1. Packages
  2. Auth0 Provider
  3. API Docs
  4. Connection
Auth0 v3.17.1 published on Tuesday, Apr 15, 2025 by Pulumi

auth0.Connection

Explore with Pulumi AI

With Auth0, you can define sources of users, otherwise known as connections, which may include identity providers (such as Google or LinkedIn), databases, or passwordless authentication methods. This resource allows you to configure and manage connections to be used with your clients and users.

The Auth0 dashboard displays only one connection per social provider. Although the Auth0 Management API allows the creation of multiple connections per strategy, the additional connections may not be visible in the Auth0 dashboard.

When updating the options parameter, ensure that all nested fields within the options schema are explicitly defined. Failing to do so may result in the loss of existing configurations.

Example Usage

Auth0 Connection

import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";

// This is an example of an Auth0 connection.
const myConnection = new auth0.Connection("my_connection", {
    name: "Example-Connection",
    isDomainConnection: true,
    strategy: "auth0",
    metadata: {
        key1: "foo",
        key2: "bar",
    },
    options: {
        passwordPolicy: "excellent",
        bruteForceProtection: true,
        strategyVersion: 2,
        enabledDatabaseCustomization: true,
        importMode: false,
        requiresUsername: true,
        disableSignup: false,
        customScripts: {
            get_user: `        function getByEmail(email, callback) {
          return callback(new Error("Whoops!"));
        }
`,
        },
        configuration: {
            foo: "bar",
            bar: "baz",
        },
        upstreamParams: JSON.stringify({
            screen_name: {
                alias: "login_hint",
            },
        }),
        passwordHistories: [{
            enable: true,
            size: 3,
        }],
        passwordNoPersonalInfo: {
            enable: true,
        },
        passwordDictionary: {
            enable: true,
            dictionaries: [
                "password",
                "admin",
                "1234",
            ],
        },
        passwordComplexityOptions: {
            minLength: 12,
        },
        validation: {
            username: {
                min: 10,
                max: 40,
            },
        },
        mfa: {
            active: true,
            returnEnrollSettings: true,
        },
        authenticationMethods: [{
            passkey: {
                enabled: true,
            },
            password: {
                enabled: true,
            },
        }],
        passkeyOptions: {
            challengeUi: "both",
            localEnrollmentEnabled: true,
            progressiveEnrollmentEnabled: true,
        },
    },
});
Copy
import pulumi
import json
import pulumi_auth0 as auth0

# This is an example of an Auth0 connection.
my_connection = auth0.Connection("my_connection",
    name="Example-Connection",
    is_domain_connection=True,
    strategy="auth0",
    metadata={
        "key1": "foo",
        "key2": "bar",
    },
    options={
        "password_policy": "excellent",
        "brute_force_protection": True,
        "strategy_version": 2,
        "enabled_database_customization": True,
        "import_mode": False,
        "requires_username": True,
        "disable_signup": False,
        "custom_scripts": {
            "get_user": """        function getByEmail(email, callback) {
          return callback(new Error("Whoops!"));
        }
""",
        },
        "configuration": {
            "foo": "bar",
            "bar": "baz",
        },
        "upstream_params": json.dumps({
            "screen_name": {
                "alias": "login_hint",
            },
        }),
        "password_histories": [{
            "enable": True,
            "size": 3,
        }],
        "password_no_personal_info": {
            "enable": True,
        },
        "password_dictionary": {
            "enable": True,
            "dictionaries": [
                "password",
                "admin",
                "1234",
            ],
        },
        "password_complexity_options": {
            "min_length": 12,
        },
        "validation": {
            "username": {
                "min": 10,
                "max": 40,
            },
        },
        "mfa": {
            "active": True,
            "return_enroll_settings": True,
        },
        "authentication_methods": [{
            "passkey": {
                "enabled": True,
            },
            "password": {
                "enabled": True,
            },
        }],
        "passkey_options": {
            "challenge_ui": "both",
            "local_enrollment_enabled": True,
            "progressive_enrollment_enabled": True,
        },
    })
Copy
package main

import (
	"encoding/json"

	"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		tmpJSON0, err := json.Marshal(map[string]interface{}{
			"screen_name": map[string]interface{}{
				"alias": "login_hint",
			},
		})
		if err != nil {
			return err
		}
		json0 := string(tmpJSON0)
		// This is an example of an Auth0 connection.
		_, err = auth0.NewConnection(ctx, "my_connection", &auth0.ConnectionArgs{
			Name:               pulumi.String("Example-Connection"),
			IsDomainConnection: pulumi.Bool(true),
			Strategy:           pulumi.String("auth0"),
			Metadata: pulumi.StringMap{
				"key1": pulumi.String("foo"),
				"key2": pulumi.String("bar"),
			},
			Options: &auth0.ConnectionOptionsArgs{
				PasswordPolicy:               pulumi.String("excellent"),
				BruteForceProtection:         pulumi.Bool(true),
				StrategyVersion:              pulumi.Int(2),
				EnabledDatabaseCustomization: pulumi.Bool(true),
				ImportMode:                   pulumi.Bool(false),
				RequiresUsername:             pulumi.Bool(true),
				DisableSignup:                pulumi.Bool(false),
				CustomScripts: pulumi.StringMap{
					"get_user": pulumi.String("        function getByEmail(email, callback) {\n          return callback(new Error(\"Whoops!\"));\n        }\n"),
				},
				Configuration: pulumi.StringMap{
					"foo": pulumi.String("bar"),
					"bar": pulumi.String("baz"),
				},
				UpstreamParams: pulumi.String(json0),
				PasswordHistories: auth0.ConnectionOptionsPasswordHistoryArray{
					&auth0.ConnectionOptionsPasswordHistoryArgs{
						Enable: pulumi.Bool(true),
						Size:   pulumi.Int(3),
					},
				},
				PasswordNoPersonalInfo: &auth0.ConnectionOptionsPasswordNoPersonalInfoArgs{
					Enable: pulumi.Bool(true),
				},
				PasswordDictionary: &auth0.ConnectionOptionsPasswordDictionaryArgs{
					Enable: pulumi.Bool(true),
					Dictionaries: pulumi.StringArray{
						pulumi.String("password"),
						pulumi.String("admin"),
						pulumi.String("1234"),
					},
				},
				PasswordComplexityOptions: &auth0.ConnectionOptionsPasswordComplexityOptionsArgs{
					MinLength: pulumi.Int(12),
				},
				Validation: &auth0.ConnectionOptionsValidationArgs{
					Username: &auth0.ConnectionOptionsValidationUsernameArgs{
						Min: pulumi.Int(10),
						Max: pulumi.Int(40),
					},
				},
				Mfa: &auth0.ConnectionOptionsMfaArgs{
					Active:               pulumi.Bool(true),
					ReturnEnrollSettings: pulumi.Bool(true),
				},
				AuthenticationMethods: auth0.ConnectionOptionsAuthenticationMethodArray{
					&auth0.ConnectionOptionsAuthenticationMethodArgs{
						Passkey: &auth0.ConnectionOptionsAuthenticationMethodPasskeyArgs{
							Enabled: pulumi.Bool(true),
						},
						Password: &auth0.ConnectionOptionsAuthenticationMethodPasswordArgs{
							Enabled: pulumi.Bool(true),
						},
					},
				},
				PasskeyOptions: &auth0.ConnectionOptionsPasskeyOptionsArgs{
					ChallengeUi:                  pulumi.String("both"),
					LocalEnrollmentEnabled:       pulumi.Bool(true),
					ProgressiveEnrollmentEnabled: pulumi.Bool(true),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Auth0 = Pulumi.Auth0;

return await Deployment.RunAsync(() => 
{
    // This is an example of an Auth0 connection.
    var myConnection = new Auth0.Connection("my_connection", new()
    {
        Name = "Example-Connection",
        IsDomainConnection = true,
        Strategy = "auth0",
        Metadata = 
        {
            { "key1", "foo" },
            { "key2", "bar" },
        },
        Options = new Auth0.Inputs.ConnectionOptionsArgs
        {
            PasswordPolicy = "excellent",
            BruteForceProtection = true,
            StrategyVersion = 2,
            EnabledDatabaseCustomization = true,
            ImportMode = false,
            RequiresUsername = true,
            DisableSignup = false,
            CustomScripts = 
            {
                { "get_user", @"        function getByEmail(email, callback) {
          return callback(new Error(""Whoops!""));
        }
" },
            },
            Configuration = 
            {
                { "foo", "bar" },
                { "bar", "baz" },
            },
            UpstreamParams = JsonSerializer.Serialize(new Dictionary<string, object?>
            {
                ["screen_name"] = new Dictionary<string, object?>
                {
                    ["alias"] = "login_hint",
                },
            }),
            PasswordHistories = new[]
            {
                new Auth0.Inputs.ConnectionOptionsPasswordHistoryArgs
                {
                    Enable = true,
                    Size = 3,
                },
            },
            PasswordNoPersonalInfo = new Auth0.Inputs.ConnectionOptionsPasswordNoPersonalInfoArgs
            {
                Enable = true,
            },
            PasswordDictionary = new Auth0.Inputs.ConnectionOptionsPasswordDictionaryArgs
            {
                Enable = true,
                Dictionaries = new[]
                {
                    "password",
                    "admin",
                    "1234",
                },
            },
            PasswordComplexityOptions = new Auth0.Inputs.ConnectionOptionsPasswordComplexityOptionsArgs
            {
                MinLength = 12,
            },
            Validation = new Auth0.Inputs.ConnectionOptionsValidationArgs
            {
                Username = new Auth0.Inputs.ConnectionOptionsValidationUsernameArgs
                {
                    Min = 10,
                    Max = 40,
                },
            },
            Mfa = new Auth0.Inputs.ConnectionOptionsMfaArgs
            {
                Active = true,
                ReturnEnrollSettings = true,
            },
            AuthenticationMethods = new[]
            {
                new Auth0.Inputs.ConnectionOptionsAuthenticationMethodArgs
                {
                    Passkey = new Auth0.Inputs.ConnectionOptionsAuthenticationMethodPasskeyArgs
                    {
                        Enabled = true,
                    },
                    Password = new Auth0.Inputs.ConnectionOptionsAuthenticationMethodPasswordArgs
                    {
                        Enabled = true,
                    },
                },
            },
            PasskeyOptions = new Auth0.Inputs.ConnectionOptionsPasskeyOptionsArgs
            {
                ChallengeUi = "both",
                LocalEnrollmentEnabled = true,
                ProgressiveEnrollmentEnabled = true,
            },
        },
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsPasswordNoPersonalInfoArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsPasswordDictionaryArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsPasswordComplexityOptionsArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsValidationArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsValidationUsernameArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsMfaArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsPasskeyOptionsArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        // This is an example of an Auth0 connection.
        var myConnection = new Connection("myConnection", ConnectionArgs.builder()
            .name("Example-Connection")
            .isDomainConnection(true)
            .strategy("auth0")
            .metadata(Map.ofEntries(
                Map.entry("key1", "foo"),
                Map.entry("key2", "bar")
            ))
            .options(ConnectionOptionsArgs.builder()
                .passwordPolicy("excellent")
                .bruteForceProtection(true)
                .strategyVersion(2)
                .enabledDatabaseCustomization(true)
                .importMode(false)
                .requiresUsername(true)
                .disableSignup(false)
                .customScripts(Map.of("get_user", """
        function getByEmail(email, callback) {
          return callback(new Error("Whoops!"));
        }
                """))
                .configuration(Map.ofEntries(
                    Map.entry("foo", "bar"),
                    Map.entry("bar", "baz")
                ))
                .upstreamParams(serializeJson(
                    jsonObject(
                        jsonProperty("screen_name", jsonObject(
                            jsonProperty("alias", "login_hint")
                        ))
                    )))
                .passwordHistories(ConnectionOptionsPasswordHistoryArgs.builder()
                    .enable(true)
                    .size(3)
                    .build())
                .passwordNoPersonalInfo(ConnectionOptionsPasswordNoPersonalInfoArgs.builder()
                    .enable(true)
                    .build())
                .passwordDictionary(ConnectionOptionsPasswordDictionaryArgs.builder()
                    .enable(true)
                    .dictionaries(                    
                        "password",
                        "admin",
                        "1234")
                    .build())
                .passwordComplexityOptions(ConnectionOptionsPasswordComplexityOptionsArgs.builder()
                    .minLength(12)
                    .build())
                .validation(ConnectionOptionsValidationArgs.builder()
                    .username(ConnectionOptionsValidationUsernameArgs.builder()
                        .min(10)
                        .max(40)
                        .build())
                    .build())
                .mfa(ConnectionOptionsMfaArgs.builder()
                    .active(true)
                    .returnEnrollSettings(true)
                    .build())
                .authenticationMethods(ConnectionOptionsAuthenticationMethodArgs.builder()
                    .passkey(ConnectionOptionsAuthenticationMethodPasskeyArgs.builder()
                        .enabled(true)
                        .build())
                    .password(ConnectionOptionsAuthenticationMethodPasswordArgs.builder()
                        .enabled(true)
                        .build())
                    .build())
                .passkeyOptions(ConnectionOptionsPasskeyOptionsArgs.builder()
                    .challengeUi("both")
                    .localEnrollmentEnabled(true)
                    .progressiveEnrollmentEnabled(true)
                    .build())
                .build())
            .build());

    }
}
Copy
resources:
  # This is an example of an Auth0 connection.
  myConnection:
    type: auth0:Connection
    name: my_connection
    properties:
      name: Example-Connection
      isDomainConnection: true
      strategy: auth0
      metadata:
        key1: foo
        key2: bar
      options:
        passwordPolicy: excellent
        bruteForceProtection: true
        strategyVersion: 2
        enabledDatabaseCustomization: true
        importMode: false
        requiresUsername: true
        disableSignup: false
        customScripts:
          get_user: |2
                    function getByEmail(email, callback) {
                      return callback(new Error("Whoops!"));
                    }
        configuration:
          foo: bar
          bar: baz
        upstreamParams:
          fn::toJSON:
            screen_name:
              alias: login_hint
        passwordHistories:
          - enable: true
            size: 3
        passwordNoPersonalInfo:
          enable: true
        passwordDictionary:
          enable: true
          dictionaries:
            - password
            - admin
            - '1234'
        passwordComplexityOptions:
          minLength: 12
        validation:
          username:
            min: 10
            max: 40
        mfa:
          active: true
          returnEnrollSettings: true
        authenticationMethods:
          - passkey:
              enabled: true
            password:
              enabled: true
        passkeyOptions:
          challengeUi: both
          localEnrollmentEnabled: true
          progressiveEnrollmentEnabled: true
Copy

Google OAuth2 Connection

Your Auth0 account may be pre-configured with a google-oauth2 connection.

import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";

// This is an example of a Google OAuth2 connection.
const googleOauth2 = new auth0.Connection("google_oauth2", {
    name: "Google-OAuth2-Connection",
    strategy: "google-oauth2",
    options: {
        clientId: "<client-id>",
        clientSecret: "<client-secret>",
        allowedAudiences: [
            "example.com",
            "api.example.com",
        ],
        scopes: [
            "email",
            "profile",
            "gmail",
            "youtube",
        ],
        setUserRootAttributes: "on_each_login",
        nonPersistentAttrs: [
            "ethnicity",
            "gender",
        ],
    },
});
Copy
import pulumi
import pulumi_auth0 as auth0

# This is an example of a Google OAuth2 connection.
google_oauth2 = auth0.Connection("google_oauth2",
    name="Google-OAuth2-Connection",
    strategy="google-oauth2",
    options={
        "client_id": "<client-id>",
        "client_secret": "<client-secret>",
        "allowed_audiences": [
            "example.com",
            "api.example.com",
        ],
        "scopes": [
            "email",
            "profile",
            "gmail",
            "youtube",
        ],
        "set_user_root_attributes": "on_each_login",
        "non_persistent_attrs": [
            "ethnicity",
            "gender",
        ],
    })
Copy
package main

import (
	"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		// This is an example of a Google OAuth2 connection.
		_, err := auth0.NewConnection(ctx, "google_oauth2", &auth0.ConnectionArgs{
			Name:     pulumi.String("Google-OAuth2-Connection"),
			Strategy: pulumi.String("google-oauth2"),
			Options: &auth0.ConnectionOptionsArgs{
				ClientId:     pulumi.String("<client-id>"),
				ClientSecret: pulumi.String("<client-secret>"),
				AllowedAudiences: pulumi.StringArray{
					pulumi.String("example.com"),
					pulumi.String("api.example.com"),
				},
				Scopes: pulumi.StringArray{
					pulumi.String("email"),
					pulumi.String("profile"),
					pulumi.String("gmail"),
					pulumi.String("youtube"),
				},
				SetUserRootAttributes: pulumi.String("on_each_login"),
				NonPersistentAttrs: pulumi.StringArray{
					pulumi.String("ethnicity"),
					pulumi.String("gender"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Auth0 = Pulumi.Auth0;

return await Deployment.RunAsync(() => 
{
    // This is an example of a Google OAuth2 connection.
    var googleOauth2 = new Auth0.Connection("google_oauth2", new()
    {
        Name = "Google-OAuth2-Connection",
        Strategy = "google-oauth2",
        Options = new Auth0.Inputs.ConnectionOptionsArgs
        {
            ClientId = "<client-id>",
            ClientSecret = "<client-secret>",
            AllowedAudiences = new[]
            {
                "example.com",
                "api.example.com",
            },
            Scopes = new[]
            {
                "email",
                "profile",
                "gmail",
                "youtube",
            },
            SetUserRootAttributes = "on_each_login",
            NonPersistentAttrs = new[]
            {
                "ethnicity",
                "gender",
            },
        },
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        // This is an example of a Google OAuth2 connection.
        var googleOauth2 = new Connection("googleOauth2", ConnectionArgs.builder()
            .name("Google-OAuth2-Connection")
            .strategy("google-oauth2")
            .options(ConnectionOptionsArgs.builder()
                .clientId("<client-id>")
                .clientSecret("<client-secret>")
                .allowedAudiences(                
                    "example.com",
                    "api.example.com")
                .scopes(                
                    "email",
                    "profile",
                    "gmail",
                    "youtube")
                .setUserRootAttributes("on_each_login")
                .nonPersistentAttrs(                
                    "ethnicity",
                    "gender")
                .build())
            .build());

    }
}
Copy
resources:
  # This is an example of a Google OAuth2 connection.
  googleOauth2:
    type: auth0:Connection
    name: google_oauth2
    properties:
      name: Google-OAuth2-Connection
      strategy: google-oauth2
      options:
        clientId: <client-id>
        clientSecret: <client-secret>
        allowedAudiences:
          - example.com
          - api.example.com
        scopes:
          - email
          - profile
          - gmail
          - youtube
        setUserRootAttributes: on_each_login
        nonPersistentAttrs:
          - ethnicity
          - gender
Copy

Google Apps

import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";

const googleApps = new auth0.Connection("google_apps", {
    name: "connection-google-apps",
    isDomainConnection: false,
    strategy: "google-apps",
    showAsButton: false,
    options: {
        clientId: "",
        clientSecret: "",
        domain: "example.com",
        tenantDomain: "example.com",
        domainAliases: [
            "example.com",
            "api.example.com",
        ],
        apiEnableUsers: true,
        scopes: [
            "ext_profile",
            "ext_groups",
        ],
        iconUrl: "https://example.com/assets/logo.png",
        upstreamParams: JSON.stringify({
            screen_name: {
                alias: "login_hint",
            },
        }),
        setUserRootAttributes: "on_each_login",
        nonPersistentAttrs: [
            "ethnicity",
            "gender",
        ],
    },
});
Copy
import pulumi
import json
import pulumi_auth0 as auth0

google_apps = auth0.Connection("google_apps",
    name="connection-google-apps",
    is_domain_connection=False,
    strategy="google-apps",
    show_as_button=False,
    options={
        "client_id": "",
        "client_secret": "",
        "domain": "example.com",
        "tenant_domain": "example.com",
        "domain_aliases": [
            "example.com",
            "api.example.com",
        ],
        "api_enable_users": True,
        "scopes": [
            "ext_profile",
            "ext_groups",
        ],
        "icon_url": "https://example.com/assets/logo.png",
        "upstream_params": json.dumps({
            "screen_name": {
                "alias": "login_hint",
            },
        }),
        "set_user_root_attributes": "on_each_login",
        "non_persistent_attrs": [
            "ethnicity",
            "gender",
        ],
    })
Copy
package main

import (
	"encoding/json"

	"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		tmpJSON0, err := json.Marshal(map[string]interface{}{
			"screen_name": map[string]interface{}{
				"alias": "login_hint",
			},
		})
		if err != nil {
			return err
		}
		json0 := string(tmpJSON0)
		_, err = auth0.NewConnection(ctx, "google_apps", &auth0.ConnectionArgs{
			Name:               pulumi.String("connection-google-apps"),
			IsDomainConnection: pulumi.Bool(false),
			Strategy:           pulumi.String("google-apps"),
			ShowAsButton:       pulumi.Bool(false),
			Options: &auth0.ConnectionOptionsArgs{
				ClientId:     pulumi.String(""),
				ClientSecret: pulumi.String(""),
				Domain:       pulumi.String("example.com"),
				TenantDomain: pulumi.String("example.com"),
				DomainAliases: pulumi.StringArray{
					pulumi.String("example.com"),
					pulumi.String("api.example.com"),
				},
				ApiEnableUsers: pulumi.Bool(true),
				Scopes: pulumi.StringArray{
					pulumi.String("ext_profile"),
					pulumi.String("ext_groups"),
				},
				IconUrl:               pulumi.String("https://example.com/assets/logo.png"),
				UpstreamParams:        pulumi.String(json0),
				SetUserRootAttributes: pulumi.String("on_each_login"),
				NonPersistentAttrs: pulumi.StringArray{
					pulumi.String("ethnicity"),
					pulumi.String("gender"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Auth0 = Pulumi.Auth0;

return await Deployment.RunAsync(() => 
{
    var googleApps = new Auth0.Connection("google_apps", new()
    {
        Name = "connection-google-apps",
        IsDomainConnection = false,
        Strategy = "google-apps",
        ShowAsButton = false,
        Options = new Auth0.Inputs.ConnectionOptionsArgs
        {
            ClientId = "",
            ClientSecret = "",
            Domain = "example.com",
            TenantDomain = "example.com",
            DomainAliases = new[]
            {
                "example.com",
                "api.example.com",
            },
            ApiEnableUsers = true,
            Scopes = new[]
            {
                "ext_profile",
                "ext_groups",
            },
            IconUrl = "https://example.com/assets/logo.png",
            UpstreamParams = JsonSerializer.Serialize(new Dictionary<string, object?>
            {
                ["screen_name"] = new Dictionary<string, object?>
                {
                    ["alias"] = "login_hint",
                },
            }),
            SetUserRootAttributes = "on_each_login",
            NonPersistentAttrs = new[]
            {
                "ethnicity",
                "gender",
            },
        },
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var googleApps = new Connection("googleApps", ConnectionArgs.builder()
            .name("connection-google-apps")
            .isDomainConnection(false)
            .strategy("google-apps")
            .showAsButton(false)
            .options(ConnectionOptionsArgs.builder()
                .clientId("")
                .clientSecret("")
                .domain("example.com")
                .tenantDomain("example.com")
                .domainAliases(                
                    "example.com",
                    "api.example.com")
                .apiEnableUsers(true)
                .scopes(                
                    "ext_profile",
                    "ext_groups")
                .iconUrl("https://example.com/assets/logo.png")
                .upstreamParams(serializeJson(
                    jsonObject(
                        jsonProperty("screen_name", jsonObject(
                            jsonProperty("alias", "login_hint")
                        ))
                    )))
                .setUserRootAttributes("on_each_login")
                .nonPersistentAttrs(                
                    "ethnicity",
                    "gender")
                .build())
            .build());

    }
}
Copy
resources:
  googleApps:
    type: auth0:Connection
    name: google_apps
    properties:
      name: connection-google-apps
      isDomainConnection: false
      strategy: google-apps
      showAsButton: false
      options:
        clientId: ""
        clientSecret: ""
        domain: example.com
        tenantDomain: example.com
        domainAliases:
          - example.com
          - api.example.com
        apiEnableUsers: true
        scopes:
          - ext_profile
          - ext_groups
        iconUrl: https://example.com/assets/logo.png
        upstreamParams:
          fn::toJSON:
            screen_name:
              alias: login_hint
        setUserRootAttributes: on_each_login
        nonPersistentAttrs:
          - ethnicity
          - gender
Copy

Facebook Connection

import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";

// This is an example of a Facebook connection.
const facebook = new auth0.Connection("facebook", {
    name: "Facebook-Connection",
    strategy: "facebook",
    options: {
        clientId: "<client-id>",
        clientSecret: "<client-secret>",
        scopes: [
            "public_profile",
            "email",
            "groups_access_member_info",
            "user_birthday",
        ],
        setUserRootAttributes: "on_each_login",
        nonPersistentAttrs: [
            "ethnicity",
            "gender",
        ],
    },
});
Copy
import pulumi
import pulumi_auth0 as auth0

# This is an example of a Facebook connection.
facebook = auth0.Connection("facebook",
    name="Facebook-Connection",
    strategy="facebook",
    options={
        "client_id": "<client-id>",
        "client_secret": "<client-secret>",
        "scopes": [
            "public_profile",
            "email",
            "groups_access_member_info",
            "user_birthday",
        ],
        "set_user_root_attributes": "on_each_login",
        "non_persistent_attrs": [
            "ethnicity",
            "gender",
        ],
    })
Copy
package main

import (
	"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		// This is an example of a Facebook connection.
		_, err := auth0.NewConnection(ctx, "facebook", &auth0.ConnectionArgs{
			Name:     pulumi.String("Facebook-Connection"),
			Strategy: pulumi.String("facebook"),
			Options: &auth0.ConnectionOptionsArgs{
				ClientId:     pulumi.String("<client-id>"),
				ClientSecret: pulumi.String("<client-secret>"),
				Scopes: pulumi.StringArray{
					pulumi.String("public_profile"),
					pulumi.String("email"),
					pulumi.String("groups_access_member_info"),
					pulumi.String("user_birthday"),
				},
				SetUserRootAttributes: pulumi.String("on_each_login"),
				NonPersistentAttrs: pulumi.StringArray{
					pulumi.String("ethnicity"),
					pulumi.String("gender"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Auth0 = Pulumi.Auth0;

return await Deployment.RunAsync(() => 
{
    // This is an example of a Facebook connection.
    var facebook = new Auth0.Connection("facebook", new()
    {
        Name = "Facebook-Connection",
        Strategy = "facebook",
        Options = new Auth0.Inputs.ConnectionOptionsArgs
        {
            ClientId = "<client-id>",
            ClientSecret = "<client-secret>",
            Scopes = new[]
            {
                "public_profile",
                "email",
                "groups_access_member_info",
                "user_birthday",
            },
            SetUserRootAttributes = "on_each_login",
            NonPersistentAttrs = new[]
            {
                "ethnicity",
                "gender",
            },
        },
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        // This is an example of a Facebook connection.
        var facebook = new Connection("facebook", ConnectionArgs.builder()
            .name("Facebook-Connection")
            .strategy("facebook")
            .options(ConnectionOptionsArgs.builder()
                .clientId("<client-id>")
                .clientSecret("<client-secret>")
                .scopes(                
                    "public_profile",
                    "email",
                    "groups_access_member_info",
                    "user_birthday")
                .setUserRootAttributes("on_each_login")
                .nonPersistentAttrs(                
                    "ethnicity",
                    "gender")
                .build())
            .build());

    }
}
Copy
resources:
  # This is an example of a Facebook connection.
  facebook:
    type: auth0:Connection
    properties:
      name: Facebook-Connection
      strategy: facebook
      options:
        clientId: <client-id>
        clientSecret: <client-secret>
        scopes:
          - public_profile
          - email
          - groups_access_member_info
          - user_birthday
        setUserRootAttributes: on_each_login
        nonPersistentAttrs:
          - ethnicity
          - gender
Copy

Apple Connection

import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";

// This is an example of an Apple connection.
const apple = new auth0.Connection("apple", {
    name: "Apple-Connection",
    strategy: "apple",
    options: {
        clientId: "<client-id>",
        clientSecret: `-----BEGIN PRIVATE KEY-----
MIHBAgEAMA0GCSqGSIb3DQEBAQUABIGsMIGpAgEAA
-----END PRIVATE KEY-----`,
        teamId: "<team-id>",
        keyId: "<key-id>",
        scopes: [
            "email",
            "name",
        ],
        setUserRootAttributes: "on_first_login",
        nonPersistentAttrs: [
            "ethnicity",
            "gender",
        ],
    },
});
Copy
import pulumi
import pulumi_auth0 as auth0

