Cloudflare v6.1.1, Apr 21 25

Cloudflare v6.1.1 published on Monday, Apr 21, 2025 by Pulumi

cloudflare.getZeroTrustAccessApplications

Explore with Pulumi AI

Cloudflare v6.1.1 published on Monday, Apr 21, 2025 by Pulumi

Example Usage

TypeScript
Python
Go
C#
Java
YAML

import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";

const exampleZeroTrustAccessApplications = cloudflare.getZeroTrustAccessApplications({
    accountId: "account_id",
    zoneId: "zone_id",
    aud: "aud",
    domain: "domain",
    name: "name",
    search: "search",
});

import pulumi
import pulumi_cloudflare as cloudflare

example_zero_trust_access_applications = cloudflare.get_zero_trust_access_applications(account_id="account_id",
    zone_id="zone_id",
    aud="aud",
    domain="domain",
    name="name",
    search="search")

package main

import (
	"github.com/pulumi/pulumi-cloudflare/sdk/v6/go/cloudflare"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := cloudflare.LookupZeroTrustAccessApplications(ctx, &cloudflare.LookupZeroTrustAccessApplicationsArgs{
			AccountId: pulumi.StringRef("account_id"),
			ZoneId:    pulumi.StringRef("zone_id"),
			Aud:       pulumi.StringRef("aud"),
			Domain:    pulumi.StringRef("domain"),
			Name:      pulumi.StringRef("name"),
			Search:    pulumi.StringRef("search"),
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Cloudflare = Pulumi.Cloudflare;

return await Deployment.RunAsync(() => 
{
    var exampleZeroTrustAccessApplications = Cloudflare.GetZeroTrustAccessApplications.Invoke(new()
    {
        AccountId = "account_id",
        ZoneId = "zone_id",
        Aud = "aud",
        Domain = "domain",
        Name = "name",
        Search = "search",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.cloudflare.CloudflareFunctions;
import com.pulumi.cloudflare.inputs.GetZeroTrustAccessApplicationsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var exampleZeroTrustAccessApplications = CloudflareFunctions.getZeroTrustAccessApplications(GetZeroTrustAccessApplicationsArgs.builder()
            .accountId("account_id")
            .zoneId("zone_id")
            .aud("aud")
            .domain("domain")
            .name("name")
            .search("search")
            .build());

    }
}

variables:
  exampleZeroTrustAccessApplications:
    fn::invoke:
      function: cloudflare:getZeroTrustAccessApplications
      arguments:
        accountId: account_id
        zoneId: zone_id
        aud: aud
        domain: domain
        name: name
        search: search

Using getZeroTrustAccessApplications

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

TypeScript
Python
Go
C#
Java
YAML

function getZeroTrustAccessApplications(args: GetZeroTrustAccessApplicationsArgs, opts?: InvokeOptions): Promise<GetZeroTrustAccessApplicationsResult>
function getZeroTrustAccessApplicationsOutput(args: GetZeroTrustAccessApplicationsOutputArgs, opts?: InvokeOptions): Output<GetZeroTrustAccessApplicationsResult>

def get_zero_trust_access_applications(account_id: Optional[str] = None,
                                       aud: Optional[str] = None,
                                       domain: Optional[str] = None,
                                       max_items: Optional[int] = None,
                                       name: Optional[str] = None,
                                       search: Optional[str] = None,
                                       zone_id: Optional[str] = None,
                                       opts: Optional[InvokeOptions] = None) -> GetZeroTrustAccessApplicationsResult
def get_zero_trust_access_applications_output(account_id: Optional[pulumi.Input[str]] = None,
                                       aud: Optional[pulumi.Input[str]] = None,
                                       domain: Optional[pulumi.Input[str]] = None,
                                       max_items: Optional[pulumi.Input[int]] = None,
                                       name: Optional[pulumi.Input[str]] = None,
                                       search: Optional[pulumi.Input[str]] = None,
                                       zone_id: Optional[pulumi.Input[str]] = None,
                                       opts: Optional[InvokeOptions] = None) -> Output[GetZeroTrustAccessApplicationsResult]

func LookupZeroTrustAccessApplications(ctx *Context, args *LookupZeroTrustAccessApplicationsArgs, opts ...InvokeOption) (*LookupZeroTrustAccessApplicationsResult, error)
func LookupZeroTrustAccessApplicationsOutput(ctx *Context, args *LookupZeroTrustAccessApplicationsOutputArgs, opts ...InvokeOption) LookupZeroTrustAccessApplicationsResultOutput

> Note: This function is named LookupZeroTrustAccessApplications in the Go SDK.

public static class GetZeroTrustAccessApplications 
{
    public static Task<GetZeroTrustAccessApplicationsResult> InvokeAsync(GetZeroTrustAccessApplicationsArgs args, InvokeOptions? opts = null)
    public static Output<GetZeroTrustAccessApplicationsResult> Invoke(GetZeroTrustAccessApplicationsInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetZeroTrustAccessApplicationsResult> getZeroTrustAccessApplications(GetZeroTrustAccessApplicationsArgs args, InvokeOptions options)
public static Output<GetZeroTrustAccessApplicationsResult> getZeroTrustAccessApplications(GetZeroTrustAccessApplicationsArgs args, InvokeOptions options)

fn::invoke:
  function: cloudflare:index/getZeroTrustAccessApplications:getZeroTrustAccessApplications
  arguments:
    # arguments dictionary

The following arguments are supported:

AccountId string: The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.
Aud string: The aud of the app.
Domain string: The domain of the app.
MaxItems int: Max items to fetch, default: 1000
Name string: The name of the app.
Search string: Search for apps by other listed query parameters.
ZoneId string: The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.

AccountId string: The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.
Aud string: The aud of the app.
Domain string: The domain of the app.
MaxItems int: Max items to fetch, default: 1000
Name string: The name of the app.
Search string: Search for apps by other listed query parameters.
ZoneId string: The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.

accountId String: The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.
aud String: The aud of the app.
domain String: The domain of the app.
maxItems Integer: Max items to fetch, default: 1000
name String: The name of the app.
search String: Search for apps by other listed query parameters.
zoneId String: The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.

accountId string: The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.
aud string: The aud of the app.
domain string: The domain of the app.
maxItems number: Max items to fetch, default: 1000
name string: The name of the app.
search string: Search for apps by other listed query parameters.
zoneId string: The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.

account_id str: The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.
aud str: The aud of the app.
domain str: The domain of the app.
max_items int: Max items to fetch, default: 1000
name str: The name of the app.
search str: Search for apps by other listed query parameters.
zone_id str: The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.

accountId String: The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.
aud String: The aud of the app.
domain String: The domain of the app.
maxItems Number: Max items to fetch, default: 1000
name String: The name of the app.
search String: Search for apps by other listed query parameters.
zoneId String: The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.

getZeroTrustAccessApplications Result

The following output properties are available:

Id string: The provider-assigned unique ID for this managed resource.
Results List<GetZeroTrustAccessApplicationsResult>: The items returned by the data source
AccountId string: The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.
Aud string: The aud of the app.
Domain string: The domain of the app.
MaxItems int: Max items to fetch, default: 1000
Name string: The name of the app.
Search string: Search for apps by other listed query parameters.
ZoneId string: The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.

Id string: The provider-assigned unique ID for this managed resource.
Results []GetZeroTrustAccessApplicationsResult: The items returned by the data source
AccountId string: The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.
Aud string: The aud of the app.
Domain string: The domain of the app.
MaxItems int: Max items to fetch, default: 1000
Name string: The name of the app.
Search string: Search for apps by other listed query parameters.
ZoneId string: The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.

id String: The provider-assigned unique ID for this managed resource.
results List<GetZeroTrustAccessApplicationsResult>: The items returned by the data source
accountId String: The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.
aud String: The aud of the app.
domain String: The domain of the app.
maxItems Integer: Max items to fetch, default: 1000
name String: The name of the app.
search String: Search for apps by other listed query parameters.
zoneId String: The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.

id string: The provider-assigned unique ID for this managed resource.
results GetZeroTrustAccessApplicationsResult[]: The items returned by the data source
accountId string: The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.
aud string: The aud of the app.
domain string: The domain of the app.
maxItems number: Max items to fetch, default: 1000
name string: The name of the app.
search string: Search for apps by other listed query parameters.
zoneId string: The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.

id str: The provider-assigned unique ID for this managed resource.
results Sequence[GetZeroTrustAccessApplicationsResult]: The items returned by the data source
account_id str: The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.
aud str: The aud of the app.
domain str: The domain of the app.
max_items int: Max items to fetch, default: 1000
name str: The name of the app.
search str: Search for apps by other listed query parameters.
zone_id str: The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.

id String: The provider-assigned unique ID for this managed resource.
results List<Property Map>: The items returned by the data source
accountId String: The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.
aud String: The aud of the app.
domain String: The domain of the app.
maxItems Number: Max items to fetch, default: 1000
name String: The name of the app.
search String: Search for apps by other listed query parameters.
zoneId String: The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.

Supporting Types

GetZeroTrustAccessApplicationsResult

AllowAuthenticateViaWarp bool: When set to true, users can authenticate to this application using their WARP session. When set to false this application will always require direct IdP authentication. This setting always overrides the organization setting for WARP authentication.
AllowedIdps List<string>: The identity providers your users can select when connecting to this application. Defaults to all IdPs configured in your account.
AppLauncherLogoUrl string: The image URL of the logo shown in the App Launcher header.
AppLauncherVisible bool: Displays the application in the App Launcher.
Aud string: Audience tag.
AutoRedirectToIdentity bool: When set to true, users skip the identity provider selection step during login. You must specify only one identity provider in allowed_idps.
BgColor string: The background color of the App Launcher page.
CorsHeaders GetZeroTrustAccessApplicationsResultCorsHeaders
CreatedAt string
CustomDenyMessage string: The custom error message shown to a user when they are denied access to the application.
CustomDenyUrl string: The custom URL a user is redirected to when they are denied access to the application when failing identity-based rules.
CustomNonIdentityDenyUrl string: The custom URL a user is redirected to when they are denied access to the application when failing non-identity rules.
CustomPages List<string>: The custom pages that will be displayed when applicable for this application
Destinations List<GetZeroTrustAccessApplicationsResultDestination>: List of destinations secured by Access. This supersedes self_hosted_domains to allow for more flexibility in defining different types of domains. If destinations are provided, then self_hosted_domains will be ignored.
Domain string: The primary hostname and path secured by Access. This domain will be displayed if the app is visible in the App Launcher.
EnableBindingCookie bool: Enables the binding cookie, which increases security against compromised authorization tokens and CSRF attacks.
FooterLinks List<GetZeroTrustAccessApplicationsResultFooterLink>: The links in the App Launcher footer.
HeaderBgColor string: The background color of the App Launcher header.
HttpOnlyCookieAttribute bool: Enables the HttpOnly cookie attribute, which increases security against XSS attacks.
Id string: UUID.
LandingPageDesign GetZeroTrustAccessApplicationsResultLandingPageDesign: The design of the App Launcher landing page shown to users when they log in.
LogoUrl string: The image URL for the logo shown in the App Launcher dashboard.
Name string: The name of the application.
OptionsPreflightBypass bool: Allows options preflight requests to bypass Access authentication and go directly to the origin. Cannot turn on if cors_headers is set.
PathCookieAttribute bool: Enables cookie paths to scope an application's JWT to the application path. If disabled, the JWT will scope to the hostname by default
Policies List<GetZeroTrustAccessApplicationsResultPolicy>
ReadServiceTokensFromHeader string: Allows matching Access Service Tokens passed HTTP in a single header with this name. This works as an alternative to the (CF-Access-Client-Id, CF-Access-Client-Secret) pair of headers. The header value will be interpreted as a json object similar to: { "cf-access-client-id": "88bf3b6d86161464f6509f7219099e57.access.example.com", "cf-access-client-secret": "bdd31cbc4dec990953e39163fbbb194c93313ca9f0a6e420346af9d326b1d2a5" }
SaasApp GetZeroTrustAccessApplicationsResultSaasApp
SameSiteCookieAttribute string: Sets the SameSite cookie setting, which provides increased security against CSRF attacks.
ScimConfig GetZeroTrustAccessApplicationsResultScimConfig: Configuration for provisioning to this application via SCIM. This is currently in closed beta.
SelfHostedDomains List<string>: List of public domains that Access will secure. This field is deprecated in favor of destinations and will be supported until November 21, 2025. If destinations are provided, then self_hosted_domains will be ignored.
Deprecated: This attribute is deprecated.
ServiceAuth401Redirect bool: Returns a 401 status code when the request is blocked by a Service Auth policy.
SessionDuration string: The amount of time that tokens issued for this application will be valid. Must be in the format 300ms or 2h45m. Valid time units are: ns, us (or µs), ms, s, m, h.
SkipAppLauncherLoginPage bool: Determines when to skip the App Launcher landing page.
SkipInterstitial bool: Enables automatic authentication through cloudflared.
Tags List<string>: The tags you want assigned to an application. Tags are used to filter applications in the App Launcher dashboard.
TargetCriterias List<GetZeroTrustAccessApplicationsResultTargetCriteria>
Type string: The application type.
UpdatedAt string

AllowAuthenticateViaWarp bool: When set to true, users can authenticate to this application using their WARP session. When set to false this application will always require direct IdP authentication. This setting always overrides the organization setting for WARP authentication.
AllowedIdps []string: The identity providers your users can select when connecting to this application. Defaults to all IdPs configured in your account.
AppLauncherLogoUrl string: The image URL of the logo shown in the App Launcher header.
AppLauncherVisible bool: Displays the application in the App Launcher.
Aud string: Audience tag.
AutoRedirectToIdentity bool: When set to true, users skip the identity provider selection step during login. You must specify only one identity provider in allowed_idps.
BgColor string: The background color of the App Launcher page.
CorsHeaders GetZeroTrustAccessApplicationsResultCorsHeaders
CreatedAt string
CustomDenyMessage string: The custom error message shown to a user when they are denied access to the application.
CustomDenyUrl string: The custom URL a user is redirected to when they are denied access to the application when failing identity-based rules.
CustomNonIdentityDenyUrl string: The custom URL a user is redirected to when they are denied access to the application when failing non-identity rules.
CustomPages []string: The custom pages that will be displayed when applicable for this application
Destinations []GetZeroTrustAccessApplicationsResultDestination: List of destinations secured by Access. This supersedes self_hosted_domains to allow for more flexibility in defining different types of domains. If destinations are provided, then self_hosted_domains will be ignored.
Domain string: The primary hostname and path secured by Access. This domain will be displayed if the app is visible in the App Launcher.
EnableBindingCookie bool: Enables the binding cookie, which increases security against compromised authorization tokens and CSRF attacks.
FooterLinks []GetZeroTrustAccessApplicationsResultFooterLink: The links in the App Launcher footer.
HeaderBgColor string: The background color of the App Launcher header.
HttpOnlyCookieAttribute bool: Enables the HttpOnly cookie attribute, which increases security against XSS attacks.
Id string: UUID.
LandingPageDesign GetZeroTrustAccessApplicationsResultLandingPageDesign: The design of the App Launcher landing page shown to users when they log in.
LogoUrl string: The image URL for the logo shown in the App Launcher dashboard.
Name string: The name of the application.
OptionsPreflightBypass bool: Allows options preflight requests to bypass Access authentication and go directly to the origin. Cannot turn on if cors_headers is set.
PathCookieAttribute bool: Enables cookie paths to scope an application's JWT to the application path. If disabled, the JWT will scope to the hostname by default
Policies []GetZeroTrustAccessApplicationsResultPolicy
ReadServiceTokensFromHeader string: Allows matching Access Service Tokens passed HTTP in a single header with this name. This works as an alternative to the (CF-Access-Client-Id, CF-Access-Client-Secret) pair of headers. The header value will be interpreted as a json object similar to: { "cf-access-client-id": "88bf3b6d86161464f6509f7219099e57.access.example.com", "cf-access-client-secret": "bdd31cbc4dec990953e39163fbbb194c93313ca9f0a6e420346af9d326b1d2a5" }
SaasApp GetZeroTrustAccessApplicationsResultSaasApp
SameSiteCookieAttribute string: Sets the SameSite cookie setting, which provides increased security against CSRF attacks.
ScimConfig GetZeroTrustAccessApplicationsResultScimConfig: Configuration for provisioning to this application via SCIM. This is currently in closed beta.
SelfHostedDomains []string: List of public domains that Access will secure. This field is deprecated in favor of destinations and will be supported until November 21, 2025. If destinations are provided, then self_hosted_domains will be ignored.
Deprecated: This attribute is deprecated.
ServiceAuth401Redirect bool: Returns a 401 status code when the request is blocked by a Service Auth policy.
SessionDuration string: The amount of time that tokens issued for this application will be valid. Must be in the format 300ms or 2h45m. Valid time units are: ns, us (or µs), ms, s, m, h.
SkipAppLauncherLoginPage bool: Determines when to skip the App Launcher landing page.
SkipInterstitial bool: Enables automatic authentication through cloudflared.
Tags []string: The tags you want assigned to an application. Tags are used to filter applications in the App Launcher dashboard.
TargetCriterias []GetZeroTrustAccessApplicationsResultTargetCriteria
Type string: The application type.
UpdatedAt string

allowAuthenticateViaWarp Boolean: When set to true, users can authenticate to this application using their WARP session. When set to false this application will always require direct IdP authentication. This setting always overrides the organization setting for WARP authentication.
allowedIdps List<String>: The identity providers your users can select when connecting to this application. Defaults to all IdPs configured in your account.
appLauncherLogoUrl String: The image URL of the logo shown in the App Launcher header.
appLauncherVisible Boolean: Displays the application in the App Launcher.
aud String: Audience tag.
autoRedirectToIdentity Boolean: When set to true, users skip the identity provider selection step during login. You must specify only one identity provider in allowed_idps.
bgColor String: The background color of the App Launcher page.
corsHeaders GetZeroTrustAccessApplicationsResultCorsHeaders
createdAt String
customDenyMessage String: The custom error message shown to a user when they are denied access to the application.
customDenyUrl String: The custom URL a user is redirected to when they are denied access to the application when failing identity-based rules.
customNonIdentityDenyUrl String: The custom URL a user is redirected to when they are denied access to the application when failing non-identity rules.
customPages List<String>: The custom pages that will be displayed when applicable for this application
destinations List<GetZeroTrustAccessApplicationsResultDestination>: List of destinations secured by Access. This supersedes self_hosted_domains to allow for more flexibility in defining different types of domains. If destinations are provided, then self_hosted_domains will be ignored.
domain String: The primary hostname and path secured by Access. This domain will be displayed if the app is visible in the App Launcher.
enableBindingCookie Boolean: Enables the binding cookie, which increases security against compromised authorization tokens and CSRF attacks.
footerLinks List<GetZeroTrustAccessApplicationsResultFooterLink>: The links in the App Launcher footer.
headerBgColor String: The background color of the App Launcher header.
httpOnlyCookieAttribute Boolean: Enables the HttpOnly cookie attribute, which increases security against XSS attacks.
id String: UUID.
landingPageDesign GetZeroTrustAccessApplicationsResultLandingPageDesign: The design of the App Launcher landing page shown to users when they log in.
logoUrl String: The image URL for the logo shown in the App Launcher dashboard.
name String: The name of the application.
optionsPreflightBypass Boolean: Allows options preflight requests to bypass Access authentication and go directly to the origin. Cannot turn on if cors_headers is set.
pathCookieAttribute Boolean: Enables cookie paths to scope an application's JWT to the application path. If disabled, the JWT will scope to the hostname by default
policies List<GetZeroTrustAccessApplicationsResultPolicy>
readServiceTokensFromHeader String: Allows matching Access Service Tokens passed HTTP in a single header with this name. This works as an alternative to the (CF-Access-Client-Id, CF-Access-Client-Secret) pair of headers. The header value will be interpreted as a json object similar to: { "cf-access-client-id": "88bf3b6d86161464f6509f7219099e57.access.example.com", "cf-access-client-secret": "bdd31cbc4dec990953e39163fbbb194c93313ca9f0a6e420346af9d326b1d2a5" }
saasApp GetZeroTrustAccessApplicationsResultSaasApp
sameSiteCookieAttribute String: Sets the SameSite cookie setting, which provides increased security against CSRF attacks.
scimConfig GetZeroTrustAccessApplicationsResultScimConfig: Configuration for provisioning to this application via SCIM. This is currently in closed beta.
selfHostedDomains List<String>: List of public domains that Access will secure. This field is deprecated in favor of destinations and will be supported until November 21, 2025. If destinations are provided, then self_hosted_domains will be ignored.
Deprecated: This attribute is deprecated.
serviceAuth401Redirect Boolean: Returns a 401 status code when the request is blocked by a Service Auth policy.
sessionDuration String: The amount of time that tokens issued for this application will be valid. Must be in the format 300ms or 2h45m. Valid time units are: ns, us (or µs), ms, s, m, h.
skipAppLauncherLoginPage Boolean: Determines when to skip the App Launcher landing page.
skipInterstitial Boolean: Enables automatic authentication through cloudflared.
tags List<String>: The tags you want assigned to an application. Tags are used to filter applications in the App Launcher dashboard.
targetCriterias List<GetZeroTrustAccessApplicationsResultTargetCriteria>
type String: The application type.
updatedAt String

