationVerificationArgs
{
Enabled = false,
Limit = 0,
TimePeriodInSeconds = 0,
},
SendTwoFactor = new Fusionauth.Inputs.FusionAuthTenantRateLimitConfigurationSendTwoFactorArgs
{
Enabled = false,
Limit = 0,
TimePeriodInSeconds = 0,
},
},
RegistrationConfiguration = new Fusionauth.Inputs.FusionAuthTenantRegistrationConfigurationArgs
{
BlockedDomains = new[]
{
"string",
},
},
ScimServerConfiguration = new Fusionauth.Inputs.FusionAuthTenantScimServerConfigurationArgs
{
ClientEntityTypeId = "string",
ServerEntityTypeId = "string",
Enabled = false,
Schemas = "string",
},
SourceTenantId = "string",
SsoConfiguration = new Fusionauth.Inputs.FusionAuthTenantSsoConfigurationArgs
{
DeviceTrustTimeToLiveInSeconds = 0,
},
TenantId = "string",
ThemeId = "string",
UserDeletePolicy = new Fusionauth.Inputs.FusionAuthTenantUserDeletePolicyArgs
{
UnverifiedEnabled = false,
UnverifiedNumberOfDaysToRetain = 0,
},
UsernameConfiguration = new Fusionauth.Inputs.FusionAuthTenantUsernameConfigurationArgs
{
Unique = new Fusionauth.Inputs.FusionAuthTenantUsernameConfigurationUniqueArgs
{
Enabled = false,
NumberOfDigits = 0,
Separator = "string",
Strategy = "string",
},
},
WebauthnConfiguration = new Fusionauth.Inputs.FusionAuthTenantWebauthnConfigurationArgs
{
BootstrapWorkflow = new Fusionauth.Inputs.FusionAuthTenantWebauthnConfigurationBootstrapWorkflowArgs
{
AuthenticatorAttachmentPreference = "string",
Enabled = false,
UserVerificationRequirement = "string",
},
Debug = false,
Enabled = false,
ReauthenticationWorkflow = new Fusionauth.Inputs.FusionAuthTenantWebauthnConfigurationReauthenticationWorkflowArgs
{
AuthenticatorAttachmentPreference = "string",
Enabled = false,
UserVerificationRequirement = "string",
},
RelyingPartyId = "string",
RelyingPartyName = "string",
},
WebhookIds = new[]
{
"string",
},
});
example, err := fusionauth.NewFusionAuthTenant(ctx, "fusionAuthTenantResource", &fusionauth.FusionAuthTenantArgs{
AccessControlConfiguration: &fusionauth.FusionAuthTenantAccessControlConfigurationArgs{
UiIpAccessControlListId: pulumi.String("string"),
},
CaptchaConfiguration: &fusionauth.FusionAuthTenantCaptchaConfigurationArgs{
CaptchaMethod: pulumi.String("string"),
Enabled: pulumi.Bool(false),
SecretKey: pulumi.String("string"),
SiteKey: pulumi.String("string"),
Threshold: pulumi.Float64(0),
},
ConnectorPolicies: fusionauth.FusionAuthTenantConnectorPolicyArray{
&fusionauth.FusionAuthTenantConnectorPolicyArgs{
ConnectorId: pulumi.String("string"),
Domains: pulumi.StringArray{
pulumi.String("string"),
},
Migrate: pulumi.Bool(false),
},
},
Data: pulumi.StringMap{
"string": pulumi.String("string"),
},
EmailConfiguration: &fusionauth.FusionAuthTenantEmailConfigurationArgs{
AdditionalHeaders: pulumi.StringMap{
"string": pulumi.String("string"),
},
Debug: pulumi.Bool(false),
DefaultFromEmail: pulumi.String("string"),
DefaultFromName: pulumi.String("string"),
EmailUpdateEmailTemplateId: pulumi.String("string"),
EmailVerifiedEmailTemplateId: pulumi.String("string"),
ForgotPasswordEmailTemplateId: pulumi.String("string"),
Host: pulumi.String("string"),
ImplicitEmailVerificationAllowed: pulumi.Bool(false),
LoginIdInUseOnCreateEmailTemplateId: pulumi.String("string"),
LoginIdInUseOnUpdateEmailTemplateId: pulumi.String("string"),
LoginNewDeviceEmailTemplateId: pulumi.String("string"),
LoginSuspiciousEmailTemplateId: pulumi.String("string"),
Password: pulumi.String("string"),
PasswordResetSuccessEmailTemplateId: pulumi.String("string"),
PasswordUpdateEmailTemplateId: pulumi.String("string"),
PasswordlessEmailTemplateId: pulumi.String("string"),
Port: pulumi.Int(0),
Properties: pulumi.String("string"),
Security: pulumi.String("string"),
SetPasswordEmailTemplateId: pulumi.String("string"),
TwoFactorMethodAddEmailTemplateId: pulumi.String("string"),
TwoFactorMethodRemoveEmailTemplateId: pulumi.String("string"),
Unverified: &fusionauth.FusionAuthTenantEmailConfigurationUnverifiedArgs{
AllowEmailChangeWhenGated: pulumi.Bool(false),
Behavior: pulumi.String("string"),
},
Username: pulumi.String("string"),
VerificationEmailTemplateId: pulumi.String("string"),
VerificationStrategy: pulumi.String("string"),
VerifyEmail: pulumi.Bool(false),
VerifyEmailWhenChanged: pulumi.Bool(false),
},
EventConfigurations: fusionauth.FusionAuthTenantEventConfigurationArray{
&fusionauth.FusionAuthTenantEventConfigurationArgs{
Enabled: pulumi.Bool(false),
Event: pulumi.String("string"),
TransactionType: pulumi.String("string"),
},
},
ExternalIdentifierConfiguration: &fusionauth.FusionAuthTenantExternalIdentifierConfigurationArgs{
AuthorizationGrantIdTimeToLiveInSeconds: pulumi.Int(0),
ChangePasswordIdGenerator: &fusionauth.FusionAuthTenantExternalIdentifierConfigurationChangePasswordIdGeneratorArgs{
Length: pulumi.Int(0),
Type: pulumi.String("string"),
},
ChangePasswordIdTimeToLiveInSeconds: pulumi.Int(0),
DeviceCodeTimeToLiveInSeconds: pulumi.Int(0),
DeviceUserCodeIdGenerator: &fusionauth.FusionAuthTenantExternalIdentifierConfigurationDeviceUserCodeIdGeneratorArgs{
Length: pulumi.Int(0),
Type: pulumi.String("string"),
},
EmailVerificationIdGenerator: &fusionauth.FusionAuthTenantExternalIdentifierConfigurationEmailVerificationIdGeneratorArgs{
Length: pulumi.Int(0),
Type: pulumi.String("string"),
},
EmailVerificationIdTimeToLiveInSeconds: pulumi.Int(0),
EmailVerificationOneTimeCodeGenerator: &fusionauth.FusionAuthTenantExternalIdentifierConfigurationEmailVerificationOneTimeCodeGeneratorArgs{
Length: pulumi.Int(0),
Type: pulumi.String("string"),
},
ExternalAuthenticationIdTimeToLiveInSeconds: pulumi.Int(0),
LoginIntentTimeToLiveInSeconds: pulumi.Int(0),
OneTimePasswordTimeToLiveInSeconds: pulumi.Int(0),
PasswordlessLoginGenerator: &fusionauth.FusionAuthTenantExternalIdentifierConfigurationPasswordlessLoginGeneratorArgs{
Length: pulumi.Int(0),
Type: pulumi.String("string"),
},
PasswordlessLoginTimeToLiveInSeconds: pulumi.Int(0),
PendingAccountLinkTimeToLiveInSeconds: pulumi.Int(0),
RegistrationVerificationIdGenerator: &fusionauth.FusionAuthTenantExternalIdentifierConfigurationRegistrationVerificationIdGeneratorArgs{
Length: pulumi.Int(0),
Type: pulumi.String("string"),
},
RegistrationVerificationIdTimeToLiveInSeconds: pulumi.Int(0),
RegistrationVerificationOneTimeCodeGenerator: &fusionauth.FusionAuthTenantExternalIdentifierConfigurationRegistrationVerificationOneTimeCodeGeneratorArgs{
Length: pulumi.Int(0),
Type: pulumi.String("string"),
},
RememberOauthScopeConsentChoiceTimeToLiveInSeconds: pulumi.Int(0),
SamlV2AuthnRequestIdTtlSeconds: pulumi.Int(0),
SetupPasswordIdGenerator: &fusionauth.FusionAuthTenantExternalIdentifierConfigurationSetupPasswordIdGeneratorArgs{
Length: pulumi.Int(0),
Type: pulumi.String("string"),
},
SetupPasswordIdTimeToLiveInSeconds: pulumi.Int(0),
TrustTokenTimeToLiveInSeconds: pulumi.Int(0),
TwoFactorIdTimeToLiveInSeconds: pulumi.Int(0),
TwoFactorOneTimeCodeIdGenerator: &fusionauth.FusionAuthTenantExternalIdentifierConfigurationTwoFactorOneTimeCodeIdGeneratorArgs{
Length: pulumi.Int(0),
Type: pulumi.String("string"),
},
TwoFactorOneTimeCodeIdTimeToLiveInSeconds: pulumi.Int(0),
TwoFactorTrustIdTimeToLiveInSeconds: pulumi.Int(0),
WebauthnAuthenticationChallengeTimeToLiveInSeconds: pulumi.Int(0),
WebauthnRegistrationChallengeTimeToLiveInSeconds: pulumi.Int(0),
},
FailedAuthenticationConfiguration: &fusionauth.FusionAuthTenantFailedAuthenticationConfigurationArgs{
ActionCancelPolicyOnPasswordReset: pulumi.Bool(false),
ActionDuration: pulumi.Int(0),
ActionDurationUnit: pulumi.String("string"),
EmailUser: pulumi.Bool(false),
ResetCountInSeconds: pulumi.Int(0),
TooManyAttempts: pulumi.Int(0),
UserActionId: pulumi.String("string"),
},
FamilyConfiguration: &fusionauth.FusionAuthTenantFamilyConfigurationArgs{
AllowChildRegistrations: pulumi.Bool(false),
ConfirmChildEmailTemplateId: pulumi.String("string"),
DeleteOrphanedAccounts: pulumi.Bool(false),
DeleteOrphanedAccountsDays: pulumi.Int(0),
Enabled: pulumi.Bool(false),
FamilyRequestEmailTemplateId: pulumi.String("string"),
MaximumChildAge: pulumi.Int(0),
MinimumOwnerAge: pulumi.Int(0),
ParentEmailRequired: pulumi.Bool(false),
ParentRegistrationEmailTemplateId: pulumi.String("string"),
},
FormConfiguration: &fusionauth.FusionAuthTenantFormConfigurationArgs{
AdminUserFormId: pulumi.String("string"),
},
HttpSessionMaxInactiveInterval: pulumi.Int(0),
Issuer: pulumi.String("string"),
JwtConfigurations: fusionauth.FusionAuthTenantJwtConfigurationArray{
&fusionauth.FusionAuthTenantJwtConfigurationArgs{
AccessTokenKeyId: pulumi.String("string"),
IdTokenKeyId: pulumi.String("string"),
RefreshTokenExpirationPolicy: pulumi.String("string"),
RefreshTokenOneTimeUseConfigurationGracePeriodInSeconds: pulumi.Int(0),
RefreshTokenRevocationPolicyOnLoginPrevented: pulumi.Bool(false),
RefreshTokenRevocationPolicyOnMultiFactorEnable: pulumi.Bool(false),
RefreshTokenRevocationPolicyOnOneTimeTokenReuse: pulumi.Bool(false),
RefreshTokenRevocationPolicyOnPasswordChange: pulumi.Bool(false),
RefreshTokenSlidingWindowMaximumTimeToLiveInMinutes: pulumi.Int(0),
RefreshTokenTimeToLiveInMinutes: pulumi.Int(0),
RefreshTokenUsagePolicy: pulumi.String("string"),
TimeToLiveInSeconds: pulumi.Int(0),
},
},
LambdaConfiguration: &fusionauth.FusionAuthTenantLambdaConfigurationArgs{
LoginValidationId: pulumi.String("string"),
ScimEnterpriseUserRequestConverterId: pulumi.String("string"),
ScimEnterpriseUserResponseConverterId: pulumi.String("string"),
ScimGroupRequestConverterId: pulumi.String("string"),
ScimGroupResponseConverterId: pulumi.String("string"),
ScimUserRequestConverterId: pulumi.String("string"),
ScimUserResponseConverterId: pulumi.String("string"),
},
LoginConfiguration: &fusionauth.FusionAuthTenantLoginConfigurationArgs{
RequireAuthentication: pulumi.Bool(false),
},
LogoutUrl: pulumi.String("string"),
MaximumPasswordAge: &fusionauth.FusionAuthTenantMaximumPasswordAgeArgs{
Days: pulumi.Int(0),
Enabled: pulumi.Bool(false),
},
MinimumPasswordAge: &fusionauth.FusionAuthTenantMinimumPasswordAgeArgs{
Enabled: pulumi.Bool(false),
Seconds: pulumi.Int(0),
},
MultiFactorConfiguration: &fusionauth.FusionAuthTenantMultiFactorConfigurationArgs{
Authenticator: &fusionauth.FusionAuthTenantMultiFactorConfigurationAuthenticatorArgs{
Enabled: pulumi.Bool(false),
},
Email: &fusionauth.FusionAuthTenantMultiFactorConfigurationEmailArgs{
Enabled: pulumi.Bool(false),
TemplateId: pulumi.String("string"),
},
LoginPolicy: pulumi.String("string"),
Sms: &fusionauth.FusionAuthTenantMultiFactorConfigurationSmsArgs{
Enabled: pulumi.Bool(false),
MessengerId: pulumi.String("string"),
TemplateId: pulumi.String("string"),
},
},
Name: pulumi.String("string"),
OauthConfigurations: fusionauth.FusionAuthTenantOauthConfigurationArray{
&fusionauth.FusionAuthTenantOauthConfigurationArgs{
ClientCredentialsAccessTokenPopulateLambdaId: pulumi.String("string"),
},
},
PasswordEncryptionConfigurations: fusionauth.FusionAuthTenantPasswordEncryptionConfigurationArray{
&fusionauth.FusionAuthTenantPasswordEncryptionConfigurationArgs{
EncryptionScheme: pulumi.String("string"),
EncryptionSchemeFactor: pulumi.Int(0),
ModifyEncryptionSchemeOnLogin: pulumi.Bool(false),
},
},
PasswordValidationRules: &fusionauth.FusionAuthTenantPasswordValidationRulesArgs{
BreachDetection: &fusionauth.FusionAuthTenantPasswordValidationRulesBreachDetectionArgs{
Enabled: pulumi.Bool(false),
MatchMode: pulumi.String("string"),
NotifyUserEmailTemplateId: pulumi.String("string"),
OnLogin: pulumi.String("string"),
},
MaxLength: pulumi.Int(0),
MinLength: pulumi.Int(0),
RememberPreviousPasswords: &fusionauth.FusionAuthTenantPasswordValidationRulesRememberPreviousPasswordsArgs{
Count: pulumi.Int(0),
Enabled: pulumi.Bool(false),
},
RequireNonAlpha: pulumi.Bool(false),
RequireNumber: pulumi.Bool(false),
RequiredMixedCase: pulumi.Bool(false),
ValidateOnLogin: pulumi.Bool(false),
},
RateLimitConfiguration: &fusionauth.FusionAuthTenantRateLimitConfigurationArgs{
FailedLogin: &fusionauth.FusionAuthTenantRateLimitConfigurationFailedLoginArgs{
Enabled: pulumi.Bool(false),
Limit: pulumi.Int(0),
TimePeriodInSeconds: pulumi.Int(0),
},
ForgotPassword: &fusionauth.FusionAuthTenantRateLimitConfigurationForgotPasswordArgs{
Enabled: pulumi.Bool(false),
Limit: pulumi.Int(0),
TimePeriodInSeconds: pulumi.Int(0),
},
SendEmailVerification: &fusionauth.FusionAuthTenantRateLimitConfigurationSendEmailVerificationArgs{
Enabled: pulumi.Bool(false),
Limit: pulumi.Int(0),
TimePeriodInSeconds: pulumi.Int(0),
},
SendPasswordless: &fusionauth.FusionAuthTenantRateLimitConfigurationSendPasswordlessArgs{
Enabled: pulumi.Bool(false),
Limit: pulumi.Int(0),
TimePeriodInSeconds: pulumi.Int(0),
},
SendRegistrationVerification: &fusionauth.FusionAuthTenantRateLimitConfigurationSendRegistrationVerificationArgs{
Enabled: pulumi.Bool(false),
Limit: pulumi.Int(0),
TimePeriodInSeconds: pulumi.Int(0),
},
SendTwoFactor: &fusionauth.FusionAuthTenantRateLimitConfigurationSendTwoFactorArgs{
Enabled: pulumi.Bool(false),
Limit: pulumi.Int(0),
TimePeriodInSeconds: pulumi.Int(0),
},
},
RegistrationConfiguration: &fusionauth.FusionAuthTenantRegistrationConfigurationArgs{
BlockedDomains: pulumi.StringArray{
pulumi.String("string"),
},
},
ScimServerConfiguration: &fusionauth.FusionAuthTenantScimServerConfigurationArgs{
ClientEntityTypeId: pulumi.String("string"),
ServerEntityTypeId: pulumi.String("string"),
Enabled: pulumi.Bool(false),
Schemas: pulumi.String("string"),
},
SourceTenantId: pulumi.String("string"),
SsoConfiguration: &fusionauth.FusionAuthTenantSsoConfigurationArgs{
DeviceTrustTimeToLiveInSeconds: pulumi.Int(0),
},
TenantId: pulumi.String("string"),
ThemeId: pulumi.String("string"),
UserDeletePolicy: &fusionauth.FusionAuthTenantUserDeletePolicyArgs{
UnverifiedEnabled: pulumi.Bool(false),
UnverifiedNumberOfDaysToRetain: pulumi.Int(0),
},
UsernameConfiguration: &fusionauth.FusionAuthTenantUsernameConfigurationArgs{
Unique: &fusionauth.FusionAuthTenantUsernameConfigurationUniqueArgs{
Enabled: pulumi.Bool(false),
NumberOfDigits: pulumi.Int(0),
Separator: pulumi.String("string"),
Strategy: pulumi.String("string"),
},
},
WebauthnConfiguration: &fusionauth.FusionAuthTenantWebauthnConfigurationArgs{
BootstrapWorkflow: &fusionauth.FusionAuthTenantWebauthnConfigurationBootstrapWorkflowArgs{
AuthenticatorAttachmentPreference: pulumi.String("string"),
Enabled: pulumi.Bool(false),
UserVerificationRequirement: pulumi.String("string"),
},
Debug: pulumi.Bool(false),
Enabled: pulumi.Bool(false),
ReauthenticationWorkflow: &fusionauth.FusionAuthTenantWebauthnConfigurationReauthenticationWorkflowArgs{
AuthenticatorAttachmentPreference: pulumi.String("string"),
Enabled: pulumi.Bool(false),
UserVerificationRequirement: pulumi.String("string"),
},
RelyingPartyId: pulumi.String("string"),
RelyingPartyName: pulumi.String("string"),
},
WebhookIds: pulumi.StringArray{
pulumi.String("string"),
},
})
var fusionAuthTenantResource = new FusionAuthTenant("fusionAuthTenantResource", FusionAuthTenantArgs.builder()
.accessControlConfiguration(FusionAuthTenantAccessControlConfigurationArgs.builder()
.uiIpAccessControlListId("string")
.build())
.captchaConfiguration(FusionAuthTenantCaptchaConfigurationArgs.builder()
.captchaMethod("string")
.enabled(false)
.secretKey("string")
.siteKey("string")
.threshold(0)
.build())
.connectorPolicies(FusionAuthTenantConnectorPolicyArgs.builder()
.connectorId("string")
.domains("string")
.migrate(false)
.build())
.data(Map.of("string", "string"))
.emailConfiguration(FusionAuthTenantEmailConfigurationArgs.builder()
.additionalHeaders(Map.of("string", "string"))
.debug(false)
.defaultFromEmail("string")
.defaultFromName("string")
.emailUpdateEmailTemplateId("string")
.emailVerifiedEmailTemplateId("string")
.forgotPasswordEmailTemplateId("string")
.host("string")
.implicitEmailVerificationAllowed(false)
.loginIdInUseOnCreateEmailTemplateId("string")
.loginIdInUseOnUpdateEmailTemplateId("string")
.loginNewDeviceEmailTemplateId("string")
.loginSuspiciousEmailTemplateId("string")
.password("string")
.passwordResetSuccessEmailTemplateId("string")
.passwordUpdateEmailTemplateId("string")
.passwordlessEmailTemplateId("string")
.port(0)
.properties("string")
.security("string")
.setPasswordEmailTemplateId("string")
.twoFactorMethodAddEmailTemplateId("string")
.twoFactorMethodRemoveEmailTemplateId("string")
.unverified(FusionAuthTenantEmailConfigurationUnverifiedArgs.builder()
.allowEmailChangeWhenGated(false)
.behavior("string")
.build())
.username("string")
.verificationEmailTemplateId("string")
.verificationStrategy("string")
.verifyEmail(false)
.verifyEmailWhenChanged(false)
.build())
.eventConfigurations(FusionAuthTenantEventConfigurationArgs.builder()
.enabled(false)
.event("string")
.transactionType("string")
.build())
.externalIdentifierConfiguration(FusionAuthTenantExternalIdentifierConfigurationArgs.builder()
.authorizationGrantIdTimeToLiveInSeconds(0)
.changePasswordIdGenerator(FusionAuthTenantExternalIdentifierConfigurationChangePasswordIdGeneratorArgs.builder()
.length(0)
.type("string")
.build())
.changePasswordIdTimeToLiveInSeconds(0)
.deviceCodeTimeToLiveInSeconds(0)
.deviceUserCodeIdGenerator(FusionAuthTenantExternalIdentifierConfigurationDeviceUserCodeIdGeneratorArgs.builder()
.length(0)
.type("string")
.build())
.emailVerificationIdGenerator(FusionAuthTenantExternalIdentifierConfigurationEmailVerificationIdGeneratorArgs.builder()
.length(0)
.type("string")
.build())
.emailVerificationIdTimeToLiveInSeconds(0)
.emailVerificationOneTimeCodeGenerator(FusionAuthTenantExternalIdentifierConfigurationEmailVerificationOneTimeCodeGeneratorArgs.builder()
.length(0)
.type("string")
.build())
.externalAuthenticationIdTimeToLiveInSeconds(0)
.loginIntentTimeToLiveInSeconds(0)
.oneTimePasswordTimeToLiveInSeconds(0)
.passwordlessLoginGenerator(FusionAuthTenantExternalIdentifierConfigurationPasswordlessLoginGeneratorArgs.builder()
.length(0)
.type("string")
.build())
.passwordlessLoginTimeToLiveInSeconds(0)
.pendingAccountLinkTimeToLiveInSeconds(0)
.registrationVerificationIdGenerator(FusionAuthTenantExternalIdentifierConfigurationRegistrationVerificationIdGeneratorArgs.builder()
.length(0)
.type("string")
.build())
.registrationVerificationIdTimeToLiveInSeconds(0)
.registrationVerificationOneTimeCodeGenerator(FusionAuthTenantExternalIdentifierConfigurationRegistrationVerificationOneTimeCodeGeneratorArgs.builder()
.length(0)
.type("string")
.build())
.rememberOauthScopeConsentChoiceTimeToLiveInSeconds(0)
.samlV2AuthnRequestIdTtlSeconds(0)
.setupPasswordIdGenerator(FusionAuthTenantExternalIdentifierConfigurationSetupPasswordIdGeneratorArgs.builder()
.length(0)
.type("string")
.build())
.setupPasswordIdTimeToLiveInSeconds(0)
.trustTokenTimeToLiveInSeconds(0)
.twoFactorIdTimeToLiveInSeconds(0)
.twoFactorOneTimeCodeIdGenerator(FusionAuthTenantExternalIdentifierConfigurationTwoFactorOneTimeCodeIdGeneratorArgs.builder()
.length(0)
.type("string")
.build())
.twoFactorOneTimeCodeIdTimeToLiveInSeconds(0)
.twoFactorTrustIdTimeToLiveInSeconds(0)
.webauthnAuthenticationChallengeTimeToLiveInSeconds(0)
.webauthnRegistrationChallengeTimeToLiveInSeconds(0)
.build())
.failedAuthenticationConfiguration(FusionAuthTenantFailedAuthenticationConfigurationArgs.builder()
.actionCancelPolicyOnPasswordReset(false)
.actionDuration(0)
.actionDurationUnit("string")
.emailUser(false)
.resetCountInSeconds(0)
.tooManyAttempts(0)
.userActionId("string")
.build())
.familyConfiguration(FusionAuthTenantFamilyConfigurationArgs.builder()
.allowChildRegistrations(false)
.confirmChildEmailTemplateId("string")
.deleteOrphanedAccounts(false)
.deleteOrphanedAccountsDays(0)
.enabled(false)
.familyRequestEmailTemplateId("string")
.maximumChildAge(0)
.minimumOwnerAge(0)
.parentEmailRequired(false)
.parentRegistrationEmailTemplateId("string")
.build())
.formConfiguration(FusionAuthTenantFormConfigurationArgs.builder()
.adminUserFormId("string")
.build())
.httpSessionMaxInactiveInterval(0)
.issuer("string")
.jwtConfigurations(FusionAuthTenantJwtConfigurationArgs.builder()
.accessTokenKeyId("string")
.idTokenKeyId("string")
.refreshTokenExpirationPolicy("string")
.refreshTokenOneTimeUseConfigurationGracePeriodInSeconds(0)
.refreshTokenRevocationPolicyOnLoginPrevented(false)
.refreshTokenRevocationPolicyOnMultiFactorEnable(false)
.refreshTokenRevocationPolicyOnOneTimeTokenReuse(false)
.refreshTokenRevocationPolicyOnPasswordChange(false)
.refreshTokenSlidingWindowMaximumTimeToLiveInMinutes(0)
.refreshTokenTimeToLiveInMinutes(0)
.refreshTokenUsagePolicy("string")
.timeToLiveInSeconds(0)
.build())
.lambdaConfiguration(FusionAuthTenantLambdaConfigurationArgs.builder()
.loginValidationId("string")
.scimEnterpriseUserRequestConverterId("string")
.scimEnterpriseUserResponseConverterId("string")
.scimGroupRequestConverterId("string")
.scimGroupResponseConverterId("string")
.scimUserRequestConverterId("string")
.scimUserResponseConverterId("string")
.build())
.loginConfiguration(FusionAuthTenantLoginConfigurationArgs.builder()
.requireAuthentication(false)
.build())
.logoutUrl("string")
.maximumPasswordAge(FusionAuthTenantMaximumPasswordAgeArgs.builder()
.days(0)
.enabled(false)
.build())
.minimumPasswordAge(FusionAuthTenantMinimumPasswordAgeArgs.builder()
.enabled(false)
.seconds(0)
.build())
.multiFactorConfiguration(FusionAuthTenantMultiFactorConfigurationArgs.builder()
.authenticator(FusionAuthTenantMultiFactorConfigurationAuthenticatorArgs.builder()
.enabled(false)
.build())
.email(FusionAuthTenantMultiFactorConfigurationEmailArgs.builder()
.enabled(false)
.templateId("string")
.build())
.loginPolicy("string")
.sms(FusionAuthTenantMultiFactorConfigurationSmsArgs.builder()
.enabled(false)
.messengerId("string")
.templateId("string")
.build())
.build())
.name("string")
.oauthConfigurations(FusionAuthTenantOauthConfigurationArgs.builder()
.clientCredentialsAccessTokenPopulateLambdaId("string")
.build())
.passwordEncryptionConfigurations(FusionAuthTenantPasswordEncryptionConfigurationArgs.builder()
.encryptionScheme("string")
.encryptionSchemeFactor(0)
.modifyEncryptionSchemeOnLogin(false)
.build())
.passwordValidationRules(FusionAuthTenantPasswordValidationRulesArgs.builder()
.breachDetection(FusionAuthTenantPasswordValidationRulesBreachDetectionArgs.builder()
.enabled(false)
.matchMode("string")
.notifyUserEmailTemplateId("string")
.onLogin("string")
.build())
.maxLength(0)
.minLength(0)
.rememberPreviousPasswords(FusionAuthTenantPasswordValidationRulesRememberPreviousPasswordsArgs.builder()
.count(0)
.enabled(false)
.build())
.requireNonAlpha(false)
.requireNumber(false)
.requiredMixedCase(false)
.validateOnLogin(false)
.build())
.rateLimitConfiguration(FusionAuthTenantRateLimitConfigurationArgs.builder()
.failedLogin(FusionAuthTenantRateLimitConfigurationFailedLoginArgs.builder()
.enabled(false)
.limit(0)
.timePeriodInSeconds(0)
.build())
.forgotPassword(FusionAuthTenantRateLimitConfigurationForgotPasswordArgs.builder()
.enabled(false)
.limit(0)
.timePeriodInSeconds(0)
.build())
.sendEmailVerification(FusionAuthTenantRateLimitConfigurationSendEmailVerificationArgs.builder()
.enabled(false)
.limit(0)
.timePeriodInSeconds(0)
.build())
.sendPasswordless(FusionAuthTenantRateLimitConfigurationSendPasswordlessArgs.builder()
.enabled(false)
.limit(0)
.timePeriodInSeconds(0)
.build())
.sendRegistrationVerification(FusionAuthTenantRateLimitConfigurationSendRegistrationVerificationArgs.builder()
.enabled(false)
.limit(0)
.timePeriodInSeconds(0)
.build())
.sendTwoFactor(FusionAuthTenantRateLimitConfigurationSendTwoFactorArgs.builder()
.enabled(false)
.limit(0)
.timePeriodInSeconds(0)
.build())
.build())
.registrationConfiguration(FusionAuthTenantRegistrationConfigurationArgs.builder()
.blockedDomains("string")
.build())
.scimServerConfiguration(FusionAuthTenantScimServerConfigurationArgs.builder()
.clientEntityTypeId("string")
.serverEntityTypeId("string")
.enabled(false)
.schemas("string")
.build())
.sourceTenantId("string")
.ssoConfiguration(FusionAuthTenantSsoConfigurationArgs.builder()
.deviceTrustTimeToLiveInSeconds(0)
.build())
.tenantId("string")
.themeId("string")
.userDeletePolicy(FusionAuthTenantUserDeletePolicyArgs.builder()
.unverifiedEnabled(false)
.unverifiedNumberOfDaysToRetain(0)
.build())
.usernameConfiguration(FusionAuthTenantUsernameConfigurationArgs.builder()
.unique(FusionAuthTenantUsernameConfigurationUniqueArgs.builder()
.enabled(false)
.numberOfDigits(0)
.separator("string")
.strategy("string")
.build())
.build())
.webauthnConfiguration(FusionAuthTenantWebauthnConfigurationArgs.builder()
.bootstrapWorkflow(FusionAuthTenantWebauthnConfigurationBootstrapWorkflowArgs.builder()
.authenticatorAttachmentPreference("string")
.enabled(false)
.userVerificationRequirement("string")
.build())
.debug(false)
.enabled(false)
.reauthenticationWorkflow(FusionAuthTenantWebauthnConfigurationReauthenticationWorkflowArgs.builder()
.authenticatorAttachmentPreference("string")
.enabled(false)
.userVerificationRequirement("string")
.build())
.relyingPartyId("string")
.relyingPartyName("string")
.build())
.webhookIds("string")
.build());
fusion_auth_tenant_resource = fusionauth.FusionAuthTenant("fusionAuthTenantResource",
access_control_configuration={
"ui_ip_access_control_list_id": "string",
},
captcha_configuration={
"captcha_method": "string",
"enabled": False,
"secret_key": "string",
"site_key": "string",
"threshold": 0,
},
connector_policies=[{
"connector_id": "string",
"domains": ["string"],
"migrate": False,
}],
data={
"string": "string",
},
email_configuration={
"additional_headers": {
"string": "string",
},
"debug": False,
"default_from_email": "string",
"default_from_name": "string",
"email_update_email_template_id": "string",
"email_verified_email_template_id": "string",
"forgot_password_email_template_id": "string",
"host": "string",
"implicit_email_verification_allowed": False,
"login_id_in_use_on_create_email_template_id": "string",
"login_id_in_use_on_update_email_template_id": "string",
"login_new_device_email_template_id": "string",
"login_suspicious_email_template_id": "string",
"password": "string",
"password_reset_success_email_template_id": "string",
"password_update_email_template_id": "string",
"passwordless_email_template_id": "string",
"port": 0,
"properties": "string",
"security": "string",
"set_password_email_template_id": "string",
"two_factor_method_add_email_template_id": "string",
"two_factor_method_remove_email_template_id": "string",
"unverified": {
"allow_email_change_when_gated": False,
"behavior": "string",
},
"username": "string",
"verification_email_template_id": "string",
"verification_strategy": "string",
"verify_email": False,
"verify_email_when_changed": False,
},
event_configurations=[{
"enabled": False,
"event": "string",
"transaction_type": "string",
}],
external_identifier_configuration={
"authorization_grant_id_time_to_live_in_seconds": 0,
"change_password_id_generator": {
"length": 0,
"type": "string",
},
"change_password_id_time_to_live_in_seconds": 0,
"device_code_time_to_live_in_seconds": 0,
"device_user_code_id_generator": {
"length": 0,
"type": "string",
},
"email_verification_id_generator": {
"length": 0,
"type": "string",
},
"email_verification_id_time_to_live_in_seconds": 0,
"email_verification_one_time_code_generator": {
"length": 0,
"type": "string",
},
"external_authentication_id_time_to_live_in_seconds": 0,
"login_intent_time_to_live_in_seconds": 0,
"one_time_password_time_to_live_in_seconds": 0,
"passwordless_login_generator": {
"length": 0,
"type": "string",
},
"passwordless_login_time_to_live_in_seconds": 0,
"pending_account_link_time_to_live_in_seconds": 0,
"registration_verification_id_generator": {
"length": 0,
"type": "string",
},
"registration_verification_id_time_to_live_in_seconds": 0,
"registration_verification_one_time_code_generator": {
"length": 0,
"type": "string",
},
"remember_oauth_scope_consent_choice_time_to_live_in_seconds": 0,
"saml_v2_authn_request_id_ttl_seconds": 0,
"setup_password_id_generator": {
"length": 0,
"type": "string",
},
"setup_password_id_time_to_live_in_seconds": 0,
"trust_token_time_to_live_in_seconds": 0,
"two_factor_id_time_to_live_in_seconds": 0,
"two_factor_one_time_code_id_generator": {
"length": 0,
"type": "string",
},
"two_factor_one_time_code_id_time_to_live_in_seconds": 0,
"two_factor_trust_id_time_to_live_in_seconds": 0,
"webauthn_authentication_challenge_time_to_live_in_seconds": 0,
"webauthn_registration_challenge_time_to_live_in_seconds": 0,
},
failed_authentication_configuration={