# This is an example of an Apple connection.
apple = auth0.Connection("apple",
    name="Apple-Connection",
    strategy="apple",
    options={
        "client_id": "<client-id>",
        "client_secret": """-----BEGIN PRIVATE KEY-----
MIHBAgEAMA0GCSqGSIb3DQEBAQUABIGsMIGpAgEAA
-----END PRIVATE KEY-----""",
        "team_id": "<team-id>",
        "key_id": "<key-id>",
        "scopes": [
            "email",
            "name",
        ],
        "set_user_root_attributes": "on_first_login",
        "non_persistent_attrs": [
            "ethnicity",
            "gender",
        ],
    })
Copy
package main

import (
	"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		// This is an example of an Apple connection.
		_, err := auth0.NewConnection(ctx, "apple", &auth0.ConnectionArgs{
			Name:     pulumi.String("Apple-Connection"),
			Strategy: pulumi.String("apple"),
			Options: &auth0.ConnectionOptionsArgs{
				ClientId:     pulumi.String("<client-id>"),
				ClientSecret: pulumi.String("-----BEGIN PRIVATE KEY-----\nMIHBAgEAMA0GCSqGSIb3DQEBAQUABIGsMIGpAgEAA\n-----END PRIVATE KEY-----"),
				TeamId:       pulumi.String("<team-id>"),
				KeyId:        pulumi.String("<key-id>"),
				Scopes: pulumi.StringArray{
					pulumi.String("email"),
					pulumi.String("name"),
				},
				SetUserRootAttributes: pulumi.String("on_first_login"),
				NonPersistentAttrs: pulumi.StringArray{
					pulumi.String("ethnicity"),
					pulumi.String("gender"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Auth0 = Pulumi.Auth0;

return await Deployment.RunAsync(() => 
{
    // This is an example of an Apple connection.
    var apple = new Auth0.Connection("apple", new()
    {
        Name = "Apple-Connection",
        Strategy = "apple",
        Options = new Auth0.Inputs.ConnectionOptionsArgs
        {
            ClientId = "<client-id>",
            ClientSecret = @"-----BEGIN PRIVATE KEY-----
MIHBAgEAMA0GCSqGSIb3DQEBAQUABIGsMIGpAgEAA
-----END PRIVATE KEY-----",
            TeamId = "<team-id>",
            KeyId = "<key-id>",
            Scopes = new[]
            {
                "email",
                "name",
            },
            SetUserRootAttributes = "on_first_login",
            NonPersistentAttrs = new[]
            {
                "ethnicity",
                "gender",
            },
        },
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        // This is an example of an Apple connection.
        var apple = new Connection("apple", ConnectionArgs.builder()
            .name("Apple-Connection")
            .strategy("apple")
            .options(ConnectionOptionsArgs.builder()
                .clientId("<client-id>")
                .clientSecret("""
-----BEGIN PRIVATE KEY-----
MIHBAgEAMA0GCSqGSIb3DQEBAQUABIGsMIGpAgEAA
-----END PRIVATE KEY-----                """)
                .teamId("<team-id>")
                .keyId("<key-id>")
                .scopes(                
                    "email",
                    "name")
                .setUserRootAttributes("on_first_login")
                .nonPersistentAttrs(                
                    "ethnicity",
                    "gender")
                .build())
            .build());

    }
}
Copy
resources:
  # This is an example of an Apple connection.
  apple:
    type: auth0:Connection
    properties:
      name: Apple-Connection
      strategy: apple
      options:
        clientId: <client-id>
        clientSecret: |-
          -----BEGIN PRIVATE KEY-----
          MIHBAgEAMA0GCSqGSIb3DQEBAQUABIGsMIGpAgEAA
          -----END PRIVATE KEY-----          
        teamId: <team-id>
        keyId: <key-id>
        scopes:
          - email
          - name
        setUserRootAttributes: on_first_login
        nonPersistentAttrs:
          - ethnicity
          - gender
Copy

LinkedIn Connection

import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";

// This is an example of an LinkedIn connection.
const linkedin = new auth0.Connection("linkedin", {
    name: "Linkedin-Connection",
    strategy: "linkedin",
    options: {
        clientId: "<client-id>",
        clientSecret: "<client-secret>",
        strategyVersion: 2,
        scopes: [
            "basic_profile",
            "profile",
            "email",
        ],
        setUserRootAttributes: "on_each_login",
        nonPersistentAttrs: [
            "ethnicity",
            "gender",
        ],
    },
});
Copy
import pulumi
import pulumi_auth0 as auth0

# This is an example of an LinkedIn connection.
linkedin = auth0.Connection("linkedin",
    name="Linkedin-Connection",
    strategy="linkedin",
    options={
        "client_id": "<client-id>",
        "client_secret": "<client-secret>",
        "strategy_version": 2,
        "scopes": [
            "basic_profile",
            "profile",
            "email",
        ],
        "set_user_root_attributes": "on_each_login",
        "non_persistent_attrs": [
            "ethnicity",
            "gender",
        ],
    })
Copy
package main

import (
	"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		// This is an example of an LinkedIn connection.
		_, err := auth0.NewConnection(ctx, "linkedin", &auth0.ConnectionArgs{
			Name:     pulumi.String("Linkedin-Connection"),
			Strategy: pulumi.String("linkedin"),
			Options: &auth0.ConnectionOptionsArgs{
				ClientId:        pulumi.String("<client-id>"),
				ClientSecret:    pulumi.String("<client-secret>"),
				StrategyVersion: pulumi.Int(2),
				Scopes: pulumi.StringArray{
					pulumi.String("basic_profile"),
					pulumi.String("profile"),
					pulumi.String("email"),
				},
				SetUserRootAttributes: pulumi.String("on_each_login"),
				NonPersistentAttrs: pulumi.StringArray{
					pulumi.String("ethnicity"),
					pulumi.String("gender"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Auth0 = Pulumi.Auth0;

return await Deployment.RunAsync(() => 
{
    // This is an example of an LinkedIn connection.
    var linkedin = new Auth0.Connection("linkedin", new()
    {
        Name = "Linkedin-Connection",
        Strategy = "linkedin",
        Options = new Auth0.Inputs.ConnectionOptionsArgs
        {
            ClientId = "<client-id>",
            ClientSecret = "<client-secret>",
            StrategyVersion = 2,
            Scopes = new[]
            {
                "basic_profile",
                "profile",
                "email",
            },
            SetUserRootAttributes = "on_each_login",
            NonPersistentAttrs = new[]
            {
                "ethnicity",
                "gender",
            },
        },
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        // This is an example of an LinkedIn connection.
        var linkedin = new Connection("linkedin", ConnectionArgs.builder()
            .name("Linkedin-Connection")
            .strategy("linkedin")
            .options(ConnectionOptionsArgs.builder()
                .clientId("<client-id>")
                .clientSecret("<client-secret>")
                .strategyVersion(2)
                .scopes(                
                    "basic_profile",
                    "profile",
                    "email")
                .setUserRootAttributes("on_each_login")
                .nonPersistentAttrs(                
                    "ethnicity",
                    "gender")
                .build())
            .build());

    }
}
Copy
resources:
  # This is an example of an LinkedIn connection.
  linkedin:
    type: auth0:Connection
    properties:
      name: Linkedin-Connection
      strategy: linkedin
      options:
        clientId: <client-id>
        clientSecret: <client-secret>
        strategyVersion: 2
        scopes:
          - basic_profile
          - profile
          - email
        setUserRootAttributes: on_each_login
        nonPersistentAttrs:
          - ethnicity
          - gender
Copy

GitHub Connection

import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";

// This is an example of an GitHub connection.
const github = new auth0.Connection("github", {
    name: "GitHub-Connection",
    strategy: "github",
    options: {
        clientId: "<client-id>",
        clientSecret: "<client-secret>",
        scopes: [
            "email",
            "profile",
            "public_repo",
            "repo",
        ],
        setUserRootAttributes: "on_each_login",
        nonPersistentAttrs: [
            "ethnicity",
            "gender",
        ],
    },
});
Copy
import pulumi
import pulumi_auth0 as auth0

# This is an example of an GitHub connection.
github = auth0.Connection("github",
    name="GitHub-Connection",
    strategy="github",
    options={
        "client_id": "<client-id>",
        "client_secret": "<client-secret>",
        "scopes": [
            "email",
            "profile",
            "public_repo",
            "repo",
        ],
        "set_user_root_attributes": "on_each_login",
        "non_persistent_attrs": [
            "ethnicity",
            "gender",
        ],
    })
Copy
package main

import (
	"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		// This is an example of an GitHub connection.
		_, err := auth0.NewConnection(ctx, "github", &auth0.ConnectionArgs{
			Name:     pulumi.String("GitHub-Connection"),
			Strategy: pulumi.String("github"),
			Options: &auth0.ConnectionOptionsArgs{
				ClientId:     pulumi.String("<client-id>"),
				ClientSecret: pulumi.String("<client-secret>"),
				Scopes: pulumi.StringArray{
					pulumi.String("email"),
					pulumi.String("profile"),
					pulumi.String("public_repo"),
					pulumi.String("repo"),
				},
				SetUserRootAttributes: pulumi.String("on_each_login"),
				NonPersistentAttrs: pulumi.StringArray{
					pulumi.String("ethnicity"),
					pulumi.String("gender"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Auth0 = Pulumi.Auth0;

return await Deployment.RunAsync(() => 
{
    // This is an example of an GitHub connection.
    var github = new Auth0.Connection("github", new()
    {
        Name = "GitHub-Connection",
        Strategy = "github",
        Options = new Auth0.Inputs.ConnectionOptionsArgs
        {
            ClientId = "<client-id>",
            ClientSecret = "<client-secret>",
            Scopes = new[]
            {
                "email",
                "profile",
                "public_repo",
                "repo",
            },
            SetUserRootAttributes = "on_each_login",
            NonPersistentAttrs = new[]
            {
                "ethnicity",
                "gender",
            },
        },
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        // This is an example of an GitHub connection.
        var github = new Connection("github", ConnectionArgs.builder()
            .name("GitHub-Connection")
            .strategy("github")
            .options(ConnectionOptionsArgs.builder()
                .clientId("<client-id>")
                .clientSecret("<client-secret>")
                .scopes(                
                    "email",
                    "profile",
                    "public_repo",
                    "repo")
                .setUserRootAttributes("on_each_login")
                .nonPersistentAttrs(                
                    "ethnicity",
                    "gender")
                .build())
            .build());

    }
}
Copy
resources:
  # This is an example of an GitHub connection.
  github:
    type: auth0:Connection
    properties:
      name: GitHub-Connection
      strategy: github
      options:
        clientId: <client-id>
        clientSecret: <client-secret>
        scopes:
          - email
          - profile
          - public_repo
          - repo
        setUserRootAttributes: on_each_login
        nonPersistentAttrs:
          - ethnicity
          - gender
Copy

SalesForce Connection

import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";

// This is an example of an SalesForce connection.
const salesforce = new auth0.Connection("salesforce", {
    name: "Salesforce-Connection",
    strategy: "salesforce",
    options: {
        clientId: "<client-id>",
        clientSecret: "<client-secret>",
        communityBaseUrl: "https://salesforce.example.com",
        scopes: [
            "openid",
            "email",
        ],
        setUserRootAttributes: "on_first_login",
        nonPersistentAttrs: [
            "ethnicity",
            "gender",
        ],
    },
});
Copy
import pulumi
import pulumi_auth0 as auth0

# This is an example of an SalesForce connection.
salesforce = auth0.Connection("salesforce",
    name="Salesforce-Connection",
    strategy="salesforce",
    options={
        "client_id": "<client-id>",
        "client_secret": "<client-secret>",
        "community_base_url": "https://salesforce.example.com",
        "scopes": [
            "openid",
            "email",
        ],
        "set_user_root_attributes": "on_first_login",
        "non_persistent_attrs": [
            "ethnicity",
            "gender",
        ],
    })
Copy
package main

import (
	"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		// This is an example of an SalesForce connection.
		_, err := auth0.NewConnection(ctx, "salesforce", &auth0.ConnectionArgs{
			Name:     pulumi.String("Salesforce-Connection"),
			Strategy: pulumi.String("salesforce"),
			Options: &auth0.ConnectionOptionsArgs{
				ClientId:         pulumi.String("<client-id>"),
				ClientSecret:     pulumi.String("<client-secret>"),
				CommunityBaseUrl: pulumi.String("https://salesforce.example.com"),
				Scopes: pulumi.StringArray{
					pulumi.String("openid"),
					pulumi.String("email"),
				},
				SetUserRootAttributes: pulumi.String("on_first_login"),
				NonPersistentAttrs: pulumi.StringArray{
					pulumi.String("ethnicity"),
					pulumi.String("gender"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Auth0 = Pulumi.Auth0;

return await Deployment.RunAsync(() => 
{
    // This is an example of an SalesForce connection.
    var salesforce = new Auth0.Connection("salesforce", new()
    {
        Name = "Salesforce-Connection",
        Strategy = "salesforce",
        Options = new Auth0.Inputs.ConnectionOptionsArgs
        {
            ClientId = "<client-id>",
            ClientSecret = "<client-secret>",
            CommunityBaseUrl = "https://salesforce.example.com",
            Scopes = new[]
            {
                "openid",
                "email",
            },
            SetUserRootAttributes = "on_first_login",
            NonPersistentAttrs = new[]
            {
                "ethnicity",
                "gender",
            },
        },
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        // This is an example of an SalesForce connection.
        var salesforce = new Connection("salesforce", ConnectionArgs.builder()
            .name("Salesforce-Connection")
            .strategy("salesforce")
            .options(ConnectionOptionsArgs.builder()
                .clientId("<client-id>")
                .clientSecret("<client-secret>")
                .communityBaseUrl("https://salesforce.example.com")
                .scopes(                
                    "openid",
                    "email")
                .setUserRootAttributes("on_first_login")
                .nonPersistentAttrs(                
                    "ethnicity",
                    "gender")
                .build())
            .build());

    }
}
Copy
resources:
  # This is an example of an SalesForce connection.
  salesforce:
    type: auth0:Connection
    properties:
      name: Salesforce-Connection
      strategy: salesforce
      options:
        clientId: <client-id>
        clientSecret: <client-secret>
        communityBaseUrl: https://salesforce.example.com
        scopes:
          - openid
          - email
        setUserRootAttributes: on_first_login
        nonPersistentAttrs:
          - ethnicity
          - gender
Copy

OAuth2 Connection

Also applies to following connection strategies: dropbox, bitbucket, paypal, twitter, amazon, yahoo, box, wordpress, shopify, custom

import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";

// This is an example of an OAuth2 connection.
const oauth2 = new auth0.Connection("oauth2", {
    name: "OAuth2-Connection",
    strategy: "oauth2",
    options: {
        clientId: "<client-id>",
        clientSecret: "<client-secret>",
        strategyVersion: 2,
        scopes: [
            "basic_profile",
            "profile",
            "email",
        ],
        tokenEndpoint: "https://auth.example.com/oauth2/token",
        authorizationEndpoint: "https://auth.example.com/oauth2/authorize",
        pkceEnabled: true,
        iconUrl: "https://auth.example.com/assets/logo.png",
        scripts: {
            fetchUserProfile: `        function fetchUserProfile(accessToken, context, callback) {
          return callback(new Error("Whoops!"));
        }
`,
        },
        setUserRootAttributes: "on_each_login",
        nonPersistentAttrs: [
            "ethnicity",
            "gender",
        ],
    },
});
Copy
import pulumi
import pulumi_auth0 as auth0

# This is an example of an OAuth2 connection.
oauth2 = auth0.Connection("oauth2",
    name="OAuth2-Connection",
    strategy="oauth2",
    options={
        "client_id": "<client-id>",
        "client_secret": "<client-secret>",
        "strategy_version": 2,
        "scopes": [
            "basic_profile",
            "profile",
            "email",
        ],
        "token_endpoint": "https://auth.example.com/oauth2/token",
        "authorization_endpoint": "https://auth.example.com/oauth2/authorize",
        "pkce_enabled": True,
        "icon_url": "https://auth.example.com/assets/logo.png",
        "scripts": {
            "fetchUserProfile": """        function fetchUserProfile(accessToken, context, callback) {
          return callback(new Error("Whoops!"));
        }
""",
        },
        "set_user_root_attributes": "on_each_login",
        "non_persistent_attrs": [
            "ethnicity",
            "gender",
        ],
    })
Copy
package main

import (
	"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		// This is an example of an OAuth2 connection.
		_, err := auth0.NewConnection(ctx, "oauth2", &auth0.ConnectionArgs{
			Name:     pulumi.String("OAuth2-Connection"),
			Strategy: pulumi.String("oauth2"),
			Options: &auth0.ConnectionOptionsArgs{
				ClientId:        pulumi.String("<client-id>"),
				ClientSecret:    pulumi.String("<client-secret>"),
				StrategyVersion: pulumi.Int(2),
				Scopes: pulumi.StringArray{
					pulumi.String("basic_profile"),
					pulumi.String("profile"),
					pulumi.String("email"),
				},
				TokenEndpoint:         pulumi.String("https://auth.example.com/oauth2/token"),
				AuthorizationEndpoint: pulumi.String("https://auth.example.com/oauth2/authorize"),
				PkceEnabled:           pulumi.Bool(true),
				IconUrl:               pulumi.String("https://auth.example.com/assets/logo.png"),
				Scripts: pulumi.StringMap{
					"fetchUserProfile": pulumi.String("        function fetchUserProfile(accessToken, context, callback) {\n          return callback(new Error(\"Whoops!\"));\n        }\n"),
				},
				SetUserRootAttributes: pulumi.String("on_each_login"),
				NonPersistentAttrs: pulumi.StringArray{
					pulumi.String("ethnicity"),
					pulumi.String("gender"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Auth0 = Pulumi.Auth0;

return await Deployment.RunAsync(() => 
{
    // This is an example of an OAuth2 connection.
    var oauth2 = new Auth0.Connection("oauth2", new()
    {
        Name = "OAuth2-Connection",
        Strategy = "oauth2",
        Options = new Auth0.Inputs.ConnectionOptionsArgs
        {
            ClientId = "<client-id>",
            ClientSecret = "<client-secret>",
            StrategyVersion = 2,
            Scopes = new[]
            {
                "basic_profile",
                "profile",
                "email",
            },
            TokenEndpoint = "https://auth.example.com/oauth2/token",
            AuthorizationEndpoint = "https://auth.example.com/oauth2/authorize",
            PkceEnabled = true,
            IconUrl = "https://auth.example.com/assets/logo.png",
            Scripts = 
            {
                { "fetchUserProfile", @"        function fetchUserProfile(accessToken, context, callback) {
          return callback(new Error(""Whoops!""));
        }
" },
            },
            SetUserRootAttributes = "on_each_login",
            NonPersistentAttrs = new[]
            {
                "ethnicity",
                "gender",
            },
        },
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        // This is an example of an OAuth2 connection.
        var oauth2 = new Connection("oauth2", ConnectionArgs.builder()
            .name("OAuth2-Connection")
            .strategy("oauth2")
            .options(ConnectionOptionsArgs.builder()
                .clientId("<client-id>")
                .clientSecret("<client-secret>")
                .strategyVersion(2)
                .scopes(                
                    "basic_profile",
                    "profile",
                    "email")
                .tokenEndpoint("https://auth.example.com/oauth2/token")
                .authorizationEndpoint("https://auth.example.com/oauth2/authorize")
                .pkceEnabled(true)
                .iconUrl("https://auth.example.com/assets/logo.png")
                .scripts(Map.of("fetchUserProfile", """
        function fetchUserProfile(accessToken, context, callback) {
          return callback(new Error("Whoops!"));
        }
                """))
                .setUserRootAttributes("on_each_login")
                .nonPersistentAttrs(                
                    "ethnicity",
                    "gender")
                .build())
            .build());

    }
}
Copy
resources:
  # This is an example of an OAuth2 connection.
  oauth2:
    type: auth0:Connection
    properties:
      name: OAuth2-Connection
      strategy: oauth2
      options:
        clientId: <client-id>
        clientSecret: <client-secret>
        strategyVersion: 2
        scopes:
          - basic_profile
          - profile
          - email
        tokenEndpoint: https://auth.example.com/oauth2/token
        authorizationEndpoint: https://auth.example.com/oauth2/authorize
        pkceEnabled: true
        iconUrl: https://auth.example.com/assets/logo.png
        scripts:
          fetchUserProfile: |2
                    function fetchUserProfile(accessToken, context, callback) {
                      return callback(new Error("Whoops!"));
                    }
        setUserRootAttributes: on_each_login
        nonPersistentAttrs:
          - ethnicity
          - gender
Copy

Active Directory (AD)

import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";

const ad = new auth0.Connection("ad", {
    name: "connection-active-directory",
    displayName: "Active Directory Connection",
    strategy: "ad",
    showAsButton: true,
    options: {
        disableSelfServiceChangePassword: true,
        bruteForceProtection: true,
        tenantDomain: "example.com",
        strategyVersion: 2,
        iconUrl: "https://example.com/assets/logo.png",
        domainAliases: [
            "example.com",
            "api.example.com",
        ],
        ips: [
            "192.168.1.1",
            "192.168.1.2",
        ],
        setUserRootAttributes: "on_each_login",
        nonPersistentAttrs: [
            "ethnicity",
            "gender",
        ],
        upstreamParams: JSON.stringify({
            screen_name: {
                alias: "login_hint",
            },
        }),
        useCertAuth: false,
        useKerberos: false,
        disableCache: false,
    },
});
Copy
import pulumi
import json
import pulumi_auth0 as auth0

ad = auth0.Connection("ad",
    name="connection-active-directory",
    display_name="Active Directory Connection",
    strategy="ad",
    show_as_button=True,
    options={
        "disable_self_service_change_password": True,
        "brute_force_protection": True,
        "tenant_domain": "example.com",
        "strategy_version": 2,
        "icon_url": "https://example.com/assets/logo.png",
        "domain_aliases": [
            "example.com",
            "api.example.com",
        ],
        "ips": [
            "192.168.1.1",
            "192.168.1.2",
        ],
        "set_user_root_attributes": "on_each_login",
        "non_persistent_attrs": [
            "ethnicity",
            "gender",
        ],
        "upstream_params": json.dumps({
            "screen_name": {
                "alias": "login_hint",
            },
        }),
        "use_cert_auth": False,
        "use_kerberos": False,
        "disable_cache": False,
    })
Copy
package main

import (
	"encoding/json"

	"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		tmpJSON0, err := json.Marshal(map[string]interface{}{
			"screen_name": map[string]interface{}{
				"alias": "login_hint",
			},
		})
		if err != nil {
			return err
		}
		json0 := string(tmpJSON0)
		_, err = auth0.NewConnection(ctx, "ad", &auth0.ConnectionArgs{
			Name:         pulumi.String("connection-active-directory"),
			DisplayName:  pulumi.String("Active Directory Connection"),
			Strategy:     pulumi.String("ad"),
			ShowAsButton: pulumi.Bool(true),
			Options: &auth0.ConnectionOptionsArgs{
				DisableSelfServiceChangePassword: pulumi.Bool(true),
				BruteForceProtection:             pulumi.Bool(true),
				TenantDomain:                     pulumi.String("example.com"),
				StrategyVersion:                  pulumi.Int(2),
				IconUrl:                          pulumi.String("https://example.com/assets/logo.png"),
				DomainAliases: pulumi.StringArray{
					pulumi.String("example.com"),
					pulumi.String("api.example.com"),
				},
				Ips: pulumi.StringArray{
					pulumi.String("192.168.1.1"),
					pulumi.String("192.168.1.2"),
				},
				SetUserRootAttributes: pulumi.String("on_each_login"),
				NonPersistentAttrs: pulumi.StringArray{
					pulumi.String("ethnicity"),
					pulumi.String("gender"),
				},
				UpstreamParams: pulumi.String(json0),
				UseCertAuth:    pulumi.Bool(false),
				UseKerberos:    pulumi.Bool(false),
				DisableCache:   pulumi.Bool(false),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Auth0 = Pulumi.Auth0;

return await Deployment.RunAsync(() => 
{
    var ad = new Auth0.Connection("ad", new()
    {
        Name = "connection-active-directory",
        DisplayName = "Active Directory Connection",
        Strategy = "ad",
        ShowAsButton = true,
        Options = new Auth0.Inputs.ConnectionOptionsArgs
        {
            DisableSelfServiceChangePassword = true,
            BruteForceProtection = true,
            TenantDomain = "example.com",
            StrategyVersion = 2,
            IconUrl = "https://example.com/assets/logo.png",
            DomainAliases = new[]
            {
                "example.com",
                "api.example.com",
            },
            Ips = new[]
            {
                "192.168.1.1",
                "192.168.1.2",
            },
            SetUserRootAttributes = "on_each_login",
            NonPersistentAttrs = new[]
            {
                "ethnicity",
                "gender",
            },
            UpstreamParams = JsonSerializer.Serialize(new Dictionary<string, object?>
            {
                ["screen_name"] = new Dictionary<string, object?>
                {
                    ["alias"] = "login_hint",
                },
            }),
            UseCertAuth = false,
            UseKerberos = false,
            DisableCache = false,
        },
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var ad = new Connection("ad", ConnectionArgs.builder()
            .name("connection-active-directory")
            .displayName("Active Directory Connection")
            .strategy("ad")
            .showAsButton(true)
            .options(ConnectionOptionsArgs.builder()
                .disableSelfServiceChangePassword(true)
                .bruteForceProtection(true)
                .tenantDomain("example.com")
                .strategyVersion(2)
                .iconUrl("https://example.com/assets/logo.png")
                .domainAliases(                
                    "example.com",
                    "api.example.com")
                .ips(                
                    "192.168.1.1",
                    "192.168.1.2")
                .setUserRootAttributes("on_each_login")
                .nonPersistentAttrs(                
                    "ethnicity",
                    "gender")
                .upstreamParams(serializeJson(
                    jsonObject(
                        jsonProperty("screen_name", jsonObject(
                            jsonProperty("alias", "login_hint")
                        ))
                    )))
                .useCertAuth(false)
                .useKerberos(false)
                .disableCache(false)
                .build())
            .build());

    }
}
Copy
resources:
  ad:
    type: auth0:Connection
    properties:
      name: connection-active-directory
      displayName: Active Directory Connection
      strategy: ad
      showAsButton: true
      options:
        disableSelfServiceChangePassword: true
        bruteForceProtection: true
        tenantDomain: example.com
        strategyVersion: 2
        iconUrl: https://example.com/assets/logo.png
        domainAliases:
          - example.com
          - api.example.com
        ips:
          - 192.168.1.1
          - 192.168.1.2
        setUserRootAttributes: on_each_login
        nonPersistentAttrs:
          - ethnicity
          - gender
        upstreamParams:
          fn::toJSON:
            screen_name:
              alias: login_hint
        useCertAuth: false
        useKerberos: false
        disableCache: false
Copy

Azure AD Connection

import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";

const azureAd = new auth0.Connection("azure_ad", {
    name: "connection-azure-ad",
    strategy: "waad",
    showAsButton: true,
    options: {
        identityApi: "azure-active-directory-v1.0",
        clientId: "123456",
        clientSecret: "123456",
        strategyVersion: 2,
        userIdAttribute: "oid",
        appId: "app-id-123",
        tenantDomain: "example.onmicrosoft.com",
        domain: "example.onmicrosoft.com",
        domainAliases: [
            "example.com",
            "api.example.com",
        ],
        iconUrl: "https://example.onmicrosoft.com/assets/logo.png",
        useWsfed: false,
        waadProtocol: "openid-connect",
        waadCommonEndpoint: false,
        maxGroupsToRetrieve: "250",
        apiEnableUsers: true,
        scopes: [
            "basic_profile",
            "ext_groups",
            "ext_profile",
        ],
        setUserRootAttributes: "on_each_login",
        shouldTrustEmailVerifiedConnection: "never_set_emails_as_verified",
        upstreamParams: JSON.stringify({
            screen_name: {
                alias: "login_hint",
            },
        }),
        nonPersistentAttrs: [
            "ethnicity",
            "gender",
        ],
    },
});
Copy
import pulumi
import json
import pulumi_auth0 as auth0

azure_ad = auth0.Connection("azure_ad",
    name="connection-azure-ad",
    strategy="waad",
    show_as_button=True,
    options={
        "identity_api": "azure-active-directory-v1.0",
        "client_id": "123456",
        "client_secret": "123456",
        "strategy_version": 2,
        "user_id_attribute": "oid",
        "app_id": "app-id-123",
        "tenant_domain": "example.onmicrosoft.com",
        "domain": "example.onmicrosoft.com",
        "domain_aliases": [
            "example.com",
            "api.example.com",
        ],
        "icon_url": "https://example.onmicrosoft.com/assets/logo.png",
        "use_wsfed": False,
        "waad_protocol": "openid-connect",
        "waad_common_endpoint": False,
        "max_groups_to_retrieve": "250",
        "api_enable_users": True,
        "scopes": [
            "basic_profile",
            "ext_groups",
            "ext_profile",
        ],
        "set_user_root_attributes": "on_each_login",
        "should_trust_email_verified_connection": "never_set_emails_as_verified",
        "upstream_params": json.dumps({
            "screen_name": {
                "alias": "login_hint",
            },
        }),
        "non_persistent_attrs": [
            "ethnicity",
            "gender",
        ],
    })
Copy
package main

import (
	"encoding/json"