allowAuthenticateViaWarp boolean: When set to true, users can authenticate to this application using their WARP session. When set to false this application will always require direct IdP authentication. This setting always overrides the organization setting for WARP authentication.
allowedIdps string[]: The identity providers your users can select when connecting to this application. Defaults to all IdPs configured in your account.
appLauncherLogoUrl string: The image URL of the logo shown in the App Launcher header.
appLauncherVisible boolean: Displays the application in the App Launcher.
aud string: Audience tag.
autoRedirectToIdentity boolean: When set to true, users skip the identity provider selection step during login. You must specify only one identity provider in allowed_idps.
bgColor string: The background color of the App Launcher page.
corsHeaders GetZeroTrustAccessApplicationsResultCorsHeaders
createdAt string
customDenyMessage string: The custom error message shown to a user when they are denied access to the application.
customDenyUrl string: The custom URL a user is redirected to when they are denied access to the application when failing identity-based rules.
customNonIdentityDenyUrl string: The custom URL a user is redirected to when they are denied access to the application when failing non-identity rules.
customPages string[]: The custom pages that will be displayed when applicable for this application
destinations GetZeroTrustAccessApplicationsResultDestination[]: List of destinations secured by Access. This supersedes self_hosted_domains to allow for more flexibility in defining different types of domains. If destinations are provided, then self_hosted_domains will be ignored.
domain string: The primary hostname and path secured by Access. This domain will be displayed if the app is visible in the App Launcher.
enableBindingCookie boolean: Enables the binding cookie, which increases security against compromised authorization tokens and CSRF attacks.
footerLinks GetZeroTrustAccessApplicationsResultFooterLink[]: The links in the App Launcher footer.
headerBgColor string: The background color of the App Launcher header.
httpOnlyCookieAttribute boolean: Enables the HttpOnly cookie attribute, which increases security against XSS attacks.
id string: UUID.
landingPageDesign GetZeroTrustAccessApplicationsResultLandingPageDesign: The design of the App Launcher landing page shown to users when they log in.
logoUrl string: The image URL for the logo shown in the App Launcher dashboard.
name string: The name of the application.
optionsPreflightBypass boolean: Allows options preflight requests to bypass Access authentication and go directly to the origin. Cannot turn on if cors_headers is set.
pathCookieAttribute boolean: Enables cookie paths to scope an application's JWT to the application path. If disabled, the JWT will scope to the hostname by default
policies GetZeroTrustAccessApplicationsResultPolicy[]
readServiceTokensFromHeader string: Allows matching Access Service Tokens passed HTTP in a single header with this name. This works as an alternative to the (CF-Access-Client-Id, CF-Access-Client-Secret) pair of headers. The header value will be interpreted as a json object similar to: { "cf-access-client-id": "88bf3b6d86161464f6509f7219099e57.access.example.com", "cf-access-client-secret": "bdd31cbc4dec990953e39163fbbb194c93313ca9f0a6e420346af9d326b1d2a5" }
saasApp GetZeroTrustAccessApplicationsResultSaasApp
sameSiteCookieAttribute string: Sets the SameSite cookie setting, which provides increased security against CSRF attacks.
scimConfig GetZeroTrustAccessApplicationsResultScimConfig: Configuration for provisioning to this application via SCIM. This is currently in closed beta.
selfHostedDomains string[]: List of public domains that Access will secure. This field is deprecated in favor of destinations and will be supported until November 21, 2025. If destinations are provided, then self_hosted_domains will be ignored.
Deprecated: This attribute is deprecated.
serviceAuth401Redirect boolean: Returns a 401 status code when the request is blocked by a Service Auth policy.
sessionDuration string: The amount of time that tokens issued for this application will be valid. Must be in the format 300ms or 2h45m. Valid time units are: ns, us (or µs), ms, s, m, h.
skipAppLauncherLoginPage boolean: Determines when to skip the App Launcher landing page.
skipInterstitial boolean: Enables automatic authentication through cloudflared.
tags string[]: The tags you want assigned to an application. Tags are used to filter applications in the App Launcher dashboard.
targetCriterias GetZeroTrustAccessApplicationsResultTargetCriteria[]
type string: The application type.
updatedAt string

allow_authenticate_via_warp bool: When set to true, users can authenticate to this application using their WARP session. When set to false this application will always require direct IdP authentication. This setting always overrides the organization setting for WARP authentication.
allowed_idps Sequence[str]: The identity providers your users can select when connecting to this application. Defaults to all IdPs configured in your account.
app_launcher_logo_url str: The image URL of the logo shown in the App Launcher header.
app_launcher_visible bool: Displays the application in the App Launcher.
aud str: Audience tag.
auto_redirect_to_identity bool: When set to true, users skip the identity provider selection step during login. You must specify only one identity provider in allowed_idps.
bg_color str: The background color of the App Launcher page.
cors_headers GetZeroTrustAccessApplicationsResultCorsHeaders
created_at str
custom_deny_message str: The custom error message shown to a user when they are denied access to the application.
custom_deny_url str: The custom URL a user is redirected to when they are denied access to the application when failing identity-based rules.
custom_non_identity_deny_url str: The custom URL a user is redirected to when they are denied access to the application when failing non-identity rules.
custom_pages Sequence[str]: The custom pages that will be displayed when applicable for this application
destinations Sequence[GetZeroTrustAccessApplicationsResultDestination]: List of destinations secured by Access. This supersedes self_hosted_domains to allow for more flexibility in defining different types of domains. If destinations are provided, then self_hosted_domains will be ignored.
domain str: The primary hostname and path secured by Access. This domain will be displayed if the app is visible in the App Launcher.
enable_binding_cookie bool: Enables the binding cookie, which increases security against compromised authorization tokens and CSRF attacks.
footer_links Sequence[GetZeroTrustAccessApplicationsResultFooterLink]: The links in the App Launcher footer.
header_bg_color str: The background color of the App Launcher header.
http_only_cookie_attribute bool: Enables the HttpOnly cookie attribute, which increases security against XSS attacks.
id str: UUID.
landing_page_design GetZeroTrustAccessApplicationsResultLandingPageDesign: The design of the App Launcher landing page shown to users when they log in.
logo_url str: The image URL for the logo shown in the App Launcher dashboard.
name str: The name of the application.
options_preflight_bypass bool: Allows options preflight requests to bypass Access authentication and go directly to the origin. Cannot turn on if cors_headers is set.
path_cookie_attribute bool: Enables cookie paths to scope an application's JWT to the application path. If disabled, the JWT will scope to the hostname by default
policies Sequence[GetZeroTrustAccessApplicationsResultPolicy]
read_service_tokens_from_header str: Allows matching Access Service Tokens passed HTTP in a single header with this name. This works as an alternative to the (CF-Access-Client-Id, CF-Access-Client-Secret) pair of headers. The header value will be interpreted as a json object similar to: { "cf-access-client-id": "88bf3b6d86161464f6509f7219099e57.access.example.com", "cf-access-client-secret": "bdd31cbc4dec990953e39163fbbb194c93313ca9f0a6e420346af9d326b1d2a5" }
saas_app GetZeroTrustAccessApplicationsResultSaasApp
same_site_cookie_attribute str: Sets the SameSite cookie setting, which provides increased security against CSRF attacks.
scim_config GetZeroTrustAccessApplicationsResultScimConfig: Configuration for provisioning to this application via SCIM. This is currently in closed beta.
self_hosted_domains Sequence[str]: List of public domains that Access will secure. This field is deprecated in favor of destinations and will be supported until November 21, 2025. If destinations are provided, then self_hosted_domains will be ignored.
Deprecated: This attribute is deprecated.
service_auth401_redirect bool: Returns a 401 status code when the request is blocked by a Service Auth policy.
session_duration str: The amount of time that tokens issued for this application will be valid. Must be in the format 300ms or 2h45m. Valid time units are: ns, us (or µs), ms, s, m, h.
skip_app_launcher_login_page bool: Determines when to skip the App Launcher landing page.
skip_interstitial bool: Enables automatic authentication through cloudflared.
tags Sequence[str]: The tags you want assigned to an application. Tags are used to filter applications in the App Launcher dashboard.
target_criterias Sequence[GetZeroTrustAccessApplicationsResultTargetCriteria]
type str: The application type.
updated_at str

allowAuthenticateViaWarp Boolean: When set to true, users can authenticate to this application using their WARP session. When set to false this application will always require direct IdP authentication. This setting always overrides the organization setting for WARP authentication.
allowedIdps List<String>: The identity providers your users can select when connecting to this application. Defaults to all IdPs configured in your account.
appLauncherLogoUrl String: The image URL of the logo shown in the App Launcher header.
appLauncherVisible Boolean: Displays the application in the App Launcher.
aud String: Audience tag.
autoRedirectToIdentity Boolean: When set to true, users skip the identity provider selection step during login. You must specify only one identity provider in allowed_idps.
bgColor String: The background color of the App Launcher page.
corsHeaders Property Map
createdAt String
customDenyMessage String: The custom error message shown to a user when they are denied access to the application.
customDenyUrl String: The custom URL a user is redirected to when they are denied access to the application when failing identity-based rules.
customNonIdentityDenyUrl String: The custom URL a user is redirected to when they are denied access to the application when failing non-identity rules.
customPages List<String>: The custom pages that will be displayed when applicable for this application
destinations List<Property Map>: List of destinations secured by Access. This supersedes self_hosted_domains to allow for more flexibility in defining different types of domains. If destinations are provided, then self_hosted_domains will be ignored.
domain String: The primary hostname and path secured by Access. This domain will be displayed if the app is visible in the App Launcher.
enableBindingCookie Boolean: Enables the binding cookie, which increases security against compromised authorization tokens and CSRF attacks.
footerLinks List<Property Map>: The links in the App Launcher footer.
headerBgColor String: The background color of the App Launcher header.
httpOnlyCookieAttribute Boolean: Enables the HttpOnly cookie attribute, which increases security against XSS attacks.
id String: UUID.
landingPageDesign Property Map: The design of the App Launcher landing page shown to users when they log in.
logoUrl String: The image URL for the logo shown in the App Launcher dashboard.
name String: The name of the application.
optionsPreflightBypass Boolean: Allows options preflight requests to bypass Access authentication and go directly to the origin. Cannot turn on if cors_headers is set.
pathCookieAttribute Boolean: Enables cookie paths to scope an application's JWT to the application path. If disabled, the JWT will scope to the hostname by default
policies List<Property Map>
readServiceTokensFromHeader String: Allows matching Access Service Tokens passed HTTP in a single header with this name. This works as an alternative to the (CF-Access-Client-Id, CF-Access-Client-Secret) pair of headers. The header value will be interpreted as a json object similar to: { "cf-access-client-id": "88bf3b6d86161464f6509f7219099e57.access.example.com", "cf-access-client-secret": "bdd31cbc4dec990953e39163fbbb194c93313ca9f0a6e420346af9d326b1d2a5" }
saasApp Property Map
sameSiteCookieAttribute String: Sets the SameSite cookie setting, which provides increased security against CSRF attacks.
scimConfig Property Map: Configuration for provisioning to this application via SCIM. This is currently in closed beta.
selfHostedDomains List<String>: List of public domains that Access will secure. This field is deprecated in favor of destinations and will be supported until November 21, 2025. If destinations are provided, then self_hosted_domains will be ignored.
Deprecated: This attribute is deprecated.
serviceAuth401Redirect Boolean: Returns a 401 status code when the request is blocked by a Service Auth policy.
sessionDuration String: The amount of time that tokens issued for this application will be valid. Must be in the format 300ms or 2h45m. Valid time units are: ns, us (or µs), ms, s, m, h.
skipAppLauncherLoginPage Boolean: Determines when to skip the App Launcher landing page.
skipInterstitial Boolean: Enables automatic authentication through cloudflared.
tags List<String>: The tags you want assigned to an application. Tags are used to filter applications in the App Launcher dashboard.
targetCriterias List<Property Map>
type String: The application type.
updatedAt String

GetZeroTrustAccessApplicationsResultCorsHeaders

AllowAllHeaders bool: Allows all HTTP request headers.
AllowAllMethods bool: Allows all HTTP request methods.
AllowAllOrigins bool: Allows all origins.
AllowCredentials bool: When set to true, includes credentials (cookies, authorization headers, or TLS client certificates) with requests.
AllowedHeaders List<string>: Allowed HTTP request headers.
AllowedMethods List<string>: Allowed HTTP request methods.
AllowedOrigins List<string>: Allowed origins.
MaxAge double: The maximum number of seconds the results of a preflight request can be cached.

AllowAllHeaders bool: Allows all HTTP request headers.
AllowAllMethods bool: Allows all HTTP request methods.
AllowAllOrigins bool: Allows all origins.
AllowCredentials bool: When set to true, includes credentials (cookies, authorization headers, or TLS client certificates) with requests.
AllowedHeaders []string: Allowed HTTP request headers.
AllowedMethods []string: Allowed HTTP request methods.
AllowedOrigins []string: Allowed origins.
MaxAge float64: The maximum number of seconds the results of a preflight request can be cached.

allowAllHeaders Boolean: Allows all HTTP request headers.
allowAllMethods Boolean: Allows all HTTP request methods.
allowAllOrigins Boolean: Allows all origins.
allowCredentials Boolean: When set to true, includes credentials (cookies, authorization headers, or TLS client certificates) with requests.
allowedHeaders List<String>: Allowed HTTP request headers.
allowedMethods List<String>: Allowed HTTP request methods.
allowedOrigins List<String>: Allowed origins.
maxAge Double: The maximum number of seconds the results of a preflight request can be cached.

allowAllHeaders boolean: Allows all HTTP request headers.
allowAllMethods boolean: Allows all HTTP request methods.
allowAllOrigins boolean: Allows all origins.
allowCredentials boolean: When set to true, includes credentials (cookies, authorization headers, or TLS client certificates) with requests.
allowedHeaders string[]: Allowed HTTP request headers.
allowedMethods string[]: Allowed HTTP request methods.
allowedOrigins string[]: Allowed origins.
maxAge number: The maximum number of seconds the results of a preflight request can be cached.

allow_all_headers bool: Allows all HTTP request headers.
allow_all_methods bool: Allows all HTTP request methods.
allow_all_origins bool: Allows all origins.
allow_credentials bool: When set to true, includes credentials (cookies, authorization headers, or TLS client certificates) with requests.
allowed_headers Sequence[str]: Allowed HTTP request headers.
allowed_methods Sequence[str]: Allowed HTTP request methods.
allowed_origins Sequence[str]: Allowed origins.
max_age float: The maximum number of seconds the results of a preflight request can be cached.

allowAllHeaders Boolean: Allows all HTTP request headers.
allowAllMethods Boolean: Allows all HTTP request methods.
allowAllOrigins Boolean: Allows all origins.
allowCredentials Boolean: When set to true, includes credentials (cookies, authorization headers, or TLS client certificates) with requests.
allowedHeaders List<String>: Allowed HTTP request headers.
allowedMethods List<String>: Allowed HTTP request methods.
allowedOrigins List<String>: Allowed origins.
maxAge Number: The maximum number of seconds the results of a preflight request can be cached.

GetZeroTrustAccessApplicationsResultDestination

Cidr string: The CIDR range of the destination. Single IPs will be computed as /32.
Hostname string: The hostname of the destination. Matches a valid SNI served by an HTTPS origin.
L4Protocol string: The L4 protocol of the destination. When omitted, both UDP and TCP traffic will match. Available values: "tcp", "udp".
PortRange string: The port range of the destination. Can be a single port or a range of ports. When omitted, all ports will match.
Type string: Available values: "public".
Uri string: The URI of the destination. Public destinations' URIs can include a domain and path with wildcards.
VnetId string: The VNET ID to match the destination. When omitted, all VNETs will match.

Cidr string: The CIDR range of the destination. Single IPs will be computed as /32.
Hostname string: The hostname of the destination. Matches a valid SNI served by an HTTPS origin.
L4Protocol string: The L4 protocol of the destination. When omitted, both UDP and TCP traffic will match. Available values: "tcp", "udp".
PortRange string: The port range of the destination. Can be a single port or a range of ports. When omitted, all ports will match.
Type string: Available values: "public".
Uri string: The URI of the destination. Public destinations' URIs can include a domain and path with wildcards.
VnetId string: The VNET ID to match the destination. When omitted, all VNETs will match.

cidr String: The CIDR range of the destination. Single IPs will be computed as /32.
hostname String: The hostname of the destination. Matches a valid SNI served by an HTTPS origin.
l4Protocol String: The L4 protocol of the destination. When omitted, both UDP and TCP traffic will match. Available values: "tcp", "udp".
portRange String: The port range of the destination. Can be a single port or a range of ports. When omitted, all ports will match.
type String: Available values: "public".
uri String: The URI of the destination. Public destinations' URIs can include a domain and path with wildcards.
vnetId String: The VNET ID to match the destination. When omitted, all VNETs will match.

cidr string: The CIDR range of the destination. Single IPs will be computed as /32.
hostname string: The hostname of the destination. Matches a valid SNI served by an HTTPS origin.
l4Protocol string: The L4 protocol of the destination. When omitted, both UDP and TCP traffic will match. Available values: "tcp", "udp".
portRange string: The port range of the destination. Can be a single port or a range of ports. When omitted, all ports will match.
type string: Available values: "public".
uri string: The URI of the destination. Public destinations' URIs can include a domain and path with wildcards.
vnetId string: The VNET ID to match the destination. When omitted, all VNETs will match.

cidr str: The CIDR range of the destination. Single IPs will be computed as /32.
hostname str: The hostname of the destination. Matches a valid SNI served by an HTTPS origin.
l4_protocol str: The L4 protocol of the destination. When omitted, both UDP and TCP traffic will match. Available values: "tcp", "udp".
port_range str: The port range of the destination. Can be a single port or a range of ports. When omitted, all ports will match.
type str: Available values: "public".
uri str: The URI of the destination. Public destinations' URIs can include a domain and path with wildcards.
vnet_id str: The VNET ID to match the destination. When omitted, all VNETs will match.

cidr String: The CIDR range of the destination. Single IPs will be computed as /32.
hostname String: The hostname of the destination. Matches a valid SNI served by an HTTPS origin.
l4Protocol String: The L4 protocol of the destination. When omitted, both UDP and TCP traffic will match. Available values: "tcp", "udp".
portRange String: The port range of the destination. Can be a single port or a range of ports. When omitted, all ports will match.
type String: Available values: "public".
uri String: The URI of the destination. Public destinations' URIs can include a domain and path with wildcards.
vnetId String: The VNET ID to match the destination. When omitted, all VNETs will match.