"action_cancel_policy_on_password_reset": False,
"action_duration": 0,
"action_duration_unit": "string",
"email_user": False,
"reset_count_in_seconds": 0,
"too_many_attempts": 0,
"user_action_id": "string",
},
family_configuration={
"allow_child_registrations": False,
"confirm_child_email_template_id": "string",
"delete_orphaned_accounts": False,
"delete_orphaned_accounts_days": 0,
"enabled": False,
"family_request_email_template_id": "string",
"maximum_child_age": 0,
"minimum_owner_age": 0,
"parent_email_required": False,
"parent_registration_email_template_id": "string",
},
form_configuration={
"admin_user_form_id": "string",
},
http_session_max_inactive_interval=0,
issuer="string",
jwt_configurations=[{
"access_token_key_id": "string",
"id_token_key_id": "string",
"refresh_token_expiration_policy": "string",
"refresh_token_one_time_use_configuration_grace_period_in_seconds": 0,
"refresh_token_revocation_policy_on_login_prevented": False,
"refresh_token_revocation_policy_on_multi_factor_enable": False,
"refresh_token_revocation_policy_on_one_time_token_reuse": False,
"refresh_token_revocation_policy_on_password_change": False,
"refresh_token_sliding_window_maximum_time_to_live_in_minutes": 0,
"refresh_token_time_to_live_in_minutes": 0,
"refresh_token_usage_policy": "string",
"time_to_live_in_seconds": 0,
}],
lambda_configuration={
"login_validation_id": "string",
"scim_enterprise_user_request_converter_id": "string",
"scim_enterprise_user_response_converter_id": "string",
"scim_group_request_converter_id": "string",
"scim_group_response_converter_id": "string",
"scim_user_request_converter_id": "string",
"scim_user_response_converter_id": "string",
},
login_configuration={
"require_authentication": False,
},
logout_url="string",
maximum_password_age={
"days": 0,
"enabled": False,
},
minimum_password_age={
"enabled": False,
"seconds": 0,
},
multi_factor_configuration={
"authenticator": {
"enabled": False,
},
"email": {
"enabled": False,
"template_id": "string",
},
"login_policy": "string",
"sms": {
"enabled": False,
"messenger_id": "string",
"template_id": "string",
},
},
name="string",
oauth_configurations=[{
"client_credentials_access_token_populate_lambda_id": "string",
}],
password_encryption_configurations=[{
"encryption_scheme": "string",
"encryption_scheme_factor": 0,
"modify_encryption_scheme_on_login": False,
}],
password_validation_rules={
"breach_detection": {
"enabled": False,
"match_mode": "string",
"notify_user_email_template_id": "string",
"on_login": "string",
},
"max_length": 0,
"min_length": 0,
"remember_previous_passwords": {
"count": 0,
"enabled": False,
},
"require_non_alpha": False,
"require_number": False,
"required_mixed_case": False,
"validate_on_login": False,
},
rate_limit_configuration={
"failed_login": {
"enabled": False,
"limit": 0,
"time_period_in_seconds": 0,
},
"forgot_password": {
"enabled": False,
"limit": 0,
"time_period_in_seconds": 0,
},
"send_email_verification": {
"enabled": False,
"limit": 0,
"time_period_in_seconds": 0,
},
"send_passwordless": {
"enabled": False,
"limit": 0,
"time_period_in_seconds": 0,
},
"send_registration_verification": {
"enabled": False,
"limit": 0,
"time_period_in_seconds": 0,
},
"send_two_factor": {
"enabled": False,
"limit": 0,
"time_period_in_seconds": 0,
},
},
registration_configuration={
"blocked_domains": ["string"],
},
scim_server_configuration={
"client_entity_type_id": "string",
"server_entity_type_id": "string",
"enabled": False,
"schemas": "string",
},
source_tenant_id="string",
sso_configuration={
"device_trust_time_to_live_in_seconds": 0,
},
tenant_id="string",
theme_id="string",
user_delete_policy={
"unverified_enabled": False,
"unverified_number_of_days_to_retain": 0,
},
username_configuration={
"unique": {
"enabled": False,
"number_of_digits": 0,
"separator": "string",
"strategy": "string",
},
},
webauthn_configuration={
"bootstrap_workflow": {
"authenticator_attachment_preference": "string",
"enabled": False,
"user_verification_requirement": "string",
},
"debug": False,
"enabled": False,
"reauthentication_workflow": {
"authenticator_attachment_preference": "string",
"enabled": False,
"user_verification_requirement": "string",
},
"relying_party_id": "string",
"relying_party_name": "string",
},
webhook_ids=["string"])
const fusionAuthTenantResource = new fusionauth.FusionAuthTenant("fusionAuthTenantResource", {
accessControlConfiguration: {
uiIpAccessControlListId: "string",
},
captchaConfiguration: {
captchaMethod: "string",
enabled: false,
secretKey: "string",
siteKey: "string",
threshold: 0,
},
connectorPolicies: [{
connectorId: "string",
domains: ["string"],
migrate: false,
}],
data: {
string: "string",
},
emailConfiguration: {
additionalHeaders: {
string: "string",
},
debug: false,
defaultFromEmail: "string",
defaultFromName: "string",
emailUpdateEmailTemplateId: "string",
emailVerifiedEmailTemplateId: "string",
forgotPasswordEmailTemplateId: "string",
host: "string",
implicitEmailVerificationAllowed: false,
loginIdInUseOnCreateEmailTemplateId: "string",
loginIdInUseOnUpdateEmailTemplateId: "string",
loginNewDeviceEmailTemplateId: "string",
loginSuspiciousEmailTemplateId: "string",
password: "string",
passwordResetSuccessEmailTemplateId: "string",
passwordUpdateEmailTemplateId: "string",
passwordlessEmailTemplateId: "string",
port: 0,
properties: "string",
security: "string",
setPasswordEmailTemplateId: "string",
twoFactorMethodAddEmailTemplateId: "string",
twoFactorMethodRemoveEmailTemplateId: "string",
unverified: {
allowEmailChangeWhenGated: false,
behavior: "string",
},
username: "string",
verificationEmailTemplateId: "string",
verificationStrategy: "string",
verifyEmail: false,
verifyEmailWhenChanged: false,
},
eventConfigurations: [{
enabled: false,
event: "string",
transactionType: "string",
}],
externalIdentifierConfiguration: {
authorizationGrantIdTimeToLiveInSeconds: 0,
changePasswordIdGenerator: {
length: 0,
type: "string",
},
changePasswordIdTimeToLiveInSeconds: 0,
deviceCodeTimeToLiveInSeconds: 0,
deviceUserCodeIdGenerator: {
length: 0,
type: "string",
},
emailVerificationIdGenerator: {
length: 0,
type: "string",
},
emailVerificationIdTimeToLiveInSeconds: 0,
emailVerificationOneTimeCodeGenerator: {
length: 0,
type: "string",
},
externalAuthenticationIdTimeToLiveInSeconds: 0,
loginIntentTimeToLiveInSeconds: 0,
oneTimePasswordTimeToLiveInSeconds: 0,
passwordlessLoginGenerator: {
length: 0,
type: "string",
},
passwordlessLoginTimeToLiveInSeconds: 0,
pendingAccountLinkTimeToLiveInSeconds: 0,
registrationVerificationIdGenerator: {
length: 0,
type: "string",
},
registrationVerificationIdTimeToLiveInSeconds: 0,
registrationVerificationOneTimeCodeGenerator: {
length: 0,
type: "string",
},
rememberOauthScopeConsentChoiceTimeToLiveInSeconds: 0,
samlV2AuthnRequestIdTtlSeconds: 0,
setupPasswordIdGenerator: {
length: 0,
type: "string",
},
setupPasswordIdTimeToLiveInSeconds: 0,
trustTokenTimeToLiveInSeconds: 0,
twoFactorIdTimeToLiveInSeconds: 0,
twoFactorOneTimeCodeIdGenerator: {
length: 0,
type: "string",
},
twoFactorOneTimeCodeIdTimeToLiveInSeconds: 0,
twoFactorTrustIdTimeToLiveInSeconds: 0,
webauthnAuthenticationChallengeTimeToLiveInSeconds: 0,
webauthnRegistrationChallengeTimeToLiveInSeconds: 0,
},
failedAuthenticationConfiguration: {
actionCancelPolicyOnPasswordReset: false,
actionDuration: 0,
actionDurationUnit: "string",
emailUser: false,
resetCountInSeconds: 0,
tooManyAttempts: 0,
userActionId: "string",
},
familyConfiguration: {
allowChildRegistrations: false,
confirmChildEmailTemplateId: "string",
deleteOrphanedAccounts: false,
deleteOrphanedAccountsDays: 0,
enabled: false,
familyRequestEmailTemplateId: "string",
maximumChildAge: 0,
minimumOwnerAge: 0,
parentEmailRequired: false,
parentRegistrationEmailTemplateId: "string",
},
formConfiguration: {
adminUserFormId: "string",
},
httpSessionMaxInactiveInterval: 0,
issuer: "string",
jwtConfigurations: [{
accessTokenKeyId: "string",
idTokenKeyId: "string",
refreshTokenExpirationPolicy: "string",
refreshTokenOneTimeUseConfigurationGracePeriodInSeconds: 0,
refreshTokenRevocationPolicyOnLoginPrevented: false,
refreshTokenRevocationPolicyOnMultiFactorEnable: false,
refreshTokenRevocationPolicyOnOneTimeTokenReuse: false,
refreshTokenRevocationPolicyOnPasswordChange: false,
refreshTokenSlidingWindowMaximumTimeToLiveInMinutes: 0,
refreshTokenTimeToLiveInMinutes: 0,
refreshTokenUsagePolicy: "string",
timeToLiveInSeconds: 0,
}],
lambdaConfiguration: {
loginValidationId: "string",
scimEnterpriseUserRequestConverterId: "string",
scimEnterpriseUserResponseConverterId: "string",
scimGroupRequestConverterId: "string",
scimGroupResponseConverterId: "string",
scimUserRequestConverterId: "string",
scimUserResponseConverterId: "string",
},
loginConfiguration: {
requireAuthentication: false,
},
logoutUrl: "string",
maximumPasswordAge: {
days: 0,
enabled: false,
},
minimumPasswordAge: {
enabled: false,
seconds: 0,
},
multiFactorConfiguration: {
authenticator: {
enabled: false,
},
email: {
enabled: false,
templateId: "string",
},
loginPolicy: "string",
sms: {
enabled: false,
messengerId: "string",
templateId: "string",
},
},
name: "string",
oauthConfigurations: [{
clientCredentialsAccessTokenPopulateLambdaId: "string",
}],
passwordEncryptionConfigurations: [{
encryptionScheme: "string",
encryptionSchemeFactor: 0,
modifyEncryptionSchemeOnLogin: false,
}],
passwordValidationRules: {
breachDetection: {
enabled: false,
matchMode: "string",
notifyUserEmailTemplateId: "string",
onLogin: "string",
},
maxLength: 0,
minLength: 0,
rememberPreviousPasswords: {
count: 0,
enabled: false,
},
requireNonAlpha: false,
requireNumber: false,
requiredMixedCase: false,
validateOnLogin: false,
},
rateLimitConfiguration: {
failedLogin: {
enabled: false,
limit: 0,
timePeriodInSeconds: 0,
},
forgotPassword: {
enabled: false,
limit: 0,
timePeriodInSeconds: 0,
},
sendEmailVerification: {
enabled: false,
limit: 0,
timePeriodInSeconds: 0,
},
sendPasswordless: {
enabled: false,
limit: 0,
timePeriodInSeconds: 0,
},
sendRegistrationVerification: {
enabled: false,
limit: 0,
timePeriodInSeconds: 0,
},
sendTwoFactor: {
enabled: false,
limit: 0,
timePeriodInSeconds: 0,
},
},
registrationConfiguration: {
blockedDomains: ["string"],
},
scimServerConfiguration: {
clientEntityTypeId: "string",
serverEntityTypeId: "string",
enabled: false,
schemas: "string",
},
sourceTenantId: "string",
ssoConfiguration: {
deviceTrustTimeToLiveInSeconds: 0,
},
tenantId: "string",
themeId: "string",
userDeletePolicy: {
unverifiedEnabled: false,
unverifiedNumberOfDaysToRetain: 0,
},
usernameConfiguration: {
unique: {
enabled: false,
numberOfDigits: 0,
separator: "string",
strategy: "string",
},
},
webauthnConfiguration: {
bootstrapWorkflow: {
authenticatorAttachmentPreference: "string",
enabled: false,
userVerificationRequirement: "string",
},
debug: false,
enabled: false,
reauthenticationWorkflow: {
authenticatorAttachmentPreference: "string",
enabled: false,
userVerificationRequirement: "string",
},
relyingPartyId: "string",
relyingPartyName: "string",
},
webhookIds: ["string"],
});
type: fusionauth:FusionAuthTenant
properties:
accessControlConfiguration:
uiIpAccessControlListId: string
captchaConfiguration:
captchaMethod: string
enabled: false
secretKey: string
siteKey: string
threshold: 0
connectorPolicies:
- connectorId: string
domains:
- string
migrate: false
data:
string: string
emailConfiguration:
additionalHeaders:
string: string
debug: false
defaultFromEmail: string
defaultFromName: string
emailUpdateEmailTemplateId: string
emailVerifiedEmailTemplateId: string
forgotPasswordEmailTemplateId: string
host: string
implicitEmailVerificationAllowed: false
loginIdInUseOnCreateEmailTemplateId: string
loginIdInUseOnUpdateEmailTemplateId: string
loginNewDeviceEmailTemplateId: string
loginSuspiciousEmailTemplateId: string
password: string
passwordResetSuccessEmailTemplateId: string
passwordUpdateEmailTemplateId: string
passwordlessEmailTemplateId: string
port: 0
properties: string
security: string
setPasswordEmailTemplateId: string
twoFactorMethodAddEmailTemplateId: string
twoFactorMethodRemoveEmailTemplateId: string
unverified:
allowEmailChangeWhenGated: false
behavior: string
username: string
verificationEmailTemplateId: string
verificationStrategy: string
verifyEmail: false
verifyEmailWhenChanged: false
eventConfigurations:
- enabled: false
event: string
transactionType: string
externalIdentifierConfiguration:
authorizationGrantIdTimeToLiveInSeconds: 0
changePasswordIdGenerator:
length: 0
type: string
changePasswordIdTimeToLiveInSeconds: 0
deviceCodeTimeToLiveInSeconds: 0
deviceUserCodeIdGenerator:
length: 0
type: string
emailVerificationIdGenerator:
length: 0
type: string
emailVerificationIdTimeToLiveInSeconds: 0
emailVerificationOneTimeCodeGenerator:
length: 0
type: string
externalAuthenticationIdTimeToLiveInSeconds: 0
loginIntentTimeToLiveInSeconds: 0
oneTimePasswordTimeToLiveInSeconds: 0
passwordlessLoginGenerator:
length: 0
type: string
passwordlessLoginTimeToLiveInSeconds: 0
pendingAccountLinkTimeToLiveInSeconds: 0
registrationVerificationIdGenerator:
length: 0
type: string
registrationVerificationIdTimeToLiveInSeconds: 0
registrationVerificationOneTimeCodeGenerator:
length: 0
type: string
rememberOauthScopeConsentChoiceTimeToLiveInSeconds: 0
samlV2AuthnRequestIdTtlSeconds: 0
setupPasswordIdGenerator:
length: 0
type: string
setupPasswordIdTimeToLiveInSeconds: 0
trustTokenTimeToLiveInSeconds: 0
twoFactorIdTimeToLiveInSeconds: 0
twoFactorOneTimeCodeIdGenerator:
length: 0
type: string
twoFactorOneTimeCodeIdTimeToLiveInSeconds: 0
twoFactorTrustIdTimeToLiveInSeconds: 0
webauthnAuthenticationChallengeTimeToLiveInSeconds: 0
webauthnRegistrationChallengeTimeToLiveInSeconds: 0
failedAuthenticationConfiguration:
actionCancelPolicyOnPasswordReset: false
actionDuration: 0
actionDurationUnit: string
emailUser: false
resetCountInSeconds: 0
tooManyAttempts: 0
userActionId: string
familyConfiguration:
allowChildRegistrations: false
confirmChildEmailTemplateId: string
deleteOrphanedAccounts: false
deleteOrphanedAccountsDays: 0
enabled: false
familyRequestEmailTemplateId: string
maximumChildAge: 0
minimumOwnerAge: 0
parentEmailRequired: false
parentRegistrationEmailTemplateId: string
formConfiguration:
adminUserFormId: string
httpSessionMaxInactiveInterval: 0
issuer: string
jwtConfigurations:
- accessTokenKeyId: string
idTokenKeyId: string
refreshTokenExpirationPolicy: string
refreshTokenOneTimeUseConfigurationGracePeriodInSeconds: 0
refreshTokenRevocationPolicyOnLoginPrevented: false
refreshTokenRevocationPolicyOnMultiFactorEnable: false
refreshTokenRevocationPolicyOnOneTimeTokenReuse: false
refreshTokenRevocationPolicyOnPasswordChange: false
refreshTokenSlidingWindowMaximumTimeToLiveInMinutes: 0
refreshTokenTimeToLiveInMinutes: 0
refreshTokenUsagePolicy: string
timeToLiveInSeconds: 0
lambdaConfiguration:
loginValidationId: string
scimEnterpriseUserRequestConverterId: string
scimEnterpriseUserResponseConverterId: string
scimGroupRequestConverterId: string
scimGroupResponseConverterId: string
scimUserRequestConverterId: string
scimUserResponseConverterId: string
loginConfiguration:
requireAuthentication: false
logoutUrl: string
maximumPasswordAge:
days: 0
enabled: false
minimumPasswordAge:
enabled: false
seconds: 0
multiFactorConfiguration:
authenticator:
enabled: false
email:
enabled: false
templateId: string
loginPolicy: string
sms:
enabled: false
messengerId: string
templateId: string
name: string
oauthConfigurations:
- clientCredentialsAccessTokenPopulateLambdaId: string
passwordEncryptionConfigurations:
- encryptionScheme: string
encryptionSchemeFactor: 0
modifyEncryptionSchemeOnLogin: false
passwordValidationRules:
breachDetection:
enabled: false
matchMode: string
notifyUserEmailTemplateId: string
onLogin: string
maxLength: 0
minLength: 0
rememberPreviousPasswords:
count: 0
enabled: false
requireNonAlpha: false
requireNumber: false
requiredMixedCase: false
validateOnLogin: false
rateLimitConfiguration:
failedLogin:
enabled: false
limit: 0
timePeriodInSeconds: 0
forgotPassword:
enabled: false
limit: 0
timePeriodInSeconds: 0
sendEmailVerification:
enabled: false
limit: 0
timePeriodInSeconds: 0
sendPasswordless:
enabled: false
limit: 0
timePeriodInSeconds: 0
sendRegistrationVerification:
enabled: false
limit: 0
timePeriodInSeconds: 0
sendTwoFactor:
enabled: false
limit: 0
timePeriodInSeconds: 0
registrationConfiguration:
blockedDomains:
- string
scimServerConfiguration:
clientEntityTypeId: string
enabled: false
schemas: string
serverEntityTypeId: string
sourceTenantId: string
ssoConfiguration:
deviceTrustTimeToLiveInSeconds: 0
tenantId: string
themeId: string
userDeletePolicy:
unverifiedEnabled: false
unverifiedNumberOfDaysToRetain: 0
usernameConfiguration:
unique:
enabled: false
numberOfDigits: 0
separator: string
strategy: string
webauthnConfiguration:
bootstrapWorkflow:
authenticatorAttachmentPreference: string
enabled: false
userVerificationRequirement: string
debug: false
enabled: false
reauthenticationWorkflow:
authenticatorAttachmentPreference: string
enabled: false
userVerificationRequirement: string
relyingPartyId: string
relyingPartyName: string
webhookIds:
- string
FusionAuthTenant Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The FusionAuthTenant resource accepts the following input properties:
- Access
Control theogravity.Configuration Fusionauth. Inputs. Fusion Auth Tenant Access Control Configuration - Captcha
Configuration theogravity.Fusionauth. Inputs. Fusion Auth Tenant Captcha Configuration - Connector
Policies List<theogravity.Fusionauth. Inputs. Fusion Auth Tenant Connector Policy> - A list of Connector policies. Users will be authenticated against Connectors in order. Each Connector can be included in this list at most once and must exist.
- Data Dictionary<string, string>
- An object that can hold any information about the Tenant that should be persisted.
- Email
Configuration theogravity.Fusionauth. Inputs. Fusion Auth Tenant Email Configuration - The email configuration for the tenant.
- Event
Configurations List<theogravity.Fusionauth. Inputs. Fusion Auth Tenant Event Configuration> - External
Identifier theogravity.Configuration Fusionauth. Inputs. Fusion Auth Tenant External Identifier Configuration - Failed
Authentication theogravity.Configuration Fusionauth. Inputs. Fusion Auth Tenant Failed Authentication Configuration - Family
Configuration theogravity.Fusionauth. Inputs. Fusion Auth Tenant Family Configuration - Form
Configuration theogravity.Fusionauth. Inputs. Fusion Auth Tenant Form Configuration - Http
Session intMax Inactive Interval - Time in seconds until an inactive session will be invalidated. Used when creating a new session in the FusionAuth OAuth frontend.
- Issuer string
- The named issuer used to sign tokens, this is generally your public fully qualified domain.
- Jwt
Configurations List<theogravity.Fusionauth. Inputs. Fusion Auth Tenant Jwt Configuration> - The JWT configuration for the tenant.
- Lambda
Configuration theogravity.Fusionauth. Inputs. Fusion Auth Tenant Lambda Configuration - Lamnda configuration for this tenant.
- Login
Configuration theogravity.Fusionauth. Inputs. Fusion Auth Tenant Login Configuration - Logout
Url string - The logout redirect URL when sending the user’s browser to the /oauth2/logout URI of the FusionAuth Front End. This value is only used when a logout URL is not defined in your Application.
- Maximum
Password theogravity.Age Fusionauth. Inputs. Fusion Auth Tenant Maximum Password Age - Minimum
Password theogravity.Age Fusionauth. Inputs. Fusion Auth Tenant Minimum Password Age - Multi
Factor theogravity.Configuration Fusionauth. Inputs. Fusion Auth Tenant Multi Factor Configuration - Name string
- The unique name of the Tenant.
- Oauth
Configurations List<theogravity.Fusionauth. Inputs. Fusion Auth Tenant Oauth Configuration> - Password
Encryption List<theogravity.Configurations Fusionauth. Inputs. Fusion Auth Tenant Password Encryption Configuration> - Password
Validation theogravity.Rules Fusionauth. Inputs. Fusion Auth Tenant Password Validation Rules - Rate
Limit theogravity.Configuration Fusionauth. Inputs. Fusion Auth Tenant Rate Limit Configuration - Registration
Configuration theogravity.Fusionauth. Inputs. Fusion Auth Tenant Registration Configuration - Scim
Server theogravity.Configuration Fusionauth. Inputs. Fusion Auth Tenant Scim Server Configuration - Source
Tenant stringId - The optional Id of an existing Tenant to make a copy of. If present, the tenant.id and tenant.name values of the request body will be applied to the new Tenant, all other values will be copied from the source Tenant to the new Tenant.
- Sso
Configuration theogravity.Fusionauth. Inputs. Fusion Auth Tenant Sso Configuration - Tenant
Id string - The Id to use for the new Tenant. If not specified a secure random UUID will be generated.
- Theme
Id string - The unique Id of the theme to be used to style the login page and other end user templates.
- User
Delete theogravity.Policy Fusionauth. Inputs. Fusion Auth Tenant User Delete Policy - Username
Configuration theogravity.Fusionauth. Inputs. Fusion Auth Tenant Username Configuration - Webauthn
Configuration theogravity.Fusionauth. Inputs. Fusion Auth Tenant Webauthn Configuration - The WebAuthn configuration for this tenant.
- Webhook
Ids List<string> - An array of Webhook Ids. For Webhooks that are not already configured for All Tenants, specifying an Id on this request will indicate the associated Webhook should handle events for this tenant.
- Access
Control FusionConfiguration Auth Tenant Access Control Configuration Args - Captcha
Configuration FusionAuth Tenant Captcha Configuration Args - Connector
Policies []FusionAuth Tenant Connector Policy Args - A list of Connector policies. Users will be authenticated against Connectors in order. Each Connector can be included in this list at most once and must exist.
- Data map[string]string
- An object that can hold any information about the Tenant that should be persisted.
- Email
Configuration FusionAuth Tenant Email Configuration Args - The email configuration for the tenant.
- Event
Configurations []FusionAuth Tenant Event Configuration Args - External
Identifier FusionConfiguration Auth Tenant External Identifier Configuration Args - Failed
Authentication FusionConfiguration Auth Tenant Failed Authentication Configuration Args - Family
Configuration FusionAuth Tenant Family Configuration Args - Form
Configuration FusionAuth Tenant Form Configuration Args - Http
Session intMax Inactive Interval - Time in seconds until an inactive session will be invalidated. Used when creating a new session in the FusionAuth OAuth frontend.
- Issuer string
- The named issuer used to sign tokens, this is generally your public fully qualified domain.
- Jwt
Configurations []FusionAuth Tenant Jwt Configuration Args - The JWT configuration for the tenant.
- Lambda
Configuration FusionAuth Tenant Lambda Configuration Args - Lamnda configuration for this tenant.
- Login
Configuration FusionAuth Tenant Login Configuration Args - Logout
Url string - The logout redirect URL when sending the user’s browser to the /oauth2/logout URI of the FusionAuth Front End. This value is only used when a logout URL is not defined in your Application.
- Maximum
Password FusionAge Auth Tenant Maximum Password Age Args - Minimum
Password FusionAge Auth Tenant Minimum Password Age Args - Multi
Factor FusionConfiguration Auth Tenant Multi Factor Configuration Args - Name string
- The unique name of the Tenant.
- Oauth
Configurations []FusionAuth Tenant Oauth Configuration Args - Password
Encryption []FusionConfigurations Auth Tenant Password Encryption Configuration Args - Password
Validation FusionRules Auth Tenant Password Validation Rules Args - Rate
Limit FusionConfiguration Auth Tenant Rate Limit Configuration Args - Registration
Configuration FusionAuth Tenant Registration Configuration Args - Scim
Server FusionConfiguration Auth Tenant Scim Server Configuration Args - Source
Tenant stringId - The optional Id of an existing Tenant to make a copy of. If present, the tenant.id and tenant.name values of the request body will be applied to the new Tenant, all other values will be copied from the source Tenant to the new Tenant.
- Sso
Configuration FusionAuth Tenant Sso Configuration Args - Tenant
Id string - The Id to use for the new Tenant. If not specified a secure random UUID will be generated.
- Theme
Id string - The unique Id of the theme to be used to style the login page and other end user templates.
- User
Delete FusionPolicy Auth Tenant User Delete Policy Args - Username
Configuration FusionAuth Tenant Username Configuration Args - Webauthn
Configuration FusionAuth Tenant Webauthn Configuration Args - The WebAuthn configuration for this tenant.
- Webhook
Ids []string - An array of Webhook Ids. For Webhooks that are not already configured for All Tenants, specifying an Id on this request will indicate the associated Webhook should handle events for this tenant.
- access
Control FusionConfiguration Auth Tenant Access Control Configuration - captcha
Configuration FusionAuth Tenant Captcha Configuration - connector
Policies List<FusionAuth Tenant Connector Policy> - A list of Connector policies. Users will be authenticated against Connectors in order. Each Connector can be included in this list at most once and must exist.
- data Map<String,String>
- An object that can hold any information about the Tenant that should be persisted.
- email
Configuration FusionAuth Tenant Email Configuration - The email configuration for the tenant.
- event
Configurations List<FusionAuth Tenant Event Configuration> - external
Identifier FusionConfiguration Auth Tenant External Identifier Configuration - failed
Authentication FusionConfiguration Auth Tenant Failed Authentication Configuration - family
Configuration FusionAuth Tenant Family Configuration - form
Configuration FusionAuth Tenant Form Configuration - http
Session IntegerMax Inactive Interval - Time in seconds until an inactive session will be invalidated. Used when creating a new session in the FusionAuth OAuth frontend.
- issuer String
- The named issuer used to sign tokens, this is generally your public fully qualified domain.
- jwt
Configurations List<FusionAuth Tenant Jwt Configuration> - The JWT configuration for the tenant.
- lambda
Configuration FusionAuth Tenant Lambda Configuration - Lamnda configuration for this tenant.
- login
Configuration FusionAuth Tenant Login Configuration - logout
Url String - The logout redirect URL when sending the user’s browser to the /oauth2/logout URI of the FusionAuth Front End. This value is only used when a logout URL is not defined in your Application.
- maximum
Password FusionAge Auth Tenant Maximum Password Age - minimum
Password FusionAge Auth Tenant Minimum Password Age - multi
Factor FusionConfiguration Auth Tenant Multi Factor Configuration - name String
- The unique name of the Tenant.
- oauth
Configurations List<FusionAuth Tenant Oauth Configuration> - password
Encryption List<FusionConfigurations Auth Tenant Password Encryption Configuration> - password
Validation FusionRules Auth Tenant Password Validation Rules - rate
Limit FusionConfiguration Auth Tenant Rate Limit Configuration - registration
Configuration FusionAuth Tenant Registration Configuration - scim
Server FusionConfiguration Auth Tenant Scim Server Configuration - source
Tenant StringId - The optional Id of an existing Tenant to make a copy of. If present, the tenant.id and tenant.name values of the request body will be applied to the new Tenant, all other values will be copied from the source Tenant to the new Tenant.
- sso
Configuration FusionAuth Tenant Sso Configuration - tenant
Id String - The Id to use for the new Tenant. If not specified a secure random UUID will be generated.
- theme
Id String - The unique Id of the theme to be used to style the login page and other end user templates.
- user
Delete FusionPolicy Auth Tenant User Delete Policy - username
Configuration FusionAuth Tenant Username Configuration - webauthn
Configuration FusionAuth Tenant Webauthn Configuration - The WebAuthn configuration for this tenant.
- webhook
Ids List<String> - An array of Webhook Ids. For Webhooks that are not already configured for All Tenants, specifying an Id on this request will indicate the associated Webhook should handle events for this tenant.