	"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		tmpJSON0, err := json.Marshal(map[string]interface{}{
			"screen_name": map[string]interface{}{
				"alias": "login_hint",
			},
		})
		if err != nil {
			return err
		}
		json0 := string(tmpJSON0)
		_, err = auth0.NewConnection(ctx, "azure_ad", &auth0.ConnectionArgs{
			Name:         pulumi.String("connection-azure-ad"),
			Strategy:     pulumi.String("waad"),
			ShowAsButton: pulumi.Bool(true),
			Options: &auth0.ConnectionOptionsArgs{
				IdentityApi:     pulumi.String("azure-active-directory-v1.0"),
				ClientId:        pulumi.String("123456"),
				ClientSecret:    pulumi.String("123456"),
				StrategyVersion: pulumi.Int(2),
				UserIdAttribute: pulumi.String("oid"),
				AppId:           pulumi.String("app-id-123"),
				TenantDomain:    pulumi.String("example.onmicrosoft.com"),
				Domain:          pulumi.String("example.onmicrosoft.com"),
				DomainAliases: pulumi.StringArray{
					pulumi.String("example.com"),
					pulumi.String("api.example.com"),
				},
				IconUrl:             pulumi.String("https://example.onmicrosoft.com/assets/logo.png"),
				UseWsfed:            pulumi.Bool(false),
				WaadProtocol:        pulumi.String("openid-connect"),
				WaadCommonEndpoint:  pulumi.Bool(false),
				MaxGroupsToRetrieve: pulumi.String("250"),
				ApiEnableUsers:      pulumi.Bool(true),
				Scopes: pulumi.StringArray{
					pulumi.String("basic_profile"),
					pulumi.String("ext_groups"),
					pulumi.String("ext_profile"),
				},
				SetUserRootAttributes:              pulumi.String("on_each_login"),
				ShouldTrustEmailVerifiedConnection: pulumi.String("never_set_emails_as_verified"),
				UpstreamParams:                     pulumi.String(json0),
				NonPersistentAttrs: pulumi.StringArray{
					pulumi.String("ethnicity"),
					pulumi.String("gender"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Auth0 = Pulumi.Auth0;

return await Deployment.RunAsync(() => 
{
    var azureAd = new Auth0.Connection("azure_ad", new()
    {
        Name = "connection-azure-ad",
        Strategy = "waad",
        ShowAsButton = true,
        Options = new Auth0.Inputs.ConnectionOptionsArgs
        {
            IdentityApi = "azure-active-directory-v1.0",
            ClientId = "123456",
            ClientSecret = "123456",
            StrategyVersion = 2,
            UserIdAttribute = "oid",
            AppId = "app-id-123",
            TenantDomain = "example.onmicrosoft.com",
            Domain = "example.onmicrosoft.com",
            DomainAliases = new[]
            {
                "example.com",
                "api.example.com",
            },
            IconUrl = "https://example.onmicrosoft.com/assets/logo.png",
            UseWsfed = false,
            WaadProtocol = "openid-connect",
            WaadCommonEndpoint = false,
            MaxGroupsToRetrieve = "250",
            ApiEnableUsers = true,
            Scopes = new[]
            {
                "basic_profile",
                "ext_groups",
                "ext_profile",
            },
            SetUserRootAttributes = "on_each_login",
            ShouldTrustEmailVerifiedConnection = "never_set_emails_as_verified",
            UpstreamParams = JsonSerializer.Serialize(new Dictionary<string, object?>
            {
                ["screen_name"] = new Dictionary<string, object?>
                {
                    ["alias"] = "login_hint",
                },
            }),
            NonPersistentAttrs = new[]
            {
                "ethnicity",
                "gender",
            },
        },
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var azureAd = new Connection("azureAd", ConnectionArgs.builder()
            .name("connection-azure-ad")
            .strategy("waad")
            .showAsButton(true)
            .options(ConnectionOptionsArgs.builder()
                .identityApi("azure-active-directory-v1.0")
                .clientId("123456")
                .clientSecret("123456")
                .strategyVersion(2)
                .userIdAttribute("oid")
                .appId("app-id-123")
                .tenantDomain("example.onmicrosoft.com")
                .domain("example.onmicrosoft.com")
                .domainAliases(                
                    "example.com",
                    "api.example.com")
                .iconUrl("https://example.onmicrosoft.com/assets/logo.png")
                .useWsfed(false)
                .waadProtocol("openid-connect")
                .waadCommonEndpoint(false)
                .maxGroupsToRetrieve("250")
                .apiEnableUsers(true)
                .scopes(                
                    "basic_profile",
                    "ext_groups",
                    "ext_profile")
                .setUserRootAttributes("on_each_login")
                .shouldTrustEmailVerifiedConnection("never_set_emails_as_verified")
                .upstreamParams(serializeJson(
                    jsonObject(
                        jsonProperty("screen_name", jsonObject(
                            jsonProperty("alias", "login_hint")
                        ))
                    )))
                .nonPersistentAttrs(                
                    "ethnicity",
                    "gender")
                .build())
            .build());

    }
}
Copy
resources:
  azureAd:
    type: auth0:Connection
    name: azure_ad
    properties:
      name: connection-azure-ad
      strategy: waad
      showAsButton: true
      options:
        identityApi: azure-active-directory-v1.0
        clientId: '123456'
        clientSecret: '123456'
        strategyVersion: 2
        userIdAttribute: oid
        appId: app-id-123
        tenantDomain: example.onmicrosoft.com
        domain: example.onmicrosoft.com
        domainAliases:
          - example.com
          - api.example.com
        iconUrl: https://example.onmicrosoft.com/assets/logo.png
        useWsfed: false
        waadProtocol: openid-connect
        waadCommonEndpoint: false
        maxGroupsToRetrieve: 250
        apiEnableUsers: true
        scopes:
          - basic_profile
          - ext_groups
          - ext_profile
        setUserRootAttributes: on_each_login
        shouldTrustEmailVerifiedConnection: never_set_emails_as_verified
        upstreamParams:
          fn::toJSON:
            screen_name:
              alias: login_hint
        nonPersistentAttrs:
          - ethnicity
          - gender
Copy

Email Connection

To be able to see this in the management dashboard as well, the name of the connection must be set to “email”.

import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";

// This is an example of an Email connection.
const passwordlessEmail = new auth0.Connection("passwordless_email", {
    strategy: "email",
    name: "email",
    options: {
        name: "email",
        from: "{{ application.name }} <root@auth0.com>",
        subject: "Welcome to {{ application.name }}",
        syntax: "liquid",
        template: "<html>This is the body of the email</html>",
        disableSignup: false,
        bruteForceProtection: true,
        setUserRootAttributes: "on_each_login",
        nonPersistentAttrs: [],
        authParams: {
            scope: "openid email profile offline_access",
            response_type: "code",
        },
        totp: {
            timeStep: 300,
            length: 6,
        },
    },
});
Copy
import pulumi
import pulumi_auth0 as auth0

# This is an example of an Email connection.
passwordless_email = auth0.Connection("passwordless_email",
    strategy="email",
    name="email",
    options={
        "name": "email",
        "from_": "{{ application.name }} <root@auth0.com>",
        "subject": "Welcome to {{ application.name }}",
        "syntax": "liquid",
        "template": "<html>This is the body of the email</html>",
        "disable_signup": False,
        "brute_force_protection": True,
        "set_user_root_attributes": "on_each_login",
        "non_persistent_attrs": [],
        "auth_params": {
            "scope": "openid email profile offline_access",
            "response_type": "code",
        },
        "totp": {
            "time_step": 300,
            "length": 6,
        },
    })
Copy
package main

import (
	"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		// This is an example of an Email connection.
		_, err := auth0.NewConnection(ctx, "passwordless_email", &auth0.ConnectionArgs{
			Strategy: pulumi.String("email"),
			Name:     pulumi.String("email"),
			Options: &auth0.ConnectionOptionsArgs{
				Name:                  pulumi.String("email"),
				From:                  pulumi.String("{{ application.name }} <root@auth0.com>"),
				Subject:               pulumi.String("Welcome to {{ application.name }}"),
				Syntax:                pulumi.String("liquid"),
				Template:              pulumi.String("<html>This is the body of the email</html>"),
				DisableSignup:         pulumi.Bool(false),
				BruteForceProtection:  pulumi.Bool(true),
				SetUserRootAttributes: pulumi.String("on_each_login"),
				NonPersistentAttrs:    pulumi.StringArray{},
				AuthParams: pulumi.StringMap{
					"scope":         pulumi.String("openid email profile offline_access"),
					"response_type": pulumi.String("code"),
				},
				Totp: &auth0.ConnectionOptionsTotpArgs{
					TimeStep: pulumi.Int(300),
					Length:   pulumi.Int(6),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Auth0 = Pulumi.Auth0;

return await Deployment.RunAsync(() => 
{
    // This is an example of an Email connection.
    var passwordlessEmail = new Auth0.Connection("passwordless_email", new()
    {
        Strategy = "email",
        Name = "email",
        Options = new Auth0.Inputs.ConnectionOptionsArgs
        {
            Name = "email",
            From = "{{ application.name }} <root@auth0.com>",
            Subject = "Welcome to {{ application.name }}",
            Syntax = "liquid",
            Template = "<html>This is the body of the email</html>",
            DisableSignup = false,
            BruteForceProtection = true,
            SetUserRootAttributes = "on_each_login",
            NonPersistentAttrs = new() { },
            AuthParams = 
            {
                { "scope", "openid email profile offline_access" },
                { "response_type", "code" },
            },
            Totp = new Auth0.Inputs.ConnectionOptionsTotpArgs
            {
                TimeStep = 300,
                Length = 6,
            },
        },
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsTotpArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        // This is an example of an Email connection.
        var passwordlessEmail = new Connection("passwordlessEmail", ConnectionArgs.builder()
            .strategy("email")
            .name("email")
            .options(ConnectionOptionsArgs.builder()
                .name("email")
                .from("{{ application.name }} <root@auth0.com>")
                .subject("Welcome to {{ application.name }}")
                .syntax("liquid")
                .template("<html>This is the body of the email</html>")
                .disableSignup(false)
                .bruteForceProtection(true)
                .setUserRootAttributes("on_each_login")
                .nonPersistentAttrs()
                .authParams(Map.ofEntries(
                    Map.entry("scope", "openid email profile offline_access"),
                    Map.entry("response_type", "code")
                ))
                .totp(ConnectionOptionsTotpArgs.builder()
                    .timeStep(300)
                    .length(6)
                    .build())
                .build())
            .build());

    }
}
Copy
resources:
  # This is an example of an Email connection.
  passwordlessEmail:
    type: auth0:Connection
    name: passwordless_email
    properties:
      strategy: email
      name: email
      options:
        name: email
        from: '{{ application.name }} <root@auth0.com>'
        subject: Welcome to {{ application.name }}
        syntax: liquid
        template: <html>This is the body of the email</html>
        disableSignup: false
        bruteForceProtection: true
        setUserRootAttributes: on_each_login
        nonPersistentAttrs: []
        authParams:
          scope: openid email profile offline_access
          response_type: code
        totp:
          timeStep: 300
          length: 6
Copy

SAML Connection

import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";

// This is an example of a SAML connection.
const samlp = new auth0.Connection("samlp", {
    name: "SAML-Connection",
    strategy: "samlp",
    options: {
        debug: false,
        signingCert: "<signing-certificate>",
        signInEndpoint: "https://saml.provider/sign_in",
        signOutEndpoint: "https://saml.provider/sign_out",
        globalTokenRevocationJwtIss: "issuer.example.com",
        globalTokenRevocationJwtSub: "user123",
        disableSignOut: true,
        strategyVersion: 2,
        tenantDomain: "example.com",
        domainAliases: [
            "example.com",
            "alias.example.com",
        ],
        protocolBinding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
        requestTemplate: `<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
@@AssertServiceURLAndDestination@@
    ID="@@ID@@"
    IssueInstant="@@IssueInstant@@"
    ProtocolBinding="@@ProtocolBinding@@" Version="2.0">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@@Issuer@@</saml:Issuer>
</samlp:AuthnRequest>`,
        userIdAttribute: "https://saml.provider/imi/ns/identity-200810",
        signatureAlgorithm: "rsa-sha256",
        digestAlgorithm: "sha256",
        iconUrl: "https://saml.provider/assets/logo.png",
        entityId: "<entity_id>",
        metadataXml: `    <?xml version="1.0"?>
    <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://example.com">
      <md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
        <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://saml.provider/sign_out"/>
        <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://saml.provider/sign_in"/>
      </md:IDPSSODescriptor>
    </md:EntityDescriptor>
`,
        metadataUrl: "https://saml.provider/imi/ns/FederationMetadata.xml",
        fieldsMap: JSON.stringify({
            name: [
                "name",
                "nameidentifier",
            ],
            email: [
                "emailaddress",
                "nameidentifier",
            ],
            family_name: "surname",
        }),
        signingKey: {
            key: `-----BEGIN PRIVATE KEY-----
...{your private key here}...
-----END PRIVATE KEY-----`,
            cert: `-----BEGIN CERTIFICATE-----
...{your public key cert here}...
-----END CERTIFICATE-----`,
        },
        decryptionKey: {
            key: `-----BEGIN PRIVATE KEY-----
...{your private key here}...
-----END PRIVATE KEY-----`,
            cert: `-----BEGIN CERTIFICATE-----
...{your public key cert here}...
-----END CERTIFICATE-----`,
        },
        idpInitiated: {
            clientId: "client_id",
            clientProtocol: "samlp",
            clientAuthorizeQuery: "type=code&timeout=30",
        },
    },
});
Copy
import pulumi
import json
import pulumi_auth0 as auth0

# This is an example of a SAML connection.
samlp = auth0.Connection("samlp",
    name="SAML-Connection",
    strategy="samlp",
    options={
        "debug": False,
        "signing_cert": "<signing-certificate>",
        "sign_in_endpoint": "https://saml.provider/sign_in",
        "sign_out_endpoint": "https://saml.provider/sign_out",
        "global_token_revocation_jwt_iss": "issuer.example.com",
        "global_token_revocation_jwt_sub": "user123",
        "disable_sign_out": True,
        "strategy_version": 2,
        "tenant_domain": "example.com",
        "domain_aliases": [
            "example.com",
            "alias.example.com",
        ],
        "protocol_binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
        "request_template": """<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
@@AssertServiceURLAndDestination@@
    ID="@@ID@@"
    IssueInstant="@@IssueInstant@@"
    ProtocolBinding="@@ProtocolBinding@@" Version="2.0">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@@Issuer@@</saml:Issuer>
</samlp:AuthnRequest>""",
        "user_id_attribute": "https://saml.provider/imi/ns/identity-200810",
        "signature_algorithm": "rsa-sha256",
        "digest_algorithm": "sha256",
        "icon_url": "https://saml.provider/assets/logo.png",
        "entity_id": "<entity_id>",
        "metadata_xml": """    <?xml version="1.0"?>
    <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://example.com">
      <md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
        <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://saml.provider/sign_out"/>
        <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://saml.provider/sign_in"/>
      </md:IDPSSODescriptor>
    </md:EntityDescriptor>
""",
        "metadata_url": "https://saml.provider/imi/ns/FederationMetadata.xml",
        "fields_map": json.dumps({
            "name": [
                "name",
                "nameidentifier",
            ],
            "email": [
                "emailaddress",
                "nameidentifier",
            ],
            "family_name": "surname",
        }),
        "signing_key": {
            "key": """-----BEGIN PRIVATE KEY-----
...{your private key here}...
-----END PRIVATE KEY-----""",
            "cert": """-----BEGIN CERTIFICATE-----
...{your public key cert here}...
-----END CERTIFICATE-----""",
        },
        "decryption_key": {
            "key": """-----BEGIN PRIVATE KEY-----
...{your private key here}...
-----END PRIVATE KEY-----""",
            "cert": """-----BEGIN CERTIFICATE-----
...{your public key cert here}...
-----END CERTIFICATE-----""",
        },
        "idp_initiated": {
            "client_id": "client_id",
            "client_protocol": "samlp",
            "client_authorize_query": "type=code&timeout=30",
        },
    })
Copy
package main

import (
	"encoding/json"

	"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		tmpJSON0, err := json.Marshal(map[string]interface{}{
			"name": []string{
				"name",
				"nameidentifier",
			},
			"email": []string{
				"emailaddress",
				"nameidentifier",
			},
			"family_name": "surname",
		})
		if err != nil {
			return err
		}
		json0 := string(tmpJSON0)
		// This is an example of a SAML connection.
		_, err = auth0.NewConnection(ctx, "samlp", &auth0.ConnectionArgs{
			Name:     pulumi.String("SAML-Connection"),
			Strategy: pulumi.String("samlp"),
			Options: &auth0.ConnectionOptionsArgs{
				Debug:                       pulumi.Bool(false),
				SigningCert:                 pulumi.String("<signing-certificate>"),
				SignInEndpoint:              pulumi.String("https://saml.provider/sign_in"),
				SignOutEndpoint:             pulumi.String("https://saml.provider/sign_out"),
				GlobalTokenRevocationJwtIss: pulumi.String("issuer.example.com"),
				GlobalTokenRevocationJwtSub: pulumi.String("user123"),
				DisableSignOut:              pulumi.Bool(true),
				StrategyVersion:             pulumi.Int(2),
				TenantDomain:                pulumi.String("example.com"),
				DomainAliases: pulumi.StringArray{
					pulumi.String("example.com"),
					pulumi.String("alias.example.com"),
				},
				ProtocolBinding: pulumi.String("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"),
				RequestTemplate: pulumi.String(`<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
@@AssertServiceURLAndDestination@@
    ID="@@ID@@"
    IssueInstant="@@IssueInstant@@"
    ProtocolBinding="@@ProtocolBinding@@" Version="2.0">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@@Issuer@@</saml:Issuer>
</samlp:AuthnRequest>`),
				UserIdAttribute:    pulumi.String("https://saml.provider/imi/ns/identity-200810"),
				SignatureAlgorithm: pulumi.String("rsa-sha256"),
				DigestAlgorithm:    pulumi.String("sha256"),
				IconUrl:            pulumi.String("https://saml.provider/assets/logo.png"),
				EntityId:           pulumi.String("<entity_id>"),
				MetadataXml: pulumi.String(`    <?xml version="1.0"?>
    <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://example.com">
      <md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
        <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://saml.provider/sign_out"/>
        <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://saml.provider/sign_in"/>
      </md:IDPSSODescriptor>
    </md:EntityDescriptor>
`),
				MetadataUrl: pulumi.String("https://saml.provider/imi/ns/FederationMetadata.xml"),
				FieldsMap:   pulumi.String(json0),
				SigningKey: &auth0.ConnectionOptionsSigningKeyArgs{
					Key:  pulumi.String("-----BEGIN PRIVATE KEY-----\n...{your private key here}...\n-----END PRIVATE KEY-----"),
					Cert: pulumi.String("-----BEGIN CERTIFICATE-----\n...{your public key cert here}...\n-----END CERTIFICATE-----"),
				},
				DecryptionKey: &auth0.ConnectionOptionsDecryptionKeyArgs{
					Key:  pulumi.String("-----BEGIN PRIVATE KEY-----\n...{your private key here}...\n-----END PRIVATE KEY-----"),
					Cert: pulumi.String("-----BEGIN CERTIFICATE-----\n...{your public key cert here}...\n-----END CERTIFICATE-----"),
				},
				IdpInitiated: &auth0.ConnectionOptionsIdpInitiatedArgs{
					ClientId:             pulumi.String("client_id"),
					ClientProtocol:       pulumi.String("samlp"),
					ClientAuthorizeQuery: pulumi.String("type=code&timeout=30"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Auth0 = Pulumi.Auth0;

return await Deployment.RunAsync(() => 
{
    // This is an example of a SAML connection.
    var samlp = new Auth0.Connection("samlp", new()
    {
        Name = "SAML-Connection",
        Strategy = "samlp",
        Options = new Auth0.Inputs.ConnectionOptionsArgs
        {
            Debug = false,
            SigningCert = "<signing-certificate>",
            SignInEndpoint = "https://saml.provider/sign_in",
            SignOutEndpoint = "https://saml.provider/sign_out",
            GlobalTokenRevocationJwtIss = "issuer.example.com",
            GlobalTokenRevocationJwtSub = "user123",
            DisableSignOut = true,
            StrategyVersion = 2,
            TenantDomain = "example.com",
            DomainAliases = new[]
            {
                "example.com",
                "alias.example.com",
            },
            ProtocolBinding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
            RequestTemplate = @"<samlp:AuthnRequest xmlns:samlp=""urn:oasis:names:tc:SAML:2.0:protocol""
@@AssertServiceURLAndDestination@@
    ID=""@@ID@@""
    IssueInstant=""@@IssueInstant@@""
    ProtocolBinding=""@@ProtocolBinding@@"" Version=""2.0"">
    <saml:Issuer xmlns:saml=""urn:oasis:names:tc:SAML:2.0:assertion"">@@Issuer@@</saml:Issuer>
</samlp:AuthnRequest>",
            UserIdAttribute = "https://saml.provider/imi/ns/identity-200810",
            SignatureAlgorithm = "rsa-sha256",
            DigestAlgorithm = "sha256",
            IconUrl = "https://saml.provider/assets/logo.png",
            EntityId = "<entity_id>",
            MetadataXml = @"    <?xml version=""1.0""?>
    <md:EntityDescriptor xmlns:md=""urn:oasis:names:tc:SAML:2.0:metadata"" xmlns:ds=""http://www.w3.org/2000/09/xmldsig#"" entityID=""https://example.com"">
      <md:IDPSSODescriptor protocolSupportEnumeration=""urn:oasis:names:tc:SAML:2.0:protocol"">
        <md:SingleLogoutService Binding=""urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"" Location=""https://saml.provider/sign_out""/>
        <md:SingleSignOnService Binding=""urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"" Location=""https://saml.provider/sign_in""/>
      </md:IDPSSODescriptor>
    </md:EntityDescriptor>
",
            MetadataUrl = "https://saml.provider/imi/ns/FederationMetadata.xml",
            FieldsMap = JsonSerializer.Serialize(new Dictionary<string, object?>
            {
                ["name"] = new[]
                {
                    "name",
                    "nameidentifier",
                },
                ["email"] = new[]
                {
                    "emailaddress",
                    "nameidentifier",
                },
                ["family_name"] = "surname",
            }),
            SigningKey = new Auth0.Inputs.ConnectionOptionsSigningKeyArgs
            {
                Key = @"-----BEGIN PRIVATE KEY-----
...{your private key here}...
-----END PRIVATE KEY-----",
                Cert = @"-----BEGIN CERTIFICATE-----
...{your public key cert here}...
-----END CERTIFICATE-----",
            },
            DecryptionKey = new Auth0.Inputs.ConnectionOptionsDecryptionKeyArgs
            {
                Key = @"-----BEGIN PRIVATE KEY-----
...{your private key here}...
-----END PRIVATE KEY-----",
                Cert = @"-----BEGIN CERTIFICATE-----
...{your public key cert here}...
-----END CERTIFICATE-----",
            },
            IdpInitiated = new Auth0.Inputs.ConnectionOptionsIdpInitiatedArgs
            {
                ClientId = "client_id",
                ClientProtocol = "samlp",
                ClientAuthorizeQuery = "type=code&timeout=30",
            },
        },
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsSigningKeyArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsDecryptionKeyArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsIdpInitiatedArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        // This is an example of a SAML connection.
        var samlp = new Connection("samlp", ConnectionArgs.builder()
            .name("SAML-Connection")
            .strategy("samlp")
            .options(ConnectionOptionsArgs.builder()
                .debug(false)
                .signingCert("<signing-certificate>")
                .signInEndpoint("https://saml.provider/sign_in")
                .signOutEndpoint("https://saml.provider/sign_out")
                .globalTokenRevocationJwtIss("issuer.example.com")
                .globalTokenRevocationJwtSub("user123")
                .disableSignOut(true)
                .strategyVersion(2)
                .tenantDomain("example.com")
                .domainAliases(                
                    "example.com",
                    "alias.example.com")
                .protocolBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST")
                .requestTemplate("""
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
@@AssertServiceURLAndDestination@@
    ID="@@ID@@"
    IssueInstant="@@IssueInstant@@"
    ProtocolBinding="@@ProtocolBinding@@" Version="2.0">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@@Issuer@@</saml:Issuer>
</samlp:AuthnRequest>                """)
                .userIdAttribute("https://saml.provider/imi/ns/identity-200810")
                .signatureAlgorithm("rsa-sha256")
                .digestAlgorithm("sha256")
                .iconUrl("https://saml.provider/assets/logo.png")
                .entityId("<entity_id>")
                .metadataXml("""
    <?xml version="1.0"?>
    <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://example.com">
      <md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
        <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://saml.provider/sign_out"/>
        <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://saml.provider/sign_in"/>
      </md:IDPSSODescriptor>
    </md:EntityDescriptor>
                """)
                .metadataUrl("https://saml.provider/imi/ns/FederationMetadata.xml")
                .fieldsMap(serializeJson(
                    jsonObject(
                        jsonProperty("name", jsonArray(
                            "name", 
                            "nameidentifier"
                        )),
                        jsonProperty("email", jsonArray(
                            "emailaddress", 
                            "nameidentifier"
                        )),
                        jsonProperty("family_name", "surname")
                    )))
                .signingKey(ConnectionOptionsSigningKeyArgs.builder()
                    .key("""
-----BEGIN PRIVATE KEY-----
...{your private key here}...
-----END PRIVATE KEY-----                    """)
                    .cert("""
-----BEGIN CERTIFICATE-----
...{your public key cert here}...
-----END CERTIFICATE-----                    """)
                    .build())
                .decryptionKey(ConnectionOptionsDecryptionKeyArgs.builder()
                    .key("""
-----BEGIN PRIVATE KEY-----
...{your private key here}...
-----END PRIVATE KEY-----                    """)
                    .cert("""
-----BEGIN CERTIFICATE-----
...{your public key cert here}...
-----END CERTIFICATE-----                    """)
                    .build())
                .idpInitiated(ConnectionOptionsIdpInitiatedArgs.builder()
                    .clientId("client_id")
                    .clientProtocol("samlp")
                    .clientAuthorizeQuery("type=code&timeout=30")
                    .build())
                .build())
            .build());

    }
}
Copy
resources:
  # This is an example of a SAML connection.
  samlp:
    type: auth0:Connection
    properties:
      name: SAML-Connection
      strategy: samlp
      options:
        debug: false
        signingCert: <signing-certificate>
        signInEndpoint: https://saml.provider/sign_in
        signOutEndpoint: https://saml.provider/sign_out
        globalTokenRevocationJwtIss: issuer.example.com
        globalTokenRevocationJwtSub: user123
        disableSignOut: true
        strategyVersion: 2
        tenantDomain: example.com
        domainAliases:
          - example.com
          - alias.example.com
        protocolBinding: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
        requestTemplate: |-
          <samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
          @@AssertServiceURLAndDestination@@
              ID="@@ID@@"
              IssueInstant="@@IssueInstant@@"
              ProtocolBinding="@@ProtocolBinding@@" Version="2.0">
              <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@@Issuer@@</saml:Issuer>
          </samlp:AuthnRequest>          
        userIdAttribute: https://saml.provider/imi/ns/identity-200810
        signatureAlgorithm: rsa-sha256
        digestAlgorithm: sha256
        iconUrl: https://saml.provider/assets/logo.png
        entityId: <entity_id>
        metadataXml: |2
              <?xml version="1.0"?>
              <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://example.com">
                <md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
                  <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://saml.provider/sign_out"/>
                  <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://saml.provider/sign_in"/>
                </md:IDPSSODescriptor>
              </md:EntityDescriptor>
        metadataUrl: https://saml.provider/imi/ns/FederationMetadata.xml
        fieldsMap:
          fn::toJSON:
            name:
              - name
              - nameidentifier
            email:
              - emailaddress
              - nameidentifier
            family_name: surname
        signingKey:
          key: |-
            -----BEGIN PRIVATE KEY-----
            ...{your private key here}...
            -----END PRIVATE KEY-----            
          cert: |-
            -----BEGIN CERTIFICATE-----
            ...{your public key cert here}...
            -----END CERTIFICATE-----            
        decryptionKey:
          key: |-
            -----BEGIN PRIVATE KEY-----
            ...{your private key here}...
            -----END PRIVATE KEY-----            
          cert: |-
            -----BEGIN CERTIFICATE-----
            ...{your public key cert here}...
            -----END CERTIFICATE-----            
        idpInitiated:
          clientId: client_id
          clientProtocol: samlp
          clientAuthorizeQuery: type=code&timeout=30
Copy

WindowsLive Connection

import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";

// This is an example of a WindowsLive connection.
const windowslive = new auth0.Connection("windowslive", {
    name: "Windowslive-Connection",
    strategy: "windowslive",
    options: {
        clientId: "<client-id>",
        clientSecret: "<client-secret>",
        strategyVersion: 2,
        scopes: [
            "signin",
            "graph_user",
        ],
        setUserRootAttributes: "on_first_login",
        nonPersistentAttrs: [
            "ethnicity",
            "gender",
        ],
    },
});
Copy
import pulumi
import pulumi_auth0 as auth0

# This is an example of a WindowsLive connection.
windowslive = auth0.Connection("windowslive",
    name="Windowslive-Connection",
    strategy="windowslive",
    options={
        "client_id": "<client-id>",
        "client_secret": "<client-secret>",
        "strategy_version": 2,
        "scopes": [
            "signin",
            "graph_user",
        ],
        "set_user_root_attributes": "on_first_login",
        "non_persistent_attrs": [
            "ethnicity",
            "gender",
        ],
    })
Copy
package main

import (
	"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		// This is an example of a WindowsLive connection.
		_, err := auth0.NewConnection(ctx, "windowslive", &auth0.ConnectionArgs{
			Name:     pulumi.String("Windowslive-Connection"),
			Strategy: pulumi.String("windowslive"),
			Options: &auth0.ConnectionOptionsArgs{
				ClientId:        pulumi.String("<client-id>"),
				ClientSecret:    pulumi.String("<client-secret>"),
				StrategyVersion: pulumi.Int(2),
				Scopes: pulumi.StringArray{
					pulumi.String("signin"),
					pulumi.String("graph_user"),
				},
				SetUserRootAttributes: pulumi.String("on_first_login"),
				NonPersistentAttrs: pulumi.StringArray{
					pulumi.String("ethnicity"),
					pulumi.String("gender"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Auth0 = Pulumi.Auth0;

return await Deployment.RunAsync(() => 
{
    // This is an example of a WindowsLive connection.
    var windowslive = new Auth0.Connection("windowslive", new()
    {
        Name = "Windowslive-Connection",
        Strategy = "windowslive",
        Options = new Auth0.Inputs.ConnectionOptionsArgs
        {
            ClientId = "<client-id>",
            ClientSecret = "<client-secret>",
            StrategyVersion = 2,
            Scopes = new[]
            {
                "signin",
                "graph_user",
            },
            SetUserRootAttributes = "on_first_login",
            NonPersistentAttrs = new[]
            {
                "ethnicity",
                "gender",
            },
        },
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        // This is an example of a WindowsLive connection.
        var windowslive = new Connection("windowslive", ConnectionArgs.builder()
            .name("Windowslive-Connection")
            .strategy("windowslive")
            .options(ConnectionOptionsArgs.builder()
                .clientId("<client-id>")
                .clientSecret("<client-secret>")
                .strategyVersion(2)
                .scopes(                
                    "signin",
                    "graph_user")
                .setUserRootAttributes("on_first_login")
                .nonPersistentAttrs(                
                    "ethnicity",
                    "gender")
                .build())
            .build());

    }
}
Copy
resources:
  # This is an example of a WindowsLive connection.
  windowslive:
    type: auth0:Connection
    properties:
      name: Windowslive-Connection
      strategy: windowslive
      options:
        clientId: <client-id>
        clientSecret: <client-secret>
        strategyVersion: 2
        scopes:
          - signin
          - graph_user
        setUserRootAttributes: on_first_login
        nonPersistentAttrs:
          - ethnicity
          - gender
Copy

OIDC Connection

import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";