GetZeroTrustAccessApplicationsResultFooterLink

Name string: The hypertext in the footer link.
Url string: the hyperlink in the footer link.

Name string: The hypertext in the footer link.
Url string: the hyperlink in the footer link.

name String: The hypertext in the footer link.
url String: the hyperlink in the footer link.

name string: The hypertext in the footer link.
url string: the hyperlink in the footer link.

name str: The hypertext in the footer link.
url str: the hyperlink in the footer link.

name String: The hypertext in the footer link.
url String: the hyperlink in the footer link.

GetZeroTrustAccessApplicationsResultLandingPageDesign

ButtonColor string: The background color of the log in button on the landing page.
ButtonTextColor string: The color of the text in the log in button on the landing page.
ImageUrl string: The URL of the image shown on the landing page.
Message string: The message shown on the landing page.
Title string: The title shown on the landing page.

ButtonColor string: The background color of the log in button on the landing page.
ButtonTextColor string: The color of the text in the log in button on the landing page.
ImageUrl string: The URL of the image shown on the landing page.
Message string: The message shown on the landing page.
Title string: The title shown on the landing page.

buttonColor String: The background color of the log in button on the landing page.
buttonTextColor String: The color of the text in the log in button on the landing page.
imageUrl String: The URL of the image shown on the landing page.
message String: The message shown on the landing page.
title String: The title shown on the landing page.

buttonColor string: The background color of the log in button on the landing page.
buttonTextColor string: The color of the text in the log in button on the landing page.
imageUrl string: The URL of the image shown on the landing page.
message string: The message shown on the landing page.
title string: The title shown on the landing page.

button_color str: The background color of the log in button on the landing page.
button_text_color str: The color of the text in the log in button on the landing page.
image_url str: The URL of the image shown on the landing page.
message str: The message shown on the landing page.
title str: The title shown on the landing page.

buttonColor String: The background color of the log in button on the landing page.
buttonTextColor String: The color of the text in the log in button on the landing page.
imageUrl String: The URL of the image shown on the landing page.
message String: The message shown on the landing page.
title String: The title shown on the landing page.

GetZeroTrustAccessApplicationsResultPolicy

ApprovalGroups List<GetZeroTrustAccessApplicationsResultPolicyApprovalGroup>: Administrators who can approve a temporary authentication request.
ApprovalRequired bool: Requires the user to request access from an administrator at the start of each session.
ConnectionRules GetZeroTrustAccessApplicationsResultPolicyConnectionRules: The rules that define how users may connect to the targets secured by your application.
CreatedAt string
Decision string: The action Access will take if a user matches this policy. Infrastructure application policies can only use the Allow action. Available values: "allow", "deny", "non_identity", "bypass".
Excludes List<GetZeroTrustAccessApplicationsResultPolicyExclude>: Rules evaluated with a NOT logical operator. To match the policy, a user cannot meet any of the Exclude rules.
Id string: The UUID of the policy
Includes List<GetZeroTrustAccessApplicationsResultPolicyInclude>: Rules evaluated with an OR logical operator. A user needs to meet only one of the Include rules.
IsolationRequired bool: Require this application to be served in an isolated browser for users matching this policy. 'Client Web Isolation' must be on for the account in order to use this feature.
Name string: The name of the Access policy.
Precedence int: The order of execution for this policy. Must be unique for each policy within an app.
PurposeJustificationPrompt string: A custom message that will appear on the purpose justification screen.
PurposeJustificationRequired bool: Require users to enter a justification when they log in to the application.
Requires List<GetZeroTrustAccessApplicationsResultPolicyRequire>: Rules evaluated with an AND logical operator. To match the policy, a user must meet all of the Require rules.
SessionDuration string: The amount of time that tokens issued for the application will be valid. Must be in the format 300ms or 2h45m. Valid time units are: ns, us (or µs), ms, s, m, h.
UpdatedAt string

ApprovalGroups []GetZeroTrustAccessApplicationsResultPolicyApprovalGroup: Administrators who can approve a temporary authentication request.
ApprovalRequired bool: Requires the user to request access from an administrator at the start of each session.
ConnectionRules GetZeroTrustAccessApplicationsResultPolicyConnectionRules: The rules that define how users may connect to the targets secured by your application.
CreatedAt string
Decision string: The action Access will take if a user matches this policy. Infrastructure application policies can only use the Allow action. Available values: "allow", "deny", "non_identity", "bypass".
Excludes []GetZeroTrustAccessApplicationsResultPolicyExclude: Rules evaluated with a NOT logical operator. To match the policy, a user cannot meet any of the Exclude rules.
Id string: The UUID of the policy
Includes []GetZeroTrustAccessApplicationsResultPolicyInclude: Rules evaluated with an OR logical operator. A user needs to meet only one of the Include rules.
IsolationRequired bool: Require this application to be served in an isolated browser for users matching this policy. 'Client Web Isolation' must be on for the account in order to use this feature.
Name string: The name of the Access policy.
Precedence int: The order of execution for this policy. Must be unique for each policy within an app.
PurposeJustificationPrompt string: A custom message that will appear on the purpose justification screen.
PurposeJustificationRequired bool: Require users to enter a justification when they log in to the application.
Requires []GetZeroTrustAccessApplicationsResultPolicyRequire: Rules evaluated with an AND logical operator. To match the policy, a user must meet all of the Require rules.
SessionDuration string: The amount of time that tokens issued for the application will be valid. Must be in the format 300ms or 2h45m. Valid time units are: ns, us (or µs), ms, s, m, h.
UpdatedAt string

approvalGroups List<GetZeroTrustAccessApplicationsResultPolicyApprovalGroup>: Administrators who can approve a temporary authentication request.
approvalRequired Boolean: Requires the user to request access from an administrator at the start of each session.
connectionRules GetZeroTrustAccessApplicationsResultPolicyConnectionRules: The rules that define how users may connect to the targets secured by your application.
createdAt String
decision String: The action Access will take if a user matches this policy. Infrastructure application policies can only use the Allow action. Available values: "allow", "deny", "non_identity", "bypass".
excludes List<GetZeroTrustAccessApplicationsResultPolicyExclude>: Rules evaluated with a NOT logical operator. To match the policy, a user cannot meet any of the Exclude rules.
id String: The UUID of the policy
includes List<GetZeroTrustAccessApplicationsResultPolicyInclude>: Rules evaluated with an OR logical operator. A user needs to meet only one of the Include rules.
isolationRequired Boolean: Require this application to be served in an isolated browser for users matching this policy. 'Client Web Isolation' must be on for the account in order to use this feature.
name String: The name of the Access policy.
precedence Integer: The order of execution for this policy. Must be unique for each policy within an app.
purposeJustificationPrompt String: A custom message that will appear on the purpose justification screen.
purposeJustificationRequired Boolean: Require users to enter a justification when they log in to the application.
requires List<GetZeroTrustAccessApplicationsResultPolicyRequire>: Rules evaluated with an AND logical operator. To match the policy, a user must meet all of the Require rules.
sessionDuration String: The amount of time that tokens issued for the application will be valid. Must be in the format 300ms or 2h45m. Valid time units are: ns, us (or µs), ms, s, m, h.
updatedAt String

approvalGroups GetZeroTrustAccessApplicationsResultPolicyApprovalGroup[]: Administrators who can approve a temporary authentication request.
approvalRequired boolean: Requires the user to request access from an administrator at the start of each session.
connectionRules GetZeroTrustAccessApplicationsResultPolicyConnectionRules: The rules that define how users may connect to the targets secured by your application.
createdAt string
decision string: The action Access will take if a user matches this policy. Infrastructure application policies can only use the Allow action. Available values: "allow", "deny", "non_identity", "bypass".
excludes GetZeroTrustAccessApplicationsResultPolicyExclude[]: Rules evaluated with a NOT logical operator. To match the policy, a user cannot meet any of the Exclude rules.
id string: The UUID of the policy
includes GetZeroTrustAccessApplicationsResultPolicyInclude[]: Rules evaluated with an OR logical operator. A user needs to meet only one of the Include rules.
isolationRequired boolean: Require this application to be served in an isolated browser for users matching this policy. 'Client Web Isolation' must be on for the account in order to use this feature.
name string: The name of the Access policy.
precedence number: The order of execution for this policy. Must be unique for each policy within an app.
purposeJustificationPrompt string: A custom message that will appear on the purpose justification screen.
purposeJustificationRequired boolean: Require users to enter a justification when they log in to the application.
requires GetZeroTrustAccessApplicationsResultPolicyRequire[]: Rules evaluated with an AND logical operator. To match the policy, a user must meet all of the Require rules.
sessionDuration string: The amount of time that tokens issued for the application will be valid. Must be in the format 300ms or 2h45m. Valid time units are: ns, us (or µs), ms, s, m, h.
updatedAt string

approval_groups Sequence[GetZeroTrustAccessApplicationsResultPolicyApprovalGroup]: Administrators who can approve a temporary authentication request.
approval_required bool: Requires the user to request access from an administrator at the start of each session.
connection_rules GetZeroTrustAccessApplicationsResultPolicyConnectionRules: The rules that define how users may connect to the targets secured by your application.
created_at str
decision str: The action Access will take if a user matches this policy. Infrastructure application policies can only use the Allow action. Available values: "allow", "deny", "non_identity", "bypass".
excludes Sequence[GetZeroTrustAccessApplicationsResultPolicyExclude]: Rules evaluated with a NOT logical operator. To match the policy, a user cannot meet any of the Exclude rules.
id str: The UUID of the policy
includes Sequence[GetZeroTrustAccessApplicationsResultPolicyInclude]: Rules evaluated with an OR logical operator. A user needs to meet only one of the Include rules.
isolation_required bool: Require this application to be served in an isolated browser for users matching this policy. 'Client Web Isolation' must be on for the account in order to use this feature.
name str: The name of the Access policy.
precedence int: The order of execution for this policy. Must be unique for each policy within an app.
purpose_justification_prompt str: A custom message that will appear on the purpose justification screen.
purpose_justification_required bool: Require users to enter a justification when they log in to the application.
requires Sequence[GetZeroTrustAccessApplicationsResultPolicyRequire]: Rules evaluated with an AND logical operator. To match the policy, a user must meet all of the Require rules.
session_duration str: The amount of time that tokens issued for the application will be valid. Must be in the format 300ms or 2h45m. Valid time units are: ns, us (or µs), ms, s, m, h.
updated_at str

approvalGroups List<Property Map>: Administrators who can approve a temporary authentication request.
approvalRequired Boolean: Requires the user to request access from an administrator at the start of each session.
connectionRules Property Map: The rules that define how users may connect to the targets secured by your application.
createdAt String
decision String: The action Access will take if a user matches this policy. Infrastructure application policies can only use the Allow action. Available values: "allow", "deny", "non_identity", "bypass".
excludes List<Property Map>: Rules evaluated with a NOT logical operator. To match the policy, a user cannot meet any of the Exclude rules.
id String: The UUID of the policy
includes List<Property Map>: Rules evaluated with an OR logical operator. A user needs to meet only one of the Include rules.
isolationRequired Boolean: Require this application to be served in an isolated browser for users matching this policy. 'Client Web Isolation' must be on for the account in order to use this feature.
name String: The name of the Access policy.
precedence Number: The order of execution for this policy. Must be unique for each policy within an app.
purposeJustificationPrompt String: A custom message that will appear on the purpose justification screen.
purposeJustificationRequired Boolean: Require users to enter a justification when they log in to the application.
requires List<Property Map>: Rules evaluated with an AND logical operator. To match the policy, a user must meet all of the Require rules.
sessionDuration String: The amount of time that tokens issued for the application will be valid. Must be in the format 300ms or 2h45m. Valid time units are: ns, us (or µs), ms, s, m, h.
updatedAt String

GetZeroTrustAccessApplicationsResultPolicyApprovalGroup

ApprovalsNeeded double: The number of approvals needed to obtain access.
EmailAddresses List<string>: A list of emails that can approve the access request.
EmailListUuid string: The UUID of an re-usable email list.

ApprovalsNeeded float64: The number of approvals needed to obtain access.
EmailAddresses []string: A list of emails that can approve the access request.
EmailListUuid string: The UUID of an re-usable email list.

approvalsNeeded Double: The number of approvals needed to obtain access.
emailAddresses List<String>: A list of emails that can approve the access request.
emailListUuid String: The UUID of an re-usable email list.

approvalsNeeded number: The number of approvals needed to obtain access.
emailAddresses string[]: A list of emails that can approve the access request.
emailListUuid string: The UUID of an re-usable email list.

approvals_needed float: The number of approvals needed to obtain access.
email_addresses Sequence[str]: A list of emails that can approve the access request.
email_list_uuid str: The UUID of an re-usable email list.

approvalsNeeded Number: The number of approvals needed to obtain access.
emailAddresses List<String>: A list of emails that can approve the access request.
emailListUuid String: The UUID of an re-usable email list.

GetZeroTrustAccessApplicationsResultPolicyConnectionRules

Ssh GetZeroTrustAccessApplicationsResultPolicyConnectionRulesSsh: The SSH-specific rules that define how users may connect to the targets secured by your application.

Ssh GetZeroTrustAccessApplicationsResultPolicyConnectionRulesSsh: The SSH-specific rules that define how users may connect to the targets secured by your application.

ssh GetZeroTrustAccessApplicationsResultPolicyConnectionRulesSsh: The SSH-specific rules that define how users may connect to the targets secured by your application.

ssh GetZeroTrustAccessApplicationsResultPolicyConnectionRulesSsh: The SSH-specific rules that define how users may connect to the targets secured by your application.

ssh GetZeroTrustAccessApplicationsResultPolicyConnectionRulesSsh: The SSH-specific rules that define how users may connect to the targets secured by your application.

ssh Property Map: The SSH-specific rules that define how users may connect to the targets secured by your application.

GetZeroTrustAccessApplicationsResultPolicyConnectionRulesSsh

AllowEmailAlias bool: Enables using Identity Provider email alias as SSH username.
Usernames List<string>: Contains the Unix usernames that may be used when connecting over SSH.

AllowEmailAlias bool: Enables using Identity Provider email alias as SSH username.
Usernames []string: Contains the Unix usernames that may be used when connecting over SSH.

allowEmailAlias Boolean: Enables using Identity Provider email alias as SSH username.
usernames List<String>: Contains the Unix usernames that may be used when connecting over SSH.

allowEmailAlias boolean: Enables using Identity Provider email alias as SSH username.
usernames string[]: Contains the Unix usernames that may be used when connecting over SSH.

allow_email_alias bool: Enables using Identity Provider email alias as SSH username.
usernames Sequence[str]: Contains the Unix usernames that may be used when connecting over SSH.

allowEmailAlias Boolean: Enables using Identity Provider email alias as SSH username.
usernames List<String>: Contains the Unix usernames that may be used when connecting over SSH.

GetZeroTrustAccessApplicationsResultPolicyExclude

AnyValidServiceToken GetZeroTrustAccessApplicationsResultPolicyExcludeAnyValidServiceToken: An empty object which matches on all service tokens.
AuthContext GetZeroTrustAccessApplicationsResultPolicyExcludeAuthContext
AuthMethod GetZeroTrustAccessApplicationsResultPolicyExcludeAuthMethod
AzureAd GetZeroTrustAccessApplicationsResultPolicyExcludeAzureAd
Certificate GetZeroTrustAccessApplicationsResultPolicyExcludeCertificate
CommonName GetZeroTrustAccessApplicationsResultPolicyExcludeCommonName
DevicePosture GetZeroTrustAccessApplicationsResultPolicyExcludeDevicePosture
Email GetZeroTrustAccessApplicationsResultPolicyExcludeEmail
EmailDomain GetZeroTrustAccessApplicationsResultPolicyExcludeEmailDomain
EmailList GetZeroTrustAccessApplicationsResultPolicyExcludeEmailList
Everyone GetZeroTrustAccessApplicationsResultPolicyExcludeEveryone: An empty object which matches on all users.
ExternalEvaluation GetZeroTrustAccessApplicationsResultPolicyExcludeExternalEvaluation
Geo GetZeroTrustAccessApplicationsResultPolicyExcludeGeo
GithubOrganization GetZeroTrustAccessApplicationsResultPolicyExcludeGithubOrganization
Group GetZeroTrustAccessApplicationsResultPolicyExcludeGroup
Gsuite GetZeroTrustAccessApplicationsResultPolicyExcludeGsuite
Ip GetZeroTrustAccessApplicationsResultPolicyExcludeIp
IpList GetZeroTrustAccessApplicationsResultPolicyExcludeIpList
LoginMethod GetZeroTrustAccessApplicationsResultPolicyExcludeLoginMethod
Okta GetZeroTrustAccessApplicationsResultPolicyExcludeOkta
Saml GetZeroTrustAccessApplicationsResultPolicyExcludeSaml
ServiceToken GetZeroTrustAccessApplicationsResultPolicyExcludeServiceToken