- access
Control FusionConfiguration Auth Tenant Access Control Configuration - captcha
Configuration FusionAuth Tenant Captcha Configuration - connector
Policies FusionAuth Tenant Connector Policy[] - A list of Connector policies. Users will be authenticated against Connectors in order. Each Connector can be included in this list at most once and must exist.
- data {[key: string]: string}
- An object that can hold any information about the Tenant that should be persisted.
- email
Configuration FusionAuth Tenant Email Configuration - The email configuration for the tenant.
- event
Configurations FusionAuth Tenant Event Configuration[] - external
Identifier FusionConfiguration Auth Tenant External Identifier Configuration - failed
Authentication FusionConfiguration Auth Tenant Failed Authentication Configuration - family
Configuration FusionAuth Tenant Family Configuration - form
Configuration FusionAuth Tenant Form Configuration - http
Session numberMax Inactive Interval - Time in seconds until an inactive session will be invalidated. Used when creating a new session in the FusionAuth OAuth frontend.
- issuer string
- The named issuer used to sign tokens, this is generally your public fully qualified domain.
- jwt
Configurations FusionAuth Tenant Jwt Configuration[] - The JWT configuration for the tenant.
- lambda
Configuration FusionAuth Tenant Lambda Configuration - Lamnda configuration for this tenant.
- login
Configuration FusionAuth Tenant Login Configuration - logout
Url string - The logout redirect URL when sending the user’s browser to the /oauth2/logout URI of the FusionAuth Front End. This value is only used when a logout URL is not defined in your Application.
- maximum
Password FusionAge Auth Tenant Maximum Password Age - minimum
Password FusionAge Auth Tenant Minimum Password Age - multi
Factor FusionConfiguration Auth Tenant Multi Factor Configuration - name string
- The unique name of the Tenant.
- oauth
Configurations FusionAuth Tenant Oauth Configuration[] - password
Encryption FusionConfigurations Auth Tenant Password Encryption Configuration[] - password
Validation FusionRules Auth Tenant Password Validation Rules - rate
Limit FusionConfiguration Auth Tenant Rate Limit Configuration - registration
Configuration FusionAuth Tenant Registration Configuration - scim
Server FusionConfiguration Auth Tenant Scim Server Configuration - source
Tenant stringId - The optional Id of an existing Tenant to make a copy of. If present, the tenant.id and tenant.name values of the request body will be applied to the new Tenant, all other values will be copied from the source Tenant to the new Tenant.
- sso
Configuration FusionAuth Tenant Sso Configuration - tenant
Id string - The Id to use for the new Tenant. If not specified a secure random UUID will be generated.
- theme
Id string - The unique Id of the theme to be used to style the login page and other end user templates.
- user
Delete FusionPolicy Auth Tenant User Delete Policy - username
Configuration FusionAuth Tenant Username Configuration - webauthn
Configuration FusionAuth Tenant Webauthn Configuration - The WebAuthn configuration for this tenant.
- webhook
Ids string[] - An array of Webhook Ids. For Webhooks that are not already configured for All Tenants, specifying an Id on this request will indicate the associated Webhook should handle events for this tenant.
- access_
control_ Fusionconfiguration Auth Tenant Access Control Configuration Args - captcha_
configuration FusionAuth Tenant Captcha Configuration Args - connector_
policies Sequence[FusionAuth Tenant Connector Policy Args] - A list of Connector policies. Users will be authenticated against Connectors in order. Each Connector can be included in this list at most once and must exist.
- data Mapping[str, str]
- An object that can hold any information about the Tenant that should be persisted.
- email_
configuration FusionAuth Tenant Email Configuration Args - The email configuration for the tenant.
- event_
configurations Sequence[FusionAuth Tenant Event Configuration Args] - external_
identifier_ Fusionconfiguration Auth Tenant External Identifier Configuration Args - failed_
authentication_ Fusionconfiguration Auth Tenant Failed Authentication Configuration Args - family_
configuration FusionAuth Tenant Family Configuration Args - form_
configuration FusionAuth Tenant Form Configuration Args - http_
session_ intmax_ inactive_ interval - Time in seconds until an inactive session will be invalidated. Used when creating a new session in the FusionAuth OAuth frontend.
- issuer str
- The named issuer used to sign tokens, this is generally your public fully qualified domain.
- jwt_
configurations Sequence[FusionAuth Tenant Jwt Configuration Args] - The JWT configuration for the tenant.
- lambda_
configuration FusionAuth Tenant Lambda Configuration Args - Lamnda configuration for this tenant.
- login_
configuration FusionAuth Tenant Login Configuration Args - logout_
url str - The logout redirect URL when sending the user’s browser to the /oauth2/logout URI of the FusionAuth Front End. This value is only used when a logout URL is not defined in your Application.
- maximum_
password_ Fusionage Auth Tenant Maximum Password Age Args - minimum_
password_ Fusionage Auth Tenant Minimum Password Age Args - multi_
factor_ Fusionconfiguration Auth Tenant Multi Factor Configuration Args - name str
- The unique name of the Tenant.
- oauth_
configurations Sequence[FusionAuth Tenant Oauth Configuration Args] - password_
encryption_ Sequence[Fusionconfigurations Auth Tenant Password Encryption Configuration Args] - password_
validation_ Fusionrules Auth Tenant Password Validation Rules Args - rate_
limit_ Fusionconfiguration Auth Tenant Rate Limit Configuration Args - registration_
configuration FusionAuth Tenant Registration Configuration Args - scim_
server_ Fusionconfiguration Auth Tenant Scim Server Configuration Args - source_
tenant_ strid - The optional Id of an existing Tenant to make a copy of. If present, the tenant.id and tenant.name values of the request body will be applied to the new Tenant, all other values will be copied from the source Tenant to the new Tenant.
- sso_
configuration FusionAuth Tenant Sso Configuration Args - tenant_
id str - The Id to use for the new Tenant. If not specified a secure random UUID will be generated.
- theme_
id str - The unique Id of the theme to be used to style the login page and other end user templates.
- user_
delete_ Fusionpolicy Auth Tenant User Delete Policy Args - username_
configuration FusionAuth Tenant Username Configuration Args - webauthn_
configuration FusionAuth Tenant Webauthn Configuration Args - The WebAuthn configuration for this tenant.
- webhook_
ids Sequence[str] - An array of Webhook Ids. For Webhooks that are not already configured for All Tenants, specifying an Id on this request will indicate the associated Webhook should handle events for this tenant.
- access
Control Property MapConfiguration - captcha
Configuration Property Map - connector
Policies List<Property Map> - A list of Connector policies. Users will be authenticated against Connectors in order. Each Connector can be included in this list at most once and must exist.
- data Map<String>
- An object that can hold any information about the Tenant that should be persisted.
- email
Configuration Property Map - The email configuration for the tenant.
- event
Configurations List<Property Map> - external
Identifier Property MapConfiguration - failed
Authentication Property MapConfiguration - family
Configuration Property Map - form
Configuration Property Map - http
Session NumberMax Inactive Interval - Time in seconds until an inactive session will be invalidated. Used when creating a new session in the FusionAuth OAuth frontend.
- issuer String
- The named issuer used to sign tokens, this is generally your public fully qualified domain.
- jwt
Configurations List<Property Map> - The JWT configuration for the tenant.
- lambda
Configuration Property Map - Lamnda configuration for this tenant.
- login
Configuration Property Map - logout
Url String - The logout redirect URL when sending the user’s browser to the /oauth2/logout URI of the FusionAuth Front End. This value is only used when a logout URL is not defined in your Application.
- maximum
Password Property MapAge - minimum
Password Property MapAge - multi
Factor Property MapConfiguration - name String
- The unique name of the Tenant.
- oauth
Configurations List<Property Map> - password
Encryption List<Property Map>Configurations - password
Validation Property MapRules - rate
Limit Property MapConfiguration - registration
Configuration Property Map - scim
Server Property MapConfiguration - source
Tenant StringId - The optional Id of an existing Tenant to make a copy of. If present, the tenant.id and tenant.name values of the request body will be applied to the new Tenant, all other values will be copied from the source Tenant to the new Tenant.
- sso
Configuration Property Map - tenant
Id String - The Id to use for the new Tenant. If not specified a secure random UUID will be generated.
- theme
Id String - The unique Id of the theme to be used to style the login page and other end user templates.
- user
Delete Property MapPolicy - username
Configuration Property Map - webauthn
Configuration Property Map - The WebAuthn configuration for this tenant.
- webhook
Ids List<String> - An array of Webhook Ids. For Webhooks that are not already configured for All Tenants, specifying an Id on this request will indicate the associated Webhook should handle events for this tenant.
Outputs
All input properties are implicitly available as output properties. Additionally, the FusionAuthTenant resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing FusionAuthTenant Resource
Get an existing FusionAuthTenant resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: FusionAuthTenantState, opts?: CustomResourceOptions): FusionAuthTenant@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
access_control_configuration: Optional[FusionAuthTenantAccessControlConfigurationArgs] = None,
captcha_configuration: Optional[FusionAuthTenantCaptchaConfigurationArgs] = None,
connector_policies: Optional[Sequence[FusionAuthTenantConnectorPolicyArgs]] = None,
data: Optional[Mapping[str, str]] = None,
email_configuration: Optional[FusionAuthTenantEmailConfigurationArgs] = None,
event_configurations: Optional[Sequence[FusionAuthTenantEventConfigurationArgs]] = None,
external_identifier_configuration: Optional[FusionAuthTenantExternalIdentifierConfigurationArgs] = None,
failed_authentication_configuration: Optional[FusionAuthTenantFailedAuthenticationConfigurationArgs] = None,
family_configuration: Optional[FusionAuthTenantFamilyConfigurationArgs] = None,
form_configuration: Optional[FusionAuthTenantFormConfigurationArgs] = None,
http_session_max_inactive_interval: Optional[int] = None,
issuer: Optional[str] = None,
jwt_configurations: Optional[Sequence[FusionAuthTenantJwtConfigurationArgs]] = None,
lambda_configuration: Optional[FusionAuthTenantLambdaConfigurationArgs] = None,
login_configuration: Optional[FusionAuthTenantLoginConfigurationArgs] = None,
logout_url: Optional[str] = None,
maximum_password_age: Optional[FusionAuthTenantMaximumPasswordAgeArgs] = None,
minimum_password_age: Optional[FusionAuthTenantMinimumPasswordAgeArgs] = None,
multi_factor_configuration: Optional[FusionAuthTenantMultiFactorConfigurationArgs] = None,
name: Optional[str] = None,
oauth_configurations: Optional[Sequence[FusionAuthTenantOauthConfigurationArgs]] = None,
password_encryption_configurations: Optional[Sequence[FusionAuthTenantPasswordEncryptionConfigurationArgs]] = None,
password_validation_rules: Optional[FusionAuthTenantPasswordValidationRulesArgs] = None,
rate_limit_configuration: Optional[FusionAuthTenantRateLimitConfigurationArgs] = None,
registration_configuration: Optional[FusionAuthTenantRegistrationConfigurationArgs] = None,
scim_server_configuration: Optional[FusionAuthTenantScimServerConfigurationArgs] = None,
source_tenant_id: Optional[str] = None,
sso_configuration: Optional[FusionAuthTenantSsoConfigurationArgs] = None,
tenant_id: Optional[str] = None,
theme_id: Optional[str] = None,
user_delete_policy: Optional[FusionAuthTenantUserDeletePolicyArgs] = None,
username_configuration: Optional[FusionAuthTenantUsernameConfigurationArgs] = None,
webauthn_configuration: Optional[FusionAuthTenantWebauthnConfigurationArgs] = None,
webhook_ids: Optional[Sequence[str]] = None) -> FusionAuthTenantfunc GetFusionAuthTenant(ctx *Context, name string, id IDInput, state *FusionAuthTenantState, opts ...ResourceOption) (*FusionAuthTenant, error)public static FusionAuthTenant Get(string name, Input<string> id, FusionAuthTenantState? state, CustomResourceOptions? opts = null)public static FusionAuthTenant get(String name, Output<String> id, FusionAuthTenantState state, CustomResourceOptions options)resources: _: type: fusionauth:FusionAuthTenant get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Access
Control theogravity.Configuration Fusionauth. Inputs. Fusion Auth Tenant Access Control Configuration - Captcha
Configuration theogravity.Fusionauth. Inputs. Fusion Auth Tenant Captcha Configuration - Connector
Policies List<theogravity.Fusionauth. Inputs. Fusion Auth Tenant Connector Policy> - A list of Connector policies. Users will be authenticated against Connectors in order. Each Connector can be included in this list at most once and must exist.
- Data Dictionary<string, string>
- An object that can hold any information about the Tenant that should be persisted.
- Email
Configuration theogravity.Fusionauth. Inputs. Fusion Auth Tenant Email Configuration - The email configuration for the tenant.
- Event
Configurations List<theogravity.Fusionauth. Inputs. Fusion Auth Tenant Event Configuration> - External
Identifier theogravity.Configuration Fusionauth. Inputs. Fusion Auth Tenant External Identifier Configuration - Failed
Authentication theogravity.Configuration Fusionauth. Inputs. Fusion Auth Tenant Failed Authentication Configuration - Family
Configuration theogravity.Fusionauth. Inputs. Fusion Auth Tenant Family Configuration - Form
Configuration theogravity.Fusionauth. Inputs. Fusion Auth Tenant Form Configuration - Http
Session intMax Inactive Interval - Time in seconds until an inactive session will be invalidated. Used when creating a new session in the FusionAuth OAuth frontend.
- Issuer string
- The named issuer used to sign tokens, this is generally your public fully qualified domain.
- Jwt
Configurations List<theogravity.Fusionauth. Inputs. Fusion Auth Tenant Jwt Configuration> - The JWT configuration for the tenant.
- Lambda
Configuration theogravity.Fusionauth. Inputs. Fusion Auth Tenant Lambda Configuration - Lamnda configuration for this tenant.
- Login
Configuration theogravity.Fusionauth. Inputs. Fusion Auth Tenant Login Configuration - Logout
Url string - The logout redirect URL when sending the user’s browser to the /oauth2/logout URI of the FusionAuth Front End. This value is only used when a logout URL is not defined in your Application.
- Maximum
Password theogravity.Age Fusionauth. Inputs. Fusion Auth Tenant Maximum Password Age - Minimum
Password theogravity.Age Fusionauth. Inputs. Fusion Auth Tenant Minimum Password Age - Multi
Factor theogravity.Configuration Fusionauth. Inputs. Fusion Auth Tenant Multi Factor Configuration - Name string
- The unique name of the Tenant.
- Oauth
Configurations List<theogravity.Fusionauth. Inputs. Fusion Auth Tenant Oauth Configuration> - Password
Encryption List<theogravity.Configurations Fusionauth. Inputs. Fusion Auth Tenant Password Encryption Configuration> - Password
Validation theogravity.Rules Fusionauth. Inputs. Fusion Auth Tenant Password Validation Rules - Rate
Limit theogravity.Configuration Fusionauth. Inputs. Fusion Auth Tenant Rate Limit Configuration - Registration
Configuration theogravity.Fusionauth. Inputs. Fusion Auth Tenant Registration Configuration - Scim
Server theogravity.Configuration Fusionauth. Inputs. Fusion Auth Tenant Scim Server Configuration - Source
Tenant stringId - The optional Id of an existing Tenant to make a copy of. If present, the tenant.id and tenant.name values of the request body will be applied to the new Tenant, all other values will be copied from the source Tenant to the new Tenant.
- Sso
Configuration theogravity.Fusionauth. Inputs. Fusion Auth Tenant Sso Configuration - Tenant
Id string - The Id to use for the new Tenant. If not specified a secure random UUID will be generated.
- Theme
Id string - The unique Id of the theme to be used to style the login page and other end user templates.
- User
Delete theogravity.Policy Fusionauth. Inputs. Fusion Auth Tenant User Delete Policy - Username
Configuration theogravity.Fusionauth. Inputs. Fusion Auth Tenant Username Configuration - Webauthn
Configuration theogravity.Fusionauth. Inputs. Fusion Auth Tenant Webauthn Configuration - The WebAuthn configuration for this tenant.
- Webhook
Ids List<string> - An array of Webhook Ids. For Webhooks that are not already configured for All Tenants, specifying an Id on this request will indicate the associated Webhook should handle events for this tenant.
- Access
Control FusionConfiguration Auth Tenant Access Control Configuration Args - Captcha
Configuration FusionAuth Tenant Captcha Configuration Args - Connector
Policies []FusionAuth Tenant Connector Policy Args - A list of Connector policies. Users will be authenticated against Connectors in order. Each Connector can be included in this list at most once and must exist.
- Data map[string]string
- An object that can hold any information about the Tenant that should be persisted.
- Email
Configuration FusionAuth Tenant Email Configuration Args - The email configuration for the tenant.
- Event
Configurations []FusionAuth Tenant Event Configuration Args - External
Identifier FusionConfiguration Auth Tenant External Identifier Configuration Args - Failed
Authentication FusionConfiguration Auth Tenant Failed Authentication Configuration Args - Family
Configuration FusionAuth Tenant Family Configuration Args - Form
Configuration FusionAuth Tenant Form Configuration Args - Http
Session intMax Inactive Interval - Time in seconds until an inactive session will be invalidated. Used when creating a new session in the FusionAuth OAuth frontend.
- Issuer string
- The named issuer used to sign tokens, this is generally your public fully qualified domain.
- Jwt
Configurations []FusionAuth Tenant Jwt Configuration Args - The JWT configuration for the tenant.
- Lambda
Configuration FusionAuth Tenant Lambda Configuration Args - Lamnda configuration for this tenant.
- Login
Configuration FusionAuth Tenant Login Configuration Args - Logout
Url string - The logout redirect URL when sending the user’s browser to the /oauth2/logout URI of the FusionAuth Front End. This value is only used when a logout URL is not defined in your Application.
- Maximum
Password FusionAge Auth Tenant Maximum Password Age Args - Minimum
Password FusionAge Auth Tenant Minimum Password Age Args - Multi
Factor FusionConfiguration Auth Tenant Multi Factor Configuration Args - Name string
- The unique name of the Tenant.
- Oauth
Configurations []FusionAuth Tenant Oauth Configuration Args - Password
Encryption []FusionConfigurations Auth Tenant Password Encryption Configuration Args - Password
Validation FusionRules Auth Tenant Password Validation Rules Args - Rate
Limit FusionConfiguration Auth Tenant Rate Limit Configuration Args - Registration
Configuration FusionAuth Tenant Registration Configuration Args - Scim
Server FusionConfiguration Auth Tenant Scim Server Configuration Args - Source
Tenant stringId - The optional Id of an existing Tenant to make a copy of. If present, the tenant.id and tenant.name values of the request body will be applied to the new Tenant, all other values will be copied from the source Tenant to the new Tenant.
- Sso
Configuration FusionAuth Tenant Sso Configuration Args - Tenant
Id string - The Id to use for the new Tenant. If not specified a secure random UUID will be generated.
- Theme
Id string - The unique Id of the theme to be used to style the login page and other end user templates.
- User
Delete FusionPolicy Auth Tenant User Delete Policy Args - Username
Configuration FusionAuth Tenant Username Configuration Args - Webauthn
Configuration FusionAuth Tenant Webauthn Configuration Args - The WebAuthn configuration for this tenant.
- Webhook
Ids []string - An array of Webhook Ids. For Webhooks that are not already configured for All Tenants, specifying an Id on this request will indicate the associated Webhook should handle events for this tenant.
- access
Control FusionConfiguration Auth Tenant Access Control Configuration - captcha
Configuration FusionAuth Tenant Captcha Configuration - connector
Policies List<FusionAuth Tenant Connector Policy> - A list of Connector policies. Users will be authenticated against Connectors in order. Each Connector can be included in this list at most once and must exist.
- data Map<String,String>
- An object that can hold any information about the Tenant that should be persisted.
- email
Configuration FusionAuth Tenant Email Configuration - The email configuration for the tenant.
- event
Configurations List<FusionAuth Tenant Event Configuration> - external
Identifier FusionConfiguration Auth Tenant External Identifier Configuration - failed
Authentication FusionConfiguration Auth Tenant Failed Authentication Configuration - family
Configuration FusionAuth Tenant Family Configuration - form
Configuration FusionAuth Tenant Form Configuration - http
Session IntegerMax Inactive Interval - Time in seconds until an inactive session will be invalidated. Used when creating a new session in the FusionAuth OAuth frontend.
- issuer String
- The named issuer used to sign tokens, this is generally your public fully qualified domain.
- jwt
Configurations List<FusionAuth Tenant Jwt Configuration> - The JWT configuration for the tenant.
- lambda
Configuration FusionAuth Tenant Lambda Configuration - Lamnda configuration for this tenant.
- login
Configuration FusionAuth Tenant Login Configuration - logout
Url String - The logout redirect URL when sending the user’s browser to the /oauth2/logout URI of the FusionAuth Front End. This value is only used when a logout URL is not defined in your Application.
- maximum
Password FusionAge Auth Tenant Maximum Password Age - minimum
Password FusionAge Auth Tenant Minimum Password Age - multi
Factor FusionConfiguration Auth Tenant Multi Factor Configuration - name String
- The unique name of the Tenant.
- oauth
Configurations List<FusionAuth Tenant Oauth Configuration> - password
Encryption List<FusionConfigurations Auth Tenant Password Encryption Configuration> - password
Validation FusionRules Auth Tenant Password Validation Rules - rate
Limit FusionConfiguration Auth Tenant Rate Limit Configuration - registration
Configuration FusionAuth Tenant Registration Configuration - scim
Server FusionConfiguration Auth Tenant Scim Server Configuration - source
Tenant StringId - The optional Id of an existing Tenant to make a copy of. If present, the tenant.id and tenant.name values of the request body will be applied to the new Tenant, all other values will be copied from the source Tenant to the new Tenant.
- sso
Configuration FusionAuth Tenant Sso Configuration - tenant
Id String - The Id to use for the new Tenant. If not specified a secure random UUID will be generated.
- theme
Id String - The unique Id of the theme to be used to style the login page and other end user templates.
- user
Delete FusionPolicy Auth Tenant User Delete Policy - username
Configuration FusionAuth Tenant Username Configuration - webauthn
Configuration FusionAuth Tenant Webauthn Configuration - The WebAuthn configuration for this tenant.
- webhook
Ids List<String> - An array of Webhook Ids. For Webhooks that are not already configured for All Tenants, specifying an Id on this request will indicate the associated Webhook should handle events for this tenant.
- access
Control FusionConfiguration Auth Tenant Access Control Configuration - captcha
Configuration FusionAuth Tenant Captcha Configuration - connector
Policies FusionAuth Tenant Connector Policy[] - A list of Connector policies. Users will be authenticated against Connectors in order. Each Connector can be included in this list at most once and must exist.
- data {[key: string]: string}
- An object that can hold any information about the Tenant that should be persisted.
- email
Configuration FusionAuth Tenant Email Configuration - The email configuration for the tenant.
- event
Configurations FusionAuth Tenant Event Configuration[] - external
Identifier FusionConfiguration Auth Tenant External Identifier Configuration - failed
Authentication FusionConfiguration Auth Tenant Failed Authentication Configuration - family
Configuration FusionAuth Tenant Family Configuration - form
Configuration FusionAuth Tenant Form Configuration - http
Session numberMax Inactive Interval - Time in seconds until an inactive session will be invalidated. Used when creating a new session in the FusionAuth OAuth frontend.
- issuer string
- The named issuer used to sign tokens, this is generally your public fully qualified domain.
- jwt
Configurations FusionAuth Tenant Jwt Configuration[] - The JWT configuration for the tenant.
- lambda
Configuration FusionAuth Tenant Lambda Configuration - Lamnda configuration for this tenant.
- login
Configuration FusionAuth Tenant Login Configuration - logout
Url string - The logout redirect URL when sending the user’s browser to the /oauth2/logout URI of the FusionAuth Front End. This value is only used when a logout URL is not defined in your Application.
- maximum
Password FusionAge Auth Tenant Maximum Password Age - minimum
Password FusionAge Auth Tenant Minimum Password Age - multi
Factor FusionConfiguration Auth Tenant Multi Factor Configuration - name string
- The unique name of the Tenant.
- oauth
Configurations FusionAuth Tenant Oauth Configuration[] - password
Encryption FusionConfigurations Auth Tenant Password Encryption Configuration[] - password
Validation FusionRules Auth Tenant Password Validation Rules - rate
Limit FusionConfiguration Auth Tenant Rate Limit Configuration - registration
Configuration FusionAuth Tenant Registration Configuration - scim
Server FusionConfiguration Auth Tenant Scim Server Configuration - source
Tenant stringId - The optional Id of an existing Tenant to make a copy of. If present, the tenant.id and tenant.name values of the request body will be applied to the new Tenant, all other values will be copied from the source Tenant to the new Tenant.
- sso
Configuration FusionAuth Tenant Sso Configuration - tenant
Id string - The Id to use for the new Tenant. If not specified a secure random UUID will be generated.
- theme
Id string - The unique Id of the theme to be used to style the login page and other end user templates.
- user
Delete FusionPolicy Auth Tenant User Delete Policy - username
Configuration FusionAuth Tenant Username Configuration - webauthn
Configuration FusionAuth Tenant Webauthn Configuration - The WebAuthn configuration for this tenant.
- webhook
Ids string[] - An array of Webhook Ids. For Webhooks that are not already configured for All Tenants, specifying an Id on this request will indicate the associated Webhook should handle events for this tenant.
- access_
control_ Fusionconfiguration Auth Tenant Access Control Configuration Args - captcha_
configuration FusionAuth Tenant Captcha Configuration Args - connector_
policies Sequence[FusionAuth Tenant Connector Policy Args] - A list of Connector policies. Users will be authenticated against Connectors in order. Each Connector can be included in this list at most once and must exist.
- data Mapping[str, str]
- An object that can hold any information about the Tenant that should be persisted.
- email_
configuration FusionAuth Tenant Email Configuration Args - The email configuration for the tenant.
- event_
configurations Sequence[FusionAuth Tenant Event Configuration Args] - external_
identifier_ Fusionconfiguration Auth Tenant External Identifier Configuration Args - failed_
authentication_ Fusionconfiguration Auth Tenant Failed Authentication Configuration Args - family_
configuration FusionAuth Tenant Family Configuration Args - form_
configuration FusionAuth Tenant Form Configuration Args - http_
session_ intmax_ inactive_ interval - Time in seconds until an inactive session will be invalidated. Used when creating a new session in the FusionAuth OAuth frontend.
- issuer str
- The named issuer used to sign tokens, this is generally your public fully qualified domain.
- jwt_
configurations Sequence[FusionAuth Tenant Jwt Configuration Args] - The JWT configuration for the tenant.
- lambda_
configuration FusionAuth Tenant Lambda Configuration Args - Lamnda configuration for this tenant.
- login_
configuration FusionAuth Tenant Login Configuration Args - logout_
url str - The logout redirect URL when sending the user’s browser to the /oauth2/logout URI of the FusionAuth Front End. This value is only used when a logout URL is not defined in your Application.
- maximum_
password_ Fusionage Auth Tenant Maximum Password Age Args - minimum_
password_ Fusionage Auth Tenant Minimum Password Age Args - multi_
factor_ Fusionconfiguration Auth Tenant Multi Factor Configuration Args - name str
- The unique name of the Tenant.
- oauth_
configurations Sequence[FusionAuth Tenant Oauth Configuration Args] - password_
encryption_ Sequence[Fusionconfigurations Auth Tenant Password Encryption Configuration Args] - password_
validation_ Fusionrules Auth Tenant Password Validation Rules Args - rate_
limit_ Fusionconfiguration Auth Tenant Rate Limit Configuration Args - registration_
configuration FusionAuth Tenant Registration Configuration Args - scim_
server_ Fusionconfiguration Auth Tenant Scim Server Configuration Args - source_
tenant_ strid - The optional Id of an existing Tenant to make a copy of. If present, the tenant.id and tenant.name values of the request body will be applied to the new Tenant, all other values will be copied from the source Tenant to the new Tenant.
- sso_
configuration FusionAuth Tenant Sso Configuration Args - tenant_
id str - The Id to use for the new Tenant. If not specified a secure random UUID will be generated.
- theme_
id str - The unique Id of the theme to be used to style the login page and other end user templates.
- user_
delete_ Fusionpolicy Auth Tenant User Delete Policy Args - username_
configuration FusionAuth Tenant Username Configuration Args - webauthn_
configuration FusionAuth Tenant Webauthn Configuration Args - The WebAuthn configuration for this tenant.
- webhook_
ids Sequence[str] - An array of Webhook Ids. For Webhooks that are not already configured for All Tenants, specifying an Id on this request will indicate the associated Webhook should handle events for this tenant.
- access
Control Property MapConfiguration - captcha
Configuration Property Map - connector
Policies List<Property Map> - A list of Connector policies. Users will be authenticated against Connectors in order. Each Connector can be included in this list at most once and must exist.
- data Map<String>
- An object that can hold any information about the Tenant that should be persisted.
- email
Configuration Property Map - The email configuration for the tenant.
- event
Configurations List<Property Map> - external
Identifier Property MapConfiguration - failed
Authentication Property MapConfiguration - family
Configuration Property Map - form
Configuration Property Map - http
Session NumberMax Inactive Interval - Time in seconds until an inactive session will be invalidated. Used when creating a new session in the FusionAuth OAuth frontend.
- issuer String
- The named issuer used to sign tokens, this is generally your public fully qualified domain.
- jwt
Configurations List<Property Map> - The JWT configuration for the tenant.
- lambda
Configuration Property Map - Lamnda configuration for this tenant.
- login
Configuration Property Map - logout
Url String - The logout redirect URL when sending the user’s browser to the /oauth2/logout URI of the FusionAuth Front End. This value is only used when a logout URL is not defined in your Application.
- maximum
Password Property MapAge - minimum
Password Property MapAge - multi
Factor Property MapConfiguration - name String
- The unique name of the Tenant.
- oauth
Configurations List<Property Map> - password
Encryption List<Property Map>Configurations - password
Validation Property MapRules - rate
Limit Property MapConfiguration - registration
Configuration Property Map - scim
Server Property MapConfiguration - source
Tenant StringId - The optional Id of an existing Tenant to make a copy of. If present, the tenant.id and tenant.name values of the request body will be applied to the new Tenant, all other values will be copied from the source Tenant to the new Tenant.
- sso
Configuration Property Map - tenant
Id String - The Id to use for the new Tenant. If not specified a secure random UUID will be generated.
- theme
Id String - The unique Id of the theme to be used to style the login page and other end user templates.
- user
Delete Property MapPolicy - username
Configuration Property Map - webauthn
Configuration Property Map - The WebAuthn configuration for this tenant.
- webhook
Ids List<String> - An array of Webhook Ids. For Webhooks that are not already configured for All Tenants, specifying an Id on this request will indicate the associated Webhook should handle events for this tenant.
Supporting Types
FusionAuthTenantAccessControlConfiguration, FusionAuthTenantAccessControlConfigurationArgs
- Ui
Ip stringAccess Control List Id - The Id of the IP Access Control List limiting access to all applications in this tenant.
- Ui
Ip stringAccess Control List Id - The Id of the IP Access Control List limiting access to all applications in this tenant.
- ui
Ip StringAccess Control List Id - The Id of the IP Access Control List limiting access to all applications in this tenant.
- ui
Ip stringAccess Control List Id - The Id of the IP Access Control List limiting access to all applications in this tenant.
- ui_
ip_ straccess_ control_ list_ id - The Id of the IP Access Control List limiting access to all applications in this tenant.
- ui
Ip StringAccess Control List Id - The Id of the IP Access Control List limiting access to all applications in this tenant.
FusionAuthTenantCaptchaConfiguration, FusionAuthTenantCaptchaConfigurationArgs
- Captcha
Method string - The type of captcha method to use. This field is required when tenant.captchaConfiguration.enabled is set to true.
- Enabled bool
- Whether captcha configuration is enabled.
- Secret
Key string - The secret key for this captcha method. This field is required when tenant.captchaConfiguration.enabled is set to true.
- Site
Key string - The site key for this captcha method. This field is required when tenant.captchaConfiguration.enabled is set to true.
- Threshold double
- The numeric threshold which separates a passing score from a failing one. This value only applies if using either the Google v3 or HCaptcha Enterprise method, otherwise this value is ignored.
- Captcha
Method string - The type of captcha method to use. This field is required when tenant.captchaConfiguration.enabled is set to true.
- Enabled bool
- Whether captcha configuration is enabled.
- Secret
Key string - The secret key for this captcha method. This field is required when tenant.captchaConfiguration.enabled is set to true.