// This is an example of an OIDC connection.
const oidc = new auth0.Connection("oidc", {
    name: "oidc-connection",
    displayName: "OIDC Connection",
    strategy: "oidc",
    showAsButton: false,
    options: {
        clientId: "1234567",
        clientSecret: "1234567",
        domainAliases: ["example.com"],
        tenantDomain: "",
        iconUrl: "https://example.com/assets/logo.png",
        type: "back_channel",
        issuer: "https://www.paypalobjects.com",
        jwksUri: "https://api.paypal.com/v1/oauth2/certs",
        discoveryUrl: "https://www.paypalobjects.com/.well-known/openid-configuration",
        tokenEndpoint: "https://api.paypal.com/v1/oauth2/token",
        userinfoEndpoint: "https://api.paypal.com/v1/oauth2/token/userinfo",
        authorizationEndpoint: "https://www.paypal.com/signin/authorize",
        scopes: [
            "openid",
            "email",
        ],
        setUserRootAttributes: "on_first_login",
        nonPersistentAttrs: [
            "ethnicity",
            "gender",
        ],
        connectionSettings: {
            pkce: "auto",
        },
        attributeMap: {
            mappingMode: "use_map",
            userinfoScope: "openid email profile groups",
            attributes: JSON.stringify({
                name: "${context.tokenset.name}",
                email: "${context.tokenset.email}",
                email_verified: "${context.tokenset.email_verified}",
                nickname: "${context.tokenset.nickname}",
                picture: "${context.tokenset.picture}",
                given_name: "${context.tokenset.given_name}",
                family_name: "${context.tokenset.family_name}",
            }),
        },
    },
});
Copy
import pulumi
import json
import pulumi_auth0 as auth0

# This is an example of an OIDC connection.
oidc = auth0.Connection("oidc",
    name="oidc-connection",
    display_name="OIDC Connection",
    strategy="oidc",
    show_as_button=False,
    options={
        "client_id": "1234567",
        "client_secret": "1234567",
        "domain_aliases": ["example.com"],
        "tenant_domain": "",
        "icon_url": "https://example.com/assets/logo.png",
        "type": "back_channel",
        "issuer": "https://www.paypalobjects.com",
        "jwks_uri": "https://api.paypal.com/v1/oauth2/certs",
        "discovery_url": "https://www.paypalobjects.com/.well-known/openid-configuration",
        "token_endpoint": "https://api.paypal.com/v1/oauth2/token",
        "userinfo_endpoint": "https://api.paypal.com/v1/oauth2/token/userinfo",
        "authorization_endpoint": "https://www.paypal.com/signin/authorize",
        "scopes": [
            "openid",
            "email",
        ],
        "set_user_root_attributes": "on_first_login",
        "non_persistent_attrs": [
            "ethnicity",
            "gender",
        ],
        "connection_settings": {
            "pkce": "auto",
        },
        "attribute_map": {
            "mapping_mode": "use_map",
            "userinfo_scope": "openid email profile groups",
            "attributes": json.dumps({
                "name": "${context.tokenset.name}",
                "email": "${context.tokenset.email}",
                "email_verified": "${context.tokenset.email_verified}",
                "nickname": "${context.tokenset.nickname}",
                "picture": "${context.tokenset.picture}",
                "given_name": "${context.tokenset.given_name}",
                "family_name": "${context.tokenset.family_name}",
            }),
        },
    })
Copy
package main

import (
	"encoding/json"

	"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		tmpJSON0, err := json.Marshal(map[string]interface{}{
			"name":           "${context.tokenset.name}",
			"email":          "${context.tokenset.email}",
			"email_verified": "${context.tokenset.email_verified}",
			"nickname":       "${context.tokenset.nickname}",
			"picture":        "${context.tokenset.picture}",
			"given_name":     "${context.tokenset.given_name}",
			"family_name":    "${context.tokenset.family_name}",
		})
		if err != nil {
			return err
		}
		json0 := string(tmpJSON0)
		// This is an example of an OIDC connection.
		_, err = auth0.NewConnection(ctx, "oidc", &auth0.ConnectionArgs{
			Name:         pulumi.String("oidc-connection"),
			DisplayName:  pulumi.String("OIDC Connection"),
			Strategy:     pulumi.String("oidc"),
			ShowAsButton: pulumi.Bool(false),
			Options: &auth0.ConnectionOptionsArgs{
				ClientId:     pulumi.String("1234567"),
				ClientSecret: pulumi.String("1234567"),
				DomainAliases: pulumi.StringArray{
					pulumi.String("example.com"),
				},
				TenantDomain:          pulumi.String(""),
				IconUrl:               pulumi.String("https://example.com/assets/logo.png"),
				Type:                  pulumi.String("back_channel"),
				Issuer:                pulumi.String("https://www.paypalobjects.com"),
				JwksUri:               pulumi.String("https://api.paypal.com/v1/oauth2/certs"),
				DiscoveryUrl:          pulumi.String("https://www.paypalobjects.com/.well-known/openid-configuration"),
				TokenEndpoint:         pulumi.String("https://api.paypal.com/v1/oauth2/token"),
				UserinfoEndpoint:      pulumi.String("https://api.paypal.com/v1/oauth2/token/userinfo"),
				AuthorizationEndpoint: pulumi.String("https://www.paypal.com/signin/authorize"),
				Scopes: pulumi.StringArray{
					pulumi.String("openid"),
					pulumi.String("email"),
				},
				SetUserRootAttributes: pulumi.String("on_first_login"),
				NonPersistentAttrs: pulumi.StringArray{
					pulumi.String("ethnicity"),
					pulumi.String("gender"),
				},
				ConnectionSettings: &auth0.ConnectionOptionsConnectionSettingsArgs{
					Pkce: pulumi.String("auto"),
				},
				AttributeMap: &auth0.ConnectionOptionsAttributeMapArgs{
					MappingMode:   pulumi.String("use_map"),
					UserinfoScope: pulumi.String("openid email profile groups"),
					Attributes:    pulumi.String(json0),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Auth0 = Pulumi.Auth0;

return await Deployment.RunAsync(() => 
{
    // This is an example of an OIDC connection.
    var oidc = new Auth0.Connection("oidc", new()
    {
        Name = "oidc-connection",
        DisplayName = "OIDC Connection",
        Strategy = "oidc",
        ShowAsButton = false,
        Options = new Auth0.Inputs.ConnectionOptionsArgs
        {
            ClientId = "1234567",
            ClientSecret = "1234567",
            DomainAliases = new[]
            {
                "example.com",
            },
            TenantDomain = "",
            IconUrl = "https://example.com/assets/logo.png",
            Type = "back_channel",
            Issuer = "https://www.paypalobjects.com",
            JwksUri = "https://api.paypal.com/v1/oauth2/certs",
            DiscoveryUrl = "https://www.paypalobjects.com/.well-known/openid-configuration",
            TokenEndpoint = "https://api.paypal.com/v1/oauth2/token",
            UserinfoEndpoint = "https://api.paypal.com/v1/oauth2/token/userinfo",
            AuthorizationEndpoint = "https://www.paypal.com/signin/authorize",
            Scopes = new[]
            {
                "openid",
                "email",
            },
            SetUserRootAttributes = "on_first_login",
            NonPersistentAttrs = new[]
            {
                "ethnicity",
                "gender",
            },
            ConnectionSettings = new Auth0.Inputs.ConnectionOptionsConnectionSettingsArgs
            {
                Pkce = "auto",
            },
            AttributeMap = new Auth0.Inputs.ConnectionOptionsAttributeMapArgs
            {
                MappingMode = "use_map",
                UserinfoScope = "openid email profile groups",
                Attributes = JsonSerializer.Serialize(new Dictionary<string, object?>
                {
                    ["name"] = "${context.tokenset.name}",
                    ["email"] = "${context.tokenset.email}",
                    ["email_verified"] = "${context.tokenset.email_verified}",
                    ["nickname"] = "${context.tokenset.nickname}",
                    ["picture"] = "${context.tokenset.picture}",
                    ["given_name"] = "${context.tokenset.given_name}",
                    ["family_name"] = "${context.tokenset.family_name}",
                }),
            },
        },
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsConnectionSettingsArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsAttributeMapArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        // This is an example of an OIDC connection.
        var oidc = new Connection("oidc", ConnectionArgs.builder()
            .name("oidc-connection")
            .displayName("OIDC Connection")
            .strategy("oidc")
            .showAsButton(false)
            .options(ConnectionOptionsArgs.builder()
                .clientId("1234567")
                .clientSecret("1234567")
                .domainAliases("example.com")
                .tenantDomain("")
                .iconUrl("https://example.com/assets/logo.png")
                .type("back_channel")
                .issuer("https://www.paypalobjects.com")
                .jwksUri("https://api.paypal.com/v1/oauth2/certs")
                .discoveryUrl("https://www.paypalobjects.com/.well-known/openid-configuration")
                .tokenEndpoint("https://api.paypal.com/v1/oauth2/token")
                .userinfoEndpoint("https://api.paypal.com/v1/oauth2/token/userinfo")
                .authorizationEndpoint("https://www.paypal.com/signin/authorize")
                .scopes(                
                    "openid",
                    "email")
                .setUserRootAttributes("on_first_login")
                .nonPersistentAttrs(                
                    "ethnicity",
                    "gender")
                .connectionSettings(ConnectionOptionsConnectionSettingsArgs.builder()
                    .pkce("auto")
                    .build())
                .attributeMap(ConnectionOptionsAttributeMapArgs.builder()
                    .mappingMode("use_map")
                    .userinfoScope("openid email profile groups")
                    .attributes(serializeJson(
                        jsonObject(
                            jsonProperty("name", "${context.tokenset.name}"),
                            jsonProperty("email", "${context.tokenset.email}"),
                            jsonProperty("email_verified", "${context.tokenset.email_verified}"),
                            jsonProperty("nickname", "${context.tokenset.nickname}"),
                            jsonProperty("picture", "${context.tokenset.picture}"),
                            jsonProperty("given_name", "${context.tokenset.given_name}"),
                            jsonProperty("family_name", "${context.tokenset.family_name}")
                        )))
                    .build())
                .build())
            .build());

    }
}
Copy
resources:
  # This is an example of an OIDC connection.
  oidc:
    type: auth0:Connection
    properties:
      name: oidc-connection
      displayName: OIDC Connection
      strategy: oidc
      showAsButton: false
      options:
        clientId: '1234567'
        clientSecret: '1234567'
        domainAliases:
          - example.com
        tenantDomain: ""
        iconUrl: https://example.com/assets/logo.png
        type: back_channel
        issuer: https://www.paypalobjects.com
        jwksUri: https://api.paypal.com/v1/oauth2/certs
        discoveryUrl: https://www.paypalobjects.com/.well-known/openid-configuration
        tokenEndpoint: https://api.paypal.com/v1/oauth2/token
        userinfoEndpoint: https://api.paypal.com/v1/oauth2/token/userinfo
        authorizationEndpoint: https://www.paypal.com/signin/authorize
        scopes:
          - openid
          - email
        setUserRootAttributes: on_first_login
        nonPersistentAttrs:
          - ethnicity
          - gender
        connectionSettings:
          pkce: auto
        attributeMap:
          mappingMode: use_map
          userinfoScope: openid email profile groups
          attributes:
            fn::toJSON:
              name: $${context.tokenset.name}
              email: $${context.tokenset.email}
              email_verified: $${context.tokenset.email_verified}
              nickname: $${context.tokenset.nickname}
              picture: $${context.tokenset.picture}
              given_name: $${context.tokenset.given_name}
              family_name: $${context.tokenset.family_name}
Copy

Okta Connection

import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";

// This is an example of an Okta Workforce connection.
const okta = new auth0.Connection("okta", {
    name: "okta-connection",
    displayName: "Okta Workforce Connection",
    strategy: "okta",
    showAsButton: false,
    options: {
        clientId: "1234567",
        clientSecret: "1234567",
        domain: "example.okta.com",
        domainAliases: ["example.com"],
        issuer: "https://example.okta.com",
        jwksUri: "https://example.okta.com/oauth2/v1/keys",
        tokenEndpoint: "https://example.okta.com/oauth2/v1/token",
        userinfoEndpoint: "https://example.okta.com/oauth2/v1/userinfo",
        authorizationEndpoint: "https://example.okta.com/oauth2/v1/authorize",
        scopes: [
            "openid",
            "email",
        ],
        setUserRootAttributes: "on_first_login",
        nonPersistentAttrs: [
            "ethnicity",
            "gender",
        ],
        upstreamParams: JSON.stringify({
            screen_name: {
                alias: "login_hint",
            },
        }),
        connectionSettings: {
            pkce: "auto",
        },
        attributeMap: {
            mappingMode: "basic_profile",
            userinfoScope: "openid email profile groups",
            attributes: JSON.stringify({
                name: "${context.tokenset.name}",
                email: "${context.tokenset.email}",
                email_verified: "${context.tokenset.email_verified}",
                nickname: "${context.tokenset.nickname}",
                picture: "${context.tokenset.picture}",
                given_name: "${context.tokenset.given_name}",
                family_name: "${context.tokenset.family_name}",
            }),
        },
    },
});
Copy
import pulumi
import json
import pulumi_auth0 as auth0

# This is an example of an Okta Workforce connection.
okta = auth0.Connection("okta",
    name="okta-connection",
    display_name="Okta Workforce Connection",
    strategy="okta",
    show_as_button=False,
    options={
        "client_id": "1234567",
        "client_secret": "1234567",
        "domain": "example.okta.com",
        "domain_aliases": ["example.com"],
        "issuer": "https://example.okta.com",
        "jwks_uri": "https://example.okta.com/oauth2/v1/keys",
        "token_endpoint": "https://example.okta.com/oauth2/v1/token",
        "userinfo_endpoint": "https://example.okta.com/oauth2/v1/userinfo",
        "authorization_endpoint": "https://example.okta.com/oauth2/v1/authorize",
        "scopes": [
            "openid",
            "email",
        ],
        "set_user_root_attributes": "on_first_login",
        "non_persistent_attrs": [
            "ethnicity",
            "gender",
        ],
        "upstream_params": json.dumps({
            "screen_name": {
                "alias": "login_hint",
            },
        }),
        "connection_settings": {
            "pkce": "auto",
        },
        "attribute_map": {
            "mapping_mode": "basic_profile",
            "userinfo_scope": "openid email profile groups",
            "attributes": json.dumps({
                "name": "${context.tokenset.name}",
                "email": "${context.tokenset.email}",
                "email_verified": "${context.tokenset.email_verified}",
                "nickname": "${context.tokenset.nickname}",
                "picture": "${context.tokenset.picture}",
                "given_name": "${context.tokenset.given_name}",
                "family_name": "${context.tokenset.family_name}",
            }),
        },
    })
Copy
package main

import (
	"encoding/json"

	"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		tmpJSON0, err := json.Marshal(map[string]interface{}{
			"screen_name": map[string]interface{}{
				"alias": "login_hint",
			},
		})
		if err != nil {
			return err
		}
		json0 := string(tmpJSON0)
		tmpJSON1, err := json.Marshal(map[string]interface{}{
			"name":           "${context.tokenset.name}",
			"email":          "${context.tokenset.email}",
			"email_verified": "${context.tokenset.email_verified}",
			"nickname":       "${context.tokenset.nickname}",
			"picture":        "${context.tokenset.picture}",
			"given_name":     "${context.tokenset.given_name}",
			"family_name":    "${context.tokenset.family_name}",
		})
		if err != nil {
			return err
		}
		json1 := string(tmpJSON1)
		// This is an example of an Okta Workforce connection.
		_, err = auth0.NewConnection(ctx, "okta", &auth0.ConnectionArgs{
			Name:         pulumi.String("okta-connection"),
			DisplayName:  pulumi.String("Okta Workforce Connection"),
			Strategy:     pulumi.String("okta"),
			ShowAsButton: pulumi.Bool(false),
			Options: &auth0.ConnectionOptionsArgs{
				ClientId:     pulumi.String("1234567"),
				ClientSecret: pulumi.String("1234567"),
				Domain:       pulumi.String("example.okta.com"),
				DomainAliases: pulumi.StringArray{
					pulumi.String("example.com"),
				},
				Issuer:                pulumi.String("https://example.okta.com"),
				JwksUri:               pulumi.String("https://example.okta.com/oauth2/v1/keys"),
				TokenEndpoint:         pulumi.String("https://example.okta.com/oauth2/v1/token"),
				UserinfoEndpoint:      pulumi.String("https://example.okta.com/oauth2/v1/userinfo"),
				AuthorizationEndpoint: pulumi.String("https://example.okta.com/oauth2/v1/authorize"),
				Scopes: pulumi.StringArray{
					pulumi.String("openid"),
					pulumi.String("email"),
				},
				SetUserRootAttributes: pulumi.String("on_first_login"),
				NonPersistentAttrs: pulumi.StringArray{
					pulumi.String("ethnicity"),
					pulumi.String("gender"),
				},
				UpstreamParams: pulumi.String(json0),
				ConnectionSettings: &auth0.ConnectionOptionsConnectionSettingsArgs{
					Pkce: pulumi.String("auto"),
				},
				AttributeMap: &auth0.ConnectionOptionsAttributeMapArgs{
					MappingMode:   pulumi.String("basic_profile"),
					UserinfoScope: pulumi.String("openid email profile groups"),
					Attributes:    pulumi.String(json1),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Auth0 = Pulumi.Auth0;

return await Deployment.RunAsync(() => 
{
    // This is an example of an Okta Workforce connection.
    var okta = new Auth0.Connection("okta", new()
    {
        Name = "okta-connection",
        DisplayName = "Okta Workforce Connection",
        Strategy = "okta",
        ShowAsButton = false,
        Options = new Auth0.Inputs.ConnectionOptionsArgs
        {
            ClientId = "1234567",
            ClientSecret = "1234567",
            Domain = "example.okta.com",
            DomainAliases = new[]
            {
                "example.com",
            },
            Issuer = "https://example.okta.com",
            JwksUri = "https://example.okta.com/oauth2/v1/keys",
            TokenEndpoint = "https://example.okta.com/oauth2/v1/token",
            UserinfoEndpoint = "https://example.okta.com/oauth2/v1/userinfo",
            AuthorizationEndpoint = "https://example.okta.com/oauth2/v1/authorize",
            Scopes = new[]
            {
                "openid",
                "email",
            },
            SetUserRootAttributes = "on_first_login",
            NonPersistentAttrs = new[]
            {
                "ethnicity",
                "gender",
            },
            UpstreamParams = JsonSerializer.Serialize(new Dictionary<string, object?>
            {
                ["screen_name"] = new Dictionary<string, object?>
                {
                    ["alias"] = "login_hint",
                },
            }),
            ConnectionSettings = new Auth0.Inputs.ConnectionOptionsConnectionSettingsArgs
            {
                Pkce = "auto",
            },
            AttributeMap = new Auth0.Inputs.ConnectionOptionsAttributeMapArgs
            {
                MappingMode = "basic_profile",
                UserinfoScope = "openid email profile groups",
                Attributes = JsonSerializer.Serialize(new Dictionary<string, object?>
                {
                    ["name"] = "${context.tokenset.name}",
                    ["email"] = "${context.tokenset.email}",
                    ["email_verified"] = "${context.tokenset.email_verified}",
                    ["nickname"] = "${context.tokenset.nickname}",
                    ["picture"] = "${context.tokenset.picture}",
                    ["given_name"] = "${context.tokenset.given_name}",
                    ["family_name"] = "${context.tokenset.family_name}",
                }),
            },
        },
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsConnectionSettingsArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsAttributeMapArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        // This is an example of an Okta Workforce connection.
        var okta = new Connection("okta", ConnectionArgs.builder()
            .name("okta-connection")
            .displayName("Okta Workforce Connection")
            .strategy("okta")
            .showAsButton(false)
            .options(ConnectionOptionsArgs.builder()
                .clientId("1234567")
                .clientSecret("1234567")
                .domain("example.okta.com")
                .domainAliases("example.com")
                .issuer("https://example.okta.com")
                .jwksUri("https://example.okta.com/oauth2/v1/keys")
                .tokenEndpoint("https://example.okta.com/oauth2/v1/token")
                .userinfoEndpoint("https://example.okta.com/oauth2/v1/userinfo")
                .authorizationEndpoint("https://example.okta.com/oauth2/v1/authorize")
                .scopes(                
                    "openid",
                    "email")
                .setUserRootAttributes("on_first_login")
                .nonPersistentAttrs(                
                    "ethnicity",
                    "gender")
                .upstreamParams(serializeJson(
                    jsonObject(
                        jsonProperty("screen_name", jsonObject(
                            jsonProperty("alias", "login_hint")
                        ))
                    )))
                .connectionSettings(ConnectionOptionsConnectionSettingsArgs.builder()
                    .pkce("auto")
                    .build())
                .attributeMap(ConnectionOptionsAttributeMapArgs.builder()
                    .mappingMode("basic_profile")
                    .userinfoScope("openid email profile groups")
                    .attributes(serializeJson(
                        jsonObject(
                            jsonProperty("name", "${context.tokenset.name}"),
                            jsonProperty("email", "${context.tokenset.email}"),
                            jsonProperty("email_verified", "${context.tokenset.email_verified}"),
                            jsonProperty("nickname", "${context.tokenset.nickname}"),
                            jsonProperty("picture", "${context.tokenset.picture}"),
                            jsonProperty("given_name", "${context.tokenset.given_name}"),
                            jsonProperty("family_name", "${context.tokenset.family_name}")
                        )))
                    .build())
                .build())
            .build());

    }
}
Copy
resources:
  # This is an example of an Okta Workforce connection.
  okta:
    type: auth0:Connection
    properties:
      name: okta-connection
      displayName: Okta Workforce Connection
      strategy: okta
      showAsButton: false
      options:
        clientId: '1234567'
        clientSecret: '1234567'
        domain: example.okta.com
        domainAliases:
          - example.com
        issuer: https://example.okta.com
        jwksUri: https://example.okta.com/oauth2/v1/keys
        tokenEndpoint: https://example.okta.com/oauth2/v1/token
        userinfoEndpoint: https://example.okta.com/oauth2/v1/userinfo
        authorizationEndpoint: https://example.okta.com/oauth2/v1/authorize
        scopes:
          - openid
          - email
        setUserRootAttributes: on_first_login
        nonPersistentAttrs:
          - ethnicity
          - gender
        upstreamParams:
          fn::toJSON:
            screen_name:
              alias: login_hint
        connectionSettings:
          pkce: auto
        attributeMap:
          mappingMode: basic_profile
          userinfoScope: openid email profile groups
          attributes:
            fn::toJSON:
              name: $${context.tokenset.name}
              email: $${context.tokenset.email}
              email_verified: $${context.tokenset.email_verified}
              nickname: $${context.tokenset.nickname}
              picture: $${context.tokenset.picture}
              given_name: $${context.tokenset.given_name}
              family_name: $${context.tokenset.family_name}
Copy

Create Connection Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new Connection(name: string, args: ConnectionArgs, opts?: CustomResourceOptions);
@overload
def Connection(resource_name: str,
               args: ConnectionArgs,
               opts: Optional[ResourceOptions] = None)

@overload
def Connection(resource_name: str,
               opts: Optional[ResourceOptions] = None,
               strategy: Optional[str] = None,
               display_name: Optional[str] = None,
               is_domain_connection: Optional[bool] = None,
               metadata: Optional[Mapping[str, str]] = None,
               name: Optional[str] = None,
               options: Optional[ConnectionOptionsArgs] = None,
               realms: Optional[Sequence[str]] = None,
               show_as_button: Optional[bool] = None)
func NewConnection(ctx *Context, name string, args ConnectionArgs, opts ...ResourceOption) (*Connection, error)
public Connection(string name, ConnectionArgs args, CustomResourceOptions? opts = null)
public Connection(String name, ConnectionArgs args)
public Connection(String name, ConnectionArgs args, CustomResourceOptions options)
type: auth0:Connection
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name This property is required. string
The unique name of the resource.
args This property is required. ConnectionArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name This property is required. str
The unique name of the resource.
args This property is required. ConnectionArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name This property is required. string
The unique name of the resource.
args This property is required. ConnectionArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name This property is required. string
The unique name of the resource.
args This property is required. ConnectionArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name This property is required. String
The unique name of the resource.
args This property is required. ConnectionArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var connectionResource = new Auth0.Connection("connectionResource", new()
{
    Strategy = "string",
    DisplayName = "string",
    IsDomainConnection = false,
    Metadata = 
    {
        { "string", "string" },
    },
    Name = "string",
    Options = new Auth0.Inputs.ConnectionOptionsArgs
    {
        AdfsServer = "string",
        AllowedAudiences = new[]
        {
            "string",
        },
        ApiEnableUsers = false,
        AppId = "string",
        AttributeMap = new Auth0.Inputs.ConnectionOptionsAttributeMapArgs
        {
            MappingMode = "string",
            Attributes = "string",
            UserinfoScope = "string",
        },
        Attributes = new[]
        {
            new Auth0.Inputs.ConnectionOptionsAttributeArgs
            {
                Emails = new[]
                {
                    new Auth0.Inputs.ConnectionOptionsAttributeEmailArgs
                    {
                        Identifiers = new[]
                        {
                            new Auth0.Inputs.ConnectionOptionsAttributeEmailIdentifierArgs
                            {
                                Active = false,
                            },
                        },
                        ProfileRequired = false,
                        Signups = new[]
                        {
                            new Auth0.Inputs.ConnectionOptionsAttributeEmailSignupArgs
                            {
                                Status = "string",
                                Verifications = new[]
                                {
                                    new Auth0.Inputs.ConnectionOptionsAttributeEmailSignupVerificationArgs
                                    {
                                        Active = false,
                                    },
                                },
                            },
                        },
                        VerificationMethod = "string",
                    },
                },
                PhoneNumbers = new[]
                {
                    new Auth0.Inputs.ConnectionOptionsAttributePhoneNumberArgs
                    {
                        Identifiers = new[]
                        {
                            new Auth0.Inputs.ConnectionOptionsAttributePhoneNumberIdentifierArgs
                            {
                                Active = false,
                            },
                        },
                        ProfileRequired = false,
                        Signups = new[]
                        {
                            new Auth0.Inputs.ConnectionOptionsAttributePhoneNumberSignupArgs
                            {
                                Status = "string",
                                Verifications = new[]
                                {
                                    new Auth0.Inputs.ConnectionOptionsAttributePhoneNumberSignupVerificationArgs
                                    {
                                        Active = false,
                                    },
                                },
                            },
                        },
                    },
                },
                Usernames = new[]
                {
                    new Auth0.Inputs.ConnectionOptionsAttributeUsernameArgs
                    {
                        Identifiers = new[]
                        {
                            new Auth0.Inputs.ConnectionOptionsAttributeUsernameIdentifierArgs
                            {
                                Active = false,
                            },
                        },
                        ProfileRequired = false,
                        Signups = new[]
                        {
                            new Auth0.Inputs.ConnectionOptionsAttributeUsernameSignupArgs
                            {
                                Status = "string",
                            },
                        },
                        Validations = new[]
                        {
                            new Auth0.Inputs.ConnectionOptionsAttributeUsernameValidationArgs
                            {
                                AllowedTypes = new[]
                                {
                                    new Auth0.Inputs.ConnectionOptionsAttributeUsernameValidationAllowedTypeArgs
                                    {
                                        Email = false,
                                        PhoneNumber = false,
                                    },
                                },
                                MaxLength = 0,
                                MinLength = 0,
                            },
                        },
                    },
                },
            },
        },
        AuthParams = 
        {
            { "string", "string" },
        },
        AuthenticationMethods = new[]
        {
            new Auth0.Inputs.ConnectionOptionsAuthenticationMethodArgs
            {
                Passkey = new Auth0.Inputs.ConnectionOptionsAuthenticationMethodPasskeyArgs
                {
                    Enabled = false,
                },
                Password = new Auth0.Inputs.ConnectionOptionsAuthenticationMethodPasswordArgs
                {
                    Enabled = false,
                },
            },
        },
        AuthorizationEndpoint = "string",
        BruteForceProtection = false,
        ClientId = "string",
        ClientSecret = "string",
        CommunityBaseUrl = "string",
        Configuration = 
        {
            { "string", "string" },
        },
        ConnectionSettings = new Auth0.Inputs.ConnectionOptionsConnectionSettingsArgs
        {
            Pkce = "string",
        },
        CustomHeaders = new[]
        {
            