AnyValidServiceToken GetZeroTrustAccessApplicationsResultPolicyExcludeAnyValidServiceToken: An empty object which matches on all service tokens.
AuthContext GetZeroTrustAccessApplicationsResultPolicyExcludeAuthContext
AuthMethod GetZeroTrustAccessApplicationsResultPolicyExcludeAuthMethod
AzureAd GetZeroTrustAccessApplicationsResultPolicyExcludeAzureAd
Certificate GetZeroTrustAccessApplicationsResultPolicyExcludeCertificate
CommonName GetZeroTrustAccessApplicationsResultPolicyExcludeCommonName
DevicePosture GetZeroTrustAccessApplicationsResultPolicyExcludeDevicePosture
Email GetZeroTrustAccessApplicationsResultPolicyExcludeEmail
EmailDomain GetZeroTrustAccessApplicationsResultPolicyExcludeEmailDomain
EmailList GetZeroTrustAccessApplicationsResultPolicyExcludeEmailList
Everyone GetZeroTrustAccessApplicationsResultPolicyExcludeEveryone: An empty object which matches on all users.
ExternalEvaluation GetZeroTrustAccessApplicationsResultPolicyExcludeExternalEvaluation
Geo GetZeroTrustAccessApplicationsResultPolicyExcludeGeo
GithubOrganization GetZeroTrustAccessApplicationsResultPolicyExcludeGithubOrganization
Group GetZeroTrustAccessApplicationsResultPolicyExcludeGroup
Gsuite GetZeroTrustAccessApplicationsResultPolicyExcludeGsuite
Ip GetZeroTrustAccessApplicationsResultPolicyExcludeIp
IpList GetZeroTrustAccessApplicationsResultPolicyExcludeIpList
LoginMethod GetZeroTrustAccessApplicationsResultPolicyExcludeLoginMethod
Okta GetZeroTrustAccessApplicationsResultPolicyExcludeOkta
Saml GetZeroTrustAccessApplicationsResultPolicyExcludeSaml
ServiceToken GetZeroTrustAccessApplicationsResultPolicyExcludeServiceToken

anyValidServiceToken GetZeroTrustAccessApplicationsResultPolicyExcludeAnyValidServiceToken: An empty object which matches on all service tokens.
authContext GetZeroTrustAccessApplicationsResultPolicyExcludeAuthContext
authMethod GetZeroTrustAccessApplicationsResultPolicyExcludeAuthMethod
azureAd GetZeroTrustAccessApplicationsResultPolicyExcludeAzureAd
certificate GetZeroTrustAccessApplicationsResultPolicyExcludeCertificate
commonName GetZeroTrustAccessApplicationsResultPolicyExcludeCommonName
devicePosture GetZeroTrustAccessApplicationsResultPolicyExcludeDevicePosture
email GetZeroTrustAccessApplicationsResultPolicyExcludeEmail
emailDomain GetZeroTrustAccessApplicationsResultPolicyExcludeEmailDomain
emailList GetZeroTrustAccessApplicationsResultPolicyExcludeEmailList
everyone GetZeroTrustAccessApplicationsResultPolicyExcludeEveryone: An empty object which matches on all users.
externalEvaluation GetZeroTrustAccessApplicationsResultPolicyExcludeExternalEvaluation
geo GetZeroTrustAccessApplicationsResultPolicyExcludeGeo
githubOrganization GetZeroTrustAccessApplicationsResultPolicyExcludeGithubOrganization
group GetZeroTrustAccessApplicationsResultPolicyExcludeGroup
gsuite GetZeroTrustAccessApplicationsResultPolicyExcludeGsuite
ip GetZeroTrustAccessApplicationsResultPolicyExcludeIp
ipList GetZeroTrustAccessApplicationsResultPolicyExcludeIpList
loginMethod GetZeroTrustAccessApplicationsResultPolicyExcludeLoginMethod
okta GetZeroTrustAccessApplicationsResultPolicyExcludeOkta
saml GetZeroTrustAccessApplicationsResultPolicyExcludeSaml
serviceToken GetZeroTrustAccessApplicationsResultPolicyExcludeServiceToken

anyValidServiceToken GetZeroTrustAccessApplicationsResultPolicyExcludeAnyValidServiceToken: An empty object which matches on all service tokens.
authContext GetZeroTrustAccessApplicationsResultPolicyExcludeAuthContext
authMethod GetZeroTrustAccessApplicationsResultPolicyExcludeAuthMethod
azureAd GetZeroTrustAccessApplicationsResultPolicyExcludeAzureAd
certificate GetZeroTrustAccessApplicationsResultPolicyExcludeCertificate
commonName GetZeroTrustAccessApplicationsResultPolicyExcludeCommonName
devicePosture GetZeroTrustAccessApplicationsResultPolicyExcludeDevicePosture
email GetZeroTrustAccessApplicationsResultPolicyExcludeEmail
emailDomain GetZeroTrustAccessApplicationsResultPolicyExcludeEmailDomain
emailList GetZeroTrustAccessApplicationsResultPolicyExcludeEmailList
everyone GetZeroTrustAccessApplicationsResultPolicyExcludeEveryone: An empty object which matches on all users.
externalEvaluation GetZeroTrustAccessApplicationsResultPolicyExcludeExternalEvaluation
geo GetZeroTrustAccessApplicationsResultPolicyExcludeGeo
githubOrganization GetZeroTrustAccessApplicationsResultPolicyExcludeGithubOrganization
group GetZeroTrustAccessApplicationsResultPolicyExcludeGroup
gsuite GetZeroTrustAccessApplicationsResultPolicyExcludeGsuite
ip GetZeroTrustAccessApplicationsResultPolicyExcludeIp
ipList GetZeroTrustAccessApplicationsResultPolicyExcludeIpList
loginMethod GetZeroTrustAccessApplicationsResultPolicyExcludeLoginMethod
okta GetZeroTrustAccessApplicationsResultPolicyExcludeOkta
saml GetZeroTrustAccessApplicationsResultPolicyExcludeSaml
serviceToken GetZeroTrustAccessApplicationsResultPolicyExcludeServiceToken

any_valid_service_token GetZeroTrustAccessApplicationsResultPolicyExcludeAnyValidServiceToken: An empty object which matches on all service tokens.
auth_context GetZeroTrustAccessApplicationsResultPolicyExcludeAuthContext
auth_method GetZeroTrustAccessApplicationsResultPolicyExcludeAuthMethod
azure_ad GetZeroTrustAccessApplicationsResultPolicyExcludeAzureAd
certificate GetZeroTrustAccessApplicationsResultPolicyExcludeCertificate
common_name GetZeroTrustAccessApplicationsResultPolicyExcludeCommonName
device_posture GetZeroTrustAccessApplicationsResultPolicyExcludeDevicePosture
email GetZeroTrustAccessApplicationsResultPolicyExcludeEmail
email_domain GetZeroTrustAccessApplicationsResultPolicyExcludeEmailDomain
email_list GetZeroTrustAccessApplicationsResultPolicyExcludeEmailList
everyone GetZeroTrustAccessApplicationsResultPolicyExcludeEveryone: An empty object which matches on all users.
external_evaluation GetZeroTrustAccessApplicationsResultPolicyExcludeExternalEvaluation
geo GetZeroTrustAccessApplicationsResultPolicyExcludeGeo
github_organization GetZeroTrustAccessApplicationsResultPolicyExcludeGithubOrganization
group GetZeroTrustAccessApplicationsResultPolicyExcludeGroup
gsuite GetZeroTrustAccessApplicationsResultPolicyExcludeGsuite
ip GetZeroTrustAccessApplicationsResultPolicyExcludeIp
ip_list GetZeroTrustAccessApplicationsResultPolicyExcludeIpList
login_method GetZeroTrustAccessApplicationsResultPolicyExcludeLoginMethod
okta GetZeroTrustAccessApplicationsResultPolicyExcludeOkta
saml GetZeroTrustAccessApplicationsResultPolicyExcludeSaml
service_token GetZeroTrustAccessApplicationsResultPolicyExcludeServiceToken

anyValidServiceToken Property Map: An empty object which matches on all service tokens.
authContext Property Map
authMethod Property Map
azureAd Property Map
certificate Property Map
commonName Property Map
devicePosture Property Map
email Property Map
emailDomain Property Map
emailList Property Map
everyone Property Map: An empty object which matches on all users.
externalEvaluation Property Map
geo Property Map
githubOrganization Property Map
group Property Map
gsuite Property Map
ip Property Map
ipList Property Map
loginMethod Property Map
okta Property Map
saml Property Map
serviceToken Property Map

GetZeroTrustAccessApplicationsResultPolicyExcludeAuthContext

AcId string: The ACID of an Authentication context.
Id string: The ID of an Authentication context.
IdentityProviderId string: The ID of your Azure identity provider.

AcId string: The ACID of an Authentication context.
Id string: The ID of an Authentication context.
IdentityProviderId string: The ID of your Azure identity provider.

acId String: The ACID of an Authentication context.
id String: The ID of an Authentication context.
identityProviderId String: The ID of your Azure identity provider.

acId string: The ACID of an Authentication context.
id string: The ID of an Authentication context.
identityProviderId string: The ID of your Azure identity provider.

ac_id str: The ACID of an Authentication context.
id str: The ID of an Authentication context.
identity_provider_id str: The ID of your Azure identity provider.

acId String: The ACID of an Authentication context.
id String: The ID of an Authentication context.
identityProviderId String: The ID of your Azure identity provider.

GetZeroTrustAccessApplicationsResultPolicyExcludeAuthMethod

AuthMethod string: The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.

AuthMethod string: The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.

authMethod String: The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.

authMethod string: The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.

auth_method str: The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.

authMethod String: The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.

GetZeroTrustAccessApplicationsResultPolicyExcludeAzureAd

Id string: The ID of an Azure group.
IdentityProviderId string: The ID of your Azure identity provider.

Id string: The ID of an Azure group.
IdentityProviderId string: The ID of your Azure identity provider.

id String: The ID of an Azure group.
identityProviderId String: The ID of your Azure identity provider.

id string: The ID of an Azure group.
identityProviderId string: The ID of your Azure identity provider.

id str: The ID of an Azure group.
identity_provider_id str: The ID of your Azure identity provider.

id String: The ID of an Azure group.
identityProviderId String: The ID of your Azure identity provider.

GetZeroTrustAccessApplicationsResultPolicyExcludeCommonName

CommonName string: The common name to match.

CommonName string: The common name to match.

commonName String: The common name to match.

commonName string: The common name to match.

common_name str: The common name to match.

commonName String: The common name to match.

GetZeroTrustAccessApplicationsResultPolicyExcludeDevicePosture

IntegrationUid string: The ID of a device posture integration.

IntegrationUid string: The ID of a device posture integration.

integrationUid String: The ID of a device posture integration.

integrationUid string: The ID of a device posture integration.

integration_uid str: The ID of a device posture integration.

integrationUid String: The ID of a device posture integration.

GetZeroTrustAccessApplicationsResultPolicyExcludeEmail

Email string: The email of the user.

Email string: The email of the user.

email String: The email of the user.

email string: The email of the user.

email str: The email of the user.

email String: The email of the user.

GetZeroTrustAccessApplicationsResultPolicyExcludeEmailDomain

Domain string: The email domain to match.

Domain string: The email domain to match.

domain String: The email domain to match.

domain string: The email domain to match.

domain str: The email domain to match.

domain String: The email domain to match.

GetZeroTrustAccessApplicationsResultPolicyExcludeEmailList

Id string: The ID of a previously created email list.

Id string: The ID of a previously created email list.

id String: The ID of a previously created email list.

id string: The ID of a previously created email list.

id str: The ID of a previously created email list.

id String: The ID of a previously created email list.

GetZeroTrustAccessApplicationsResultPolicyExcludeExternalEvaluation

EvaluateUrl string: The API endpoint containing your business logic.
KeysUrl string: The API endpoint containing the key that Access uses to verify that the response came from your API.

EvaluateUrl string: The API endpoint containing your business logic.
KeysUrl string: The API endpoint containing the key that Access uses to verify that the response came from your API.

evaluateUrl String: The API endpoint containing your business logic.
keysUrl String: The API endpoint containing the key that Access uses to verify that the response came from your API.

evaluateUrl string: The API endpoint containing your business logic.
keysUrl string: The API endpoint containing the key that Access uses to verify that the response came from your API.

evaluate_url str: The API endpoint containing your business logic.
keys_url str: The API endpoint containing the key that Access uses to verify that the response came from your API.

evaluateUrl String: The API endpoint containing your business logic.
keysUrl String: The API endpoint containing the key that Access uses to verify that the response came from your API.

GetZeroTrustAccessApplicationsResultPolicyExcludeGeo

CountryCode string: The country code that should be matched.

CountryCode string: The country code that should be matched.

countryCode String: The country code that should be matched.

countryCode string: The country code that should be matched.

country_code str: The country code that should be matched.

countryCode String: The country code that should be matched.

GetZeroTrustAccessApplicationsResultPolicyExcludeGithubOrganization

IdentityProviderId string: The ID of your Github identity provider.
Name string: The name of the organization.
Team string: The name of the team

IdentityProviderId string: The ID of your Github identity provider.
Name string: The name of the organization.
Team string: The name of the team

identityProviderId String: The ID of your Github identity provider.
name String: The name of the organization.
team String: The name of the team

identityProviderId string: The ID of your Github identity provider.
name string: The name of the organization.
team string: The name of the team

identity_provider_id str: The ID of your Github identity provider.
name str: The name of the organization.
team str: The name of the team

identityProviderId String: The ID of your Github identity provider.
name String: The name of the organization.
team String: The name of the team

GetZeroTrustAccessApplicationsResultPolicyExcludeGroup

Id string: The ID of a previously created Access group.

Id string: The ID of a previously created Access group.

id String: The ID of a previously created Access group.

id string: The ID of a previously created Access group.

id str: The ID of a previously created Access group.

id String: The ID of a previously created Access group.

GetZeroTrustAccessApplicationsResultPolicyExcludeGsuite

Email string: The email of the Google Workspace group.
IdentityProviderId string: The ID of your Google Workspace identity provider.

Email string: The email of the Google Workspace group.
IdentityProviderId string: The ID of your Google Workspace identity provider.

email String: The email of the Google Workspace group.
identityProviderId String: The ID of your Google Workspace identity provider.

email string: The email of the Google Workspace group.
identityProviderId string: The ID of your Google Workspace identity provider.

email str: The email of the Google Workspace group.
identity_provider_id str: The ID of your Google Workspace identity provider.

email String: The email of the Google Workspace group.
identityProviderId String: The ID of your Google Workspace identity provider.

GetZeroTrustAccessApplicationsResultPolicyExcludeIp

Ip string: An IPv4 or IPv6 CIDR block.

Ip string: An IPv4 or IPv6 CIDR block.

ip String: An IPv4 or IPv6 CIDR block.

ip string: An IPv4 or IPv6 CIDR block.

ip str: An IPv4 or IPv6 CIDR block.

ip String: An IPv4 or IPv6 CIDR block.

GetZeroTrustAccessApplicationsResultPolicyExcludeIpList

Id string: The ID of a previously created IP list.

Id string: The ID of a previously created IP list.

id String: The ID of a previously created IP list.

id string: The ID of a previously created IP list.

id str: The ID of a previously created IP list.

id String: The ID of a previously created IP list.

GetZeroTrustAccessApplicationsResultPolicyExcludeLoginMethod

Id string: The ID of an identity provider.

Id string: The ID of an identity provider.

id String: The ID of an identity provider.

id string: The ID of an identity provider.

id str: The ID of an identity provider.

id String: The ID of an identity provider.

GetZeroTrustAccessApplicationsResultPolicyExcludeOkta

IdentityProviderId string: The ID of your Okta identity provider.
Name string: The name of the Okta group.

IdentityProviderId string: The ID of your Okta identity provider.
Name string: The name of the Okta group.

identityProviderId String: The ID of your Okta identity provider.
name String: The name of the Okta group.

identityProviderId string: The ID of your Okta identity provider.
name string: The name of the Okta group.

identity_provider_id str: The ID of your Okta identity provider.
name str: The name of the Okta group.

identityProviderId String: The ID of your Okta identity provider.
name String: The name of the Okta group.

GetZeroTrustAccessApplicationsResultPolicyExcludeSaml

AttributeName string: The name of the SAML attribute.
AttributeValue string: The SAML attribute value to look for.
IdentityProviderId string: The ID of your SAML identity provider.

AttributeName string: The name of the SAML attribute.
AttributeValue string: The SAML attribute value to look for.
IdentityProviderId string: The ID of your SAML identity provider.

attributeName String: The name of the SAML attribute.
attributeValue String: The SAML attribute value to look for.
identityProviderId String: The ID of your SAML identity provider.

attributeName string: The name of the SAML attribute.
attributeValue string: The SAML attribute value to look for.
identityProviderId string: The ID of your SAML identity provider.

attribute_name str: The name of the SAML attribute.
attribute_value str: The SAML attribute value to look for.
identity_provider_id str: The ID of your SAML identity provider.

attributeName String: The name of the SAML attribute.
attributeValue String: The SAML attribute value to look for.
identityProviderId String: The ID of your SAML identity provider.

GetZeroTrustAccessApplicationsResultPolicyExcludeServiceToken

TokenId string: The ID of a Service Token.

TokenId string: The ID of a Service Token.

tokenId String: The ID of a Service Token.

tokenId string: The ID of a Service Token.

token_id str: The ID of a Service Token.

tokenId String: The ID of a Service Token.

GetZeroTrustAccessApplicationsResultPolicyInclude

AnyValidServiceToken GetZeroTrustAccessApplicationsResultPolicyIncludeAnyValidServiceToken: An empty object which matches on all service tokens.
AuthContext GetZeroTrustAccessApplicationsResultPolicyIncludeAuthContext
AuthMethod GetZeroTrustAccessApplicationsResultPolicyIncludeAuthMethod
AzureAd GetZeroTrustAccessApplicationsResultPolicyIncludeAzureAd
Certificate GetZeroTrustAccessApplicationsResultPolicyIncludeCertificate
CommonName GetZeroTrustAccessApplicationsResultPolicyIncludeCommonName
DevicePosture GetZeroTrustAccessApplicationsResultPolicyIncludeDevicePosture
Email GetZeroTrustAccessApplicationsResultPolicyIncludeEmail
EmailDomain GetZeroTrustAccessApplicationsResultPolicyIncludeEmailDomain
EmailList GetZeroTrustAccessApplicationsResultPolicyIncludeEmailList
Everyone GetZeroTrustAccessApplicationsResultPolicyIncludeEveryone: An empty object which matches on all users.
ExternalEvaluation GetZeroTrustAccessApplicationsResultPolicyIncludeExternalEvaluation
Geo GetZeroTrustAccessApplicationsResultPolicyIncludeGeo
GithubOrganization GetZeroTrustAccessApplicationsResultPolicyIncludeGithubOrganization
Group GetZeroTrustAccessApplicationsResultPolicyIncludeGroup
Gsuite GetZeroTrustAccessApplicationsResultPolicyIncludeGsuite
Ip GetZeroTrustAccessApplicationsResultPolicyIncludeIp
IpList GetZeroTrustAccessApplicationsResultPolicyIncludeIpList
LoginMethod GetZeroTrustAccessApplicationsResultPolicyIncludeLoginMethod
Okta GetZeroTrustAccessApplicationsResultPolicyIncludeOkta
Saml GetZeroTrustAccessApplicationsResultPolicyIncludeSaml
ServiceToken GetZeroTrustAccessApplicationsResultPolicyIncludeServiceToken