- Site
Key string - The site key for this captcha method. This field is required when tenant.captchaConfiguration.enabled is set to true.
- Threshold float64
- The numeric threshold which separates a passing score from a failing one. This value only applies if using either the Google v3 or HCaptcha Enterprise method, otherwise this value is ignored.
- captcha
Method String - The type of captcha method to use. This field is required when tenant.captchaConfiguration.enabled is set to true.
- enabled Boolean
- Whether captcha configuration is enabled.
- secret
Key String - The secret key for this captcha method. This field is required when tenant.captchaConfiguration.enabled is set to true.
- site
Key String - The site key for this captcha method. This field is required when tenant.captchaConfiguration.enabled is set to true.
- threshold Double
- The numeric threshold which separates a passing score from a failing one. This value only applies if using either the Google v3 or HCaptcha Enterprise method, otherwise this value is ignored.
- captcha
Method string - The type of captcha method to use. This field is required when tenant.captchaConfiguration.enabled is set to true.
- enabled boolean
- Whether captcha configuration is enabled.
- secret
Key string - The secret key for this captcha method. This field is required when tenant.captchaConfiguration.enabled is set to true.
- site
Key string - The site key for this captcha method. This field is required when tenant.captchaConfiguration.enabled is set to true.
- threshold number
- The numeric threshold which separates a passing score from a failing one. This value only applies if using either the Google v3 or HCaptcha Enterprise method, otherwise this value is ignored.
- captcha_
method str - The type of captcha method to use. This field is required when tenant.captchaConfiguration.enabled is set to true.
- enabled bool
- Whether captcha configuration is enabled.
- secret_
key str - The secret key for this captcha method. This field is required when tenant.captchaConfiguration.enabled is set to true.
- site_
key str - The site key for this captcha method. This field is required when tenant.captchaConfiguration.enabled is set to true.
- threshold float
- The numeric threshold which separates a passing score from a failing one. This value only applies if using either the Google v3 or HCaptcha Enterprise method, otherwise this value is ignored.
- captcha
Method String - The type of captcha method to use. This field is required when tenant.captchaConfiguration.enabled is set to true.
- enabled Boolean
- Whether captcha configuration is enabled.
- secret
Key String - The secret key for this captcha method. This field is required when tenant.captchaConfiguration.enabled is set to true.
- site
Key String - The site key for this captcha method. This field is required when tenant.captchaConfiguration.enabled is set to true.
- threshold Number
- The numeric threshold which separates a passing score from a failing one. This value only applies if using either the Google v3 or HCaptcha Enterprise method, otherwise this value is ignored.
FusionAuthTenantConnectorPolicy, FusionAuthTenantConnectorPolicyArgs
- Connector
Id string - The identifier of the Connector to which this policy refers.
- Domains List<string>
- A list of email domains to which this connector should apply. A value of ["*"] indicates this connector applies to all users.
- Migrate bool
- If true, the user’s data will be migrated to FusionAuth at first successful authentication; subsequent authentications will occur against the FusionAuth datastore. If false, the Connector’s source will be treated as authoritative.
- Connector
Id string - The identifier of the Connector to which this policy refers.
- Domains []string
- A list of email domains to which this connector should apply. A value of ["*"] indicates this connector applies to all users.
- Migrate bool
- If true, the user’s data will be migrated to FusionAuth at first successful authentication; subsequent authentications will occur against the FusionAuth datastore. If false, the Connector’s source will be treated as authoritative.
- connector
Id String - The identifier of the Connector to which this policy refers.
- domains List<String>
- A list of email domains to which this connector should apply. A value of ["*"] indicates this connector applies to all users.
- migrate Boolean
- If true, the user’s data will be migrated to FusionAuth at first successful authentication; subsequent authentications will occur against the FusionAuth datastore. If false, the Connector’s source will be treated as authoritative.
- connector
Id string - The identifier of the Connector to which this policy refers.
- domains string[]
- A list of email domains to which this connector should apply. A value of ["*"] indicates this connector applies to all users.
- migrate boolean
- If true, the user’s data will be migrated to FusionAuth at first successful authentication; subsequent authentications will occur against the FusionAuth datastore. If false, the Connector’s source will be treated as authoritative.
- connector_
id str - The identifier of the Connector to which this policy refers.
- domains Sequence[str]
- A list of email domains to which this connector should apply. A value of ["*"] indicates this connector applies to all users.
- migrate bool
- If true, the user’s data will be migrated to FusionAuth at first successful authentication; subsequent authentications will occur against the FusionAuth datastore. If false, the Connector’s source will be treated as authoritative.
- connector
Id String - The identifier of the Connector to which this policy refers.
- domains List<String>
- A list of email domains to which this connector should apply. A value of ["*"] indicates this connector applies to all users.
- migrate Boolean
- If true, the user’s data will be migrated to FusionAuth at first successful authentication; subsequent authentications will occur against the FusionAuth datastore. If false, the Connector’s source will be treated as authoritative.
FusionAuthTenantEmailConfiguration, FusionAuthTenantEmailConfigurationArgs
- Additional
Headers Dictionary<string, string> - The additional SMTP headers to be added to each outgoing email. Each SMTP header consists of a name and a value.
- Debug bool
- Determines if debug should be enabled to create an event log to assist in debugging SMTP errors.
- Default
From stringEmail - The default email address that emails will be sent from when a from address is not provided on an individual email template. This is the address part email address (i.e. Jared Dunn jared@piedpiper.com).
- Default
From stringName - The default From Name used in sending emails when a from name is not provided on an individual email template. This is the display name part of the email address ( i.e. Jared Dunn jared@piedpiper.com).
- Email
Update stringEmail Template Id - The Id of the Email Template that is used when a user is sent a forgot password email.
- Email
Verified stringEmail Template Id - The Id of the Email Template used to verify user emails.
- Forgot
Password stringEmail Template Id - The Id of the Email Template that is used when a user is sent a forgot password email.
- Host string
- The host name of the SMTP server that FusionAuth will use.
- Implicit
Email boolVerification Allowed - When set to true, this allows email to be verified as a result of completing a similar email based workflow such as change password. When seto false, the user must explicitly complete the email verification workflow even if the user has already completed a similar email workflow such as change password.
- Login
Id stringIn Use On Create Email Template Id - The Id of the Email Template used to send emails to users when another user attempts to create an account with their login Id.
- Login
Id stringIn Use On Update Email Template Id - The Id of the Email Template used to send emails to users when another user attempts to create an account with their login Id.
- Login
New stringDevice Email Template Id - The Id of the Email Template used to send emails to users when they log in on a new device.
- Login
Suspicious stringEmail Template Id - The Id of the Email Template used to send emails to users when a suspicious login occurs.
- Password string
- An optional password FusionAuth will use to authenticate with the SMTP server.
- Password
Reset stringSuccess Email Template Id - The Id of the Email Template used to send emails to users when they have completed a 'forgot password' workflow and their password habeen reset.
- Password
Update stringEmail Template Id - The Id of the Email Template used to send emails to users when they have completed a 'forgot password' workflow and their password has been rese
- Passwordless
Email stringTemplate Id - The Id of the Passwordless Email Template.
- Port int
- The port of the SMTP server that FusionAuth will use.
- Properties string
- Additional Email Configuration in a properties file formatted String.
- Security string
- The type of security protocol FusionAuth will use when connecting to the SMTP server.
- Set
Password stringEmail Template Id - The Id of the Email Template that is used when a user had their account created for them and they must set their password manually and they are sent an email to set their password.
- Two
Factor stringMethod Add Email Template Id - The Id of the Email Template used to send emails to users when a MFA method has been added to their account.
- Two
Factor stringMethod Remove Email Template Id - The Id of the Email Template used to send emails to users when a MFA method has been removed from their account.
- Unverified
theogravity.
Fusionauth. Inputs. Fusion Auth Tenant Email Configuration Unverified - Username string
- An optional username FusionAuth will to authenticate with the SMTP server.
- Verification
Email stringTemplate Id - The Id of the Email Template that is used to send the verification emails to users. These emails are used to verify that a user’s email address ivalid. If either the verifyEmail or verifyEmailWhenChanged fields are true this field is required.
- Verification
Strategy string - The process by which the user will verify their email address. Possible values are
ClickableLinkorFormField. - Verify
Email bool - Whether the user’s email addresses are verified when the registers with your application.
- Verify
Email boolWhen Changed - Whether the user’s email addresses are verified when the user changes them.
- Additional
Headers map[string]string - The additional SMTP headers to be added to each outgoing email. Each SMTP header consists of a name and a value.
- Debug bool
- Determines if debug should be enabled to create an event log to assist in debugging SMTP errors.
- Default
From stringEmail - The default email address that emails will be sent from when a from address is not provided on an individual email template. This is the address part email address (i.e. Jared Dunn jared@piedpiper.com).
- Default
From stringName - The default From Name used in sending emails when a from name is not provided on an individual email template. This is the display name part of the email address ( i.e. Jared Dunn jared@piedpiper.com).
- Email
Update stringEmail Template Id - The Id of the Email Template that is used when a user is sent a forgot password email.
- Email
Verified stringEmail Template Id - The Id of the Email Template used to verify user emails.
- Forgot
Password stringEmail Template Id - The Id of the Email Template that is used when a user is sent a forgot password email.
- Host string
- The host name of the SMTP server that FusionAuth will use.
- Implicit
Email boolVerification Allowed - When set to true, this allows email to be verified as a result of completing a similar email based workflow such as change password. When seto false, the user must explicitly complete the email verification workflow even if the user has already completed a similar email workflow such as change password.
- Login
Id stringIn Use On Create Email Template Id - The Id of the Email Template used to send emails to users when another user attempts to create an account with their login Id.
- Login
Id stringIn Use On Update Email Template Id - The Id of the Email Template used to send emails to users when another user attempts to create an account with their login Id.
- Login
New stringDevice Email Template Id - The Id of the Email Template used to send emails to users when they log in on a new device.
- Login
Suspicious stringEmail Template Id - The Id of the Email Template used to send emails to users when a suspicious login occurs.
- Password string
- An optional password FusionAuth will use to authenticate with the SMTP server.
- Password
Reset stringSuccess Email Template Id - The Id of the Email Template used to send emails to users when they have completed a 'forgot password' workflow and their password habeen reset.
- Password
Update stringEmail Template Id - The Id of the Email Template used to send emails to users when they have completed a 'forgot password' workflow and their password has been rese
- Passwordless
Email stringTemplate Id - The Id of the Passwordless Email Template.
- Port int
- The port of the SMTP server that FusionAuth will use.
- Properties string
- Additional Email Configuration in a properties file formatted String.
- Security string
- The type of security protocol FusionAuth will use when connecting to the SMTP server.
- Set
Password stringEmail Template Id - The Id of the Email Template that is used when a user had their account created for them and they must set their password manually and they are sent an email to set their password.
- Two
Factor stringMethod Add Email Template Id - The Id of the Email Template used to send emails to users when a MFA method has been added to their account.
- Two
Factor stringMethod Remove Email Template Id - The Id of the Email Template used to send emails to users when a MFA method has been removed from their account.
- Unverified
Fusion
Auth Tenant Email Configuration Unverified - Username string
- An optional username FusionAuth will to authenticate with the SMTP server.
- Verification
Email stringTemplate Id - The Id of the Email Template that is used to send the verification emails to users. These emails are used to verify that a user’s email address ivalid. If either the verifyEmail or verifyEmailWhenChanged fields are true this field is required.
- Verification
Strategy string - The process by which the user will verify their email address. Possible values are
ClickableLinkorFormField. - Verify
Email bool - Whether the user’s email addresses are verified when the registers with your application.
- Verify
Email boolWhen Changed - Whether the user’s email addresses are verified when the user changes them.
- additional
Headers Map<String,String> - The additional SMTP headers to be added to each outgoing email. Each SMTP header consists of a name and a value.
- debug Boolean
- Determines if debug should be enabled to create an event log to assist in debugging SMTP errors.
- default
From StringEmail - The default email address that emails will be sent from when a from address is not provided on an individual email template. This is the address part email address (i.e. Jared Dunn jared@piedpiper.com).
- default
From StringName - The default From Name used in sending emails when a from name is not provided on an individual email template. This is the display name part of the email address ( i.e. Jared Dunn jared@piedpiper.com).
- email
Update StringEmail Template Id - The Id of the Email Template that is used when a user is sent a forgot password email.
- email
Verified StringEmail Template Id - The Id of the Email Template used to verify user emails.
- forgot
Password StringEmail Template Id - The Id of the Email Template that is used when a user is sent a forgot password email.
- host String
- The host name of the SMTP server that FusionAuth will use.
- implicit
Email BooleanVerification Allowed - When set to true, this allows email to be verified as a result of completing a similar email based workflow such as change password. When seto false, the user must explicitly complete the email verification workflow even if the user has already completed a similar email workflow such as change password.
- login
Id StringIn Use On Create Email Template Id - The Id of the Email Template used to send emails to users when another user attempts to create an account with their login Id.
- login
Id StringIn Use On Update Email Template Id - The Id of the Email Template used to send emails to users when another user attempts to create an account with their login Id.
- login
New StringDevice Email Template Id - The Id of the Email Template used to send emails to users when they log in on a new device.
- login
Suspicious StringEmail Template Id - The Id of the Email Template used to send emails to users when a suspicious login occurs.
- password String
- An optional password FusionAuth will use to authenticate with the SMTP server.
- password
Reset StringSuccess Email Template Id - The Id of the Email Template used to send emails to users when they have completed a 'forgot password' workflow and their password habeen reset.
- password
Update StringEmail Template Id - The Id of the Email Template used to send emails to users when they have completed a 'forgot password' workflow and their password has been rese
- passwordless
Email StringTemplate Id - The Id of the Passwordless Email Template.
- port Integer
- The port of the SMTP server that FusionAuth will use.
- properties String
- Additional Email Configuration in a properties file formatted String.
- security String
- The type of security protocol FusionAuth will use when connecting to the SMTP server.
- set
Password StringEmail Template Id - The Id of the Email Template that is used when a user had their account created for them and they must set their password manually and they are sent an email to set their password.
- two
Factor StringMethod Add Email Template Id - The Id of the Email Template used to send emails to users when a MFA method has been added to their account.
- two
Factor StringMethod Remove Email Template Id - The Id of the Email Template used to send emails to users when a MFA method has been removed from their account.
- unverified
Fusion
Auth Tenant Email Configuration Unverified - username String
- An optional username FusionAuth will to authenticate with the SMTP server.
- verification
Email StringTemplate Id - The Id of the Email Template that is used to send the verification emails to users. These emails are used to verify that a user’s email address ivalid. If either the verifyEmail or verifyEmailWhenChanged fields are true this field is required.
- verification
Strategy String - The process by which the user will verify their email address. Possible values are
ClickableLinkorFormField. - verify
Email Boolean - Whether the user’s email addresses are verified when the registers with your application.
- verify
Email BooleanWhen Changed - Whether the user’s email addresses are verified when the user changes them.
- additional
Headers {[key: string]: string} - The additional SMTP headers to be added to each outgoing email. Each SMTP header consists of a name and a value.
- debug boolean
- Determines if debug should be enabled to create an event log to assist in debugging SMTP errors.
- default
From stringEmail - The default email address that emails will be sent from when a from address is not provided on an individual email template. This is the address part email address (i.e. Jared Dunn jared@piedpiper.com).
- default
From stringName - The default From Name used in sending emails when a from name is not provided on an individual email template. This is the display name part of the email address ( i.e. Jared Dunn jared@piedpiper.com).
- email
Update stringEmail Template Id - The Id of the Email Template that is used when a user is sent a forgot password email.
- email
Verified stringEmail Template Id - The Id of the Email Template used to verify user emails.
- forgot
Password stringEmail Template Id - The Id of the Email Template that is used when a user is sent a forgot password email.
- host string
- The host name of the SMTP server that FusionAuth will use.
- implicit
Email booleanVerification Allowed - When set to true, this allows email to be verified as a result of completing a similar email based workflow such as change password. When seto false, the user must explicitly complete the email verification workflow even if the user has already completed a similar email workflow such as change password.
- login
Id stringIn Use On Create Email Template Id - The Id of the Email Template used to send emails to users when another user attempts to create an account with their login Id.
- login
Id stringIn Use On Update Email Template Id - The Id of the Email Template used to send emails to users when another user attempts to create an account with their login Id.
- login
New stringDevice Email Template Id - The Id of the Email Template used to send emails to users when they log in on a new device.
- login
Suspicious stringEmail Template Id - The Id of the Email Template used to send emails to users when a suspicious login occurs.
- password string
- An optional password FusionAuth will use to authenticate with the SMTP server.
- password
Reset stringSuccess Email Template Id - The Id of the Email Template used to send emails to users when they have completed a 'forgot password' workflow and their password habeen reset.
- password
Update stringEmail Template Id - The Id of the Email Template used to send emails to users when they have completed a 'forgot password' workflow and their password has been rese
- passwordless
Email stringTemplate Id - The Id of the Passwordless Email Template.
- port number
- The port of the SMTP server that FusionAuth will use.
- properties string
- Additional Email Configuration in a properties file formatted String.
- security string
- The type of security protocol FusionAuth will use when connecting to the SMTP server.
- set
Password stringEmail Template Id - The Id of the Email Template that is used when a user had their account created for them and they must set their password manually and they are sent an email to set their password.
- two
Factor stringMethod Add Email Template Id - The Id of the Email Template used to send emails to users when a MFA method has been added to their account.
- two
Factor stringMethod Remove Email Template Id - The Id of the Email Template used to send emails to users when a MFA method has been removed from their account.
- unverified
Fusion
Auth Tenant Email Configuration Unverified - username string
- An optional username FusionAuth will to authenticate with the SMTP server.
- verification
Email stringTemplate Id - The Id of the Email Template that is used to send the verification emails to users. These emails are used to verify that a user’s email address ivalid. If either the verifyEmail or verifyEmailWhenChanged fields are true this field is required.
- verification
Strategy string - The process by which the user will verify their email address. Possible values are
ClickableLinkorFormField. - verify
Email boolean - Whether the user’s email addresses are verified when the registers with your application.
- verify
Email booleanWhen Changed - Whether the user’s email addresses are verified when the user changes them.
- additional_
headers Mapping[str, str] - The additional SMTP headers to be added to each outgoing email. Each SMTP header consists of a name and a value.
- debug bool
- Determines if debug should be enabled to create an event log to assist in debugging SMTP errors.
- default_
from_ stremail - The default email address that emails will be sent from when a from address is not provided on an individual email template. This is the address part email address (i.e. Jared Dunn jared@piedpiper.com).
- default_
from_ strname - The default From Name used in sending emails when a from name is not provided on an individual email template. This is the display name part of the email address ( i.e. Jared Dunn jared@piedpiper.com).
- email_
update_ stremail_ template_ id - The Id of the Email Template that is used when a user is sent a forgot password email.
- email_
verified_ stremail_ template_ id - The Id of the Email Template used to verify user emails.
- forgot_
password_ stremail_ template_ id - The Id of the Email Template that is used when a user is sent a forgot password email.
- host str
- The host name of the SMTP server that FusionAuth will use.
- implicit_
email_ boolverification_ allowed - When set to true, this allows email to be verified as a result of completing a similar email based workflow such as change password. When seto false, the user must explicitly complete the email verification workflow even if the user has already completed a similar email workflow such as change password.
- login_
id_ strin_ use_ on_ create_ email_ template_ id - The Id of the Email Template used to send emails to users when another user attempts to create an account with their login Id.
- login_
id_ strin_ use_ on_ update_ email_ template_ id - The Id of the Email Template used to send emails to users when another user attempts to create an account with their login Id.
- login_
new_ strdevice_ email_ template_ id - The Id of the Email Template used to send emails to users when they log in on a new device.
- login_
suspicious_ stremail_ template_ id - The Id of the Email Template used to send emails to users when a suspicious login occurs.
- password str
- An optional password FusionAuth will use to authenticate with the SMTP server.
- password_
reset_ strsuccess_ email_ template_ id - The Id of the Email Template used to send emails to users when they have completed a 'forgot password' workflow and their password habeen reset.
- password_
update_ stremail_ template_ id - The Id of the Email Template used to send emails to users when they have completed a 'forgot password' workflow and their password has been rese
- passwordless_
email_ strtemplate_ id - The Id of the Passwordless Email Template.
- port int
- The port of the SMTP server that FusionAuth will use.
- properties str
- Additional Email Configuration in a properties file formatted String.
- security str
- The type of security protocol FusionAuth will use when connecting to the SMTP server.
- set_
password_ stremail_ template_ id - The Id of the Email Template that is used when a user had their account created for them and they must set their password manually and they are sent an email to set their password.
- two_
factor_ strmethod_ add_ email_ template_ id - The Id of the Email Template used to send emails to users when a MFA method has been added to their account.
- two_
factor_ strmethod_ remove_ email_ template_ id - The Id of the Email Template used to send emails to users when a MFA method has been removed from their account.
- unverified
Fusion
Auth Tenant Email Configuration Unverified - username str
- An optional username FusionAuth will to authenticate with the SMTP server.
- verification_
email_ strtemplate_ id - The Id of the Email Template that is used to send the verification emails to users. These emails are used to verify that a user’s email address ivalid. If either the verifyEmail or verifyEmailWhenChanged fields are true this field is required.
- verification_
strategy str - The process by which the user will verify their email address. Possible values are
ClickableLinkorFormField. - verify_
email bool - Whether the user’s email addresses are verified when the registers with your application.
- verify_
email_ boolwhen_ changed - Whether the user’s email addresses are verified when the user changes them.
- additional
Headers Map<String> - The additional SMTP headers to be added to each outgoing email. Each SMTP header consists of a name and a value.
- debug Boolean
- Determines if debug should be enabled to create an event log to assist in debugging SMTP errors.
- default
From StringEmail - The default email address that emails will be sent from when a from address is not provided on an individual email template. This is the address part email address (i.e. Jared Dunn jared@piedpiper.com).
- default
From StringName - The default From Name used in sending emails when a from name is not provided on an individual email template. This is the display name part of the email address ( i.e. Jared Dunn jared@piedpiper.com).
- email
Update StringEmail Template Id - The Id of the Email Template that is used when a user is sent a forgot password email.
- email
Verified StringEmail Template Id - The Id of the Email Template used to verify user emails.
- forgot
Password StringEmail Template Id - The Id of the Email Template that is used when a user is sent a forgot password email.
- host String
- The host name of the SMTP server that FusionAuth will use.
- implicit
Email BooleanVerification Allowed - When set to true, this allows email to be verified as a result of completing a similar email based workflow such as change password. When seto false, the user must explicitly complete the email verification workflow even if the user has already completed a similar email workflow such as change password.
- login
Id StringIn Use On Create Email Template Id - The Id of the Email Template used to send emails to users when another user attempts to create an account with their login Id.
- login
Id StringIn Use On Update Email Template Id - The Id of the Email Template used to send emails to users when another user attempts to create an account with their login Id.
- login
New StringDevice Email Template Id - The Id of the Email Template used to send emails to users when they log in on a new device.
- login
Suspicious StringEmail Template Id - The Id of the Email Template used to send emails to users when a suspicious login occurs.
- password String
- An optional password FusionAuth will use to authenticate with the SMTP server.
- password
Reset StringSuccess Email Template Id - The Id of the Email Template used to send emails to users when they have completed a 'forgot password' workflow and their password habeen reset.
- password
Update StringEmail Template Id - The Id of the Email Template used to send emails to users when they have completed a 'forgot password' workflow and their password has been rese
- passwordless
Email StringTemplate Id - The Id of the Passwordless Email Template.
- port Number
- The port of the SMTP server that FusionAuth will use.
- properties String
- Additional Email Configuration in a properties file formatted String.
- security String
- The type of security protocol FusionAuth will use when connecting to the SMTP server.
- set
Password StringEmail Template Id - The Id of the Email Template that is used when a user had their account created for them and they must set their password manually and they are sent an email to set their password.
- two
Factor StringMethod Add Email Template Id - The Id of the Email Template used to send emails to users when a MFA method has been added to their account.
- two
Factor StringMethod Remove Email Template Id - The Id of the Email Template used to send emails to users when a MFA method has been removed from their account.
- unverified Property Map
- username String
- An optional username FusionAuth will to authenticate with the SMTP server.
- verification
Email StringTemplate Id - The Id of the Email Template that is used to send the verification emails to users. These emails are used to verify that a user’s email address ivalid. If either the verifyEmail or verifyEmailWhenChanged fields are true this field is required.
- verification
Strategy String - The process by which the user will verify their email address. Possible values are
ClickableLinkorFormField. - verify
Email Boolean - Whether the user’s email addresses are verified when the registers with your application.
- verify
Email BooleanWhen Changed - Whether the user’s email addresses are verified when the user changes them.
FusionAuthTenantEmailConfigurationUnverified, FusionAuthTenantEmailConfigurationUnverifiedArgs
- Allow
Email boolChange When Gated - When this value is set to true, the user is allowed to change their email address when they are gated because they haven’t verified their email address.
- Behavior string
- = (Optional) The behavior when detecting breaches at time of user login.
- Allow
Email boolChange When Gated - When this value is set to true, the user is allowed to change their email address when they are gated because they haven’t verified their email address.
- Behavior string
- = (Optional) The behavior when detecting breaches at time of user login.
- allow
Email BooleanChange When Gated - When this value is set to true, the user is allowed to change their email address when they are gated because they haven’t verified their email address.
- behavior String
- = (Optional) The behavior when detecting breaches at time of user login.
- allow
Email booleanChange When Gated - When this value is set to true, the user is allowed to change their email address when they are gated because they haven’t verified their email address.
- behavior string
- = (Optional) The behavior when detecting breaches at time of user login.
- allow_
email_ boolchange_ when_ gated - When this value is set to true, the user is allowed to change their email address when they are gated because they haven’t verified their email address.
- behavior str
- = (Optional) The behavior when detecting breaches at time of user login.
- allow
Email BooleanChange When Gated - When this value is set to true, the user is allowed to change their email address when they are gated because they haven’t verified their email address.
- behavior String
- = (Optional) The behavior when detecting breaches at time of user login.
FusionAuthTenantEventConfiguration, FusionAuthTenantEventConfigurationArgs
- Enabled bool
- Whether or not FusionAuth should send these types of events to any configured Webhooks.
- Event string
- The event type
- Transaction
Type string - The transaction type that FusionAuth uses when sending these types of events to any configured Webhooks.
- Enabled bool
- Whether or not FusionAuth should send these types of events to any configured Webhooks.
- Event string
- The event type
- Transaction
Type string - The transaction type that FusionAuth uses when sending these types of events to any configured Webhooks.
- enabled Boolean
- Whether or not FusionAuth should send these types of events to any configured Webhooks.
- event String
- The event type
- transaction
Type String - The transaction type that FusionAuth uses when sending these types of events to any configured Webhooks.
- enabled boolean
- Whether or not FusionAuth should send these types of events to any configured Webhooks.
- event string
- The event type
- transaction
Type string - The transaction type that FusionAuth uses when sending these types of events to any configured Webhooks.
- enabled bool
- Whether or not FusionAuth should send these types of events to any configured Webhooks.
- event str
- The event type
- transaction_
type str - The transaction type that FusionAuth uses when sending these types of events to any configured Webhooks.
- enabled Boolean
- Whether or not FusionAuth should send these types of events to any configured Webhooks.
- event String
- The event type
- transaction
Type String - The transaction type that FusionAuth uses when sending these types of events to any configured Webhooks.
FusionAuthTenantExternalIdentifierConfiguration, FusionAuthTenantExternalIdentifierConfigurationArgs
- int
- The time in seconds until a OAuth authorization code in no longer valid to be exchanged for an access token. This is essentially the time allowed between the start of an Authorization request during the Authorization code grant and when you request an access token using this authorization code on the Token endpoint. Defaults to 30.
- Change
Password theogravity.Id Generator Fusionauth. Inputs. Fusion Auth Tenant External Identifier Configuration Change Password Id Generator - Change
Password intId Time To Live In Seconds - The time in seconds until a change password Id is no longer valid and cannot be used by the Change Password API. Value must be greater than 0. Defaults to 600.
- Device
Code intTime To Live In Seconds - The time in seconds until a device code Id is no longer valid and cannot be used by the Token API. Value must be greater than 0. Defaults to 300.
- Device
User theogravity.Code Id Generator Fusionauth. Inputs. Fusion Auth Tenant External Identifier Configuration Device User Code Id Generator - Email
Verification theogravity.Id Generator Fusionauth. Inputs. Fusion Auth Tenant External Identifier Configuration Email Verification Id Generator - Email
Verification intId Time To Live In Seconds - The time in seconds until a email verification Id is no longer valid and cannot be used by the Verify Email API. Value must be greater than 0.
- Email
Verification theogravity.One Time Code Generator Fusionauth. Inputs. Fusion Auth Tenant External Identifier Configuration Email Verification One Time Code Generator - External
Authentication intId Time To Live In Seconds - The time in seconds until an external authentication Id is no longer valid and cannot be used by the Token API. Value must be greater than 0. Defaults to 300.
- Login
Intent intTime To Live In Seconds - The time in seconds until a Login Timeout identifier is no longer valid to complete post-authentication steps in the OAuth workflow. Must be greater than 0. Defaults to 1800.
- One
Time intPassword Time To Live In Seconds - The time in seconds until a One Time Password is no longer valid and cannot be used by the Login API. Value must be greater than 0. Defaults to 60.
- Passwordless
Login theogravity.Generator Fusionauth. Inputs. Fusion Auth Tenant External Identifier Configuration Passwordless Login Generator - Passwordless
Login intTime To Live In Seconds - The time in seconds until a passwordless code is no longer valid and cannot be used by the Passwordless API. Value must be greater than 0. Defaults to 180.
- Pending
Account intLink Time To Live In Seconds - The number of seconds before the pending account link identifier is no longer valid to complete an account link request. Value must be greater than 0. Defaults to 3600
- Registration
Verification theogravity.Id Generator Fusionauth. Inputs. Fusion Auth Tenant External Identifier Configuration Registration Verification Id Generator - Registration
Verification intId Time To Live In Seconds - The time in seconds until a registration verification Id is no longer valid and cannot be used by the Verify Registration API. Value must be greater than 0.
- Registration
Verification theogravity.One Time Code Generator Fusionauth. Inputs. Fusion Auth Tenant External Identifier Configuration Registration Verification One Time Code Generator - Remember
Oauth intScope Consent Choice Time To Live In Seconds - The time in seconds until remembered OAuth scope consent choices are no longer valid, and the User will be prompted to consent to requested OAuth scopes even if they have not changed. Applies only when
application.oauthConfiguration.consentModeis set to RememberDecision. Value must be greater than 0. Note: An Essentials or Enterprise plan is required to utilize advanced OAuth scopes. Defaults to 2592000. - Saml
V2Authn intRequest Id Ttl Seconds - The time in seconds that a SAML AuthN request will be eligible for use to authenticate with FusionAuth. Defaults to 300.
- Setup
Password theogravity.Id Generator Fusionauth. Inputs. Fusion Auth Tenant External Identifier Configuration Setup Password Id Generator - Setup
Password intId Time To Live In Seconds - The time in seconds until a setup password Id is no longer valid and cannot be used by the Change Password API. Value must be greater than 0.
- Trust
Token intTime To Live In Seconds - The number of seconds before the Trust Token is no longer valid to complete a request that requires trust. Value must be greater than 0. Defaults to 180
- Two
Factor intId Time To Live In Seconds - The time in seconds until a two factor Id is no longer valid and cannot be used by the Two Factor Login API. Value must be greater than 0. Defaults to 300.
- Two
Factor theogravity.One Time Code Id Generator Fusionauth. Inputs. Fusion Auth Tenant External Identifier Configuration Two Factor One Time Code Id Generator - Two
Factor intOne Time Code Id Time To Live In Seconds - The number of seconds before the Two-Factor One Time Code used to enable or disable a two-factor method is no longer valid. Must be greater than 0. Defaults to 60.
- Two
Factor intTrust Id Time To Live In Seconds - The time in seconds until an issued Two Factor trust Id is no longer valid and the User will be Optional to complete Two Factor authentication during the next authentication attempt. Value must be greater than 0.
- Webauthn
Authentication intChallenge Time To Live In Seconds - The time in seconds until a WebAuthn authentication challenge is no longer valid and the User will be required to restart the WebAuthn authentication ceremony by creating a new challenge. This value also controls the timeout for the client-side WebAuthn navigator.credentials.get API call. Value must be greater than 0. Note: A license is required to utilize WebAuthn. Defaults to 180.