            {
                { "string", "string" },
            },
        },
        CustomScripts = 
        {
            { "string", "string" },
        },
        Debug = false,
        DecryptionKey = new Auth0.Inputs.ConnectionOptionsDecryptionKeyArgs
        {
            Cert = "string",
            Key = "string",
        },
        DigestAlgorithm = "string",
        DisableCache = false,
        DisableSelfServiceChangePassword = false,
        DisableSignOut = false,
        DisableSignup = false,
        DiscoveryUrl = "string",
        Domain = "string",
        DomainAliases = new[]
        {
            "string",
        },
        EnableScriptContext = false,
        EnabledDatabaseCustomization = false,
        EntityId = "string",
        FedMetadataXml = "string",
        FieldsMap = "string",
        ForwardRequestInfo = false,
        From = "string",
        GatewayAuthentication = new Auth0.Inputs.ConnectionOptionsGatewayAuthenticationArgs
        {
            Audience = "string",
            Method = "string",
            Secret = "string",
            SecretBase64Encoded = false,
            Subject = "string",
        },
        GatewayUrl = "string",
        GlobalTokenRevocationJwtIss = "string",
        GlobalTokenRevocationJwtSub = "string",
        IconUrl = "string",
        IdentityApi = "string",
        IdpInitiated = new Auth0.Inputs.ConnectionOptionsIdpInitiatedArgs
        {
            ClientAuthorizeQuery = "string",
            ClientId = "string",
            ClientProtocol = "string",
            Enabled = false,
        },
        ImportMode = false,
        Ips = new[]
        {
            "string",
        },
        Issuer = "string",
        JwksUri = "string",
        KeyId = "string",
        MapUserIdToId = false,
        MaxGroupsToRetrieve = "string",
        MessagingServiceSid = "string",
        MetadataUrl = "string",
        MetadataXml = "string",
        Mfa = new Auth0.Inputs.ConnectionOptionsMfaArgs
        {
            Active = false,
            ReturnEnrollSettings = false,
        },
        Name = "string",
        NonPersistentAttrs = new[]
        {
            "string",
        },
        PasskeyOptions = new Auth0.Inputs.ConnectionOptionsPasskeyOptionsArgs
        {
            ChallengeUi = "string",
            LocalEnrollmentEnabled = false,
            ProgressiveEnrollmentEnabled = false,
        },
        PasswordComplexityOptions = new Auth0.Inputs.ConnectionOptionsPasswordComplexityOptionsArgs
        {
            MinLength = 0,
        },
        PasswordDictionary = new Auth0.Inputs.ConnectionOptionsPasswordDictionaryArgs
        {
            Dictionaries = new[]
            {
                "string",
            },
            Enable = false,
        },
        PasswordHistories = new[]
        {
            new Auth0.Inputs.ConnectionOptionsPasswordHistoryArgs
            {
                Enable = false,
                Size = 0,
            },
        },
        PasswordNoPersonalInfo = new Auth0.Inputs.ConnectionOptionsPasswordNoPersonalInfoArgs
        {
            Enable = false,
        },
        PasswordPolicy = "string",
        PingFederateBaseUrl = "string",
        PkceEnabled = false,
        Precedences = new[]
        {
            "string",
        },
        ProtocolBinding = "string",
        Provider = "string",
        RequestTemplate = "string",
        RequiresUsername = false,
        Scopes = new[]
        {
            "string",
        },
        Scripts = 
        {
            { "string", "string" },
        },
        SetUserRootAttributes = "string",
        ShouldTrustEmailVerifiedConnection = "string",
        SignInEndpoint = "string",
        SignOutEndpoint = "string",
        SignSamlRequest = false,
        SignatureAlgorithm = "string",
        SigningCert = "string",
        SigningKey = new Auth0.Inputs.ConnectionOptionsSigningKeyArgs
        {
            Cert = "string",
            Key = "string",
        },
        StrategyVersion = 0,
        Subject = "string",
        Syntax = "string",
        TeamId = "string",
        Template = "string",
        TenantDomain = "string",
        TokenEndpoint = "string",
        Totp = new Auth0.Inputs.ConnectionOptionsTotpArgs
        {
            Length = 0,
            TimeStep = 0,
        },
        TwilioSid = "string",
        TwilioToken = "string",
        Type = "string",
        UpstreamParams = "string",
        UseCertAuth = false,
        UseKerberos = false,
        UseWsfed = false,
        UserIdAttribute = "string",
        UserinfoEndpoint = "string",
        Validation = new Auth0.Inputs.ConnectionOptionsValidationArgs
        {
            Username = new Auth0.Inputs.ConnectionOptionsValidationUsernameArgs
            {
                Max = 0,
                Min = 0,
            },
        },
        WaadCommonEndpoint = false,
        WaadProtocol = "string",
    },
    Realms = new[]
    {
        "string",
    },
    ShowAsButton = false,
});
Copy
example, err := auth0.NewConnection(ctx, "connectionResource", &auth0.ConnectionArgs{
	Strategy:           pulumi.String("string"),
	DisplayName:        pulumi.String("string"),
	IsDomainConnection: pulumi.Bool(false),
	Metadata: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
	Name: pulumi.String("string"),
	Options: &auth0.ConnectionOptionsArgs{
		AdfsServer: pulumi.String("string"),
		AllowedAudiences: pulumi.StringArray{
			pulumi.String("string"),
		},
		ApiEnableUsers: pulumi.Bool(false),
		AppId:          pulumi.String("string"),
		AttributeMap: &auth0.ConnectionOptionsAttributeMapArgs{
			MappingMode:   pulumi.String("string"),
			Attributes:    pulumi.String("string"),
			UserinfoScope: pulumi.String("string"),
		},
		Attributes: auth0.ConnectionOptionsAttributeArray{
			&auth0.ConnectionOptionsAttributeArgs{
				Emails: auth0.ConnectionOptionsAttributeEmailArray{
					&auth0.ConnectionOptionsAttributeEmailArgs{
						Identifiers: auth0.ConnectionOptionsAttributeEmailIdentifierArray{
							&auth0.ConnectionOptionsAttributeEmailIdentifierArgs{
								Active: pulumi.Bool(false),
							},
						},
						ProfileRequired: pulumi.Bool(false),
						Signups: auth0.ConnectionOptionsAttributeEmailSignupArray{
							&auth0.ConnectionOptionsAttributeEmailSignupArgs{
								Status: pulumi.String("string"),
								Verifications: auth0.ConnectionOptionsAttributeEmailSignupVerificationArray{
									&auth0.ConnectionOptionsAttributeEmailSignupVerificationArgs{
										Active: pulumi.Bool(false),
									},
								},
							},
						},
						VerificationMethod: pulumi.String("string"),
					},
				},
				PhoneNumbers: auth0.ConnectionOptionsAttributePhoneNumberArray{
					&auth0.ConnectionOptionsAttributePhoneNumberArgs{
						Identifiers: auth0.ConnectionOptionsAttributePhoneNumberIdentifierArray{
							&auth0.ConnectionOptionsAttributePhoneNumberIdentifierArgs{
								Active: pulumi.Bool(false),
							},
						},
						ProfileRequired: pulumi.Bool(false),
						Signups: auth0.ConnectionOptionsAttributePhoneNumberSignupArray{
							&auth0.ConnectionOptionsAttributePhoneNumberSignupArgs{
								Status: pulumi.String("string"),
								Verifications: auth0.ConnectionOptionsAttributePhoneNumberSignupVerificationArray{
									&auth0.ConnectionOptionsAttributePhoneNumberSignupVerificationArgs{
										Active: pulumi.Bool(false),
									},
								},
							},
						},
					},
				},
				Usernames: auth0.ConnectionOptionsAttributeUsernameArray{
					&auth0.ConnectionOptionsAttributeUsernameArgs{
						Identifiers: auth0.ConnectionOptionsAttributeUsernameIdentifierArray{
							&auth0.ConnectionOptionsAttributeUsernameIdentifierArgs{
								Active: pulumi.Bool(false),
							},
						},
						ProfileRequired: pulumi.Bool(false),
						Signups: auth0.ConnectionOptionsAttributeUsernameSignupArray{
							&auth0.ConnectionOptionsAttributeUsernameSignupArgs{
								Status: pulumi.String("string"),
							},
						},
						Validations: auth0.ConnectionOptionsAttributeUsernameValidationArray{
							&auth0.ConnectionOptionsAttributeUsernameValidationArgs{
								AllowedTypes: auth0.ConnectionOptionsAttributeUsernameValidationAllowedTypeArray{
									&auth0.ConnectionOptionsAttributeUsernameValidationAllowedTypeArgs{
										Email:       pulumi.Bool(false),
										PhoneNumber: pulumi.Bool(false),
									},
								},
								MaxLength: pulumi.Int(0),
								MinLength: pulumi.Int(0),
							},
						},
					},
				},
			},
		},
		AuthParams: pulumi.StringMap{
			"string": pulumi.String("string"),
		},
		AuthenticationMethods: auth0.ConnectionOptionsAuthenticationMethodArray{
			&auth0.ConnectionOptionsAuthenticationMethodArgs{
				Passkey: &auth0.ConnectionOptionsAuthenticationMethodPasskeyArgs{
					Enabled: pulumi.Bool(false),
				},
				Password: &auth0.ConnectionOptionsAuthenticationMethodPasswordArgs{
					Enabled: pulumi.Bool(false),
				},
			},
		},
		AuthorizationEndpoint: pulumi.String("string"),
		BruteForceProtection:  pulumi.Bool(false),
		ClientId:              pulumi.String("string"),
		ClientSecret:          pulumi.String("string"),
		CommunityBaseUrl:      pulumi.String("string"),
		Configuration: pulumi.StringMap{
			"string": pulumi.String("string"),
		},
		ConnectionSettings: &auth0.ConnectionOptionsConnectionSettingsArgs{
			Pkce: pulumi.String("string"),
		},
		CustomHeaders: pulumi.StringMapArray{
			pulumi.StringMap{
				"string": pulumi.String("string"),
			},
		},
		CustomScripts: pulumi.StringMap{
			"string": pulumi.String("string"),
		},
		Debug: pulumi.Bool(false),
		DecryptionKey: &auth0.ConnectionOptionsDecryptionKeyArgs{
			Cert: pulumi.String("string"),
			Key:  pulumi.String("string"),
		},
		DigestAlgorithm:                  pulumi.String("string"),
		DisableCache:                     pulumi.Bool(false),
		DisableSelfServiceChangePassword: pulumi.Bool(false),
		DisableSignOut:                   pulumi.Bool(false),
		DisableSignup:                    pulumi.Bool(false),
		DiscoveryUrl:                     pulumi.String("string"),
		Domain:                           pulumi.String("string"),
		DomainAliases: pulumi.StringArray{
			pulumi.String("string"),
		},
		EnableScriptContext:          pulumi.Bool(false),
		EnabledDatabaseCustomization: pulumi.Bool(false),
		EntityId:                     pulumi.String("string"),
		FedMetadataXml:               pulumi.String("string"),
		FieldsMap:                    pulumi.String("string"),
		ForwardRequestInfo:           pulumi.Bool(false),
		From:                         pulumi.String("string"),
		GatewayAuthentication: &auth0.ConnectionOptionsGatewayAuthenticationArgs{
			Audience:            pulumi.String("string"),
			Method:              pulumi.String("string"),
			Secret:              pulumi.String("string"),
			SecretBase64Encoded: pulumi.Bool(false),
			Subject:             pulumi.String("string"),
		},
		GatewayUrl:                  pulumi.String("string"),
		GlobalTokenRevocationJwtIss: pulumi.String("string"),
		GlobalTokenRevocationJwtSub: pulumi.String("string"),
		IconUrl:                     pulumi.String("string"),
		IdentityApi:                 pulumi.String("string"),
		IdpInitiated: &auth0.ConnectionOptionsIdpInitiatedArgs{
			ClientAuthorizeQuery: pulumi.String("string"),
			ClientId:             pulumi.String("string"),
			ClientProtocol:       pulumi.String("string"),
			Enabled:              pulumi.Bool(false),
		},
		ImportMode: pulumi.Bool(false),
		Ips: pulumi.StringArray{
			pulumi.String("string"),
		},
		Issuer:              pulumi.String("string"),
		JwksUri:             pulumi.String("string"),
		KeyId:               pulumi.String("string"),
		MapUserIdToId:       pulumi.Bool(false),
		MaxGroupsToRetrieve: pulumi.String("string"),
		MessagingServiceSid: pulumi.String("string"),
		MetadataUrl:         pulumi.String("string"),
		MetadataXml:         pulumi.String("string"),
		Mfa: &auth0.ConnectionOptionsMfaArgs{
			Active:               pulumi.Bool(false),
			ReturnEnrollSettings: pulumi.Bool(false),
		},
		Name: pulumi.String("string"),
		NonPersistentAttrs: pulumi.StringArray{
			pulumi.String("string"),
		},
		PasskeyOptions: &auth0.ConnectionOptionsPasskeyOptionsArgs{
			ChallengeUi:                  pulumi.String("string"),
			LocalEnrollmentEnabled:       pulumi.Bool(false),
			ProgressiveEnrollmentEnabled: pulumi.Bool(false),
		},
		PasswordComplexityOptions: &auth0.ConnectionOptionsPasswordComplexityOptionsArgs{
			MinLength: pulumi.Int(0),
		},
		PasswordDictionary: &auth0.ConnectionOptionsPasswordDictionaryArgs{
			Dictionaries: pulumi.StringArray{
				pulumi.String("string"),
			},
			Enable: pulumi.Bool(false),
		},
		PasswordHistories: auth0.ConnectionOptionsPasswordHistoryArray{
			&auth0.ConnectionOptionsPasswordHistoryArgs{
				Enable: pulumi.Bool(false),
				Size:   pulumi.Int(0),
			},
		},
		PasswordNoPersonalInfo: &auth0.ConnectionOptionsPasswordNoPersonalInfoArgs{
			Enable: pulumi.Bool(false),
		},
		PasswordPolicy:      pulumi.String("string"),
		PingFederateBaseUrl: pulumi.String("string"),
		PkceEnabled:         pulumi.Bool(false),
		Precedences: pulumi.StringArray{
			pulumi.String("string"),
		},
		ProtocolBinding:  pulumi.String("string"),
		Provider:         pulumi.String("string"),
		RequestTemplate:  pulumi.String("string"),
		RequiresUsername: pulumi.Bool(false),
		Scopes: pulumi.StringArray{
			pulumi.String("string"),
		},
		Scripts: pulumi.StringMap{
			"string": pulumi.String("string"),
		},
		SetUserRootAttributes:              pulumi.String("string"),
		ShouldTrustEmailVerifiedConnection: pulumi.String("string"),
		SignInEndpoint:                     pulumi.String("string"),
		SignOutEndpoint:                    pulumi.String("string"),
		SignSamlRequest:                    pulumi.Bool(false),
		SignatureAlgorithm:                 pulumi.String("string"),
		SigningCert:                        pulumi.String("string"),
		SigningKey: &auth0.ConnectionOptionsSigningKeyArgs{
			Cert: pulumi.String("string"),
			Key:  pulumi.String("string"),
		},
		StrategyVersion: pulumi.Int(0),
		Subject:         pulumi.String("string"),
		Syntax:          pulumi.String("string"),
		TeamId:          pulumi.String("string"),
		Template:        pulumi.String("string"),
		TenantDomain:    pulumi.String("string"),
		TokenEndpoint:   pulumi.String("string"),
		Totp: &auth0.ConnectionOptionsTotpArgs{
			Length:   pulumi.Int(0),
			TimeStep: pulumi.Int(0),
		},
		TwilioSid:        pulumi.String("string"),
		TwilioToken:      pulumi.String("string"),
		Type:             pulumi.String("string"),
		UpstreamParams:   pulumi.String("string"),
		UseCertAuth:      pulumi.Bool(false),
		UseKerberos:      pulumi.Bool(false),
		UseWsfed:         pulumi.Bool(false),
		UserIdAttribute:  pulumi.String("string"),
		UserinfoEndpoint: pulumi.String("string"),
		Validation: &auth0.ConnectionOptionsValidationArgs{
			Username: &auth0.ConnectionOptionsValidationUsernameArgs{
				Max: pulumi.Int(0),
				Min: pulumi.Int(0),
			},
		},
		WaadCommonEndpoint: pulumi.Bool(false),
		WaadProtocol:       pulumi.String("string"),
	},
	Realms: pulumi.StringArray{
		pulumi.String("string"),
	},
	ShowAsButton: pulumi.Bool(false),
})
Copy
var connectionResource = new Connection("connectionResource", ConnectionArgs.builder()
    .strategy("string")
    .displayName("string")
    .isDomainConnection(false)
    .metadata(Map.of("string", "string"))
    .name("string")
    .options(ConnectionOptionsArgs.builder()
        .adfsServer("string")
        .allowedAudiences("string")
        .apiEnableUsers(false)
        .appId("string")
        .attributeMap(ConnectionOptionsAttributeMapArgs.builder()
            .mappingMode("string")
            .attributes("string")
            .userinfoScope("string")
            .build())
        .attributes(ConnectionOptionsAttributeArgs.builder()
            .emails(ConnectionOptionsAttributeEmailArgs.builder()
                .identifiers(ConnectionOptionsAttributeEmailIdentifierArgs.builder()
                    .active(false)
                    .build())
                .profileRequired(false)
                .signups(ConnectionOptionsAttributeEmailSignupArgs.builder()
                    .status("string")
                    .verifications(ConnectionOptionsAttributeEmailSignupVerificationArgs.builder()
                        .active(false)
                        .build())
                    .build())
                .verificationMethod("string")
                .build())
            .phoneNumbers(ConnectionOptionsAttributePhoneNumberArgs.builder()
                .identifiers(ConnectionOptionsAttributePhoneNumberIdentifierArgs.builder()
                    .active(false)
                    .build())
                .profileRequired(false)
                .signups(ConnectionOptionsAttributePhoneNumberSignupArgs.builder()
                    .status("string")
                    .verifications(ConnectionOptionsAttributePhoneNumberSignupVerificationArgs.builder()
                        .active(false)
                        .build())
                    .build())
                .build())
            .usernames(ConnectionOptionsAttributeUsernameArgs.builder()
                .identifiers(ConnectionOptionsAttributeUsernameIdentifierArgs.builder()
                    .active(false)
                    .build())
                .profileRequired(false)
                .signups(ConnectionOptionsAttributeUsernameSignupArgs.builder()
                    .status("string")
                    .build())
                .validations(ConnectionOptionsAttributeUsernameValidationArgs.builder()
                    .allowedTypes(ConnectionOptionsAttributeUsernameValidationAllowedTypeArgs.builder()
                        .email(false)
                        .phoneNumber(false)
                        .build())
                    .maxLength(0)
                    .minLength(0)
                    .build())
                .build())
            .build())
        .authParams(Map.of("string", "string"))
        .authenticationMethods(ConnectionOptionsAuthenticationMethodArgs.builder()
            .passkey(ConnectionOptionsAuthenticationMethodPasskeyArgs.builder()
                .enabled(false)
                .build())
            .password(ConnectionOptionsAuthenticationMethodPasswordArgs.builder()
                .enabled(false)
                .build())
            .build())
        .authorizationEndpoint("string")
        .bruteForceProtection(false)
        .clientId("string")
        .clientSecret("string")
        .communityBaseUrl("string")
        .configuration(Map.of("string", "string"))
        .connectionSettings(ConnectionOptionsConnectionSettingsArgs.builder()
            .pkce("string")
            .build())
        .customHeaders(Map.of("string", "string"))
        .customScripts(Map.of("string", "string"))
        .debug(false)
        .decryptionKey(ConnectionOptionsDecryptionKeyArgs.builder()
            .cert("string")
            .key("string")
            .build())
        .digestAlgorithm("string")
        .disableCache(false)
        .disableSelfServiceChangePassword(false)
        .disableSignOut(false)
        .disableSignup(false)
        .discoveryUrl("string")
        .domain("string")
        .domainAliases("string")
        .enableScriptContext(false)
        .enabledDatabaseCustomization(false)
        .entityId("string")
        .fedMetadataXml("string")
        .fieldsMap("string")
        .forwardRequestInfo(false)
        .from("string")
        .gatewayAuthentication(ConnectionOptionsGatewayAuthenticationArgs.builder()
            .audience("string")
            .method("string")
            .secret("string")
            .secretBase64Encoded(false)
            .subject("string")
            .build())
        .gatewayUrl("string")
        .globalTokenRevocationJwtIss("string")
        .globalTokenRevocationJwtSub("string")
        .iconUrl("string")
        .identityApi("string")
        .idpInitiated(ConnectionOptionsIdpInitiatedArgs.builder()
            .clientAuthorizeQuery("string")
            .clientId("string")
            .clientProtocol("string")
            .enabled(false)
            .build())
        .importMode(false)
        .ips("string")
        .issuer("string")
        .jwksUri("string")
        .keyId("string")
        .mapUserIdToId(false)
        .maxGroupsToRetrieve("string")
        .messagingServiceSid("string")
        .metadataUrl("string")
        .metadataXml("string")
        .mfa(ConnectionOptionsMfaArgs.builder()
            .active(false)
            .returnEnrollSettings(false)
            .build())
        .name("string")
        .nonPersistentAttrs("string")
        .passkeyOptions(ConnectionOptionsPasskeyOptionsArgs.builder()
            .challengeUi("string")
            .localEnrollmentEnabled(false)
            .progressiveEnrollmentEnabled(false)
            .build())
        .passwordComplexityOptions(ConnectionOptionsPasswordComplexityOptionsArgs.builder()
            .minLength(0)
            .build())
        .passwordDictionary(ConnectionOptionsPasswordDictionaryArgs.builder()
            .dictionaries("string")
            .enable(false)
            .build())
        .passwordHistories(ConnectionOptionsPasswordHistoryArgs.builder()
            .enable(false)
            .size(0)
            .build())
        .passwordNoPersonalInfo(ConnectionOptionsPasswordNoPersonalInfoArgs.builder()
            .enable(false)
            .build())
        .passwordPolicy("string")
        .pingFederateBaseUrl("string")
        .pkceEnabled(false)
        .precedences("string")
        .protocolBinding("string")
        .provider("string")
        .requestTemplate("string")
        .requiresUsername(false)
        .scopes("string")
        .scripts(Map.of("string", "string"))
        .setUserRootAttributes("string")
        .shouldTrustEmailVerifiedConnection("string")
        .signInEndpoint("string")
        .signOutEndpoint("string")
        .signSamlRequest(false)
        .signatureAlgorithm("string")
        .signingCert("string")
        .signingKey(ConnectionOptionsSigningKeyArgs.builder()
            .cert("string")
            .key("string")
            .build())
        .strategyVersion(0)
        .subject("string")
        .syntax("string")
        .teamId("string")
        .template("string")
        .tenantDomain("string")
        .tokenEndpoint("string")
        .totp(ConnectionOptionsTotpArgs.builder()
            .length(0)
            .timeStep(0)
            .build())
        .twilioSid("string")
        .twilioToken("string")
        .type("string")
        .upstreamParams("string")
        .useCertAuth(false)
        .useKerberos(false)
        .useWsfed(false)
        .userIdAttribute("string")
        .userinfoEndpoint("string")
        .validation(ConnectionOptionsValidationArgs.builder()
            .username(ConnectionOptionsValidationUsernameArgs.builder()
                .max(0)
                .min(0)
                .build())
            .build())
        .waadCommonEndpoint(false)
        .waadProtocol("string")
        .build())
    .realms("string")
    .showAsButton(false)
    .build());
Copy
connection_resource = auth0.Connection("connectionResource",
    strategy="string",
    display_name="string",
    is_domain_connection=False,
    metadata={
        "string": "string",
    },
    name="string",
    options={
        "adfs_server": "string",
        "allowed_audiences": ["string"],
        "api_enable_users": False,
        "app_id": "string",
        "attribute_map": {
            "mapping_mode": "string",
            "attributes": "string",
            "userinfo_scope": "string",
        },
        "attributes": [{
            "emails": [{
                "identifiers": [{
                    "active": False,
                }],
                "profile_required": False,
                "signups": [{
                    "status": "string",
                    "verifications": [{
                        "active": False,
                    }],
                }],
                "verification_method": "string",
            }],
            "phone_numbers": [{
                "identifiers": [{
                    "active": False,
                }],
                "profile_required": False,
                "signups": [{
                    "status": "string",
                    "verifications": [{
                        "active": False,
                    }],
                }],
            }],
            "usernames": [{
                "identifiers": [{
                    "active": False,
                }],
                "profile_required": False,
                "signups": [{
                    "status": "string",
                }],
                "validations": [{
                    "allowed_types": [{
                        "email": False,
                        "phone_number": False,
                    }],
                    "max_length": 0,
                    "min_length": 0,
                }],
            }],
        }],
        "auth_params": {
            "string": "string",
        },
        "authentication_methods": [{
            "passkey": {
                "enabled": False,
            },
            "password": {
                "enabled": False,
            },
        }],
        "authorization_endpoint": "string",
        "brute_force_protection": False,
        "client_id": "string",
        "client_secret": "string",
        "community_base_url": "string",
        "configuration": {
            "string": "string",
        },
        "connection_settings": {
            "pkce": "string",
        },
        "custom_headers": [{
            "string": "string",
        }],
        "custom_scripts": {
            "string": "string",
        },
        "debug": False,
        "decryption_key": {
            "cert": "string",
            "key": "string",
        },
        "digest_algorithm": "string",
        "disable_cache": False,
        "disable_self_service_change_password": False,
        "disable_sign_out": False,
        "disable_signup": False,
        "discovery_url": "string",
        "domain": "string",
        "domain_aliases": ["string"],
        "enable_script_context": False,
        "enabled_database_customization": False,
        "entity_id": "string",
        "fed_metadata_xml": "string",
        "fields_map": "string",
        "forward_request_info": False,
        "from_": "string",
        "gateway_authentication": {
            "audience": "string",
            "method": "string",
            "secret": "string",
            "secret_base64_encoded": False,
            "subject": "string",
        },
        "gateway_url": "string",
        "global_token_revocation_jwt_iss": "string",
        "global_token_revocation_jwt_sub": "string",
        "icon_url": "string",
        "identity_api": "string",
        "idp_initiated": {
            "client_authorize_query": "string",
            "client_id": "string",
            "client_protocol": "string",
            "enabled": False,
        },
        "import_mode": False,
        "ips": ["string"],
        "issuer": "string",
        "jwks_uri": "string",
        "key_id": "string",
        "map_user_id_to_id": False,
        "max_groups_to_retrieve": "string",
        "messaging_service_sid": "string",
        "metadata_url": "string",
        "metadata_xml": "string",
        "mfa": {
            "active": False,
            "return_enroll_settings": False,
        },
        "name": "string",
        "non_persistent_attrs": ["string"],
        "passkey_options": {
            "challenge_ui": "string",
            "local_enrollment_enabled": False,
            "progressive_enrollment_enabled": False,
        },
        "password_complexity_options": {
            "min_length": 0,
        },
        "password_dictionary": {
            "dictionaries": ["string"],
            "enable": False,
        },
        "password_histories": [{
            "enable": False,
            "size": 0,
        }],
        "password_no_personal_info": {
            "enable": False,
        },
        "password_policy": "string",
        "ping_federate_base_url": "string",
        "pkce_enabled": False,
        "precedences": ["string"],
        "protocol_binding": "string",
        "provider": "string",
        "request_template": "string",
        "requires_username": False,
        "scopes": ["string"],
        "scripts": {
            "string": "string",
        },
        "set_user_root_attributes": "string",
        "should_trust_email_verified_connection": "string",
        "sign_in_endpoint": "string",
        "sign_out_endpoint": "string",
        "sign_saml_request": False,
        "signature_algorithm": "string",
        "signing_cert": "string",
        "signing_key": {
            "cert": "string",
            "key": "string",
        },
        "strategy_version": 0,
        "subject": "string",
        "syntax": "string",
        "team_id": "string",
        "template": "string",
        "tenant_domain": "string",
        "token_endpoint": "string",
        "totp": {
            "length": 0,
            "time_step": 0,
        },
        "twilio_sid": "string",
        "twilio_token": "string",
        "type": "string",
        "upstream_params": "string",
        "use_cert_auth": False,
        "use_kerberos": False,
        "use_wsfed": False,
        "user_id_attribute": "string",
        "userinfo_endpoint": "string",
        "validation": {
            "username": {
                "max": 0,
                "min": 0,
            },
        },
        "waad_common_endpoint": False,
        "waad_protocol": "string",
    },
    realms=["string"],
    show_as_button=False)
Copy
const connectionResource = new auth0.Connection("connectionResource", {
    strategy: "string",
    displayName: "string",
    isDomainConnection: false,
    metadata: {
        string: "string",
    },
    name: "string",
    options: {
        adfsServer: "string",
        allowedAudiences: ["string"],
        apiEnableUsers: false,
        appId: "string",
        attributeMap: {
            mappingMode: "string",
            attributes: "string",
            userinfoScope: "string",
        },
        attributes: [{
            emails: [{
                identifiers: [{
                    active: false,
                }],
                profileRequired: false,
                signups: [{
                    status: "string",
                    verifications: [{
                        active: false,
                    }],
                }],
                verificationMethod: "string",
            }],
            phoneNumbers: [{
                identifiers: [{
                    active: false,
                }],
                profileRequired: false,
                signups: [{
                    status: "string",
                    verifications: [{
                        active: false,
                    }],
                }],
            }],
            usernames: [{
                identifiers: [{
                    active: false,
                }],
                profileRequired: false,
                signups: [{
                    status: "string",
                }],
                validations: [{
                    allowedTypes: [{
                        email: false,
                        phoneNumber: false,
                    }],
                    maxLength: 0,
                    minLength: 0,
                }],
            }],
        }],
        authParams: {
            string: "string",
        },
        authenticationMethods: [{
            passkey: {
                enabled: false,
            },
            password: {
                enabled: false,
            },
        }],
        authorizationEndpoint: "string",
        bruteForceProtection: false,
        clientId: "string",
        clientSecret: "string",
        communityBaseUrl: "string",
        configuration: {
            string: "string",
        },
        connectionSettings: {
            pkce: "string",
        },
        customHeaders: [{
            string: "string",
        }],
        customScripts: {
            string: "string",
        },
        debug: false,
        decryptionKey: {
            cert: "string",
            key: "string",
        },
        digestAlgorithm: "string",
        disableCache: false,
        disableSelfServiceChangePassword: false,
        disableSignOut: false,
        disableSignup: false,
        discoveryUrl: "string",
        domain: "string",
        domainAliases: ["string"],
        enableScriptContext: false,
        enabledDatabaseCustomization: false,
        entityId: "string",
        fedMetadataXml: "string",
        fieldsMap: "string",
        forwardRequestInfo: false,
        from: "string",
        gatewayAuthentication: {
            audience: "string",
            method: "string",
            secret: "string",
            secretBase64Encoded: false,
            subject: "string",
        },
        gatewayUrl: "string",
        globalTokenRevocationJwtIss: "string",
        globalTokenRevocationJwtSub: "string",
        iconUrl: "string",
        identityApi: "string",
        idpInitiated: {
            clientAuthorizeQuery: "string",
            clientId: "string",
            clientProtocol: "string",
            enabled: false,
        },
        importMode: false,
        ips: ["string"],
        issuer: "string",
        jwksUri: "string",
        keyId: "string",
        mapUserIdToId: false,
        maxGroupsToRetrieve: "string",
        messagingServiceSid: "string",
        metadataUrl: "string",
        metadataXml: "string",
        mfa: {
            active: false,
            returnEnrollSettings: false,
        },
        name: "string",
        nonPersistentAttrs: ["string"],
        passkeyOptions: {
            challengeUi: "string",
            localEnrollmentEnabled: false,
            progressiveEnrollmentEnabled: false,
        },
        passwordComplexityOptions: {
            minLength: 0,
        },
        passwordDictionary: {
            dictionaries: ["string"],
            enable: false,
        },
        passwordHistories: [{
            enable: false,
            size: 0,
        }],
        passwordNoPersonalInfo: {
            enable: false,
        },
        passwordPolicy: "string",
        pingFederateBaseUrl: "string",
        pkceEnabled: false,
        precedences: ["string"],
        protocolBinding: "string",
        provider: "string",
        requestTemplate: "string",
        requiresUsername: false,
        scopes: ["string"],
        scripts: {
            string: "string",
        },
        setUserRootAttributes: "string",
        shouldTrustEmailVerifiedConnection: "string",
        signInEndpoint: "string",
        signOutEndpoint: "string",
        signSamlRequest: false,
        signatureAlgorithm: "string",
        signingCert: "string",
        signingKey: {
            cert: "string",
            key: "string",
        },
        strategyVersion: 0,
        subject: "string",
        syntax: "string",
        teamId: "string",
        template: "string",
        tenantDomain: "string",
        tokenEndpoint: "string",
        totp: {
            length: 0,
            timeStep: 0,
        },
        twilioSid: "string",
        twilioToken: "string",
        type: "string",
        upstreamParams: "string",
        useCertAuth: false,
        useKerberos: false,
        useWsfed: false,
        userIdAttribute: "string",
        userinfoEndpoint: "string",
        validation: {
            username: {
                max: 0,
                min: 0,
            },
        },
        waadCommonEndpoint: false,
        waadProtocol: "string",
    },
    realms: ["string"],
    showAsButton: false,
});
Copy
type: auth0:Connection
properties:
    displayName: string
    isDomainConnection: false
    metadata:
        string: string
    name: string
    options:
        adfsServer: string
        allowedAudiences:
            - string
        apiEnableUsers: false
        appId: string
        attributeMap:
            attributes: string
            mappingMode: string
            userinfoScope: string
        attributes:
            - emails:
                - identifiers:
                    - active: false
                  profileRequired: false
                  signups:
                    - status: string
                      verifications:
                        - active: false
                  verificationMethod: string
              phoneNumbers:
                - identifiers:
                    - active: false
                  profileRequired: false
                  signups:
                    - status: string
                      verifications:
                        - active: false
              usernames:
                - identifiers:
                    - active: false
                  profileRequired: false
                  signups:
                    - status: string
                  validations:
                    - allowedTypes:
                        - email: false
                          phoneNumber: false
                      maxLength: 0
                      minLength: 0
        authParams:
            string: string
        authenticationMethods:
            - passkey:
                enabled: false
              password:
                enabled: false
        authorizationEndpoint: string
        bruteForceProtection: false
        clientId: string
        clientSecret: string
        communityBaseUrl: string
        configuration:
            string: string
        connectionSettings:
            pkce: string
        customHeaders:
            - string: string
        customScripts:
            string: string
        debug: false
        decryptionKey:
            cert: string
            key: string
        digestAlgorithm: string
        disableCache: false
        disableSelfServiceChangePassword: false
        disableSignOut: false
        disableSignup: false
        discoveryUrl: string
        domain: string
        domainAliases:
            - string
        enableScriptContext: false
        enabledDatabaseCustomization: false
        entityId: string
        fedMetadataXml: string
        fieldsMap: string
        forwardRequestInfo: false
        from: string
        gatewayAuthentication:
            audience: string
            method: string
            secret: string
            secretBase64Encoded: false
            subject: string
        gatewayUrl: string
        globalTokenRevocationJwtIss: string
        globalTokenRevocationJwtSub: string
        iconUrl: string
        identityApi: string
        idpInitiated:
            clientAuthorizeQuery: string
            clientId: string
            clientProtocol: string
            enabled: false
        importMode: false
        ips:
            - string
        issuer: string
        jwksUri: string
        keyId: string
        mapUserIdToId: false
        maxGroupsToRetrieve: string
        messagingServiceSid: string
        metadataUrl: string
        metadataXml: string
        mfa:
            active: false
            returnEnrollSettings: false
        name: string
        nonPersistentAttrs:
            - string
        passkeyOptions:
            challengeUi: string
            localEnrollmentEnabled: false
            progressiveEnrollmentEnabled: false
        passwordComplexityOptions:
            minLength: 0
        passwordDictionary:
            dictionaries:
                - string
            enable: false
        passwordHistories:
            - enable: false
              size: 0
        passwordNoPersonalInfo:
            enable: false
        passwordPolicy: string
        pingFederateBaseUrl: string
        pkceEnabled: false
        precedences:
            - string
        protocolBinding: string
        provider: string
        requestTemplate: string
        requiresUsername: false
        scopes:
            - string
        scripts:
            string: string
        setUserRootAttributes: string
        shouldTrustEmailVerifiedConnection: string
        signInEndpoint: string
        signOutEndpoint: string
        signSamlRequest: false
        signatureAlgorithm: string
        signingCert: string
        signingKey:
            cert: string
            key: string
        strategyVersion: 0
        subject: string
        syntax: string
        teamId: string
        template: string
        tenantDomain: string
        tokenEndpoint: string
        totp:
            length: 0
            timeStep: 0
        twilioSid: string
        twilioToken: string
        type: string
        upstreamParams: string
        useCertAuth: false
        useKerberos: false
        useWsfed: false
        userIdAttribute: string
        userinfoEndpoint: string
        validation:
            username:
                max: 0
                min: 0
        waadCommonEndpoint: false
        waadProtocol: string
    realms:
        - string
    showAsButton: false
    strategy: string
Copy