AnyValidServiceToken GetZeroTrustAccessApplicationsResultPolicyIncludeAnyValidServiceToken: An empty object which matches on all service tokens.
AuthContext GetZeroTrustAccessApplicationsResultPolicyIncludeAuthContext
AuthMethod GetZeroTrustAccessApplicationsResultPolicyIncludeAuthMethod
AzureAd GetZeroTrustAccessApplicationsResultPolicyIncludeAzureAd
Certificate GetZeroTrustAccessApplicationsResultPolicyIncludeCertificate
CommonName GetZeroTrustAccessApplicationsResultPolicyIncludeCommonName
DevicePosture GetZeroTrustAccessApplicationsResultPolicyIncludeDevicePosture
Email GetZeroTrustAccessApplicationsResultPolicyIncludeEmail
EmailDomain GetZeroTrustAccessApplicationsResultPolicyIncludeEmailDomain
EmailList GetZeroTrustAccessApplicationsResultPolicyIncludeEmailList
Everyone GetZeroTrustAccessApplicationsResultPolicyIncludeEveryone: An empty object which matches on all users.
ExternalEvaluation GetZeroTrustAccessApplicationsResultPolicyIncludeExternalEvaluation
Geo GetZeroTrustAccessApplicationsResultPolicyIncludeGeo
GithubOrganization GetZeroTrustAccessApplicationsResultPolicyIncludeGithubOrganization
Group GetZeroTrustAccessApplicationsResultPolicyIncludeGroup
Gsuite GetZeroTrustAccessApplicationsResultPolicyIncludeGsuite
Ip GetZeroTrustAccessApplicationsResultPolicyIncludeIp
IpList GetZeroTrustAccessApplicationsResultPolicyIncludeIpList
LoginMethod GetZeroTrustAccessApplicationsResultPolicyIncludeLoginMethod
Okta GetZeroTrustAccessApplicationsResultPolicyIncludeOkta
Saml GetZeroTrustAccessApplicationsResultPolicyIncludeSaml
ServiceToken GetZeroTrustAccessApplicationsResultPolicyIncludeServiceToken

anyValidServiceToken GetZeroTrustAccessApplicationsResultPolicyIncludeAnyValidServiceToken: An empty object which matches on all service tokens.
authContext GetZeroTrustAccessApplicationsResultPolicyIncludeAuthContext
authMethod GetZeroTrustAccessApplicationsResultPolicyIncludeAuthMethod
azureAd GetZeroTrustAccessApplicationsResultPolicyIncludeAzureAd
certificate GetZeroTrustAccessApplicationsResultPolicyIncludeCertificate
commonName GetZeroTrustAccessApplicationsResultPolicyIncludeCommonName
devicePosture GetZeroTrustAccessApplicationsResultPolicyIncludeDevicePosture
email GetZeroTrustAccessApplicationsResultPolicyIncludeEmail
emailDomain GetZeroTrustAccessApplicationsResultPolicyIncludeEmailDomain
emailList GetZeroTrustAccessApplicationsResultPolicyIncludeEmailList
everyone GetZeroTrustAccessApplicationsResultPolicyIncludeEveryone: An empty object which matches on all users.
externalEvaluation GetZeroTrustAccessApplicationsResultPolicyIncludeExternalEvaluation
geo GetZeroTrustAccessApplicationsResultPolicyIncludeGeo
githubOrganization GetZeroTrustAccessApplicationsResultPolicyIncludeGithubOrganization
group GetZeroTrustAccessApplicationsResultPolicyIncludeGroup
gsuite GetZeroTrustAccessApplicationsResultPolicyIncludeGsuite
ip GetZeroTrustAccessApplicationsResultPolicyIncludeIp
ipList GetZeroTrustAccessApplicationsResultPolicyIncludeIpList
loginMethod GetZeroTrustAccessApplicationsResultPolicyIncludeLoginMethod
okta GetZeroTrustAccessApplicationsResultPolicyIncludeOkta
saml GetZeroTrustAccessApplicationsResultPolicyIncludeSaml
serviceToken GetZeroTrustAccessApplicationsResultPolicyIncludeServiceToken

anyValidServiceToken GetZeroTrustAccessApplicationsResultPolicyIncludeAnyValidServiceToken: An empty object which matches on all service tokens.
authContext GetZeroTrustAccessApplicationsResultPolicyIncludeAuthContext
authMethod GetZeroTrustAccessApplicationsResultPolicyIncludeAuthMethod
azureAd GetZeroTrustAccessApplicationsResultPolicyIncludeAzureAd
certificate GetZeroTrustAccessApplicationsResultPolicyIncludeCertificate
commonName GetZeroTrustAccessApplicationsResultPolicyIncludeCommonName
devicePosture GetZeroTrustAccessApplicationsResultPolicyIncludeDevicePosture
email GetZeroTrustAccessApplicationsResultPolicyIncludeEmail
emailDomain GetZeroTrustAccessApplicationsResultPolicyIncludeEmailDomain
emailList GetZeroTrustAccessApplicationsResultPolicyIncludeEmailList
everyone GetZeroTrustAccessApplicationsResultPolicyIncludeEveryone: An empty object which matches on all users.
externalEvaluation GetZeroTrustAccessApplicationsResultPolicyIncludeExternalEvaluation
geo GetZeroTrustAccessApplicationsResultPolicyIncludeGeo
githubOrganization GetZeroTrustAccessApplicationsResultPolicyIncludeGithubOrganization
group GetZeroTrustAccessApplicationsResultPolicyIncludeGroup
gsuite GetZeroTrustAccessApplicationsResultPolicyIncludeGsuite
ip GetZeroTrustAccessApplicationsResultPolicyIncludeIp
ipList GetZeroTrustAccessApplicationsResultPolicyIncludeIpList
loginMethod GetZeroTrustAccessApplicationsResultPolicyIncludeLoginMethod
okta GetZeroTrustAccessApplicationsResultPolicyIncludeOkta
saml GetZeroTrustAccessApplicationsResultPolicyIncludeSaml
serviceToken GetZeroTrustAccessApplicationsResultPolicyIncludeServiceToken

any_valid_service_token GetZeroTrustAccessApplicationsResultPolicyIncludeAnyValidServiceToken: An empty object which matches on all service tokens.
auth_context GetZeroTrustAccessApplicationsResultPolicyIncludeAuthContext
auth_method GetZeroTrustAccessApplicationsResultPolicyIncludeAuthMethod
azure_ad GetZeroTrustAccessApplicationsResultPolicyIncludeAzureAd
certificate GetZeroTrustAccessApplicationsResultPolicyIncludeCertificate
common_name GetZeroTrustAccessApplicationsResultPolicyIncludeCommonName
device_posture GetZeroTrustAccessApplicationsResultPolicyIncludeDevicePosture
email GetZeroTrustAccessApplicationsResultPolicyIncludeEmail
email_domain GetZeroTrustAccessApplicationsResultPolicyIncludeEmailDomain
email_list GetZeroTrustAccessApplicationsResultPolicyIncludeEmailList
everyone GetZeroTrustAccessApplicationsResultPolicyIncludeEveryone: An empty object which matches on all users.
external_evaluation GetZeroTrustAccessApplicationsResultPolicyIncludeExternalEvaluation
geo GetZeroTrustAccessApplicationsResultPolicyIncludeGeo
github_organization GetZeroTrustAccessApplicationsResultPolicyIncludeGithubOrganization
group GetZeroTrustAccessApplicationsResultPolicyIncludeGroup
gsuite GetZeroTrustAccessApplicationsResultPolicyIncludeGsuite
ip GetZeroTrustAccessApplicationsResultPolicyIncludeIp
ip_list GetZeroTrustAccessApplicationsResultPolicyIncludeIpList
login_method GetZeroTrustAccessApplicationsResultPolicyIncludeLoginMethod
okta GetZeroTrustAccessApplicationsResultPolicyIncludeOkta
saml GetZeroTrustAccessApplicationsResultPolicyIncludeSaml
service_token GetZeroTrustAccessApplicationsResultPolicyIncludeServiceToken

anyValidServiceToken Property Map: An empty object which matches on all service tokens.
authContext Property Map
authMethod Property Map
azureAd Property Map
certificate Property Map
commonName Property Map
devicePosture Property Map
email Property Map
emailDomain Property Map
emailList Property Map
everyone Property Map: An empty object which matches on all users.
externalEvaluation Property Map
geo Property Map
githubOrganization Property Map
group Property Map
gsuite Property Map
ip Property Map
ipList Property Map
loginMethod Property Map
okta Property Map
saml Property Map
serviceToken Property Map

GetZeroTrustAccessApplicationsResultPolicyIncludeAuthContext

AcId string: The ACID of an Authentication context.
Id string: The ID of an Authentication context.
IdentityProviderId string: The ID of your Azure identity provider.

AcId string: The ACID of an Authentication context.
Id string: The ID of an Authentication context.
IdentityProviderId string: The ID of your Azure identity provider.

acId String: The ACID of an Authentication context.
id String: The ID of an Authentication context.
identityProviderId String: The ID of your Azure identity provider.

acId string: The ACID of an Authentication context.
id string: The ID of an Authentication context.
identityProviderId string: The ID of your Azure identity provider.

ac_id str: The ACID of an Authentication context.
id str: The ID of an Authentication context.
identity_provider_id str: The ID of your Azure identity provider.

acId String: The ACID of an Authentication context.
id String: The ID of an Authentication context.
identityProviderId String: The ID of your Azure identity provider.

GetZeroTrustAccessApplicationsResultPolicyIncludeAuthMethod

AuthMethod string: The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.

AuthMethod string: The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.

authMethod String: The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.

authMethod string: The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.

auth_method str: The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.

authMethod String: The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.

GetZeroTrustAccessApplicationsResultPolicyIncludeAzureAd

Id string: The ID of an Azure group.
IdentityProviderId string: The ID of your Azure identity provider.

Id string: The ID of an Azure group.
IdentityProviderId string: The ID of your Azure identity provider.

id String: The ID of an Azure group.
identityProviderId String: The ID of your Azure identity provider.

id string: The ID of an Azure group.
identityProviderId string: The ID of your Azure identity provider.

id str: The ID of an Azure group.
identity_provider_id str: The ID of your Azure identity provider.

id String: The ID of an Azure group.
identityProviderId String: The ID of your Azure identity provider.

GetZeroTrustAccessApplicationsResultPolicyIncludeCommonName

CommonName string: The common name to match.

CommonName string: The common name to match.

commonName String: The common name to match.

commonName string: The common name to match.

common_name str: The common name to match.

commonName String: The common name to match.

GetZeroTrustAccessApplicationsResultPolicyIncludeDevicePosture

IntegrationUid string: The ID of a device posture integration.

IntegrationUid string: The ID of a device posture integration.

integrationUid String: The ID of a device posture integration.

integrationUid string: The ID of a device posture integration.

integration_uid str: The ID of a device posture integration.

integrationUid String: The ID of a device posture integration.

GetZeroTrustAccessApplicationsResultPolicyIncludeEmail

Email string: The email of the user.

Email string: The email of the user.

email String: The email of the user.

email string: The email of the user.

email str: The email of the user.

email String: The email of the user.

GetZeroTrustAccessApplicationsResultPolicyIncludeEmailDomain

Domain string: The email domain to match.

Domain string: The email domain to match.

domain String: The email domain to match.

domain string: The email domain to match.

domain str: The email domain to match.

domain String: The email domain to match.

GetZeroTrustAccessApplicationsResultPolicyIncludeEmailList

Id string: The ID of a previously created email list.

Id string: The ID of a previously created email list.

id String: The ID of a previously created email list.

id string: The ID of a previously created email list.

id str: The ID of a previously created email list.

id String: The ID of a previously created email list.

GetZeroTrustAccessApplicationsResultPolicyIncludeExternalEvaluation

EvaluateUrl string: The API endpoint containing your business logic.
KeysUrl string: The API endpoint containing the key that Access uses to verify that the response came from your API.

EvaluateUrl string: The API endpoint containing your business logic.
KeysUrl string: The API endpoint containing the key that Access uses to verify that the response came from your API.

evaluateUrl String: The API endpoint containing your business logic.
keysUrl String: The API endpoint containing the key that Access uses to verify that the response came from your API.

evaluateUrl string: The API endpoint containing your business logic.
keysUrl string: The API endpoint containing the key that Access uses to verify that the response came from your API.

evaluate_url str: The API endpoint containing your business logic.
keys_url str: The API endpoint containing the key that Access uses to verify that the response came from your API.

evaluateUrl String: The API endpoint containing your business logic.
keysUrl String: The API endpoint containing the key that Access uses to verify that the response came from your API.

GetZeroTrustAccessApplicationsResultPolicyIncludeGeo

CountryCode string: The country code that should be matched.

CountryCode string: The country code that should be matched.

countryCode String: The country code that should be matched.

countryCode string: The country code that should be matched.

country_code str: The country code that should be matched.

countryCode String: The country code that should be matched.

GetZeroTrustAccessApplicationsResultPolicyIncludeGithubOrganization

IdentityProviderId string: The ID of your Github identity provider.
Name string: The name of the organization.
Team string: The name of the team

IdentityProviderId string: The ID of your Github identity provider.
Name string: The name of the organization.
Team string: The name of the team

identityProviderId String: The ID of your Github identity provider.
name String: The name of the organization.
team String: The name of the team

identityProviderId string: The ID of your Github identity provider.
name string: The name of the organization.
team string: The name of the team

identity_provider_id str: The ID of your Github identity provider.
name str: The name of the organization.
team str: The name of the team

identityProviderId String: The ID of your Github identity provider.
name String: The name of the organization.
team String: The name of the team

GetZeroTrustAccessApplicationsResultPolicyIncludeGroup

Id string: The ID of a previously created Access group.

Id string: The ID of a previously created Access group.

id String: The ID of a previously created Access group.

id string: The ID of a previously created Access group.

id str: The ID of a previously created Access group.

id String: The ID of a previously created Access group.

GetZeroTrustAccessApplicationsResultPolicyIncludeGsuite

Email string: The email of the Google Workspace group.
IdentityProviderId string: The ID of your Google Workspace identity provider.

Email string: The email of the Google Workspace group.
IdentityProviderId string: The ID of your Google Workspace identity provider.

email String: The email of the Google Workspace group.
identityProviderId String: The ID of your Google Workspace identity provider.

email string: The email of the Google Workspace group.
identityProviderId string: The ID of your Google Workspace identity provider.

email str: The email of the Google Workspace group.
identity_provider_id str: The ID of your Google Workspace identity provider.

email String: The email of the Google Workspace group.
identityProviderId String: The ID of your Google Workspace identity provider.

GetZeroTrustAccessApplicationsResultPolicyIncludeIp

Ip string: An IPv4 or IPv6 CIDR block.

Ip string: An IPv4 or IPv6 CIDR block.

ip String: An IPv4 or IPv6 CIDR block.

ip string: An IPv4 or IPv6 CIDR block.

ip str: An IPv4 or IPv6 CIDR block.

ip String: An IPv4 or IPv6 CIDR block.

GetZeroTrustAccessApplicationsResultPolicyIncludeIpList

Id string: The ID of a previously created IP list.

Id string: The ID of a previously created IP list.

id String: The ID of a previously created IP list.

id string: The ID of a previously created IP list.

id str: The ID of a previously created IP list.

id String: The ID of a previously created IP list.

GetZeroTrustAccessApplicationsResultPolicyIncludeLoginMethod

Id string: The ID of an identity provider.

Id string: The ID of an identity provider.

id String: The ID of an identity provider.

id string: The ID of an identity provider.

id str: The ID of an identity provider.

id String: The ID of an identity provider.

GetZeroTrustAccessApplicationsResultPolicyIncludeOkta

IdentityProviderId string: The ID of your Okta identity provider.
Name string: The name of the Okta group.

IdentityProviderId string: The ID of your Okta identity provider.
Name string: The name of the Okta group.

identityProviderId String: The ID of your Okta identity provider.
name String: The name of the Okta group.

identityProviderId string: The ID of your Okta identity provider.
name string: The name of the Okta group.

identity_provider_id str: The ID of your Okta identity provider.
name str: The name of the Okta group.

identityProviderId String: The ID of your Okta identity provider.
name String: The name of the Okta group.

GetZeroTrustAccessApplicationsResultPolicyIncludeSaml

AttributeName string: The name of the SAML attribute.
AttributeValue string: The SAML attribute value to look for.
IdentityProviderId string: The ID of your SAML identity provider.

AttributeName string: The name of the SAML attribute.
AttributeValue string: The SAML attribute value to look for.
IdentityProviderId string: The ID of your SAML identity provider.

attributeName String: The name of the SAML attribute.
attributeValue String: The SAML attribute value to look for.
identityProviderId String: The ID of your SAML identity provider.

attributeName string: The name of the SAML attribute.
attributeValue string: The SAML attribute value to look for.
identityProviderId string: The ID of your SAML identity provider.

attribute_name str: The name of the SAML attribute.
attribute_value str: The SAML attribute value to look for.
identity_provider_id str: The ID of your SAML identity provider.

attributeName String: The name of the SAML attribute.
attributeValue String: The SAML attribute value to look for.
identityProviderId String: The ID of your SAML identity provider.

GetZeroTrustAccessApplicationsResultPolicyIncludeServiceToken

TokenId string: The ID of a Service Token.

TokenId string: The ID of a Service Token.

tokenId String: The ID of a Service Token.

tokenId string: The ID of a Service Token.

token_id str: The ID of a Service Token.

tokenId String: The ID of a Service Token.

GetZeroTrustAccessApplicationsResultPolicyRequire

AnyValidServiceToken GetZeroTrustAccessApplicationsResultPolicyRequireAnyValidServiceToken: An empty object which matches on all service tokens.
AuthContext GetZeroTrustAccessApplicationsResultPolicyRequireAuthContext
AuthMethod GetZeroTrustAccessApplicationsResultPolicyRequireAuthMethod
AzureAd GetZeroTrustAccessApplicationsResultPolicyRequireAzureAd
Certificate GetZeroTrustAccessApplicationsResultPolicyRequireCertificate
CommonName GetZeroTrustAccessApplicationsResultPolicyRequireCommonName
DevicePosture GetZeroTrustAccessApplicationsResultPolicyRequireDevicePosture
Email GetZeroTrustAccessApplicationsResultPolicyRequireEmail
EmailDomain GetZeroTrustAccessApplicationsResultPolicyRequireEmailDomain
EmailList GetZeroTrustAccessApplicationsResultPolicyRequireEmailList
Everyone GetZeroTrustAccessApplicationsResultPolicyRequireEveryone: An empty object which matches on all users.
ExternalEvaluation GetZeroTrustAccessApplicationsResultPolicyRequireExternalEvaluation
Geo GetZeroTrustAccessApplicationsResultPolicyRequireGeo
GithubOrganization GetZeroTrustAccessApplicationsResultPolicyRequireGithubOrganization
Group GetZeroTrustAccessApplicationsResultPolicyRequireGroup
Gsuite GetZeroTrustAccessApplicationsResultPolicyRequireGsuite
Ip GetZeroTrustAccessApplicationsResultPolicyRequireIp
IpList GetZeroTrustAccessApplicationsResultPolicyRequireIpList
LoginMethod GetZeroTrustAccessApplicationsResultPolicyRequireLoginMethod
Okta GetZeroTrustAccessApplicationsResultPolicyRequireOkta
Saml GetZeroTrustAccessApplicationsResultPolicyRequireSaml
ServiceToken GetZeroTrustAccessApplicationsResultPolicyRequireServiceToken