- Webauthn
Registration intChallenge Time To Live In Seconds - The time in seconds until a WebAuthn registration challenge is no longer valid and the User will be required to restart the WebAuthn registration ceremony by creating a new challenge. This value also controls the timeout for the client-side WebAuthn navigator.credentials.create API call. Value must be greater than 0. Note: A license is required to utilize WebAuthn. Defaults to 180.
- int
- The time in seconds until a OAuth authorization code in no longer valid to be exchanged for an access token. This is essentially the time allowed between the start of an Authorization request during the Authorization code grant and when you request an access token using this authorization code on the Token endpoint. Defaults to 30.
- Change
Password FusionId Generator Auth Tenant External Identifier Configuration Change Password Id Generator - Change
Password intId Time To Live In Seconds - The time in seconds until a change password Id is no longer valid and cannot be used by the Change Password API. Value must be greater than 0. Defaults to 600.
- Device
Code intTime To Live In Seconds - The time in seconds until a device code Id is no longer valid and cannot be used by the Token API. Value must be greater than 0. Defaults to 300.
- Device
User FusionCode Id Generator Auth Tenant External Identifier Configuration Device User Code Id Generator - Email
Verification FusionId Generator Auth Tenant External Identifier Configuration Email Verification Id Generator - Email
Verification intId Time To Live In Seconds - The time in seconds until a email verification Id is no longer valid and cannot be used by the Verify Email API. Value must be greater than 0.
- Email
Verification FusionOne Time Code Generator Auth Tenant External Identifier Configuration Email Verification One Time Code Generator - External
Authentication intId Time To Live In Seconds - The time in seconds until an external authentication Id is no longer valid and cannot be used by the Token API. Value must be greater than 0. Defaults to 300.
- Login
Intent intTime To Live In Seconds - The time in seconds until a Login Timeout identifier is no longer valid to complete post-authentication steps in the OAuth workflow. Must be greater than 0. Defaults to 1800.
- One
Time intPassword Time To Live In Seconds - The time in seconds until a One Time Password is no longer valid and cannot be used by the Login API. Value must be greater than 0. Defaults to 60.
- Passwordless
Login FusionGenerator Auth Tenant External Identifier Configuration Passwordless Login Generator - Passwordless
Login intTime To Live In Seconds - The time in seconds until a passwordless code is no longer valid and cannot be used by the Passwordless API. Value must be greater than 0. Defaults to 180.
- Pending
Account intLink Time To Live In Seconds - The number of seconds before the pending account link identifier is no longer valid to complete an account link request. Value must be greater than 0. Defaults to 3600
- Registration
Verification FusionId Generator Auth Tenant External Identifier Configuration Registration Verification Id Generator - Registration
Verification intId Time To Live In Seconds - The time in seconds until a registration verification Id is no longer valid and cannot be used by the Verify Registration API. Value must be greater than 0.
- Registration
Verification FusionOne Time Code Generator Auth Tenant External Identifier Configuration Registration Verification One Time Code Generator - Remember
Oauth intScope Consent Choice Time To Live In Seconds - The time in seconds until remembered OAuth scope consent choices are no longer valid, and the User will be prompted to consent to requested OAuth scopes even if they have not changed. Applies only when
application.oauthConfiguration.consentModeis set to RememberDecision. Value must be greater than 0. Note: An Essentials or Enterprise plan is required to utilize advanced OAuth scopes. Defaults to 2592000. - Saml
V2Authn intRequest Id Ttl Seconds - The time in seconds that a SAML AuthN request will be eligible for use to authenticate with FusionAuth. Defaults to 300.
- Setup
Password FusionId Generator Auth Tenant External Identifier Configuration Setup Password Id Generator - Setup
Password intId Time To Live In Seconds - The time in seconds until a setup password Id is no longer valid and cannot be used by the Change Password API. Value must be greater than 0.
- Trust
Token intTime To Live In Seconds - The number of seconds before the Trust Token is no longer valid to complete a request that requires trust. Value must be greater than 0. Defaults to 180
- Two
Factor intId Time To Live In Seconds - The time in seconds until a two factor Id is no longer valid and cannot be used by the Two Factor Login API. Value must be greater than 0. Defaults to 300.
- Two
Factor FusionOne Time Code Id Generator Auth Tenant External Identifier Configuration Two Factor One Time Code Id Generator - Two
Factor intOne Time Code Id Time To Live In Seconds - The number of seconds before the Two-Factor One Time Code used to enable or disable a two-factor method is no longer valid. Must be greater than 0. Defaults to 60.
- Two
Factor intTrust Id Time To Live In Seconds - The time in seconds until an issued Two Factor trust Id is no longer valid and the User will be Optional to complete Two Factor authentication during the next authentication attempt. Value must be greater than 0.
- Webauthn
Authentication intChallenge Time To Live In Seconds - The time in seconds until a WebAuthn authentication challenge is no longer valid and the User will be required to restart the WebAuthn authentication ceremony by creating a new challenge. This value also controls the timeout for the client-side WebAuthn navigator.credentials.get API call. Value must be greater than 0. Note: A license is required to utilize WebAuthn. Defaults to 180.
- Webauthn
Registration intChallenge Time To Live In Seconds - The time in seconds until a WebAuthn registration challenge is no longer valid and the User will be required to restart the WebAuthn registration ceremony by creating a new challenge. This value also controls the timeout for the client-side WebAuthn navigator.credentials.create API call. Value must be greater than 0. Note: A license is required to utilize WebAuthn. Defaults to 180.
- Integer
- The time in seconds until a OAuth authorization code in no longer valid to be exchanged for an access token. This is essentially the time allowed between the start of an Authorization request during the Authorization code grant and when you request an access token using this authorization code on the Token endpoint. Defaults to 30.
- change
Password FusionId Generator Auth Tenant External Identifier Configuration Change Password Id Generator - change
Password IntegerId Time To Live In Seconds - The time in seconds until a change password Id is no longer valid and cannot be used by the Change Password API. Value must be greater than 0. Defaults to 600.
- device
Code IntegerTime To Live In Seconds - The time in seconds until a device code Id is no longer valid and cannot be used by the Token API. Value must be greater than 0. Defaults to 300.
- device
User FusionCode Id Generator Auth Tenant External Identifier Configuration Device User Code Id Generator - email
Verification FusionId Generator Auth Tenant External Identifier Configuration Email Verification Id Generator - email
Verification IntegerId Time To Live In Seconds - The time in seconds until a email verification Id is no longer valid and cannot be used by the Verify Email API. Value must be greater than 0.
- email
Verification FusionOne Time Code Generator Auth Tenant External Identifier Configuration Email Verification One Time Code Generator - external
Authentication IntegerId Time To Live In Seconds - The time in seconds until an external authentication Id is no longer valid and cannot be used by the Token API. Value must be greater than 0. Defaults to 300.
- login
Intent IntegerTime To Live In Seconds - The time in seconds until a Login Timeout identifier is no longer valid to complete post-authentication steps in the OAuth workflow. Must be greater than 0. Defaults to 1800.
- one
Time IntegerPassword Time To Live In Seconds - The time in seconds until a One Time Password is no longer valid and cannot be used by the Login API. Value must be greater than 0. Defaults to 60.
- passwordless
Login FusionGenerator Auth Tenant External Identifier Configuration Passwordless Login Generator - passwordless
Login IntegerTime To Live In Seconds - The time in seconds until a passwordless code is no longer valid and cannot be used by the Passwordless API. Value must be greater than 0. Defaults to 180.
- pending
Account IntegerLink Time To Live In Seconds - The number of seconds before the pending account link identifier is no longer valid to complete an account link request. Value must be greater than 0. Defaults to 3600
- registration
Verification FusionId Generator Auth Tenant External Identifier Configuration Registration Verification Id Generator - registration
Verification IntegerId Time To Live In Seconds - The time in seconds until a registration verification Id is no longer valid and cannot be used by the Verify Registration API. Value must be greater than 0.
- registration
Verification FusionOne Time Code Generator Auth Tenant External Identifier Configuration Registration Verification One Time Code Generator - remember
Oauth IntegerScope Consent Choice Time To Live In Seconds - The time in seconds until remembered OAuth scope consent choices are no longer valid, and the User will be prompted to consent to requested OAuth scopes even if they have not changed. Applies only when
application.oauthConfiguration.consentModeis set to RememberDecision. Value must be greater than 0. Note: An Essentials or Enterprise plan is required to utilize advanced OAuth scopes. Defaults to 2592000. - saml
V2Authn IntegerRequest Id Ttl Seconds - The time in seconds that a SAML AuthN request will be eligible for use to authenticate with FusionAuth. Defaults to 300.
- setup
Password FusionId Generator Auth Tenant External Identifier Configuration Setup Password Id Generator - setup
Password IntegerId Time To Live In Seconds - The time in seconds until a setup password Id is no longer valid and cannot be used by the Change Password API. Value must be greater than 0.
- trust
Token IntegerTime To Live In Seconds - The number of seconds before the Trust Token is no longer valid to complete a request that requires trust. Value must be greater than 0. Defaults to 180
- two
Factor IntegerId Time To Live In Seconds - The time in seconds until a two factor Id is no longer valid and cannot be used by the Two Factor Login API. Value must be greater than 0. Defaults to 300.
- two
Factor FusionOne Time Code Id Generator Auth Tenant External Identifier Configuration Two Factor One Time Code Id Generator - two
Factor IntegerOne Time Code Id Time To Live In Seconds - The number of seconds before the Two-Factor One Time Code used to enable or disable a two-factor method is no longer valid. Must be greater than 0. Defaults to 60.
- two
Factor IntegerTrust Id Time To Live In Seconds - The time in seconds until an issued Two Factor trust Id is no longer valid and the User will be Optional to complete Two Factor authentication during the next authentication attempt. Value must be greater than 0.
- webauthn
Authentication IntegerChallenge Time To Live In Seconds - The time in seconds until a WebAuthn authentication challenge is no longer valid and the User will be required to restart the WebAuthn authentication ceremony by creating a new challenge. This value also controls the timeout for the client-side WebAuthn navigator.credentials.get API call. Value must be greater than 0. Note: A license is required to utilize WebAuthn. Defaults to 180.
- webauthn
Registration IntegerChallenge Time To Live In Seconds - The time in seconds until a WebAuthn registration challenge is no longer valid and the User will be required to restart the WebAuthn registration ceremony by creating a new challenge. This value also controls the timeout for the client-side WebAuthn navigator.credentials.create API call. Value must be greater than 0. Note: A license is required to utilize WebAuthn. Defaults to 180.
- number
- The time in seconds until a OAuth authorization code in no longer valid to be exchanged for an access token. This is essentially the time allowed between the start of an Authorization request during the Authorization code grant and when you request an access token using this authorization code on the Token endpoint. Defaults to 30.
- change
Password FusionId Generator Auth Tenant External Identifier Configuration Change Password Id Generator - change
Password numberId Time To Live In Seconds - The time in seconds until a change password Id is no longer valid and cannot be used by the Change Password API. Value must be greater than 0. Defaults to 600.
- device
Code numberTime To Live In Seconds - The time in seconds until a device code Id is no longer valid and cannot be used by the Token API. Value must be greater than 0. Defaults to 300.
- device
User FusionCode Id Generator Auth Tenant External Identifier Configuration Device User Code Id Generator - email
Verification FusionId Generator Auth Tenant External Identifier Configuration Email Verification Id Generator - email
Verification numberId Time To Live In Seconds - The time in seconds until a email verification Id is no longer valid and cannot be used by the Verify Email API. Value must be greater than 0.
- email
Verification FusionOne Time Code Generator Auth Tenant External Identifier Configuration Email Verification One Time Code Generator - external
Authentication numberId Time To Live In Seconds - The time in seconds until an external authentication Id is no longer valid and cannot be used by the Token API. Value must be greater than 0. Defaults to 300.
- login
Intent numberTime To Live In Seconds - The time in seconds until a Login Timeout identifier is no longer valid to complete post-authentication steps in the OAuth workflow. Must be greater than 0. Defaults to 1800.
- one
Time numberPassword Time To Live In Seconds - The time in seconds until a One Time Password is no longer valid and cannot be used by the Login API. Value must be greater than 0. Defaults to 60.
- passwordless
Login FusionGenerator Auth Tenant External Identifier Configuration Passwordless Login Generator - passwordless
Login numberTime To Live In Seconds - The time in seconds until a passwordless code is no longer valid and cannot be used by the Passwordless API. Value must be greater than 0. Defaults to 180.
- pending
Account numberLink Time To Live In Seconds - The number of seconds before the pending account link identifier is no longer valid to complete an account link request. Value must be greater than 0. Defaults to 3600
- registration
Verification FusionId Generator Auth Tenant External Identifier Configuration Registration Verification Id Generator - registration
Verification numberId Time To Live In Seconds - The time in seconds until a registration verification Id is no longer valid and cannot be used by the Verify Registration API. Value must be greater than 0.
- registration
Verification FusionOne Time Code Generator Auth Tenant External Identifier Configuration Registration Verification One Time Code Generator - remember
Oauth numberScope Consent Choice Time To Live In Seconds - The time in seconds until remembered OAuth scope consent choices are no longer valid, and the User will be prompted to consent to requested OAuth scopes even if they have not changed. Applies only when
application.oauthConfiguration.consentModeis set to RememberDecision. Value must be greater than 0. Note: An Essentials or Enterprise plan is required to utilize advanced OAuth scopes. Defaults to 2592000. - saml
V2Authn numberRequest Id Ttl Seconds - The time in seconds that a SAML AuthN request will be eligible for use to authenticate with FusionAuth. Defaults to 300.
- setup
Password FusionId Generator Auth Tenant External Identifier Configuration Setup Password Id Generator - setup
Password numberId Time To Live In Seconds - The time in seconds until a setup password Id is no longer valid and cannot be used by the Change Password API. Value must be greater than 0.
- trust
Token numberTime To Live In Seconds - The number of seconds before the Trust Token is no longer valid to complete a request that requires trust. Value must be greater than 0. Defaults to 180
- two
Factor numberId Time To Live In Seconds - The time in seconds until a two factor Id is no longer valid and cannot be used by the Two Factor Login API. Value must be greater than 0. Defaults to 300.
- two
Factor FusionOne Time Code Id Generator Auth Tenant External Identifier Configuration Two Factor One Time Code Id Generator - two
Factor numberOne Time Code Id Time To Live In Seconds - The number of seconds before the Two-Factor One Time Code used to enable or disable a two-factor method is no longer valid. Must be greater than 0. Defaults to 60.
- two
Factor numberTrust Id Time To Live In Seconds - The time in seconds until an issued Two Factor trust Id is no longer valid and the User will be Optional to complete Two Factor authentication during the next authentication attempt. Value must be greater than 0.
- webauthn
Authentication numberChallenge Time To Live In Seconds - The time in seconds until a WebAuthn authentication challenge is no longer valid and the User will be required to restart the WebAuthn authentication ceremony by creating a new challenge. This value also controls the timeout for the client-side WebAuthn navigator.credentials.get API call. Value must be greater than 0. Note: A license is required to utilize WebAuthn. Defaults to 180.
- webauthn
Registration numberChallenge Time To Live In Seconds - The time in seconds until a WebAuthn registration challenge is no longer valid and the User will be required to restart the WebAuthn registration ceremony by creating a new challenge. This value also controls the timeout for the client-side WebAuthn navigator.credentials.create API call. Value must be greater than 0. Note: A license is required to utilize WebAuthn. Defaults to 180.
- int
- The time in seconds until a OAuth authorization code in no longer valid to be exchanged for an access token. This is essentially the time allowed between the start of an Authorization request during the Authorization code grant and when you request an access token using this authorization code on the Token endpoint. Defaults to 30.
- change_
password_ Fusionid_ generator Auth Tenant External Identifier Configuration Change Password Id Generator - change_
password_ intid_ time_ to_ live_ in_ seconds - The time in seconds until a change password Id is no longer valid and cannot be used by the Change Password API. Value must be greater than 0. Defaults to 600.
- device_
code_ inttime_ to_ live_ in_ seconds - The time in seconds until a device code Id is no longer valid and cannot be used by the Token API. Value must be greater than 0. Defaults to 300.
- device_
user_ Fusioncode_ id_ generator Auth Tenant External Identifier Configuration Device User Code Id Generator - email_
verification_ Fusionid_ generator Auth Tenant External Identifier Configuration Email Verification Id Generator - email_
verification_ intid_ time_ to_ live_ in_ seconds - The time in seconds until a email verification Id is no longer valid and cannot be used by the Verify Email API. Value must be greater than 0.
- email_
verification_ Fusionone_ time_ code_ generator Auth Tenant External Identifier Configuration Email Verification One Time Code Generator - external_
authentication_ intid_ time_ to_ live_ in_ seconds - The time in seconds until an external authentication Id is no longer valid and cannot be used by the Token API. Value must be greater than 0. Defaults to 300.
- login_
intent_ inttime_ to_ live_ in_ seconds - The time in seconds until a Login Timeout identifier is no longer valid to complete post-authentication steps in the OAuth workflow. Must be greater than 0. Defaults to 1800.
- one_
time_ intpassword_ time_ to_ live_ in_ seconds - The time in seconds until a One Time Password is no longer valid and cannot be used by the Login API. Value must be greater than 0. Defaults to 60.
- passwordless_
login_ Fusiongenerator Auth Tenant External Identifier Configuration Passwordless Login Generator - passwordless_
login_ inttime_ to_ live_ in_ seconds - The time in seconds until a passwordless code is no longer valid and cannot be used by the Passwordless API. Value must be greater than 0. Defaults to 180.
- pending_
account_ intlink_ time_ to_ live_ in_ seconds - The number of seconds before the pending account link identifier is no longer valid to complete an account link request. Value must be greater than 0. Defaults to 3600
- registration_
verification_ Fusionid_ generator Auth Tenant External Identifier Configuration Registration Verification Id Generator - registration_
verification_ intid_ time_ to_ live_ in_ seconds - The time in seconds until a registration verification Id is no longer valid and cannot be used by the Verify Registration API. Value must be greater than 0.
- registration_
verification_ Fusionone_ time_ code_ generator Auth Tenant External Identifier Configuration Registration Verification One Time Code Generator - remember_
oauth_ intscope_ consent_ choice_ time_ to_ live_ in_ seconds - The time in seconds until remembered OAuth scope consent choices are no longer valid, and the User will be prompted to consent to requested OAuth scopes even if they have not changed. Applies only when
application.oauthConfiguration.consentModeis set to RememberDecision. Value must be greater than 0. Note: An Essentials or Enterprise plan is required to utilize advanced OAuth scopes. Defaults to 2592000. - saml_
v2_ intauthn_ request_ id_ ttl_ seconds - The time in seconds that a SAML AuthN request will be eligible for use to authenticate with FusionAuth. Defaults to 300.
- setup_
password_ Fusionid_ generator Auth Tenant External Identifier Configuration Setup Password Id Generator - setup_
password_ intid_ time_ to_ live_ in_ seconds - The time in seconds until a setup password Id is no longer valid and cannot be used by the Change Password API. Value must be greater than 0.
- trust_
token_ inttime_ to_ live_ in_ seconds - The number of seconds before the Trust Token is no longer valid to complete a request that requires trust. Value must be greater than 0. Defaults to 180
- two_
factor_ intid_ time_ to_ live_ in_ seconds - The time in seconds until a two factor Id is no longer valid and cannot be used by the Two Factor Login API. Value must be greater than 0. Defaults to 300.
- two_
factor_ Fusionone_ time_ code_ id_ generator Auth Tenant External Identifier Configuration Two Factor One Time Code Id Generator - two_
factor_ intone_ time_ code_ id_ time_ to_ live_ in_ seconds - The number of seconds before the Two-Factor One Time Code used to enable or disable a two-factor method is no longer valid. Must be greater than 0. Defaults to 60.
- two_
factor_ inttrust_ id_ time_ to_ live_ in_ seconds - The time in seconds until an issued Two Factor trust Id is no longer valid and the User will be Optional to complete Two Factor authentication during the next authentication attempt. Value must be greater than 0.
- webauthn_
authentication_ intchallenge_ time_ to_ live_ in_ seconds - The time in seconds until a WebAuthn authentication challenge is no longer valid and the User will be required to restart the WebAuthn authentication ceremony by creating a new challenge. This value also controls the timeout for the client-side WebAuthn navigator.credentials.get API call. Value must be greater than 0. Note: A license is required to utilize WebAuthn. Defaults to 180.
- webauthn_
registration_ intchallenge_ time_ to_ live_ in_ seconds - The time in seconds until a WebAuthn registration challenge is no longer valid and the User will be required to restart the WebAuthn registration ceremony by creating a new challenge. This value also controls the timeout for the client-side WebAuthn navigator.credentials.create API call. Value must be greater than 0. Note: A license is required to utilize WebAuthn. Defaults to 180.
- Number
- The time in seconds until a OAuth authorization code in no longer valid to be exchanged for an access token. This is essentially the time allowed between the start of an Authorization request during the Authorization code grant and when you request an access token using this authorization code on the Token endpoint. Defaults to 30.
- change
Password Property MapId Generator - change
Password NumberId Time To Live In Seconds - The time in seconds until a change password Id is no longer valid and cannot be used by the Change Password API. Value must be greater than 0. Defaults to 600.
- device
Code NumberTime To Live In Seconds - The time in seconds until a device code Id is no longer valid and cannot be used by the Token API. Value must be greater than 0. Defaults to 300.
- device
User Property MapCode Id Generator - email
Verification Property MapId Generator - email
Verification NumberId Time To Live In Seconds - The time in seconds until a email verification Id is no longer valid and cannot be used by the Verify Email API. Value must be greater than 0.
- email
Verification Property MapOne Time Code Generator - external
Authentication NumberId Time To Live In Seconds - The time in seconds until an external authentication Id is no longer valid and cannot be used by the Token API. Value must be greater than 0. Defaults to 300.
- login
Intent NumberTime To Live In Seconds - The time in seconds until a Login Timeout identifier is no longer valid to complete post-authentication steps in the OAuth workflow. Must be greater than 0. Defaults to 1800.
- one
Time NumberPassword Time To Live In Seconds - The time in seconds until a One Time Password is no longer valid and cannot be used by the Login API. Value must be greater than 0. Defaults to 60.
- passwordless
Login Property MapGenerator - passwordless
Login NumberTime To Live In Seconds - The time in seconds until a passwordless code is no longer valid and cannot be used by the Passwordless API. Value must be greater than 0. Defaults to 180.
- pending
Account NumberLink Time To Live In Seconds - The number of seconds before the pending account link identifier is no longer valid to complete an account link request. Value must be greater than 0. Defaults to 3600
- registration
Verification Property MapId Generator - registration
Verification NumberId Time To Live In Seconds - The time in seconds until a registration verification Id is no longer valid and cannot be used by the Verify Registration API. Value must be greater than 0.
- registration
Verification Property MapOne Time Code Generator - remember
Oauth NumberScope Consent Choice Time To Live In Seconds - The time in seconds until remembered OAuth scope consent choices are no longer valid, and the User will be prompted to consent to requested OAuth scopes even if they have not changed. Applies only when
application.oauthConfiguration.consentModeis set to RememberDecision. Value must be greater than 0. Note: An Essentials or Enterprise plan is required to utilize advanced OAuth scopes. Defaults to 2592000. - saml
V2Authn NumberRequest Id Ttl Seconds - The time in seconds that a SAML AuthN request will be eligible for use to authenticate with FusionAuth. Defaults to 300.
- setup
Password Property MapId Generator - setup
Password NumberId Time To Live In Seconds - The time in seconds until a setup password Id is no longer valid and cannot be used by the Change Password API. Value must be greater than 0.
- trust
Token NumberTime To Live In Seconds - The number of seconds before the Trust Token is no longer valid to complete a request that requires trust. Value must be greater than 0. Defaults to 180
- two
Factor NumberId Time To Live In Seconds - The time in seconds until a two factor Id is no longer valid and cannot be used by the Two Factor Login API. Value must be greater than 0. Defaults to 300.
- two
Factor Property MapOne Time Code Id Generator - two
Factor NumberOne Time Code Id Time To Live In Seconds - The number of seconds before the Two-Factor One Time Code used to enable or disable a two-factor method is no longer valid. Must be greater than 0. Defaults to 60.
- two
Factor NumberTrust Id Time To Live In Seconds - The time in seconds until an issued Two Factor trust Id is no longer valid and the User will be Optional to complete Two Factor authentication during the next authentication attempt. Value must be greater than 0.
- webauthn
Authentication NumberChallenge Time To Live In Seconds - The time in seconds until a WebAuthn authentication challenge is no longer valid and the User will be required to restart the WebAuthn authentication ceremony by creating a new challenge. This value also controls the timeout for the client-side WebAuthn navigator.credentials.get API call. Value must be greater than 0. Note: A license is required to utilize WebAuthn. Defaults to 180.
- webauthn
Registration NumberChallenge Time To Live In Seconds - The time in seconds until a WebAuthn registration challenge is no longer valid and the User will be required to restart the WebAuthn registration ceremony by creating a new challenge. This value also controls the timeout for the client-side WebAuthn navigator.credentials.create API call. Value must be greater than 0. Note: A license is required to utilize WebAuthn. Defaults to 180.
FusionAuthTenantExternalIdentifierConfigurationChangePasswordIdGenerator, FusionAuthTenantExternalIdentifierConfigurationChangePasswordIdGeneratorArgs
FusionAuthTenantExternalIdentifierConfigurationDeviceUserCodeIdGenerator, FusionAuthTenantExternalIdentifierConfigurationDeviceUserCodeIdGeneratorArgs
FusionAuthTenantExternalIdentifierConfigurationEmailVerificationIdGenerator, FusionAuthTenantExternalIdentifierConfigurationEmailVerificationIdGeneratorArgs
FusionAuthTenantExternalIdentifierConfigurationEmailVerificationOneTimeCodeGenerator, FusionAuthTenantExternalIdentifierConfigurationEmailVerificationOneTimeCodeGeneratorArgs
FusionAuthTenantExternalIdentifierConfigurationPasswordlessLoginGenerator, FusionAuthTenantExternalIdentifierConfigurationPasswordlessLoginGeneratorArgs
FusionAuthTenantExternalIdentifierConfigurationRegistrationVerificationIdGenerator, FusionAuthTenantExternalIdentifierConfigurationRegistrationVerificationIdGeneratorArgs
FusionAuthTenantExternalIdentifierConfigurationRegistrationVerificationOneTimeCodeGenerator, FusionAuthTenantExternalIdentifierConfigurationRegistrationVerificationOneTimeCodeGeneratorArgs
FusionAuthTenantExternalIdentifierConfigurationSetupPasswordIdGenerator, FusionAuthTenantExternalIdentifierConfigurationSetupPasswordIdGeneratorArgs
FusionAuthTenantExternalIdentifierConfigurationTwoFactorOneTimeCodeIdGenerator, FusionAuthTenantExternalIdentifierConfigurationTwoFactorOneTimeCodeIdGeneratorArgs
FusionAuthTenantFailedAuthenticationConfiguration, FusionAuthTenantFailedAuthenticationConfigurationArgs
- Action
Cancel boolPolicy On Password Reset - Indicates whether you want the user to be able to self-service unlock their account prior to the action duration by completing a password reset workflow.
- Action
Duration int - The duration of the User Action. This value along with the actionDurationUnit will be used to set the duration of the User Action. Value must be greater than 0.
- Action
Duration stringUnit - The unit of time associated with a duration.
- Email
User bool - Indicates you would like to email the user when the user’s account is locked due to this action being taken. This requires the User Action specified by the tenant.failedAuthenticationConfiguration.userActionId to also be configured for email. If the User Action is not configured to be able to email the user, this configuration will be ignored.
- Reset
Count intIn Seconds - The length of time in seconds before the failed authentication count will be reset. Value must be greater than 0.
- Too
Many intAttempts - The number of failed attempts considered to be too many. Once this threshold is reached the specified User Action will be applied to the user for the duration specified. Value must be greater than 0.
- User
Action stringId - The Id of the User Action that is applied when the threshold is reached for too many failed authentication attempts.
- Action
Cancel boolPolicy On Password Reset - Indicates whether you want the user to be able to self-service unlock their account prior to the action duration by completing a password reset workflow.
- Action
Duration int - The duration of the User Action. This value along with the actionDurationUnit will be used to set the duration of the User Action. Value must be greater than 0.
- Action
Duration stringUnit - The unit of time associated with a duration.
- Email
User bool - Indicates you would like to email the user when the user’s account is locked due to this action being taken. This requires the User Action specified by the tenant.failedAuthenticationConfiguration.userActionId to also be configured for email. If the User Action is not configured to be able to email the user, this configuration will be ignored.
- Reset
Count intIn Seconds - The length of time in seconds before the failed authentication count will be reset. Value must be greater than 0.
- Too
Many intAttempts - The number of failed attempts considered to be too many. Once this threshold is reached the specified User Action will be applied to the user for the duration specified. Value must be greater than 0.
- User
Action stringId - The Id of the User Action that is applied when the threshold is reached for too many failed authentication attempts.
- action
Cancel BooleanPolicy On Password Reset - Indicates whether you want the user to be able to self-service unlock their account prior to the action duration by completing a password reset workflow.
- action
Duration Integer - The duration of the User Action. This value along with the actionDurationUnit will be used to set the duration of the User Action. Value must be greater than 0.
- action
Duration StringUnit - The unit of time associated with a duration.
- email
User Boolean - Indicates you would like to email the user when the user’s account is locked due to this action being taken. This requires the User Action specified by the tenant.failedAuthenticationConfiguration.userActionId to also be configured for email. If the User Action is not configured to be able to email the user, this configuration will be ignored.
- reset
Count IntegerIn Seconds - The length of time in seconds before the failed authentication count will be reset. Value must be greater than 0.
- too
Many IntegerAttempts - The number of failed attempts considered to be too many. Once this threshold is reached the specified User Action will be applied to the user for the duration specified. Value must be greater than 0.
- user
Action StringId - The Id of the User Action that is applied when the threshold is reached for too many failed authentication attempts.
- action
Cancel booleanPolicy On Password Reset - Indicates whether you want the user to be able to self-service unlock their account prior to the action duration by completing a password reset workflow.
- action
Duration number - The duration of the User Action. This value along with the actionDurationUnit will be used to set the duration of the User Action. Value must be greater than 0.
- action
Duration stringUnit - The unit of time associated with a duration.
- email
User boolean - Indicates you would like to email the user when the user’s account is locked due to this action being taken. This requires the User Action specified by the tenant.failedAuthenticationConfiguration.userActionId to also be configured for email. If the User Action is not configured to be able to email the user, this configuration will be ignored.
- reset
Count numberIn Seconds - The length of time in seconds before the failed authentication count will be reset. Value must be greater than 0.
- too
Many numberAttempts - The number of failed attempts considered to be too many. Once this threshold is reached the specified User Action will be applied to the user for the duration specified. Value must be greater than 0.
- user
Action stringId - The Id of the User Action that is applied when the threshold is reached for too many failed authentication attempts.
- action_
cancel_ boolpolicy_ on_ password_ reset - Indicates whether you want the user to be able to self-service unlock their account prior to the action duration by completing a password reset workflow.
- action_
duration int - The duration of the User Action. This value along with the actionDurationUnit will be used to set the duration of the User Action. Value must be greater than 0.
- action_
duration_ strunit - The unit of time associated with a duration.
- email_
user bool - Indicates you would like to email the user when the user’s account is locked due to this action being taken. This requires the User Action specified by the tenant.failedAuthenticationConfiguration.userActionId to also be configured for email. If the User Action is not configured to be able to email the user, this configuration will be ignored.
- reset_
count_ intin_ seconds - The length of time in seconds before the failed authentication count will be reset. Value must be greater than 0.
- too_
many_ intattempts - The number of failed attempts considered to be too many. Once this threshold is reached the specified User Action will be applied to the user for the duration specified. Value must be greater than 0.
- user_
action_ strid - The Id of the User Action that is applied when the threshold is reached for too many failed authentication attempts.
- action
Cancel BooleanPolicy On Password Reset - Indicates whether you want the user to be able to self-service unlock their account prior to the action duration by completing a password reset workflow.
- action
Duration Number - The duration of the User Action. This value along with the actionDurationUnit will be used to set the duration of the User Action. Value must be greater than 0.
- action
Duration StringUnit - The unit of time associated with a duration.
- email
User Boolean - Indicates you would like to email the user when the user’s account is locked due to this action being taken. This requires the User Action specified by the tenant.failedAuthenticationConfiguration.userActionId to also be configured for email. If the User Action is not configured to be able to email the user, this configuration will be ignored.
- reset
Count NumberIn Seconds - The length of time in seconds before the failed authentication count will be reset. Value must be greater than 0.