Connection Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The Connection resource accepts the following input properties:

Strategy
This property is required.
Changes to this property will trigger replacement.
string
Type of the connection, which indicates the identity provider.
DisplayName string
Name used in login screen.
IsDomainConnection bool
Indicates whether the connection is domain level.
Metadata Dictionary<string, string>
Metadata associated with the connection, in the form of a map of string values (max 255 chars).
Name Changes to this property will trigger replacement. string
Name of the connection.
Options ConnectionOptions
Configuration settings for connection options.
Realms List<string>
Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
ShowAsButton bool
Display connection as a button. Only available on enterprise connections.
Strategy
This property is required.
Changes to this property will trigger replacement.
string
Type of the connection, which indicates the identity provider.
DisplayName string
Name used in login screen.
IsDomainConnection bool
Indicates whether the connection is domain level.
Metadata map[string]string
Metadata associated with the connection, in the form of a map of string values (max 255 chars).
Name Changes to this property will trigger replacement. string
Name of the connection.
Options ConnectionOptionsArgs
Configuration settings for connection options.
Realms []string
Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
ShowAsButton bool
Display connection as a button. Only available on enterprise connections.
strategy
This property is required.
Changes to this property will trigger replacement.
String
Type of the connection, which indicates the identity provider.
displayName String
Name used in login screen.
isDomainConnection Boolean
Indicates whether the connection is domain level.
metadata Map<String,String>
Metadata associated with the connection, in the form of a map of string values (max 255 chars).
name Changes to this property will trigger replacement. String
Name of the connection.
options ConnectionOptions
Configuration settings for connection options.
realms List<String>
Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
showAsButton Boolean
Display connection as a button. Only available on enterprise connections.
strategy
This property is required.
Changes to this property will trigger replacement.
string
Type of the connection, which indicates the identity provider.
displayName string
Name used in login screen.
isDomainConnection boolean
Indicates whether the connection is domain level.
metadata {[key: string]: string}
Metadata associated with the connection, in the form of a map of string values (max 255 chars).
name Changes to this property will trigger replacement. string
Name of the connection.
options ConnectionOptions
Configuration settings for connection options.
realms string[]
Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
showAsButton boolean
Display connection as a button. Only available on enterprise connections.
strategy
This property is required.
Changes to this property will trigger replacement.
str
Type of the connection, which indicates the identity provider.
display_name str
Name used in login screen.
is_domain_connection bool
Indicates whether the connection is domain level.
metadata Mapping[str, str]
Metadata associated with the connection, in the form of a map of string values (max 255 chars).
name Changes to this property will trigger replacement. str
Name of the connection.
options ConnectionOptionsArgs
Configuration settings for connection options.
realms Sequence[str]
Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
show_as_button bool
Display connection as a button. Only available on enterprise connections.
strategy
This property is required.
Changes to this property will trigger replacement.
String
Type of the connection, which indicates the identity provider.
displayName String
Name used in login screen.
isDomainConnection Boolean
Indicates whether the connection is domain level.
metadata Map<String>
Metadata associated with the connection, in the form of a map of string values (max 255 chars).
name Changes to this property will trigger replacement. String
Name of the connection.
options Property Map
Configuration settings for connection options.
realms List<String>
Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
showAsButton Boolean
Display connection as a button. Only available on enterprise connections.

Outputs

All input properties are implicitly available as output properties. Additionally, the Connection resource produces the following output properties:

Id string
The provider-assigned unique ID for this managed resource.
Id string
The provider-assigned unique ID for this managed resource.
id String
The provider-assigned unique ID for this managed resource.
id string
The provider-assigned unique ID for this managed resource.
id str
The provider-assigned unique ID for this managed resource.
id String
The provider-assigned unique ID for this managed resource.

Look up Existing Connection Resource

Get an existing Connection resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: ConnectionState, opts?: CustomResourceOptions): Connection
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        display_name: Optional[str] = None,
        is_domain_connection: Optional[bool] = None,
        metadata: Optional[Mapping[str, str]] = None,
        name: Optional[str] = None,
        options: Optional[ConnectionOptionsArgs] = None,
        realms: Optional[Sequence[str]] = None,
        show_as_button: Optional[bool] = None,
        strategy: Optional[str] = None) -> Connection
func GetConnection(ctx *Context, name string, id IDInput, state *ConnectionState, opts ...ResourceOption) (*Connection, error)
public static Connection Get(string name, Input<string> id, ConnectionState? state, CustomResourceOptions? opts = null)
public static Connection get(String name, Output<String> id, ConnectionState state, CustomResourceOptions options)
resources:  _:    type: auth0:Connection    get:      id: ${id}
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
DisplayName string
Name used in login screen.
IsDomainConnection bool
Indicates whether the connection is domain level.
Metadata Dictionary<string, string>
Metadata associated with the connection, in the form of a map of string values (max 255 chars).
Name Changes to this property will trigger replacement. string
Name of the connection.
Options ConnectionOptions
Configuration settings for connection options.
Realms List<string>
Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
ShowAsButton bool
Display connection as a button. Only available on enterprise connections.
Strategy Changes to this property will trigger replacement. string
Type of the connection, which indicates the identity provider.
DisplayName string
Name used in login screen.
IsDomainConnection bool
Indicates whether the connection is domain level.
Metadata map[string]string
Metadata associated with the connection, in the form of a map of string values (max 255 chars).
Name Changes to this property will trigger replacement. string
Name of the connection.
Options ConnectionOptionsArgs
Configuration settings for connection options.
Realms []string
Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
ShowAsButton bool
Display connection as a button. Only available on enterprise connections.
Strategy Changes to this property will trigger replacement. string
Type of the connection, which indicates the identity provider.
displayName String
Name used in login screen.
isDomainConnection Boolean
Indicates whether the connection is domain level.
metadata Map<String,String>
Metadata associated with the connection, in the form of a map of string values (max 255 chars).
name Changes to this property will trigger replacement. String
Name of the connection.
options ConnectionOptions
Configuration settings for connection options.
realms List<String>
Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
showAsButton Boolean
Display connection as a button. Only available on enterprise connections.
strategy Changes to this property will trigger replacement. String
Type of the connection, which indicates the identity provider.
displayName string
Name used in login screen.
isDomainConnection boolean
Indicates whether the connection is domain level.
metadata {[key: string]: string}
Metadata associated with the connection, in the form of a map of string values (max 255 chars).
name Changes to this property will trigger replacement. string
Name of the connection.
options ConnectionOptions
Configuration settings for connection options.
realms string[]
Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
showAsButton boolean
Display connection as a button. Only available on enterprise connections.
strategy Changes to this property will trigger replacement. string
Type of the connection, which indicates the identity provider.
display_name str
Name used in login screen.
is_domain_connection bool
Indicates whether the connection is domain level.
metadata Mapping[str, str]
Metadata associated with the connection, in the form of a map of string values (max 255 chars).
name Changes to this property will trigger replacement. str
Name of the connection.
options ConnectionOptionsArgs
Configuration settings for connection options.
realms Sequence[str]
Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
show_as_button bool
Display connection as a button. Only available on enterprise connections.
strategy Changes to this property will trigger replacement. str
Type of the connection, which indicates the identity provider.
displayName String
Name used in login screen.
isDomainConnection Boolean
Indicates whether the connection is domain level.
metadata Map<String>
Metadata associated with the connection, in the form of a map of string values (max 255 chars).
name Changes to this property will trigger replacement. String
Name of the connection.
options Property Map
Configuration settings for connection options.
realms List<String>
Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
showAsButton Boolean
Display connection as a button. Only available on enterprise connections.
strategy Changes to this property will trigger replacement. String
Type of the connection, which indicates the identity provider.