AnyValidServiceToken GetZeroTrustAccessApplicationsResultPolicyRequireAnyValidServiceToken: An empty object which matches on all service tokens.
AuthContext GetZeroTrustAccessApplicationsResultPolicyRequireAuthContext
AuthMethod GetZeroTrustAccessApplicationsResultPolicyRequireAuthMethod
AzureAd GetZeroTrustAccessApplicationsResultPolicyRequireAzureAd
Certificate GetZeroTrustAccessApplicationsResultPolicyRequireCertificate
CommonName GetZeroTrustAccessApplicationsResultPolicyRequireCommonName
DevicePosture GetZeroTrustAccessApplicationsResultPolicyRequireDevicePosture
Email GetZeroTrustAccessApplicationsResultPolicyRequireEmail
EmailDomain GetZeroTrustAccessApplicationsResultPolicyRequireEmailDomain
EmailList GetZeroTrustAccessApplicationsResultPolicyRequireEmailList
Everyone GetZeroTrustAccessApplicationsResultPolicyRequireEveryone: An empty object which matches on all users.
ExternalEvaluation GetZeroTrustAccessApplicationsResultPolicyRequireExternalEvaluation
Geo GetZeroTrustAccessApplicationsResultPolicyRequireGeo
GithubOrganization GetZeroTrustAccessApplicationsResultPolicyRequireGithubOrganization
Group GetZeroTrustAccessApplicationsResultPolicyRequireGroup
Gsuite GetZeroTrustAccessApplicationsResultPolicyRequireGsuite
Ip GetZeroTrustAccessApplicationsResultPolicyRequireIp
IpList GetZeroTrustAccessApplicationsResultPolicyRequireIpList
LoginMethod GetZeroTrustAccessApplicationsResultPolicyRequireLoginMethod
Okta GetZeroTrustAccessApplicationsResultPolicyRequireOkta
Saml GetZeroTrustAccessApplicationsResultPolicyRequireSaml
ServiceToken GetZeroTrustAccessApplicationsResultPolicyRequireServiceToken

anyValidServiceToken GetZeroTrustAccessApplicationsResultPolicyRequireAnyValidServiceToken: An empty object which matches on all service tokens.
authContext GetZeroTrustAccessApplicationsResultPolicyRequireAuthContext
authMethod GetZeroTrustAccessApplicationsResultPolicyRequireAuthMethod
azureAd GetZeroTrustAccessApplicationsResultPolicyRequireAzureAd
certificate GetZeroTrustAccessApplicationsResultPolicyRequireCertificate
commonName GetZeroTrustAccessApplicationsResultPolicyRequireCommonName
devicePosture GetZeroTrustAccessApplicationsResultPolicyRequireDevicePosture
email GetZeroTrustAccessApplicationsResultPolicyRequireEmail
emailDomain GetZeroTrustAccessApplicationsResultPolicyRequireEmailDomain
emailList GetZeroTrustAccessApplicationsResultPolicyRequireEmailList
everyone GetZeroTrustAccessApplicationsResultPolicyRequireEveryone: An empty object which matches on all users.
externalEvaluation GetZeroTrustAccessApplicationsResultPolicyRequireExternalEvaluation
geo GetZeroTrustAccessApplicationsResultPolicyRequireGeo
githubOrganization GetZeroTrustAccessApplicationsResultPolicyRequireGithubOrganization
group GetZeroTrustAccessApplicationsResultPolicyRequireGroup
gsuite GetZeroTrustAccessApplicationsResultPolicyRequireGsuite
ip GetZeroTrustAccessApplicationsResultPolicyRequireIp
ipList GetZeroTrustAccessApplicationsResultPolicyRequireIpList
loginMethod GetZeroTrustAccessApplicationsResultPolicyRequireLoginMethod
okta GetZeroTrustAccessApplicationsResultPolicyRequireOkta
saml GetZeroTrustAccessApplicationsResultPolicyRequireSaml
serviceToken GetZeroTrustAccessApplicationsResultPolicyRequireServiceToken

anyValidServiceToken GetZeroTrustAccessApplicationsResultPolicyRequireAnyValidServiceToken: An empty object which matches on all service tokens.
authContext GetZeroTrustAccessApplicationsResultPolicyRequireAuthContext
authMethod GetZeroTrustAccessApplicationsResultPolicyRequireAuthMethod
azureAd GetZeroTrustAccessApplicationsResultPolicyRequireAzureAd
certificate GetZeroTrustAccessApplicationsResultPolicyRequireCertificate
commonName GetZeroTrustAccessApplicationsResultPolicyRequireCommonName
devicePosture GetZeroTrustAccessApplicationsResultPolicyRequireDevicePosture
email GetZeroTrustAccessApplicationsResultPolicyRequireEmail
emailDomain GetZeroTrustAccessApplicationsResultPolicyRequireEmailDomain
emailList GetZeroTrustAccessApplicationsResultPolicyRequireEmailList
everyone GetZeroTrustAccessApplicationsResultPolicyRequireEveryone: An empty object which matches on all users.
externalEvaluation GetZeroTrustAccessApplicationsResultPolicyRequireExternalEvaluation
geo GetZeroTrustAccessApplicationsResultPolicyRequireGeo
githubOrganization GetZeroTrustAccessApplicationsResultPolicyRequireGithubOrganization
group GetZeroTrustAccessApplicationsResultPolicyRequireGroup
gsuite GetZeroTrustAccessApplicationsResultPolicyRequireGsuite
ip GetZeroTrustAccessApplicationsResultPolicyRequireIp
ipList GetZeroTrustAccessApplicationsResultPolicyRequireIpList
loginMethod GetZeroTrustAccessApplicationsResultPolicyRequireLoginMethod
okta GetZeroTrustAccessApplicationsResultPolicyRequireOkta
saml GetZeroTrustAccessApplicationsResultPolicyRequireSaml
serviceToken GetZeroTrustAccessApplicationsResultPolicyRequireServiceToken

any_valid_service_token GetZeroTrustAccessApplicationsResultPolicyRequireAnyValidServiceToken: An empty object which matches on all service tokens.
auth_context GetZeroTrustAccessApplicationsResultPolicyRequireAuthContext
auth_method GetZeroTrustAccessApplicationsResultPolicyRequireAuthMethod
azure_ad GetZeroTrustAccessApplicationsResultPolicyRequireAzureAd
certificate GetZeroTrustAccessApplicationsResultPolicyRequireCertificate
common_name GetZeroTrustAccessApplicationsResultPolicyRequireCommonName
device_posture GetZeroTrustAccessApplicationsResultPolicyRequireDevicePosture
email GetZeroTrustAccessApplicationsResultPolicyRequireEmail
email_domain GetZeroTrustAccessApplicationsResultPolicyRequireEmailDomain
email_list GetZeroTrustAccessApplicationsResultPolicyRequireEmailList
everyone GetZeroTrustAccessApplicationsResultPolicyRequireEveryone: An empty object which matches on all users.
external_evaluation GetZeroTrustAccessApplicationsResultPolicyRequireExternalEvaluation
geo GetZeroTrustAccessApplicationsResultPolicyRequireGeo
github_organization GetZeroTrustAccessApplicationsResultPolicyRequireGithubOrganization
group GetZeroTrustAccessApplicationsResultPolicyRequireGroup
gsuite GetZeroTrustAccessApplicationsResultPolicyRequireGsuite
ip GetZeroTrustAccessApplicationsResultPolicyRequireIp
ip_list GetZeroTrustAccessApplicationsResultPolicyRequireIpList
login_method GetZeroTrustAccessApplicationsResultPolicyRequireLoginMethod
okta GetZeroTrustAccessApplicationsResultPolicyRequireOkta
saml GetZeroTrustAccessApplicationsResultPolicyRequireSaml
service_token GetZeroTrustAccessApplicationsResultPolicyRequireServiceToken

anyValidServiceToken Property Map: An empty object which matches on all service tokens.
authContext Property Map
authMethod Property Map
azureAd Property Map
certificate Property Map
commonName Property Map
devicePosture Property Map
email Property Map
emailDomain Property Map
emailList Property Map
everyone Property Map: An empty object which matches on all users.
externalEvaluation Property Map
geo Property Map
githubOrganization Property Map
group Property Map
gsuite Property Map
ip Property Map
ipList Property Map
loginMethod Property Map
okta Property Map
saml Property Map
serviceToken Property Map

GetZeroTrustAccessApplicationsResultPolicyRequireAuthContext

AcId string: The ACID of an Authentication context.
Id string: The ID of an Authentication context.
IdentityProviderId string: The ID of your Azure identity provider.

AcId string: The ACID of an Authentication context.
Id string: The ID of an Authentication context.
IdentityProviderId string: The ID of your Azure identity provider.

acId String: The ACID of an Authentication context.
id String: The ID of an Authentication context.
identityProviderId String: The ID of your Azure identity provider.

acId string: The ACID of an Authentication context.
id string: The ID of an Authentication context.
identityProviderId string: The ID of your Azure identity provider.

ac_id str: The ACID of an Authentication context.
id str: The ID of an Authentication context.
identity_provider_id str: The ID of your Azure identity provider.

acId String: The ACID of an Authentication context.
id String: The ID of an Authentication context.
identityProviderId String: The ID of your Azure identity provider.

GetZeroTrustAccessApplicationsResultPolicyRequireAuthMethod

AuthMethod string: The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.

AuthMethod string: The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.

authMethod String: The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.

authMethod string: The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.

auth_method str: The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.

authMethod String: The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.

GetZeroTrustAccessApplicationsResultPolicyRequireAzureAd

Id string: The ID of an Azure group.
IdentityProviderId string: The ID of your Azure identity provider.

Id string: The ID of an Azure group.
IdentityProviderId string: The ID of your Azure identity provider.

id String: The ID of an Azure group.
identityProviderId String: The ID of your Azure identity provider.

id string: The ID of an Azure group.
identityProviderId string: The ID of your Azure identity provider.

id str: The ID of an Azure group.
identity_provider_id str: The ID of your Azure identity provider.

id String: The ID of an Azure group.
identityProviderId String: The ID of your Azure identity provider.

GetZeroTrustAccessApplicationsResultPolicyRequireCommonName

CommonName string: The common name to match.

CommonName string: The common name to match.

commonName String: The common name to match.

commonName string: The common name to match.

common_name str: The common name to match.

commonName String: The common name to match.

GetZeroTrustAccessApplicationsResultPolicyRequireDevicePosture

IntegrationUid string: The ID of a device posture integration.

IntegrationUid string: The ID of a device posture integration.

integrationUid String: The ID of a device posture integration.

integrationUid string: The ID of a device posture integration.

integration_uid str: The ID of a device posture integration.

integrationUid String: The ID of a device posture integration.

GetZeroTrustAccessApplicationsResultPolicyRequireEmail

Email string: The email of the user.

Email string: The email of the user.

email String: The email of the user.

email string: The email of the user.

email str: The email of the user.

email String: The email of the user.

GetZeroTrustAccessApplicationsResultPolicyRequireEmailDomain

Domain string: The email domain to match.

Domain string: The email domain to match.

domain String: The email domain to match.

domain string: The email domain to match.

domain str: The email domain to match.

domain String: The email domain to match.

GetZeroTrustAccessApplicationsResultPolicyRequireEmailList

Id string: The ID of a previously created email list.

Id string: The ID of a previously created email list.

id String: The ID of a previously created email list.

id string: The ID of a previously created email list.

id str: The ID of a previously created email list.

id String: The ID of a previously created email list.

GetZeroTrustAccessApplicationsResultPolicyRequireExternalEvaluation

EvaluateUrl string: The API endpoint containing your business logic.
KeysUrl string: The API endpoint containing the key that Access uses to verify that the response came from your API.

EvaluateUrl string: The API endpoint containing your business logic.
KeysUrl string: The API endpoint containing the key that Access uses to verify that the response came from your API.

evaluateUrl String: The API endpoint containing your business logic.
keysUrl String: The API endpoint containing the key that Access uses to verify that the response came from your API.

evaluateUrl string: The API endpoint containing your business logic.
keysUrl string: The API endpoint containing the key that Access uses to verify that the response came from your API.

evaluate_url str: The API endpoint containing your business logic.
keys_url str: The API endpoint containing the key that Access uses to verify that the response came from your API.

evaluateUrl String: The API endpoint containing your business logic.
keysUrl String: The API endpoint containing the key that Access uses to verify that the response came from your API.

GetZeroTrustAccessApplicationsResultPolicyRequireGeo

CountryCode string: The country code that should be matched.

CountryCode string: The country code that should be matched.

countryCode String: The country code that should be matched.

countryCode string: The country code that should be matched.

country_code str: The country code that should be matched.

countryCode String: The country code that should be matched.

GetZeroTrustAccessApplicationsResultPolicyRequireGithubOrganization

IdentityProviderId string: The ID of your Github identity provider.
Name string: The name of the organization.
Team string: The name of the team

IdentityProviderId string: The ID of your Github identity provider.
Name string: The name of the organization.
Team string: The name of the team

identityProviderId String: The ID of your Github identity provider.
name String: The name of the organization.
team String: The name of the team

identityProviderId string: The ID of your Github identity provider.
name string: The name of the organization.
team string: The name of the team

identity_provider_id str: The ID of your Github identity provider.
name str: The name of the organization.
team str: The name of the team

identityProviderId String: The ID of your Github identity provider.
name String: The name of the organization.
team String: The name of the team

GetZeroTrustAccessApplicationsResultPolicyRequireGroup

Id string: The ID of a previously created Access group.

Id string: The ID of a previously created Access group.

id String: The ID of a previously created Access group.

id string: The ID of a previously created Access group.

id str: The ID of a previously created Access group.

id String: The ID of a previously created Access group.

GetZeroTrustAccessApplicationsResultPolicyRequireGsuite

Email string: The email of the Google Workspace group.
IdentityProviderId string: The ID of your Google Workspace identity provider.

Email string: The email of the Google Workspace group.
IdentityProviderId string: The ID of your Google Workspace identity provider.

email String: The email of the Google Workspace group.
identityProviderId String: The ID of your Google Workspace identity provider.

email string: The email of the Google Workspace group.
identityProviderId string: The ID of your Google Workspace identity provider.

email str: The email of the Google Workspace group.
identity_provider_id str: The ID of your Google Workspace identity provider.

email String: The email of the Google Workspace group.
identityProviderId String: The ID of your Google Workspace identity provider.

GetZeroTrustAccessApplicationsResultPolicyRequireIp

Ip string: An IPv4 or IPv6 CIDR block.

Ip string: An IPv4 or IPv6 CIDR block.

ip String: An IPv4 or IPv6 CIDR block.

ip string: An IPv4 or IPv6 CIDR block.

ip str: An IPv4 or IPv6 CIDR block.

ip String: An IPv4 or IPv6 CIDR block.

GetZeroTrustAccessApplicationsResultPolicyRequireIpList

Id string: The ID of a previously created IP list.

Id string: The ID of a previously created IP list.

id String: The ID of a previously created IP list.

id string: The ID of a previously created IP list.

id str: The ID of a previously created IP list.

id String: The ID of a previously created IP list.

GetZeroTrustAccessApplicationsResultPolicyRequireLoginMethod

Id string: The ID of an identity provider.

Id string: The ID of an identity provider.

id String: The ID of an identity provider.

id string: The ID of an identity provider.

id str: The ID of an identity provider.

id String: The ID of an identity provider.

GetZeroTrustAccessApplicationsResultPolicyRequireOkta

IdentityProviderId string: The ID of your Okta identity provider.
Name string: The name of the Okta group.

IdentityProviderId string: The ID of your Okta identity provider.
Name string: The name of the Okta group.

identityProviderId String: The ID of your Okta identity provider.
name String: The name of the Okta group.

identityProviderId string: The ID of your Okta identity provider.
name string: The name of the Okta group.

identity_provider_id str: The ID of your Okta identity provider.
name str: The name of the Okta group.

identityProviderId String: The ID of your Okta identity provider.
name String: The name of the Okta group.

GetZeroTrustAccessApplicationsResultPolicyRequireSaml

AttributeName string: The name of the SAML attribute.
AttributeValue string: The SAML attribute value to look for.
IdentityProviderId string: The ID of your SAML identity provider.

AttributeName string: The name of the SAML attribute.
AttributeValue string: The SAML attribute value to look for.
IdentityProviderId string: The ID of your SAML identity provider.

attributeName String: The name of the SAML attribute.
attributeValue String: The SAML attribute value to look for.
identityProviderId String: The ID of your SAML identity provider.

attributeName string: The name of the SAML attribute.
attributeValue string: The SAML attribute value to look for.
identityProviderId string: The ID of your SAML identity provider.

attribute_name str: The name of the SAML attribute.
attribute_value str: The SAML attribute value to look for.
identity_provider_id str: The ID of your SAML identity provider.

attributeName String: The name of the SAML attribute.
attributeValue String: The SAML attribute value to look for.
identityProviderId String: The ID of your SAML identity provider.

GetZeroTrustAccessApplicationsResultPolicyRequireServiceToken

TokenId string: The ID of a Service Token.

TokenId string: The ID of a Service Token.

tokenId String: The ID of a Service Token.

tokenId string: The ID of a Service Token.

token_id str: The ID of a Service Token.

tokenId String: The ID of a Service Token.

GetZeroTrustAccessApplicationsResultSaasApp

AccessTokenLifetime string: The lifetime of the OIDC Access Token after creation. Valid units are m,h. Must be greater than or equal to 1m and less than or equal to 24h.
AllowPkceWithoutClientSecret bool: If client secret should be required on the token endpoint when authorizationcodewith_pkce grant is used.
AppLauncherUrl string: The URL where this applications tile redirects users
AuthType string: Optional identifier indicating the authentication protocol used for the saas app. Required for OIDC. Default if unset is "saml" Available values: "saml", "oidc".
ClientId string: The application client id
ClientSecret string: The application client secret, only returned on POST request.
ConsumerServiceUrl string: The service provider's endpoint that is responsible for receiving and parsing a SAML assertion.
CreatedAt string
CustomAttributes List<GetZeroTrustAccessApplicationsResultSaasAppCustomAttribute>
CustomClaims List<GetZeroTrustAccessApplicationsResultSaasAppCustomClaim>
DefaultRelayState string: The URL that the user will be redirected to after a successful login for IDP initiated logins.
GrantTypes List<string>: The OIDC flows supported by this application
GroupFilterRegex string: A regex to filter Cloudflare groups returned in ID token and userinfo endpoint
HybridAndImplicitOptions GetZeroTrustAccessApplicationsResultSaasAppHybridAndImplicitOptions
IdpEntityId string: The unique identifier for your SaaS application.
NameIdFormat string: The format of the name identifier sent to the SaaS application. Available values: "id", "email".
NameIdTransformJsonata string: A JSONata expression that transforms an application's user identities into a NameID value for its SAML assertion. This expression should evaluate to a singular string. The output of this expression can override the name_id_format setting.
PublicKey string: The Access public certificate that will be used to verify your identity.
RedirectUris List<string>: The permitted URL's for Cloudflare to return Authorization codes and Access/ID tokens
RefreshTokenOptions GetZeroTrustAccessApplicationsResultSaasAppRefreshTokenOptions
SamlAttributeTransformJsonata string: A JSONata expression that transforms an application's user identities into attribute assertions in the SAML response. The expression can transform id, email, name, and groups values. It can also transform fields listed in the samlattributes or oidcfields of the identity provider used to authenticate. The output of this expression must be a JSON object.
Scopes List<string>: Define the user information shared with access, "offline_access" scope will be automatically enabled if refresh tokens are enabled
SpEntityId string: A globally unique name for an identity or service provider.
SsoEndpoint string: The endpoint where your SaaS application will send login requests.
UpdatedAt string