- too
Many NumberAttempts - The number of failed attempts considered to be too many. Once this threshold is reached the specified User Action will be applied to the user for the duration specified. Value must be greater than 0.
- user
Action StringId - The Id of the User Action that is applied when the threshold is reached for too many failed authentication attempts.
FusionAuthTenantFamilyConfiguration, FusionAuthTenantFamilyConfigurationArgs
- Allow
Child boolRegistrations - Whether to allow child registrations.
- Confirm
Child stringEmail Template Id - The unique Id of the email template to use when confirming a child.
- Delete
Orphaned boolAccounts - Indicates that child users without parental verification will be permanently deleted after tenant.familyConfiguration.deleteOrphanedAccountsDays days.
- Delete
Orphaned intAccounts Days - The number of days from creation child users will be retained before being deleted for not completing parental verification. Value must be greater than 0.
- Enabled bool
- Whether family configuration is enabled.
- Family
Request stringEmail Template Id - The unique Id of the email template to use when a family request is made.
- Maximum
Child intAge - The maximum age of a child. Value must be greater than 0.
- Minimum
Owner intAge - The minimum age to be an owner. Value must be greater than 0.
- Parent
Email boolRequired - Whether a parent email is required.
- Parent
Registration stringEmail Template Id - The unique Id of the email template to use for parent registration.
- Allow
Child boolRegistrations - Whether to allow child registrations.
- Confirm
Child stringEmail Template Id - The unique Id of the email template to use when confirming a child.
- Delete
Orphaned boolAccounts - Indicates that child users without parental verification will be permanently deleted after tenant.familyConfiguration.deleteOrphanedAccountsDays days.
- Delete
Orphaned intAccounts Days - The number of days from creation child users will be retained before being deleted for not completing parental verification. Value must be greater than 0.
- Enabled bool
- Whether family configuration is enabled.
- Family
Request stringEmail Template Id - The unique Id of the email template to use when a family request is made.
- Maximum
Child intAge - The maximum age of a child. Value must be greater than 0.
- Minimum
Owner intAge - The minimum age to be an owner. Value must be greater than 0.
- Parent
Email boolRequired - Whether a parent email is required.
- Parent
Registration stringEmail Template Id - The unique Id of the email template to use for parent registration.
- allow
Child BooleanRegistrations - Whether to allow child registrations.
- confirm
Child StringEmail Template Id - The unique Id of the email template to use when confirming a child.
- delete
Orphaned BooleanAccounts - Indicates that child users without parental verification will be permanently deleted after tenant.familyConfiguration.deleteOrphanedAccountsDays days.
- delete
Orphaned IntegerAccounts Days - The number of days from creation child users will be retained before being deleted for not completing parental verification. Value must be greater than 0.
- enabled Boolean
- Whether family configuration is enabled.
- family
Request StringEmail Template Id - The unique Id of the email template to use when a family request is made.
- maximum
Child IntegerAge - The maximum age of a child. Value must be greater than 0.
- minimum
Owner IntegerAge - The minimum age to be an owner. Value must be greater than 0.
- parent
Email BooleanRequired - Whether a parent email is required.
- parent
Registration StringEmail Template Id - The unique Id of the email template to use for parent registration.
- allow
Child booleanRegistrations - Whether to allow child registrations.
- confirm
Child stringEmail Template Id - The unique Id of the email template to use when confirming a child.
- delete
Orphaned booleanAccounts - Indicates that child users without parental verification will be permanently deleted after tenant.familyConfiguration.deleteOrphanedAccountsDays days.
- delete
Orphaned numberAccounts Days - The number of days from creation child users will be retained before being deleted for not completing parental verification. Value must be greater than 0.
- enabled boolean
- Whether family configuration is enabled.
- family
Request stringEmail Template Id - The unique Id of the email template to use when a family request is made.
- maximum
Child numberAge - The maximum age of a child. Value must be greater than 0.
- minimum
Owner numberAge - The minimum age to be an owner. Value must be greater than 0.
- parent
Email booleanRequired - Whether a parent email is required.
- parent
Registration stringEmail Template Id - The unique Id of the email template to use for parent registration.
- allow_
child_ boolregistrations - Whether to allow child registrations.
- confirm_
child_ stremail_ template_ id - The unique Id of the email template to use when confirming a child.
- delete_
orphaned_ boolaccounts - Indicates that child users without parental verification will be permanently deleted after tenant.familyConfiguration.deleteOrphanedAccountsDays days.
- delete_
orphaned_ intaccounts_ days - The number of days from creation child users will be retained before being deleted for not completing parental verification. Value must be greater than 0.
- enabled bool
- Whether family configuration is enabled.
- family_
request_ stremail_ template_ id - The unique Id of the email template to use when a family request is made.
- maximum_
child_ intage - The maximum age of a child. Value must be greater than 0.
- minimum_
owner_ intage - The minimum age to be an owner. Value must be greater than 0.
- parent_
email_ boolrequired - Whether a parent email is required.
- parent_
registration_ stremail_ template_ id - The unique Id of the email template to use for parent registration.
- allow
Child BooleanRegistrations - Whether to allow child registrations.
- confirm
Child StringEmail Template Id - The unique Id of the email template to use when confirming a child.
- delete
Orphaned BooleanAccounts - Indicates that child users without parental verification will be permanently deleted after tenant.familyConfiguration.deleteOrphanedAccountsDays days.
- delete
Orphaned NumberAccounts Days - The number of days from creation child users will be retained before being deleted for not completing parental verification. Value must be greater than 0.
- enabled Boolean
- Whether family configuration is enabled.
- family
Request StringEmail Template Id - The unique Id of the email template to use when a family request is made.
- maximum
Child NumberAge - The maximum age of a child. Value must be greater than 0.
- minimum
Owner NumberAge - The minimum age to be an owner. Value must be greater than 0.
- parent
Email BooleanRequired - Whether a parent email is required.
- parent
Registration StringEmail Template Id - The unique Id of the email template to use for parent registration.
FusionAuthTenantFormConfiguration, FusionAuthTenantFormConfigurationArgs
- Admin
User stringForm Id - The unique Id of the form to use for the Add and Edit User form when used in the FusionAuth admin UI.
- Admin
User stringForm Id - The unique Id of the form to use for the Add and Edit User form when used in the FusionAuth admin UI.
- admin
User StringForm Id - The unique Id of the form to use for the Add and Edit User form when used in the FusionAuth admin UI.
- admin
User stringForm Id - The unique Id of the form to use for the Add and Edit User form when used in the FusionAuth admin UI.
- admin_
user_ strform_ id - The unique Id of the form to use for the Add and Edit User form when used in the FusionAuth admin UI.
- admin
User StringForm Id - The unique Id of the form to use for the Add and Edit User form when used in the FusionAuth admin UI.
FusionAuthTenantJwtConfiguration, FusionAuthTenantJwtConfigurationArgs
- Access
Token stringKey Id - The unique id of the signing key used to sign the access token. Required prior to
1.30.0. - Id
Token stringKey Id - The unique id of the signing key used to sign the Id token. Required prior to
1.30.0. - Refresh
Token stringExpiration Policy - The refresh token expiration policy.
- Refresh
Token intOne Time Use Configuration Grace Period In Seconds - The length of time specified in seconds that a one-time use token can be reused. This value must be greater than 0 and less than 86400 which is equal to 24 hours. Setting this value to 0 effectively disables the grace period which means a one-time token may not be reused. For security reasons, you should keep this value as small as possible, and only increase past 0 to improve reliability for an asynchronous or clustered integration that may require a brief grace period. Defaults to 0.
- Refresh
Token boolRevocation Policy On Login Prevented - When enabled, the refresh token will be revoked when a user action, such as locking an account based on a number of failed login attempts, prevents user login.
- Refresh
Token boolRevocation Policy On Multi Factor Enable - When enabled, all refresh tokens will be revoked when a user enables multi-factor authentication for the first time. This policy will not be applied when adding subsequent multi-factor methods to the user.
- Refresh
Token boolRevocation Policy On One Time Token Reuse - When enabled, if a one-time use refresh token is reused, the token will be revoked. This does not cause all refresh tokens to be revoked, only the reused token is revoked.
- Refresh
Token boolRevocation Policy On Password Change - When enabled, the refresh token will be revoked when a user changes their password."
- Refresh
Token intSliding Window Maximum Time To Live In Minutes - The maximum lifetime of a refresh token when using a refresh token expiration policy of SlidingWindowWithMaximumLifetime. Value must be greater than 0.
- Refresh
Token intTime To Live In Minutes - The length of time in minutes a Refresh Token is valid from the time it was issued. Value must be greater than 0.
- Refresh
Token stringUsage Policy - The refresh token usage policy.
- Time
To intLive In Seconds - The length of time in seconds this JWT is valid from the time it was issued. Value must be greater than 0.
- Access
Token stringKey Id - The unique id of the signing key used to sign the access token. Required prior to
1.30.0. - Id
Token stringKey Id - The unique id of the signing key used to sign the Id token. Required prior to
1.30.0. - Refresh
Token stringExpiration Policy - The refresh token expiration policy.
- Refresh
Token intOne Time Use Configuration Grace Period In Seconds - The length of time specified in seconds that a one-time use token can be reused. This value must be greater than 0 and less than 86400 which is equal to 24 hours. Setting this value to 0 effectively disables the grace period which means a one-time token may not be reused. For security reasons, you should keep this value as small as possible, and only increase past 0 to improve reliability for an asynchronous or clustered integration that may require a brief grace period. Defaults to 0.
- Refresh
Token boolRevocation Policy On Login Prevented - When enabled, the refresh token will be revoked when a user action, such as locking an account based on a number of failed login attempts, prevents user login.
- Refresh
Token boolRevocation Policy On Multi Factor Enable - When enabled, all refresh tokens will be revoked when a user enables multi-factor authentication for the first time. This policy will not be applied when adding subsequent multi-factor methods to the user.
- Refresh
Token boolRevocation Policy On One Time Token Reuse - When enabled, if a one-time use refresh token is reused, the token will be revoked. This does not cause all refresh tokens to be revoked, only the reused token is revoked.
- Refresh
Token boolRevocation Policy On Password Change - When enabled, the refresh token will be revoked when a user changes their password."
- Refresh
Token intSliding Window Maximum Time To Live In Minutes - The maximum lifetime of a refresh token when using a refresh token expiration policy of SlidingWindowWithMaximumLifetime. Value must be greater than 0.
- Refresh
Token intTime To Live In Minutes - The length of time in minutes a Refresh Token is valid from the time it was issued. Value must be greater than 0.
- Refresh
Token stringUsage Policy - The refresh token usage policy.
- Time
To intLive In Seconds - The length of time in seconds this JWT is valid from the time it was issued. Value must be greater than 0.
- access
Token StringKey Id - The unique id of the signing key used to sign the access token. Required prior to
1.30.0. - id
Token StringKey Id - The unique id of the signing key used to sign the Id token. Required prior to
1.30.0. - refresh
Token StringExpiration Policy - The refresh token expiration policy.
- refresh
Token IntegerOne Time Use Configuration Grace Period In Seconds - The length of time specified in seconds that a one-time use token can be reused. This value must be greater than 0 and less than 86400 which is equal to 24 hours. Setting this value to 0 effectively disables the grace period which means a one-time token may not be reused. For security reasons, you should keep this value as small as possible, and only increase past 0 to improve reliability for an asynchronous or clustered integration that may require a brief grace period. Defaults to 0.
- refresh
Token BooleanRevocation Policy On Login Prevented - When enabled, the refresh token will be revoked when a user action, such as locking an account based on a number of failed login attempts, prevents user login.
- refresh
Token BooleanRevocation Policy On Multi Factor Enable - When enabled, all refresh tokens will be revoked when a user enables multi-factor authentication for the first time. This policy will not be applied when adding subsequent multi-factor methods to the user.
- refresh
Token BooleanRevocation Policy On One Time Token Reuse - When enabled, if a one-time use refresh token is reused, the token will be revoked. This does not cause all refresh tokens to be revoked, only the reused token is revoked.
- refresh
Token BooleanRevocation Policy On Password Change - When enabled, the refresh token will be revoked when a user changes their password."
- refresh
Token IntegerSliding Window Maximum Time To Live In Minutes - The maximum lifetime of a refresh token when using a refresh token expiration policy of SlidingWindowWithMaximumLifetime. Value must be greater than 0.
- refresh
Token IntegerTime To Live In Minutes - The length of time in minutes a Refresh Token is valid from the time it was issued. Value must be greater than 0.
- refresh
Token StringUsage Policy - The refresh token usage policy.
- time
To IntegerLive In Seconds - The length of time in seconds this JWT is valid from the time it was issued. Value must be greater than 0.
- access
Token stringKey Id - The unique id of the signing key used to sign the access token. Required prior to
1.30.0. - id
Token stringKey Id - The unique id of the signing key used to sign the Id token. Required prior to
1.30.0. - refresh
Token stringExpiration Policy - The refresh token expiration policy.
- refresh
Token numberOne Time Use Configuration Grace Period In Seconds - The length of time specified in seconds that a one-time use token can be reused. This value must be greater than 0 and less than 86400 which is equal to 24 hours. Setting this value to 0 effectively disables the grace period which means a one-time token may not be reused. For security reasons, you should keep this value as small as possible, and only increase past 0 to improve reliability for an asynchronous or clustered integration that may require a brief grace period. Defaults to 0.
- refresh
Token booleanRevocation Policy On Login Prevented - When enabled, the refresh token will be revoked when a user action, such as locking an account based on a number of failed login attempts, prevents user login.
- refresh
Token booleanRevocation Policy On Multi Factor Enable - When enabled, all refresh tokens will be revoked when a user enables multi-factor authentication for the first time. This policy will not be applied when adding subsequent multi-factor methods to the user.
- refresh
Token booleanRevocation Policy On One Time Token Reuse - When enabled, if a one-time use refresh token is reused, the token will be revoked. This does not cause all refresh tokens to be revoked, only the reused token is revoked.
- refresh
Token booleanRevocation Policy On Password Change - When enabled, the refresh token will be revoked when a user changes their password."
- refresh
Token numberSliding Window Maximum Time To Live In Minutes - The maximum lifetime of a refresh token when using a refresh token expiration policy of SlidingWindowWithMaximumLifetime. Value must be greater than 0.
- refresh
Token numberTime To Live In Minutes - The length of time in minutes a Refresh Token is valid from the time it was issued. Value must be greater than 0.
- refresh
Token stringUsage Policy - The refresh token usage policy.
- time
To numberLive In Seconds - The length of time in seconds this JWT is valid from the time it was issued. Value must be greater than 0.
- access_
token_ strkey_ id - The unique id of the signing key used to sign the access token. Required prior to
1.30.0. - id_
token_ strkey_ id - The unique id of the signing key used to sign the Id token. Required prior to
1.30.0. - refresh_
token_ strexpiration_ policy - The refresh token expiration policy.
- refresh_
token_ intone_ time_ use_ configuration_ grace_ period_ in_ seconds - The length of time specified in seconds that a one-time use token can be reused. This value must be greater than 0 and less than 86400 which is equal to 24 hours. Setting this value to 0 effectively disables the grace period which means a one-time token may not be reused. For security reasons, you should keep this value as small as possible, and only increase past 0 to improve reliability for an asynchronous or clustered integration that may require a brief grace period. Defaults to 0.
- refresh_
token_ boolrevocation_ policy_ on_ login_ prevented - When enabled, the refresh token will be revoked when a user action, such as locking an account based on a number of failed login attempts, prevents user login.
- refresh_
token_ boolrevocation_ policy_ on_ multi_ factor_ enable - When enabled, all refresh tokens will be revoked when a user enables multi-factor authentication for the first time. This policy will not be applied when adding subsequent multi-factor methods to the user.
- refresh_
token_ boolrevocation_ policy_ on_ one_ time_ token_ reuse - When enabled, if a one-time use refresh token is reused, the token will be revoked. This does not cause all refresh tokens to be revoked, only the reused token is revoked.
- refresh_
token_ boolrevocation_ policy_ on_ password_ change - When enabled, the refresh token will be revoked when a user changes their password."
- refresh_
token_ intsliding_ window_ maximum_ time_ to_ live_ in_ minutes - The maximum lifetime of a refresh token when using a refresh token expiration policy of SlidingWindowWithMaximumLifetime. Value must be greater than 0.
- refresh_
token_ inttime_ to_ live_ in_ minutes - The length of time in minutes a Refresh Token is valid from the time it was issued. Value must be greater than 0.
- refresh_
token_ strusage_ policy - The refresh token usage policy.
- time_
to_ intlive_ in_ seconds - The length of time in seconds this JWT is valid from the time it was issued. Value must be greater than 0.
- access
Token StringKey Id - The unique id of the signing key used to sign the access token. Required prior to
1.30.0. - id
Token StringKey Id - The unique id of the signing key used to sign the Id token. Required prior to
1.30.0. - refresh
Token StringExpiration Policy - The refresh token expiration policy.
- refresh
Token NumberOne Time Use Configuration Grace Period In Seconds - The length of time specified in seconds that a one-time use token can be reused. This value must be greater than 0 and less than 86400 which is equal to 24 hours. Setting this value to 0 effectively disables the grace period which means a one-time token may not be reused. For security reasons, you should keep this value as small as possible, and only increase past 0 to improve reliability for an asynchronous or clustered integration that may require a brief grace period. Defaults to 0.
- refresh
Token BooleanRevocation Policy On Login Prevented - When enabled, the refresh token will be revoked when a user action, such as locking an account based on a number of failed login attempts, prevents user login.
- refresh
Token BooleanRevocation Policy On Multi Factor Enable - When enabled, all refresh tokens will be revoked when a user enables multi-factor authentication for the first time. This policy will not be applied when adding subsequent multi-factor methods to the user.
- refresh
Token BooleanRevocation Policy On One Time Token Reuse - When enabled, if a one-time use refresh token is reused, the token will be revoked. This does not cause all refresh tokens to be revoked, only the reused token is revoked.
- refresh
Token BooleanRevocation Policy On Password Change - When enabled, the refresh token will be revoked when a user changes their password."
- refresh
Token NumberSliding Window Maximum Time To Live In Minutes - The maximum lifetime of a refresh token when using a refresh token expiration policy of SlidingWindowWithMaximumLifetime. Value must be greater than 0.
- refresh
Token NumberTime To Live In Minutes - The length of time in minutes a Refresh Token is valid from the time it was issued. Value must be greater than 0.
- refresh
Token StringUsage Policy - The refresh token usage policy.
- time
To NumberLive In Seconds - The length of time in seconds this JWT is valid from the time it was issued. Value must be greater than 0.
FusionAuthTenantLambdaConfiguration, FusionAuthTenantLambdaConfigurationArgs
- Login
Validation stringId - The Id of the lambda that will be invoked at the end of a successful login request in order to extend custom validation of a login request.
- Scim
Enterprise stringUser Request Converter Id - The Id of a SCIM User Request lambda that will be used to convert the SCIM Enterprise User request to a FusionAuth User. Note: An Enterprise plan is required to utilize SCIM. Required when
scim_server_configuration.enabledis true. - Scim
Enterprise stringUser Response Converter Id - The Id of a SCIM User Response lambda that will be used to convert a FusionAuth Enterprise User to a SCIM Server response. Note: An Enterprise plan is required to utilize SCIM. Required when
scim_server_configuration.enabledis true. - Scim
Group stringRequest Converter Id - The Id of a SCIM Group Request lambda that will be used to convert the SCIM Group request to a FusionAuth Group. Note: An Enterprise plan is required to utilize SCIM. Required when
scim_server_configuration.enabledis true. - Scim
Group stringResponse Converter Id - The Id of a SCIM Group Response lambda that will be used to convert a FusionAuth Group to a SCIM Server response. Note: An Enterprise plan is required to utilize SCIM. Required when
scim_server_configuration.enabledis true. - Scim
User stringRequest Converter Id - The Id of a SCIM User Request lambda that will be used to convert the SCIM User request to a FusionAuth User. Note: An Enterprise plan is required to utilize SCIM. Required when
scim_server_configuration.enabledis true. - Scim
User stringResponse Converter Id - The Id of a SCIM User Response lambda that will be used to convert a FusionAuth User to a SCIM Server response. Note: An Enterprise plan is required to utilize SCIM. Required when
scim_server_configuration.enabledis true.
- Login
Validation stringId - The Id of the lambda that will be invoked at the end of a successful login request in order to extend custom validation of a login request.
- Scim
Enterprise stringUser Request Converter Id - The Id of a SCIM User Request lambda that will be used to convert the SCIM Enterprise User request to a FusionAuth User. Note: An Enterprise plan is required to utilize SCIM. Required when
scim_server_configuration.enabledis true. - Scim
Enterprise stringUser Response Converter Id - The Id of a SCIM User Response lambda that will be used to convert a FusionAuth Enterprise User to a SCIM Server response. Note: An Enterprise plan is required to utilize SCIM. Required when
scim_server_configuration.enabledis true. - Scim
Group stringRequest Converter Id - The Id of a SCIM Group Request lambda that will be used to convert the SCIM Group request to a FusionAuth Group. Note: An Enterprise plan is required to utilize SCIM. Required when
scim_server_configuration.enabledis true. - Scim
Group stringResponse Converter Id - The Id of a SCIM Group Response lambda that will be used to convert a FusionAuth Group to a SCIM Server response. Note: An Enterprise plan is required to utilize SCIM. Required when
scim_server_configuration.enabledis true. - Scim
User stringRequest Converter Id - The Id of a SCIM User Request lambda that will be used to convert the SCIM User request to a FusionAuth User. Note: An Enterprise plan is required to utilize SCIM. Required when
scim_server_configuration.enabledis true. - Scim
User stringResponse Converter Id - The Id of a SCIM User Response lambda that will be used to convert a FusionAuth User to a SCIM Server response. Note: An Enterprise plan is required to utilize SCIM. Required when
scim_server_configuration.enabledis true.
- login
Validation StringId - The Id of the lambda that will be invoked at the end of a successful login request in order to extend custom validation of a login request.
- scim
Enterprise StringUser Request Converter Id - The Id of a SCIM User Request lambda that will be used to convert the SCIM Enterprise User request to a FusionAuth User. Note: An Enterprise plan is required to utilize SCIM. Required when
scim_server_configuration.enabledis true. - scim
Enterprise StringUser Response Converter Id - The Id of a SCIM User Response lambda that will be used to convert a FusionAuth Enterprise User to a SCIM Server response. Note: An Enterprise plan is required to utilize SCIM. Required when
scim_server_configuration.enabledis true. - scim
Group StringRequest Converter Id - The Id of a SCIM Group Request lambda that will be used to convert the SCIM Group request to a FusionAuth Group. Note: An Enterprise plan is required to utilize SCIM. Required when
scim_server_configuration.enabledis true. - scim
Group StringResponse Converter Id - The Id of a SCIM Group Response lambda that will be used to convert a FusionAuth Group to a SCIM Server response. Note: An Enterprise plan is required to utilize SCIM. Required when
scim_server_configuration.enabledis true. - scim
User StringRequest Converter Id - The Id of a SCIM User Request lambda that will be used to convert the SCIM User request to a FusionAuth User. Note: An Enterprise plan is required to utilize SCIM. Required when
scim_server_configuration.enabledis true. - scim
User StringResponse Converter Id - The Id of a SCIM User Response lambda that will be used to convert a FusionAuth User to a SCIM Server response. Note: An Enterprise plan is required to utilize SCIM. Required when
scim_server_configuration.enabledis true.
- login
Validation stringId - The Id of the lambda that will be invoked at the end of a successful login request in order to extend custom validation of a login request.
- scim
Enterprise stringUser Request Converter Id - The Id of a SCIM User Request lambda that will be used to convert the SCIM Enterprise User request to a FusionAuth User. Note: An Enterprise plan is required to utilize SCIM. Required when
scim_server_configuration.enabledis true. - scim
Enterprise stringUser Response Converter Id - The Id of a SCIM User Response lambda that will be used to convert a FusionAuth Enterprise User to a SCIM Server response. Note: An Enterprise plan is required to utilize SCIM. Required when
scim_server_configuration.enabledis true. - scim
Group stringRequest Converter Id - The Id of a SCIM Group Request lambda that will be used to convert the SCIM Group request to a FusionAuth Group. Note: An Enterprise plan is required to utilize SCIM. Required when
scim_server_configuration.enabledis true. - scim
Group stringResponse Converter Id - The Id of a SCIM Group Response lambda that will be used to convert a FusionAuth Group to a SCIM Server response. Note: An Enterprise plan is required to utilize SCIM. Required when
scim_server_configuration.enabledis true. - scim
User stringRequest Converter Id - The Id of a SCIM User Request lambda that will be used to convert the SCIM User request to a FusionAuth User. Note: An Enterprise plan is required to utilize SCIM. Required when
scim_server_configuration.enabledis true. - scim
User stringResponse Converter Id - The Id of a SCIM User Response lambda that will be used to convert a FusionAuth User to a SCIM Server response. Note: An Enterprise plan is required to utilize SCIM. Required when
scim_server_configuration.enabledis true.
- login_
validation_ strid - The Id of the lambda that will be invoked at the end of a successful login request in order to extend custom validation of a login request.
- scim_
enterprise_ struser_ request_ converter_ id - The Id of a SCIM User Request lambda that will be used to convert the SCIM Enterprise User request to a FusionAuth User. Note: An Enterprise plan is required to utilize SCIM. Required when
scim_server_configuration.enabledis true. - scim_
enterprise_ struser_ response_ converter_ id - The Id of a SCIM User Response lambda that will be used to convert a FusionAuth Enterprise User to a SCIM Server response. Note: An Enterprise plan is required to utilize SCIM. Required when
scim_server_configuration.enabledis true. - scim_
group_ strrequest_ converter_ id - The Id of a SCIM Group Request lambda that will be used to convert the SCIM Group request to a FusionAuth Group. Note: An Enterprise plan is required to utilize SCIM. Required when
scim_server_configuration.enabledis true. - scim_
group_ strresponse_ converter_ id - The Id of a SCIM Group Response lambda that will be used to convert a FusionAuth Group to a SCIM Server response. Note: An Enterprise plan is required to utilize SCIM. Required when
scim_server_configuration.enabledis true. - scim_
user_ strrequest_ converter_ id - The Id of a SCIM User Request lambda that will be used to convert the SCIM User request to a FusionAuth User. Note: An Enterprise plan is required to utilize SCIM. Required when
scim_server_configuration.enabledis true. - scim_
user_ strresponse_ converter_ id - The Id of a SCIM User Response lambda that will be used to convert a FusionAuth User to a SCIM Server response. Note: An Enterprise plan is required to utilize SCIM. Required when
scim_server_configuration.enabledis true.
- login
Validation StringId - The Id of the lambda that will be invoked at the end of a successful login request in order to extend custom validation of a login request.
- scim
Enterprise StringUser Request Converter Id - The Id of a SCIM User Request lambda that will be used to convert the SCIM Enterprise User request to a FusionAuth User. Note: An Enterprise plan is required to utilize SCIM. Required when
scim_server_configuration.enabledis true. - scim
Enterprise StringUser Response Converter Id - The Id of a SCIM User Response lambda that will be used to convert a FusionAuth Enterprise User to a SCIM Server response. Note: An Enterprise plan is required to utilize SCIM. Required when
scim_server_configuration.enabledis true. - scim
Group StringRequest Converter Id - The Id of a SCIM Group Request lambda that will be used to convert the SCIM Group request to a FusionAuth Group. Note: An Enterprise plan is required to utilize SCIM. Required when
scim_server_configuration.enabledis true. - scim
Group StringResponse Converter Id - The Id of a SCIM Group Response lambda that will be used to convert a FusionAuth Group to a SCIM Server response. Note: An Enterprise plan is required to utilize SCIM. Required when
scim_server_configuration.enabledis true. - scim
User StringRequest Converter Id - The Id of a SCIM User Request lambda that will be used to convert the SCIM User request to a FusionAuth User. Note: An Enterprise plan is required to utilize SCIM. Required when
scim_server_configuration.enabledis true. - scim
User StringResponse Converter Id - The Id of a SCIM User Response lambda that will be used to convert a FusionAuth User to a SCIM Server response. Note: An Enterprise plan is required to utilize SCIM. Required when
scim_server_configuration.enabledis true.
FusionAuthTenantLoginConfiguration, FusionAuthTenantLoginConfigurationArgs
- Require
Authentication bool - Indicates whether to require an API key for the Login API when an
applicationIdis not provided. When anapplicationIdis provided to the Login API call, the application configuration will take precedence. In almost all cases, you will want to this to betrue.
- Require
Authentication bool - Indicates whether to require an API key for the Login API when an
applicationIdis not provided. When anapplicationIdis provided to the Login API call, the application configuration will take precedence. In almost all cases, you will want to this to betrue.
- require
Authentication Boolean - Indicates whether to require an API key for the Login API when an
applicationIdis not provided. When anapplicationIdis provided to the Login API call, the application configuration will take precedence. In almost all cases, you will want to this to betrue.
- require
Authentication boolean - Indicates whether to require an API key for the Login API when an
applicationIdis not provided. When anapplicationIdis provided to the Login API call, the application configuration will take precedence. In almost all cases, you will want to this to betrue.
- require_
authentication bool - Indicates whether to require an API key for the Login API when an
applicationIdis not provided. When anapplicationIdis provided to the Login API call, the application configuration will take precedence. In almost all cases, you will want to this to betrue.
- require
Authentication Boolean - Indicates whether to require an API key for the Login API when an
applicationIdis not provided. When anapplicationIdis provided to the Login API call, the application configuration will take precedence. In almost all cases, you will want to this to betrue.
FusionAuthTenantMaximumPasswordAge, FusionAuthTenantMaximumPasswordAgeArgs
FusionAuthTenantMinimumPasswordAge, FusionAuthTenantMinimumPasswordAgeArgs
- Enabled bool
- Indicates that the minimum password age is enabled and being enforced.
- Seconds int
- The password minimum age in seconds. When enabled FusionAuth will not allow a password to be changed until it reaches this minimum age. Required when systemConfiguration.minimumPasswordAge.enabled is set to true.
- Enabled bool
- Indicates that the minimum password age is enabled and being enforced.
- Seconds int
- The password minimum age in seconds. When enabled FusionAuth will not allow a password to be changed until it reaches this minimum age. Required when systemConfiguration.minimumPasswordAge.enabled is set to true.
- enabled Boolean
- Indicates that the minimum password age is enabled and being enforced.
- seconds Integer
- The password minimum age in seconds. When enabled FusionAuth will not allow a password to be changed until it reaches this minimum age. Required when systemConfiguration.minimumPasswordAge.enabled is set to true.
- enabled boolean
- Indicates that the minimum password age is enabled and being enforced.
- seconds number
- The password minimum age in seconds. When enabled FusionAuth will not allow a password to be changed until it reaches this minimum age. Required when systemConfiguration.minimumPasswordAge.enabled is set to true.
- enabled bool
- Indicates that the minimum password age is enabled and being enforced.
- seconds int
- The password minimum age in seconds. When enabled FusionAuth will not allow a password to be changed until it reaches this minimum age. Required when systemConfiguration.minimumPasswordAge.enabled is set to true.
- enabled Boolean
- Indicates that the minimum password age is enabled and being enforced.
- seconds Number
- The password minimum age in seconds. When enabled FusionAuth will not allow a password to be changed until it reaches this minimum age. Required when systemConfiguration.minimumPasswordAge.enabled is set to true.
FusionAuthTenantMultiFactorConfiguration, FusionAuthTenantMultiFactorConfigurationArgs
- Authenticator
theogravity.
Fusionauth. Inputs. Fusion Auth Tenant Multi Factor Configuration Authenticator - Email
theogravity.
Fusionauth. Inputs. Fusion Auth Tenant Multi Factor Configuration Email - Login
Policy string - When set to
Enabledand a user has one or more two-factor methods configured, the user will be required to complete a two-factor challenge during login. When set toDisabled, even when a user has configured one or more two-factor methods, the user will not be required to complete a two-factor challenge during login. When the login policy is toRequired, a two-factor challenge will be required during login. If a user does not have configured two-factor methods, they will not be able to log in. - Sms
theogravity.