Supporting Types

ConnectionOptions
, ConnectionOptionsArgs

AdfsServer string
ADFS URL where to fetch the metadata source.
AllowedAudiences List<string>
List of allowed audiences.
ApiEnableUsers bool
Enable API Access to users.
AppId string
App ID.
AttributeMap ConnectionOptionsAttributeMap
OpenID Connect and Okta Workforce connections can automatically map claims received from the identity provider (IdP). You can configure this mapping through a library template provided by Auth0 or by entering your own template directly. Click here for more info.
Attributes List<ConnectionOptionsAttribute>
Order of attributes for precedence in identification.Valid values: email, phonenumber, username. If Precedence is set, it must contain all values (email, phonenumber, username) in specific order
AuthParams Dictionary<string, string>
Query string parameters to be included as part of the generated passwordless email link.
AuthenticationMethods List<ConnectionOptionsAuthenticationMethod>
Specifies the authentication methods and their configuration (enabled or disabled)
AuthorizationEndpoint string
Authorization endpoint.
BruteForceProtection bool
Indicates whether to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.
ClientId string
The strategy's client ID.
ClientSecret string
The strategy's client secret.
CommunityBaseUrl string
Salesforce community base URL.
Configuration Dictionary<string, string>
A case-sensitive map of key value pairs used as configuration variables for the custom_script.
ConnectionSettings ConnectionOptionsConnectionSettings
Proof Key for Code Exchange (PKCE) configuration settings for an OIDC or Okta Workforce connection.
CustomHeaders List<ImmutableDictionary<string, string>>
Configure extra headers to the Token endpoint of an OAuth 2.0 provider
CustomScripts Dictionary<string, string>
A map of scripts used to integrate with a custom database.
Debug bool
When enabled, additional debug information will be generated.
DecryptionKey ConnectionOptionsDecryptionKey
The key used to decrypt encrypted responses from the connection. Uses the key and cert properties to provide the private key and certificate respectively.
DigestAlgorithm string
Sign Request Algorithm Digest.
DisableCache bool
Indicates whether to disable the cache or not.
DisableSelfServiceChangePassword bool
Indicates whether to remove the forgot password link within the New Universal Login.
DisableSignOut bool
When enabled, will disable sign out.
DisableSignup bool
Indicates whether to allow user sign-ups to your application.
DiscoveryUrl string
OpenID discovery URL, e.g. https://auth.example.com/.well-known/openid-configuration.
Domain string
Domain name.
DomainAliases List<string>
List of the domains that can be authenticated using the identity provider. Only needed for Identifier First authentication flows.
EnableScriptContext bool
Set to true to inject context into custom DB scripts (warning: cannot be disabled once enabled).
EnabledDatabaseCustomization bool
Set to true to use a legacy user store.
EntityId string
Custom Entity ID for the connection.
FedMetadataXml string
Federation Metadata for the ADFS connection.
FieldsMap string
If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.
ForwardRequestInfo bool
Specifies whether or not request info should be forwarded to sms gateway.
From string
Address to use as the sender.
GatewayAuthentication ConnectionOptionsGatewayAuthentication
Defines the parameters used to generate the auth token for the custom gateway.
GatewayUrl string
Defines a custom sms gateway to use instead of Twilio.
GlobalTokenRevocationJwtIss string
Specifies the issuer of the JWT used for global token revocation for the SAML connection.
GlobalTokenRevocationJwtSub string
Specifies the subject of the JWT used for global token revocation for the SAML connection.
IconUrl string
Icon URL.
IdentityApi string
Azure AD Identity API. Available options are: microsoft-identity-platform-v2.0 or azure-active-directory-v1.0.
IdpInitiated ConnectionOptionsIdpInitiated
Configuration options for IDP Initiated Authentication. This is an object with the properties: client_id, client_protocol, and client_authorize_query.
ImportMode bool
Indicates whether you have a legacy user store and want to gradually migrate those users to the Auth0 user store.
Ips List<string>
A list of IPs.
Issuer string
Issuer URL, e.g. https://auth.example.com.
JwksUri string
JWKS URI.
KeyId string
Apple Key ID.
MapUserIdToId bool
By default Auth0 maps user_id to email. Enabling this setting changes the behavior to map user_id to 'id' instead. This can only be defined on a new Google Workspace connection and can not be changed once set.
MaxGroupsToRetrieve string
Maximum number of groups to retrieve.
MessagingServiceSid string
SID for Copilot. Used when SMS Source is Copilot.
MetadataUrl string
The URL of the SAML metadata document.
MetadataXml string
The XML content for the SAML metadata document. Values within the xml will take precedence over other attributes set on the options block.
Mfa ConnectionOptionsMfa
Configuration options for multifactor authentication.
Name string
The public name of the email or SMS Connection. In most cases this is the same name as the connection name.
NonPersistentAttrs List<string>
If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the DenyList here.
PasskeyOptions ConnectionOptionsPasskeyOptions
Defines options for the passkey authentication method
PasswordComplexityOptions ConnectionOptionsPasswordComplexityOptions
Configuration settings for password complexity.
PasswordDictionary ConnectionOptionsPasswordDictionary
Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary.
PasswordHistories List<ConnectionOptionsPasswordHistory>
Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords.
PasswordNoPersonalInfo ConnectionOptionsPasswordNoPersonalInfo
Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user's personal data, including user's name, username, nickname, user_metadata.name, user_metadata.first, user_metadata.last, user's email, or first part of the user's email.
PasswordPolicy string
Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include none, low, fair, good, excellent.
PingFederateBaseUrl string
Ping Federate Server URL.
PkceEnabled bool
Enables Proof Key for Code Exchange (PKCE) functionality for OAuth2 connections.
Precedences List<string>
Order of attributes for precedence in identification.Valid values: email, phonenumber, username. If Precedence is set, it must contain all values (email, phonenumber, username) in specific order
ProtocolBinding string
The SAML Response Binding: how the SAML token is received by Auth0 from the IdP.
Provider string
Defines the custom sms_gateway provider.
RequestTemplate string
Template that formats the SAML request.
RequiresUsername bool
Indicates whether the user is required to provide a username in addition to an email address.
Scopes List<string>
Permissions to grant to the connection. Within the Auth0 dashboard these appear under the "Attributes" and "Extended Attributes" sections. Some examples: basic_profile, ext_profile, ext_nested_groups, etc.
Scripts Dictionary<string, string>
A map of scripts used for an OAuth connection. Only accepts a fetchUserProfile script.
SetUserRootAttributes string
Determines whether to sync user profile attributes (name, given_name, family_name, nickname, picture) at each login or only on the first login. Options include: on_each_login, on_first_login, never_on_login. Default value: on_each_login.
ShouldTrustEmailVerifiedConnection string
Choose how Auth0 sets the email_verified field in the user profile.
SignInEndpoint string
SAML single login URL for the connection.
SignOutEndpoint string
SAML single logout URL for the connection.
SignSamlRequest bool
When enabled, the SAML authentication request will be signed.
SignatureAlgorithm string
Sign Request Algorithm.
SigningCert string
X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded.
SigningKey ConnectionOptionsSigningKey
The key used to sign requests in the connection. Uses the key and cert properties to provide the private key and certificate respectively.
StrategyVersion int
Version 1 is deprecated, use version 2.
Subject string
Subject line of the email.
Syntax string
Syntax of the template body.
TeamId string
Apple Team ID.
Template string
Body of the template.
TenantDomain string
Tenant domain name.
TokenEndpoint string
Token endpoint.
Totp ConnectionOptionsTotp
Configuration options for one-time passwords.
TwilioSid string
SID for your Twilio account.
TwilioToken string
AuthToken for your Twilio account.
Type string
Value can be back_channel or front_channel. Front Channel will use OIDC protocol with response_mode=form_post and response_type=id_token. Back Channel will use response_type=code.
UpstreamParams string
You can pass provider-specific parameters to an identity provider during authentication. The values can either be static per connection or dynamic per user.
UseCertAuth bool
Indicates whether to use cert auth or not.
UseKerberos bool
Indicates whether to use Kerberos or not.
UseWsfed bool
Whether to use WS-Fed.
UserIdAttribute string
Attribute in the token that will be mapped to the user_id property in Auth0.
UserinfoEndpoint string
User info endpoint.
Validation ConnectionOptionsValidation
Validation of the minimum and maximum values allowed for a user to have as username.
WaadCommonEndpoint bool
Indicates whether to use the common endpoint rather than the default endpoint. Typically enabled if you're using this for a multi-tenant application in Azure AD.
WaadProtocol string
Protocol to use.
AdfsServer string
ADFS URL where to fetch the metadata source.
AllowedAudiences []string
List of allowed audiences.
ApiEnableUsers bool
Enable API Access to users.
AppId string
App ID.
AttributeMap ConnectionOptionsAttributeMap
OpenID Connect and Okta Workforce connections can automatically map claims received from the identity provider (IdP). You can configure this mapping through a library template provided by Auth0 or by entering your own template directly. Click here for more info.
Attributes []ConnectionOptionsAttribute
Order of attributes for precedence in identification.Valid values: email, phonenumber, username. If Precedence is set, it must contain all values (email, phonenumber, username) in specific order
AuthParams map[string]string
Query string parameters to be included as part of the generated passwordless email link.
AuthenticationMethods []ConnectionOptionsAuthenticationMethod
Specifies the authentication methods and their configuration (enabled or disabled)
AuthorizationEndpoint string
Authorization endpoint.
BruteForceProtection bool
Indicates whether to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.
ClientId string
The strategy's client ID.
ClientSecret string
The strategy's client secret.
CommunityBaseUrl string
Salesforce community base URL.
Configuration map[string]string
A case-sensitive map of key value pairs used as configuration variables for the custom_script.
ConnectionSettings ConnectionOptionsConnectionSettings
Proof Key for Code Exchange (PKCE) configuration settings for an OIDC or Okta Workforce connection.
CustomHeaders []map[string]string
Configure extra headers to the Token endpoint of an OAuth 2.0 provider
CustomScripts map[string]string
A map of scripts used to integrate with a custom database.
Debug bool
When enabled, additional debug information will be generated.
DecryptionKey ConnectionOptionsDecryptionKey
The key used to decrypt encrypted responses from the connection. Uses the key and cert properties to provide the private key and certificate respectively.
DigestAlgorithm string
Sign Request Algorithm Digest.
DisableCache bool
Indicates whether to disable the cache or not.
DisableSelfServiceChangePassword bool
Indicates whether to remove the forgot password link within the New Universal Login.
DisableSignOut bool
When enabled, will disable sign out.
DisableSignup bool
Indicates whether to allow user sign-ups to your application.
DiscoveryUrl string
OpenID discovery URL, e.g. https://auth.example.com/.well-known/openid-configuration.
Domain string
Domain name.
DomainAliases []string
List of the domains that can be authenticated using the identity provider. Only needed for Identifier First authentication flows.
EnableScriptContext bool
Set to true to inject context into custom DB scripts (warning: cannot be disabled once enabled).
EnabledDatabaseCustomization bool
Set to true to use a legacy user store.
EntityId string
Custom Entity ID for the connection.
FedMetadataXml string
Federation Metadata for the ADFS connection.
FieldsMap string
If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.
ForwardRequestInfo bool
Specifies whether or not request info should be forwarded to sms gateway.
From string
Address to use as the sender.
GatewayAuthentication ConnectionOptionsGatewayAuthentication
Defines the parameters used to generate the auth token for the custom gateway.
GatewayUrl string
Defines a custom sms gateway to use instead of Twilio.
GlobalTokenRevocationJwtIss string
Specifies the issuer of the JWT used for global token revocation for the SAML connection.
GlobalTokenRevocationJwtSub string
Specifies the subject of the JWT used for global token revocation for the SAML connection.
IconUrl string
Icon URL.
IdentityApi string
Azure AD Identity API. Available options are: microsoft-identity-platform-v2.0 or azure-active-directory-v1.0.
IdpInitiated ConnectionOptionsIdpInitiated
Configuration options for IDP Initiated Authentication. This is an object with the properties: client_id, client_protocol, and client_authorize_query.
ImportMode bool
Indicates whether you have a legacy user store and want to gradually migrate those users to the Auth0 user store.
Ips []string
A list of IPs.
Issuer string
Issuer URL, e.g. https://auth.example.com.
JwksUri string
JWKS URI.
KeyId string
Apple Key ID.
MapUserIdToId bool
By default Auth0 maps user_id to email. Enabling this setting changes the behavior to map user_id to 'id' instead. This can only be defined on a new Google Workspace connection and can not be changed once set.
MaxGroupsToRetrieve string
Maximum number of groups to retrieve.
MessagingServiceSid string
SID for Copilot. Used when SMS Source is Copilot.
MetadataUrl string
The URL of the SAML metadata document.
MetadataXml string
The XML content for the SAML metadata document. Values within the xml will take precedence over other attributes set on the options block.
Mfa ConnectionOptionsMfa
Configuration options for multifactor authentication.
Name string
The public name of the email or SMS Connection. In most cases this is the same name as the connection name.
NonPersistentAttrs []string
If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the DenyList here.
PasskeyOptions ConnectionOptionsPasskeyOptions
Defines options for the passkey authentication method
PasswordComplexityOptions ConnectionOptionsPasswordComplexityOptions
Configuration settings for password complexity.
PasswordDictionary ConnectionOptionsPasswordDictionary
Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary.
PasswordHistories []ConnectionOptionsPasswordHistory
Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords.
PasswordNoPersonalInfo ConnectionOptionsPasswordNoPersonalInfo
Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user's personal data, including user's name, username, nickname, user_metadata.name, user_metadata.first, user_metadata.last, user's email, or first part of the user's email.
PasswordPolicy string
Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include none, low, fair, good, excellent.
PingFederateBaseUrl string
Ping Federate Server URL.
PkceEnabled bool
Enables Proof Key for Code Exchange (PKCE) functionality for OAuth2 connections.
Precedences []string
Order of attributes for precedence in identification.Valid values: email, phonenumber, username. If Precedence is set, it must contain all values (email, phonenumber, username) in specific order
ProtocolBinding string
The SAML Response Binding: how the SAML token is received by Auth0 from the IdP.
Provider string
Defines the custom sms_gateway provider.
RequestTemplate string
Template that formats the SAML request.
RequiresUsername bool
Indicates whether the user is required to provide a username in addition to an email address.
Scopes []string
Permissions to grant to the connection. Within the Auth0 dashboard these appear under the "Attributes" and "Extended Attributes" sections. Some examples: basic_profile, ext_profile, ext_nested_groups, etc.
Scripts map[string]string
A map of scripts used for an OAuth connection. Only accepts a fetchUserProfile script.
SetUserRootAttributes string
Determines whether to sync user profile attributes (name, given_name, family_name, nickname, picture) at each login or only on the first login. Options include: on_each_login, on_first_login, never_on_login. Default value: on_each_login.
ShouldTrustEmailVerifiedConnection string
Choose how Auth0 sets the email_verified field in the user profile.
SignInEndpoint string
SAML single login URL for the connection.
SignOutEndpoint string
SAML single logout URL for the connection.
SignSamlRequest bool
When enabled, the SAML authentication request will be signed.
SignatureAlgorithm string
Sign Request Algorithm.
SigningCert string
X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded.
SigningKey ConnectionOptionsSigningKey
The key used to sign requests in the connection. Uses the key and cert properties to provide the private key and certificate respectively.
StrategyVersion int
Version 1 is deprecated, use version 2.
Subject string
Subject line of the email.
Syntax string
Syntax of the template body.
TeamId string
Apple Team ID.
Template string
Body of the template.
TenantDomain string
Tenant domain name.
TokenEndpoint string
Token endpoint.
Totp ConnectionOptionsTotp
Configuration options for one-time passwords.
TwilioSid string
SID for your Twilio account.
TwilioToken string
AuthToken for your Twilio account.
Type string
Value can be back_channel or front_channel. Front Channel will use OIDC protocol with response_mode=form_post and response_type=id_token. Back Channel will use response_type=code.
UpstreamParams string
You can pass provider-specific parameters to an identity provider during authentication. The values can either be static per connection or dynamic per user.
UseCertAuth bool
Indicates whether to use cert auth or not.
UseKerberos bool
Indicates whether to use Kerberos or not.
UseWsfed bool
Whether to use WS-Fed.
UserIdAttribute string
Attribute in the token that will be mapped to the user_id property in Auth0.
UserinfoEndpoint string
User info endpoint.
Validation ConnectionOptionsValidation
Validation of the minimum and maximum values allowed for a user to have as username.
WaadCommonEndpoint bool
Indicates whether to use the common endpoint rather than the default endpoint. Typically enabled if you're using this for a multi-tenant application in Azure AD.
WaadProtocol string
Protocol to use.
adfsServer String
ADFS URL where to fetch the metadata source.
allowedAudiences List<String>
List of allowed audiences.
apiEnableUsers Boolean
Enable API Access to users.
appId String
App ID.
attributeMap ConnectionOptionsAttributeMap
OpenID Connect and Okta Workforce connections can automatically map claims received from the identity provider (IdP). You can configure this mapping through a library template provided by Auth0 or by entering your own template directly. Click here for more info.
attributes List<ConnectionOptionsAttribute>
Order of attributes for precedence in identification.Valid values: email, phonenumber, username. If Precedence is set, it must contain all values (email, phonenumber, username) in specific order
authParams Map<String,String>
Query string parameters to be included as part of the generated passwordless email link.
authenticationMethods List<ConnectionOptionsAuthenticationMethod>
Specifies the authentication methods and their configuration (enabled or disabled)
authorizationEndpoint String
Authorization endpoint.
bruteForceProtection Boolean
Indicates whether to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.
clientId String
The strategy's client ID.
clientSecret String
The strategy's client secret.
communityBaseUrl String
Salesforce community base URL.
configuration Map<String,String>
A case-sensitive map of key value pairs used as configuration variables for the custom_script.
connectionSettings ConnectionOptionsConnectionSettings
Proof Key for Code Exchange (PKCE) configuration settings for an OIDC or Okta Workforce connection.
customHeaders List<Map<String,String>>
Configure extra headers to the Token endpoint of an OAuth 2.0 provider
customScripts Map<String,String>
A map of scripts used to integrate with a custom database.
debug Boolean
When enabled, additional debug information will be generated.
decryptionKey ConnectionOptionsDecryptionKey
The key used to decrypt encrypted responses from the connection. Uses the key and cert properties to provide the private key and certificate respectively.
digestAlgorithm String
Sign Request Algorithm Digest.
disableCache Boolean
Indicates whether to disable the cache or not.
disableSelfServiceChangePassword Boolean
Indicates whether to remove the forgot password link within the New Universal Login.
disableSignOut Boolean
When enabled, will disable sign out.
disableSignup Boolean
Indicates whether to allow user sign-ups to your application.
discoveryUrl String
OpenID discovery URL, e.g. https://auth.example.com/.well-known/openid-configuration.
domain String
Domain name.
domainAliases List<String>
List of the domains that can be authenticated using the identity provider. Only needed for Identifier First authentication flows.
enableScriptContext Boolean
Set to true to inject context into custom DB scripts (warning: cannot be disabled once enabled).
enabledDatabaseCustomization Boolean
Set to true to use a legacy user store.
entityId String
Custom Entity ID for the connection.
fedMetadataXml String
Federation Metadata for the ADFS connection.
fieldsMap String
If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.
forwardRequestInfo Boolean
Specifies whether or not request info should be forwarded to sms gateway.
from String
Address to use as the sender.
gatewayAuthentication ConnectionOptionsGatewayAuthentication
Defines the parameters used to generate the auth token for the custom gateway.
gatewayUrl String
Defines a custom sms gateway to use instead of Twilio.
globalTokenRevocationJwtIss String
Specifies the issuer of the JWT used for global token revocation for the SAML connection.
globalTokenRevocationJwtSub String
Specifies the subject of the JWT used for global token revocation for the SAML connection.
iconUrl String
Icon URL.
identityApi String
Azure AD Identity API. Available options are: microsoft-identity-platform-v2.0 or azure-active-directory-v1.0.
idpInitiated ConnectionOptionsIdpInitiated
Configuration options for IDP Initiated Authentication. This is an object with the properties: client_id, client_protocol, and client_authorize_query.
importMode Boolean
Indicates whether you have a legacy user store and want to gradually migrate those users to the Auth0 user store.
ips List<String>
A list of IPs.
issuer String
Issuer URL, e.g. https://auth.example.com.
jwksUri String
JWKS URI.
keyId String
Apple Key ID.
mapUserIdToId Boolean
By default Auth0 maps user_id to email. Enabling this setting changes the behavior to map user_id to 'id' instead. This can only be defined on a new Google Workspace connection and can not be changed once set.
maxGroupsToRetrieve String
Maximum number of groups to retrieve.
messagingServiceSid String
SID for Copilot. Used when SMS Source is Copilot.
metadataUrl String
The URL of the SAML metadata document.
metadataXml String
The XML content for the SAML metadata document. Values within the xml will take precedence over other attributes set on the options block.
mfa ConnectionOptionsMfa
Configuration options for multifactor authentication.
name String
The public name of the email or SMS Connection. In most cases this is the same name as the connection name.
nonPersistentAttrs List<String>
If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the DenyList here.
passkeyOptions ConnectionOptionsPasskeyOptions
Defines options for the passkey authentication method
passwordComplexityOptions ConnectionOptionsPasswordComplexityOptions
Configuration settings for password complexity.
passwordDictionary ConnectionOptionsPasswordDictionary
Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary.
passwordHistories List<ConnectionOptionsPasswordHistory>
Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords.
passwordNoPersonalInfo ConnectionOptionsPasswordNoPersonalInfo
Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user's personal data, including user's name, username, nickname, user_metadata.name, user_metadata.first, user_metadata.last, user's email, or first part of the user's email.
passwordPolicy String
Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include none, low, fair, good, excellent.
pingFederateBaseUrl String
Ping Federate Server URL.
pkceEnabled Boolean
Enables Proof Key for Code Exchange (PKCE) functionality for OAuth2 connections.
precedences List<String>
Order of attributes for precedence in identification.Valid values: email, phonenumber, username. If Precedence is set, it must contain all values (email, phonenumber, username) in specific order
protocolBinding String
The SAML Response Binding: how the SAML token is received by Auth0 from the IdP.
provider String
Defines the custom sms_gateway provider.
requestTemplate String
Template that formats the SAML request.
requiresUsername Boolean
Indicates whether the user is required to provide a username in addition to an email address.
scopes List<String>
Permissions to grant to the connection. Within the Auth0 dashboard these appear under the "Attributes" and "Extended Attributes" sections. Some examples: basic_profile, ext_profile, ext_nested_groups, etc.
scripts Map<String,String>
A map of scripts used for an OAuth connection. Only accepts a fetchUserProfile script.
setUserRootAttributes String
Determines whether to sync user profile attributes (name, given_name, family_name, nickname, picture) at each login or only on the first login. Options include: on_each_login, on_first_login, never_on_login. Default value: on_each_login.
shouldTrustEmailVerifiedConnection String
Choose how Auth0 sets the email_verified field in the user profile.
signInEndpoint String
SAML single login URL for the connection.
signOutEndpoint String
SAML single logout URL for the connection.
signSamlRequest Boolean
When enabled, the SAML authentication request will be signed.
signatureAlgorithm String
Sign Request Algorithm.
signingCert String
X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded.
signingKey ConnectionOptionsSigningKey
The key used to sign requests in the connection. Uses the key and cert properties to provide the private key and certificate respectively.
strategyVersion Integer
Version 1 is deprecated, use version 2.
subject String
Subject line of the email.
syntax String
Syntax of the template body.
teamId String
Apple Team ID.
template String
Body of the template.
tenantDomain String
Tenant domain name.
tokenEndpoint String
Token endpoint.
totp ConnectionOptionsTotp
Configuration options for one-time passwords.
twilioSid String
SID for your Twilio account.
twilioToken String
AuthToken for your Twilio account.
type String
Value can be back_channel or front_channel. Front Channel will use OIDC protocol with response_mode=form_post and response_type=id_token. Back Channel will use response_type=code.
upstreamParams String
You can pass provider-specific parameters to an identity provider during authentication. The values can either be static per connection or dynamic per user.
useCertAuth Boolean
Indicates whether to use cert auth or not.
useKerberos Boolean
Indicates whether to use Kerberos or not.
useWsfed Boolean
Whether to use WS-Fed.
userIdAttribute String
Attribute in the token that will be mapped to the user_id property in Auth0.
userinfoEndpoint String
User info endpoint.
validation ConnectionOptionsValidation
Validation of the minimum and maximum values allowed for a user to have as username.
waadCommonEndpoint Boolean
Indicates whether to use the common endpoint rather than the default endpoint. Typically enabled if you're using this for a multi-tenant application in Azure AD.
waadProtocol String
Protocol to use.
adfsServer string
ADFS URL where to fetch the metadata source.
allowedAudiences string[]
List of allowed audiences.
apiEnableUsers boolean
Enable API Access to users.
appId string
App ID.
attributeMap ConnectionOptionsAttributeMap
OpenID Connect and Okta Workforce connections can automatically map claims received from the identity provider (IdP). You can configure this mapping through a library template provided by Auth0 or by entering your own template directly. Click here for more info.
attributes ConnectionOptionsAttribute[]
Order of attributes for precedence in identification.Valid values: email, phonenumber, username. If Precedence is set, it must contain all values (email, phonenumber, username) in specific order
authParams {[key: string]: string}
Query string parameters to be included as part of the generated passwordless email link.
authenticationMethods ConnectionOptionsAuthenticationMethod[]
Specifies the authentication methods and their configuration (enabled or disabled)
authorizationEndpoint string
Authorization endpoint.
bruteForceProtection boolean
Indicates whether to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.
clientId string
The strategy's client ID.
clientSecret string
The strategy's client secret.
communityBaseUrl string
Salesforce community base URL.
configuration {[key: string]: string}
A case-sensitive map of key value pairs used as configuration variables for the custom_script.
connectionSettings ConnectionOptionsConnectionSettings
Proof Key for Code Exchange (PKCE) configuration settings for an OIDC or Okta Workforce connection.
customHeaders {[key: string]: string}[]
Configure extra headers to the Token endpoint of an OAuth 2.0 provider
customScripts {[key: string]: string}
A map of scripts used to integrate with a custom database.
debug boolean
When enabled, additional debug information will be generated.
decryptionKey ConnectionOptionsDecryptionKey
The key used to decrypt encrypted responses from the connection. Uses the key and cert properties to provide the private key and certificate respectively.
digestAlgorithm string
Sign Request Algorithm Digest.
disableCache boolean
Indicates whether to disable the cache or not.
disableSelfServiceChangePassword boolean
Indicates whether to remove the forgot password link within the New Universal Login.
disableSignOut boolean
When enabled, will disable sign out.
disableSignup boolean
Indicates whether to allow user sign-ups to your application.
discoveryUrl string
OpenID discovery URL, e.g. https://auth.example.com/.well-known/openid-configuration.
domain string
Domain name.
domainAliases string[]
List of the domains that can be authenticated using the identity provider. Only needed for Identifier First authentication flows.
enableScriptContext boolean
Set to true to inject context into custom DB scripts (warning: cannot be disabled once enabled).
enabledDatabaseCustomization boolean
Set to true to use a legacy user store.
entityId string
Custom Entity ID for the connection.
fedMetadataXml string
Federation Metadata for the ADFS connection.
fieldsMap string
If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.
forwardRequestInfo boolean
Specifies whether or not request info should be forwarded to sms gateway.
from string
Address to use as the sender.
gatewayAuthentication ConnectionOptionsGatewayAuthentication
Defines the parameters used to generate the auth token for the custom gateway.
gatewayUrl string
Defines a custom sms gateway to use instead of Twilio.
globalTokenRevocationJwtIss string
Specifies the issuer of the JWT used for global token revocation for the SAML connection.
globalTokenRevocationJwtSub string
Specifies the subject of the JWT used for global token revocation for the SAML connection.
iconUrl string
Icon URL.
identityApi string
Azure AD Identity API. Available options are: microsoft-identity-platform-v2.0 or azure-active-directory-v1.0.
idpInitiated ConnectionOptionsIdpInitiated
Configuration options for IDP Initiated Authentication. This is an object with the properties: client_id, client_protocol, and client_authorize_query.
importMode boolean
Indicates whether you have a legacy user store and want to gradually migrate those users to the Auth0 user store.
ips string[]
A list of IPs.
issuer string
Issuer URL, e.g. https://auth.example.com.
jwksUri string
JWKS URI.
keyId string
Apple Key ID.
mapUserIdToId boolean
By default Auth0 maps user_id to email. Enabling this setting changes the behavior to map user_id to 'id' instead. This can only be defined on a new Google Workspace connection and can not be changed once set.
maxGroupsToRetrieve string
Maximum number of groups to retrieve.
messagingServiceSid string
SID for Copilot. Used when SMS Source is Copilot.
metadataUrl string
The URL of the SAML metadata document.
metadataXml string
The XML content for the SAML metadata document. Values within the xml will take precedence over other attributes set on the options block.
mfa ConnectionOptionsMfa
Configuration options for multifactor authentication.
name string
The public name of the email or SMS Connection. In most cases this is the same name as the connection name.
nonPersistentAttrs string[]
If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the DenyList here.
passkeyOptions ConnectionOptionsPasskeyOptions
Defines options for the passkey authentication method
passwordComplexityOptions ConnectionOptionsPasswordComplexityOptions
Configuration settings for password complexity.
passwordDictionary ConnectionOptionsPasswordDictionary
Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary.
passwordHistories ConnectionOptionsPasswordHistory[]
Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords.
passwordNoPersonalInfo ConnectionOptionsPasswordNoPersonalInfo
Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user's personal data, including user's name, username, nickname, user_metadata.name, user_metadata.first, user_metadata.last, user's email, or first part of the user's email.
passwordPolicy string
Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include none, low, fair, good, excellent.
pingFederateBaseUrl string
Ping Federate Server URL.
pkceEnabled boolean
Enables Proof Key for Code Exchange (PKCE) functionality for OAuth2 connections.
precedences string[]
Order of attributes for precedence in identification.Valid values: email, phonenumber, username. If Precedence is set, it must contain all values (email, phonenumber, username) in specific order
protocolBinding string
The SAML Response Binding: how the SAML token is received by Auth0 from the IdP.
provider string
Defines the custom sms_gateway provider.
requestTemplate string
Template that formats the SAML request.
requiresUsername boolean
Indicates whether the user is required to provide a username in addition to an email address.
scopes string[]
Permissions to grant to the connection. Within the Auth0 dashboard these appear under the "Attributes" and "Extended Attributes" sections. Some examples: basic_profile, ext_profile, ext_nested_groups, etc.
scripts {[key: string]: string}
A map of scripts used for an OAuth connection. Only accepts a fetchUserProfile script.
setUserRootAttributes string
Determines whether to sync user profile attributes (name, given_name, family_name, nickname, picture) at each login or only on the first login. Options include: on_each_login, on_first_login, never_on_login. Default value: on_each_login.
shouldTrustEmailVerifiedConnection string
Choose how Auth0 sets the email_verified field in the user profile.
signInEndpoint string
SAML single login URL for the connection.
signOutEndpoint string
SAML single logout URL for the connection.
signSamlRequest boolean
When enabled, the SAML authentication request will be signed.
signatureAlgorithm string
Sign Request Algorithm.
signingCert string
X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded.
signingKey ConnectionOptionsSigningKey
The key used to sign requests in the connection. Uses the key and cert properties to provide the private key and certificate respectively.
strategyVersion number
Version 1 is deprecated, use version 2.
subject string
Subject line of the email.
syntax string
Syntax of the template body.
teamId string
Apple Team ID.
template string
Body of the template.
tenantDomain string
Tenant domain name.
tokenEndpoint string
Token endpoint.
totp ConnectionOptionsTotp
Configuration options for one-time passwords.
twilioSid string
SID for your Twilio account.
twilioToken string
AuthToken for your Twilio account.
type string
Value can be back_channel or front_channel. Front Channel will use OIDC protocol with response_mode=form_post and response_type=id_token. Back Channel will use response_type=code.
upstreamParams string
You can pass provider-specific parameters to an identity provider during authentication. The values can either be static per connection or dynamic per user.
useCertAuth boolean
Indicates whether to use cert auth or not.
useKerberos boolean
Indicates whether to use Kerberos or not.
useWsfed boolean
Whether to use WS-Fed.
userIdAttribute string
Attribute in the token that will be mapped to the user_id property in Auth0.
userinfoEndpoint string
User info endpoint.
validation ConnectionOptionsValidation
Validation of the minimum and maximum values allowed for a user to have as username.
waadCommonEndpoint boolean
Indicates whether to use the common endpoint rather than the default endpoint. Typically enabled if you're using this for a multi-tenant application in Azure AD.
waadProtocol string
Protocol to use.
adfs_server str
ADFS URL where to fetch the metadata source.
allowed_audiences Sequence[str]
List of allowed audiences.
api_enable_users bool
Enable API Access to users.
app_id str
App ID.
attribute_map ConnectionOptionsAttributeMap
OpenID Connect and Okta Workforce connections can automatically map claims received from the identity provider (IdP). You can configure this mapping through a library template provided by Auth0 or by entering your own template directly. Click here for more info.
attributes Sequence[ConnectionOptionsAttribute]
Order of attributes for precedence in identification.Valid values: email, phonenumber, username. If Precedence is set, it must contain all values (email, phonenumber, username) in specific order
auth_params Mapping[str, str]
Query string parameters to be included as part of the generated passwordless email link.
authentication_methods Sequence[ConnectionOptionsAuthenticationMethod]
Specifies the authentication methods and their configuration (enabled or disabled)
authorization_endpoint str
Authorization endpoint.
brute_force_protection bool
Indicates whether to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.
client_id str
The strategy's client ID.
client_secret str
The strategy's client secret.
community_base_url str
Salesforce community base URL.
configuration Mapping[str, str]
A case-sensitive map of key value pairs used as configuration variables for the custom_script.
connection_settings ConnectionOptionsConnectionSettings
Proof Key for Code Exchange (PKCE) configuration settings for an OIDC or Okta Workforce connection.
custom_headers Sequence[Mapping[str, str]]
Configure extra headers to the Token endpoint of an OAuth 2.0 provider
custom_scripts Mapping[str, str]
A map of scripts used to integrate with a custom database.
debug bool
When enabled, additional debug information will be generated.
decryption_key ConnectionOptionsDecryptionKey
The key used to decrypt encrypted responses from the connection. Uses the key and cert properties to provide the private key and certificate respectively.
digest_algorithm str
Sign Request Algorithm Digest.
disable_cache bool
Indicates whether to disable the cache or not.
disable_self_service_change_password bool
Indicates whether to remove the forgot password link within the New Universal Login.
disable_sign_out bool
When enabled, will disable sign out.
disable_signup bool
Indicates whether to allow user sign-ups to your application.
discovery_url str
OpenID discovery URL, e.g. https://auth.example.com/.well-known/openid-configuration.
domain str
Domain name.
domain_aliases Sequence[str]
List of the domains that can be authenticated using the identity provider. Only needed for Identifier First authentication flows.
enable_script_context bool
Set to true to inject context into custom DB scripts (warning: cannot be disabled once enabled).
enabled_database_customization bool
Set to true to use a legacy user store.
entity_id str
Custom Entity ID for the connection.
fed_metadata_xml str
Federation Metadata for the ADFS connection.
fields_map str
If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.
forward_request_info bool
Specifies whether or not request info should be forwarded to sms gateway.
from_ str
Address to use as the sender.
gateway_authentication ConnectionOptionsGatewayAuthentication
Defines the parameters used to generate the auth token for the custom gateway.
gateway_url str
Defines a custom sms gateway to use instead of Twilio.
global_token_revocation_jwt_iss str
Specifies the issuer of the JWT used for global token revocation for the SAML connection.
global_token_revocation_jwt_sub str
Specifies the subject of the JWT used for global token revocation for the SAML connection.
icon_url str
Icon URL.
identity_api str
Azure AD Identity API. Available options are: microsoft-identity-platform-v2.0 or azure-active-directory-v1.0.
idp_initiated ConnectionOptionsIdpInitiated
Configuration options for IDP Initiated Authentication. This is an object with the properties: client_id, client_protocol, and client_authorize_query.
import_mode bool
Indicates whether you have a legacy user store and want to gradually migrate those users to the Auth0 user store.
ips Sequence[str]
A list of IPs.
issuer str
Issuer URL, e.g. https://auth.example.com.
jwks_uri str
JWKS URI.
key_id str
Apple Key ID.
map_user_id_to_id bool
By default Auth0 maps user_id to email. Enabling this setting changes the behavior to map user_id to 'id' instead. This can only be defined on a new Google Workspace connection and can not be changed once set.
max_groups_to_retrieve str
Maximum number of groups to retrieve.
messaging_service_sid str
SID for Copilot. Used when SMS Source is Copilot.
metadata_url str
The URL of the SAML metadata document.
metadata_xml str
The XML content for the SAML metadata document. Values within the xml will take precedence over other attributes set on the options block.
mfa ConnectionOptionsMfa
Configuration options for multifactor authentication.
name str
The public name of the email or SMS Connection. In most cases this is the same name as the connection name.
non_persistent_attrs Sequence[str]
If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the DenyList here.
passkey_options ConnectionOptionsPasskeyOptions
Defines options for the passkey authentication method
password_complexity_options ConnectionOptionsPasswordComplexityOptions
Configuration settings for password complexity.
password_dictionary ConnectionOptionsPasswordDictionary
Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary.
password_histories Sequence[ConnectionOptionsPasswordHistory]
Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords.
password_no_personal_info ConnectionOptionsPasswordNoPersonalInfo
Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user's personal data, including user's name, username, nickname, user_metadata.name, user_metadata.first, user_metadata.last, user's email, or first part of the user's email.
password_policy str
Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include none, low, fair, good, excellent.
ping_federate_base_url str
Ping Federate Server URL.
pkce_enabled bool
Enables Proof Key for Code Exchange (PKCE) functionality for OAuth2 connections.
precedences Sequence[str]
Order of attributes for precedence in identification.Valid values: email, phonenumber, username. If Precedence is set, it must contain all values (email, phonenumber, username) in specific order
protocol_binding str
The SAML Response Binding: how the SAML token is received by Auth0 from the IdP.
provider str
Defines the custom sms_gateway provider.
request_template str
Template that formats the SAML request.
requires_username bool
Indicates whether the user is required to provide a username in addition to an email address.
scopes Sequence[str]
Permissions to grant to the connection. Within the Auth0 dashboard these appear under the "Attributes" and "Extended Attributes" sections. Some examples: basic_profile, ext_profile, ext_nested_groups, etc.
scripts Mapping[str, str]
A map of scripts used for an OAuth connection. Only accepts a fetchUserProfile script.
set_user_root_attributes str
Determines whether to sync user profile attributes (name, given_name, family_name, nickname, picture) at each login or only on the first login. Options include: on_each_login, on_first_login, never_on_login. Default value: on_each_login.
should_trust_email_verified_connection str
Choose how Auth0 sets the email_verified field in the user profile.
sign_in_endpoint str
SAML single login URL for the connection.
sign_out_endpoint str
SAML single logout URL for the connection.
sign_saml_request bool
When enabled, the SAML authentication request will be signed.
signature_algorithm str
Sign Request Algorithm.
signing_cert str
X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded.
signing_key ConnectionOptionsSigningKey
The key used to sign requests in the connection. Uses the key and cert properties to provide the private key and certificate respectively.
strategy_version int
Version 1 is deprecated, use version 2.
subject str
Subject line of the email.
syntax str
Syntax of the template body.
team_id str
Apple Team ID.
template str
Body of the template.
tenant_domain str
Tenant domain name.
token_endpoint str
Token endpoint.
totp ConnectionOptionsTotp
Configuration options for one-time passwords.
twilio_sid str
SID for your Twilio account.
twilio_token str
AuthToken for your Twilio account.
type str
Value can be back_channel or front_channel. Front Channel will use OIDC protocol with response_mode=form_post and response_type=id_token. Back Channel will use response_type=code.
upstream_params str
You can pass provider-specific parameters to an identity provider during authentication. The values can either be static per connection or dynamic per user.
use_cert_auth bool
Indicates whether to use cert auth or not.
use_kerberos bool
Indicates whether to use Kerberos or not.
use_wsfed bool
Whether to use WS-Fed.
user_id_attribute str
Attribute in the token that will be mapped to the user_id property in Auth0.
userinfo_endpoint str
User info endpoint.
validation ConnectionOptionsValidation
Validation of the minimum and maximum values allowed for a user to have as username.
waad_common_endpoint bool
Indicates whether to use the common endpoint rather than the default endpoint. Typically enabled if you're using this for a multi-tenant application in Azure AD.
waad_protocol str
Protocol to use.
adfsServer String
ADFS URL where to fetch the metadata source.
allowedAudiences List<String>
List of allowed audiences.
apiEnableUsers Boolean
Enable API Access to users.
appId String
App ID.
attributeMap Property Map
OpenID Connect and Okta Workforce connections can automatically map claims received from the identity provider (IdP). You can configure this mapping through a library template provided by Auth0 or by entering your own template directly. Click here for more info.
attributes List<Property Map>
Order of attributes for precedence in identification.Valid values: email, phonenumber, username. If Precedence is set, it must contain all values (email, phonenumber, username) in specific order
authParams Map<String>
Query string parameters to be included as part of the generated passwordless email link.
authenticationMethods List<Property Map>
Specifies the authentication methods and their configuration (enabled or disabled)
authorizationEndpoint String
Authorization endpoint.
bruteForceProtection Boolean
Indicates whether to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.
clientId String
The strategy's client ID.
clientSecret String
The strategy's client secret.
communityBaseUrl String
Salesforce community base URL.
configuration Map<String>
A case-sensitive map of key value pairs used as configuration variables for the custom_script.
connectionSettings Property Map
Proof Key for Code Exchange (PKCE) configuration settings for an OIDC or Okta Workforce connection.
customHeaders List<Map<String>>
Configure extra headers to the Token endpoint of an OAuth 2.0 provider
customScripts Map<String>
A map of scripts used to integrate with a custom database.
debug Boolean
When enabled, additional debug information will be generated.
decryptionKey Property Map
The key used to decrypt encrypted responses from the connection. Uses the key and cert properties to provide the private key and certificate respectively.
digestAlgorithm String
Sign Request Algorithm Digest.
disableCache Boolean
Indicates whether to disable the cache or not.
disableSelfServiceChangePassword Boolean
Indicates whether to remove the forgot password link within the New Universal Login.
disableSignOut Boolean
When enabled, will disable sign out.
disableSignup Boolean
Indicates whether to allow user sign-ups to your application.
discoveryUrl String
OpenID discovery URL, e.g. https://auth.example.com/.well-known/openid-configuration.
domain String
Domain name.
domainAliases List<String>
List of the domains that can be authenticated using the identity provider. Only needed for Identifier First authentication flows.
enableScriptContext Boolean
Set to true to inject context into custom DB scripts (warning: cannot be disabled once enabled).
enabledDatabaseCustomization Boolean
Set to true to use a legacy user store.
entityId String
Custom Entity ID for the connection.
fedMetadataXml String
Federation Metadata for the ADFS connection.
fieldsMap String
If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.
forwardRequestInfo Boolean
Specifies whether or not request info should be forwarded to sms gateway.
from String
Address to use as the sender.
gatewayAuthentication Property Map
Defines the parameters used to generate the auth token for the custom gateway.
gatewayUrl String
Defines a custom sms gateway to use instead of Twilio.
globalTokenRevocationJwtIss String
Specifies the issuer of the JWT used for global token revocation for the SAML connection.
globalTokenRevocationJwtSub String
Specifies the subject of the JWT used for global token revocation for the SAML connection.
iconUrl String
Icon URL.
identityApi String
Azure AD Identity API. Available options are: microsoft-identity-platform-v2.0 or azure-active-directory-v1.0.
idpInitiated Property Map
Configuration options for IDP Initiated Authentication. This is an object with the properties: client_id, client_protocol, and client_authorize_query.
importMode Boolean
Indicates whether you have a legacy user store and want to gradually migrate those users to the Auth0 user store.
ips List<String>
A list of IPs.
issuer String
Issuer URL, e.g. https://auth.example.com.
jwksUri String
JWKS URI.
keyId String
Apple Key ID.
mapUserIdToId Boolean
By default Auth0 maps user_id to email. Enabling this setting changes the behavior to map user_id to 'id' instead. This can only be defined on a new Google Workspace connection and can not be changed once set.
maxGroupsToRetrieve String
Maximum number of groups to retrieve.
messagingServiceSid String
SID for Copilot. Used when SMS Source is Copilot.
metadataUrl String
The URL of the SAML metadata document.
metadataXml String
The XML content for the SAML metadata document. Values within the xml will take precedence over other attributes set on the options block.
mfa Property Map
Configuration options for multifactor authentication.
name String
The public name of the email or SMS Connection. In most cases this is the same name as the connection name.
nonPersistentAttrs List<String>
If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the DenyList here.
passkeyOptions Property Map
Defines options for the passkey authentication method
passwordComplexityOptions Property Map
Configuration settings for password complexity.
passwordDictionary Property Map
Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary.
passwordHistories List<Property Map>
Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords.
passwordNoPersonalInfo Property Map
Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user's personal data, including user's name, username, nickname, user_metadata.name, user_metadata.first, user_metadata.last, user's email, or first part of the user's email.
passwordPolicy String
Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include none, low, fair, good, excellent.
pingFederateBaseUrl String
Ping Federate Server URL.
pkceEnabled Boolean
Enables Proof Key for Code Exchange (PKCE) functionality for OAuth2 connections.
precedences List<String>
Order of attributes for precedence in identification.Valid values: email, phonenumber, username. If Precedence is set, it must contain all values (email, phonenumber, username) in specific order
protocolBinding String
The SAML Response Binding: how the SAML token is received by Auth0 from the IdP.
provider String
Defines the custom sms_gateway provider.
requestTemplate String
Template that formats the SAML request.
requiresUsername Boolean
Indicates whether the user is required to provide a username in addition to an email address.
scopes List<String>
Permissions to grant to the connection. Within the Auth0 dashboard these appear under the "Attributes" and "Extended Attributes" sections. Some examples: basic_profile, ext_profile, ext_nested_groups, etc.
scripts Map<String>
A map of scripts used for an OAuth connection. Only accepts a fetchUserProfile script.
setUserRootAttributes String
Determines whether to sync user profile attributes (name, given_name, family_name, nickname, picture) at each login or only on the first login. Options include: on_each_login, on_first_login, never_on_login. Default value: on_each_login.
shouldTrustEmailVerifiedConnection String
Choose how Auth0 sets the email_verified field in the user profile.
signInEndpoint String
SAML single login URL for the connection.
signOutEndpoint String
SAML single logout URL for the connection.
signSamlRequest Boolean
When enabled, the SAML authentication request will be signed.
signatureAlgorithm String
Sign Request Algorithm.
signingCert String
X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded.
signingKey Property Map
The key used to sign requests in the connection. Uses the key and cert properties to provide the private key and certificate respectively.
strategyVersion Number
Version 1 is deprecated, use version 2.
subject String
Subject line of the email.
syntax String
Syntax of the template body.
teamId String
Apple Team ID.
template String
Body of the template.
tenantDomain String
Tenant domain name.
tokenEndpoint String
Token endpoint.
totp Property Map
Configuration options for one-time passwords.
twilioSid String
SID for your Twilio account.
twilioToken String
AuthToken for your Twilio account.
type String
Value can be back_channel or front_channel. Front Channel will use OIDC protocol with response_mode=form_post and response_type=id_token. Back Channel will use response_type=code.
upstreamParams String
You can pass provider-specific parameters to an identity provider during authentication. The values can either be static per connection or dynamic per user.
useCertAuth Boolean
Indicates whether to use cert auth or not.
useKerberos Boolean
Indicates whether to use Kerberos or not.
useWsfed Boolean
Whether to use WS-Fed.
userIdAttribute String
Attribute in the token that will be mapped to the user_id property in Auth0.
userinfoEndpoint String
User info endpoint.
validation Property Map
Validation of the minimum and maximum values allowed for a user to have as username.
waadCommonEndpoint Boolean
Indicates whether to use the common endpoint rather than the default endpoint. Typically enabled if you're using this for a multi-tenant application in Azure AD.
waadProtocol String
Protocol to use.