AccessTokenLifetime string: The lifetime of the OIDC Access Token after creation. Valid units are m,h. Must be greater than or equal to 1m and less than or equal to 24h.
AllowPkceWithoutClientSecret bool: If client secret should be required on the token endpoint when authorizationcodewith_pkce grant is used.
AppLauncherUrl string: The URL where this applications tile redirects users
AuthType string: Optional identifier indicating the authentication protocol used for the saas app. Required for OIDC. Default if unset is "saml" Available values: "saml", "oidc".
ClientId string: The application client id
ClientSecret string: The application client secret, only returned on POST request.
ConsumerServiceUrl string: The service provider's endpoint that is responsible for receiving and parsing a SAML assertion.
CreatedAt string
CustomAttributes []GetZeroTrustAccessApplicationsResultSaasAppCustomAttribute
CustomClaims []GetZeroTrustAccessApplicationsResultSaasAppCustomClaim
DefaultRelayState string: The URL that the user will be redirected to after a successful login for IDP initiated logins.
GrantTypes []string: The OIDC flows supported by this application
GroupFilterRegex string: A regex to filter Cloudflare groups returned in ID token and userinfo endpoint
HybridAndImplicitOptions GetZeroTrustAccessApplicationsResultSaasAppHybridAndImplicitOptions
IdpEntityId string: The unique identifier for your SaaS application.
NameIdFormat string: The format of the name identifier sent to the SaaS application. Available values: "id", "email".
NameIdTransformJsonata string: A JSONata expression that transforms an application's user identities into a NameID value for its SAML assertion. This expression should evaluate to a singular string. The output of this expression can override the name_id_format setting.
PublicKey string: The Access public certificate that will be used to verify your identity.
RedirectUris []string: The permitted URL's for Cloudflare to return Authorization codes and Access/ID tokens
RefreshTokenOptions GetZeroTrustAccessApplicationsResultSaasAppRefreshTokenOptions
SamlAttributeTransformJsonata string: A JSONata expression that transforms an application's user identities into attribute assertions in the SAML response. The expression can transform id, email, name, and groups values. It can also transform fields listed in the samlattributes or oidcfields of the identity provider used to authenticate. The output of this expression must be a JSON object.
Scopes []string: Define the user information shared with access, "offline_access" scope will be automatically enabled if refresh tokens are enabled
SpEntityId string: A globally unique name for an identity or service provider.
SsoEndpoint string: The endpoint where your SaaS application will send login requests.
UpdatedAt string

accessTokenLifetime String: The lifetime of the OIDC Access Token after creation. Valid units are m,h. Must be greater than or equal to 1m and less than or equal to 24h.
allowPkceWithoutClientSecret Boolean: If client secret should be required on the token endpoint when authorizationcodewith_pkce grant is used.
appLauncherUrl String: The URL where this applications tile redirects users
authType String: Optional identifier indicating the authentication protocol used for the saas app. Required for OIDC. Default if unset is "saml" Available values: "saml", "oidc".
clientId String: The application client id
clientSecret String: The application client secret, only returned on POST request.
consumerServiceUrl String: The service provider's endpoint that is responsible for receiving and parsing a SAML assertion.
createdAt String
customAttributes List<GetZeroTrustAccessApplicationsResultSaasAppCustomAttribute>
customClaims List<GetZeroTrustAccessApplicationsResultSaasAppCustomClaim>
defaultRelayState String: The URL that the user will be redirected to after a successful login for IDP initiated logins.
grantTypes List<String>: The OIDC flows supported by this application
groupFilterRegex String: A regex to filter Cloudflare groups returned in ID token and userinfo endpoint
hybridAndImplicitOptions GetZeroTrustAccessApplicationsResultSaasAppHybridAndImplicitOptions
idpEntityId String: The unique identifier for your SaaS application.
nameIdFormat String: The format of the name identifier sent to the SaaS application. Available values: "id", "email".
nameIdTransformJsonata String: A JSONata expression that transforms an application's user identities into a NameID value for its SAML assertion. This expression should evaluate to a singular string. The output of this expression can override the name_id_format setting.
publicKey String: The Access public certificate that will be used to verify your identity.
redirectUris List<String>: The permitted URL's for Cloudflare to return Authorization codes and Access/ID tokens
refreshTokenOptions GetZeroTrustAccessApplicationsResultSaasAppRefreshTokenOptions
samlAttributeTransformJsonata String: A JSONata expression that transforms an application's user identities into attribute assertions in the SAML response. The expression can transform id, email, name, and groups values. It can also transform fields listed in the samlattributes or oidcfields of the identity provider used to authenticate. The output of this expression must be a JSON object.
scopes List<String>: Define the user information shared with access, "offline_access" scope will be automatically enabled if refresh tokens are enabled
spEntityId String: A globally unique name for an identity or service provider.
ssoEndpoint String: The endpoint where your SaaS application will send login requests.
updatedAt String

accessTokenLifetime string: The lifetime of the OIDC Access Token after creation. Valid units are m,h. Must be greater than or equal to 1m and less than or equal to 24h.
allowPkceWithoutClientSecret boolean: If client secret should be required on the token endpoint when authorizationcodewith_pkce grant is used.
appLauncherUrl string: The URL where this applications tile redirects users
authType string: Optional identifier indicating the authentication protocol used for the saas app. Required for OIDC. Default if unset is "saml" Available values: "saml", "oidc".
clientId string: The application client id
clientSecret string: The application client secret, only returned on POST request.
consumerServiceUrl string: The service provider's endpoint that is responsible for receiving and parsing a SAML assertion.
createdAt string
customAttributes GetZeroTrustAccessApplicationsResultSaasAppCustomAttribute[]
customClaims GetZeroTrustAccessApplicationsResultSaasAppCustomClaim[]
defaultRelayState string: The URL that the user will be redirected to after a successful login for IDP initiated logins.
grantTypes string[]: The OIDC flows supported by this application
groupFilterRegex string: A regex to filter Cloudflare groups returned in ID token and userinfo endpoint
hybridAndImplicitOptions GetZeroTrustAccessApplicationsResultSaasAppHybridAndImplicitOptions
idpEntityId string: The unique identifier for your SaaS application.
nameIdFormat string: The format of the name identifier sent to the SaaS application. Available values: "id", "email".
nameIdTransformJsonata string: A JSONata expression that transforms an application's user identities into a NameID value for its SAML assertion. This expression should evaluate to a singular string. The output of this expression can override the name_id_format setting.
publicKey string: The Access public certificate that will be used to verify your identity.
redirectUris string[]: The permitted URL's for Cloudflare to return Authorization codes and Access/ID tokens
refreshTokenOptions GetZeroTrustAccessApplicationsResultSaasAppRefreshTokenOptions
samlAttributeTransformJsonata string: A JSONata expression that transforms an application's user identities into attribute assertions in the SAML response. The expression can transform id, email, name, and groups values. It can also transform fields listed in the samlattributes or oidcfields of the identity provider used to authenticate. The output of this expression must be a JSON object.
scopes string[]: Define the user information shared with access, "offline_access" scope will be automatically enabled if refresh tokens are enabled
spEntityId string: A globally unique name for an identity or service provider.
ssoEndpoint string: The endpoint where your SaaS application will send login requests.
updatedAt string

access_token_lifetime str: The lifetime of the OIDC Access Token after creation. Valid units are m,h. Must be greater than or equal to 1m and less than or equal to 24h.
allow_pkce_without_client_secret bool: If client secret should be required on the token endpoint when authorizationcodewith_pkce grant is used.
app_launcher_url str: The URL where this applications tile redirects users
auth_type str: Optional identifier indicating the authentication protocol used for the saas app. Required for OIDC. Default if unset is "saml" Available values: "saml", "oidc".
client_id str: The application client id
client_secret str: The application client secret, only returned on POST request.
consumer_service_url str: The service provider's endpoint that is responsible for receiving and parsing a SAML assertion.
created_at str
custom_attributes Sequence[GetZeroTrustAccessApplicationsResultSaasAppCustomAttribute]
custom_claims Sequence[GetZeroTrustAccessApplicationsResultSaasAppCustomClaim]
default_relay_state str: The URL that the user will be redirected to after a successful login for IDP initiated logins.
grant_types Sequence[str]: The OIDC flows supported by this application
group_filter_regex str: A regex to filter Cloudflare groups returned in ID token and userinfo endpoint
hybrid_and_implicit_options GetZeroTrustAccessApplicationsResultSaasAppHybridAndImplicitOptions
idp_entity_id str: The unique identifier for your SaaS application.
name_id_format str: The format of the name identifier sent to the SaaS application. Available values: "id", "email".
name_id_transform_jsonata str: A JSONata expression that transforms an application's user identities into a NameID value for its SAML assertion. This expression should evaluate to a singular string. The output of this expression can override the name_id_format setting.
public_key str: The Access public certificate that will be used to verify your identity.
redirect_uris Sequence[str]: The permitted URL's for Cloudflare to return Authorization codes and Access/ID tokens
refresh_token_options GetZeroTrustAccessApplicationsResultSaasAppRefreshTokenOptions
saml_attribute_transform_jsonata str: A JSONata expression that transforms an application's user identities into attribute assertions in the SAML response. The expression can transform id, email, name, and groups values. It can also transform fields listed in the samlattributes or oidcfields of the identity provider used to authenticate. The output of this expression must be a JSON object.
scopes Sequence[str]: Define the user information shared with access, "offline_access" scope will be automatically enabled if refresh tokens are enabled
sp_entity_id str: A globally unique name for an identity or service provider.
sso_endpoint str: The endpoint where your SaaS application will send login requests.
updated_at str

accessTokenLifetime String: The lifetime of the OIDC Access Token after creation. Valid units are m,h. Must be greater than or equal to 1m and less than or equal to 24h.
allowPkceWithoutClientSecret Boolean: If client secret should be required on the token endpoint when authorizationcodewith_pkce grant is used.
appLauncherUrl String: The URL where this applications tile redirects users
authType String: Optional identifier indicating the authentication protocol used for the saas app. Required for OIDC. Default if unset is "saml" Available values: "saml", "oidc".
clientId String: The application client id
clientSecret String: The application client secret, only returned on POST request.
consumerServiceUrl String: The service provider's endpoint that is responsible for receiving and parsing a SAML assertion.
createdAt String
customAttributes List<Property Map>
customClaims List<Property Map>
defaultRelayState String: The URL that the user will be redirected to after a successful login for IDP initiated logins.
grantTypes List<String>: The OIDC flows supported by this application
groupFilterRegex String: A regex to filter Cloudflare groups returned in ID token and userinfo endpoint
hybridAndImplicitOptions Property Map
idpEntityId String: The unique identifier for your SaaS application.
nameIdFormat String: The format of the name identifier sent to the SaaS application. Available values: "id", "email".
nameIdTransformJsonata String: A JSONata expression that transforms an application's user identities into a NameID value for its SAML assertion. This expression should evaluate to a singular string. The output of this expression can override the name_id_format setting.
publicKey String: The Access public certificate that will be used to verify your identity.
redirectUris List<String>: The permitted URL's for Cloudflare to return Authorization codes and Access/ID tokens
refreshTokenOptions Property Map
samlAttributeTransformJsonata String: A JSONata expression that transforms an application's user identities into attribute assertions in the SAML response. The expression can transform id, email, name, and groups values. It can also transform fields listed in the samlattributes or oidcfields of the identity provider used to authenticate. The output of this expression must be a JSON object.
scopes List<String>: Define the user information shared with access, "offline_access" scope will be automatically enabled if refresh tokens are enabled
spEntityId String: A globally unique name for an identity or service provider.
ssoEndpoint String: The endpoint where your SaaS application will send login requests.
updatedAt String

GetZeroTrustAccessApplicationsResultSaasAppCustomAttribute

FriendlyName string: The SAML FriendlyName of the attribute.
Name string: The name of the attribute.
NameFormat string: A globally unique name for an identity or service provider. Available values: "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified", "urn:oasis:names:tc:SAML:2.0:attrname-format:basic", "urn:oasis:names:tc:SAML:2.0:attrname-format:uri".
Required bool: If the attribute is required when building a SAML assertion.
Source GetZeroTrustAccessApplicationsResultSaasAppCustomAttributeSource

FriendlyName string: The SAML FriendlyName of the attribute.
Name string: The name of the attribute.
NameFormat string: A globally unique name for an identity or service provider. Available values: "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified", "urn:oasis:names:tc:SAML:2.0:attrname-format:basic", "urn:oasis:names:tc:SAML:2.0:attrname-format:uri".
Required bool: If the attribute is required when building a SAML assertion.
Source GetZeroTrustAccessApplicationsResultSaasAppCustomAttributeSource

friendlyName String: The SAML FriendlyName of the attribute.
name String: The name of the attribute.
nameFormat String: A globally unique name for an identity or service provider. Available values: "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified", "urn:oasis:names:tc:SAML:2.0:attrname-format:basic", "urn:oasis:names:tc:SAML:2.0:attrname-format:uri".
required Boolean: If the attribute is required when building a SAML assertion.
source GetZeroTrustAccessApplicationsResultSaasAppCustomAttributeSource

friendlyName string: The SAML FriendlyName of the attribute.
name string: The name of the attribute.
nameFormat string: A globally unique name for an identity or service provider. Available values: "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified", "urn:oasis:names:tc:SAML:2.0:attrname-format:basic", "urn:oasis:names:tc:SAML:2.0:attrname-format:uri".
required boolean: If the attribute is required when building a SAML assertion.
source GetZeroTrustAccessApplicationsResultSaasAppCustomAttributeSource

friendly_name str: The SAML FriendlyName of the attribute.
name str: The name of the attribute.
name_format str: A globally unique name for an identity or service provider. Available values: "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified", "urn:oasis:names:tc:SAML:2.0:attrname-format:basic", "urn:oasis:names:tc:SAML:2.0:attrname-format:uri".
required bool: If the attribute is required when building a SAML assertion.
source GetZeroTrustAccessApplicationsResultSaasAppCustomAttributeSource

friendlyName String: The SAML FriendlyName of the attribute.
name String: The name of the attribute.
nameFormat String: A globally unique name for an identity or service provider. Available values: "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified", "urn:oasis:names:tc:SAML:2.0:attrname-format:basic", "urn:oasis:names:tc:SAML:2.0:attrname-format:uri".
required Boolean: If the attribute is required when building a SAML assertion.
source Property Map

GetZeroTrustAccessApplicationsResultSaasAppCustomAttributeSource

Name string: The name of the IdP attribute.
NameByIdps List<GetZeroTrustAccessApplicationsResultSaasAppCustomAttributeSourceNameByIdp>: A mapping from IdP ID to attribute name.

Name string: The name of the IdP attribute.
NameByIdps []GetZeroTrustAccessApplicationsResultSaasAppCustomAttributeSourceNameByIdp: A mapping from IdP ID to attribute name.

name String: The name of the IdP attribute.
nameByIdps List<GetZeroTrustAccessApplicationsResultSaasAppCustomAttributeSourceNameByIdp>: A mapping from IdP ID to attribute name.

name string: The name of the IdP attribute.
nameByIdps GetZeroTrustAccessApplicationsResultSaasAppCustomAttributeSourceNameByIdp[]: A mapping from IdP ID to attribute name.

name str: The name of the IdP attribute.
name_by_idps Sequence[GetZeroTrustAccessApplicationsResultSaasAppCustomAttributeSourceNameByIdp]: A mapping from IdP ID to attribute name.

name String: The name of the IdP attribute.
nameByIdps List<Property Map>: A mapping from IdP ID to attribute name.

GetZeroTrustAccessApplicationsResultSaasAppCustomAttributeSourceNameByIdp

IdpId string: The UID of the IdP.
SourceName string: The name of the IdP provided attribute.

IdpId string: The UID of the IdP.
SourceName string: The name of the IdP provided attribute.

idpId String: The UID of the IdP.
sourceName String: The name of the IdP provided attribute.

idpId string: The UID of the IdP.
sourceName string: The name of the IdP provided attribute.

idp_id str: The UID of the IdP.
source_name str: The name of the IdP provided attribute.

idpId String: The UID of the IdP.
sourceName String: The name of the IdP provided attribute.

GetZeroTrustAccessApplicationsResultSaasAppCustomClaim

Name string: The name of the claim.
Required bool: If the claim is required when building an OIDC token.
Scope string: The scope of the claim. Available values: "groups", "profile", "email", "openid".
Source GetZeroTrustAccessApplicationsResultSaasAppCustomClaimSource

Name string: The name of the claim.
Required bool: If the claim is required when building an OIDC token.
Scope string: The scope of the claim. Available values: "groups", "profile", "email", "openid".
Source GetZeroTrustAccessApplicationsResultSaasAppCustomClaimSource

name String: The name of the claim.
required Boolean: If the claim is required when building an OIDC token.
scope String: The scope of the claim. Available values: "groups", "profile", "email", "openid".
source GetZeroTrustAccessApplicationsResultSaasAppCustomClaimSource

name string: The name of the claim.
required boolean: If the claim is required when building an OIDC token.
scope string: The scope of the claim. Available values: "groups", "profile", "email", "openid".
source GetZeroTrustAccessApplicationsResultSaasAppCustomClaimSource

name str: The name of the claim.
required bool: If the claim is required when building an OIDC token.
scope str: The scope of the claim. Available values: "groups", "profile", "email", "openid".
source GetZeroTrustAccessApplicationsResultSaasAppCustomClaimSource

name String: The name of the claim.
required Boolean: If the claim is required when building an OIDC token.
scope String: The scope of the claim. Available values: "groups", "profile", "email", "openid".
source Property Map

GetZeroTrustAccessApplicationsResultSaasAppCustomClaimSource

Name string: The name of the IdP claim.
NameByIdp Dictionary<string, string>: A mapping from IdP ID to claim name.

Name string: The name of the IdP claim.
NameByIdp map[string]string: A mapping from IdP ID to claim name.

name String: The name of the IdP claim.
nameByIdp Map<String,String>: A mapping from IdP ID to claim name.

name string: The name of the IdP claim.
nameByIdp {[key: string]: string}: A mapping from IdP ID to claim name.

name str: The name of the IdP claim.
name_by_idp Mapping[str, str]: A mapping from IdP ID to claim name.

name String: The name of the IdP claim.
nameByIdp Map<String>: A mapping from IdP ID to claim name.

GetZeroTrustAccessApplicationsResultSaasAppHybridAndImplicitOptions

ReturnAccessTokenFromAuthorizationEndpoint bool: If an Access Token should be returned from the OIDC Authorization endpoint
ReturnIdTokenFromAuthorizationEndpoint bool: If an ID Token should be returned from the OIDC Authorization endpoint

ReturnAccessTokenFromAuthorizationEndpoint bool: If an Access Token should be returned from the OIDC Authorization endpoint
ReturnIdTokenFromAuthorizationEndpoint bool: If an ID Token should be returned from the OIDC Authorization endpoint

returnAccessTokenFromAuthorizationEndpoint Boolean: If an Access Token should be returned from the OIDC Authorization endpoint
returnIdTokenFromAuthorizationEndpoint Boolean: If an ID Token should be returned from the OIDC Authorization endpoint

returnAccessTokenFromAuthorizationEndpoint boolean: If an Access Token should be returned from the OIDC Authorization endpoint
returnIdTokenFromAuthorizationEndpoint boolean: If an ID Token should be returned from the OIDC Authorization endpoint

return_access_token_from_authorization_endpoint bool: If an Access Token should be returned from the OIDC Authorization endpoint
return_id_token_from_authorization_endpoint bool: If an ID Token should be returned from the OIDC Authorization endpoint

returnAccessTokenFromAuthorizationEndpoint Boolean: If an Access Token should be returned from the OIDC Authorization endpoint
returnIdTokenFromAuthorizationEndpoint Boolean: If an ID Token should be returned from the OIDC Authorization endpoint

GetZeroTrustAccessApplicationsResultSaasAppRefreshTokenOptions

Lifetime string: How long a refresh token will be valid for after creation. Valid units are m,h,d. Must be longer than 1m.

Lifetime string: How long a refresh token will be valid for after creation. Valid units are m,h,d. Must be longer than 1m.

lifetime String: How long a refresh token will be valid for after creation. Valid units are m,h,d. Must be longer than 1m.

lifetime string: How long a refresh token will be valid for after creation. Valid units are m,h,d. Must be longer than 1m.

lifetime str: How long a refresh token will be valid for after creation. Valid units are m,h,d. Must be longer than 1m.

lifetime String: How long a refresh token will be valid for after creation. Valid units are m,h,d. Must be longer than 1m.

GetZeroTrustAccessApplicationsResultScimConfig

Authentication GetZeroTrustAccessApplicationsResultScimConfigAuthentication: Attributes for configuring HTTP Basic authentication scheme for SCIM provisioning to an application.
DeactivateOnDelete bool: If false, propagates DELETE requests to the target application for SCIM resources. If true, sets 'active' to false on the SCIM resource. Note: Some targets do not support DELETE operations.
Enabled bool: Whether SCIM provisioning is turned on for this application.
IdpUid string: The UID of the IdP to use as the source for SCIM resources to provision to this application.
Mappings List<GetZeroTrustAccessApplicationsResultScimConfigMapping>: A list of mappings to apply to SCIM resources before provisioning them in this application. These can transform or filter the resources to be provisioned.
RemoteUri string: The base URI for the application's SCIM-compatible API.