Fusionauth. Inputs. Fusion Auth Tenant Multi Factor Configuration Sms
- Authenticator
Fusion
Auth Tenant Multi Factor Configuration Authenticator - Email
Fusion
Auth Tenant Multi Factor Configuration Email - Login
Policy string - When set to
Enabledand a user has one or more two-factor methods configured, the user will be required to complete a two-factor challenge during login. When set toDisabled, even when a user has configured one or more two-factor methods, the user will not be required to complete a two-factor challenge during login. When the login policy is toRequired, a two-factor challenge will be required during login. If a user does not have configured two-factor methods, they will not be able to log in. - Sms
Fusion
Auth Tenant Multi Factor Configuration Sms
- authenticator
Fusion
Auth Tenant Multi Factor Configuration Authenticator - email
Fusion
Auth Tenant Multi Factor Configuration Email - login
Policy String - When set to
Enabledand a user has one or more two-factor methods configured, the user will be required to complete a two-factor challenge during login. When set toDisabled, even when a user has configured one or more two-factor methods, the user will not be required to complete a two-factor challenge during login. When the login policy is toRequired, a two-factor challenge will be required during login. If a user does not have configured two-factor methods, they will not be able to log in. - sms
Fusion
Auth Tenant Multi Factor Configuration Sms
- authenticator
Fusion
Auth Tenant Multi Factor Configuration Authenticator - email
Fusion
Auth Tenant Multi Factor Configuration Email - login
Policy string - When set to
Enabledand a user has one or more two-factor methods configured, the user will be required to complete a two-factor challenge during login. When set toDisabled, even when a user has configured one or more two-factor methods, the user will not be required to complete a two-factor challenge during login. When the login policy is toRequired, a two-factor challenge will be required during login. If a user does not have configured two-factor methods, they will not be able to log in. - sms
Fusion
Auth Tenant Multi Factor Configuration Sms
- authenticator
Fusion
Auth Tenant Multi Factor Configuration Authenticator - email
Fusion
Auth Tenant Multi Factor Configuration Email - login_
policy str - When set to
Enabledand a user has one or more two-factor methods configured, the user will be required to complete a two-factor challenge during login. When set toDisabled, even when a user has configured one or more two-factor methods, the user will not be required to complete a two-factor challenge during login. When the login policy is toRequired, a two-factor challenge will be required during login. If a user does not have configured two-factor methods, they will not be able to log in. - sms
Fusion
Auth Tenant Multi Factor Configuration Sms
- authenticator Property Map
- email Property Map
- login
Policy String - When set to
Enabledand a user has one or more two-factor methods configured, the user will be required to complete a two-factor challenge during login. When set toDisabled, even when a user has configured one or more two-factor methods, the user will not be required to complete a two-factor challenge during login. When the login policy is toRequired, a two-factor challenge will be required during login. If a user does not have configured two-factor methods, they will not be able to log in. - sms Property Map
FusionAuthTenantMultiFactorConfigurationAuthenticator, FusionAuthTenantMultiFactorConfigurationAuthenticatorArgs
- Enabled bool
- When enabled, users may utilize an authenticator application to complete a multi-factor authentication request. This method uses TOTP (Time-Based One-Time Password) as defined in RFC 6238 and often uses an native mobile app such as Google Authenticator.
- Enabled bool
- When enabled, users may utilize an authenticator application to complete a multi-factor authentication request. This method uses TOTP (Time-Based One-Time Password) as defined in RFC 6238 and often uses an native mobile app such as Google Authenticator.
- enabled Boolean
- When enabled, users may utilize an authenticator application to complete a multi-factor authentication request. This method uses TOTP (Time-Based One-Time Password) as defined in RFC 6238 and often uses an native mobile app such as Google Authenticator.
- enabled boolean
- When enabled, users may utilize an authenticator application to complete a multi-factor authentication request. This method uses TOTP (Time-Based One-Time Password) as defined in RFC 6238 and often uses an native mobile app such as Google Authenticator.
- enabled bool
- When enabled, users may utilize an authenticator application to complete a multi-factor authentication request. This method uses TOTP (Time-Based One-Time Password) as defined in RFC 6238 and often uses an native mobile app such as Google Authenticator.
- enabled Boolean
- When enabled, users may utilize an authenticator application to complete a multi-factor authentication request. This method uses TOTP (Time-Based One-Time Password) as defined in RFC 6238 and often uses an native mobile app such as Google Authenticator.
FusionAuthTenantMultiFactorConfigurationEmail, FusionAuthTenantMultiFactorConfigurationEmailArgs
- Enabled bool
- When enabled, users may utilize an email address to complete a multi-factor authentication request.
- Template
Id string - The Id of the email template that is used when notifying a user to complete a multi-factor authentication request.
- Enabled bool
- When enabled, users may utilize an email address to complete a multi-factor authentication request.
- Template
Id string - The Id of the email template that is used when notifying a user to complete a multi-factor authentication request.
- enabled Boolean
- When enabled, users may utilize an email address to complete a multi-factor authentication request.
- template
Id String - The Id of the email template that is used when notifying a user to complete a multi-factor authentication request.
- enabled boolean
- When enabled, users may utilize an email address to complete a multi-factor authentication request.
- template
Id string - The Id of the email template that is used when notifying a user to complete a multi-factor authentication request.
- enabled bool
- When enabled, users may utilize an email address to complete a multi-factor authentication request.
- template_
id str - The Id of the email template that is used when notifying a user to complete a multi-factor authentication request.
- enabled Boolean
- When enabled, users may utilize an email address to complete a multi-factor authentication request.
- template
Id String - The Id of the email template that is used when notifying a user to complete a multi-factor authentication request.
FusionAuthTenantMultiFactorConfigurationSms, FusionAuthTenantMultiFactorConfigurationSmsArgs
- Enabled bool
- When enabled, users may utilize a mobile phone number to complete a multi-factor authentication request.
- Messenger
Id string - The messenger that is used to deliver a SMS multi-factor authentication request.
- Template
Id string - The Id of the SMS template that is used when notifying a user to complete a multi-factor authentication request.
- Enabled bool
- When enabled, users may utilize a mobile phone number to complete a multi-factor authentication request.
- Messenger
Id string - The messenger that is used to deliver a SMS multi-factor authentication request.
- Template
Id string - The Id of the SMS template that is used when notifying a user to complete a multi-factor authentication request.
- enabled Boolean
- When enabled, users may utilize a mobile phone number to complete a multi-factor authentication request.
- messenger
Id String - The messenger that is used to deliver a SMS multi-factor authentication request.
- template
Id String - The Id of the SMS template that is used when notifying a user to complete a multi-factor authentication request.
- enabled boolean
- When enabled, users may utilize a mobile phone number to complete a multi-factor authentication request.
- messenger
Id string - The messenger that is used to deliver a SMS multi-factor authentication request.
- template
Id string - The Id of the SMS template that is used when notifying a user to complete a multi-factor authentication request.
- enabled bool
- When enabled, users may utilize a mobile phone number to complete a multi-factor authentication request.
- messenger_
id str - The messenger that is used to deliver a SMS multi-factor authentication request.
- template_
id str - The Id of the SMS template that is used when notifying a user to complete a multi-factor authentication request.
- enabled Boolean
- When enabled, users may utilize a mobile phone number to complete a multi-factor authentication request.
- messenger
Id String - The messenger that is used to deliver a SMS multi-factor authentication request.
- template
Id String - The Id of the SMS template that is used when notifying a user to complete a multi-factor authentication request.
FusionAuthTenantOauthConfiguration, FusionAuthTenantOauthConfigurationArgs
- Client
Credentials stringAccess Token Populate Lambda Id - The Id of a lambda that will be called to populate the JWT during a client credentials grant. Note: A paid edition of FusionAuth is required to utilize client credentials grant.
- Client
Credentials stringAccess Token Populate Lambda Id - The Id of a lambda that will be called to populate the JWT during a client credentials grant. Note: A paid edition of FusionAuth is required to utilize client credentials grant.
- client
Credentials StringAccess Token Populate Lambda Id - The Id of a lambda that will be called to populate the JWT during a client credentials grant. Note: A paid edition of FusionAuth is required to utilize client credentials grant.
- client
Credentials stringAccess Token Populate Lambda Id - The Id of a lambda that will be called to populate the JWT during a client credentials grant. Note: A paid edition of FusionAuth is required to utilize client credentials grant.
- client_
credentials_ straccess_ token_ populate_ lambda_ id - The Id of a lambda that will be called to populate the JWT during a client credentials grant. Note: A paid edition of FusionAuth is required to utilize client credentials grant.
- client
Credentials StringAccess Token Populate Lambda Id - The Id of a lambda that will be called to populate the JWT during a client credentials grant. Note: A paid edition of FusionAuth is required to utilize client credentials grant.
FusionAuthTenantPasswordEncryptionConfiguration, FusionAuthTenantPasswordEncryptionConfigurationArgs
- Encryption
Scheme string - The default method for encrypting the User’s password.
- Encryption
Scheme intFactor - The factor used by the password encryption scheme. If not provided, the PasswordEncryptor provides a default value. Generally this will be used as an iteration count to generate the hash. The actual use of this value is up to the PasswordEncryptor implementation.
- Modify
Encryption boolScheme On Login - When enabled a user’s hash configuration will be modified to match these configured settings. This can be useful to increase a password hash strength over time or upgrade imported users to a more secure encryption scheme after an initial import.
- Encryption
Scheme string - The default method for encrypting the User’s password.
- Encryption
Scheme intFactor - The factor used by the password encryption scheme. If not provided, the PasswordEncryptor provides a default value. Generally this will be used as an iteration count to generate the hash. The actual use of this value is up to the PasswordEncryptor implementation.
- Modify
Encryption boolScheme On Login - When enabled a user’s hash configuration will be modified to match these configured settings. This can be useful to increase a password hash strength over time or upgrade imported users to a more secure encryption scheme after an initial import.
- encryption
Scheme String - The default method for encrypting the User’s password.
- encryption
Scheme IntegerFactor - The factor used by the password encryption scheme. If not provided, the PasswordEncryptor provides a default value. Generally this will be used as an iteration count to generate the hash. The actual use of this value is up to the PasswordEncryptor implementation.
- modify
Encryption BooleanScheme On Login - When enabled a user’s hash configuration will be modified to match these configured settings. This can be useful to increase a password hash strength over time or upgrade imported users to a more secure encryption scheme after an initial import.
- encryption
Scheme string - The default method for encrypting the User’s password.
- encryption
Scheme numberFactor - The factor used by the password encryption scheme. If not provided, the PasswordEncryptor provides a default value. Generally this will be used as an iteration count to generate the hash. The actual use of this value is up to the PasswordEncryptor implementation.
- modify
Encryption booleanScheme On Login - When enabled a user’s hash configuration will be modified to match these configured settings. This can be useful to increase a password hash strength over time or upgrade imported users to a more secure encryption scheme after an initial import.
- encryption_
scheme str - The default method for encrypting the User’s password.
- encryption_
scheme_ intfactor - The factor used by the password encryption scheme. If not provided, the PasswordEncryptor provides a default value. Generally this will be used as an iteration count to generate the hash. The actual use of this value is up to the PasswordEncryptor implementation.
- modify_
encryption_ boolscheme_ on_ login - When enabled a user’s hash configuration will be modified to match these configured settings. This can be useful to increase a password hash strength over time or upgrade imported users to a more secure encryption scheme after an initial import.
- encryption
Scheme String - The default method for encrypting the User’s password.
- encryption
Scheme NumberFactor - The factor used by the password encryption scheme. If not provided, the PasswordEncryptor provides a default value. Generally this will be used as an iteration count to generate the hash. The actual use of this value is up to the PasswordEncryptor implementation.
- modify
Encryption BooleanScheme On Login - When enabled a user’s hash configuration will be modified to match these configured settings. This can be useful to increase a password hash strength over time or upgrade imported users to a more secure encryption scheme after an initial import.
FusionAuthTenantPasswordValidationRules, FusionAuthTenantPasswordValidationRulesArgs
- Breach
Detection theogravity.Fusionauth. Inputs. Fusion Auth Tenant Password Validation Rules Breach Detection - Max
Length int - The maximum length of a password when a new user is created or a user requests a password change. This value must be greater than 0 and less than or equal to 256. When
passwordEncryptionConfiguration.encryptionSchemeis equal tobcrypt, the maximum will be limited to 50. - Min
Length int - The minimum length of a password when a new user is created or a user requests a password change.
- Remember
Previous theogravity.Passwords Fusionauth. Inputs. Fusion Auth Tenant Password Validation Rules Remember Previous Passwords - Require
Non boolAlpha - Whether to force the user to use at least one non-alphanumeric character.
- Require
Number bool - Whether to force the user to use at least one number.
- Required
Mixed boolCase - Whether to force the user to use at least one uppercase and one lowercase character.
- Validate
On boolLogin - When enabled the user’s password will be validated during login. If the password does not meet the currently configured validation rules the user will be required to change their password.
- Breach
Detection FusionAuth Tenant Password Validation Rules Breach Detection - Max
Length int - The maximum length of a password when a new user is created or a user requests a password change. This value must be greater than 0 and less than or equal to 256. When
passwordEncryptionConfiguration.encryptionSchemeis equal tobcrypt, the maximum will be limited to 50. - Min
Length int - The minimum length of a password when a new user is created or a user requests a password change.
- Remember
Previous FusionPasswords Auth Tenant Password Validation Rules Remember Previous Passwords - Require
Non boolAlpha - Whether to force the user to use at least one non-alphanumeric character.
- Require
Number bool - Whether to force the user to use at least one number.
- Required
Mixed boolCase - Whether to force the user to use at least one uppercase and one lowercase character.
- Validate
On boolLogin - When enabled the user’s password will be validated during login. If the password does not meet the currently configured validation rules the user will be required to change their password.
- breach
Detection FusionAuth Tenant Password Validation Rules Breach Detection - max
Length Integer - The maximum length of a password when a new user is created or a user requests a password change. This value must be greater than 0 and less than or equal to 256. When
passwordEncryptionConfiguration.encryptionSchemeis equal tobcrypt, the maximum will be limited to 50. - min
Length Integer - The minimum length of a password when a new user is created or a user requests a password change.
- remember
Previous FusionPasswords Auth Tenant Password Validation Rules Remember Previous Passwords - require
Non BooleanAlpha - Whether to force the user to use at least one non-alphanumeric character.
- require
Number Boolean - Whether to force the user to use at least one number.
- required
Mixed BooleanCase - Whether to force the user to use at least one uppercase and one lowercase character.
- validate
On BooleanLogin - When enabled the user’s password will be validated during login. If the password does not meet the currently configured validation rules the user will be required to change their password.
- breach
Detection FusionAuth Tenant Password Validation Rules Breach Detection - max
Length number - The maximum length of a password when a new user is created or a user requests a password change. This value must be greater than 0 and less than or equal to 256. When
passwordEncryptionConfiguration.encryptionSchemeis equal tobcrypt, the maximum will be limited to 50. - min
Length number - The minimum length of a password when a new user is created or a user requests a password change.
- remember
Previous FusionPasswords Auth Tenant Password Validation Rules Remember Previous Passwords - require
Non booleanAlpha - Whether to force the user to use at least one non-alphanumeric character.
- require
Number boolean - Whether to force the user to use at least one number.
- required
Mixed booleanCase - Whether to force the user to use at least one uppercase and one lowercase character.
- validate
On booleanLogin - When enabled the user’s password will be validated during login. If the password does not meet the currently configured validation rules the user will be required to change their password.
- breach_
detection FusionAuth Tenant Password Validation Rules Breach Detection - max_
length int - The maximum length of a password when a new user is created or a user requests a password change. This value must be greater than 0 and less than or equal to 256. When
passwordEncryptionConfiguration.encryptionSchemeis equal tobcrypt, the maximum will be limited to 50. - min_
length int - The minimum length of a password when a new user is created or a user requests a password change.
- remember_
previous_ Fusionpasswords Auth Tenant Password Validation Rules Remember Previous Passwords - require_
non_ boolalpha - Whether to force the user to use at least one non-alphanumeric character.
- require_
number bool - Whether to force the user to use at least one number.
- required_
mixed_ boolcase - Whether to force the user to use at least one uppercase and one lowercase character.
- validate_
on_ boollogin - When enabled the user’s password will be validated during login. If the password does not meet the currently configured validation rules the user will be required to change their password.
- breach
Detection Property Map - max
Length Number - The maximum length of a password when a new user is created or a user requests a password change. This value must be greater than 0 and less than or equal to 256. When
passwordEncryptionConfiguration.encryptionSchemeis equal tobcrypt, the maximum will be limited to 50. - min
Length Number - The minimum length of a password when a new user is created or a user requests a password change.
- remember
Previous Property MapPasswords - require
Non BooleanAlpha - Whether to force the user to use at least one non-alphanumeric character.
- require
Number Boolean - Whether to force the user to use at least one number.
- required
Mixed BooleanCase - Whether to force the user to use at least one uppercase and one lowercase character.
- validate
On BooleanLogin - When enabled the user’s password will be validated during login. If the password does not meet the currently configured validation rules the user will be required to change their password.
FusionAuthTenantPasswordValidationRulesBreachDetection, FusionAuthTenantPasswordValidationRulesBreachDetectionArgs
- Enabled bool
- Whether to enable Reactor breach detection. Requires an activated license.
- Match
Mode string - The level of severity where Reactor will consider a breach.
- Notify
User stringEmail Template Id - The Id of the email template to use when notifying user of breached password. Required if tenant.passwordValidationRules.breachDetection.onLogin is set to NotifyUser.
- On
Login string - The behavior when detecting breaches at time of user login
- Enabled bool
- Whether to enable Reactor breach detection. Requires an activated license.
- Match
Mode string - The level of severity where Reactor will consider a breach.
- Notify
User stringEmail Template Id - The Id of the email template to use when notifying user of breached password. Required if tenant.passwordValidationRules.breachDetection.onLogin is set to NotifyUser.
- On
Login string - The behavior when detecting breaches at time of user login
- enabled Boolean
- Whether to enable Reactor breach detection. Requires an activated license.
- match
Mode String - The level of severity where Reactor will consider a breach.
- notify
User StringEmail Template Id - The Id of the email template to use when notifying user of breached password. Required if tenant.passwordValidationRules.breachDetection.onLogin is set to NotifyUser.
- on
Login String - The behavior when detecting breaches at time of user login
- enabled boolean
- Whether to enable Reactor breach detection. Requires an activated license.
- match
Mode string - The level of severity where Reactor will consider a breach.
- notify
User stringEmail Template Id - The Id of the email template to use when notifying user of breached password. Required if tenant.passwordValidationRules.breachDetection.onLogin is set to NotifyUser.
- on
Login string - The behavior when detecting breaches at time of user login
- enabled bool
- Whether to enable Reactor breach detection. Requires an activated license.
- match_
mode str - The level of severity where Reactor will consider a breach.
- notify_
user_ stremail_ template_ id - The Id of the email template to use when notifying user of breached password. Required if tenant.passwordValidationRules.breachDetection.onLogin is set to NotifyUser.
- on_
login str - The behavior when detecting breaches at time of user login
- enabled Boolean
- Whether to enable Reactor breach detection. Requires an activated license.
- match
Mode String - The level of severity where Reactor will consider a breach.
- notify
User StringEmail Template Id - The Id of the email template to use when notifying user of breached password. Required if tenant.passwordValidationRules.breachDetection.onLogin is set to NotifyUser.
- on
Login String - The behavior when detecting breaches at time of user login
FusionAuthTenantPasswordValidationRulesRememberPreviousPasswords, FusionAuthTenantPasswordValidationRulesRememberPreviousPasswordsArgs
FusionAuthTenantRateLimitConfiguration, FusionAuthTenantRateLimitConfigurationArgs
- Failed
Login theogravity.Fusionauth. Inputs. Fusion Auth Tenant Rate Limit Configuration Failed Login - Forgot
Password theogravity.Fusionauth. Inputs. Fusion Auth Tenant Rate Limit Configuration Forgot Password - Send
Email theogravity.Verification Fusionauth. Inputs. Fusion Auth Tenant Rate Limit Configuration Send Email Verification - Send
Passwordless theogravity.Fusionauth. Inputs. Fusion Auth Tenant Rate Limit Configuration Send Passwordless - Send
Registration theogravity.Verification Fusionauth. Inputs. Fusion Auth Tenant Rate Limit Configuration Send Registration Verification - Send
Two theogravity.Factor Fusionauth. Inputs. Fusion Auth Tenant Rate Limit Configuration Send Two Factor
- Failed
Login FusionAuth Tenant Rate Limit Configuration Failed Login - Forgot
Password FusionAuth Tenant Rate Limit Configuration Forgot Password - Send
Email FusionVerification Auth Tenant Rate Limit Configuration Send Email Verification - Send
Passwordless FusionAuth Tenant Rate Limit Configuration Send Passwordless - Send
Registration FusionVerification Auth Tenant Rate Limit Configuration Send Registration Verification - Send
Two FusionFactor Auth Tenant Rate Limit Configuration Send Two Factor
- failed
Login FusionAuth Tenant Rate Limit Configuration Failed Login - forgot
Password FusionAuth Tenant Rate Limit Configuration Forgot Password - send
Email FusionVerification Auth Tenant Rate Limit Configuration Send Email Verification - send
Passwordless FusionAuth Tenant Rate Limit Configuration Send Passwordless - send
Registration FusionVerification Auth Tenant Rate Limit Configuration Send Registration Verification - send
Two FusionFactor Auth Tenant Rate Limit Configuration Send Two Factor
- failed
Login FusionAuth Tenant Rate Limit Configuration Failed Login - forgot
Password FusionAuth Tenant Rate Limit Configuration Forgot Password - send
Email FusionVerification Auth Tenant Rate Limit Configuration Send Email Verification - send
Passwordless FusionAuth Tenant Rate Limit Configuration Send Passwordless - send
Registration FusionVerification Auth Tenant Rate Limit Configuration Send Registration Verification - send
Two FusionFactor Auth Tenant Rate Limit Configuration Send Two Factor
- failed_
login FusionAuth Tenant Rate Limit Configuration Failed Login - forgot_
password FusionAuth Tenant Rate Limit Configuration Forgot Password - send_
email_ Fusionverification Auth Tenant Rate Limit Configuration Send Email Verification - send_
passwordless FusionAuth Tenant Rate Limit Configuration Send Passwordless - send_
registration_ Fusionverification Auth Tenant Rate Limit Configuration Send Registration Verification - send_
two_ Fusionfactor Auth Tenant Rate Limit Configuration Send Two Factor
FusionAuthTenantRateLimitConfigurationFailedLogin, FusionAuthTenantRateLimitConfigurationFailedLoginArgs
- Enabled bool
- Whether rate limiting is enabled for failed login.
- Limit int
- The number of times a user can fail to login within the configured
time_period_in_secondsduration. If a Failed authentication action has been configured then it will take precedence. - Time
Period intIn Seconds - The duration for the number of times a user can fail login before being rate limited.
- Enabled bool
- Whether rate limiting is enabled for failed login.
- Limit int
- The number of times a user can fail to login within the configured
time_period_in_secondsduration. If a Failed authentication action has been configured then it will take precedence. - Time
Period intIn Seconds - The duration for the number of times a user can fail login before being rate limited.
- enabled Boolean
- Whether rate limiting is enabled for failed login.
- limit Integer
- The number of times a user can fail to login within the configured
time_period_in_secondsduration. If a Failed authentication action has been configured then it will take precedence. - time
Period IntegerIn Seconds - The duration for the number of times a user can fail login before being rate limited.
- enabled boolean
- Whether rate limiting is enabled for failed login.
- limit number
- The number of times a user can fail to login within the configured
time_period_in_secondsduration. If a Failed authentication action has been configured then it will take precedence. - time
Period numberIn Seconds - The duration for the number of times a user can fail login before being rate limited.
- enabled bool
- Whether rate limiting is enabled for failed login.
- limit int
- The number of times a user can fail to login within the configured
time_period_in_secondsduration. If a Failed authentication action has been configured then it will take precedence. - time_
period_ intin_ seconds - The duration for the number of times a user can fail login before being rate limited.
- enabled Boolean
- Whether rate limiting is enabled for failed login.
- limit Number
- The number of times a user can fail to login within the configured
time_period_in_secondsduration. If a Failed authentication action has been configured then it will take precedence. - time
Period NumberIn Seconds - The duration for the number of times a user can fail login before being rate limited.
FusionAuthTenantRateLimitConfigurationForgotPassword, FusionAuthTenantRateLimitConfigurationForgotPasswordArgs
- Enabled bool
- Whether rate limiting is enabled for forgot password.
- Limit int
- The number of times a user can request a forgot password email within the configured
time_period_in_secondsduration. - Time
Period intIn Seconds - The duration for the number of times a user can request a forgot password email before being rate limited.
- Enabled bool
- Whether rate limiting is enabled for forgot password.
- Limit int
- The number of times a user can request a forgot password email within the configured
time_period_in_secondsduration. - Time
Period intIn Seconds - The duration for the number of times a user can request a forgot password email before being rate limited.
- enabled Boolean
- Whether rate limiting is enabled for forgot password.
- limit Integer
- The number of times a user can request a forgot password email within the configured
time_period_in_secondsduration. - time
Period IntegerIn Seconds - The duration for the number of times a user can request a forgot password email before being rate limited.
- enabled boolean
- Whether rate limiting is enabled for forgot password.
- limit number
- The number of times a user can request a forgot password email within the configured
time_period_in_secondsduration. - time
Period numberIn Seconds - The duration for the number of times a user can request a forgot password email before being rate limited.
- enabled bool
- Whether rate limiting is enabled for forgot password.
- limit int
- The number of times a user can request a forgot password email within the configured
time_period_in_secondsduration. - time_
period_ intin_ seconds - The duration for the number of times a user can request a forgot password email before being rate limited.
- enabled Boolean
- Whether rate limiting is enabled for forgot password.
- limit Number
- The number of times a user can request a forgot password email within the configured
time_period_in_secondsduration. - time
Period NumberIn Seconds - The duration for the number of times a user can request a forgot password email before being rate limited.
FusionAuthTenantRateLimitConfigurationSendEmailVerification, FusionAuthTenantRateLimitConfigurationSendEmailVerificationArgs
- Enabled bool
- Whether rate limiting is enabled for send email verification.
- Limit int
- The number of times a user can request a verification email within the configured
time_period_in_secondsduration. - Time
Period intIn Seconds - The duration for the number of times a user can request a verification email before being rate limited.
- Enabled bool
- Whether rate limiting is enabled for send email verification.
- Limit int
- The number of times a user can request a verification email within the configured
time_period_in_secondsduration. - Time
Period intIn Seconds - The duration for the number of times a user can request a verification email before being rate limited.
- enabled Boolean
- Whether rate limiting is enabled for send email verification.
- limit Integer
- The number of times a user can request a verification email within the configured
time_period_in_secondsduration. - time
Period IntegerIn Seconds - The duration for the number of times a user can request a verification email before being rate limited.
- enabled boolean
- Whether rate limiting is enabled for send email verification.
- limit number
- The number of times a user can request a verification email within the configured
time_period_in_secondsduration. - time
Period numberIn Seconds - The duration for the number of times a user can request a verification email before being rate limited.
- enabled bool
- Whether rate limiting is enabled for send email verification.
- limit int
- The number of times a user can request a verification email within the configured
time_period_in_secondsduration. - time_
period_ intin_ seconds - The duration for the number of times a user can request a verification email before being rate limited.
- enabled Boolean
- Whether rate limiting is enabled for send email verification.
- limit Number
- The number of times a user can request a verification email within the configured
time_period_in_secondsduration. - time
Period NumberIn Seconds - The duration for the number of times a user can request a verification email before being rate limited.
FusionAuthTenantRateLimitConfigurationSendPasswordless, FusionAuthTenantRateLimitConfigurationSendPasswordlessArgs
- Enabled bool
- Whether rate limiting is enabled for send passwordless.
- Limit int
- The number of times a user can request a passwordless login email within the configured
time_period_in_secondsduration. - Time
Period intIn Seconds - The duration for the number of times a user can request a passwordless login email before being rate limited.
- Enabled bool
- Whether rate limiting is enabled for send passwordless.
- Limit int
- The number of times a user can request a passwordless login email within the configured
time_period_in_secondsduration. - Time
Period intIn Seconds - The duration for the number of times a user can request a passwordless login email before being rate limited.
- enabled Boolean
- Whether rate limiting is enabled for send passwordless.
- limit Integer
- The number of times a user can request a passwordless login email within the configured
time_period_in_secondsduration. - time
Period IntegerIn Seconds - The duration for the number of times a user can request a passwordless login email before being rate limited.
- enabled boolean
- Whether rate limiting is enabled for send passwordless.
- limit number
- The number of times a user can request a passwordless login email within the configured
time_period_in_secondsduration. - time
Period numberIn Seconds - The duration for the number of times a user can request a passwordless login email before being rate limited.
- enabled bool
- Whether rate limiting is enabled for send passwordless.
- limit int
- The number of times a user can request a passwordless login email within the configured
time_period_in_secondsduration. - time_
period_ intin_ seconds - The duration for the number of times a user can request a passwordless login email before being rate limited.
- enabled Boolean
- Whether rate limiting is enabled for send passwordless.
- limit Number
- The number of times a user can request a passwordless login email within the configured
time_period_in_secondsduration. - time
Period NumberIn Seconds - The duration for the number of times a user can request a passwordless login email before being rate limited.
FusionAuthTenantRateLimitConfigurationSendRegistrationVerification, FusionAuthTenantRateLimitConfigurationSendRegistrationVerificationArgs
- Enabled bool
- Whether rate limiting is enabled for send registration verification.
- Limit int
- The number of times a user can request a registration verification email within the configured
time_period_in_secondsduration. - Time
Period intIn Seconds - The duration for the number of times a user can request a registration verification email before being rate limited.
- Enabled bool
- Whether rate limiting is enabled for send registration verification.
- Limit int
- The number of times a user can request a registration verification email within the configured
time_period_in_secondsduration. - Time
Period intIn Seconds - The duration for the number of times a user can request a registration verification email before being rate limited.
- enabled Boolean
- Whether rate limiting is enabled for send registration verification.
- limit Integer
- The number of times a user can request a registration verification email within the configured
time_period_in_secondsduration. - time
Period IntegerIn Seconds - The duration for the number of times a user can request a registration verification email before being rate limited.
- enabled boolean
- Whether rate limiting is enabled for send registration verification.
- limit number
- The number of times a user can request a registration verification email within the configured
time_period_in_secondsduration. - time
Period numberIn Seconds - The duration for the number of times a user can request a registration verification email before being rate limited.
- enabled bool
- Whether rate limiting is enabled for send registration verification.
- limit int
- The number of times a user can request a registration verification email within the configured
time_period_in_secondsduration. - time_
period_ intin_ seconds - The duration for the number of times a user can request a registration verification email before being rate limited.
- enabled Boolean
- Whether rate limiting is enabled for send registration verification.
- limit Number
- The number of times a user can request a registration verification email within the configured
time_period_in_secondsduration. - time
Period NumberIn Seconds - The duration for the number of times a user can request a registration verification email before being rate limited.
FusionAuthTenantRateLimitConfigurationSendTwoFactor, FusionAuthTenantRateLimitConfigurationSendTwoFactorArgs
- Enabled bool
- Whether rate limiting is enabled for send two factor.
- Limit int
- The number of times a user can request a two-factor code by email or SMS within the configured
time_period_in_secondsduration. - Time
Period intIn Seconds - The duration for the number of times a user can request a two-factor code by email or SMS before being rate limited.
- Enabled bool
- Whether rate limiting is enabled for send two factor.
- Limit int
- The number of times a user can request a two-factor code by email or SMS within the configured
time_period_in_secondsduration. - Time
Period intIn Seconds - The duration for the number of times a user can request a two-factor code by email or SMS before being rate limited.
- enabled Boolean
- Whether rate limiting is enabled for send two factor.
- limit Integer
- The number of times a user can request a two-factor code by email or SMS within the configured
time_period_in_secondsduration. - time
Period IntegerIn Seconds - The duration for the number of times a user can request a two-factor code by email or SMS before being rate limited.
- enabled boolean
- Whether rate limiting is enabled for send two factor.
- limit number
- The number of times a user can request a two-factor code by email or SMS within the configured
time_period_in_secondsduration. - time
Period numberIn Seconds - The duration for the number of times a user can request a two-factor code by email or SMS before being rate limited.
- enabled bool
- Whether rate limiting is enabled for send two factor.
- limit int
- The number of times a user can request a two-factor code by email or SMS within the configured
time_period_in_secondsduration. - time_
period_ intin_ seconds - The duration for the number of times a user can request a two-factor code by email or SMS before being rate limited.
- enabled Boolean
- Whether rate limiting is enabled for send two factor.
- limit Number
- The number of times a user can request a two-factor code by email or SMS within the configured
time_period_in_secondsduration. - time
Period NumberIn Seconds - The duration for the number of times a user can request a two-factor code by email or SMS before being rate limited.
FusionAuthTenantRegistrationConfiguration, FusionAuthTenantRegistrationConfigurationArgs
- Blocked
Domains List<string> - A list of unique domains that are not allowed to register when self service is enabled.