ConnectionOptionsAttribute
, ConnectionOptionsAttributeArgs

Emails List<ConnectionOptionsAttributeEmail>
Connection Options for Email Attribute
PhoneNumbers List<ConnectionOptionsAttributePhoneNumber>
Connection Options for Phone Number Attribute
Usernames List<ConnectionOptionsAttributeUsername>
Connection Options for User Name Attribute
Emails []ConnectionOptionsAttributeEmail
Connection Options for Email Attribute
PhoneNumbers []ConnectionOptionsAttributePhoneNumber
Connection Options for Phone Number Attribute
Usernames []ConnectionOptionsAttributeUsername
Connection Options for User Name Attribute
emails List<ConnectionOptionsAttributeEmail>
Connection Options for Email Attribute
phoneNumbers List<ConnectionOptionsAttributePhoneNumber>
Connection Options for Phone Number Attribute
usernames List<ConnectionOptionsAttributeUsername>
Connection Options for User Name Attribute
emails ConnectionOptionsAttributeEmail[]
Connection Options for Email Attribute
phoneNumbers ConnectionOptionsAttributePhoneNumber[]
Connection Options for Phone Number Attribute
usernames ConnectionOptionsAttributeUsername[]
Connection Options for User Name Attribute
emails Sequence[ConnectionOptionsAttributeEmail]
Connection Options for Email Attribute
phone_numbers Sequence[ConnectionOptionsAttributePhoneNumber]
Connection Options for Phone Number Attribute
usernames Sequence[ConnectionOptionsAttributeUsername]
Connection Options for User Name Attribute
emails List<Property Map>
Connection Options for Email Attribute
phoneNumbers List<Property Map>
Connection Options for Phone Number Attribute
usernames List<Property Map>
Connection Options for User Name Attribute

ConnectionOptionsAttributeEmail
, ConnectionOptionsAttributeEmailArgs

Identifiers List<ConnectionOptionsAttributeEmailIdentifier>
Connection Options Email Attribute Identifier
ProfileRequired bool
Defines whether Profile is required
Signups List<ConnectionOptionsAttributeEmailSignup>
Defines signup settings for Email attribute
VerificationMethod string
Defines whether whether user will receive a link or an OTP during user signup for email verification and password reset for email verification
Identifiers []ConnectionOptionsAttributeEmailIdentifier
Connection Options Email Attribute Identifier
ProfileRequired bool
Defines whether Profile is required
Signups []ConnectionOptionsAttributeEmailSignup
Defines signup settings for Email attribute
VerificationMethod string
Defines whether whether user will receive a link or an OTP during user signup for email verification and password reset for email verification
identifiers List<ConnectionOptionsAttributeEmailIdentifier>
Connection Options Email Attribute Identifier
profileRequired Boolean
Defines whether Profile is required
signups List<ConnectionOptionsAttributeEmailSignup>
Defines signup settings for Email attribute
verificationMethod String
Defines whether whether user will receive a link or an OTP during user signup for email verification and password reset for email verification
identifiers ConnectionOptionsAttributeEmailIdentifier[]
Connection Options Email Attribute Identifier
profileRequired boolean
Defines whether Profile is required
signups ConnectionOptionsAttributeEmailSignup[]
Defines signup settings for Email attribute
verificationMethod string
Defines whether whether user will receive a link or an OTP during user signup for email verification and password reset for email verification
identifiers Sequence[ConnectionOptionsAttributeEmailIdentifier]
Connection Options Email Attribute Identifier
profile_required bool
Defines whether Profile is required
signups Sequence[ConnectionOptionsAttributeEmailSignup]
Defines signup settings for Email attribute
verification_method str
Defines whether whether user will receive a link or an OTP during user signup for email verification and password reset for email verification
identifiers List<Property Map>
Connection Options Email Attribute Identifier
profileRequired Boolean
Defines whether Profile is required
signups List<Property Map>
Defines signup settings for Email attribute
verificationMethod String
Defines whether whether user will receive a link or an OTP during user signup for email verification and password reset for email verification

ConnectionOptionsAttributeEmailIdentifier
, ConnectionOptionsAttributeEmailIdentifierArgs

Active bool
Defines whether email attribute is active as an identifier
Active bool
Defines whether email attribute is active as an identifier
active Boolean
Defines whether email attribute is active as an identifier
active boolean
Defines whether email attribute is active as an identifier
active bool
Defines whether email attribute is active as an identifier
active Boolean
Defines whether email attribute is active as an identifier

ConnectionOptionsAttributeEmailSignup
, ConnectionOptionsAttributeEmailSignupArgs

Status string
Defines signup status for Email Attribute
Verifications List<ConnectionOptionsAttributeEmailSignupVerification>
Defines settings for Verification under Email attribute
Status string
Defines signup status for Email Attribute
Verifications []ConnectionOptionsAttributeEmailSignupVerification
Defines settings for Verification under Email attribute
status String
Defines signup status for Email Attribute
verifications List<ConnectionOptionsAttributeEmailSignupVerification>
Defines settings for Verification under Email attribute
status string
Defines signup status for Email Attribute
verifications ConnectionOptionsAttributeEmailSignupVerification[]
Defines settings for Verification under Email attribute
status str
Defines signup status for Email Attribute
verifications Sequence[ConnectionOptionsAttributeEmailSignupVerification]
Defines settings for Verification under Email attribute
status String
Defines signup status for Email Attribute
verifications List<Property Map>
Defines settings for Verification under Email attribute

ConnectionOptionsAttributeEmailSignupVerification
, ConnectionOptionsAttributeEmailSignupVerificationArgs

Active bool
Defines verification settings for signup attribute
Active bool
Defines verification settings for signup attribute
active Boolean
Defines verification settings for signup attribute
active boolean
Defines verification settings for signup attribute
active bool
Defines verification settings for signup attribute
active Boolean
Defines verification settings for signup attribute

ConnectionOptionsAttributeMap
, ConnectionOptionsAttributeMapArgs

MappingMode This property is required. string
Method used to map incoming claims. Possible values: use_map (Okta or OIDC), bind_all (OIDC) or basic_profile (Okta).
Attributes string
This property is an object containing mapping information that allows Auth0 to interpret incoming claims from the IdP. Mapping information must be provided as key/value pairs.
UserinfoScope string
This property defines the scopes that Auth0 sends to the IdP’s UserInfo endpoint when requested.
MappingMode This property is required. string
Method used to map incoming claims. Possible values: use_map (Okta or OIDC), bind_all (OIDC) or basic_profile (Okta).
Attributes string
This property is an object containing mapping information that allows Auth0 to interpret incoming claims from the IdP. Mapping information must be provided as key/value pairs.
UserinfoScope string
This property defines the scopes that Auth0 sends to the IdP’s UserInfo endpoint when requested.
mappingMode This property is required. String
Method used to map incoming claims. Possible values: use_map (Okta or OIDC), bind_all (OIDC) or basic_profile (Okta).
attributes String
This property is an object containing mapping information that allows Auth0 to interpret incoming claims from the IdP. Mapping information must be provided as key/value pairs.
userinfoScope String
This property defines the scopes that Auth0 sends to the IdP’s UserInfo endpoint when requested.
mappingMode This property is required. string
Method used to map incoming claims. Possible values: use_map (Okta or OIDC), bind_all (OIDC) or basic_profile (Okta).
attributes string
This property is an object containing mapping information that allows Auth0 to interpret incoming claims from the IdP. Mapping information must be provided as key/value pairs.
userinfoScope string
This property defines the scopes that Auth0 sends to the IdP’s UserInfo endpoint when requested.
mapping_mode This property is required. str
Method used to map incoming claims. Possible values: use_map (Okta or OIDC), bind_all (OIDC) or basic_profile (Okta).
attributes str
This property is an object containing mapping information that allows Auth0 to interpret incoming claims from the IdP. Mapping information must be provided as key/value pairs.
userinfo_scope str
This property defines the scopes that Auth0 sends to the IdP’s UserInfo endpoint when requested.
mappingMode This property is required. String
Method used to map incoming claims. Possible values: use_map (Okta or OIDC), bind_all (OIDC) or basic_profile (Okta).
attributes String
This property is an object containing mapping information that allows Auth0 to interpret incoming claims from the IdP. Mapping information must be provided as key/value pairs.
userinfoScope String
This property defines the scopes that Auth0 sends to the IdP’s UserInfo endpoint when requested.

ConnectionOptionsAttributePhoneNumber
, ConnectionOptionsAttributePhoneNumberArgs

Identifiers List<ConnectionOptionsAttributePhoneNumberIdentifier>
Connection Options Phone Number Attribute Identifier
ProfileRequired bool
Defines whether Profile is required
Signups List<ConnectionOptionsAttributePhoneNumberSignup>
Defines signup settings for Phone Number attribute
Identifiers []ConnectionOptionsAttributePhoneNumberIdentifier
Connection Options Phone Number Attribute Identifier
ProfileRequired bool
Defines whether Profile is required
Signups []ConnectionOptionsAttributePhoneNumberSignup
Defines signup settings for Phone Number attribute
identifiers List<ConnectionOptionsAttributePhoneNumberIdentifier>
Connection Options Phone Number Attribute Identifier
profileRequired Boolean
Defines whether Profile is required
signups List<ConnectionOptionsAttributePhoneNumberSignup>
Defines signup settings for Phone Number attribute
identifiers ConnectionOptionsAttributePhoneNumberIdentifier[]
Connection Options Phone Number Attribute Identifier
profileRequired boolean
Defines whether Profile is required
signups ConnectionOptionsAttributePhoneNumberSignup[]
Defines signup settings for Phone Number attribute
identifiers Sequence[ConnectionOptionsAttributePhoneNumberIdentifier]
Connection Options Phone Number Attribute Identifier
profile_required bool
Defines whether Profile is required
signups Sequence[ConnectionOptionsAttributePhoneNumberSignup]
Defines signup settings for Phone Number attribute
identifiers List<Property Map>
Connection Options Phone Number Attribute Identifier
profileRequired Boolean
Defines whether Profile is required
signups List<Property Map>
Defines signup settings for Phone Number attribute

ConnectionOptionsAttributePhoneNumberIdentifier
, ConnectionOptionsAttributePhoneNumberIdentifierArgs

Active bool
Defines whether Phone Number attribute is active as an identifier
Active bool
Defines whether Phone Number attribute is active as an identifier
active Boolean
Defines whether Phone Number attribute is active as an identifier
active boolean
Defines whether Phone Number attribute is active as an identifier
active bool
Defines whether Phone Number attribute is active as an identifier
active Boolean
Defines whether Phone Number attribute is active as an identifier

ConnectionOptionsAttributePhoneNumberSignup
, ConnectionOptionsAttributePhoneNumberSignupArgs

Status string
Defines status of signup for Phone Number attribute
Verifications List<ConnectionOptionsAttributePhoneNumberSignupVerification>
Defines verification settings for Phone Number attribute
Status string
Defines status of signup for Phone Number attribute
Verifications []ConnectionOptionsAttributePhoneNumberSignupVerification
Defines verification settings for Phone Number attribute
status String
Defines status of signup for Phone Number attribute
verifications List<ConnectionOptionsAttributePhoneNumberSignupVerification>
Defines verification settings for Phone Number attribute
status string
Defines status of signup for Phone Number attribute
verifications ConnectionOptionsAttributePhoneNumberSignupVerification[]
Defines verification settings for Phone Number attribute
status str
Defines status of signup for Phone Number attribute
verifications Sequence[ConnectionOptionsAttributePhoneNumberSignupVerification]
Defines verification settings for Phone Number attribute
status String
Defines status of signup for Phone Number attribute
verifications List<Property Map>
Defines verification settings for Phone Number attribute

ConnectionOptionsAttributePhoneNumberSignupVerification
, ConnectionOptionsAttributePhoneNumberSignupVerificationArgs

Active bool
Defines verification settings for Phone Number attribute
Active bool
Defines verification settings for Phone Number attribute
active Boolean
Defines verification settings for Phone Number attribute
active boolean
Defines verification settings for Phone Number attribute
active bool
Defines verification settings for Phone Number attribute
active Boolean
Defines verification settings for Phone Number attribute

ConnectionOptionsAttributeUsername
, ConnectionOptionsAttributeUsernameArgs

Identifiers List<ConnectionOptionsAttributeUsernameIdentifier>
Connection options for User Name Attribute Identifier
ProfileRequired bool
Defines whether Profile is required
Signups List<ConnectionOptionsAttributeUsernameSignup>
Defines signup settings for User Name attribute
Validations List<ConnectionOptionsAttributeUsernameValidation>
Defines validation settings for User Name attribute
Identifiers []ConnectionOptionsAttributeUsernameIdentifier
Connection options for User Name Attribute Identifier
ProfileRequired bool
Defines whether Profile is required
Signups []ConnectionOptionsAttributeUsernameSignup
Defines signup settings for User Name attribute
Validations []ConnectionOptionsAttributeUsernameValidation
Defines validation settings for User Name attribute
identifiers List<ConnectionOptionsAttributeUsernameIdentifier>
Connection options for User Name Attribute Identifier
profileRequired Boolean
Defines whether Profile is required
signups List<ConnectionOptionsAttributeUsernameSignup>
Defines signup settings for User Name attribute
validations List<ConnectionOptionsAttributeUsernameValidation>
Defines validation settings for User Name attribute
identifiers ConnectionOptionsAttributeUsernameIdentifier[]
Connection options for User Name Attribute Identifier
profileRequired boolean
Defines whether Profile is required
signups ConnectionOptionsAttributeUsernameSignup[]
Defines signup settings for User Name attribute
validations ConnectionOptionsAttributeUsernameValidation[]
Defines validation settings for User Name attribute
identifiers Sequence[ConnectionOptionsAttributeUsernameIdentifier]
Connection options for User Name Attribute Identifier
profile_required bool
Defines whether Profile is required
signups Sequence[ConnectionOptionsAttributeUsernameSignup]
Defines signup settings for User Name attribute
validations Sequence[ConnectionOptionsAttributeUsernameValidation]
Defines validation settings for User Name attribute
identifiers List<Property Map>
Connection options for User Name Attribute Identifier
profileRequired Boolean
Defines whether Profile is required
signups List<Property Map>
Defines signup settings for User Name attribute
validations List<Property Map>
Defines validation settings for User Name attribute

ConnectionOptionsAttributeUsernameIdentifier
, ConnectionOptionsAttributeUsernameIdentifierArgs

Active bool
Defines whether UserName attribute is active as an identifier
Active bool
Defines whether UserName attribute is active as an identifier
active Boolean
Defines whether UserName attribute is active as an identifier
active boolean
Defines whether UserName attribute is active as an identifier
active bool
Defines whether UserName attribute is active as an identifier
active Boolean
Defines whether UserName attribute is active as an identifier

ConnectionOptionsAttributeUsernameSignup
, ConnectionOptionsAttributeUsernameSignupArgs

Status string
Defines whether User Name attribute is active as an identifier
Status string
Defines whether User Name attribute is active as an identifier
status String
Defines whether User Name attribute is active as an identifier
status string
Defines whether User Name attribute is active as an identifier
status str
Defines whether User Name attribute is active as an identifier
status String
Defines whether User Name attribute is active as an identifier

ConnectionOptionsAttributeUsernameValidation
, ConnectionOptionsAttributeUsernameValidationArgs

AllowedTypes List<ConnectionOptionsAttributeUsernameValidationAllowedType>
Defines allowed types for for UserName attribute
MaxLength int
Defines Max Length for User Name attribute
MinLength int
Defines Min Length for User Name attribute
AllowedTypes []ConnectionOptionsAttributeUsernameValidationAllowedType
Defines allowed types for for UserName attribute
MaxLength int
Defines Max Length for User Name attribute
MinLength int
Defines Min Length for User Name attribute
allowedTypes List<ConnectionOptionsAttributeUsernameValidationAllowedType>
Defines allowed types for for UserName attribute
maxLength Integer
Defines Max Length for User Name attribute
minLength Integer
Defines Min Length for User Name attribute
allowedTypes ConnectionOptionsAttributeUsernameValidationAllowedType[]
Defines allowed types for for UserName attribute
maxLength number
Defines Max Length for User Name attribute
minLength number
Defines Min Length for User Name attribute
allowed_types Sequence[ConnectionOptionsAttributeUsernameValidationAllowedType]
Defines allowed types for for UserName attribute
max_length int
Defines Max Length for User Name attribute
min_length int
Defines Min Length for User Name attribute
allowedTypes List<Property Map>
Defines allowed types for for UserName attribute
maxLength Number
Defines Max Length for User Name attribute
minLength Number
Defines Min Length for User Name attribute

ConnectionOptionsAttributeUsernameValidationAllowedType
, ConnectionOptionsAttributeUsernameValidationAllowedTypeArgs

Email bool
One of the allowed types for UserName signup attribute
PhoneNumber bool
One of the allowed types for UserName signup attribute
Email bool
One of the allowed types for UserName signup attribute
PhoneNumber bool
One of the allowed types for UserName signup attribute
email Boolean
One of the allowed types for UserName signup attribute
phoneNumber Boolean
One of the allowed types for UserName signup attribute
email boolean
One of the allowed types for UserName signup attribute
phoneNumber boolean
One of the allowed types for UserName signup attribute
email bool
One of the allowed types for UserName signup attribute
phone_number bool
One of the allowed types for UserName signup attribute
email Boolean
One of the allowed types for UserName signup attribute
phoneNumber Boolean
One of the allowed types for UserName signup attribute

ConnectionOptionsAuthenticationMethod
, ConnectionOptionsAuthenticationMethodArgs

passkey Property Map
Configures passkey authentication
password Property Map
Configures password authentication

ConnectionOptionsAuthenticationMethodPasskey
, ConnectionOptionsAuthenticationMethodPasskeyArgs

Enabled bool
Enables passkey authentication
Enabled bool
Enables passkey authentication
enabled Boolean
Enables passkey authentication
enabled boolean
Enables passkey authentication
enabled bool
Enables passkey authentication
enabled Boolean
Enables passkey authentication

ConnectionOptionsAuthenticationMethodPassword
, ConnectionOptionsAuthenticationMethodPasswordArgs

Enabled bool
Enables password authentication
Enabled bool
Enables password authentication
enabled Boolean
Enables password authentication
enabled boolean
Enables password authentication
enabled bool
Enables password authentication
enabled Boolean
Enables password authentication

ConnectionOptionsConnectionSettings
, ConnectionOptionsConnectionSettingsArgs

Pkce This property is required. string
PKCE configuration. Possible values: auto (uses the strongest algorithm available), S256 (uses the SHA-256 algorithm), plain (uses plaintext as described in the PKCE specification) or disabled (disables support for PKCE).
Pkce This property is required. string
PKCE configuration. Possible values: auto (uses the strongest algorithm available), S256 (uses the SHA-256 algorithm), plain (uses plaintext as described in the PKCE specification) or disabled (disables support for PKCE).
pkce This property is required. String
PKCE configuration. Possible values: auto (uses the strongest algorithm available), S256 (uses the SHA-256 algorithm), plain (uses plaintext as described in the PKCE specification) or disabled (disables support for PKCE).
pkce This property is required. string
PKCE configuration. Possible values: auto (uses the strongest algorithm available), S256 (uses the SHA-256 algorithm), plain (uses plaintext as described in the PKCE specification) or disabled (disables support for PKCE).
pkce This property is required. str
PKCE configuration. Possible values: auto (uses the strongest algorithm available), S256 (uses the SHA-256 algorithm), plain (uses plaintext as described in the PKCE specification) or disabled (disables support for PKCE).
pkce This property is required. String
PKCE configuration. Possible values: auto (uses the strongest algorithm available), S256 (uses the SHA-256 algorithm), plain (uses plaintext as described in the PKCE specification) or disabled (disables support for PKCE).

ConnectionOptionsDecryptionKey
, ConnectionOptionsDecryptionKeyArgs

Cert This property is required. string
Key This property is required. string
Cert This property is required. string
Key This property is required. string
cert This property is required. String
key This property is required. String
cert This property is required. string
key This property is required. string
cert This property is required. str
key This property is required. str
cert This property is required. String
key This property is required. String

ConnectionOptionsGatewayAuthentication
, ConnectionOptionsGatewayAuthenticationArgs

Audience string
Audience claim for the HS256 token sent to gateway_url.
Method string
Authentication method (default is bearer token).
Secret string
Secret used to sign the HS256 token sent to gateway_url.
SecretBase64Encoded bool
Specifies whether or not the secret is Base64-encoded.
Subject string
Subject claim for the HS256 token sent to gateway_url.
Audience string
Audience claim for the HS256 token sent to gateway_url.
Method string
Authentication method (default is bearer token).
Secret string
Secret used to sign the HS256 token sent to gateway_url.
SecretBase64Encoded bool
Specifies whether or not the secret is Base64-encoded.
Subject string
Subject claim for the HS256 token sent to gateway_url.
audience String
Audience claim for the HS256 token sent to gateway_url.
method String
Authentication method (default is bearer token).
secret String
Secret used to sign the HS256 token sent to gateway_url.
secretBase64Encoded Boolean
Specifies whether or not the secret is Base64-encoded.
subject String
Subject claim for the HS256 token sent to gateway_url.
audience string
Audience claim for the HS256 token sent to gateway_url.
method string
Authentication method (default is bearer token).
secret string
Secret used to sign the HS256 token sent to gateway_url.
secretBase64Encoded boolean
Specifies whether or not the secret is Base64-encoded.
subject string
Subject claim for the HS256 token sent to gateway_url.
audience str
Audience claim for the HS256 token sent to gateway_url.
method str
Authentication method (default is bearer token).
secret str
Secret used to sign the HS256 token sent to gateway_url.
secret_base64_encoded bool
Specifies whether or not the secret is Base64-encoded.
subject str
Subject claim for the HS256 token sent to gateway_url.
audience String
Audience claim for the HS256 token sent to gateway_url.
method String
Authentication method (default is bearer token).
secret String
Secret used to sign the HS256 token sent to gateway_url.
secretBase64Encoded Boolean
Specifies whether or not the secret is Base64-encoded.
subject String
Subject claim for the HS256 token sent to gateway_url.

ConnectionOptionsIdpInitiated
, ConnectionOptionsIdpInitiatedArgs

ConnectionOptionsMfa
, ConnectionOptionsMfaArgs

Active bool
Indicates whether multifactor authentication is enabled for this connection.
ReturnEnrollSettings bool
Indicates whether multifactor authentication enrollment settings will be returned.
Active bool
Indicates whether multifactor authentication is enabled for this connection.
ReturnEnrollSettings bool
Indicates whether multifactor authentication enrollment settings will be returned.
active Boolean
Indicates whether multifactor authentication is enabled for this connection.
returnEnrollSettings Boolean
Indicates whether multifactor authentication enrollment settings will be returned.
active boolean
Indicates whether multifactor authentication is enabled for this connection.
returnEnrollSettings boolean
Indicates whether multifactor authentication enrollment settings will be returned.
active bool
Indicates whether multifactor authentication is enabled for this connection.
return_enroll_settings bool
Indicates whether multifactor authentication enrollment settings will be returned.
active Boolean
Indicates whether multifactor authentication is enabled for this connection.
returnEnrollSettings Boolean
Indicates whether multifactor authentication enrollment settings will be returned.

ConnectionOptionsPasskeyOptions
, ConnectionOptionsPasskeyOptionsArgs

ChallengeUi string
Controls the UI used to challenge the user for their passkey
LocalEnrollmentEnabled bool
Enables or disables enrollment prompt for local passkey when user authenticates using a cross-device passkey for the connection
ProgressiveEnrollmentEnabled bool
Enables or disables progressive enrollment of passkeys for the connection
ChallengeUi string
Controls the UI used to challenge the user for their passkey
LocalEnrollmentEnabled bool
Enables or disables enrollment prompt for local passkey when user authenticates using a cross-device passkey for the connection
ProgressiveEnrollmentEnabled bool
Enables or disables progressive enrollment of passkeys for the connection
challengeUi String
Controls the UI used to challenge the user for their passkey
localEnrollmentEnabled Boolean
Enables or disables enrollment prompt for local passkey when user authenticates using a cross-device passkey for the connection
progressiveEnrollmentEnabled Boolean
Enables or disables progressive enrollment of passkeys for the connection
challengeUi string
Controls the UI used to challenge the user for their passkey
localEnrollmentEnabled boolean
Enables or disables enrollment prompt for local passkey when user authenticates using a cross-device passkey for the connection
progressiveEnrollmentEnabled boolean
Enables or disables progressive enrollment of passkeys for the connection
challenge_ui str
Controls the UI used to challenge the user for their passkey
local_enrollment_enabled bool
Enables or disables enrollment prompt for local passkey when user authenticates using a cross-device passkey for the connection
progressive_enrollment_enabled bool
Enables or disables progressive enrollment of passkeys for the connection
challengeUi String
Controls the UI used to challenge the user for their passkey
localEnrollmentEnabled Boolean
Enables or disables enrollment prompt for local passkey when user authenticates using a cross-device passkey for the connection
progressiveEnrollmentEnabled Boolean
Enables or disables progressive enrollment of passkeys for the connection

ConnectionOptionsPasswordComplexityOptions
, ConnectionOptionsPasswordComplexityOptionsArgs

MinLength int
Minimum number of characters allowed in passwords.
MinLength int
Minimum number of characters allowed in passwords.
minLength Integer
Minimum number of characters allowed in passwords.
minLength number
Minimum number of characters allowed in passwords.
min_length int
Minimum number of characters allowed in passwords.
minLength Number
Minimum number of characters allowed in passwords.

ConnectionOptionsPasswordDictionary
, ConnectionOptionsPasswordDictionaryArgs

Dictionaries List<string>
Customized contents of the password dictionary. By default, the password dictionary contains a list of the 10,000 most common passwords; your customized content is used in addition to the default password dictionary. Matching is not case-sensitive.
Enable bool
Indicates whether the password dictionary check is enabled for this connection.
Dictionaries []string
Customized contents of the password dictionary. By default, the password dictionary contains a list of the 10,000 most common passwords; your customized content is used in addition to the default password dictionary. Matching is not case-sensitive.
Enable bool
Indicates whether the password dictionary check is enabled for this connection.
dictionaries List<String>
Customized contents of the password dictionary. By default, the password dictionary contains a list of the 10,000 most common passwords; your customized content is used in addition to the default password dictionary. Matching is not case-sensitive.
enable Boolean
Indicates whether the password dictionary check is enabled for this connection.
dictionaries string[]
Customized contents of the password dictionary. By default, the password dictionary contains a list of the 10,000 most common passwords; your customized content is used in addition to the default password dictionary. Matching is not case-sensitive.
enable boolean
Indicates whether the password dictionary check is enabled for this connection.
dictionaries Sequence[str]
Customized contents of the password dictionary. By default, the password dictionary contains a list of the 10,000 most common passwords; your customized content is used in addition to the default password dictionary. Matching is not case-sensitive.
enable bool
Indicates whether the password dictionary check is enabled for this connection.
dictionaries List<String>
Customized contents of the password dictionary. By default, the password dictionary contains a list of the 10,000 most common passwords; your customized content is used in addition to the default password dictionary. Matching is not case-sensitive.
enable Boolean
Indicates whether the password dictionary check is enabled for this connection.

ConnectionOptionsPasswordHistory
, ConnectionOptionsPasswordHistoryArgs

Enable bool
Size int
Enable bool
Size int
enable Boolean
size Integer
enable boolean
size number
enable bool
size int
enable Boolean
size Number

ConnectionOptionsPasswordNoPersonalInfo
, ConnectionOptionsPasswordNoPersonalInfoArgs

Enable bool
Enable bool
enable Boolean
enable boolean
enable bool
enable Boolean

ConnectionOptionsSigningKey
, ConnectionOptionsSigningKeyArgs

Cert This property is required. string
Key This property is required. string
Cert This property is required. string
Key This property is required. string
cert This property is required. String
key This property is required. String
cert This property is required. string
key This property is required. string
cert This property is required. str
key This property is required. str
cert This property is required. String
key This property is required. String

ConnectionOptionsTotp
, ConnectionOptionsTotpArgs

Length int
Length of the one-time password.
TimeStep int
Seconds between allowed generation of new passwords.
Length int
Length of the one-time password.
TimeStep int
Seconds between allowed generation of new passwords.
length Integer
Length of the one-time password.
timeStep Integer
Seconds between allowed generation of new passwords.
length number
Length of the one-time password.
timeStep number
Seconds between allowed generation of new passwords.
length int
Length of the one-time password.
time_step int
Seconds between allowed generation of new passwords.
length Number
Length of the one-time password.
timeStep Number
Seconds between allowed generation of new passwords.

ConnectionOptionsValidation
, ConnectionOptionsValidationArgs

Username ConnectionOptionsValidationUsername
Specifies the min and max values of username length.
Username ConnectionOptionsValidationUsername
Specifies the min and max values of username length.
username ConnectionOptionsValidationUsername
Specifies the min and max values of username length.
username ConnectionOptionsValidationUsername
Specifies the min and max values of username length.
username ConnectionOptionsValidationUsername
Specifies the min and max values of username length.
username Property Map
Specifies the min and max values of username length.

ConnectionOptionsValidationUsername
, ConnectionOptionsValidationUsernameArgs

Max int
Min int
Max int
Min int
max Integer
min Integer
max number
min number
max int
min int
max Number
min Number

Import

This resource can be imported by specifying the connection ID.

Example:

$ pulumi import auth0:index/connection:Connection google "con_a17f21fdb24d48a0"
Copy

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository
Auth0 pulumi/pulumi-auth0
License
Apache-2.0
Notes
This Pulumi package is based on the auth0 Terraform Provider.