Authentication GetZeroTrustAccessApplicationsResultScimConfigAuthentication: Attributes for configuring HTTP Basic authentication scheme for SCIM provisioning to an application.
DeactivateOnDelete bool: If false, propagates DELETE requests to the target application for SCIM resources. If true, sets 'active' to false on the SCIM resource. Note: Some targets do not support DELETE operations.
Enabled bool: Whether SCIM provisioning is turned on for this application.
IdpUid string: The UID of the IdP to use as the source for SCIM resources to provision to this application.
Mappings []GetZeroTrustAccessApplicationsResultScimConfigMapping: A list of mappings to apply to SCIM resources before provisioning them in this application. These can transform or filter the resources to be provisioned.
RemoteUri string: The base URI for the application's SCIM-compatible API.

authentication GetZeroTrustAccessApplicationsResultScimConfigAuthentication: Attributes for configuring HTTP Basic authentication scheme for SCIM provisioning to an application.
deactivateOnDelete Boolean: If false, propagates DELETE requests to the target application for SCIM resources. If true, sets 'active' to false on the SCIM resource. Note: Some targets do not support DELETE operations.
enabled Boolean: Whether SCIM provisioning is turned on for this application.
idpUid String: The UID of the IdP to use as the source for SCIM resources to provision to this application.
mappings List<GetZeroTrustAccessApplicationsResultScimConfigMapping>: A list of mappings to apply to SCIM resources before provisioning them in this application. These can transform or filter the resources to be provisioned.
remoteUri String: The base URI for the application's SCIM-compatible API.

authentication GetZeroTrustAccessApplicationsResultScimConfigAuthentication: Attributes for configuring HTTP Basic authentication scheme for SCIM provisioning to an application.
deactivateOnDelete boolean: If false, propagates DELETE requests to the target application for SCIM resources. If true, sets 'active' to false on the SCIM resource. Note: Some targets do not support DELETE operations.
enabled boolean: Whether SCIM provisioning is turned on for this application.
idpUid string: The UID of the IdP to use as the source for SCIM resources to provision to this application.
mappings GetZeroTrustAccessApplicationsResultScimConfigMapping[]: A list of mappings to apply to SCIM resources before provisioning them in this application. These can transform or filter the resources to be provisioned.
remoteUri string: The base URI for the application's SCIM-compatible API.

authentication GetZeroTrustAccessApplicationsResultScimConfigAuthentication: Attributes for configuring HTTP Basic authentication scheme for SCIM provisioning to an application.
deactivate_on_delete bool: If false, propagates DELETE requests to the target application for SCIM resources. If true, sets 'active' to false on the SCIM resource. Note: Some targets do not support DELETE operations.
enabled bool: Whether SCIM provisioning is turned on for this application.
idp_uid str: The UID of the IdP to use as the source for SCIM resources to provision to this application.
mappings Sequence[GetZeroTrustAccessApplicationsResultScimConfigMapping]: A list of mappings to apply to SCIM resources before provisioning them in this application. These can transform or filter the resources to be provisioned.
remote_uri str: The base URI for the application's SCIM-compatible API.

authentication Property Map: Attributes for configuring HTTP Basic authentication scheme for SCIM provisioning to an application.
deactivateOnDelete Boolean: If false, propagates DELETE requests to the target application for SCIM resources. If true, sets 'active' to false on the SCIM resource. Note: Some targets do not support DELETE operations.
enabled Boolean: Whether SCIM provisioning is turned on for this application.
idpUid String: The UID of the IdP to use as the source for SCIM resources to provision to this application.
mappings List<Property Map>: A list of mappings to apply to SCIM resources before provisioning them in this application. These can transform or filter the resources to be provisioned.
remoteUri String: The base URI for the application's SCIM-compatible API.

GetZeroTrustAccessApplicationsResultScimConfigAuthentication

AuthorizationUrl string: URL used to generate the auth code used during token generation.
ClientId string: Client ID used to authenticate when generating a token for authenticating with the remote SCIM service.
ClientSecret string: Secret used to authenticate when generating a token for authenticating with the remove SCIM service.
Password string: Password used to authenticate with the remote SCIM service.
Scheme string: The authentication scheme to use when making SCIM requests to this application. Available values: "httpbasic".
Scopes List<string>: The authorization scopes to request when generating the token used to authenticate with the remove SCIM service.
Token string: Token used to authenticate with the remote SCIM service.
TokenUrl string: URL used to generate the token used to authenticate with the remote SCIM service.
User string: User name used to authenticate with the remote SCIM service.

AuthorizationUrl string: URL used to generate the auth code used during token generation.
ClientId string: Client ID used to authenticate when generating a token for authenticating with the remote SCIM service.
ClientSecret string: Secret used to authenticate when generating a token for authenticating with the remove SCIM service.
Password string: Password used to authenticate with the remote SCIM service.
Scheme string: The authentication scheme to use when making SCIM requests to this application. Available values: "httpbasic".
Scopes []string: The authorization scopes to request when generating the token used to authenticate with the remove SCIM service.
Token string: Token used to authenticate with the remote SCIM service.
TokenUrl string: URL used to generate the token used to authenticate with the remote SCIM service.
User string: User name used to authenticate with the remote SCIM service.

authorizationUrl String: URL used to generate the auth code used during token generation.
clientId String: Client ID used to authenticate when generating a token for authenticating with the remote SCIM service.
clientSecret String: Secret used to authenticate when generating a token for authenticating with the remove SCIM service.
password String: Password used to authenticate with the remote SCIM service.
scheme String: The authentication scheme to use when making SCIM requests to this application. Available values: "httpbasic".
scopes List<String>: The authorization scopes to request when generating the token used to authenticate with the remove SCIM service.
token String: Token used to authenticate with the remote SCIM service.
tokenUrl String: URL used to generate the token used to authenticate with the remote SCIM service.
user String: User name used to authenticate with the remote SCIM service.

authorizationUrl string: URL used to generate the auth code used during token generation.
clientId string: Client ID used to authenticate when generating a token for authenticating with the remote SCIM service.
clientSecret string: Secret used to authenticate when generating a token for authenticating with the remove SCIM service.
password string: Password used to authenticate with the remote SCIM service.
scheme string: The authentication scheme to use when making SCIM requests to this application. Available values: "httpbasic".
scopes string[]: The authorization scopes to request when generating the token used to authenticate with the remove SCIM service.
token string: Token used to authenticate with the remote SCIM service.
tokenUrl string: URL used to generate the token used to authenticate with the remote SCIM service.
user string: User name used to authenticate with the remote SCIM service.

authorization_url str: URL used to generate the auth code used during token generation.
client_id str: Client ID used to authenticate when generating a token for authenticating with the remote SCIM service.
client_secret str: Secret used to authenticate when generating a token for authenticating with the remove SCIM service.
password str: Password used to authenticate with the remote SCIM service.
scheme str: The authentication scheme to use when making SCIM requests to this application. Available values: "httpbasic".
scopes Sequence[str]: The authorization scopes to request when generating the token used to authenticate with the remove SCIM service.
token str: Token used to authenticate with the remote SCIM service.
token_url str: URL used to generate the token used to authenticate with the remote SCIM service.
user str: User name used to authenticate with the remote SCIM service.

authorizationUrl String: URL used to generate the auth code used during token generation.
clientId String: Client ID used to authenticate when generating a token for authenticating with the remote SCIM service.
clientSecret String: Secret used to authenticate when generating a token for authenticating with the remove SCIM service.
password String: Password used to authenticate with the remote SCIM service.
scheme String: The authentication scheme to use when making SCIM requests to this application. Available values: "httpbasic".
scopes List<String>: The authorization scopes to request when generating the token used to authenticate with the remove SCIM service.
token String: Token used to authenticate with the remote SCIM service.
tokenUrl String: URL used to generate the token used to authenticate with the remote SCIM service.
user String: User name used to authenticate with the remote SCIM service.

GetZeroTrustAccessApplicationsResultScimConfigMapping

Enabled bool: Whether or not this mapping is enabled.
Filter string: A SCIM filter expression that matches resources that should be provisioned to this application.
Operations GetZeroTrustAccessApplicationsResultScimConfigMappingOperations: Whether or not this mapping applies to creates, updates, or deletes.
Schema string: Which SCIM resource type this mapping applies to.
Strictness string: The level of adherence to outbound resource schemas when provisioning to this mapping. ‘Strict’ removes unknown values, while ‘passthrough’ passes unknown values to the target. Available values: "strict", "passthrough".
TransformJsonata string: A JSONata expression that transforms the resource before provisioning it in the application.

Enabled bool: Whether or not this mapping is enabled.
Filter string: A SCIM filter expression that matches resources that should be provisioned to this application.
Operations GetZeroTrustAccessApplicationsResultScimConfigMappingOperations: Whether or not this mapping applies to creates, updates, or deletes.
Schema string: Which SCIM resource type this mapping applies to.
Strictness string: The level of adherence to outbound resource schemas when provisioning to this mapping. ‘Strict’ removes unknown values, while ‘passthrough’ passes unknown values to the target. Available values: "strict", "passthrough".
TransformJsonata string: A JSONata expression that transforms the resource before provisioning it in the application.

enabled Boolean: Whether or not this mapping is enabled.
filter String: A SCIM filter expression that matches resources that should be provisioned to this application.
operations GetZeroTrustAccessApplicationsResultScimConfigMappingOperations: Whether or not this mapping applies to creates, updates, or deletes.
schema String: Which SCIM resource type this mapping applies to.
strictness String: The level of adherence to outbound resource schemas when provisioning to this mapping. ‘Strict’ removes unknown values, while ‘passthrough’ passes unknown values to the target. Available values: "strict", "passthrough".
transformJsonata String: A JSONata expression that transforms the resource before provisioning it in the application.

enabled boolean: Whether or not this mapping is enabled.
filter string: A SCIM filter expression that matches resources that should be provisioned to this application.
operations GetZeroTrustAccessApplicationsResultScimConfigMappingOperations: Whether or not this mapping applies to creates, updates, or deletes.
schema string: Which SCIM resource type this mapping applies to.
strictness string: The level of adherence to outbound resource schemas when provisioning to this mapping. ‘Strict’ removes unknown values, while ‘passthrough’ passes unknown values to the target. Available values: "strict", "passthrough".
transformJsonata string: A JSONata expression that transforms the resource before provisioning it in the application.

enabled bool: Whether or not this mapping is enabled.
filter str: A SCIM filter expression that matches resources that should be provisioned to this application.
operations GetZeroTrustAccessApplicationsResultScimConfigMappingOperations: Whether or not this mapping applies to creates, updates, or deletes.
schema str: Which SCIM resource type this mapping applies to.
strictness str: The level of adherence to outbound resource schemas when provisioning to this mapping. ‘Strict’ removes unknown values, while ‘passthrough’ passes unknown values to the target. Available values: "strict", "passthrough".
transform_jsonata str: A JSONata expression that transforms the resource before provisioning it in the application.

enabled Boolean: Whether or not this mapping is enabled.
filter String: A SCIM filter expression that matches resources that should be provisioned to this application.
operations Property Map: Whether or not this mapping applies to creates, updates, or deletes.
schema String: Which SCIM resource type this mapping applies to.
strictness String: The level of adherence to outbound resource schemas when provisioning to this mapping. ‘Strict’ removes unknown values, while ‘passthrough’ passes unknown values to the target. Available values: "strict", "passthrough".
transformJsonata String: A JSONata expression that transforms the resource before provisioning it in the application.

GetZeroTrustAccessApplicationsResultScimConfigMappingOperations

Create bool: Whether or not this mapping applies to create (POST) operations.
Delete bool: Whether or not this mapping applies to DELETE operations.
Update bool: Whether or not this mapping applies to update (PATCH/PUT) operations.

Create bool: Whether or not this mapping applies to create (POST) operations.
Delete bool: Whether or not this mapping applies to DELETE operations.
Update bool: Whether or not this mapping applies to update (PATCH/PUT) operations.

create Boolean: Whether or not this mapping applies to create (POST) operations.
delete Boolean: Whether or not this mapping applies to DELETE operations.
update Boolean: Whether or not this mapping applies to update (PATCH/PUT) operations.

create boolean: Whether or not this mapping applies to create (POST) operations.
delete boolean: Whether or not this mapping applies to DELETE operations.
update boolean: Whether or not this mapping applies to update (PATCH/PUT) operations.

create bool: Whether or not this mapping applies to create (POST) operations.
delete bool: Whether or not this mapping applies to DELETE operations.
update bool: Whether or not this mapping applies to update (PATCH/PUT) operations.

create Boolean: Whether or not this mapping applies to create (POST) operations.
delete Boolean: Whether or not this mapping applies to DELETE operations.
update Boolean: Whether or not this mapping applies to update (PATCH/PUT) operations.

GetZeroTrustAccessApplicationsResultTargetCriteria

Port int: The port that the targets use for the chosen communication protocol. A port cannot be assigned to multiple protocols.
Protocol string: The communication protocol your application secures. Available values: "ssh".
TargetAttributes Dictionary<string, ImmutableArray<string>>: Contains a map of target attribute keys to target attribute values.

Port int: The port that the targets use for the chosen communication protocol. A port cannot be assigned to multiple protocols.
Protocol string: The communication protocol your application secures. Available values: "ssh".
TargetAttributes map[string][]string: Contains a map of target attribute keys to target attribute values.

port Integer: The port that the targets use for the chosen communication protocol. A port cannot be assigned to multiple protocols.
protocol String: The communication protocol your application secures. Available values: "ssh".
targetAttributes Map<String,List<String>>: Contains a map of target attribute keys to target attribute values.

port number: The port that the targets use for the chosen communication protocol. A port cannot be assigned to multiple protocols.
protocol string: The communication protocol your application secures. Available values: "ssh".
targetAttributes {[key: string]: string[]}: Contains a map of target attribute keys to target attribute values.

port int: The port that the targets use for the chosen communication protocol. A port cannot be assigned to multiple protocols.
protocol str: The communication protocol your application secures. Available values: "ssh".
target_attributes Mapping[str, Sequence[str]]: Contains a map of target attribute keys to target attribute values.

port Number: The port that the targets use for the chosen communication protocol. A port cannot be assigned to multiple protocols.
protocol String: The communication protocol your application secures. Available values: "ssh".
targetAttributes Map<List<String>>: Contains a map of target attribute keys to target attribute values.

Package Details

Repository: Cloudflare pulumi/pulumi-cloudflare
License: Apache-2.0
Notes: This Pulumi package is based on the cloudflare Terraform Provider.

Cloudflare v6.1.1 published on Monday, Apr 21, 2025 by Pulumi

pulumi/pulumi-cloudflare

cloudflare.getZeroTrustAccessApplications

On this page

On this page

Example Usage

Using getZeroTrustAccessApplications

getZeroTrustAccessApplications Result

Supporting Types

GetZeroTrustAccessApplicationsResult

GetZeroTrustAccessApplicationsResultCorsHeaders

GetZeroTrustAccessApplicationsResultDestination

GetZeroTrustAccessApplicationsResultFooterLink

GetZeroTrustAccessApplicationsResultLandingPageDesign

GetZeroTrustAccessApplicationsResultPolicy

GetZeroTrustAccessApplicationsResultPolicyApprovalGroup

GetZeroTrustAccessApplicationsResultPolicyConnectionRules

GetZeroTrustAccessApplicationsResultPolicyConnectionRulesSsh

GetZeroTrustAccessApplicationsResultPolicyExclude

GetZeroTrustAccessApplicationsResultPolicyExcludeAuthContext

GetZeroTrustAccessApplicationsResultPolicyExcludeAuthMethod

GetZeroTrustAccessApplicationsResultPolicyExcludeAzureAd

GetZeroTrustAccessApplicationsResultPolicyExcludeCommonName

GetZeroTrustAccessApplicationsResultPolicyExcludeDevicePosture

GetZeroTrustAccessApplicationsResultPolicyExcludeEmail

GetZeroTrustAccessApplicationsResultPolicyExcludeEmailDomain

GetZeroTrustAccessApplicationsResultPolicyExcludeEmailList

GetZeroTrustAccessApplicationsResultPolicyExcludeExternalEvaluation

GetZeroTrustAccessApplicationsResultPolicyExcludeGeo

GetZeroTrustAccessApplicationsResultPolicyExcludeGithubOrganization

GetZeroTrustAccessApplicationsResultPolicyExcludeGroup

GetZeroTrustAccessApplicationsResultPolicyExcludeGsuite

GetZeroTrustAccessApplicationsResultPolicyExcludeIp

GetZeroTrustAccessApplicationsResultPolicyExcludeIpList

GetZeroTrustAccessApplicationsResultPolicyExcludeLoginMethod

GetZeroTrustAccessApplicationsResultPolicyExcludeOkta

GetZeroTrustAccessApplicationsResultPolicyExcludeSaml

GetZeroTrustAccessApplicationsResultPolicyExcludeServiceToken

GetZeroTrustAccessApplicationsResultPolicyInclude

GetZeroTrustAccessApplicationsResultPolicyIncludeAuthContext

GetZeroTrustAccessApplicationsResultPolicyIncludeAuthMethod

GetZeroTrustAccessApplicationsResultPolicyIncludeAzureAd

GetZeroTrustAccessApplicationsResultPolicyIncludeCommonName

GetZeroTrustAccessApplicationsResultPolicyIncludeDevicePosture

GetZeroTrustAccessApplicationsResultPolicyIncludeEmail

GetZeroTrustAccessApplicationsResultPolicyIncludeEmailDomain

GetZeroTrustAccessApplicationsResultPolicyIncludeEmailList

GetZeroTrustAccessApplicationsResultPolicyIncludeExternalEvaluation

GetZeroTrustAccessApplicationsResultPolicyIncludeGeo

GetZeroTrustAccessApplicationsResultPolicyIncludeGithubOrganization

GetZeroTrustAccessApplicationsResultPolicyIncludeGroup

GetZeroTrustAccessApplicationsResultPolicyIncludeGsuite

GetZeroTrustAccessApplicationsResultPolicyIncludeIp

GetZeroTrustAccessApplicationsResultPolicyIncludeIpList

GetZeroTrustAccessApplicationsResultPolicyIncludeLoginMethod

GetZeroTrustAccessApplicationsResultPolicyIncludeOkta

GetZeroTrustAccessApplicationsResultPolicyIncludeSaml

GetZeroTrustAccessApplicationsResultPolicyIncludeServiceToken

GetZeroTrustAccessApplicationsResultPolicyRequire

GetZeroTrustAccessApplicationsResultPolicyRequireAuthContext

GetZeroTrustAccessApplicationsResultPolicyRequireAuthMethod

GetZeroTrustAccessApplicationsResultPolicyRequireAzureAd

GetZeroTrustAccessApplicationsResultPolicyRequireCommonName

GetZeroTrustAccessApplicationsResultPolicyRequireDevicePosture

GetZeroTrustAccessApplicationsResultPolicyRequireEmail

GetZeroTrustAccessApplicationsResultPolicyRequireEmailDomain

GetZeroTrustAccessApplicationsResultPolicyRequireEmailList

GetZeroTrustAccessApplicationsResultPolicyRequireExternalEvaluation

GetZeroTrustAccessApplicationsResultPolicyRequireGeo

GetZeroTrustAccessApplicationsResultPolicyRequireGithubOrganization

GetZeroTrustAccessApplicationsResultPolicyRequireGroup

GetZeroTrustAccessApplicationsResultPolicyRequireGsuite

GetZeroTrustAccessApplicationsResultPolicyRequireIp

GetZeroTrustAccessApplicationsResultPolicyRequireIpList

GetZeroTrustAccessApplicationsResultPolicyRequireLoginMethod

GetZeroTrustAccessApplicationsResultPolicyRequireOkta

GetZeroTrustAccessApplicationsResultPolicyRequireSaml

GetZeroTrustAccessApplicationsResultPolicyRequireServiceToken

GetZeroTrustAccessApplicationsResultSaasApp

GetZeroTrustAccessApplicationsResultSaasAppCustomAttribute

GetZeroTrustAccessApplicationsResultSaasAppCustomAttributeSource

GetZeroTrustAccessApplicationsResultSaasAppCustomAttributeSourceNameByIdp