- Blocked
Domains []string - A list of unique domains that are not allowed to register when self service is enabled.
- blocked
Domains List<String> - A list of unique domains that are not allowed to register when self service is enabled.
- blocked
Domains string[] - A list of unique domains that are not allowed to register when self service is enabled.
- blocked_
domains Sequence[str] - A list of unique domains that are not allowed to register when self service is enabled.
- blocked
Domains List<String> - A list of unique domains that are not allowed to register when self service is enabled.
FusionAuthTenantScimServerConfiguration, FusionAuthTenantScimServerConfigurationArgs
- Client
Entity stringType Id - The Entity Type that will be used to represent SCIM Clients for this tenant. Note: An Enterprise plan is required to utilize SCIM. Required when
scim_server_configuration.enabledis true. - Server
Entity stringType Id - The Entity Type that will be used to represent SCIM Servers for this tenant. Note: An Enterprise plan is required to utilize SCIM. Required when
scim_server_configuration.enabledis true. - Enabled bool
- Whether or not this tenant has the SCIM endpoints enabled. Note: An Enterprise plan is required to utilize SCIM.
- Schemas string
- SON formatted as a SCIM Schemas endpoint response. Because the SCIM lambdas may modify the JSON response, ensure the Schema's response matches that generated by the response lambdas. More about Schema definitions. When this parameter is not provided, it will default to EnterpriseUser, Group, and User schema definitions as defined by the SCIM core schemas spec. Note: An Enterprise plan is required to utilize SCIM.
- Client
Entity stringType Id - The Entity Type that will be used to represent SCIM Clients for this tenant. Note: An Enterprise plan is required to utilize SCIM. Required when
scim_server_configuration.enabledis true. - Server
Entity stringType Id - The Entity Type that will be used to represent SCIM Servers for this tenant. Note: An Enterprise plan is required to utilize SCIM. Required when
scim_server_configuration.enabledis true. - Enabled bool
- Whether or not this tenant has the SCIM endpoints enabled. Note: An Enterprise plan is required to utilize SCIM.
- Schemas string
- SON formatted as a SCIM Schemas endpoint response. Because the SCIM lambdas may modify the JSON response, ensure the Schema's response matches that generated by the response lambdas. More about Schema definitions. When this parameter is not provided, it will default to EnterpriseUser, Group, and User schema definitions as defined by the SCIM core schemas spec. Note: An Enterprise plan is required to utilize SCIM.
- client
Entity StringType Id - The Entity Type that will be used to represent SCIM Clients for this tenant. Note: An Enterprise plan is required to utilize SCIM. Required when
scim_server_configuration.enabledis true. - server
Entity StringType Id - The Entity Type that will be used to represent SCIM Servers for this tenant. Note: An Enterprise plan is required to utilize SCIM. Required when
scim_server_configuration.enabledis true. - enabled Boolean
- Whether or not this tenant has the SCIM endpoints enabled. Note: An Enterprise plan is required to utilize SCIM.
- schemas String
- SON formatted as a SCIM Schemas endpoint response. Because the SCIM lambdas may modify the JSON response, ensure the Schema's response matches that generated by the response lambdas. More about Schema definitions. When this parameter is not provided, it will default to EnterpriseUser, Group, and User schema definitions as defined by the SCIM core schemas spec. Note: An Enterprise plan is required to utilize SCIM.
- client
Entity stringType Id - The Entity Type that will be used to represent SCIM Clients for this tenant. Note: An Enterprise plan is required to utilize SCIM. Required when
scim_server_configuration.enabledis true. - server
Entity stringType Id - The Entity Type that will be used to represent SCIM Servers for this tenant. Note: An Enterprise plan is required to utilize SCIM. Required when
scim_server_configuration.enabledis true. - enabled boolean
- Whether or not this tenant has the SCIM endpoints enabled. Note: An Enterprise plan is required to utilize SCIM.
- schemas string
- SON formatted as a SCIM Schemas endpoint response. Because the SCIM lambdas may modify the JSON response, ensure the Schema's response matches that generated by the response lambdas. More about Schema definitions. When this parameter is not provided, it will default to EnterpriseUser, Group, and User schema definitions as defined by the SCIM core schemas spec. Note: An Enterprise plan is required to utilize SCIM.
- client_
entity_ strtype_ id - The Entity Type that will be used to represent SCIM Clients for this tenant. Note: An Enterprise plan is required to utilize SCIM. Required when
scim_server_configuration.enabledis true. - server_
entity_ strtype_ id - The Entity Type that will be used to represent SCIM Servers for this tenant. Note: An Enterprise plan is required to utilize SCIM. Required when
scim_server_configuration.enabledis true. - enabled bool
- Whether or not this tenant has the SCIM endpoints enabled. Note: An Enterprise plan is required to utilize SCIM.
- schemas str
- SON formatted as a SCIM Schemas endpoint response. Because the SCIM lambdas may modify the JSON response, ensure the Schema's response matches that generated by the response lambdas. More about Schema definitions. When this parameter is not provided, it will default to EnterpriseUser, Group, and User schema definitions as defined by the SCIM core schemas spec. Note: An Enterprise plan is required to utilize SCIM.
- client
Entity StringType Id - The Entity Type that will be used to represent SCIM Clients for this tenant. Note: An Enterprise plan is required to utilize SCIM. Required when
scim_server_configuration.enabledis true. - server
Entity StringType Id - The Entity Type that will be used to represent SCIM Servers for this tenant. Note: An Enterprise plan is required to utilize SCIM. Required when
scim_server_configuration.enabledis true. - enabled Boolean
- Whether or not this tenant has the SCIM endpoints enabled. Note: An Enterprise plan is required to utilize SCIM.
- schemas String
- SON formatted as a SCIM Schemas endpoint response. Because the SCIM lambdas may modify the JSON response, ensure the Schema's response matches that generated by the response lambdas. More about Schema definitions. When this parameter is not provided, it will default to EnterpriseUser, Group, and User schema definitions as defined by the SCIM core schemas spec. Note: An Enterprise plan is required to utilize SCIM.
FusionAuthTenantSsoConfiguration, FusionAuthTenantSsoConfigurationArgs
- Device
Trust intTime To Live In Seconds - The number of seconds before a trusted device is reset. When reset, a user is forced to complete captcha during login and complete two factor authentication if applicable.
- Device
Trust intTime To Live In Seconds - The number of seconds before a trusted device is reset. When reset, a user is forced to complete captcha during login and complete two factor authentication if applicable.
- device
Trust IntegerTime To Live In Seconds - The number of seconds before a trusted device is reset. When reset, a user is forced to complete captcha during login and complete two factor authentication if applicable.
- device
Trust numberTime To Live In Seconds - The number of seconds before a trusted device is reset. When reset, a user is forced to complete captcha during login and complete two factor authentication if applicable.
- device_
trust_ inttime_ to_ live_ in_ seconds - The number of seconds before a trusted device is reset. When reset, a user is forced to complete captcha during login and complete two factor authentication if applicable.
- device
Trust NumberTime To Live In Seconds - The number of seconds before a trusted device is reset. When reset, a user is forced to complete captcha during login and complete two factor authentication if applicable.
FusionAuthTenantUserDeletePolicy, FusionAuthTenantUserDeletePolicyArgs
- Unverified
Enabled bool - Indicates that users without a verified email address will be permanently deleted after tenant.userDeletePolicy.unverified.numberOfDaysToRetain days.
- Unverified
Number intOf Days To Retain - The number of days from creation users will be retained before being deleted for not completing email verification. This field is required when tenant.userDeletePolicy.unverified.enabled is set to true. Value must be greater than 0.
- Unverified
Enabled bool - Indicates that users without a verified email address will be permanently deleted after tenant.userDeletePolicy.unverified.numberOfDaysToRetain days.
- Unverified
Number intOf Days To Retain - The number of days from creation users will be retained before being deleted for not completing email verification. This field is required when tenant.userDeletePolicy.unverified.enabled is set to true. Value must be greater than 0.
- unverified
Enabled Boolean - Indicates that users without a verified email address will be permanently deleted after tenant.userDeletePolicy.unverified.numberOfDaysToRetain days.
- unverified
Number IntegerOf Days To Retain - The number of days from creation users will be retained before being deleted for not completing email verification. This field is required when tenant.userDeletePolicy.unverified.enabled is set to true. Value must be greater than 0.
- unverified
Enabled boolean - Indicates that users without a verified email address will be permanently deleted after tenant.userDeletePolicy.unverified.numberOfDaysToRetain days.
- unverified
Number numberOf Days To Retain - The number of days from creation users will be retained before being deleted for not completing email verification. This field is required when tenant.userDeletePolicy.unverified.enabled is set to true. Value must be greater than 0.
- unverified_
enabled bool - Indicates that users without a verified email address will be permanently deleted after tenant.userDeletePolicy.unverified.numberOfDaysToRetain days.
- unverified_
number_ intof_ days_ to_ retain - The number of days from creation users will be retained before being deleted for not completing email verification. This field is required when tenant.userDeletePolicy.unverified.enabled is set to true. Value must be greater than 0.
- unverified
Enabled Boolean - Indicates that users without a verified email address will be permanently deleted after tenant.userDeletePolicy.unverified.numberOfDaysToRetain days.
- unverified
Number NumberOf Days To Retain - The number of days from creation users will be retained before being deleted for not completing email verification. This field is required when tenant.userDeletePolicy.unverified.enabled is set to true. Value must be greater than 0.
FusionAuthTenantUsernameConfiguration, FusionAuthTenantUsernameConfigurationArgs
- Unique
theogravity.
Fusionauth. Inputs. Fusion Auth Tenant Username Configuration Unique - Indicates that users without a verified email address will be permanently deleted after tenant.userDeletePolicy.unverified.numberOfDaysToRetain days.
- Unique
Fusion
Auth Tenant Username Configuration Unique - Indicates that users without a verified email address will be permanently deleted after tenant.userDeletePolicy.unverified.numberOfDaysToRetain days.
- unique
Fusion
Auth Tenant Username Configuration Unique - Indicates that users without a verified email address will be permanently deleted after tenant.userDeletePolicy.unverified.numberOfDaysToRetain days.
- unique
Fusion
Auth Tenant Username Configuration Unique - Indicates that users without a verified email address will be permanently deleted after tenant.userDeletePolicy.unverified.numberOfDaysToRetain days.
- unique
Fusion
Auth Tenant Username Configuration Unique - Indicates that users without a verified email address will be permanently deleted after tenant.userDeletePolicy.unverified.numberOfDaysToRetain days.
- unique Property Map
- Indicates that users without a verified email address will be permanently deleted after tenant.userDeletePolicy.unverified.numberOfDaysToRetain days.
FusionAuthTenantUsernameConfigurationUnique, FusionAuthTenantUsernameConfigurationUniqueArgs
- Enabled bool
- When true, FusionAuth will handle username collisions by generating a random suffix.
- Number
Of intDigits - The maximum number of digits to use when building a unique suffix for a username. A number will be randomly selected and will be 1 or more digits up to this configured value in length. For example, if this value is 5, the suffix will be a number between 00001 and 99999, inclusive.
- Separator string
- A single character to use as a separator from the requested username and a unique suffix that is added when a duplicate username is detected. This value can be a single non-alphanumeric ASCII character.
- Strategy string
- When enabled the user’s password will be validated during login. If the password does not meet the currently configured validation rules the user will be required to change their password.
- Enabled bool
- When true, FusionAuth will handle username collisions by generating a random suffix.
- Number
Of intDigits - The maximum number of digits to use when building a unique suffix for a username. A number will be randomly selected and will be 1 or more digits up to this configured value in length. For example, if this value is 5, the suffix will be a number between 00001 and 99999, inclusive.
- Separator string
- A single character to use as a separator from the requested username and a unique suffix that is added when a duplicate username is detected. This value can be a single non-alphanumeric ASCII character.
- Strategy string
- When enabled the user’s password will be validated during login. If the password does not meet the currently configured validation rules the user will be required to change their password.
- enabled Boolean
- When true, FusionAuth will handle username collisions by generating a random suffix.
- number
Of IntegerDigits - The maximum number of digits to use when building a unique suffix for a username. A number will be randomly selected and will be 1 or more digits up to this configured value in length. For example, if this value is 5, the suffix will be a number between 00001 and 99999, inclusive.
- separator String
- A single character to use as a separator from the requested username and a unique suffix that is added when a duplicate username is detected. This value can be a single non-alphanumeric ASCII character.
- strategy String
- When enabled the user’s password will be validated during login. If the password does not meet the currently configured validation rules the user will be required to change their password.
- enabled boolean
- When true, FusionAuth will handle username collisions by generating a random suffix.
- number
Of numberDigits - The maximum number of digits to use when building a unique suffix for a username. A number will be randomly selected and will be 1 or more digits up to this configured value in length. For example, if this value is 5, the suffix will be a number between 00001 and 99999, inclusive.
- separator string
- A single character to use as a separator from the requested username and a unique suffix that is added when a duplicate username is detected. This value can be a single non-alphanumeric ASCII character.
- strategy string
- When enabled the user’s password will be validated during login. If the password does not meet the currently configured validation rules the user will be required to change their password.
- enabled bool
- When true, FusionAuth will handle username collisions by generating a random suffix.
- number_
of_ intdigits - The maximum number of digits to use when building a unique suffix for a username. A number will be randomly selected and will be 1 or more digits up to this configured value in length. For example, if this value is 5, the suffix will be a number between 00001 and 99999, inclusive.
- separator str
- A single character to use as a separator from the requested username and a unique suffix that is added when a duplicate username is detected. This value can be a single non-alphanumeric ASCII character.
- strategy str
- When enabled the user’s password will be validated during login. If the password does not meet the currently configured validation rules the user will be required to change their password.
- enabled Boolean
- When true, FusionAuth will handle username collisions by generating a random suffix.
- number
Of NumberDigits - The maximum number of digits to use when building a unique suffix for a username. A number will be randomly selected and will be 1 or more digits up to this configured value in length. For example, if this value is 5, the suffix will be a number between 00001 and 99999, inclusive.
- separator String
- A single character to use as a separator from the requested username and a unique suffix that is added when a duplicate username is detected. This value can be a single non-alphanumeric ASCII character.
- strategy String
- When enabled the user’s password will be validated during login. If the password does not meet the currently configured validation rules the user will be required to change their password.
FusionAuthTenantWebauthnConfiguration, FusionAuthTenantWebauthnConfigurationArgs
- Bootstrap
Workflow theogravity.Fusionauth. Inputs. Fusion Auth Tenant Webauthn Configuration Bootstrap Workflow - The Bootstrap Workflow configuration.
- Debug bool
- Determines if debug should be enabled for this tenant to create an event log to assist in debugging WebAuthn errors. Note: A license is required to utilize WebAuthn..
- Enabled bool
- Whether or not this tenant has WebAuthn enabled globally.. Note: A license is required to utilize WebAuthn..
- Reauthentication
Workflow theogravity.Fusionauth. Inputs. Fusion Auth Tenant Webauthn Configuration Reauthentication Workflow - The Reauthentication Workflow configuration.
- Relying
Party stringId - The value this tenant will use for the Relying Party Id in WebAuthn ceremonies. Passkeys can only be used to authenticate on sites using the same Relying Party Id they were registered with. This value must match the browser origin or be a registrable domain suffix of the browser origin. For example, if your domain is auth.piedpiper.com, you could use auth.piedpiper.com or piedpiper.com but not m.auth.piedpiper.com or com. When this parameter is omitted, FusionAuth will use null for the Relying Party Id in passkey creation and request options. A null value in the WebAuthn JavaScript API will use the browser origin. Note: A license is required to utilize WebAuthn.
- Relying
Party stringName - The value this tenant will use for the Relying Party name in WebAuthn ceremonies. This value may be displayed by browser or operating system dialogs during WebAuthn ceremonies. When this parameter is omitted, FusionAuth will use the tenant.issuer value. Note: A license is required to utilize WebAuthn.
- Bootstrap
Workflow FusionAuth Tenant Webauthn Configuration Bootstrap Workflow - The Bootstrap Workflow configuration.
- Debug bool
- Determines if debug should be enabled for this tenant to create an event log to assist in debugging WebAuthn errors. Note: A license is required to utilize WebAuthn..
- Enabled bool
- Whether or not this tenant has WebAuthn enabled globally.. Note: A license is required to utilize WebAuthn..
- Reauthentication
Workflow FusionAuth Tenant Webauthn Configuration Reauthentication Workflow - The Reauthentication Workflow configuration.
- Relying
Party stringId - The value this tenant will use for the Relying Party Id in WebAuthn ceremonies. Passkeys can only be used to authenticate on sites using the same Relying Party Id they were registered with. This value must match the browser origin or be a registrable domain suffix of the browser origin. For example, if your domain is auth.piedpiper.com, you could use auth.piedpiper.com or piedpiper.com but not m.auth.piedpiper.com or com. When this parameter is omitted, FusionAuth will use null for the Relying Party Id in passkey creation and request options. A null value in the WebAuthn JavaScript API will use the browser origin. Note: A license is required to utilize WebAuthn.
- Relying
Party stringName - The value this tenant will use for the Relying Party name in WebAuthn ceremonies. This value may be displayed by browser or operating system dialogs during WebAuthn ceremonies. When this parameter is omitted, FusionAuth will use the tenant.issuer value. Note: A license is required to utilize WebAuthn.
- bootstrap
Workflow FusionAuth Tenant Webauthn Configuration Bootstrap Workflow - The Bootstrap Workflow configuration.
- debug Boolean
- Determines if debug should be enabled for this tenant to create an event log to assist in debugging WebAuthn errors. Note: A license is required to utilize WebAuthn..
- enabled Boolean
- Whether or not this tenant has WebAuthn enabled globally.. Note: A license is required to utilize WebAuthn..
- reauthentication
Workflow FusionAuth Tenant Webauthn Configuration Reauthentication Workflow - The Reauthentication Workflow configuration.
- relying
Party StringId - The value this tenant will use for the Relying Party Id in WebAuthn ceremonies. Passkeys can only be used to authenticate on sites using the same Relying Party Id they were registered with. This value must match the browser origin or be a registrable domain suffix of the browser origin. For example, if your domain is auth.piedpiper.com, you could use auth.piedpiper.com or piedpiper.com but not m.auth.piedpiper.com or com. When this parameter is omitted, FusionAuth will use null for the Relying Party Id in passkey creation and request options. A null value in the WebAuthn JavaScript API will use the browser origin. Note: A license is required to utilize WebAuthn.
- relying
Party StringName - The value this tenant will use for the Relying Party name in WebAuthn ceremonies. This value may be displayed by browser or operating system dialogs during WebAuthn ceremonies. When this parameter is omitted, FusionAuth will use the tenant.issuer value. Note: A license is required to utilize WebAuthn.
- bootstrap
Workflow FusionAuth Tenant Webauthn Configuration Bootstrap Workflow - The Bootstrap Workflow configuration.
- debug boolean
- Determines if debug should be enabled for this tenant to create an event log to assist in debugging WebAuthn errors. Note: A license is required to utilize WebAuthn..
- enabled boolean
- Whether or not this tenant has WebAuthn enabled globally.. Note: A license is required to utilize WebAuthn..
- reauthentication
Workflow FusionAuth Tenant Webauthn Configuration Reauthentication Workflow - The Reauthentication Workflow configuration.
- relying
Party stringId - The value this tenant will use for the Relying Party Id in WebAuthn ceremonies. Passkeys can only be used to authenticate on sites using the same Relying Party Id they were registered with. This value must match the browser origin or be a registrable domain suffix of the browser origin. For example, if your domain is auth.piedpiper.com, you could use auth.piedpiper.com or piedpiper.com but not m.auth.piedpiper.com or com. When this parameter is omitted, FusionAuth will use null for the Relying Party Id in passkey creation and request options. A null value in the WebAuthn JavaScript API will use the browser origin. Note: A license is required to utilize WebAuthn.
- relying
Party stringName - The value this tenant will use for the Relying Party name in WebAuthn ceremonies. This value may be displayed by browser or operating system dialogs during WebAuthn ceremonies. When this parameter is omitted, FusionAuth will use the tenant.issuer value. Note: A license is required to utilize WebAuthn.
- bootstrap_
workflow FusionAuth Tenant Webauthn Configuration Bootstrap Workflow - The Bootstrap Workflow configuration.
- debug bool
- Determines if debug should be enabled for this tenant to create an event log to assist in debugging WebAuthn errors. Note: A license is required to utilize WebAuthn..
- enabled bool
- Whether or not this tenant has WebAuthn enabled globally.. Note: A license is required to utilize WebAuthn..
- reauthentication_
workflow FusionAuth Tenant Webauthn Configuration Reauthentication Workflow - The Reauthentication Workflow configuration.
- relying_
party_ strid - The value this tenant will use for the Relying Party Id in WebAuthn ceremonies. Passkeys can only be used to authenticate on sites using the same Relying Party Id they were registered with. This value must match the browser origin or be a registrable domain suffix of the browser origin. For example, if your domain is auth.piedpiper.com, you could use auth.piedpiper.com or piedpiper.com but not m.auth.piedpiper.com or com. When this parameter is omitted, FusionAuth will use null for the Relying Party Id in passkey creation and request options. A null value in the WebAuthn JavaScript API will use the browser origin. Note: A license is required to utilize WebAuthn.
- relying_
party_ strname - The value this tenant will use for the Relying Party name in WebAuthn ceremonies. This value may be displayed by browser or operating system dialogs during WebAuthn ceremonies. When this parameter is omitted, FusionAuth will use the tenant.issuer value. Note: A license is required to utilize WebAuthn.
- bootstrap
Workflow Property Map - The Bootstrap Workflow configuration.
- debug Boolean
- Determines if debug should be enabled for this tenant to create an event log to assist in debugging WebAuthn errors. Note: A license is required to utilize WebAuthn..
- enabled Boolean
- Whether or not this tenant has WebAuthn enabled globally.. Note: A license is required to utilize WebAuthn..
- reauthentication
Workflow Property Map - The Reauthentication Workflow configuration.
- relying
Party StringId - The value this tenant will use for the Relying Party Id in WebAuthn ceremonies. Passkeys can only be used to authenticate on sites using the same Relying Party Id they were registered with. This value must match the browser origin or be a registrable domain suffix of the browser origin. For example, if your domain is auth.piedpiper.com, you could use auth.piedpiper.com or piedpiper.com but not m.auth.piedpiper.com or com. When this parameter is omitted, FusionAuth will use null for the Relying Party Id in passkey creation and request options. A null value in the WebAuthn JavaScript API will use the browser origin. Note: A license is required to utilize WebAuthn.
- relying
Party StringName - The value this tenant will use for the Relying Party name in WebAuthn ceremonies. This value may be displayed by browser or operating system dialogs during WebAuthn ceremonies. When this parameter is omitted, FusionAuth will use the tenant.issuer value. Note: A license is required to utilize WebAuthn.
FusionAuthTenantWebauthnConfigurationBootstrapWorkflow, FusionAuthTenantWebauthnConfigurationBootstrapWorkflowArgs
- Authenticator
Attachment stringPreference - Determines the authenticator attachment requirement for WebAuthn passkey registration when using the bootstrap workflow. The possible values are: Any, CrossPlatform and Platform. Note: A license is required to utilize WebAuthn and an Enterprise plan is required to utilize WebAuthn cross-platform authenticators..
- Enabled bool
- Whether or not this tenant has the WebAuthn bootstrap workflow enabled. The bootstrap workflow is used when the user must "bootstrap" the authentication process by identifying themselves prior to the WebAuthn ceremony and can be used to authenticate from a new device using WebAuthn. Note: A license is required to utilize WebAuthn..
- User
Verification stringRequirement - Determines the user verification requirement for WebAuthn passkey registration when using the bootstrap workflow. The possible values are: Discouraged, Preferred and Required. Note: A license is required to utilize WebAuthn..
- Authenticator
Attachment stringPreference - Determines the authenticator attachment requirement for WebAuthn passkey registration when using the bootstrap workflow. The possible values are: Any, CrossPlatform and Platform. Note: A license is required to utilize WebAuthn and an Enterprise plan is required to utilize WebAuthn cross-platform authenticators..
- Enabled bool
- Whether or not this tenant has the WebAuthn bootstrap workflow enabled. The bootstrap workflow is used when the user must "bootstrap" the authentication process by identifying themselves prior to the WebAuthn ceremony and can be used to authenticate from a new device using WebAuthn. Note: A license is required to utilize WebAuthn..
- User
Verification stringRequirement - Determines the user verification requirement for WebAuthn passkey registration when using the bootstrap workflow. The possible values are: Discouraged, Preferred and Required. Note: A license is required to utilize WebAuthn..
- authenticator
Attachment StringPreference - Determines the authenticator attachment requirement for WebAuthn passkey registration when using the bootstrap workflow. The possible values are: Any, CrossPlatform and Platform. Note: A license is required to utilize WebAuthn and an Enterprise plan is required to utilize WebAuthn cross-platform authenticators..
- enabled Boolean
- Whether or not this tenant has the WebAuthn bootstrap workflow enabled. The bootstrap workflow is used when the user must "bootstrap" the authentication process by identifying themselves prior to the WebAuthn ceremony and can be used to authenticate from a new device using WebAuthn. Note: A license is required to utilize WebAuthn..
- user
Verification StringRequirement - Determines the user verification requirement for WebAuthn passkey registration when using the bootstrap workflow. The possible values are: Discouraged, Preferred and Required. Note: A license is required to utilize WebAuthn..
- authenticator
Attachment stringPreference - Determines the authenticator attachment requirement for WebAuthn passkey registration when using the bootstrap workflow. The possible values are: Any, CrossPlatform and Platform. Note: A license is required to utilize WebAuthn and an Enterprise plan is required to utilize WebAuthn cross-platform authenticators..
- enabled boolean
- Whether or not this tenant has the WebAuthn bootstrap workflow enabled. The bootstrap workflow is used when the user must "bootstrap" the authentication process by identifying themselves prior to the WebAuthn ceremony and can be used to authenticate from a new device using WebAuthn. Note: A license is required to utilize WebAuthn..
- user
Verification stringRequirement - Determines the user verification requirement for WebAuthn passkey registration when using the bootstrap workflow. The possible values are: Discouraged, Preferred and Required. Note: A license is required to utilize WebAuthn..
- authenticator_
attachment_ strpreference - Determines the authenticator attachment requirement for WebAuthn passkey registration when using the bootstrap workflow. The possible values are: Any, CrossPlatform and Platform. Note: A license is required to utilize WebAuthn and an Enterprise plan is required to utilize WebAuthn cross-platform authenticators..
- enabled bool
- Whether or not this tenant has the WebAuthn bootstrap workflow enabled. The bootstrap workflow is used when the user must "bootstrap" the authentication process by identifying themselves prior to the WebAuthn ceremony and can be used to authenticate from a new device using WebAuthn. Note: A license is required to utilize WebAuthn..
- user_
verification_ strrequirement - Determines the user verification requirement for WebAuthn passkey registration when using the bootstrap workflow. The possible values are: Discouraged, Preferred and Required. Note: A license is required to utilize WebAuthn..
- authenticator
Attachment StringPreference - Determines the authenticator attachment requirement for WebAuthn passkey registration when using the bootstrap workflow. The possible values are: Any, CrossPlatform and Platform. Note: A license is required to utilize WebAuthn and an Enterprise plan is required to utilize WebAuthn cross-platform authenticators..
- enabled Boolean
- Whether or not this tenant has the WebAuthn bootstrap workflow enabled. The bootstrap workflow is used when the user must "bootstrap" the authentication process by identifying themselves prior to the WebAuthn ceremony and can be used to authenticate from a new device using WebAuthn. Note: A license is required to utilize WebAuthn..
- user
Verification StringRequirement - Determines the user verification requirement for WebAuthn passkey registration when using the bootstrap workflow. The possible values are: Discouraged, Preferred and Required. Note: A license is required to utilize WebAuthn..
FusionAuthTenantWebauthnConfigurationReauthenticationWorkflow, FusionAuthTenantWebauthnConfigurationReauthenticationWorkflowArgs
- Authenticator
Attachment stringPreference - Determines the authenticator attachment requirement for WebAuthn passkey registration when using the reauthentication workflow. The possible values are:: Any, CrossPlatform and Platform. Note: A license is required to utilize WebAuthn and an Enterprise plan is required to utilize WebAuthn cross-platform authenticators..
- Enabled bool
- Whether or not this tenant has the WebAuthn reauthentication workflow enabled. The reauthentication workflow will automatically prompt a user to authenticate using WebAuthn for repeated logins from the same device. Note: A license is required to utilize WebAuthn..
- User
Verification stringRequirement - Determines the user verification requirement for WebAuthn passkey registration when using the bootstrap workflow. The possible values are: Discouraged, Preferred and Required. Note: A license is required to utilize WebAuthn..
- Authenticator
Attachment stringPreference - Determines the authenticator attachment requirement for WebAuthn passkey registration when using the reauthentication workflow. The possible values are:: Any, CrossPlatform and Platform. Note: A license is required to utilize WebAuthn and an Enterprise plan is required to utilize WebAuthn cross-platform authenticators..
- Enabled bool
- Whether or not this tenant has the WebAuthn reauthentication workflow enabled. The reauthentication workflow will automatically prompt a user to authenticate using WebAuthn for repeated logins from the same device. Note: A license is required to utilize WebAuthn..
- User
Verification stringRequirement - Determines the user verification requirement for WebAuthn passkey registration when using the bootstrap workflow. The possible values are: Discouraged, Preferred and Required. Note: A license is required to utilize WebAuthn..
- authenticator
Attachment StringPreference - Determines the authenticator attachment requirement for WebAuthn passkey registration when using the reauthentication workflow. The possible values are:: Any, CrossPlatform and Platform. Note: A license is required to utilize WebAuthn and an Enterprise plan is required to utilize WebAuthn cross-platform authenticators..
- enabled Boolean
- Whether or not this tenant has the WebAuthn reauthentication workflow enabled. The reauthentication workflow will automatically prompt a user to authenticate using WebAuthn for repeated logins from the same device. Note: A license is required to utilize WebAuthn..
- user
Verification StringRequirement - Determines the user verification requirement for WebAuthn passkey registration when using the bootstrap workflow. The possible values are: Discouraged, Preferred and Required. Note: A license is required to utilize WebAuthn..
- authenticator
Attachment stringPreference - Determines the authenticator attachment requirement for WebAuthn passkey registration when using the reauthentication workflow. The possible values are:: Any, CrossPlatform and Platform. Note: A license is required to utilize WebAuthn and an Enterprise plan is required to utilize WebAuthn cross-platform authenticators..
- enabled boolean
- Whether or not this tenant has the WebAuthn reauthentication workflow enabled. The reauthentication workflow will automatically prompt a user to authenticate using WebAuthn for repeated logins from the same device. Note: A license is required to utilize WebAuthn..
- user
Verification stringRequirement - Determines the user verification requirement for WebAuthn passkey registration when using the bootstrap workflow. The possible values are: Discouraged, Preferred and Required. Note: A license is required to utilize WebAuthn..
- authenticator_
attachment_ strpreference - Determines the authenticator attachment requirement for WebAuthn passkey registration when using the reauthentication workflow. The possible values are:: Any, CrossPlatform and Platform. Note: A license is required to utilize WebAuthn and an Enterprise plan is required to utilize WebAuthn cross-platform authenticators..
- enabled bool
- Whether or not this tenant has the WebAuthn reauthentication workflow enabled. The reauthentication workflow will automatically prompt a user to authenticate using WebAuthn for repeated logins from the same device. Note: A license is required to utilize WebAuthn..
- user_
verification_ strrequirement - Determines the user verification requirement for WebAuthn passkey registration when using the bootstrap workflow. The possible values are: Discouraged, Preferred and Required. Note: A license is required to utilize WebAuthn..
- authenticator
Attachment StringPreference - Determines the authenticator attachment requirement for WebAuthn passkey registration when using the reauthentication workflow. The possible values are:: Any, CrossPlatform and Platform. Note: A license is required to utilize WebAuthn and an Enterprise plan is required to utilize WebAuthn cross-platform authenticators..
- enabled Boolean
- Whether or not this tenant has the WebAuthn reauthentication workflow enabled. The reauthentication workflow will automatically prompt a user to authenticate using WebAuthn for repeated logins from the same device. Note: A license is required to utilize WebAuthn..
- user
Verification StringRequirement - Determines the user verification requirement for WebAuthn passkey registration when using the bootstrap workflow. The possible values are: Discouraged, Preferred and Required. Note: A license is required to utilize WebAuthn..
Package Details
- Repository
- fusionauth theogravity/pulumi-fusionauth
- License
- MIT
- Notes
- This Pulumi package is based on the
fusionauthTerraform Provider.